last executing test programs:

1m51.344559844s ago: executing program 0 (id=3694):
openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080), 0x121101, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x800000000001, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa15, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000100)={0x0, r0}, 0x8)
socket(0x400000000010, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x8001, 0x8000, 0x6, 0x0, 0xffffffffffffffff, 0x80000002}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r3}, &(0x7f00000002c0), &(0x7f0000000280)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f00000001c0), 0x3)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, &(0x7f0000000040)=0x54)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x1c, 0x8, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
symlinkat(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00')
fchmodat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0xffffffd3)
r5 = semget$private(0x0, 0x20000000102, 0x0)
semctl$SEM_STAT(r5, 0x2, 0x12, &(0x7f0000000040)=""/177)
open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000002bc0)={0x0, 0x0, &(0x7f0000002b80)={&(0x7f0000002980)=ANY=[@ANYBLOB="340000061100010027bd7000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="c00000000014060014003500776732000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x40000100}, 0x40004)

1m50.418411393s ago: executing program 0 (id=3696):
add_key(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd)
io_uring_setup(0x2255, &(0x7f0000000440)={0x0, 0x6aec, 0x2000, 0x1, 0x38})
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_CAP_HALT_POLL(r2, 0x4068aea3, &(0x7f00000002c0)={0xb6, 0x0, 0x200000006})
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xa, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x2020}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0x7, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x2}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xa1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x9, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_80211_join_ibss(0x0, 0x0, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000340)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x48, r6, 0x400, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x0, 0x4b}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x1ff}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x56}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3a}]]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x4014)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @redir={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_REDIR_FLAGS={0x8, 0x3, 0x1, 0x0, 0x64}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x74}}, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x200000)

1m49.135342087s ago: executing program 0 (id=3699):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[], 0x38}, 0x1, 0x300}, 0x0)

1m49.12718897s ago: executing program 0 (id=3701):
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)
dup(r0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000100)=ANY=[], 0x32600)
r2 = socket(0x200000000000011, 0x2, 0x0)
bind$packet(r2, &(0x7f0000000080)={0x11, 0xf8, 0x0, 0x1, 0x0, 0x6, @random="518440db9de1"}, 0x14)
add_key(&(0x7f0000000040)='ceph\x00', 0x0, &(0x7f00000000c0)="010001000000000000001000015b097ead85847817", 0x15, 0xfffffffffffffffd)
read$FUSE(r1, &(0x7f0000000140)={0x2020}, 0x2020)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000040)={0xf0f006, 0x80000006})
syz_io_uring_setup(0x10e, &(0x7f00000000c0)={0x0, 0x9a52, 0x0, 0x3}, &(0x7f00000003c0)=<r4=>0x0, &(0x7f0000000140))
keyctl$set_reqkey_keyring(0x5, 0xfffffffe)
request_key(&(0x7f0000000480)='cifs.spnego\x00', &(0x7f00000004c0)={'syz', 0x3}, &(0x7f0000000500)='key_or_keyring:', 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2})
r6 = socket$igmp6(0xa, 0x3, 0x2)
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r6, 0x8983, &(0x7f0000000300)={0x0, 'syzkaller1\x00', {0x4}})
write$tun(r5, &(0x7f0000000340)=ANY=[@ANYBLOB="0000000000000000000003000000000081"], 0x3a)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000340)='./file0/../file0\x00', &(0x7f0000000280)='./file0/file0\x00', 0x0, 0xb101e, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125499, 0x0)
mount$9p_unix(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3047c4a, 0x0)
bind$inet6(r3, &(0x7f0000002180)={0xa, 0x4e21, 0x9, @empty, 0x3}, 0x1c)

1m48.824820871s ago: executing program 0 (id=3705):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4)
setsockopt$packet_rx_ring(r2, 0x107, 0x5, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
r3 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r3, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
sendmsg$rds(r3, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @loopback}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x20004040}, 0x0)
setsockopt$RDS_CANCEL_SENT_TO(r3, 0x114, 0x1, &(0x7f0000000100), 0x10)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x10, 0x0, 0x0, 0x10000000b49, 0x9, 0x8, 0x4, 0x7}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
pselect6(0x40, &(0x7f0000000000)={0x8, 0x10000, 0x17, 0x1080000000, 0x5, 0xffff, 0x7, 0x8}, 0x0, 0x0, 0x0, 0x0)
io_setup(0x58, &(0x7f00000001c0)=<r6=>0x0)
io_submit(r6, 0x1, &(0x7f0000000080)=[&(0x7f0000000540)={0x0, 0x0, 0x0, 0x5, 0x0, r4, 0x0}])
write(r4, 0x0, 0x0)
connect$unix(r5, &(0x7f00000004c0)=@abs={0x1, 0x0, 0x4e22}, 0x6e)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f00000002c0)={0x0, 0xfffffffffffffc32, 0x0}, 0xb00b2d70c5274904)
recvmmsg(r7, &(0x7f0000001b40)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/189, 0xbd}, {&(0x7f00000003c0)=""/152, 0x98}, {&(0x7f0000000480)=""/4096, 0x1000}], 0x3}}], 0x7, 0x0, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
r8 = openat$nmem0(0xffffff9c, &(0x7f0000000300), 0x400003, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r8, 0x0, 0x40, &(0x7f0000001500)=@nat={'nat\x00', 0x1b, 0x5, 0x364, 0x0, 0x0, 0xffffffff, 0xa4, 0x200, 0x2d0, 0x2d0, 0xffffffff, 0x2d0, 0x2d0, 0x5, &(0x7f0000001480), {[{{@ip={@multicast1, @broadcast, 0xffffff00, 0xffffffff, 'veth0_macvtap\x00', 'syz_tun\x00', {}, {}, 0x2f, 0x1, 0x4e}, 0x0, 0x70, 0xa4}, @SNAT0={0x34, 'SNAT\x00', 0x0, {0x1, {0x8, @multicast2, @loopback, @icmp_id=0x64, @gre_key=0x8}}}}, {{@uncond, 0x0, 0x94, 0xc8, 0x0, {}, [@common=@ttl={{0x24}, {0x1, 0x1}}]}, @MASQUERADE={0x34, 'MASQUERADE\x00', 0x0, {0x1, {0x2, @rand_addr=0x64010101, @rand_addr=0x64010101, @icmp_id=0x66, @port=0x4e23}}}}, {{@uncond, 0x0, 0x70, 0x94}, @common=@inet=@TCPMSS={0x24, 'TCPMSS\x00', 0x0, {0x8}}}, {{@uncond, 0x0, 0x9c, 0xd0, 0x0, {}, [@common=@ah={{0x2c}, {[0x8000, 0x3], 0x1}}]}, @REDIRECT={0x34, 'REDIRECT\x00', 0x0, {0x1, {0x1d, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @gre_key=0x27, @port=0x4e24}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x3c0)
mkdir(&(0x7f0000000200)='./file0\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
fcntl$getownex(r2, 0x10, &(0x7f0000000280)={0x0, <r9=>0x0})
setpriority(0x2, r9, 0x9)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@index_on}]})

1m48.467905031s ago: executing program 0 (id=3707):
add_key(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd)
io_uring_setup(0x2255, &(0x7f0000000440)={0x0, 0x6aec, 0x2000, 0x1, 0x38})
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_CAP_HALT_POLL(r2, 0x4068aea3, &(0x7f00000002c0)={0xb6, 0x0, 0x200000006})
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xa, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x2020}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0x7, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x2}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xa1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x9, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_80211_join_ibss(0x0, 0x0, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000340)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x48, r6, 0x400, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x0, 0x4b}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x1ff}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x56}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3a}]]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x4014)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r8, r8, 0x0, 0x200000)

1m48.370249819s ago: executing program 32 (id=3707):
add_key(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd)
io_uring_setup(0x2255, &(0x7f0000000440)={0x0, 0x6aec, 0x2000, 0x1, 0x38})
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0xa1e3a9fe3eb9c551)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_CAP_HALT_POLL(r2, 0x4068aea3, &(0x7f00000002c0)={0xb6, 0x0, 0x200000006})
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xa, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x2020}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {}, {0x85, 0x0, 0x0, 0x5}, {0x4, 0x1, 0xb, 0x9, 0xa}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x5, 0x0, 0x7, 0x9, 0x0, 0x2, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x5, 0x0, 0xb, 0x9, 0x0, 0x0, 0x2}, {0x3, 0x0, 0x6, 0xa, 0x9, 0xfe04, 0xa1}, {0x7, 0x1, 0xb, 0x7, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x9, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0x24, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_80211_join_ibss(0x0, 0x0, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000340)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x48, r6, 0x400, 0x70bd28, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x0, 0x4b}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x1ff}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x56}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x3a}]]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x4014)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
sendfile(r8, r8, 0x0, 0x200000)

2.695553096s ago: executing program 3 (id=4318):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[], 0x248}}, 0x0)

2.527671792s ago: executing program 3 (id=4319):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000180)={0x5c, r1, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_FRAME={0x40, 0x33, @reassoc_resp={{{0x0, 0x0, 0x8}, {}, @broadcast, @device_a, @from_mac}, 0x0, 0x0, @default, @val, @val={0x2d, 0x1a, {0x2, 0x1, 0x7, 0x0, {0x7, 0x7, 0x0, 0x2a, 0x0, 0x1}, 0x6, 0x5, 0x4}}}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44800}, 0x80)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000140))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x6a855000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x844}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x7ffdd000, 0x8000}], 0x320000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f00000000c0)={&(0x7f0000000540)={0x2, 0x18, 0x0, 0x0, 0x19, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, {0x56, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in=@multicast2}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @private1}}, @sadb_x_kmaddress={0x5, 0x19, 0x0, @in={0x2, 0x0, @private}, @in={0x2, 0x0, @multicast1}}]}, 0xc8}}, 0x0)
mlockall(0x7)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r7, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={&(0x7f0000000b80)={0x14, 0x23, 0x1, 0x70bd26, 0x25dfdbfc, {0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x4000090}, 0x20048080)
r8 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
ioctl$CDROMVOLCTRL(r8, 0x5326, 0x0)

2.233878302s ago: executing program 1 (id=4326):
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x140, 0x82)
fanotify_init(0x2, 0x1000)
openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x240, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x25b9, 0x8, 0x1, 0x1ad}, 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x2b4}, &(0x7f0000000180)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0)
r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r5, 0x40045542, &(0x7f00000001c0))
syz_open_dev$sndmidi(&(0x7f0000000380), 0x2, 0x108383)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="4800000010000304000000000400000000007400", @ANYRES32=0x0, @ANYBLOB="0000000003120100280012800b00010062726964676500001800028005002c00020000000c002e"], 0x48}, 0x1, 0x0, 0x0, 0x20040884}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r6 = socket(0x400000000010, 0x3, 0x0)
r7 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r7, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000f000000c5000000a000020095"], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r8}, 0x18)
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r7, 0x28, 0x1, &(0x7f0000000100)=0xfffffffffffffffe, 0x112)
write(r6, &(0x7f0000000040)="3a03000018002551075c0165ff0ffc02802000030004000500e1000c0400070080000900", 0x33a)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), r9)
ioctl$sock_SIOCGIFINDEX_80211(r9, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r9, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="01002abd7000ffdbdf251300000008000300", @ANYRES32=r11], 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x4814)

1.737969531s ago: executing program 2 (id=4335):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000680)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0x0, 0xb}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x3, 0x3, 0x6361, 0x7, 0xffffffff, 0x3}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f0000000900)="bada30fbc99b5400040000ea0756159288a8", 0x14, 0x8040, &(0x7f00000001c0)={0x11, 0x88a8, r1, 0x1, 0xd8, 0x6, @multicast}, 0x14)

1.694799383s ago: executing program 2 (id=4336):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000580)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3fc, 0x0, 0x32}, 0x9c)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1, 0x20}, 0xc)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000000)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}, 0x0, 0x800, 0x0, 0x0, 0x8a}, 0x9c)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000000000000000000000020000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x50)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000600)='/proc/bus/input/handlers\x00', 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, 0x0, 0x0)
socket$kcm(0x10, 0x2, 0x0)
r4 = socket$inet(0x2, 0x1, 0x100)
setsockopt$sock_int(r4, 0x1, 0x2, &(0x7f0000000040)=0x7f, 0x4)
bind$inet(r4, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0x10)
socket$inet(0x2, 0x1, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x1)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x4)
write(r5, &(0x7f0000000280)="e8bd8a4c56281ba2ba42cfa5b9fe5fc6dcde2ee431f5595ceadb9a2c95e57f15ee4a83f9e7d78ea996f78bd588bedcdbc730d6d15df6d2a26ca4e55e97ed0522a190ce241a37bad3317fba7e4be3dbbfec5e2f401b5658cc8fda", 0xffffffe5)
ioctl$TCSETSW2(r5, 0x402c542c, &(0x7f0000000340)={0x1, 0xb, 0x9, 0x2, 0x4, "3bc9a3558fc50251a1a8a1000000ddff00", 0x3, 0xcb})
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8088e3ad132bc192, 0x4002011, r2, 0x0)

1.604311526s ago: executing program 4 (id=4339):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000100)='ocfs2_dlmfs\x00', 0x0, 0x0)
chdir(&(0x7f00000000c0)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000000c0), r0)
prctl$PR_SET_MM(0x23, 0x9, &(0x7f0000fff000/0x1000)=nil)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r2, 0x6, 0x1, &(0x7f0000000000)={0xf001, 0x80, 0x1, 0x9, 0x4, 0xe8, 0x8}, 0xc)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x7c, 0x7c, 0x2, [@var, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{}, {}, {}, {}, {0x3, 0xfffffffd}, {0xfffffffe}]}, @fwd, @volatile, @volatile={0x0, 0x0, 0x0, 0x9, 0x4}, @volatile={0x0, 0x0, 0x0, 0x9, 0x6}]}}, 0x0, 0x96}, 0x28)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26}, 0x28)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x6, 0x7, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000851000000300000018000000", @ANYRES32, @ANYBLOB="000000000000000095000000000000009500000000000000"], &(0x7f0000000280)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, 0x25, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0), 0x2}, 0x94)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, 0x2a, 0x107, 0xfffffffc, 0x0, {0x5, 0x7c}, [@typed={0x8, 0x1, 0x0, 0x0, @u32=0x7ffffffe}]}, 0x1c}, 0x1, 0x0, 0x0, 0x488c4}, 0xc000)
sendmsg$NL802154_CMD_GET_SEC_LEVEL(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)={0x20, r1, 0x70d, 0x70bd2c, 0x25dfdbff, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x4008000}, 0x4040814)

1.539974292s ago: executing program 4 (id=4340):
socket(0x200000000000011, 0x2, 0xd)
socket(0x200000000000011, 0x2, 0xd)
syz_emit_ethernet(0x3a, &(0x7f0000000500)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x2, 0x10, 0x11, 0x0, @empty, @empty}, {0x4e22, 0x4e23, 0x18, 0x0, @wg=@data={0x4, 0x101, 0x430a}}}}}}, 0x0)

1.533920867s ago: executing program 2 (id=4341):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) (async)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup(r1)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000100)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) (async)
recvmsg(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)=[{0x0, 0x58}], 0x1}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@deltclass={0x24, 0x29, 0x200, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {}, {0x3, 0xf}, {0x10, 0xffe0}}}, 0x24}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe7bd, 0x0, 0x36, 0x0, 0x0, 0x0, 0x2, 0x9}, 0x50)
r3 = socket$packet(0x11, 0x2, 0x300)
bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) (async)
setsockopt$packet_int(r3, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) (async)
recvmmsg(r3, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x10022, 0x0) (async)
write$tun(r0, &(0x7f0000000300)={@void, @void, @eth={@multicast, @remote, @val={@val={0x88a8, 0x1, 0x1, 0x1}}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x1, 0x2, 0x14, 0x68, 0x0, 0x9, 0x6, 0x0, @private=0xa010100, @remote}}}}}}, 0x2a)

1.452550936s ago: executing program 4 (id=4342):
openat$kvm(0xffffffffffffff9c, 0x0, 0x182e83, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f0000000180)={0x1, 0x4}, 0x8)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x47, 0x0, 0x6, 0x0, 0x1, 0x8, 0x8}, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
ioprio_set$uid(0x3, 0x0, 0x0)
syz_open_dev$loop(&(0x7f00000005c0), 0x1, 0x509480)
r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0xf7d, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000000)={0xf0f071, 0x1})
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}}, 0x810)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8923, &(0x7f0000000480)={'lo\x00', @local})
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events.local\x00', 0x275a, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x0, 0x8000, 0x3, 0x4002a2, 0x0, r5}, &(0x7f0000000340), 0x0)
r6 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r6, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f00000001c0)={0x0, <r7=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r6, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000040), 0x3, r7})
ioctl$DRM_IOCTL_MODE_ATOMIC(r6, 0xc03864bc, &(0x7f0000000580)={0x401, 0x1, &(0x7f0000000180)=[r7], 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff})
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r8, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r8, 0x84, 0x6f, &(0x7f0000000200)={<r9=>0x0, 0x1c, &(0x7f0000000300)=[@in6={0xa, 0x4e23, 0x4, @empty, 0x420c933f}]}, &(0x7f0000000240)=0xc)
getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r8, 0x84, 0x73, &(0x7f0000000080)={r9, 0xffff, 0x30, 0x6, 0x6}, &(0x7f0000000280)=0x18)

1.446691108s ago: executing program 3 (id=4343):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001940)=@newtaction={0xe80, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe6c, 0x1, [@m_pedit={0xe68, 0x1, 0x0, 0x0, {{0xa}, {0xe3c, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe38, 0x2, {{{}, 0x97, 0x0, [{}]}, [{}, {}, {}, {0x0, 0x101}, {}, {0x448eade7}, {0x0, 0x0, 0x80000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x20000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0xfffffffc}, {}, {}, {}, {0x0, 0x4}, {}, {}, {}, {0x0, 0x10}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd}, {}, {}, {}, {}, {}, {0xfffffffe}, {}, {0xd5}, {}, {}, {}, {0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {0x0, 0x10}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {0x0, 0x0, 0x0, 0x200}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0xfffffffe}, {}, {0x0, 0x0, 0x0, 0x0, 0x800}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x800000}, {}, {0x4}, {0x0, 0x0, 0x0, 0x4}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {0x0, 0x400}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0xfffffffd}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb}], [{}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe80}}, 0x0)

1.377597315s ago: executing program 2 (id=4344):
r0 = socket(0x28, 0x5, 0x0)
ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, 0x0)
munlock(&(0x7f00002de000/0x8000)=nil, 0x8000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x5, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r1 = getpid()
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000280)=[@mss={0x2, 0x1}, @timestamp, @timestamp, @timestamp, @mss={0x2, 0x8}, @sack_perm, @sack_perm, @timestamp], 0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x18)
socket$phonet_pipe(0x23, 0x5, 0x2)
shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil)
socket$netlink(0x10, 0x3, 0x0)
openat$cdrom(0xffffff9c, &(0x7f00000013c0), 0x4, 0x0)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$GIO_SCRNMAP(r5, 0x4b40, &(0x7f0000000040)=""/118)

1.258855946s ago: executing program 1 (id=4345):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4004044}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a320000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff274140000001100771b809534b9c0e200000100000a"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xb, 0x7, 0xc, 0xffffffff, 0x1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x2001800, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.067133993s ago: executing program 1 (id=4346):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r1=>0x0})
r2 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r2, &(0x7f0000000900)="bada30fbc99b5400040000ea0756159288a8", 0x14, 0x8040, &(0x7f00000001c0)={0x11, 0x88a8, r1, 0x1, 0xd8, 0x6, @multicast}, 0x14)

1.007910458s ago: executing program 1 (id=4347):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6, 0x5, 0x3, 0x7ffc0003}]})
r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000240)='ns/pid\x00')
ioctl$TUNGETVNETHDRSZ(r0, 0x8004b707, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f00000000c0)={0x1, &(0x7f00000001c0)=[{0x6, 0x0, 0x0, 0xb}]})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
close_range(r1, 0xffffffffffffffff, 0x100000000000000)

887.780954ms ago: executing program 3 (id=4348):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f00000004c0)={0x1, 0x0, [{0x49, 0x0, 0x6}]})
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000003, 0x13, r5, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000003200)=[{{0x0, 0x0, &(0x7f0000000300)=[{0x0}, {&(0x7f0000000480)="4bd05c94bff49dd9b826bc3e0e5bf247", 0x10}], 0x2}}], 0x1, 0x4040065)
ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000000c0)={[0x1, 0x1000000000000000, 0x7, 0x109e93, 0xffffffffffffffff, 0x400000, 0xd, 0x0, 0x2, 0xfffffffffffffffd, 0x48d6, 0x200000010000, 0x6, 0x5, 0x20000001], 0xd5d5c004, 0x8340})
ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, &(0x7f0000000080)=@arm64={0xd1, 0x7, 0xc1, '\x00', 0x3a})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_SET_IDENTITY_MAP_ADDR(r1, 0x4008ae48, &(0x7f0000000040)=0x2000)

654.276459ms ago: executing program 3 (id=4349):
r0 = syz_open_dev$video(&(0x7f00000010c0), 0x8, 0x28002)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/net\x00')
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000a00)={0x16, 0xb, &(0x7f0000000580)=ANY=[@ANYRESDEC=r1], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f00000004c0)={r2, 0x3, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x44)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000d00), 0x8)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000280)={0xe90}, 0x8)
r3 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000340)=0xffffffffffffffff, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000cc0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000000000008500000072000000850000000700000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r5 = signalfd(r2, &(0x7f0000000080)={[0x5, 0x80000000]}, 0x8)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r5, 0xc0189372, &(0x7f0000000180)={{0x1, 0x1, 0x18, r3, {0x1ff}}, './file0\x00'})
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000001800)={r3, r4, 0x4, r2}, 0x10)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), r6)
sendmsg$NLBL_UNLABEL_C_STATICADD(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="6408000246052d42e615fc0151024ed85e1fbf5642cbcc8ea1", @ANYRES16=r7, @ANYBLOB="0102fcfffffffddbdf2503002600140006006e6963766630000000000000000000001400070000000000000000000000ffffac1414201400030000000000000000000000ffffac1414bb14000200fe800000000000000000000000000037", @ANYBLOB="98e03153353a35de7159f3159973b0b3ffeeef5e92fe966f9f457ed3dc59d3634861bdb1627ec329b3fdf43bb29dcc184d38456da0e1c35196a34170e4771b3efdbd83569fa74f9c7e604880589b9adeea858edc33aa0bc556b2a5ac6eca392a91f0f5bdfd062cdf1df2aed1c03a5bc15d27891c16af094990c278cc5427ac1fbbfa44c9bf90c30fd12a3a174ab26afa0aa5f813598f583731f7652939a95f16de126ae2656980d285b3f3530734290047ab32421e480399419c"], 0x64}, 0x8, 0x3000000000002}, 0x0)
ioctl$VIDIOC_S_SELECTION(r0, 0xc040565f, &(0x7f00000003c0)={0x2, 0x100, 0x2, {0xffff7fff, 0x1, 0xbfee, 0x540}})
r8 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r8, 0x7a7, &(0x7f00000000c0)=0xa0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r8, 0x7a0, &(0x7f0000000040)={@host})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r8, 0x7ab, &(0x7f0000000000)={&(0x7f0000000540)={{@my=0x0}, {@my=0x1}, 0x400, "d49e0b1f09a3e05cb898141464441748655937bb34d22f02362479246bb6372d891a3b5dafa58a6abc5a678d6874fc8fb5f8a529c6e30103484f2667c174fb6cda19ea0a9301bc3238eb816e9c3882f243bcd4bd7115b26dacf5923f060498d471cb4f789562fcda119739dd1a5b0e4e1a4a0200000000000000247d81f968f2e945f293fc3860bf11f0424193fce743067d27f0ac187b44b128a4999547f73d8c35d3c2bd8b51bbc9a31123f773be89e109cc71b8ec29a539083c0cba15b0899c7181ba154c28b3c4e2ebe360ac44f942a703b9a3a37fbbefe9ae0de04a32336a6eba07b2fb6ad426d56e17291bb1a9d1fcdaa939378bab6dd2eac37b369ef163c9e0fc8039352c24d8147fcc2e2559b47066abd21a3a5f83f239a2227d17d4ca90f60ed9acc243ed38818e3883a985106b54dc157b67022525a74e8f9cb99852760359278d5d22294a70433ba4cec5147fbb09b1d0008ba76257f1c5af6b8d6bf3bcfd5a468a566a4e98fe5f264f2663b72cb421c90d8b7883ddfb5749b27a3e146f9d8538706fea61b07c6e064446337439b9d5a5dc82f6c63c57d6ba0e709b7c1b15fa8367f8e6df2cf59b0b30740ef47c5cccffce5911569591ce4ab62275964cd147e87a30cc6e71f7e40e161997cdbadcfbfb6c54e0289ac137508b7b5339414e4ab7afcc420148e37d49b664cc07c8178a3b50f566c5bdd3aa9217ef909805972bd63ee1d729b282cd866c183744b20da3227f9d43843236b571c8d3237408c266e08d0699ebd30e0820362664ab323b15d3ae9896d6120aae6ef9085f53a2b39cc31238b031476c86e6b16d7703fcbacc7269ce8622eab1cfdf82a364209ec4ac912db924bb76bc35ddf8d0e7a3aff0d08a48c07be47303b59653d9409f14dc59ac33cae5e010466f54d86772e43e3680863bb9bf10c971f16a731e601d7fcdbb91d7146e7834d89059ad522d70398c2bacf113ed791e32f933dfa23f5d6d11bfc9d9e0f04a34b0eddd99d16cd9712485e0a5c9aaf1ebf3f14d00005f8960b6145cbb7d4522692ebe1f9491f87a29ed67c5fb60f5e69bde2a758742999fc98609dbf6199977e9b446691bf9f95d0abd84557c77ea13356c977d0f098ab9fec85acbd6447f2e6893e2fa6a0a7b272dab66e69b7def00000000000000041fb3e4367fa8d56e05ee3b265f17ca0439fcdcea276f7f0a9bf4c2a324d7143658007cf4019e8da69ba1b7dff4383714cbcb71dfe6f1b1ac5d5e99394cb2c360ddb1889d92cd36f8fc72ac865f1c6445957b2a57c1af59ef8d2e9fe328ec2bde763d65c4dea965042f540515bf2f879d1b26309ebc1d7f76c569fa88fbe61845e96e93d3b6025b6285777e59495943596c128fdacc545263ce458bf99f57d7e5dc77f65cf650902b5b6d5af9359334759843365bf0dfb244817a40e8cc9030"}, 0xfffffffffffffed8})
r9 = socket$inet(0x2, 0x4, 0xd0)
openat$vimc2(0xffffff9c, &(0x7f0000000240), 0x2, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IPVS_CMD_SET_CONFIG(r11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x30, r12, 0x1, 0x0, 0x0, {0x4}, [@IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PROTOCOL={0x6}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_PORT={0x6}]}]}, 0x30}}, 0x0)
sendmsg$IPVS_CMD_ZERO(r10, &(0x7f0000000480)={&(0x7f0000000380), 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r12, @ANYBLOB="200026bd70000000000000ef050000fdfb0000000000"], 0x1c}, 0x1, 0x0, 0x0, 0x84}, 0x8080)
openat$dlm_monitor(0xffffff9c, &(0x7f0000000040), 0x501900, 0x0)
bind$inet(r9, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10)
fcntl$F_SET_FILE_RW_HINT(r9, 0x40e, &(0x7f0000000000)=0x5)

487.774239ms ago: executing program 4 (id=4350):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000007c0)=[{0x0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x4080)
r2 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x80000004, 0x4)
bind$inet6(r2, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @empty, 0xffffffff}, 0x1c)
syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x44, 0x24, 0x400, 0x70bd2b, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff2, 0xffff}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_ECN_PROB={0x8, 0x9, 0x50}, @TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xf01d}]}}]}, 0x44}}, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0000000000008000280012800a00010076786c616e00"], 0x50}}, 0x20008844)

453.494344ms ago: executing program 3 (id=4351):
openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000280)={0x1f, 0xffff}, 0x6)
unshare(0x6a040000)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1, 0x0, 0x1ffffffffffffffd}, 0x18)
r2 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$apparmor_exec(r2, &(0x7f0000000080)={'exec ', ':\x00'}, 0x7)
ioctl$SNAPSHOT_UNFREEZE(0xffffffffffffffff, 0x3302)
mknod$loop(&(0x7f0000000180)='./file0\x00', 0x6000, 0x0)
r3 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
umount2(&(0x7f0000000140)='./file0/file0\x00', 0x4)
syz_emit_vhci(&(0x7f0000000280)=ANY=[], 0xe)
r5 = socket$inet(0x2, 0x1, 0x0)
shutdown(r5, 0x0)
recvmmsg(r5, &(0x7f00000066c0), 0xa0d, 0xfe, 0x0)
io_setup(0x80000000, &(0x7f0000000100))
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f000000c300)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELRULE={0x20, 0x8, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x74}}, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xf8, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@local, 0x0, 0x5, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffff7}, {0x0, 0xa00, 0x40800000000000, 0x800000000000000}}, [@tmpl={0x44, 0x5, [{{@in=@local, 0x0, 0x3c}, 0x0, @in=@broadcast, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x400000}]}]}, 0xf8}}, 0x0)

418.555225ms ago: executing program 2 (id=4352):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$KVM_GET_MSRS_sys(r0, 0xc008ae88, &(0x7f0000000100)={0x1, 0x0, [{0x48f, 0x0, 0x5}]})
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffff0001}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffff0001}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000000)='fsi_master_gpio_in\x00', r1}, 0x18)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000940)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0xa, [@struct={0x8, 0x2, 0x0, 0xf, 0x0, 0x5, [{0x1, 0x0, 0x3}, {0x2, 0x2, 0x9}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2e]}}, 0x0, 0x46, 0x0, 0x6}, 0x28)
r2 = socket$netlink(0x10, 0x3, 0x14)
sendmsg$NL80211_CMD_SET_MPATH(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x14, 0x0, 0x1, 0x70bd25, 0x25dfdbfb, {{}, {@void, @void}}}, 0x14}, 0x1, 0x0, 0x0, 0x8000080}, 0x8080)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r3)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)={0x1c, r4, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000054)
r5 = socket$kcm(0x11, 0x3, 0x0)
r6 = openat$audio(0xffffff9c, &(0x7f00000001c0), 0x40000, 0x0)
dup3(r6, r2, 0x0)
sendmsg$kcm(r5, &(0x7f0000000080)={&(0x7f0000001340)=@hci={0x1f, 0x5865}, 0x80, &(0x7f0000000540)=[{&(0x7f00000000c0)="b8b2820000", 0x5}, {&(0x7f0000000040)="752288fb", 0x4}], 0x2}, 0x7c2d3be9279712e6)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)

354.574887ms ago: executing program 4 (id=4353):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
shutdown(r1, 0x1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
keyctl$KEYCTL_PKEY_VERIFY(0x1c, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='enc=oaep'], 0x0, 0x0) (async)
keyctl$KEYCTL_PKEY_QUERY(0x18, 0x0, 0x0, &(0x7f0000000080)=' hash=', 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001c000000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000500000000002604fdffff02000015010000033800001d13fcff000000007a0af0ff0090001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x2}, 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27, 0x0, 0xffffffffffffffff, 0x4b}, 0x48) (async)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async, rerun: 32)
r6 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r6, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)=ANY=[@ANYBLOB="34000004", @ANYRES16=r7, @ANYBLOB="010000000000ffdbdf250100000000000000014100000018001700000000000000006574683a7465616d30000000"], 0x34}}, 0x0) (async)
r8 = add_key$user(&(0x7f00000001c0), &(0x7f0000000280)={'syz', 0x1}, &(0x7f0000000380)="8bee62854b1144bf1fbe047d3bd5645a4c20c7da3c430babcf6d9f91bbe0c6ccc49e7361b7c9876c582ce4ecaa5e14907e98bf06b19cebeb508b144e762412b04410b677f857132d27fbd1e245d539c53a59667de88b631257a3e4d68f15b0dcea5b621b2c949d28b348d25b041a74c5614ff7824b6cb0b4bf519d24eb918f7e50590bc83498d921a3c4435e5fe97e052c625e52f51e1bc2b8939bebb08011459096284829", 0xa5, 0xfffffffffffffffb)
keyctl$get_security(0x11, r8, &(0x7f0000000440)=""/193, 0xc1) (async)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r9=>0xffffffffffffffff})
connect$tipc(r9, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x43, 0x1}}, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000740)={'wlan1\x00'})
r10 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r4) (rerun: 32)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r12=>0x0}) (async, rerun: 32)
r13 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)
sendmsg$NL80211_CMD_REGISTER_FRAME(r13, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={0x28, r11, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r12}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x40}]}, 0x28}}, 0x0) (async)
sendmsg$NL80211_CMD_REGISTER_FRAME(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000c80)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES8=r2, @ANYBLOB="05005b"], 0x24}}, 0x0) (async)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r3, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

224.334254ms ago: executing program 4 (id=4354):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x42901, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
quotactl_fd$Q_SETQUOTA(0xffffffffffffffff, 0xffffffff80000801, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_LEAVE_OCB(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x100, 0x70bd29, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x50}, 0x840)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt(r4, 0x84, 0x82, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x2404c854)
r5 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000280)="5c00000012006bab9e3fe3d86e6c1d000014a10d00030000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dfd8cdbf9367b4fa51f60a64e9f4080003000601000004000200d700", 0x5a}, {&(0x7f0000000680)="ffaf", 0x2}], 0x2, 0x0, 0x0, 0x1f00c00e}, 0x4080)

108.322771ms ago: executing program 1 (id=4355):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000008000)={0x1, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="b70000000000000007000000000000009500000000000000a9171809f8dcf159569d5475991f7de1a0d0c119cfcf6b98741c23fb7f8d3002ec85db75af955427e91496087a51a0a78f269a9e216a0d0177c4fe3552396a180330807a5b6e8c79aa92038c78d1f16c1323f0e0c8d45c641a21757847cb22230e4321cc3581e40c62c4defee8cffe359cfeef7f58fffdb48647d28ae810f6d22d20271e9e88e94aa6982bf48356652b08e2fbd404e41e0058aae0478fbe542b648421d1b4486a542a7d478fbe6b5e000000293853f9c68e235184b7ad5b6c4fe70ec8320500db0db7fda3da6171a05509ffecef2cb9802d4f36c9a1ce46d3b355fec188ccfc2f0fc89e164561fb06ee9a0153981a47b5de9edd3536d5534f9a699f73b2c9341d2d05043748ce1f4577ed76cdf5b3c697089daa4abda69a8c0c992404610a6be9e103c972459065dec0488e85a6a0418fc87dd8019ef7bb4ef4fa6ee08d81797570578f2e8198e687012f25a69a90e7515e35f8abbddfa96c3f0485f01f0e9e144a2bd31c1b594c50de7c9efd826f1e19b7bd89ca4052b1985287bd13957a48467e0eeddf564d175bf4340885b63976df609806c3b2a3667539dfd66a7400000000003be6026e60205f761ce85cdf75cdb95ca5d32b5bf87eed4184d49f8f48181ef2419efe82ebb18ee55772d562b3b49551714e805a5211a3f4e8e703c03e23b2074bc573dbb66d59e269b722637c4a2efb5241cae2f14774609ad91d66724c438455dc4fcf0b4c8fc235f6c190b4c82bb2556d1fbcd4468369e98e900c743162ce2c7e60610acf0c8e4ba94a7e7127c7de0e6c35acecee1b8434fdca4579f9ebc6a515f7d910b466eb583fb0a7e65fbecb2b8ee0e9da33afb88aa5da8da3a5e0e58fcb48de6f165826b046a8951a47e040bd419d0efa0f54e8e3694085a7bde6f6494968d8200000000000"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xc3, &(0x7f00000002c0)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff37}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x1000000000000f, &(0x7f0000000080)=0x7fffffff, 0x4)
setsockopt$sock_attach_bpf(r1, 0x1, 0x34, &(0x7f0000000100)=r0, 0x4)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r0}, 0x8)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x1, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="b7000000ecffffff0c0000000000000095000000000000005e0c83dfb64a3eb1cdfa541cd3957aa8a96b9fa4591c1eb556e38defc504b011face5a06294c2115a9ad943bac350e8d7961537181f79ead9176dc7c3ed2d45004deb987fa0d"], &(0x7f0000003ff6)='syzkaller\x00', 0x1, 0xb4, &(0x7f00000002c0)=""/180, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
r3 = dup2(r2, r0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x34, &(0x7f00000000c0)=r3, 0x4)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="0171973a", @ANYRES16=r6, @ANYBLOB="0700000000000000000005000000180001801400020073797a5f74756e0000000000000000000800038004000380"], 0x34}, 0x1, 0x0, 0x0, 0x4000800}, 0x400d4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'wg0\x00', <r7=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000400)={'batadv0\x00', <r8=>0x0})
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r4, &(0x7f0000000540)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0xac, r6, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@HEADER={0x70, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syzkaller1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'gre0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x4044000}, 0x0)

68.191492ms ago: executing program 2 (id=4356):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001940)=@newtaction={0xe80, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe6c, 0x1, [@m_pedit={0xe68, 0x1, 0x0, 0x0, {{0xa}, {0xe3c, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe38, 0x2, {{{}, 0x97, 0x0, [{}]}, [{}, {}, {}, {0x0, 0x101}, {}, {0x448eade7}, {0x0, 0x0, 0x80000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x20000000}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {0xfffffffc}, {}, {}, {}, {0x0, 0x4}, {}, {}, {}, {0x0, 0x10}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffdfd}, {}, {}, {}, {}, {}, {0xfffffffe}, {}, {0xd5}, {}, {}, {}, {0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {0x0, 0x10}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, {0x0, 0x0, 0x0, 0x200}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0xfffffffe}, {}, {0x0, 0x0, 0x0, 0x0, 0x800}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1000}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x800000}, {}, {0x4}, {0x0, 0x0, 0x0, 0x4}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x5}, {}, {}, {}, {}, {}, {0x0, 0x400}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0xfffffffd}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb}], [{}, {}, {}, {}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {0x0, 0x1}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe80}}, 0x0)

0s ago: executing program 1 (id=4357):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x2, 0x7fffffff}]})
r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000080)={0x4, <r2=>r0})
r3 = syz_open_dev$dri(&(0x7f0000000040), 0x1ff, 0xa0003)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r3, 0xc00c642e, &(0x7f00000000c0)={<r4=>0x0, 0x0, r2})
ioctl$DRM_IOCTL_GEM_FLINK(r3, 0xc008640a, &(0x7f0000000180)={r4})
ioctl$DRM_IOCTL_GEM_FLINK(r3, 0xc00864d2, &(0x7f0000000140)={r4})

kernel console output (not intermixed with test programs):

 in process `syz.1.3720'.
[  805.340060][T19385] ip6gretap0: entered promiscuous mode
[  805.344754][T19385] syz_tun: entered promiscuous mode
[  805.347984][T19385] hsr1: Slave A (ip6gretap0) is not up; please bring it up to get a fully working HSR network
[  805.354053][T19385] hsr1: Slave B (syz_tun) is not up; please bring it up to get a fully working HSR network
[  805.425523][T19390] netlink: 'syz.1.3722': attribute type 10 has an invalid length.
[  805.432630][T19390] syz_tun: entered promiscuous mode
[  805.437454][T19390] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  805.633491][T19339] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  805.650806][T19339] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  805.675375][T19339] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  805.681287][T19339] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  805.687047][T19405] 9pnet_virtio: no channels available for device syz
[  805.731507][T19339] 8021q: adding VLAN 0 to HW filter on device bond0
[  805.742926][T12219] usb usb42-port1: unable to enumerate USB device
[  805.744373][T19339] 8021q: adding VLAN 0 to HW filter on device team0
[  805.772398][ T8335] bridge0: port 1(bridge_slave_0) entered blocking state
[  805.775423][ T8335] bridge0: port 1(bridge_slave_0) entered forwarding state
[  805.796963][ T4727] IPVS: stop unused estimator thread 0...
[  805.802927][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  805.805546][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  805.976787][T19339] 8021q: adding VLAN 0 to HW filter on device batadv0
[  806.084303][T19439] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3727'.
[  806.287299][T19339] veth0_vlan: entered promiscuous mode
[  806.310543][T19339] veth1_vlan: entered promiscuous mode
[  806.381008][T19339] veth0_macvtap: entered promiscuous mode
[  806.388619][T19339] veth1_macvtap: entered promiscuous mode
[  806.411194][T19339] batman_adv: batadv0: Interface activated: batadv_slave_0
[  806.429784][T19339] batman_adv: batadv0: Interface activated: batadv_slave_1
[  806.447153][ T1176] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  806.450105][ T1176] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  806.457024][ T1176] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  806.461325][ T1176] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  806.539876][T19454] random: crng reseeded on system resumption
[  806.569490][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  806.572247][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  806.582037][   T53] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  806.639185][ T6103] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  806.642675][ T6103] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  806.733471][   T53] usb 6-1: too many configurations: 9, using maximum allowed: 8
[  806.745466][   T53] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  806.748501][   T53] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  806.766283][   T53] usb 6-1: config 0 interface 0 has no altsetting 0
[  806.769398][   T53] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  806.772910][   T53] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  806.776636][   T53] usb 6-1: config 0 interface 0 has no altsetting 0
[  806.779618][   T53] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  806.783274][   T53] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  806.786823][   T53] usb 6-1: config 0 interface 0 has no altsetting 0
[  806.789981][   T53] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  806.793670][   T53] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  806.797370][   T53] usb 6-1: config 0 interface 0 has no altsetting 0
[  806.800329][   T53] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  806.803567][   T53] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  806.807266][   T53] usb 6-1: config 0 interface 0 has no altsetting 0
[  806.810293][   T53] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  806.813709][   T53] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  806.817341][   T53] usb 6-1: config 0 interface 0 has no altsetting 0
[  806.820545][   T53] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  806.824124][   T53] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  806.827821][   T53] usb 6-1: config 0 interface 0 has no altsetting 0
[  806.831214][   T53] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  806.834968][   T53] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  806.838690][   T53] usb 6-1: config 0 interface 0 has no altsetting 0
[  806.842880][   T53] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  806.846096][   T53] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  806.848950][   T53] usb 6-1: Product: syz
[  806.850375][   T53] usb 6-1: Manufacturer: syz
[  806.852469][   T53] usb 6-1: SerialNumber: syz
[  806.855556][   T53] usb 6-1: config 0 descriptor??
[  806.864275][   T53] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0
[  806.876133][ T5957] Bluetooth: hci2: command tx timeout
[  807.238820][    C3] usb 6-1: yurex_control_callback - control failed: -71
[  807.239071][    T9] usb 6-1: USB disconnect, device number 16
[  807.245567][T19469] yurex 6-1:0.0: yurex_write - failed to send bulk msg, error -19
[  807.249308][    T9] yurex 6-1:0.0: USB YUREX #0 now disconnected
[  807.814793][T19478] syz_tun: entered allmulticast mode
[  807.842067][T19478] dvmrp9: entered allmulticast mode
[  807.844361][T19480] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3735'.
[  807.863013][T19477] syz_tun: left allmulticast mode
[  808.174058][T19488] random: crng reseeded on system resumption
[  808.246827][T19495] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  808.249260][T19495] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  808.253135][T19495] vhci_hcd vhci_hcd.0: Device attached
[  808.362459][T19503] overlay: ./file0 is not a directory
[  808.551996][T12219] usb 44-1: SetAddress Request (57) to port 0
[  808.554229][T12219] usb 44-1: new SuperSpeed USB device number 57 using vhci_hcd
[  808.823936][T19497] vhci_hcd: connection reset by peer
[  808.827200][ T8336] vhci_hcd vhci_hcd.3: stop threads
[  808.829214][ T8336] vhci_hcd vhci_hcd.3: release socket
[  808.833522][ T8336] vhci_hcd vhci_hcd.3: disconnect device
[  808.902353][ T5957] Bluetooth: hci2: command tx timeout
[  809.077355][T19513] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3744'.
[  809.330709][T19521] syz_tun: entered allmulticast mode
[  809.366283][T19520] syz_tun: left allmulticast mode
[  809.696658][T19535] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3753'.
[  809.748307][T19537] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3754'.
[  809.810352][T19542] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  809.812600][T19542] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  809.815922][T19542] vhci_hcd vhci_hcd.0: Device attached
[  809.904272][T19542] bond0: (slave syz_tun): Releasing backup interface
[  809.954520][T19546] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  809.958681][T19546] block device autoloading is deprecated and will be removed.
[  810.092067][ T6044] usb 40-1: SetAddress Request (80) to port 0
[  810.094517][ T6044] usb 40-1: new SuperSpeed USB device number 80 using vhci_hcd
[  810.102082][ T6171] usb 9-1: new full-speed USB device number 2 using dummy_hcd
[  810.121135][T19542] bond1: (slave dummy0): Releasing active interface
[  810.242501][ T6171] usb 9-1: device descriptor read/64, error -71
[  810.282328][T19542] bridge_slave_0: left allmulticast mode
[  810.284349][T19542] bridge_slave_0: left promiscuous mode
[  810.287812][T19542] bridge0: port 1(bridge_slave_0) entered disabled state
[  810.403794][T19542] bridge_slave_1: left allmulticast mode
[  810.405855][T19542] bridge_slave_1: left promiscuous mode
[  810.423160][T19553] netlink: 'syz.3.3757': attribute type 10 has an invalid length.
[  810.477547][T19542] bridge0: port 2(bridge_slave_1) entered disabled state
[  810.482007][ T6171] usb 9-1: new full-speed USB device number 3 using dummy_hcd
[  810.517917][T19542] bond0: (slave bond_slave_0): Releasing backup interface
[  810.529369][T19542] bond0: (slave bond_slave_1): Releasing backup interface
[  810.551122][T19542] team0: Port device team_slave_0 removed
[  810.579039][T19542] team0: Port device team_slave_1 removed
[  810.582171][T19542] batman_adv: batadv0: Removing interface: batadv_slave_0
[  810.595480][T19542] batman_adv: batadv0: Removing interface: batadv_slave_1
[  810.602420][T19542] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  810.621957][ T6171] usb 9-1: device descriptor read/64, error -71
[  810.643889][T19553] batman_adv: batadv0: Adding interface: team0
[  810.646240][T19553] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  810.673067][T19553] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  810.732189][ T6171] usb usb9-port1: attempt power cycle
[  810.783622][T19543] vhci_hcd: connection reset by peer
[  810.786415][T15676] vhci_hcd vhci_hcd.1: stop threads
[  810.788195][T15676] vhci_hcd vhci_hcd.1: release socket
[  810.790048][T15676] vhci_hcd vhci_hcd.1: disconnect device
[  810.988053][ T5957] Bluetooth: hci2: command tx timeout
[  811.082070][ T6171] usb 9-1: new full-speed USB device number 4 using dummy_hcd
[  811.103164][ T6171] usb 9-1: device descriptor read/8, error -71
[  811.128738][T19557] random: crng reseeded on system resumption
[  811.179716][T19560] tmpfs: Bad value for 'nr_inodes'
[  811.341986][ T6171] usb 9-1: new full-speed USB device number 5 using dummy_hcd
[  811.363681][ T6171] usb 9-1: device descriptor read/8, error -71
[  811.371398][T19571] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3764'.
[  811.427663][T19576] program syz.3.3766 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  811.476332][ T6171] usb usb9-port1: unable to enumerate USB device
[  811.500363][T19579] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3763'.
[  812.516154][T19587] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  812.518419][T19587] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  812.521397][T19587] vhci_hcd vhci_hcd.0: Device attached
[  812.605250][T19588] vhci_hcd: connection closed
[  812.605503][ T6128] vhci_hcd vhci_hcd.1: stop threads
[  812.609963][ T6128] vhci_hcd vhci_hcd.1: release socket
[  812.613134][ T6128] vhci_hcd vhci_hcd.1: disconnect device
[  813.204705][T19597] random: crng reseeded on system resumption
[  813.385713][ T1418] ieee802154 phy0 wpan0: encryption failed: -22
[  813.388731][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
[  813.632175][T12219] usb 44-1: device descriptor read/8, error -110
[  813.649617][T19617] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  813.652286][T19617] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  813.658175][T19617] vhci_hcd vhci_hcd.0: Device attached
[  813.920164][T19616] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  813.922387][T19616] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  813.926110][T19616] vhci_hcd vhci_hcd.0: Device attached
[  813.941965][ T6171] usb 42-1: SetAddress Request (69) to port 0
[  813.947647][ T6171] usb 42-1: new SuperSpeed USB device number 69 using vhci_hcd
[  814.033306][T12219] usb usb44-port1: attempt power cycle
[  814.457173][T19618] vhci_hcd: connection reset by peer
[  814.459968][   T61] vhci_hcd vhci_hcd.2: stop threads
[  814.463186][   T61] vhci_hcd vhci_hcd.2: release socket
[  814.465754][   T61] vhci_hcd vhci_hcd.2: disconnect device
[  814.603904][T12219] usb usb44-port1: unable to enumerate USB device
[  814.623238][T19628] syz_tun: entered allmulticast mode
[  814.627709][T19627] syz_tun: left allmulticast mode
[  814.673031][T19630] x_tables: ip6_tables: TCPMSS target: only valid for protocol 6
[  814.786835][T19624] vhci_hcd: connection closed
[  814.792102][   T61] vhci_hcd vhci_hcd.1: stop threads
[  814.799875][   T61] vhci_hcd vhci_hcd.1: release socket
[  814.801691][   T61] vhci_hcd vhci_hcd.1: disconnect device
[  814.820213][T19636] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3780'.
[  815.059647][T19643] random: crng reseeded on system resumption
[  815.152090][ T6044] usb 40-1: device descriptor read/8, error -110
[  815.186794][T19654] syz_tun: entered allmulticast mode
[  815.190800][T19653] syz_tun: left allmulticast mode
[  815.288404][T19662] netlink: 'syz.4.3790': attribute type 1 has an invalid length.
[  815.344253][T19667] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3790'.
[  815.553770][ T6044] usb usb40-port1: attempt power cycle
[  815.735387][T19683] random: crng reseeded on system resumption
[  815.838845][T19690] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3797'.
[  815.844112][T19690] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check.
[  815.844267][T19688] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  815.853885][T19688] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  815.898610][T19688] vhci_hcd vhci_hcd.0: Device attached
[  816.133157][ T6044] usb usb40-port1: unable to enumerate USB device
[  816.181922][T12219] usb 46-1: SetAddress Request (2) to port 0
[  816.181982][T12219] usb 46-1: new SuperSpeed USB device number 2 using vhci_hcd
[  816.418581][T19691] vhci_hcd: connection reset by peer
[  816.423968][   T13] vhci_hcd vhci_hcd.4: stop threads
[  816.423991][   T13] vhci_hcd vhci_hcd.4: release socket
[  816.424080][   T13] vhci_hcd vhci_hcd.4: disconnect device
[  816.494516][T19706] FAULT_INJECTION: forcing a failure.
[  816.494516][T19706] name failslab, interval 1, probability 0, space 0, times 0
[  816.494562][T19706] CPU: 2 UID: 0 PID: 19706 Comm: syz.2.3801 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  816.494588][T19706] Tainted: [L]=SOFTLOCKUP
[  816.494595][T19706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  816.494607][T19706] Call Trace:
[  816.494613][T19706]  <TASK>
[  816.494620][T19706]  dump_stack_lvl+0x16c/0x1f0
[  816.494652][T19706]  should_fail_ex+0x512/0x640
[  816.494673][T19706]  ? fs_reclaim_acquire+0xae/0x150
[  816.494704][T19706]  should_failslab+0xc2/0x120
[  816.494732][T19706]  __kmalloc_noprof+0xeb/0x910
[  816.494753][T19706]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  816.494784][T19706]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  816.494808][T19706]  tomoyo_realpath_from_path+0xc2/0x6e0
[  816.494835][T19706]  ? tomoyo_profile+0x47/0x60
[  816.494866][T19706]  tomoyo_path_number_perm+0x245/0x580
[  816.494886][T19706]  ? tomoyo_path_number_perm+0x237/0x580
[  816.494909][T19706]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  816.494957][T19706]  ? find_held_lock+0x2b/0x80
[  816.495001][T19706]  ? hook_file_ioctl_common+0x144/0x410
[  816.495029][T19706]  ? __fget_files+0x20e/0x3c0
[  816.495053][T19706]  ? __fput_deferred+0x430/0x480
[  816.495077][T19706]  security_file_ioctl_compat+0x9b/0x240
[  816.495100][T19706]  __ia32_compat_sys_ioctl+0xc3/0x370
[  816.495127][T19706]  __do_fast_syscall_32+0xe8/0x680
[  816.495159][T19706]  do_fast_syscall_32+0x32/0x80
[  816.495177][T19706]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  816.495200][T19706] RIP: 0023:0xf701d579
[  816.495215][T19706] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  816.495232][T19706] RSP: 002b:00000000f53ec55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  816.495250][T19706] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000004b40
[  816.495262][T19706] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[  816.495273][T19706] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  816.495284][T19706] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  816.495295][T19706] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  816.495321][T19706]  </TASK>
[  816.495414][T19706] ERROR: Out of memory at tomoyo_realpath_from_path.
[  817.088448][T19714] netlink: 'syz.1.3802': attribute type 17 has an invalid length.
[  817.088465][T19714] netlink: 'syz.1.3802': attribute type 16 has an invalid length.
[  817.088472][T19714] netlink: 152 bytes leftover after parsing attributes in process `syz.1.3802'.
[  817.342646][T19727] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3805'.
[  817.567234][ T5957] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  817.596811][T19742] random: crng reseeded on system resumption
[  817.962446][T19758] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  817.965139][T19758] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  817.969729][T19758] vhci_hcd vhci_hcd.0: Device attached
[  818.252231][   T55] usb 44-1: SetAddress Request (61) to port 0
[  818.255660][   T55] usb 44-1: new SuperSpeed USB device number 61 using vhci_hcd
[  818.983529][ T6171] usb 42-1: device descriptor read/8, error -110
[  819.082122][T19759] vhci_hcd: connection reset by peer
[  819.096766][ T8327] vhci_hcd vhci_hcd.3: stop threads
[  819.098589][ T8327] vhci_hcd vhci_hcd.3: release socket
[  819.100493][ T8327] vhci_hcd vhci_hcd.3: disconnect device
[  819.402576][ T6171] usb usb42-port1: attempt power cycle
[  819.677664][T19777] random: crng reseeded on system resumption
[  819.982509][ T6171] usb usb42-port1: unable to enumerate USB device
[  820.262812][T19796] netlink: 'syz.3.3821': attribute type 24 has an invalid length.
[  820.265559][T19796] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3821'.
[  820.287709][T19796] bond3: option ad_actor_sys_prio: invalid value (0)
[  820.290201][T19796] bond3: option ad_actor_sys_prio: allowed values 1 - 65535
[  820.295615][T19796] bond3 (unregistering): Released all slaves
[  820.326505][T19801] netlink: 'syz.3.3821': attribute type 21 has an invalid length.
[  820.329167][T19801] IPv6: NLM_F_CREATE should be specified when creating new route
[  820.332263][T19801] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  820.335301][T19801] IPv6: NLM_F_CREATE should be set when creating new route
[  820.337677][T19801] IPv6: NLM_F_CREATE should be set when creating new route
[  820.340116][T19801] IPv6: NLM_F_CREATE should be set when creating new route
[  820.344449][T19801] netlink: 'syz.3.3821': attribute type 21 has an invalid length.
[  820.347106][T19801] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  820.584343][T19814] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3826'.
[  820.588380][T19807] random: crng reseeded on system resumption
[  820.757838][   T40] audit: type=1326 audit(1766862237.796:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19820 comm="syz.3.3828" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff1579 code=0x0
[  820.792003][ T1025] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  820.951894][ T1025] usb 7-1: Using ep0 maxpacket: 8
[  820.957362][ T1025] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[  820.961065][ T1025] usb 7-1: config 179 has no interface number 0
[  820.964314][ T1025] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  820.969281][ T1025] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  820.974569][ T1025] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  820.979437][ T1025] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  820.984502][ T1025] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  820.990348][ T1025] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  820.991155][T19829] netlink: 'syz.1.3829': attribute type 1 has an invalid length.
[  820.994538][ T1025] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  821.006331][T19810] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  821.223633][ T1025] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:179.65/input/input61
[  821.762911][T12219] usb 46-1: device descriptor read/8, error -110
[  823.189326][T12219] usb usb46-port1: attempt power cycle
[  823.302237][   T55] usb 44-1: device descriptor read/8, error -110
[  823.698060][   T55] usb usb44-port1: attempt power cycle
[  823.812378][T12219] usb usb46-port1: unable to enumerate USB device
[  824.252835][   T55] usb usb44-port1: unable to enumerate USB device
[  824.552275][T19851] FAULT_INJECTION: forcing a failure.
[  824.552275][T19851] name failslab, interval 1, probability 0, space 0, times 0
[  824.556459][T19851] CPU: 2 UID: 0 PID: 19851 Comm: syz.3.3835 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  824.556478][T19851] Tainted: [L]=SOFTLOCKUP
[  824.556482][T19851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  824.556489][T19851] Call Trace:
[  824.556494][T19851]  <TASK>
[  824.556499][T19851]  dump_stack_lvl+0x16c/0x1f0
[  824.556520][T19851]  should_fail_ex+0x512/0x640
[  824.556533][T19851]  ? kmem_cache_alloc_noprof+0x62/0x770
[  824.556549][T19851]  should_failslab+0xc2/0x120
[  824.556566][T19851]  kmem_cache_alloc_noprof+0x83/0x770
[  824.556580][T19851]  ? getname_flags.part.0+0x4c/0x550
[  824.556595][T19851]  ? getname_flags.part.0+0x4c/0x550
[  824.556607][T19851]  getname_flags.part.0+0x4c/0x550
[  824.556621][T19851]  getname_flags+0x93/0xf0
[  824.556635][T19851]  __ia32_sys_rename+0x57/0xa0
[  824.556647][T19851]  __do_fast_syscall_32+0xe8/0x680
[  824.556667][T19851]  do_fast_syscall_32+0x32/0x80
[  824.556677][T19851]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  824.556691][T19851] RIP: 0023:0xf7ff1579
[  824.556700][T19851] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  824.556711][T19851] RSP: 002b:00000000f54a455c EFLAGS: 00000296 ORIG_RAX: 0000000000000026
[  824.556722][T19851] RAX: ffffffffffffffda RBX: 0000000080000100 RCX: 0000000080000140
[  824.556729][T19851] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  824.556736][T19851] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  824.556742][T19851] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  824.556749][T19851] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  824.556762][T19851]  </TASK>
[  824.904391][T19861] random: crng reseeded on system resumption
[  825.379834][  T841] usb 7-1: USB disconnect, device number 19
[  825.379839][    C0] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  825.379865][    C0] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  825.406314][T19866] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3839'.
[  825.655780][T19875] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3842'.
[  825.939280][T19880] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  825.941475][T19880] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  825.994106][T19880] vhci_hcd vhci_hcd.0: Device attached
[  826.342189][   T55] usb 42-1: SetAddress Request (73) to port 0
[  826.347401][   T55] usb 42-1: new SuperSpeed USB device number 73 using vhci_hcd
[  827.038220][T19881] vhci_hcd: connection reset by peer
[  827.041336][ T8334] vhci_hcd vhci_hcd.2: stop threads
[  827.044157][ T8334] vhci_hcd vhci_hcd.2: release socket
[  827.047293][ T8334] vhci_hcd vhci_hcd.2: disconnect device
[  827.496063][T19898] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3848'.
[  827.501233][T19898] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3848'.
[  827.692363][T19900] can: request_module (can-proto-0) failed.
[  827.753467][T19902] netlink: 'syz.4.3849': attribute type 10 has an invalid length.
[  827.779091][T19902] 8021q: adding VLAN 0 to HW filter on device bond0
[  827.796449][T19902] team0: Port device bond0 added
[  827.810379][T19902] netlink: 23272 bytes leftover after parsing attributes in process `syz.4.3849'.
[  828.002114][T13997] usb 7-1: new full-speed USB device number 20 using dummy_hcd
[  828.154499][T13997] usb 7-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  828.159153][T13997] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  828.164828][T13997] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  828.169199][T13997] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  828.173118][T13997] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  828.179935][T13997] usb 7-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  828.184211][T13997] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  828.187844][T13997] usb 7-1: Product: syz
[  828.189466][T13997] usb 7-1: Manufacturer: syz
[  828.191006][T13997] usb 7-1: SerialNumber: syz
[  828.194118][T13997] usb 7-1: config 0 descriptor??
[  828.201637][T19904] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  828.209228][T13997] input: KB Gear Tablet as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/input/input62
[  828.355235][    C2] kbtab 7-1:0.0: kbtab_irq - usb_submit_urb failed with result -1
[  828.383281][    C3] kbtab 7-1:0.0: kbtab_irq - usb_submit_urb failed with result -1
[  828.494496][    C3] kbtab 7-1:0.0: kbtab_irq - usb_submit_urb failed with result -1
[  828.502035][T17464] usb 7-1: USB disconnect, device number 20
[  828.615354][T19914] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3853'.
[  828.874451][T19919] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3854'.
[  829.308205][T19925] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  829.311231][T19925] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  829.315501][T19925] vhci_hcd vhci_hcd.0: Device attached
[  829.591992][  T841] usb 44-1: SetAddress Request (65) to port 0
[  829.596214][  T841] usb 44-1: new SuperSpeed USB device number 65 using vhci_hcd
[  829.633938][T19932] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3857'.
[  829.639271][T19932] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3857'.
[  829.674935][T19934] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3859'.
[  830.344759][T19950] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(8)
[  830.346966][T19950] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  830.349667][T19950] vhci_hcd vhci_hcd.0: Device attached
[  830.633120][T13997] usb 46-1: SetAddress Request (6) to port 0
[  830.636149][T13997] usb 46-1: new SuperSpeed USB device number 6 using vhci_hcd
[  830.710837][T19926] vhci_hcd: connection reset by peer
[  830.714893][   T12] vhci_hcd vhci_hcd.3: stop threads
[  830.716781][   T12] vhci_hcd vhci_hcd.3: release socket
[  830.719971][   T12] vhci_hcd vhci_hcd.3: disconnect device
[  830.730324][T19953] vhci_hcd: connection reset by peer
[  830.732804][   T12] vhci_hcd vhci_hcd.4: stop threads
[  830.734674][   T12] vhci_hcd vhci_hcd.4: release socket
[  830.736714][   T12] vhci_hcd vhci_hcd.4: disconnect device
[  830.838428][T19960] __nla_validate_parse: 1 callbacks suppressed
[  830.838446][T19960] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3869'.
[  830.845679][T19960] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3869'.
[  831.247946][T19968] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  831.250699][T19968] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  831.269365][T19968] vhci_hcd vhci_hcd.0: Device attached
[  831.784713][T19974] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  831.787278][T19974] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  831.970951][T19974] vhci_hcd vhci_hcd.0: Device attached
[  832.031031][T19983] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3874'.
[  832.068352][T19987] FAULT_INJECTION: forcing a failure.
[  832.068352][T19987] name failslab, interval 1, probability 0, space 0, times 0
[  832.072430][T19987] CPU: 3 UID: 0 PID: 19987 Comm: syz.1.3876 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  832.072449][T19987] Tainted: [L]=SOFTLOCKUP
[  832.072453][T19987] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  832.072460][T19987] Call Trace:
[  832.072465][T19987]  <TASK>
[  832.072470][T19987]  dump_stack_lvl+0x16c/0x1f0
[  832.072490][T19987]  should_fail_ex+0x512/0x640
[  832.072503][T19987]  ? kmem_cache_alloc_lru_noprof+0x66/0x770
[  832.072520][T19987]  should_failslab+0xc2/0x120
[  832.072538][T19987]  kmem_cache_alloc_lru_noprof+0x87/0x770
[  832.072552][T19987]  ? sock_alloc_inode+0x25/0x1c0
[  832.072571][T19987]  ? __pfx_sock_alloc_inode+0x10/0x10
[  832.072587][T19987]  ? sock_alloc_inode+0x25/0x1c0
[  832.072602][T19987]  sock_alloc_inode+0x25/0x1c0
[  832.072618][T19987]  alloc_inode+0x64/0x240
[  832.072632][T19987]  sock_alloc+0x40/0x280
[  832.072648][T19987]  do_accept+0xf7/0x530
[  832.072659][T19987]  ? do_raw_spin_lock+0x12c/0x2b0
[  832.072673][T19987]  ? __pfx_do_accept+0x10/0x10
[  832.072693][T19987]  io_accept+0x259/0x950
[  832.072713][T19987]  ? __pfx_io_accept+0x10/0x10
[  832.072733][T19987]  __io_issue_sqe+0xe8/0x7c0
[  832.072746][T19987]  io_issue_sqe+0x85/0x1410
[  832.072763][T19987]  io_submit_sqes+0xb24/0x28e0
[  832.072784][T19987]  __do_sys_io_uring_enter+0xd6b/0x1630
[  832.072801][T19987]  ? __fget_files+0x20e/0x3c0
[  832.072817][T19987]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  832.072834][T19987]  ? fput+0x70/0xf0
[  832.072845][T19987]  ? ksys_write+0x1ac/0x250
[  832.072860][T19987]  ? __pfx_ksys_write+0x10/0x10
[  832.072876][T19987]  ? do_user_addr_fault+0x843/0x1370
[  832.072892][T19987]  __do_fast_syscall_32+0xe8/0x680
[  832.072911][T19987]  do_fast_syscall_32+0x32/0x80
[  832.072922][T19987]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  832.072936][T19987] RIP: 0023:0xf7fa6579
[  832.072945][T19987] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  832.072956][T19987] RSP: 002b:00000000f549655c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[  832.072968][T19987] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000000003516
[  832.072975][T19987] RDX: 0000000000003e44 RSI: 0000000000000008 RDI: 0000000000000000
[  832.072981][T19987] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  832.072987][T19987] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  832.072994][T19987] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  832.073008][T19987]  </TASK>
[  832.212308][T19969] vhci_hcd: connection reset by peer
[  832.215454][ T8334] vhci_hcd vhci_hcd.2: stop threads
[  832.220091][ T8334] vhci_hcd vhci_hcd.2: release socket
[  832.240203][T19990] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3877'.
[  832.242081][ T8334] vhci_hcd vhci_hcd.2: disconnect device
[  832.242085][   T55] usb 42-1: device descriptor read/8, error -110
[  832.290905][T19991] qrtr: Invalid version 0
[  833.091965][   T55] usb 42-1: SetAddress Request (74) to port 0
[  833.667821][   T55] usb 42-1: new SuperSpeed USB device number 74 using vhci_hcd
[  833.691972][   T55] usb 42-1: enqueue for inactive port 0
[  833.806086][T19999] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3878'.
[  833.809394][T19999] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3878'.
[  833.812536][   T55] usb usb42-port1: attempt power cycle
[  833.866256][T20001] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3879'.
[  834.206528][T19975] vhci_hcd: connection closed
[  834.209778][   T12] vhci_hcd vhci_hcd.4: stop threads
[  834.224820][   T12] vhci_hcd vhci_hcd.4: release socket
[  834.232349][   T12] vhci_hcd vhci_hcd.4: disconnect device
[  834.392465][   T55] usb usb42-port1: unable to enumerate USB device
[  834.672016][  T841] usb 44-1: device descriptor read/8, error -110
[  834.847059][T20041] FAULT_INJECTION: forcing a failure.
[  834.847059][T20041] name failslab, interval 1, probability 0, space 0, times 0
[  834.851219][T20041] CPU: 1 UID: 0 PID: 20041 Comm: syz.4.3892 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  834.851238][T20041] Tainted: [L]=SOFTLOCKUP
[  834.851242][T20041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  834.851250][T20041] Call Trace:
[  834.851255][T20041]  <TASK>
[  834.851260][T20041]  dump_stack_lvl+0x16c/0x1f0
[  834.851281][T20041]  should_fail_ex+0x512/0x640
[  834.851294][T20041]  ? fs_reclaim_acquire+0xae/0x150
[  834.851314][T20041]  should_failslab+0xc2/0x120
[  834.851331][T20041]  __kmalloc_noprof+0xeb/0x910
[  834.851343][T20041]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  834.851373][T20041]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  834.851397][T20041]  tomoyo_realpath_from_path+0xc2/0x6e0
[  834.851425][T20041]  ? tomoyo_profile+0x47/0x60
[  834.851456][T20041]  tomoyo_path_number_perm+0x245/0x580
[  834.851477][T20041]  ? tomoyo_path_number_perm+0x237/0x580
[  834.851501][T20041]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  834.851553][T20041]  ? find_held_lock+0x2b/0x80
[  834.851573][T20041]  ? hook_file_ioctl_common+0x144/0x410
[  834.851590][T20041]  ? __fget_files+0x20e/0x3c0
[  834.851605][T20041]  ? __fput_deferred+0x430/0x480
[  834.851618][T20041]  security_file_ioctl_compat+0x9b/0x240
[  834.851633][T20041]  __ia32_compat_sys_ioctl+0xc3/0x370
[  834.851650][T20041]  __do_fast_syscall_32+0xe8/0x680
[  834.851669][T20041]  do_fast_syscall_32+0x32/0x80
[  834.851680][T20041]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  834.851707][T20041] RIP: 0023:0xf7fe4579
[  834.851717][T20041] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  834.851728][T20041] RSP: 002b:00000000f54d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  834.851740][T20041] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005425
[  834.851746][T20041] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000000
[  834.851753][T20041] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  834.851759][T20041] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  834.851766][T20041] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  834.851780][T20041]  </TASK>
[  834.935726][T20041] ERROR: Out of memory at tomoyo_realpath_from_path.
[  835.142776][  T841] usb usb44-port1: attempt power cycle
[  835.216619][T20052] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3896'.
[  835.238739][T20053] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  835.240908][T20053] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  835.244197][T20053] vhci_hcd vhci_hcd.0: Device attached
[  835.482027][  T841] usb 44-1: SetAddress Request (67) to port 0
[  835.484825][  T841] usb 44-1: new SuperSpeed USB device number 67 using vhci_hcd
[  835.711930][T13997] usb 46-1: device descriptor read/8, error -110
[  835.850786][T20064] FAULT_INJECTION: forcing a failure.
[  835.850786][T20064] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  835.857156][T20064] CPU: 0 UID: 0 PID: 20064 Comm: syz.4.3899 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  835.857181][T20064] Tainted: [L]=SOFTLOCKUP
[  835.857185][T20064] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  835.857193][T20064] Call Trace:
[  835.857198][T20064]  <TASK>
[  835.857204][T20064]  dump_stack_lvl+0x16c/0x1f0
[  835.857229][T20064]  should_fail_ex+0x512/0x640
[  835.857247][T20064]  _copy_from_user+0x2e/0xd0
[  835.857261][T20064]  __sys_bpf+0x248/0x4980
[  835.857276][T20064]  ? __pfx___sys_bpf+0x10/0x10
[  835.857286][T20064]  ? find_held_lock+0x2b/0x80
[  835.857307][T20064]  ? find_held_lock+0x2b/0x80
[  835.857325][T20064]  ? __mutex_unlock_slowpath+0x161/0x790
[  835.857353][T20064]  ? fput+0x70/0xf0
[  835.857367][T20064]  ? ksys_write+0x1ac/0x250
[  835.857384][T20064]  ? __pfx_ksys_write+0x10/0x10
[  835.857403][T20064]  __ia32_sys_bpf+0x76/0xe0
[  835.857414][T20064]  ? lockdep_hardirqs_on+0x7c/0x110
[  835.857432][T20064]  __do_fast_syscall_32+0xe8/0x680
[  835.857453][T20064]  do_fast_syscall_32+0x32/0x80
[  835.857464][T20064]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  835.857480][T20064] RIP: 0023:0xf7fe4579
[  835.857492][T20064] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  835.857504][T20064] RSP: 002b:00000000f54d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  835.857517][T20064] RAX: ffffffffffffffda RBX: 0000000000000012 RCX: 0000000080000200
[  835.857525][T20064] RDX: 0000000000000028 RSI: 0000000000000000 RDI: 0000000000000000
[  835.857532][T20064] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  835.857539][T20064] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  835.857546][T20064] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  835.857561][T20064]  </TASK>
[  835.938884][T20054] vhci_hcd: connection reset by peer
[  835.943624][ T8336] vhci_hcd vhci_hcd.3: stop threads
[  835.947134][ T8336] vhci_hcd vhci_hcd.3: release socket
[  835.949322][ T8336] vhci_hcd vhci_hcd.3: disconnect device
[  835.971289][T20067] comedi: valid board names for 8255 driver are:
[  835.974007][T20067]  8255
[  835.975285][T20067] comedi: valid board names for vmk80xx driver are:
[  835.977518][T20067]  vmk80xx
[  835.978656][T20067] comedi: valid board names for usbduxsigma driver are:
[  835.980928][T20067]  usbduxsigma
[  835.982465][T20067] comedi: valid board names for usbduxfast driver are:
[  835.984991][T20067]  usbduxfast
[  835.986216][T20067] comedi: valid board names for usbdux driver are:
[  835.988365][T20067]  usbdux
[  835.989432][T20067] comedi: valid board names for ni6501 driver are:
[  835.991599][T20067]  ni6501
[  835.994258][T20067] comedi: valid board names for dt9812 driver are:
[  835.996472][T20067]  dt9812
[  835.997474][T20067] comedi: valid board names for ni_labpc_cs driver are:
[  835.999985][T20067]  ni_labpc_cs
[  836.001134][T20067] comedi: valid board names for ni_daq_700 driver are:
[  836.003599][T20067]  ni_daq_700
[  836.005098][T20067] comedi: valid board names for labpc_pci driver are:
[  836.007700][T20067]  labpc_pci
[  836.010306][T20067] comedi: valid board names for adl_pci9118 driver are:
[  836.013312][T20067]  pci9118dg
[  836.014574][T20067]  pci9118hg
[  836.015856][T20067]  pci9118hr
[  836.017117][T20067] comedi: valid board names for 8255_pci driver are:
[  836.019478][T20067]  8255_pci
[  836.020628][T20067] comedi: valid board names for s526 driver are:
[  836.023828][T20067]  s526
[  836.024932][T20067] comedi: valid board names for multiq3 driver are:
[  836.027300][T20067]  multiq3
[  836.028435][T20067] comedi: valid board names for pcmuio driver are:
[  836.030735][T20067]  pcmuio48
[  836.032087][T20067]  pcmuio96
[  836.033286][T20067] comedi: valid board names for pcmmio driver are:
[  836.035683][T20067]  pcmmio
[  836.038738][T20067] comedi: valid board names for pcmda12 driver are:
[  836.041222][T20067]  pcmda12
[  836.042979][T20067] comedi: valid board names for pcmad driver are:
[  836.045329][T20067]  pcmad12
[  836.046551][T20067]  pcmad16
[  836.047742][T20067] comedi: valid board names for ni_labpc driver are:
[  836.050122][T20067]  lab-pc-1200
[  836.051354][T20067]  lab-pc-1200ai
[  836.052697][T20067]  lab-pc+
[  836.053818][T20067] comedi: valid board names for atmio16 driver are:
[  836.056103][T20067]  atmio16
[  836.057263][T20067]  atmio16d
[  836.058530][T20067] comedi: valid board names for ni_at_ao driver are:
[  836.060962][T20067]  at-ao-6
[  836.062302][T20067]  at-ao-10
[  836.063465][T20067] comedi: valid board names for ni_at_a2150 driver are:
[  836.065899][T20067]  ni_at_a2150
[  836.067176][T20067] comedi: valid board names for adq12b driver are:
[  836.069461][T20067]  adq12b
[  836.070597][T20067] comedi: valid board names for mpc624 driver are:
[  836.073381][T20067]  mpc624
[  836.074592][T20067] comedi: valid board names for c6xdigio driver are:
[  836.077595][T20067]  c6xdigio
[  836.078824][T20067] comedi: valid board names for aio_iiro_16 driver are:
[  836.081222][T20067]  aio_iiro_16
[  836.082671][T20067] comedi: valid board names for aio_aio12_8 driver are:
[  836.085258][T20067]  aio_aio12_8
[  836.086553][T20067]  aio_ai12_8
[  836.087881][T20067]  aio_ao12_4
[  836.089145][T20067] comedi: valid board names for fl512 driver are:
[  836.091464][T20067]  fl512
[  836.092608][T20067] comedi: valid board names for dmm32at driver are:
[  836.095180][T20067]  dmm32at
[  836.096527][T20067] comedi: valid board names for dt282x driver are:
[  836.099683][T20067]  dt2821
[  836.101142][T20067]  dt2821-f
[  836.102894][T20067]  dt2821-g
[  836.104527][T20067]  dt2823
[  836.106005][T20067]  dt2824-pgh
[  836.107721][T20067]  dt2824-pgl
[  836.109198][T20067]  dt2825
[  836.110913][T20067]  dt2827
[  836.112408][T20067]  dt2828
[  836.113958][T20067]  dt2829
[  836.115409][T20067]  dt21-ez
[  836.116900][T20067]  dt23-ez
[  836.118410][T20067]  dt24-ez
[  836.119954][T20067]  dt24-ez-pgl
[  836.121585][T20067] comedi: valid board names for dt2817 driver are:
[  836.124696][T20067]  dt2817
[  836.126307][T20067] comedi: valid board names for dt2815 driver are:
[  836.129387][T20067]  dt2815
[  836.130872][T20067] comedi: valid board names for dt2814 driver are:
[  836.133942][T20067]  dt2814
[  836.135441][T20067] comedi: valid board names for dt2811 driver are:
[  836.138507][T20067]  dt2811-pgh
[  836.140121][T20067]  dt2811-pgl
[  836.141780][T20067] comedi: valid board names for dt2801 driver are:
[  836.145629][T20067]  dt2801
[  836.147174][T20067] comedi: valid board names for das6402 driver are:
[  836.150338][T20067]  das6402-12
[  836.152023][T20067]  das6402-16
[  836.153628][T20067] comedi: valid board names for das1800 driver are:
[  836.156736][T20067]  das-1701st
[  836.158368][T20067]  das-1701st-da
[  836.160185][T20067]  das-1702st
[  836.161890][T20067]  das-1702st-da
[  836.163630][T20067]  das-1702hr
[  836.165236][T20067]  das-1702hr-da
[  836.167002][T20067]  das-1701ao
[  836.168606][T20067]  das-1702ao
[  836.170209][T20067]  das-1801st
[  836.171967][T20067]  das-1801st-da
[  836.173673][T20067]  das-1802st
[  836.175345][T20067]  das-1802st-da
[  836.177029][T20067]  das-1802hr
[  836.178676][T20067]  das-1802hr-da
[  836.180362][T20067]  das-1801hc
[  836.182254][T20067]  das-1802hc
[  836.183900][T20067]  das-1801ao
[  836.185520][T20067]  das-1802ao
[  836.187151][T20067] comedi: valid board names for das800 driver are:
[  836.190145][T20067]  das-800
[  836.191639][T20067]  cio-das800
[  836.193285][T20067]  das-801
[  836.194785][T20067]  cio-das801
[  836.196399][T20067]  das-802
[  836.197909][T20067]  cio-das802
[  836.199561][T20067]  cio-das802/16
[  836.201262][T20067] comedi: valid board names for isa-das08 driver are:
[  836.204458][T20067]  isa-das08
[  836.206095][T20067]  das08-pgm
[  836.207669][T20067]  das08-pgh
[  836.209290][T20067]  das08-pgl
[  836.210866][T20067]  das08-aoh
[  836.212778][T20067]  das08-aol
[  836.214381][T20067]  das08-aom
[  836.215948][T20067]  das08/jr-ao
[  836.217591][T20067]  das08jr-16-ao
[  836.219318][T20067]  pc104-das08
[  836.220976][T20067]  das08jr/16
[  836.222686][T20067] comedi: valid board names for das16m1 driver are:
[  836.225776][T20067]  das16m1
[  836.227291][T20067] comedi: valid board names for dac02 driver are:
[  836.230235][T20067]  dac02
[  836.231653][T20067] comedi: valid board names for rti802 driver are:
[  836.234833][T20067]  rti802
[  836.236336][T20067] comedi: valid board names for rti800 driver are:
[  836.239617][T20067]  rti800
[  836.240814][T20067]  rti815
[  836.242028][T20067] comedi: valid board names for pcm3724 driver are:
[  836.244486][T20067]  pcm3724
[  836.245778][T20067] comedi: valid board names for pcl818 driver are:
[  836.248663][T20067]  pcl818l
[  836.250213][T20067]  pcl818h
[  836.251697][T20067]  pcl818hd
[  836.253272][T20067]  pcl818hg
[  836.255118][T20067]  pcl818
[  836.256651][T20067]  pcl718
[  836.258083][T20067]  pcm3718
[  836.259510][T20067] comedi: valid board names for pcl816 driver are:
[  836.262630][T20067]  pcl816
[  836.264240][T20067]  pcl814b
[  836.265906][T20067] comedi: valid board names for pcl812 driver are:
[  836.269030][T20067]  pcl812
[  836.270584][T20067]  pcl812pg
[  836.272201][T20067]  acl8112pg
[  836.273789][T20067]  acl8112dg
[  836.275523][T20067]  acl8112hg
[  836.277150][T20067]  a821pgl
[  836.278745][T20067]  a821pglnda
[  836.280690][T20067]  a821pgh
[  836.282383][T20067]  a822pgl
[  836.283950][T20067]  a822pgh
[  836.285480][T20067]  a823pgl
[  836.287099][T20067]  a823pgh
[  836.288690][T20067]  pcl813
[  836.290252][T20067]  pcl813b
[  836.291905][T20067]  acl8113
[  836.293498][T20067]  iso813
[  836.295127][T20067]  acl8216
[  836.296702][T20067]  a826pg
[  836.298201][T20067] comedi: valid board names for pcl730 driver are:
[  836.301167][T20067]  pcl730
[  836.302730][T20067]  iso730
[  836.304261][T20067]  acl7130
[  836.305791][T20067]  pcm3730
[  836.307311][T20067]  pcl725
[  836.308785][T20067]  p8r8dio
[  836.310320][T20067]  acl7225b
[  836.311934][T20067]  p16r16dio
[  836.313636][T20067]  pcl733
[  836.315280][T20067]  pcl734
[  836.316908][T20067]  opmm-1616-xt
[  836.318595][T20067]  pearl-mm-p
[  836.320336][T20067]  ir104-pbf
[  836.322122][T20067] comedi: valid board names for pcl726 driver are:
[  836.325106][T20067]  pcl726
[  836.326393][T20067]  pcl727
[  836.327309][T20067]  pcl728
[  836.328282][T20067]  acl6126
[  836.329238][T20067]  acl6128
[  836.330387][T20067] comedi: valid board names for pcl724 driver are:
[  836.332686][T20067]  pcl724
[  836.333841][T20067]  pcl722
[  836.335267][T20067]  pcl731
[  836.336443][T20067]  acl7122
[  836.337883][T20067]  acl7124
[  836.339320][T20067]  pet48dio
[  836.340513][T20067]  pcmio48
[  836.341633][T20067]  onyx-mm-dio
[  836.342973][T20067] comedi: valid board names for pcl711 driver are:
[  836.345221][T20067]  pcl711
[  836.346400][T20067]  pcl711b
[  836.347545][T20067]  acl8112hg
[  836.348815][T20067]  acl8112dg
[  836.350103][T20067] comedi: valid board names for amplc_pc263 driver are:
[  836.352788][T20067]  pc263
[  836.353950][T20067] comedi: valid board names for amplc_pc236 driver are:
[  836.356553][T20067]  pc36at
[  836.357703][T20067] comedi: valid board names for amplc_dio200 driver are:
[  836.360366][T20067]  pc212e
[  836.361460][T20067]  pc214e
[  836.362641][T20067]  pc215e
[  836.363757][T20067]  pc218e
[  836.364901][T20067]  pc272e
[  836.366021][T20067] comedi: valid board names for comedi_parport driver are:
[  836.368514][T20067]  comedi_parport
[  836.369820][T20067] comedi: valid board names for comedi_test driver are:
[  836.372261][T20067]  comedi_test
[  836.373507][T20067] comedi: valid board names for comedi_bond driver are:
[  836.375937][T20067]  comedi_bond
[  836.522090][T20074] 9pnet_virtio: no channels available for device syz
[  836.526151][T20074] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  836.529657][T20074] overlayfs: overlapping lowerdir path
[  836.815488][T13997] usb usb46-port1: attempt power cycle
[  837.434771][T13997] usb usb46-port1: unable to enumerate USB device
[  837.484575][T20095] netlink: 'syz.1.3909': attribute type 21 has an invalid length.
[  837.487248][T20095] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3909'.
[  837.490958][T20095] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3909'.
[  837.544417][T20079] x_tables: duplicate underflow at hook 1
[  838.328840][T20108] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  838.331037][T20108] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  838.358213][T20108] vhci_hcd vhci_hcd.0: Device attached
[  838.632077][T13997] usb 42-1: SetAddress Request (77) to port 0
[  838.634766][T13997] usb 42-1: new SuperSpeed USB device number 77 using vhci_hcd
[  838.967533][T20109] vhci_hcd: connection reset by peer
[  838.970223][ T8327] vhci_hcd vhci_hcd.2: stop threads
[  838.972688][ T8327] vhci_hcd vhci_hcd.2: release socket
[  838.974732][ T8327] vhci_hcd vhci_hcd.2: disconnect device
[  839.397650][T20135] FAULT_INJECTION: forcing a failure.
[  839.397650][T20135] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  839.402835][T20135] CPU: 0 UID: 0 PID: 20135 Comm: syz.4.3920 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  839.402855][T20135] Tainted: [L]=SOFTLOCKUP
[  839.402859][T20135] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  839.402867][T20135] Call Trace:
[  839.402871][T20135]  <TASK>
[  839.402882][T20135]  dump_stack_lvl+0x16c/0x1f0
[  839.402903][T20135]  should_fail_ex+0x512/0x640
[  839.402919][T20135]  _copy_to_user+0x32/0xd0
[  839.402933][T20135]  simple_read_from_buffer+0xcb/0x170
[  839.402950][T20135]  proc_fail_nth_read+0x197/0x240
[  839.402969][T20135]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  839.402988][T20135]  ? rw_verify_area+0xcf/0x6c0
[  839.403003][T20135]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  839.403021][T20135]  vfs_read+0x1e4/0xcf0
[  839.403038][T20135]  ? __pfx___mutex_lock+0x10/0x10
[  839.403057][T20135]  ? __pfx_vfs_read+0x10/0x10
[  839.403071][T20135]  ? find_held_lock+0x2b/0x80
[  839.403090][T20135]  ? __fget_files+0x20e/0x3c0
[  839.403110][T20135]  ksys_read+0x12a/0x250
[  839.403126][T20135]  ? __pfx_ksys_read+0x10/0x10
[  839.403147][T20135]  __do_fast_syscall_32+0xe8/0x680
[  839.403167][T20135]  do_fast_syscall_32+0x32/0x80
[  839.403177][T20135]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  839.403191][T20135] RIP: 0023:0xf7fe4579
[  839.403201][T20135] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  839.403212][T20135] RSP: 002b:00000000f54d6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  839.403224][T20135] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f54d6620
[  839.403231][T20135] RDX: 000000000000000f RSI: 00000000f7476ff4 RDI: 0000000000000000
[  839.403237][T20135] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  839.403244][T20135] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  839.403250][T20135] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  839.403264][T20135]  </TASK>
[  839.511246][T20137] 0xfffffffffffffffd-0x000000020000 : ""
[  839.514205][T20137] mtd: partition "" is out of reach -- disabled
[  839.528019][T20137] ftl_cs: FTL header not found.
[  839.570308][T20140] raw_sendmsg: syz.1.3918 forgot to set AF_INET. Fix it!
[  839.838451][T20153] FAULT_INJECTION: forcing a failure.
[  839.838451][T20153] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  839.844009][T20153] CPU: 2 UID: 0 PID: 20153 Comm: syz.3.3927 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  839.844035][T20153] Tainted: [L]=SOFTLOCKUP
[  839.844040][T20153] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  839.844064][T20153] Call Trace:
[  839.844069][T20153]  <TASK>
[  839.844075][T20153]  dump_stack_lvl+0x16c/0x1f0
[  839.844109][T20153]  should_fail_ex+0x512/0x640
[  839.844128][T20153]  ? __pfx_compat_drm_wait_vblank+0x10/0x10
[  839.844148][T20153]  _copy_from_user+0x2e/0xd0
[  839.844164][T20153]  compat_drm_wait_vblank+0xbf/0x1b0
[  839.844183][T20153]  ? __pfx_compat_drm_wait_vblank+0x10/0x10
[  839.844206][T20153]  ? hook_file_ioctl_common+0x144/0x410
[  839.844233][T20153]  drm_compat_ioctl+0x29b/0x460
[  839.844252][T20153]  ? __pfx_drm_compat_ioctl+0x10/0x10
[  839.844267][T20153]  __ia32_compat_sys_ioctl+0x242/0x370
[  839.844284][T20153]  __do_fast_syscall_32+0xe8/0x680
[  839.844327][T20153]  do_fast_syscall_32+0x32/0x80
[  839.844342][T20153]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  839.844363][T20153] RIP: 0023:0xf7ff1579
[  839.844377][T20153] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  839.844393][T20153] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  839.844411][T20153] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c018643a
[  839.844422][T20153] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[  839.844432][T20153] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  839.844442][T20153] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  839.844451][T20153] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  839.844466][T20153]  </TASK>
[  839.966162][T20157] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3928'.
[  840.386367][T20165] 0xfffffffffffffffd-0x000000020000 : ""
[  840.389320][T20165] mtd: partition "" is out of reach -- disabled
[  840.397871][T20165] ftl_cs: FTL header not found.
[  840.411196][T20168] ptrace attach of "/syz-executor exec"[20171] was attempted by "/syz-executor exec"[20168]
[  840.450978][T20172] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  840.454091][T20172] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  840.478802][T20172] vhci_hcd vhci_hcd.0: Device attached
[  840.532652][ T5957] Bluetooth: hci1: unexpected event for opcode 0x0c1b
[  840.641153][T20184] FAULT_INJECTION: forcing a failure.
[  840.641153][T20184] name failslab, interval 1, probability 0, space 0, times 0
[  840.646863][T20184] CPU: 3 UID: 0 PID: 20184 Comm: syz.2.3938 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  840.646894][T20184] Tainted: [L]=SOFTLOCKUP
[  840.646901][T20184] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  840.646913][T20184] Call Trace:
[  840.646921][T20184]  <TASK>
[  840.646929][T20184]  dump_stack_lvl+0x16c/0x1f0
[  840.646962][T20184]  should_fail_ex+0x512/0x640
[  840.646983][T20184]  ? __kmalloc_cache_noprof+0x5f/0x800
[  840.647007][T20184]  should_failslab+0xc2/0x120
[  840.647035][T20184]  __kmalloc_cache_noprof+0x80/0x800
[  840.647056][T20184]  ? snd_pcm_oss_change_params_locked+0x86d/0x3ab0
[  840.647076][T20184]  ? _snd_pcm_hw_param_min+0x259/0x630
[  840.647108][T20184]  ? snd_pcm_oss_change_params_locked+0x86d/0x3ab0
[  840.647127][T20184]  snd_pcm_oss_change_params_locked+0x86d/0x3ab0
[  840.647149][T20184]  ? __mutex_lock+0x27b/0x1ca0
[  840.647180][T20184]  ? __mutex_lock+0x27b/0x1ca0
[  840.647211][T20184]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[  840.647241][T20184]  ? __pfx___mutex_lock+0x10/0x10
[  840.647268][T20184]  ? snd_pcm_oss_set_channels+0x1f8/0x370
[  840.647306][T20184]  snd_pcm_oss_get_active_substream+0x168/0x1d0
[  840.647330][T20184]  snd_pcm_oss_set_channels+0x23a/0x370
[  840.647350][T20184]  ? __pfx_snd_pcm_oss_set_channels+0x10/0x10
[  840.647366][T20184]  ? __might_fault+0x13b/0x190
[  840.647394][T20184]  snd_pcm_oss_ioctl+0x21c6/0x37f0
[  840.647414][T20184]  ? find_held_lock+0x2b/0x80
[  840.647438][T20184]  ? hook_file_ioctl_common+0x144/0x410
[  840.647461][T20184]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  840.647482][T20184]  ? __fget_files+0x20e/0x3c0
[  840.647507][T20184]  ? __fput_deferred+0x430/0x480
[  840.647530][T20184]  ? __pfx_snd_pcm_oss_ioctl_compat+0x10/0x10
[  840.647551][T20184]  __ia32_compat_sys_ioctl+0x242/0x370
[  840.647579][T20184]  __do_fast_syscall_32+0xe8/0x680
[  840.647610][T20184]  do_fast_syscall_32+0x32/0x80
[  840.647627][T20184]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  840.647649][T20184] RIP: 0023:0xf701d579
[  840.647664][T20184] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  840.647682][T20184] RSP: 002b:00000000f53cb55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  840.647701][T20184] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0045006
[  840.647713][T20184] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000
[  840.647725][T20184] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  840.647735][T20184] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  840.647746][T20184] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  840.647771][T20184]  </TASK>
[  840.974992][T20193] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3939'.
[  841.162331][T20175] vhci_hcd: connection reset by peer
[  841.212307][T20197] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  841.215132][T20197] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  841.219193][T20197] vhci_hcd vhci_hcd.0: Device attached
[  841.221730][   T89] vhci_hcd vhci_hcd.3: stop threads
[  841.224675][   T89] vhci_hcd vhci_hcd.3: release socket
[  841.226977][   T89] vhci_hcd vhci_hcd.3: disconnect device
[  841.228948][  T841] usb 44-1: device descriptor read/8, error -110
[  841.247981][T20198] vhci_hcd: connection closed
[  841.248338][ T1176] vhci_hcd vhci_hcd.4: stop threads
[  841.252367][ T1176] vhci_hcd vhci_hcd.4: release socket
[  841.255666][ T1176] vhci_hcd vhci_hcd.4: disconnect device
[  841.660158][  T841] usb usb44-port1: unable to enumerate USB device
[  841.663965][T20207] FAULT_INJECTION: forcing a failure.
[  841.663965][T20207] name failslab, interval 1, probability 0, space 0, times 0
[  841.672266][T20207] CPU: 0 UID: 0 PID: 20207 Comm: syz.1.3943 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  841.672284][T20207] Tainted: [L]=SOFTLOCKUP
[  841.672288][T20207] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  841.672296][T20207] Call Trace:
[  841.672300][T20207]  <TASK>
[  841.672305][T20207]  dump_stack_lvl+0x16c/0x1f0
[  841.672326][T20207]  should_fail_ex+0x512/0x640
[  841.672339][T20207]  ? kmem_cache_alloc_noprof+0x62/0x770
[  841.672356][T20207]  should_failslab+0xc2/0x120
[  841.672373][T20207]  kmem_cache_alloc_noprof+0x83/0x770
[  841.672387][T20207]  ? vm_area_dup+0x27/0x8d0
[  841.672400][T20207]  ? __pfx_hugetlb_vm_op_split+0x10/0x10
[  841.672414][T20207]  ? vm_area_dup+0x27/0x8d0
[  841.672424][T20207]  vm_area_dup+0x27/0x8d0
[  841.672435][T20207]  ? __pfx_hugetlb_vm_op_split+0x10/0x10
[  841.672449][T20207]  __split_vma+0x18e/0x1050
[  841.672462][T20207]  ? hugetlb_vma_unlock_read+0xac/0x130
[  841.672477][T20207]  ? __pfx___split_vma+0x10/0x10
[  841.672497][T20207]  vma_modify+0x1069/0x2310
[  841.672528][T20207]  ? __pfx_vma_modify+0x10/0x10
[  841.672544][T20207]  vma_modify_policy+0x219/0x2d0
[  841.672558][T20207]  ? __pfx_vma_modify_policy+0x10/0x10
[  841.672581][T20207]  mbind_range+0x175/0x570
[  841.672594][T20207]  do_mbind+0x83a/0xf20
[  841.672610][T20207]  ? __pfx_do_mbind+0x10/0x10
[  841.672620][T20207]  ? find_held_lock+0x2b/0x80
[  841.672642][T20207]  ? __pfx_get_nodes+0x10/0x10
[  841.672657][T20207]  ? __fget_files+0x20e/0x3c0
[  841.672676][T20207]  kernel_mbind+0x1e3/0x1f0
[  841.672689][T20207]  ? __pfx_kernel_mbind+0x10/0x10
[  841.672701][T20207]  ? do_user_addr_fault+0x843/0x1370
[  841.672718][T20207]  __do_fast_syscall_32+0xe8/0x680
[  841.672738][T20207]  do_fast_syscall_32+0x32/0x80
[  841.672748][T20207]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  841.672762][T20207] RIP: 0023:0xf7fa6579
[  841.672771][T20207] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  841.672782][T20207] RSP: 002b:00000000f549655c EFLAGS: 00000296 ORIG_RAX: 0000000000000112
[  841.672794][T20207] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000600000
[  841.672801][T20207] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  841.672807][T20207] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  841.672814][T20207] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  841.672820][T20207] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  841.672834][T20207]  </TASK>
[  841.966257][T20210] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3942'.
[  842.027039][T20212] FAULT_INJECTION: forcing a failure.
[  842.027039][T20212] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  842.032703][T20212] CPU: 3 UID: 0 PID: 20212 Comm: syz.4.3944 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  842.032723][T20212] Tainted: [L]=SOFTLOCKUP
[  842.032727][T20212] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  842.032735][T20212] Call Trace:
[  842.032739][T20212]  <TASK>
[  842.032744][T20212]  dump_stack_lvl+0x16c/0x1f0
[  842.032767][T20212]  should_fail_ex+0x512/0x640
[  842.032783][T20212]  _copy_from_user+0x2e/0xd0
[  842.032797][T20212]  kstrtouint_from_user+0xd6/0x1d0
[  842.032816][T20212]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  842.032833][T20212]  ? __lock_acquire+0x436/0x2890
[  842.032851][T20212]  proc_fail_nth_write+0x83/0x220
[  842.032864][T20212]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  842.032879][T20212]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  842.032890][T20212]  vfs_write+0x2a0/0x11d0
[  842.032909][T20212]  ? __pfx___mutex_lock+0x10/0x10
[  842.032929][T20212]  ? __pfx_vfs_write+0x10/0x10
[  842.032945][T20212]  ? find_held_lock+0x2b/0x80
[  842.032964][T20212]  ? __fget_files+0x20e/0x3c0
[  842.032985][T20212]  ksys_write+0x12a/0x250
[  842.033002][T20212]  ? __pfx_ksys_write+0x10/0x10
[  842.033023][T20212]  __do_fast_syscall_32+0xe8/0x680
[  842.033043][T20212]  do_fast_syscall_32+0x32/0x80
[  842.033060][T20212]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  842.033075][T20212] RIP: 0023:0xf7fe4579
[  842.033085][T20212] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  842.033097][T20212] RSP: 002b:00000000f54d6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  842.033109][T20212] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f54d6620
[  842.033116][T20212] RDX: 0000000000000001 RSI: 00000000f7476ff4 RDI: 0000000000000000
[  842.033123][T20212] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  842.033130][T20212] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  842.033136][T20212] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  842.033151][T20212]  </TASK>
[  842.480998][T20223] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3948'.
[  842.588839][T20225] netlink: 68 bytes leftover after parsing attributes in process `syz.1.3949'.
[  843.121256][T20243] random: crng reseeded on system resumption
[  843.539333][T20250] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  843.541639][T20250] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  843.544439][T20250] vhci_hcd vhci_hcd.0: Device attached
[  843.568306][T20250] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3957'.
[  843.628612][T20254] vhci_hcd: connection closed
[  843.631983][ T1143] vhci_hcd vhci_hcd.3: stop threads
[  843.634952][T20258] loop5: detected capacity change from 0 to 7
[  843.636491][ T1143] vhci_hcd vhci_hcd.3: release socket
[  843.636513][ T1143] vhci_hcd vhci_hcd.3: disconnect device
[  843.702166][T20259] tipc: Enabling of bearer <eth:syzkaller0> rejected, failed to enable media
[  843.702675][T13997] usb 42-1: device descriptor read/8, error -110
[  843.828110][T18815] Dev loop5: unable to read RDB block 7
[  843.830169][T18815]  loop5: unable to read partition table
[  843.832640][T18815] loop5: partition table beyond EOD, truncated
[  843.848049][T20271] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3963'.
[  843.967732][T20258] Dev loop5: unable to read RDB block 7
[  843.970163][T20258]  loop5: unable to read partition table
[  843.972786][T20258] loop5: partition table beyond EOD, truncated
[  843.982355][T20258] loop_reread_partitions: partition scan of loop5 (úùƒå¡™‰ü�¾CêjÌ–ã¢P=ý?ã}X‹ºÐ	œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö�˜Èµ4FLQkÝŠ) failed (rc=-5)
[  844.159162][T13997] usb usb42-port1: attempt power cycle
[  844.204318][T20279] netlink: 'syz.1.3966': attribute type 11 has an invalid length.
[  844.473049][T20282] netlink: 'syz.4.3965': attribute type 10 has an invalid length.
[  844.518590][T20282] batman_adv: batadv0: Adding interface: team0
[  844.520893][T20282] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  844.532981][T20282] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  844.762814][T13997] usb usb42-port1: unable to enumerate USB device
[  845.040190][T20289] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  845.049491][T20289] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  845.051755][T20289] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  845.054894][T20289] vhci_hcd vhci_hcd.0: Device attached
[  845.479474][T20291] vhci_hcd: connection closed
[  845.479775][ T4727] vhci_hcd vhci_hcd.3: stop threads
[  845.483289][ T4727] vhci_hcd vhci_hcd.3: release socket
[  845.485262][ T4727] vhci_hcd vhci_hcd.3: disconnect device
[  846.094765][T20302] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3972'.
[  846.437855][T20309] random: crng reseeded on system resumption
[  846.812058][T20322] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3976'.
[  846.877029][T20324] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  847.123036][T20333] ata1.00: invalid multi_count 1 ignored
[  847.166760][T20333] ata1.00: invalid multi_count 1 ignored
[  847.205022][T20333] ata1.00: invalid multi_count 1 ignored
[  847.244127][  T124] ata1.00: invalid multi_count 1 ignored
[  847.303192][T20333] ata1.00: invalid multi_count 1 ignored
[  847.363168][T20333] ata1.00: invalid multi_count 1 ignored
[  847.407424][T20333] ata1.00: invalid multi_count 1 ignored
[  847.465248][T20333] ata1.00: invalid multi_count 1 ignored
[  847.472629][T20341] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3982'.
[  847.503588][T20333] ata1.00: invalid multi_count 1 ignored
[  847.543486][T20333] ata1.00: invalid multi_count 1 ignored
[  847.591263][T20333] ata1.00: invalid multi_count 1 ignored
[  847.674410][T20333] ata1.00: invalid multi_count 1 ignored
[  847.724078][   T68] ata1.00: invalid multi_count 1 ignored
[  847.773736][   T68] ata1.00: invalid multi_count 1 ignored
[  847.813297][   T68] ata1.00: invalid multi_count 1 ignored
[  847.853263][   T68] ata1.00: invalid multi_count 1 ignored
[  847.894515][T20333] ata1.00: invalid multi_count 1 ignored
[  847.903949][   T68] ata1.00: invalid multi_count 1 ignored
[  847.963639][   T68] ata1.00: invalid multi_count 1 ignored
[  848.017702][   T68] ata1.00: invalid multi_count 1 ignored
[  848.055534][T20349] 0xfffffffffffffffd-0x000000020000 : ""
[  848.057547][T20349] mtd: partition "" is out of reach -- disabled
[  848.063796][T20349] ftl_cs: FTL header not found.
[  848.543987][T20370] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3991'.
[  848.751478][T20388] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3997'.
[  848.957170][T20405] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4002'.
[  849.441948][T20415] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4004'.
[  849.871880][ T5957] Bluetooth: hci2: command tx timeout
[  850.496673][T20423] random: crng reseeded on system resumption
[  850.778454][T20431] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4008'.
[  850.788781][T20431] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4008'.
[  850.868646][T20432] trusted_key: encrypted_key: insufficient parameters specified
[  851.057097][T20434] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4010'.
[  851.062076][T20434] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4010'.
[  851.353881][T20438] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4019'.
[  851.367782][T20438] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4019'.
[  852.847513][   T40] audit: type=1326 audit(1766862269.886:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20462 comm="syz.1.4022" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fa6579 code=0x0
[  853.179365][T20470] syz_tun: left promiscuous mode
[  853.285433][T20471] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  853.288379][T20471] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  853.294602][T20471] vhci_hcd vhci_hcd.0: Device attached
[  853.373954][T20474] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  853.376129][T20474] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  853.450902][T20474] vhci_hcd vhci_hcd.0: Device attached
[  853.623088][  T841] usb 44-1: SetAddress Request (70) to port 0
[  853.626859][  T841] usb 44-1: new SuperSpeed USB device number 70 using vhci_hcd
[  853.722434][T13997] usb 42-1: SetAddress Request (81) to port 0
[  853.725172][T13997] usb 42-1: new SuperSpeed USB device number 81 using vhci_hcd
[  853.749586][T20490] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4027'.
[  853.853232][T20497] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4037'.
[  854.264089][T20472] vhci_hcd: connection reset by peer
[  854.281774][ T6128] vhci_hcd vhci_hcd.3: stop threads
[  854.283708][ T6128] vhci_hcd vhci_hcd.3: release socket
[  854.289945][ T6128] vhci_hcd vhci_hcd.3: disconnect device
[  854.429451][T20475] vhci_hcd: connection reset by peer
[  854.431579][ T8335] vhci_hcd vhci_hcd.2: stop threads
[  854.433519][ T8335] vhci_hcd vhci_hcd.2: release socket
[  854.435674][ T8335] vhci_hcd vhci_hcd.2: disconnect device
[  855.774979][T20513] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4034'.
[  855.979109][T20522] 9pnet_virtio: no channels available for device syz
[  855.983253][T20522] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  855.986071][T20522] overlayfs: overlapping lowerdir path
[  856.089925][T20523] random: crng reseeded on system resumption
[  856.310376][T20527] netlink: 56 bytes leftover after parsing attributes in process `syz.1.4043'.
[  856.554035][T20530] 0xfffffffffffffffd-0x000000020000 : ""
[  856.556475][T20530] mtd: partition "" is out of reach -- disabled
[  856.560380][T20530] ftl_cs: FTL header not found.
[  856.984110][T20537] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4041'.
[  857.000213][T20538] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[  857.002459][T20538] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  857.006856][T20538] vhci_hcd vhci_hcd.0: Device attached
[  857.544919][T20545] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  857.547830][T20545] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  857.555491][T20545] vhci_hcd vhci_hcd.0: Device attached
[  857.832820][   T29] usb 40-1: SetAddress Request (84) to port 0
[  857.838285][   T29] usb 40-1: new SuperSpeed USB device number 84 using vhci_hcd
[  857.876169][T20539] vhci_hcd: connection closed
[  857.910766][ T4727] vhci_hcd vhci_hcd.3: stop threads
[  857.914455][ T4727] vhci_hcd vhci_hcd.3: release socket
[  857.916604][ T4727] vhci_hcd vhci_hcd.3: disconnect device
[  858.198340][T20548] vhci_hcd: connection reset by peer
[  858.216492][ T1143] vhci_hcd vhci_hcd.1: stop threads
[  858.219328][ T1143] vhci_hcd vhci_hcd.1: release socket
[  858.222416][ T1143] vhci_hcd vhci_hcd.1: disconnect device
[  858.297224][T20544] syz.3.4040 (20544): drop_caches: 1
[  858.355008][T20544] syz.3.4040 (20544): drop_caches: 1
[  858.397076][T20553] 0xfffffffffffffffd-0x000000020000 : ""
[  858.399698][T20553] mtd: partition "" is out of reach -- disabled
[  858.410416][T20553] ftl_cs: FTL header not found.
[  858.668131][  T841] usb 44-1: device descriptor read/8, error -110
[  858.832761][T13997] usb 42-1: device descriptor read/8, error -110
[  858.885240][T20561] can: request_module (can-proto-0) failed.
[  858.995988][T20565] netlink: 'syz.1.4047': attribute type 10 has an invalid length.
[  858.999750][T20565] 8021q: adding VLAN 0 to HW filter on device bond0
[  859.003361][T20565] team0: Port device bond0 added
[  859.009850][T20565] netlink: 23272 bytes leftover after parsing attributes in process `syz.1.4047'.
[  859.088656][  T841] usb usb44-port1: attempt power cycle
[  859.152823][T20568] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  859.155553][T20568] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  859.159367][T20568] vhci_hcd vhci_hcd.0: Device attached
[  859.316480][T13997] usb 42-1: SetAddress Request (82) to port 0
[  859.319724][T13997] usb 42-1: new SuperSpeed USB device number 82 using vhci_hcd
[  859.380819][T20575] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4049'.
[  859.664530][  T841] usb usb44-port1: unable to enumerate USB device
[  859.855974][T20569] vhci_hcd: connection reset by peer
[  859.972175][   T89] vhci_hcd vhci_hcd.2: stop threads
[  859.975213][   T89] vhci_hcd vhci_hcd.2: release socket
[  859.979098][   T89] vhci_hcd vhci_hcd.2: disconnect device
[  860.412843][T20580] FAULT_INJECTION: forcing a failure.
[  860.412843][T20580] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  860.419459][T20580] CPU: 1 UID: 0 PID: 20580 Comm: syz.1.4051 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  860.419479][T20580] Tainted: [L]=SOFTLOCKUP
[  860.419483][T20580] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  860.419490][T20580] Call Trace:
[  860.419495][T20580]  <TASK>
[  860.419500][T20580]  dump_stack_lvl+0x16c/0x1f0
[  860.419521][T20580]  should_fail_ex+0x512/0x640
[  860.419537][T20580]  _copy_from_user+0x2e/0xd0
[  860.419551][T20580]  do_tcp_setsockopt+0x237c/0x2c10
[  860.419568][T20580]  ? __pfx_do_tcp_setsockopt+0x10/0x10
[  860.419584][T20580]  ? __pfx___might_resched+0x10/0x10
[  860.419603][T20580]  ? aa_sk_perm+0x2f2/0xae0
[  860.419617][T20580]  ? ksys_write+0x190/0x250
[  860.419634][T20580]  ? __pfx_aa_sk_perm+0x10/0x10
[  860.419648][T20580]  ? find_held_lock+0x2b/0x80
[  860.419671][T20580]  tcp_setsockopt+0xe2/0x100
[  860.419685][T20580]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  860.419705][T20580]  do_sock_setsockopt+0xf3/0x1d0
[  860.419723][T20580]  __sys_setsockopt+0x120/0x1a0
[  860.419739][T20580]  __ia32_sys_setsockopt+0xbc/0x160
[  860.419752][T20580]  ? __do_fast_syscall_32+0x9a/0x680
[  860.419770][T20580]  ? lockdep_hardirqs_on+0x7c/0x110
[  860.419790][T20580]  __do_fast_syscall_32+0xe8/0x680
[  860.419812][T20580]  do_fast_syscall_32+0x32/0x80
[  860.419822][T20580]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  860.419836][T20580] RIP: 0023:0xf7fa6579
[  860.419845][T20580] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  860.419856][T20580] RSP: 002b:00000000f549655c EFLAGS: 00000296 ORIG_RAX: 000000000000016e
[  860.419867][T20580] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000006
[  860.419874][T20580] RDX: 0000000000000016 RSI: 0000000080000340 RDI: 0000000000000057
[  860.419881][T20580] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  860.419887][T20580] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  860.419893][T20580] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  860.419907][T20580]  </TASK>
[  860.638417][T20582] random: crng reseeded on system resumption
[  861.087139][T20593] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  861.089311][T20593] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  861.092248][T20593] vhci_hcd vhci_hcd.0: Device attached
[  861.150530][T20596] netlink: 'syz.1.4054': attribute type 10 has an invalid length.
[  861.154861][T20596] batman_adv: batadv0: Adding interface: team0
[  861.156990][T20596] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  861.170045][T20596] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  861.953754][T20594] vhci_hcd: connection closed
[  861.962297][ T8335] vhci_hcd vhci_hcd.2: stop threads
[  861.971968][ T8335] vhci_hcd vhci_hcd.2: release socket
[  861.974009][ T8335] vhci_hcd vhci_hcd.2: disconnect device
[  862.944267][T20613] netlink: 'syz.3.4060': attribute type 10 has an invalid length.
[  862.982198][   T29] usb 40-1: device descriptor read/8, error -110
[  863.005734][T20614] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4059'.
[  863.119356][T20615] netlink: 23272 bytes leftover after parsing attributes in process `syz.3.4060'.
[  863.420420][   T29] usb usb40-port1: attempt power cycle
[  863.501409][T20609] can: request_module (can-proto-0) failed.
[  864.292123][   T29] usb usb40-port1: unable to enumerate USB device
[  864.438905][T20613] 8021q: adding VLAN 0 to HW filter on device bond0
[  864.456621][T20613] team0: Port device bond0 added
[  864.491890][T13997] usb 42-1: device descriptor read/8, error -110
[  864.661432][T13997] usb usb42-port1: attempt power cycle
[  864.751724][T20621] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4061'.
[  865.223816][T13997] usb usb42-port1: unable to enumerate USB device
[  865.685356][T20630] random: crng reseeded on system resumption
[  866.221951][   T75] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  866.371886][   T75] usb 6-1: Using ep0 maxpacket: 8
[  866.374886][   T75] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  866.377759][   T75] usb 6-1: config 179 has no interface number 0
[  866.380638][   T75] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  866.385517][   T75] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  866.389943][   T75] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  866.394281][   T75] usb 6-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  866.398503][   T75] usb 6-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  866.404715][   T75] usb 6-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  866.408002][   T75] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  866.418515][T20641] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  866.666795][   T75] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:179.65/input/input63
[  866.817748][T20649] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  866.820156][T20649] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  866.839235][T20649] vhci_hcd vhci_hcd.0: Device attached
[  867.114279][T19785] usb 44-1: SetAddress Request (74) to port 0
[  867.116914][T19785] usb 44-1: new SuperSpeed USB device number 74 using vhci_hcd
[  867.572000][T20650] vhci_hcd: connection reset by peer
[  867.574735][ T4727] vhci_hcd vhci_hcd.3: stop threads
[  867.576654][ T4727] vhci_hcd vhci_hcd.3: release socket
[  867.578612][ T4727] vhci_hcd vhci_hcd.3: disconnect device
[  868.155320][T20663] netlink: 'syz.2.4068': attribute type 10 has an invalid length.
[  868.161317][T20663] batman_adv: batadv0: Adding interface: team0
[  868.164308][T20663] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  868.173831][T20663] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active
[  868.676348][T20670] netlink: 'syz.2.4072': attribute type 24 has an invalid length.
[  868.679051][T20670] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4072'.
[  868.697414][T20670] bond1: option ad_actor_sys_prio: invalid value (0)
[  868.699960][T20670] bond1: option ad_actor_sys_prio: allowed values 1 - 65535
[  868.712918][T20670] bond1 (unregistering): Released all slaves
[  868.753875][T20672] netlink: 'syz.2.4072': attribute type 21 has an invalid length.
[  868.756597][T20672] IPv6: NLM_F_CREATE should be specified when creating new route
[  868.759281][T20672] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  868.761701][T20672] IPv6: NLM_F_CREATE should be set when creating new route
[  868.764142][T20672] IPv6: NLM_F_CREATE should be set when creating new route
[  868.766541][T20672] IPv6: NLM_F_CREATE should be set when creating new route
[  868.771117][T20672] netlink: 'syz.2.4072': attribute type 21 has an invalid length.
[  868.773969][T20672] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  869.153112][  T841] usb 6-1: USB disconnect, device number 17
[  869.153340][    C3] xpad 6-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  869.158324][    C3] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  869.294343][T20688] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  869.296923][T20688] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  869.311121][T20688] vhci_hcd vhci_hcd.0: Device attached
[  869.312309][T20685] random: crng reseeded on system resumption
[  869.592373][  T841] usb 42-1: SetAddress Request (85) to port 0
[  869.595878][  T841] usb 42-1: new SuperSpeed USB device number 85 using vhci_hcd
[  869.852423][T20695] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4078'.
[  870.335158][T20689] vhci_hcd: connection reset by peer
[  870.339087][   T61] vhci_hcd vhci_hcd.2: stop threads
[  870.341631][   T61] vhci_hcd vhci_hcd.2: release socket
[  870.350160][   T61] vhci_hcd vhci_hcd.2: disconnect device
[  870.472369][T20704] program syz.1.4080 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  870.591934][   T29] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  870.743665][   T29] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  870.748514][   T29] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  870.755006][   T29] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  870.759165][   T29] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  870.766422][T20700] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  870.773239][   T29] usb 9-1: Quirk or no altset; falling back to MIDI 1.0
[  870.928411][T20708] overlay: ./file0 is not a directory
[  870.961908][ T1025] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  871.074080][T20711] netlink: 'syz.2.4084': attribute type 10 has an invalid length.
[  871.231940][ T1025] usb 6-1: Using ep0 maxpacket: 8
[  871.242266][ T1025] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  871.245861][ T1025] usb 6-1: config 0 has no interface number 0
[  871.383059][ T1025] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  871.388007][ T1025] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  871.393584][ T1025] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  871.414510][ T1025] usb 6-1: config 0 descriptor??
[  871.423781][ T1025] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  871.455953][T20720] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  871.458101][T20720] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  871.460995][T20720] vhci_hcd vhci_hcd.0: Device attached
[  871.537055][T20723] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  871.539273][T20723] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  871.542648][T20723] vhci_hcd vhci_hcd.0: Device attached
[  871.606322][T20720] team0: Port device bond0 removed
[  871.629051][T20720] batman_adv: batadv0: Removing interface: team0
[  871.650790][T20720] bridge_slave_0: left allmulticast mode
[  871.657446][T20720] bridge_slave_0: left promiscuous mode
[  871.659632][T20720] bridge0: port 1(bridge_slave_0) entered disabled state
[  871.669228][T20720] bridge_slave_1: left allmulticast mode
[  871.671470][T20720] bridge_slave_1: left promiscuous mode
[  871.673858][T20720] bridge0: port 2(bridge_slave_1) entered disabled state
[  871.684020][T20720] bond0: (slave bond_slave_0): Releasing backup interface
[  871.690785][T20720] bond0: (slave bond_slave_1): Releasing backup interface
[  871.751219][T20720] team0: Port device team_slave_0 removed
[  871.763293][T13997] usb 9-1: USB disconnect, device number 6
[  871.810115][T20720] team0: Port device team_slave_1 removed
[  871.833497][T20720] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  871.836860][T20720] batman_adv: batadv0: Removing interface: batadv_slave_0
[  871.865422][T20720] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  871.868449][T20720] batman_adv: batadv0: Removing interface: batadv_slave_1
[  871.933128][T20720] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  872.036312][T20731] bridge0: port 2(bridge_slave_1) entered disabled state
[  872.039865][T20731] bridge0: port 1(bridge_slave_0) entered disabled state
[  872.048246][T20728] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4087'.
[  872.110790][T20731] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  872.122026][T20731] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  872.211583][T20732] geneve2: entered promiscuous mode
[  872.227130][T20728] macvlan2: entered allmulticast mode
[  872.229059][T20728] macsec0: entered allmulticast mode
[  872.295570][T20721] vhci_hcd: connection reset by peer
[  872.297637][ T8334] vhci_hcd vhci_hcd.3: stop threads
[  872.300093][ T8334] vhci_hcd vhci_hcd.3: release socket
[  872.310482][ T8334] vhci_hcd vhci_hcd.3: disconnect device
[  872.323428][T19785] usb 44-1: device descriptor read/8, error -110
[  872.363090][T20724] vhci_hcd: connection closed
[  872.364233][ T1176] vhci_hcd vhci_hcd.2: stop threads
[  872.368592][ T1176] vhci_hcd vhci_hcd.2: release socket
[  872.374338][ T1176] vhci_hcd vhci_hcd.2: disconnect device
[  872.621116][T20736] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  872.623850][T20736] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  872.651370][T20736] vhci_hcd vhci_hcd.0: Device attached
[  872.674603][   T75] usb 6-1: USB disconnect, device number 18
[  872.712696][T19785] usb usb44-port1: attempt power cycle
[  872.912037][   T53] usb 46-1: SetAddress Request (10) to port 0
[  872.914833][   T53] usb 46-1: new SuperSpeed USB device number 10 using vhci_hcd
[  873.237448][T20737] vhci_hcd: connection reset by peer
[  873.239911][ T4727] vhci_hcd vhci_hcd.4: stop threads
[  873.251912][ T4727] vhci_hcd vhci_hcd.4: release socket
[  873.254764][ T4727] vhci_hcd vhci_hcd.4: disconnect device
[  873.285711][T19785] usb usb44-port1: unable to enumerate USB device
[  873.454932][T20750] random: crng reseeded on system resumption
[  874.199715][T20768] netlink: 'syz.3.4099': attribute type 10 has an invalid length.
[  874.205295][T20768] syz_tun: entered promiscuous mode
[  874.213188][T20768] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  874.405700][ T1025] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  874.570106][T20773] netlink: 'syz.3.4108': attribute type 10 has an invalid length.
[  874.671932][  T841] usb 42-1: device descriptor read/8, error -110
[  874.826104][ T1418] ieee802154 phy0 wpan0: encryption failed: -22
[  874.829233][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
[  874.912120][ T1025] usb 9-1: too many configurations: 9, using maximum allowed: 8
[  874.942734][ T1025] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  874.942767][ T1025] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  874.942783][ T1025] usb 9-1: config 0 interface 0 has no altsetting 0
[  874.944443][ T1025] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  874.959884][ T1025] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  874.960101][ T1025] usb 9-1: config 0 interface 0 has no altsetting 0
[  874.969875][ T1025] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  874.974463][T20777] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  874.974475][ T1025] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  874.974483][T20777] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  874.974498][ T1025] usb 9-1: config 0 interface 0 has no altsetting 0
[  874.974755][T20777] vhci_hcd vhci_hcd.0: Device attached
[  874.987205][ T1025] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  874.995822][ T1025] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  874.995841][ T1025] usb 9-1: config 0 interface 0 has no altsetting 0
[  874.997765][ T1025] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  875.009449][ T1025] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  875.009468][ T1025] usb 9-1: config 0 interface 0 has no altsetting 0
[  875.012192][ T1025] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  875.018581][ T1025] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  875.018599][ T1025] usb 9-1: config 0 interface 0 has no altsetting 0
[  875.044808][ T1025] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  875.044836][ T1025] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  875.044851][ T1025] usb 9-1: config 0 interface 0 has no altsetting 0
[  875.045033][T20777] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check.
[  875.062091][ T1025] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 9
[  875.062119][ T1025] usb 9-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  875.062134][ T1025] usb 9-1: config 0 interface 0 has no altsetting 0
[  875.075682][ T1025] usb 9-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  875.075701][ T1025] usb 9-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  875.075713][ T1025] usb 9-1: Product: syz
[  875.075722][ T1025] usb 9-1: Manufacturer: syz
[  875.075730][ T1025] usb 9-1: SerialNumber: syz
[  875.079700][ T1025] usb 9-1: config 0 descriptor??
[  875.097485][ T1025] yurex 9-1:0.0: USB YUREX device now attached to Yurex #0
[  875.131945][  T841] usb 42-1: SetAddress Request (86) to port 0
[  875.136866][  T841] usb 42-1: new SuperSpeed USB device number 86 using vhci_hcd
[  875.652343][    C0] usb 9-1: yurex_control_callback - control failed: -71
[  875.652482][T13997] usb 9-1: USB disconnect, device number 7
[  875.655472][T20780] yurex 9-1:0.0: yurex_write - failed to send bulk msg, error -19
[  875.658227][T13997] yurex 9-1:0.0: USB YUREX #0 now disconnected
[  875.692895][T20778] vhci_hcd: connection reset by peer
[  875.695689][ T8334] vhci_hcd vhci_hcd.2: stop threads
[  875.698028][ T8334] vhci_hcd vhci_hcd.2: release socket
[  875.700526][ T8334] vhci_hcd vhci_hcd.2: disconnect device
[  876.395588][T20788] program syz.2.4101 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  877.801880][T19785] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  878.001853][T19785] usb 7-1: Using ep0 maxpacket: 8
[  878.026966][   T53] usb 46-1: device descriptor read/8, error -110
[  878.080036][T19785] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  878.456756][T19785] usb 7-1: config 0 has no interface number 0
[  878.458842][T19785] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  878.462409][T19785] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  878.462995][   T53] usb usb46-port1: attempt power cycle
[  878.465336][T19785] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  878.471515][T19785] usb 7-1: config 0 descriptor??
[  878.476278][T19785] iowarrior 7-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  878.553546][T20803] random: crng reseeded on system resumption
[  879.033310][   T53] usb usb46-port1: unable to enumerate USB device
[  879.133310][T20812] tipc: New replicast peer: 255.255.255.255
[  879.136099][T20812] tipc: Enabled bearer <udp:syz2>, priority 10
[  879.145070][T20812] netlink: 56 bytes leftover after parsing attributes in process `syz.3.4115'.
[  879.663391][T20816] random: crng reseeded on system resumption
[  879.784858][   T53] usb 7-1: USB disconnect, device number 21
[  879.975431][T20822] random: crng reseeded on system resumption
[  880.142004][   T54] tipc: Node number set to 596001613
[  880.191978][  T841] usb 42-1: device descriptor read/8, error -110
[  880.302447][  T841] usb usb42-port1: attempt power cycle
[  880.922495][  T841] usb usb42-port1: unable to enumerate USB device
[  881.196618][T20843] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  881.199574][T20843] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  881.207559][T20843] vhci_hcd vhci_hcd.0: Device attached
[  881.505122][T19785] usb 46-1: SetAddress Request (14) to port 0
[  881.507603][T19785] usb 46-1: new SuperSpeed USB device number 14 using vhci_hcd
[  882.051545][T20849] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4119'.
[  882.275447][T20844] vhci_hcd: connection reset by peer
[  882.278673][   T89] vhci_hcd vhci_hcd.4: stop threads
[  882.280795][   T89] vhci_hcd vhci_hcd.4: release socket
[  882.286173][   T89] vhci_hcd vhci_hcd.4: disconnect device
[  882.849599][T20848] geneve2: entered promiscuous mode
[  883.526554][T20870] random: crng reseeded on system resumption
[  883.528123][T20872] netlink: 'syz.4.4125': attribute type 1 has an invalid length.
[  884.649922][T20883] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  884.652413][T20883] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  884.656015][T20883] vhci_hcd vhci_hcd.0: Device attached
[  884.756679][T20886] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  884.759231][T20886] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  884.764852][T20886] vhci_hcd vhci_hcd.0: Device attached
[  884.945824][  T841] usb 40-1: SetAddress Request (88) to port 0
[  884.949995][  T841] usb 40-1: new SuperSpeed USB device number 88 using vhci_hcd
[  884.955085][T20890] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4129'.
[  885.862935][T20884] vhci_hcd: connection reset by peer
[  885.882223][   T89] vhci_hcd vhci_hcd.1: stop threads
[  885.884556][   T89] vhci_hcd vhci_hcd.1: release socket
[  885.887266][   T89] vhci_hcd vhci_hcd.1: disconnect device
[  886.487105][   T89] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  886.500725][   T89] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  886.512082][   T89] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  886.516447][   T89] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  886.693822][T20887] vhci_hcd: connection reset by peer
[  886.696172][   T12] vhci_hcd vhci_hcd.4: stop threads
[  886.697926][   T12] vhci_hcd vhci_hcd.4: release socket
[  886.699897][T19785] usb 46-1: device descriptor read/8, error -110
[  886.700691][   T12] vhci_hcd vhci_hcd.4: disconnect device
[  887.651500][T19785] usb usb46-port1: attempt power cycle
[  887.737377][T20913] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  887.739598][T20913] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  887.743171][T20913] vhci_hcd vhci_hcd.0: Device attached
[  888.002177][T19785] usb 46-1: SetAddress Request (16) to port 0
[  888.005168][T19785] usb 46-1: new SuperSpeed USB device number 16 using vhci_hcd
[  888.347396][T20914] vhci_hcd: connection reset by peer
[  888.350048][ T8327] vhci_hcd vhci_hcd.4: stop threads
[  888.352541][ T8327] vhci_hcd vhci_hcd.4: release socket
[  888.355076][ T8327] vhci_hcd vhci_hcd.4: disconnect device
[  888.992793][T20919] 0xfffffffffffffffd-0x000000020000 : ""
[  888.995572][T20919] mtd: partition "" is out of reach -- disabled
[  889.017903][T20919] ftl_cs: FTL header not found.
[  889.038182][T20928] random: crng reseeded on system resumption
[  889.294258][T20931] random: crng reseeded on system resumption
[  889.407807][T20934] random: crng reseeded on system resumption
[  889.830024][T20940] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4144'.
[  890.598126][T20943] 0xfffffffffffffffd-0x000000020000 : ""
[  890.600569][T20943] mtd: partition "" is out of reach -- disabled
[  890.609850][T20943] ftl_cs: FTL header not found.
[  890.893935][  T841] usb 40-1: device descriptor read/8, error -110
[  890.953164][T20949] random: crng reseeded on system resumption
[  891.067411][T20953] 0xfffffffffffffffd-0x000000020000 : ""
[  891.069816][T20953] mtd: partition "" is out of reach -- disabled
[  891.077503][T20953] ftl_cs: FTL header not found.
[  891.337673][T20960] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4152'.
[  891.392396][T20961] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  891.394749][T20961] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  891.398957][T20961] vhci_hcd vhci_hcd.0: Device attached
[  891.401565][T20960] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4152'.
[  891.684224][T20965] 0xfffffffffffffffd-0x000000020000 : ""
[  891.686469][T20965] mtd: partition "" is out of reach -- disabled
[  891.692964][   T55] usb 42-1: SetAddress Request (89) to port 0
[  891.697533][   T55] usb 42-1: new SuperSpeed USB device number 89 using vhci_hcd
[  891.701440][T20965] ftl_cs: FTL header not found.
[  892.013937][T20962] vhci_hcd: connection reset by peer
[  892.016331][   T89] vhci_hcd vhci_hcd.2: stop threads
[  892.018147][   T89] vhci_hcd vhci_hcd.2: release socket
[  892.020175][   T89] vhci_hcd vhci_hcd.2: disconnect device
[  892.262915][  T841] usb usb40-port1: attempt power cycle
[  892.544182][T20979] random: crng reseeded on system resumption
[  892.808791][T20987] hsr0: entered promiscuous mode
[  892.811430][T20987] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4160'.
[  892.822894][  T841] usb usb40-port1: unable to enumerate USB device
[  892.864263][T20987] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4160'.
[  892.877619][T20987] hsr_slave_0: left promiscuous mode
[  892.880434][T20987] hsr_slave_1: left promiscuous mode
[  892.919838][T20987] hsr0 (unregistering): left promiscuous mode
[  892.990854][T20992] 0xfffffffffffffffd-0x000000020000 : ""
[  892.993762][T20992] mtd: partition "" is out of reach -- disabled
[  893.002191][T20992] ftl_cs: FTL header not found.
[  893.062093][T19785] usb 46-1: device descriptor read/8, error -110
[  893.419227][T21007] random: crng reseeded on system resumption
[  893.452585][T19785] usb usb46-port1: unable to enumerate USB device
[  893.664034][T21018] random: crng reseeded on system resumption
[  893.713639][T21016] random: crng reseeded on system resumption
[  893.744662][T21025] random: crng reseeded on system resumption
[  893.855076][T21030] 0xfffffffffffffffd-0x000000020000 : ""
[  893.857685][T21030] mtd: partition "" is out of reach -- disabled
[  893.892314][T21030] ftl_cs: FTL header not found.
[  893.900205][T21035] netlink: 'syz.2.4182': attribute type 10 has an invalid length.
[  893.985684][T21033] 0xfffffffffffffffd-0x000000020000 : ""
[  893.985707][T21033] mtd: partition "" is out of reach -- disabled
[  894.008988][T21033] ftl_cs: FTL header not found.
[  894.190495][T21059] 9p: Bad value for 'rfdno'
[  894.193398][T21050] random: crng reseeded on system resumption
[  894.611236][T21067] random: crng reseeded on system resumption
[  894.770708][T21068] trusted_key: encrypted_key: insufficient parameters specified
[  895.051358][T21073] 0xfffffffffffffffd-0x000000020000 : ""
[  895.053798][T21073] mtd: partition "" is out of reach -- disabled
[  895.102081][T21073] ftl_cs: FTL header not found.
[  895.217047][T21075] netlink: 'syz.1.4186': attribute type 1 has an invalid length.
[  895.335947][T21087] netlink: 'syz.1.4189': attribute type 10 has an invalid length.
[  895.339261][T21087] syz_tun: entered promiscuous mode
[  895.345114][T21087] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  895.373656][T21086] random: crng reseeded on system resumption
[  895.538575][T21096] binder_alloc: 21095: pid 21095 spamming oneway? 1 buffers allocated for a total size of 4096
[  895.544719][T21096] binder_alloc: 21095: pid 21095 spamming oneway? 2 buffers allocated for a total size of 5120
[  895.738625][T21105] 0xfffffffffffffffd-0x000000020000 : ""
[  895.740511][T21105] mtd: partition "" is out of reach -- disabled
[  895.748021][T21105] ftl_cs: FTL header not found.
[  895.978426][T21116] random: crng reseeded on system resumption
[  896.088073][T21119] netlink: 'syz.1.4202': attribute type 4 has an invalid length.
[  896.092561][T21119] FAULT_INJECTION: forcing a failure.
[  896.092561][T21119] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  896.098388][T21119] CPU: 3 UID: 0 PID: 21119 Comm: syz.1.4202 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  896.098418][T21119] Tainted: [L]=SOFTLOCKUP
[  896.098425][T21119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  896.098437][T21119] Call Trace:
[  896.098446][T21119]  <TASK>
[  896.098454][T21119]  dump_stack_lvl+0x16c/0x1f0
[  896.098487][T21119]  should_fail_ex+0x512/0x640
[  896.098513][T21119]  _copy_to_user+0x32/0xd0
[  896.098535][T21119]  simple_read_from_buffer+0xcb/0x170
[  896.098564][T21119]  proc_fail_nth_read+0x197/0x240
[  896.098595][T21119]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  896.098634][T21119]  ? rw_verify_area+0xcf/0x6c0
[  896.098658][T21119]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  896.098688][T21119]  vfs_read+0x1e4/0xcf0
[  896.098715][T21119]  ? __pfx___mutex_lock+0x10/0x10
[  896.098746][T21119]  ? __pfx_vfs_read+0x10/0x10
[  896.098769][T21119]  ? find_held_lock+0x2b/0x80
[  896.098799][T21119]  ? __fget_files+0x20e/0x3c0
[  896.098832][T21119]  ksys_read+0x12a/0x250
[  896.098857][T21119]  ? __pfx_ksys_read+0x10/0x10
[  896.098890][T21119]  __do_fast_syscall_32+0xe8/0x680
[  896.098922][T21119]  do_fast_syscall_32+0x32/0x80
[  896.098939][T21119]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  896.098961][T21119] RIP: 0023:0xf7fa6579
[  896.098976][T21119] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  896.098994][T21119] RSP: 002b:00000000f5496590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  896.099011][T21119] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5496620
[  896.099022][T21119] RDX: 000000000000000f RSI: 00000000f7436ff4 RDI: 0000000000000000
[  896.099033][T21119] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  896.099044][T21119] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  896.099054][T21119] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  896.099079][T21119]  </TASK>
[  896.243763][T21121] netlink: 'syz.1.4203': attribute type 10 has an invalid length.
[  896.466793][T21124] 9p: Bad value for 'rfdno'
[  896.602661][T21134] netlink: 'syz.3.4208': attribute type 10 has an invalid length.
[  896.607844][T21134] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  896.617653][ T8334] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  896.622205][ T8334] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  896.723428][T21139] random: crng reseeded on system resumption
[  896.742014][   T55] usb 42-1: device descriptor read/8, error -110
[  896.761488][T21150] 9pnet_virtio: no channels available for device syz
[  896.882114][  T841] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  897.093053][T21161] 8021q: adding VLAN 0 to HW filter on device batadv1
[  897.099049][T21161] team0: Port device batadv1 added
[  897.152500][   T55] usb usb42-port1: attempt power cycle
[  897.223881][  T841] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  897.227810][  T841] usb 7-1: config 0 interface 0 altsetting 251 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  897.232279][  T841] usb 7-1: config 0 interface 0 has no altsetting 0
[  897.236729][  T841] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  897.239946][  T841] usb 7-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  897.243191][  T841] usb 7-1: Product: syz
[  897.244713][  T841] usb 7-1: Manufacturer: syz
[  897.246483][  T841] usb 7-1: SerialNumber: syz
[  897.251230][  T841] usb 7-1: config 0 descriptor??
[  897.270883][  T841] snd-usb-audio 7-1:0.0: probe with driver snd-usb-audio failed with error -22
[  897.303721][T18815] udevd[18815]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  897.634444][ T1025] usb 7-1: USB disconnect, device number 22
[  897.691315][T21183] netlink: 96 bytes leftover after parsing attributes in process `syz.1.4220'.
[  897.733170][   T55] usb usb42-port1: unable to enumerate USB device
[  897.951528][T21200] mac80211_hwsim hwsim18 syzkaller0: entered promiscuous mode
[  897.972604][T21200] mac80211_hwsim hwsim18 syzkaller0: entered allmulticast mode
[  897.993684][T21179] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4207'.
[  898.264453][T21214] random: crng reseeded on system resumption
[  898.311168][T21217] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  898.317469][T21217] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  898.579536][T21222] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  898.582648][T21222] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  898.587179][T21222] vhci_hcd vhci_hcd.0: Device attached
[  898.647943][T21228] netlink: 'syz.1.4230': attribute type 10 has an invalid length.
[  898.871972][ T1025] usb 46-1: SetAddress Request (18) to port 0
[  898.874457][ T1025] usb 46-1: new SuperSpeed USB device number 18 using vhci_hcd
[  899.088422][T21239] 9p: Bad value for 'rfdno'
[  899.240342][T21225] vhci_hcd: connection reset by peer
[  899.243791][ T8335] vhci_hcd vhci_hcd.4: stop threads
[  899.245766][ T8335] vhci_hcd vhci_hcd.4: release socket
[  899.249123][ T8335] vhci_hcd vhci_hcd.4: disconnect device
[  899.532886][T21243] 9pnet_virtio: no channels available for device syz
[  899.583594][T21246] geneve2: entered promiscuous mode
[  899.588487][   T89] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  899.591974][   T89] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  899.595983][   T89] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  899.603973][   T89] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  899.720197][T21249] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4238'.
[  900.049421][T21251] netlink: 'syz.3.4239': attribute type 10 has an invalid length.
[  900.559690][T21271] lo speed is unknown, defaulting to 1000
[  900.564808][T21271] lo speed is unknown, defaulting to 1000
[  900.583801][T21271] lo speed is unknown, defaulting to 1000
[  900.616596][T21274] ªªªªªª: renamed from lo
[  901.006417][T21271] infiniband s
z1: set down
[  901.008144][   T55] ªªªªªª speed is unknown, defaulting to 1000
[  901.010486][T21271] infiniband s
z1: added ªªªªªª
[  901.040513][T21271] RDS/IB: s
z1: added
[  901.042458][T21271] smc: adding ib device s
z1 with port count 1
[  901.045336][T21271] smc:    ib device s
z1 port 1 has no pnetid
[  901.054054][ T8335] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  901.060312][ T8335] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  901.065464][   T55] ªªªªªª speed is unknown, defaulting to 1000
[  901.066227][ T8335] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  901.075037][ T8335] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  901.080328][T21271] ªªªªªª speed is unknown, defaulting to 1000
[  901.269730][T21271] ªªªªªª speed is unknown, defaulting to 1000
[  901.316131][T21283] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  901.318311][T21283] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  901.320989][T21283] vhci_hcd vhci_hcd.0: Device attached
[  901.396560][T21271] ªªªªªª speed is unknown, defaulting to 1000
[  901.499065][T21271] ªªªªªª speed is unknown, defaulting to 1000
[  901.592381][    T9] usb 40-1: SetAddress Request (92) to port 0
[  901.596074][    T9] usb 40-1: new SuperSpeed USB device number 92 using vhci_hcd
[  901.606746][T21271] ªªªªªª speed is unknown, defaulting to 1000
[  901.954784][T21301] syzkaller0: entered promiscuous mode
[  901.957198][T21301] syzkaller0: entered allmulticast mode
[  901.961649][T21284] vhci_hcd: connection reset by peer
[  901.965135][   T89] vhci_hcd vhci_hcd.1: stop threads
[  901.967643][   T89] vhci_hcd vhci_hcd.1: release socket
[  901.970436][   T89] vhci_hcd vhci_hcd.1: disconnect device
[  902.068979][T21303] netlink: 'syz.4.4255': attribute type 10 has an invalid length.
[  902.072349][T21303] syz_tun: entered promiscuous mode
[  902.077170][T21303] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  902.223358][T21314] random: crng reseeded on system resumption
[  902.275246][T21320] FAULT_INJECTION: forcing a failure.
[  902.275246][T21320] name failslab, interval 1, probability 0, space 0, times 0
[  902.279457][T21320] CPU: 1 UID: 0 PID: 21320 Comm: syz.3.4262 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  902.279476][T21320] Tainted: [L]=SOFTLOCKUP
[  902.279480][T21320] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  902.279487][T21320] Call Trace:
[  902.279492][T21320]  <TASK>
[  902.279497][T21320]  dump_stack_lvl+0x16c/0x1f0
[  902.279519][T21320]  should_fail_ex+0x512/0x640
[  902.279532][T21320]  ? __kvmalloc_node_noprof+0x129/0xa40
[  902.279550][T21320]  should_failslab+0xc2/0x120
[  902.279567][T21320]  __kvmalloc_node_noprof+0x14a/0xa40
[  902.279583][T21320]  ? compute_postorder+0x6db/0x890
[  902.279602][T21320]  ? bpf_stack_liveness_init+0x29/0xd0
[  902.279629][T21320]  ? compute_postorder+0x6e0/0x890
[  902.279646][T21320]  ? bpf_stack_liveness_init+0x29/0xd0
[  902.279660][T21320]  bpf_stack_liveness_init+0x29/0xd0
[  902.279676][T21320]  bpf_check+0x725b/0xc820
[  902.279700][T21320]  ? __pfx_bpf_check+0x10/0x10
[  902.279719][T21320]  ? rcu_is_watching+0x12/0xc0
[  902.279734][T21320]  ? ktime_get_with_offset+0x26e/0x3b0
[  902.279747][T21320]  ? __asan_memset+0x23/0x50
[  902.279759][T21320]  ? lsm_blob_alloc+0x2b/0x90
[  902.279775][T21320]  ? bpf_lsm_bpf_prog_load+0x9/0x10
[  902.279793][T21320]  bpf_prog_load+0x114e/0x2cc0
[  902.279809][T21320]  ? _parse_integer_limit+0x17f/0x1d0
[  902.279829][T21320]  ? __pfx_bpf_prog_load+0x10/0x10
[  902.279845][T21320]  ? __lock_acquire+0x436/0x2890
[  902.279870][T21320]  __sys_bpf+0x3e72/0x4980
[  902.279883][T21320]  ? __pfx___sys_bpf+0x10/0x10
[  902.279892][T21320]  ? find_held_lock+0x2b/0x80
[  902.279910][T21320]  ? find_held_lock+0x2b/0x80
[  902.279927][T21320]  ? __mutex_unlock_slowpath+0x161/0x790
[  902.279953][T21320]  ? fput+0x70/0xf0
[  902.279965][T21320]  ? ksys_write+0x1ac/0x250
[  902.279980][T21320]  ? __pfx_ksys_write+0x10/0x10
[  902.279998][T21320]  __ia32_sys_bpf+0x76/0xe0
[  902.280008][T21320]  ? lockdep_hardirqs_on+0x7c/0x110
[  902.280025][T21320]  __do_fast_syscall_32+0xe8/0x680
[  902.280044][T21320]  do_fast_syscall_32+0x32/0x80
[  902.280054][T21320]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  902.280069][T21320] RIP: 0023:0xf7ff1579
[  902.280078][T21320] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  902.280089][T21320] RSP: 002b:00000000f54e655c EFLAGS: 00000296 ORIG_RAX: 0000000000000165
[  902.280100][T21320] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080002c80
[  902.280108][T21320] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000
[  902.280114][T21320] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  902.280121][T21320] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  902.280127][T21320] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  902.280141][T21320]  </TASK>
[  902.475771][T21326] mac80211_hwsim hwsim22 syzkaller0: entered promiscuous mode
[  902.478882][T21326] mac80211_hwsim hwsim22 syzkaller0: entered allmulticast mode
[  902.519676][T21324] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9)
[  902.523003][T21324] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  902.526353][T21324] vhci_hcd vhci_hcd.0: Device attached
[  902.803421][T15799] usb 42-1: SetAddress Request (93) to port 0
[  902.806104][T15799] usb 42-1: new SuperSpeed USB device number 93 using vhci_hcd
[  903.103301][T21327] vhci_hcd: connection reset by peer
[  903.105417][   T89] vhci_hcd vhci_hcd.2: stop threads
[  903.110802][   T89] vhci_hcd vhci_hcd.2: release socket
[  903.114792][   T89] vhci_hcd vhci_hcd.2: disconnect device
[  903.435471][T21361] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  903.438286][T21361] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  903.442417][T21361] vhci_hcd vhci_hcd.0: Device attached
[  903.480425][T21371] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  903.494708][T21371] tipc: Resetting bearer <eth:syzkaller0>
[  903.571466][T21373] syz.1.4279 (21373) used obsolete PPPIOCDETACH ioctl
[  904.078939][T21368] vhci_hcd: connection reset by peer
[  904.085689][ T4727] vhci_hcd vhci_hcd.4: stop threads
[  904.091264][ T4727] vhci_hcd vhci_hcd.4: release socket
[  904.099304][ T1025] usb 46-1: device descriptor read/8, error -110
[  904.099670][ T4727] vhci_hcd vhci_hcd.4: disconnect device
[  904.514599][ T1025] usb usb46-port1: attempt power cycle
[  904.588735][T21382] ntfs3(md0): try to read out of volume at offset 0x0
[  904.954502][T21394] macsec0: left allmulticast mode
[  904.975843][ T4727] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  904.988302][ T4727] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  905.012533][ T4727] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  905.021947][ T4727] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  905.092519][T21396] overlay: Unknown parameter 'pcr'
[  905.115363][ T1025] usb usb46-port1: unable to enumerate USB device
[  905.351348][T21407] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  905.672646][T21413] Bluetooth: MGMT ver 1.23
[  905.950383][T21422] random: crng reseeded on system resumption
[  906.662362][    T9] usb 40-1: device descriptor read/8, error -110
[  907.073780][    T9] usb usb40-port1: attempt power cycle
[  907.144955][T21451] netlink: 'syz.1.4306': attribute type 2 has an invalid length.
[  907.147932][T21451] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4306'.
[  907.157083][T21451] netlink: 'syz.1.4306': attribute type 2 has an invalid length.
[  907.159995][T21451] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4306'.
[  907.227282][T21458] tipc: Resetting bearer <eth:syzkaller0>
[  907.234108][T21456] random: crng reseeded on system resumption
[  907.332551][T21462] tipc: Started in network mode
[  907.335220][T21462] tipc: Node identity 42ec96af299a, cluster identity 4711
[  907.339127][T21462] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  907.366270][T21462] syzkaller0: entered promiscuous mode
[  907.368920][T21462] syzkaller0: entered allmulticast mode
[  907.402829][T21462] tipc: Resetting bearer <eth:syzkaller0>
[  907.422688][T21461] tipc: Resetting bearer <eth:syzkaller0>
[  907.472101][T21461] tipc: Disabling bearer <eth:syzkaller0>
[  907.537279][T21474] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2745155244 (87844967808 ns) > initial count (160 ns). Using initial count to start timer.
[  907.652868][    T9] usb usb40-port1: unable to enumerate USB device
[  907.669728][T21478] 9pnet_virtio: no channels available for device syz
[  907.871910][T15799] usb 42-1: device descriptor read/8, error -110
[  908.149174][T21481] FAULT_INJECTION: forcing a failure.
[  908.149174][T21481] name failslab, interval 1, probability 0, space 0, times 0
[  908.154834][T21481] CPU: 1 UID: 0 PID: 21481 Comm: syz.2.4317 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  908.154864][T21481] Tainted: [L]=SOFTLOCKUP
[  908.154870][T21481] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  908.154880][T21481] Call Trace:
[  908.154888][T21481]  <TASK>
[  908.154895][T21481]  dump_stack_lvl+0x16c/0x1f0
[  908.154930][T21481]  should_fail_ex+0x512/0x640
[  908.154951][T21481]  ? __kmalloc_noprof+0xca/0x910
[  908.154972][T21481]  should_failslab+0xc2/0x120
[  908.154997][T21481]  __kmalloc_noprof+0xeb/0x910
[  908.155015][T21481]  ? arch_stack_walk+0xa6/0x100
[  908.155035][T21481]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  908.155069][T21481]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  908.155097][T21481]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  908.155130][T21481]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  908.155161][T21481]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  908.155190][T21481]  ? genl_get_cmd+0x194/0x580
[  908.155223][T21481]  ? bpf_lsm_capable+0x9/0x10
[  908.155248][T21481]  ? security_capable+0x7e/0x260
[  908.155288][T21481]  ? ns_capable+0xd7/0x110
[  908.155313][T21481]  genl_rcv_msg+0x55c/0x800
[  908.155334][T21481]  ? __pfx_genl_rcv_msg+0x10/0x10
[  908.155353][T21481]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  908.155376][T21481]  ? __pfx_nl80211_new_station+0x10/0x10
[  908.155401][T21481]  ? __pfx_nl80211_post_doit+0x10/0x10
[  908.155429][T21481]  ? __lock_acquire+0x436/0x2890
[  908.155450][T21481]  netlink_rcv_skb+0x158/0x420
[  908.155472][T21481]  ? __pfx_genl_rcv_msg+0x10/0x10
[  908.155484][T21481]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  908.155507][T21481]  ? netlink_deliver_tap+0x1ae/0xd30
[  908.155525][T21481]  genl_rcv+0x28/0x40
[  908.155544][T21481]  netlink_unicast+0x5aa/0x870
[  908.155563][T21481]  ? __pfx_netlink_unicast+0x10/0x10
[  908.155580][T21481]  ? __pfx___might_resched+0x10/0x10
[  908.155602][T21481]  netlink_sendmsg+0x8c8/0xdd0
[  908.155621][T21481]  ? __pfx_netlink_sendmsg+0x10/0x10
[  908.155640][T21481]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[  908.155662][T21481]  ____sys_sendmsg+0xa5d/0xc30
[  908.155683][T21481]  ? __pfx_____sys_sendmsg+0x10/0x10
[  908.155701][T21481]  ? get_compat_msghdr+0x11a/0x170
[  908.155723][T21481]  ___sys_sendmsg+0x134/0x1d0
[  908.155739][T21481]  ? __pfx____sys_sendmsg+0x10/0x10
[  908.155761][T21481]  ? find_held_lock+0x2b/0x80
[  908.155786][T21481]  __sys_sendmsg+0x16d/0x220
[  908.155802][T21481]  ? __pfx___sys_sendmsg+0x10/0x10
[  908.155826][T21481]  __do_fast_syscall_32+0xe8/0x680
[  908.155867][T21481]  do_fast_syscall_32+0x32/0x80
[  908.155878][T21481]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  908.155893][T21481] RIP: 0023:0xf701d579
[  908.155904][T21481] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  908.155915][T21481] RSP: 002b:00000000f540d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  908.155927][T21481] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080001080
[  908.155934][T21481] RDX: 0000000000004814 RSI: 0000000000000000 RDI: 0000000000000000
[  908.155940][T21481] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  908.155947][T21481] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  908.155953][T21481] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  908.155968][T21481]  </TASK>
[  908.310047][T15799] usb usb42-port1: attempt power cycle
[  908.508185][T21492] random: crng reseeded on system resumption
[  908.606045][ T6128] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  908.610258][ T6128] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  908.622633][ T6128] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  908.627160][ T6128] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  908.835892][T21511] batadv1: left allmulticast mode
[  908.838408][T21511] geneve2: left promiscuous mode
[  908.882447][T15799] usb usb42-port1: unable to enumerate USB device
[  909.133977][T21526] random: crng reseeded on system resumption
[  909.331534][T21543] (syz.4.4339,21543,0):dlmfs_mkdir:421 ERROR: invalid domain name for directory.
[  909.573443][T21557] rdma_rxe: rxe_newlink: failed to add lo
[  909.576271][T21557] ªªªªªª: renamed from lo
[  909.753650][T21556] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  909.755957][T21556] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  909.758699][T21556] vhci_hcd vhci_hcd.0: Device attached
[  909.794789][T21562] vhci_hcd: connection closed
[  909.795039][   T89] vhci_hcd vhci_hcd.2: stop threads
[  909.799040][   T89] vhci_hcd vhci_hcd.2: release socket
[  909.801419][   T89] vhci_hcd vhci_hcd.2: disconnect device
[  909.913471][   T40] audit: type=1326 audit(1766862326.956:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21566 comm="syz.1.4347" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa6579 code=0x7ffc0000
[  909.930349][   T40] audit: type=1326 audit(1766862326.966:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21566 comm="syz.1.4347" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa6579 code=0x7ffc0000
[  909.945007][   T40] audit: type=1326 audit(1766862326.966:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21566 comm="syz.1.4347" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa6579 code=0x7ffc0000
[  909.957455][   T40] audit: type=1326 audit(1766862326.966:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21566 comm="syz.1.4347" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fa6579 code=0x7ffc0000
[  909.967671][   T40] audit: type=1326 audit(1766862326.966:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21566 comm="syz.1.4347" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fa6579 code=0x7ffc0000
[  909.977697][   T40] audit: type=1326 audit(1766862326.966:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21566 comm="syz.1.4347" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa6579 code=0x7ffc0000
[  909.994719][   T40] audit: type=1326 audit(1766862326.966:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21566 comm="syz.1.4347" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa6579 code=0x7ffc0000
[  910.007997][   T40] audit: type=1326 audit(1766862326.966:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21566 comm="syz.1.4347" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa6579 code=0x7ffc0000
[  910.019833][   T40] audit: type=1326 audit(1766862326.966:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21566 comm="syz.1.4347" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fa6579 code=0x7ffc0000
[  910.030309][   T40] audit: type=1326 audit(1766862326.966:316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21566 comm="syz.1.4347" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa6579 code=0x7ffc0000
[  910.496183][T21580] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4350'.
[  910.500149][T21580] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4350'.
[  910.555342][T21584] ªªªªªª speed is unknown, defaulting to 1000
[  910.930728][T21601] ------------[ cut here ]------------
[  910.933078][T21601] WARNING: drivers/gpu/drm/drm_prime.c:224 at drm_prime_destroy_file_private+0x43/0x60, CPU#3: syz.1.4357/21601
[  910.938101][T21601] Modules linked in:
[  910.941445][T21601] CPU: 3 UID: 0 PID: 21601 Comm: syz.1.4357 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  910.946828][T21601] Tainted: [L]=SOFTLOCKUP
[  910.948603][T21601] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  910.953513][T21601] RIP: 0010:drm_prime_destroy_file_private+0x43/0x60
[  910.956683][T21601] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 21 48 8b 83 90 00 00 00 48 85 c0 75 06 5b e9 23 08 6e fc e8 1e 08 6e fc 90 <0f> 0b 90 5b e9 14 08 6e fc e8 5f ea d6 fc eb d8 66 66 2e 0f 1f 84
[  910.965049][T21601] RSP: 0018:ffffc9000df6fc88 EFLAGS: 00010293
[  910.967755][T21601] RAX: 0000000000000000 RBX: ffff88805fe0f380 RCX: ffffffff8b76c5d1
[  910.971195][T21601] RDX: ffff8880294024c0 RSI: ffffffff855050d2 RDI: ffff88805fe0f410
[  910.974821][T21601] RBP: ffff88805fe0f000 R08: 0000000000000001 R09: fffff52001bedf71
[  910.978279][T21601] R10: ffffc9000df6fb8f R11: 0000000000000000 R12: ffff888025762000
[  910.981728][T21601] R13: ffff88805fe0f2b0 R14: 0000000000000000 R15: ffff88805fe0f2d8
[  910.985165][T21601] FS:  0000000000000000(0000) GS:ffff8880979fc000(0063) knlGS:0000000057522440
[  910.989022][T21601] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  910.991966][T21601] CR2: 000000002d217ff8 CR3: 0000000078edb000 CR4: 0000000000352ef0
[  910.995399][T21601] DR0: 0000000000000001 DR1: fffffffffffffff7 DR2: 0000000000000000
[  910.998602][T21601] DR3: 000000000000000a DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  911.002203][T21601] Call Trace:
[  911.003702][T21601]  <TASK>
[  911.005019][T21601]  drm_file_free.part.0+0x7ee/0xcd0
[  911.007320][T21601]  drm_close_helper.isra.0+0x186/0x1f0
[  911.009905][T21601]  drm_release+0x1ab/0x360
[  911.012170][T21601]  ? __pfx_drm_release+0x10/0x10
[  911.014403][T21601]  __fput+0x402/0xb70
[  911.016235][T21601]  task_work_run+0x150/0x240
[  911.018328][T21601]  ? __pfx_task_work_run+0x10/0x10
[  911.020598][T21601]  ? __do_sys_close_range+0x278/0x730
[  911.023200][T21601]  exit_to_user_mode_loop+0xfb/0x540
[  911.025667][T21601]  __do_fast_syscall_32+0x4a4/0x680
[  911.028010][T21601]  do_fast_syscall_32+0x32/0x80
[  911.030192][T21601]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  911.033049][T21601] RIP: 0023:0xf7fa6579
[  911.035003][T21601] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  911.043138][T21601] RSP: 002b:00000000ffc6b78c EFLAGS: 00000202 ORIG_RAX: 00000000000001b4
[  911.046865][T21601] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e
[  911.050318][T21601] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  911.054004][T21601] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  911.057617][T21601] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  911.061378][T21601] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  911.065094][T21601]  </TASK>
[  911.066592][T21601] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  911.069837][T21601] CPU: 3 UID: 0 PID: 21601 Comm: syz.1.4357 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  911.074836][T21601] Tainted: [L]=SOFTLOCKUP
[  911.076786][T21601] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  911.081909][T21601] Call Trace:
[  911.083432][T21601]  <TASK>
[  911.084783][T21601]  dump_stack_lvl+0x3d/0x1f0
[  911.087259][T21601]  vpanic+0x640/0x6f0
[  911.089509][T21601]  ? drm_prime_destroy_file_private+0x43/0x60
[  911.092699][T21601]  panic+0xca/0xd0
[  911.094467][T21601]  ? __pfx_panic+0x10/0x10
[  911.096497][T21601]  ? check_panic_on_warn+0x1f/0xb0
[  911.098836][T21601]  check_panic_on_warn+0xab/0xb0
[  911.101062][T21601]  __warn+0x108/0x3c0
[  911.102881][T21601]  __report_bug+0x2a0/0x520
[  911.104934][T21601]  ? drm_prime_destroy_file_private+0x43/0x60
[  911.107774][T21601]  ? __pfx___report_bug+0x10/0x10
[  911.110010][T21601]  ? find_held_lock+0x2b/0x80
[  911.112091][T21601]  ? drm_master_release+0x2c1/0x600
[  911.114416][T21601]  ? drm_prime_destroy_file_private+0x43/0x60
[  911.117094][T21601]  report_bug+0xb2/0x220
[  911.119005][T21601]  ? drm_prime_destroy_file_private+0x43/0x60
[  911.121713][T21601]  handle_bug+0x127/0x260
[  911.123691][T21601]  exc_invalid_op+0x17/0x50
[  911.125735][T21601]  asm_exc_invalid_op+0x1a/0x20
[  911.127901][T21601] RIP: 0010:drm_prime_destroy_file_private+0x43/0x60
[  911.130870][T21601] Code: 00 00 fc ff df 48 89 fa 48 c1 ea 03 80 3c 02 00 75 21 48 8b 83 90 00 00 00 48 85 c0 75 06 5b e9 23 08 6e fc e8 1e 08 6e fc 90 <0f> 0b 90 5b e9 14 08 6e fc e8 5f ea d6 fc eb d8 66 66 2e 0f 1f 84
[  911.139377][T21601] RSP: 0018:ffffc9000df6fc88 EFLAGS: 00010293
[  911.142148][T21601] RAX: 0000000000000000 RBX: ffff88805fe0f380 RCX: ffffffff8b76c5d1
[  911.145697][T21601] RDX: ffff8880294024c0 RSI: ffffffff855050d2 RDI: ffff88805fe0f410
[  911.149138][T21601] RBP: ffff88805fe0f000 R08: 0000000000000001 R09: fffff52001bedf71
[  911.152534][T21601] R10: ffffc9000df6fb8f R11: 0000000000000000 R12: ffff888025762000
[  911.156103][T21601] R13: ffff88805fe0f2b0 R14: 0000000000000000 R15: ffff88805fe0f2d8
[  911.159519][T21601]  ? __mutex_unlock_slowpath+0x161/0x790
[  911.161929][T21601]  ? drm_prime_destroy_file_private+0x42/0x60
[  911.164606][T21601]  ? drm_prime_destroy_file_private+0x42/0x60
[  911.167243][T21601]  drm_file_free.part.0+0x7ee/0xcd0
[  911.169621][T21601]  drm_close_helper.isra.0+0x186/0x1f0
[  911.172073][T21601]  drm_release+0x1ab/0x360
[  911.174070][T21601]  ? __pfx_drm_release+0x10/0x10
[  911.176318][T21601]  __fput+0x402/0xb70
[  911.178217][T21601]  task_work_run+0x150/0x240
[  911.180366][T21601]  ? __pfx_task_work_run+0x10/0x10
[  911.182683][T21601]  ? __do_sys_close_range+0x278/0x730
[  911.185113][T21601]  exit_to_user_mode_loop+0xfb/0x540
[  911.187517][T21601]  __do_fast_syscall_32+0x4a4/0x680
[  911.189786][T21601]  do_fast_syscall_32+0x32/0x80
[  911.191941][T21601]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  911.194739][T21601] RIP: 0023:0xf7fa6579
[  911.196567][T21601] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  911.204160][T21601] RSP: 002b:00000000ffc6b78c EFLAGS: 00000202 ORIG_RAX: 00000000000001b4
[  911.207836][T21601] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e
[  911.211321][T21601] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  911.214838][T21601] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  911.218345][T21601] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  911.222121][T21601] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  911.225665][T21601]  </TASK>
[  911.228093][T21601] Kernel Offset: disabled
[  911.230034][T21601] Rebooting in 86400 seconds..