last executing test programs:

4m44.564114951s ago: executing program 1 (id=1212):
socket$nl_rdma(0x10, 0x3, 0x14)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = socket(0x2, 0x3, 0xff)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000040)=0x2c9e, 0x4)
connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @empty}, 0x10)
sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001c40)=ANY=[], 0x18}}, 0x4020)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
setgroups(0x0, 0x0)
r4 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$VT_RESIZEX(r4, 0x560a, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x4})
socket$netlink(0x10, 0x3, 0x15)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="4544f0fffcff30c00000ee00"], &(0x7f0000000280)='syzkaller\x00', 0x6, 0x1e, &(0x7f0000000300)=""/30, 0x41000, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000bc0)={0x3, 0x4}, 0x8, 0x10, &(0x7f0000000c00)={0x4, 0xb, 0x902c}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000cc0)=[0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x7}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa10000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
syz_clone3(&(0x7f000000c340)={0xa802100, 0x0, 0x0, 0x0, {0x2e}, 0x0, 0x0, 0x0, &(0x7f0000000340)=[0x0], 0x1}, 0x58)
r5 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r6 = dup(r5)
write$uinput_user_dev(r6, &(0x7f00000004c0)={'syz0\x00', {0x87, 0x3, 0x1, 0x9}, 0xb, [0x4, 0x6, 0x802, 0xe9a2, 0x1, 0x0, 0xa9ba, 0xc1f, 0x1, 0x7f5b, 0x3, 0x4, 0x5, 0x10004, 0x2, 0x3, 0x0, 0x3, 0xe, 0x3, 0x0, 0x2, 0xd9, 0x2, 0x6, 0x0, 0x3, 0x9, 0xfff, 0x8a0, 0x6, 0x8001, 0x33b5, 0x1, 0xfffffffc, 0x0, 0x9, 0xb, 0xcc, 0x4, 0x80, 0x401, 0x5, 0x5, 0xfffffffd, 0x8, 0xb, 0x3, 0xffff8001, 0x6, 0x3, 0x80000000, 0x1, 0xa, 0x7, 0x8, 0x5, 0xfff, 0x1, 0x7fe, 0x7fff, 0x10000, 0x2, 0x8], [0x2, 0x1, 0x10000, 0x7, 0x9, 0x6, 0x5, 0x4, 0x9, 0x7, 0x5, 0xdd5a, 0x6, 0x5, 0x7, 0x8, 0x5, 0xcc, 0xbc1, 0x80000, 0x0, 0x5e81339d, 0xffffc256, 0xb, 0x80000001, 0x0, 0x0, 0x4, 0x4, 0x7, 0x8, 0x10d, 0x1, 0x5, 0x5, 0xfffffb66, 0xfb5, 0x2, 0x4, 0x7, 0x2, 0x8000, 0x7fff, 0x1, 0x9425, 0x4, 0x6f, 0x80b, 0x1, 0x1, 0x525ba681, 0x4f74, 0x7, 0x1, 0x1, 0xfffffffd, 0x100, 0x6, 0x10000, 0x1306, 0x8b, 0x10000, 0xfe4, 0x3ff], [0x2, 0x40, 0x200, 0xfffffff9, 0x7aa, 0x10, 0x80, 0x8001, 0x5, 0x0, 0x9, 0x8, 0x7fffffff, 0x1, 0x1, 0x4, 0x8, 0xa9, 0x7, 0x49, 0x6, 0x4, 0x5, 0xa3, 0x40003, 0x2, 0x0, 0x3, 0x4c, 0x3, 0x5, 0x4, 0xd21e, 0x9, 0x12, 0x0, 0x2, 0xfff, 0x926, 0x800100, 0x7c83, 0xd, 0x1, 0x4, 0xf, 0x81, 0x47, 0x7, 0x0, 0x11, 0x2, 0xffd, 0x7, 0x7, 0x7ffd, 0x7ff, 0x10, 0x9, 0x10001, 0x8000001, 0x10001, 0x6, 0x71c], [0x81, 0x3, 0x10, 0x4e26, 0x3, 0x7, 0xfffffff3, 0x497, 0x4, 0x1, 0x3, 0x5, 0x56, 0xc28, 0x9, 0x5, 0x5, 0xa, 0x79a, 0x4, 0x9, 0x6, 0xc41f, 0x5, 0x8b6, 0xffffffff, 0x0, 0x0, 0x6a, 0x9, 0x0, 0x0, 0x1000, 0x10, 0xd, 0x6, 0x8000, 0x53, 0x78d, 0x4, 0x1, 0x9, 0xfffffff8, 0x9, 0x7, 0x7, 0x101, 0x7, 0x7, 0x4, 0x0, 0xb, 0x400400, 0x8, 0x0, 0x8, 0x7, 0x9, 0x8, 0x0, 0x1, 0x8001, 0xfffffff7, 0x5]}, 0x45c) (fail_nth: 1)

4m43.714733324s ago: executing program 1 (id=1214):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x800, 0x0, 0x100000}, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x3938700}, 0x0)

4m43.614593364s ago: executing program 1 (id=1215):
r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1\x00', 0x0)
r1 = socket$kcm(0x2b, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
syz_usbip_server_init(0x3)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
write$UHID_CREATE(0xffffffffffffffff, 0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
dup(r5)
sendmsg$inet6(r5, &(0x7f0000000800)={&(0x7f0000000380)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000080)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043)
shutdown(r5, 0x1)
mmap(&(0x7f000088b000/0x2000)=nil, 0x2000, 0xb, 0x40010, r1, 0x1c5ec000)
ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000040))
socket$nl_generic(0x10, 0x3, 0x10)

4m41.846310561s ago: executing program 1 (id=1220):
mkdirat(0xffffffffffffff9c, 0x0, 0x8)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000280)='./file0\x00', &(0x7f00000006c0)='./file0/file0\x00', 0x0, 0x38ad211, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='devpts\x00', 0x101c040, 0x0) (fail_nth: 10)

4m41.794406293s ago: executing program 1 (id=1221):
syz_open_dev$vbi(0x0, 0x0, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)={0x18, 0x3e, 0x229, 0x0, 0x25dfdbfc, {0xa, 0x0, 0xa6}, [@typed={0x4}]}, 0x18}}, 0x8000)

4m41.444600378s ago: executing program 1 (id=1226):
r0 = openat$ttyprintk(0xffffff9c, &(0x7f0000000000), 0x4c00, 0x0)
syz_open_pts(r0, 0x40) (async)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="640000001000370403000000ffffffff00000000", @ANYRES32=r2, @ANYBLOB="0b1b050000000000440012800b00010069703667726500003400028008000100", @ANYRES32, @ANYBLOB="14000600fe8000000000000000000000000000aa1400070000000000000000000000000000bb"], 0x64}, 0x1, 0x0, 0x0, 0x48810}, 0x4000010) (async)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r1)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, r3, 0x20, 0x70bd2d, 0x25dfdbfc, {}, [@HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

4m41.39140286s ago: executing program 32 (id=1226):
r0 = openat$ttyprintk(0xffffff9c, &(0x7f0000000000), 0x4c00, 0x0)
syz_open_pts(r0, 0x40) (async)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="640000001000370403000000ffffffff00000000", @ANYRES32=r2, @ANYBLOB="0b1b050000000000440012800b00010069703667726500003400028008000100", @ANYRES32, @ANYBLOB="14000600fe8000000000000000000000000000aa1400070000000000000000000000000000bb"], 0x64}, 0x1, 0x0, 0x0, 0x48810}, 0x4000010) (async)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r1)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, r3, 0x20, 0x70bd2d, 0x25dfdbfc, {}, [@HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg\x00'}]}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

4.641607816s ago: executing program 4 (id=3012):
socket$igmp(0x2, 0x3, 0x2)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000001c0)={'batadv_slave_0\x00', <r1=>0x0})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8, 0x2, 0x81}}]}, 0x40}}, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
r6 = socket$kcm(0x11, 0x3, 0x0)
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000022c0)=@newtfilter={0x34, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0xb, 0xd}, {}, {0x7, 0xb}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20051090}, 0x8000)
r10 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r11 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r12 = socket(0x1, 0x80802, 0x0)
r13 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r12, &(0x7f00000000c0)={0x10000001})
epoll_pwait(r13, &(0x7f0000000080)=[{}], 0x1, 0x80000000, 0x0, 0x0)
shutdown(r12, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
fcntl$lock(r11, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
fcntl$getflags(r6, 0x401)
close(r10)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$SIOCSIFHWADDR(r10, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r14=>0x0})
sendmsg$kcm(r6, &(0x7f00000000c0)={&(0x7f0000000500)=@xdp={0x2c, 0x7, r14, 0x1a}, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000140)="d0", 0x1}, {&(0x7f0000000600)="e921f0150cd85d92067966c298e7d851c24b652ab67694c6530b64554c6674e34af1997eed907c79930b3075e4c9def5ae86b7953295ca655ea6c33bbcf3c31feba8d41faad9269c2330b4c66738b9c6774740a42bc3eda2dcab4e019818afa8ce9cc965500a99f068bf1f34cc7180417714ffdbcbc91cfa0b1c5c116e16514b02428d0d69e28859058d976fc68e301e35617e03e6c04173087bb2b4888071b6cf283cba28114a37f8540cefec3b67e28cdc52b582d84f952f8d27c5b0e8f9418c54df88460ccecd076921703a74e25485227d8ccb980cad776abd9747011117a91af5858b08fc0a5745991b4b43d999c2a9", 0xf2}, {&(0x7f0000000340)="826111ae10bbd7b761101e1bf513c8439fca952a44bc60080de3190da5d1a43634c6fdf227c724b8be4b9623fd3484ff575548d777baa825b972d860d8f1eb373dabff87cef4d76aeb2ea21de798538a872d3e13c533eab51e0fe9aa874c3d16184d5ec6052eceba99b8", 0x6a}, {&(0x7f00000002c0)="4dd01f22f9c32d10722331f272b27b01485c49dbe8ccf5649b2062fee882c03747", 0x21}, {&(0x7f0000000440)="cc96edc512da1158a25f1daac64c895c712b4d89772cc6a5ff63e78437f75f461c16ef78188661328eb7d1d289d18c5073480ffe79fa996b1f92541c19ac3aa348fd53a2f4c23adbf3ca646da8a393890f29", 0x52}], 0x5}, 0xc804)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=@delchain={0x3c, 0x5f, 0x333, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0x5, 0x2}, {0x1, 0x7}}, [@TCA_RATE={0x6, 0x5, {0x6, 0x2}}, @TCA_CHAIN={0x8}, @TCA_RATE={0x6, 0x5, {0xff, 0x3}}]}, 0x3c}}, 0x0)

4.24308626s ago: executing program 4 (id=3019):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_tcp(0xa, 0x1, 0x0)
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
getpeername$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000280)=0x14)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f0000000040), 0x0, 0x8121, 0x0)
preadv(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f00000006c0)=""/4089, 0xff9}], 0x2, 0x740, 0x0)
socket$inet6(0xa, 0x1, 0x0)
setresuid(0xee01, 0x0, 0x0)
wait4(0x0, 0x0, 0x8, 0x0)
ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f00000000c0)={@remote, @private0, @empty, 0x40003, 0x40, 0x5, 0x100, 0x0, 0x590043})
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0)
mmap(&(0x7f0000668000/0x4000)=nil, 0x4000, 0x0, 0x8010, r5, 0x102300)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

3.201565649s ago: executing program 4 (id=3028):
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x1}}, './file0\x00'})
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendmmsg$inet6(r1, &(0x7f0000007bc0), 0x0, 0x24008041)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x3, &(0x7f0000000200)=ANY=[], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x94)
r4 = syz_io_uring_setup(0x39, &(0x7f0000000100)={0x0, 0xdc8a, 0x800, 0x0, 0x1a2, 0x0, r0}, &(0x7f0000000000), &(0x7f00000000c0))
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(r4, 0x21, &(0x7f0000000440), 0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f00000038c0)=[{{&(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000400)=[{&(0x7f0000000880)="22633490a12c63da4e3b511eb6386416daab2657a51802120ee623fafeb0081d7fd98a8679953fef039417394855cbaaf99158617e9fafa4479bb0f237891fbb4c3dbcbadce6f05da835ad9521ccd583e20e2d515e5ef69a4a32a151ab181b06c50633f5193991edac3e5b2d3529a7045ad1dfc625c7a35965484d635423db02cd016221204d244ea7731645d5fbc1bf10dcd7b43c9d571ba95b1e1677ab4dbdb784ebdba551c891b5d2e8d8a1901e9da6b02685542720fe2c3c0bac688b6a13789167f1ace91b367787b9032a0d517ad5146b270ba27b8d663ae8710d57adbe17542af315c866a77f95e7e4084fe57777e6ac2c3519988d95e5b6611948cce0d39002041df669d3d58725f2ce97e22e01f2eda1962a9a7083373140d2c7dce1114cbde6c3e8245653283c3f8db2044ead397c5434149be357e98f4aeb64562180d937e77c75feab4d75af516e0bc1f2bc8116f58e697e9c575d09e076b8112d7bd148c289e6ac0b2d6607cc8450d968d136e225f99d39b6d9d5e752f67518973bb378227a899da361bbe9d98102d88b529cd35ca3b8d7ae5da63c5ebc2c8cd1a61499942acd8822347a1802e77af4007e26e56ce525859c22cff8c9f981d28744ddfa2ef600c81537cfe7f1c8384c6b0d94e6576329d9ef262f3b8a577baa42eb031c605a7c68087cbd2a3090f01974acd0ea09cb8de061dc7e10b682ddfbe0bfd03afbe2543c68184c2550b3bb0e1df62bb24148f042d6e531465e888a59257afdc9e56b110e69f8d3eadab48d29f354712761d4b1c90a18bdb262b8be1c1e80925add0e75d3748b34b9503b2be25a5ac9016866d15429b5a109e4b11d40e455f112b821f243cdd7a97cbf19dbceebd8a228eedb8cf9bbf15060067d8c6d58425cbc5cbb398d3d4bf10f30a8c12011289315f7c12a2de53f12ae2163a1bd24c90e57af4294157fe40b3c5d2b92af6fdfd465f8f32068d254d6cbc31a0280ba06b11bfea6771232db7efd2ef2a1852c5924a31ff599592d5d84323c14a43a1a6c6fb607a5887880633d751186183abb1fc2b758fdb19812639bd3a1dbddadd0f898ac905b931f9634c457b147a07aa291e6568e23025269a423f98edb1ece87ae5e1d5f2b6326b95d9e34716bda052f39e625d587e69f75a3e145f831614c41477f653c293a59499fffa1bab19d3694042dbf8ff6a60368594195d398070bb6eb5ccd1e5fcfa52ab0da93d87c934c41d64292a8e3bc63c60509ea4e87f6bddf379588ecd6ffe34ce32e90eeb982db1b92beb0f170571ce426db3cfa94ffe2a0ea607a916cbfd57b5aee631d2c24937aa6df04e519c1306dddedebb3153cbf2b402897efde9f2b96395ca34f14f36b52f0e9d7159cdf2dec08c2d1f3a30b38c0e0d2461ea9923dbbe9475eb43eed308db640cc59bf7c36d5279f9b323d13eae1cfb856e12686d3cc8c7c9dbb1cd0dd2cf6de0491b5e13042662d8e50321a28bf808b144d8eeb1889398c14c1c72889db1c95b6808904534de999298cec161cf13355467f52f0ee1c32ce12d5e94bd6f812318830ca0a9c35c8afb62497ad7ef5643f28a2e3330f1bb57e91498fa72502e19e9e160fa1a68a5cf7391b63d5b9c63fa028febaf1255b9aefe49edcb1e911515ff75d9da009fb0a959049add5a15baeec9bbf6643cba719e02b772677593d6aecc8e063c1e88b1c64d3153b6d08e96bb89826d75c8e081659ad048ee42898ce6817727cd75a1de6996321dc824cadaead45934e291d79de17f379b4c31c6054f5c90748d7787ccd9869c155fc11f99c0ef00eeed4fc1ae064fdc7c4ed82cab635b049028e5928a3583fb7bd9c8be4dd12dcaa09c7130bc0635b81f2b84681e324ab09e7e819760e6cc829660242f64bd39c5b080184b68a5faaafa527d23bb3eaae4430ea0352b7066feeb2961bce91bec1e3c4e9a0d0fa1f61fec4114f0fdbbbcd4ba5359cb33eae0d6d675d2fd461fefdc97a355b04299069a5f56805f2ac6576afe45967c93ddfe8160028f33091b69b2097f7e9a9fbac5041e7e369a5886e7c92656aab24e9aeb4c47f322d4499370b27b009ec9966b03c4fa987aedf2cfe617be23a23931200a835fa4bc3602e5654ee715f243e4b77881ca3b89ede6b5f9eb5ea6a0e43541a118778976407c0cf8636c61e53d36b31b596e5e977b7d9a0f309cf1e42da08cc1713038419c3f34d248fe92e25928447a854aa29ef7ccdb527798a37b41bce9156fe8c2a7927542a42549c25a403be6c200716978ff936172d5bd83fd7ac562591e8c28f09a2f40accd4ca04b790cf54c18cbe8fc211ac965076c4f52c06fd88709418ecd1cf9bef095c37bebfd53f5370d495f0394b69177f86cdce82449d521d55bb12593848f3e5c8a0d3759a974fb4d161d621056219e7652b342cb259b2d0e7ee65d9cee5b11060c6748561a37af7436ca4340ee2384e1ac957934890a0cc9f25624eee8054fc1b6c0796bd83f69f84e6e35d14bf25b4f28e7b5b2ed4dcc036f144134ccb071e05f9b5122724809238ffd2d4cef489afeaf8afaa6f373e47f003eed2e27071c6ca665d275933b6d0a6f72c1de72b0abfa067444b0b2ce76884d6f6d79e29134875a2a7b09232c20a0bc2a98acd1c1d318b2b14a2729b282d760328902b0727261b30d55ab81054ec56d64559bfd7a554ce63232c5be80e0b7f284a74a0238941593ed800ec6a590a624c5f6eb4f346f9f0455034cd41087dd6d6d8e7851e0672888851850ca34802c27d8e4e0d23f73816b3a3262da0073d67677ca5b2c324fdac4fcc0526d1bab094f93e75b489b2fcb5966228c40fb1e75ea19b79960de001c850245bbcd9fa45c2082b55fb53f604e175d4d1d49d6b0da0acd914eecb5b464ce9782457da241da71a5bea9cba479a846fa5dafbd6d844116a2c176e06ffb060f3e4481120738ef078b2ceffe1d1eca80589f1395adbebcbf2bb8c4b3e80f831008b839783b4040c3c74d543fdc8c933e0b1eb04ad444983a326b04b9da253f8a97ee70da450be135f7ae069cbfa30f53972af63842768f0daef084c0dfc343efd88b5b1a29062b6a918c641564b02cb90f3f4cf7dc058968dc686c2de369b9615e953f33a620f946d66d11e9d4b614bc760fedc323531c45187304318efcb031a6b33f5816293fcf62a8e5248139bc2a17bd302af424ec981ca0e11a4930f3373553868177f857d4fdbe6e2ad8c67ce96d369f90ff65001d462649eef38bfa4b4eb6e6823513c6e76cdde7708b3c07180162a7d09aa0c0c0cf329d04dcba760f9f4067e76ce1cb1b69f3bfaa6541a7ab7872dd9b1ec13b352c6a14f53deec59b09c477430f960d2af4fd04c70f27387ac5bba577343eaf65150c1a04b1ccdc2e8f3d91085407c485677f5a5d44c8d4ba854ee1f4ceb41c202325d50db91c5975361cce31a55cd601df7d63457cc9c9c824894e2980a1539ad80b6f0559fc1a5734186269288cc1a3f1894a2df10c1c6abb75cef1b67d813bcfe91d845c366922022180e311f8b070aab4608e86cbe2f2646c61c038de2bc466acbb2db896dda9ba2683d5cb9a59a28ef7f02579e835584a823797095565c55366005e82014f0201ce00d4111b8cd8f236f8795274e7347da180f7061b8a4eb1b80a29b0660103e853cfc38ba3f054a82a8b38249813dc321b9152f5e2cbe4c303548dba71d6a9f134407d3f6ae1bdea8c1f44557bf622d8170e5df3d990dacc33e9ca7b73e5d00d1b3957c91ea04513bed7be8e5a03c68c3eeafe9c952e6756ee6fba485ad8130f0650f92dadbb974d0323f22c73acb21449b26bf0521bf1ba94314b44ffd9c2806e017969d1752ae82c4b4b81ed2a1575f45346bdb0c6f41f063314533096b4592c5003fd97b388e9c685dd376b9a004cf859d35991066f612f853041daabbb8dcf769ac66438bd40dac22fdde55fecd8f72e6feb44f3261aeb25d38f234993fd89b5ddc8029c4c22754fe514a6bdb501ef8124372d60a54c0668777612a69de7bcf9972035eafce796dc8b636c9018c1188ec3f8683c1d059934c46927df493fb89d195b5db7c993312e2d44275b33d080c53fd24f7837d4246b02d05fc734d9cea94371bac10da8a3a474f6829be732b4fbd40889df7f87a0c3a47904699316e42657d057a0885b0688d4fbe0065085dca16fba58e2e7f161f851d0f20ea6769b8cb201fd8d00febf5b30628d7aaf8e25d535b819368a36f230fd085e1bb95306fcb74e72463e73695387ed27fb1bf34b211eb819c7d6beced43ef990d0c02d1b3a0f203fa2d5ecc464f20a1b92d044dbe9074c2a0f00c8bfd01c1be84c93f54b6046ecacf8f4af551926efab9df519bc7b7c5b494e5c354009ac1b7dc8bfe682c2932ce7ae0b69bc94ff4369051b0a597d32654c0a51a9a2b4952231064a4f44ee4a5e421acb04f5bebeacae7019db674fa66eb1131b2fa38fb03e83395d01d164e65b6f187a7edcadcd87c78444e65ab5af5f0bf972c5b2dd64eaf786744b02887787f8ee87aa02d8f84c8ce09bbea8472c3aac3c738bbf844356c299f784d649e0daac16dd7410a65dddc714e6bd74e9709b92c84934e889d6a4585d87bac77d9e44586e4a490eb0bf470c2497e84df5894c6ce9ad1ce3239be2b53afa2254345ecc63a114e9d2b100b29642e519df772a514c315d7a1e1fb9f1e3ee133e464552e8b144e73d03fb6209460db28858821e07b3a107fae2696c57865fe72169b079140ed22822bb2d4107b58e15b840562c2423570f3aeefcd6c9ef2492ea80e443a6adf95b2c7bc2828a722def416db4c98f516825b63ad93de1f6326da3914507a8fb0d35907f889466ec483b4c83059c13bc146480e74423d02e557bf1eff1e5e54a08e119a23e30c18b10578cc9c670dfc405e410dec742102bd610444bc1a279f265cfa4b9dcd87aa2067a885a062c2052e3eb01ef2386bd950beea556b85b3b6ca070fce96d7059403f903ca69b761823d7e5fb0cb329b3a0af4b8c1e95d5d0fcf534a3a5b82f8be905c0c6d3c3fea7bf5ba276e23491f2b13cc970a6917917ee4d301cd54e82377c837c49038c0d7c1f3b7bd96df103c014ff50b9750fc0805de224714e6a56944292533242886882dbe590f706fa16d1d885ab20e24f865bc70933d39fe106f26cbf696ed398206da5beb20b0c97ee7ac706132aa1a4a1767846078acf51c8e97feb4c1a1f0d9050e75732859a1ba4123fac3ebe0f162283b1c77e2115d6978ce5496fc57f226721ef9ba283ce376071d7d55fac6b0424b2fa8f1ae9cf9d73e09045a18793e220639d0d9563347a1b5ba40f084bed30518b48dd62b7bfacab4e31d9f2496b06175724ef6623ca5e4877efb47a92b52e137f06ab71f8c3f4ffa6a44c5df3c33ac0821d7080f437e90ef225d09a9710c49eaace8ccfb32d40026907a7fa3e6a273d1be027821896abf2da94f44e33b6a1d055ea69747a8a2d381fe4acd79ebf0e5c3d69fb0f0794ea4d0bdf4cc4b7669144cc23e0df63b807acbd24cd9f8aa80ca0c28d247341f359d2ead07ffdbfb42670d1b28cebb6067e912478799e7bacbfac55178030e9f43bb94f49670ca5da8821af331f89fda2db1359a045647f142b4a55dac0f25d2dfc9076a17823e0a9b2c9051b4ac82e5650b1e29fc716cd513493861b103545c30d7f6a130de932dc9b9b2b60d2ae14fbd8e107a3df4b9b5179441dafbd5e4a0bd38cd9a3bddbd23b40eb516015f90861fb2fd3983731446925fdd784eacc50c0160", 0x1000}], 0x1, &(0x7f0000000780)=[@rights={{0x20, 0x1, 0x1, [r5, 0xffffffffffffffff, r6, r4, r2]}}, @rights={{0x18, 0x1, 0x1, [r5, 0xffffffffffffffff, r5]}}, @cred={{0x18, 0x1, 0x2, {r3}}}, @rights={{0x10, 0x1, 0x1, [r4]}}, @cred={{0x18, 0x1, 0x2, {r3}}}, @cred={{0x18, 0x1, 0x2, {r3}}}, @cred={{0x18, 0x1, 0x2, {r3}}}, @rights={{0x18, 0x1, 0x1, [r1, r2, 0xffffffffffffffff]}}], 0xc0, 0x8040}}], 0x1, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r7 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r7, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r7, 0x84, 0x75, &(0x7f0000000000)={0x0, 0xcc}, 0x8)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
sendmmsg$inet6(r7, &(0x7f00000003c0)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback, 0x280020}, 0x1c, &(0x7f00000000c0)=[{&(0x7f0000000540)='\x00', 0x1}], 0x1}}], 0x1, 0x20008050)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r7, 0x84, 0x79, &(0x7f0000000240)={0x0, 0x964, 0x89f8}, 0x8)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r7, 0x84, 0x77, &(0x7f0000000040)={0x0, 0x9, 0x7, [0x2, 0x9, 0x2, 0x0, 0x76, 0x8, 0x5]}, 0x16)
mount$9p_virtio(&(0x7f00000001c0), 0x0, 0x0, 0x8c, 0x0)
r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x80002, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r8, 0xc0045005, &(0x7f0000000080)=0x40000)
socket$alg(0x26, 0x5, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000840), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)

2.939870355s ago: executing program 2 (id=3033):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x3, 0x0, 0x0, &(0x7f0000000400)=""/74, 0x0, 0xffffffff})
r1 = openat$vhost_vsock(0xffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000000))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92})
socket$tipc(0x1e, 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000300)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f05ebbee7, 0x8031, r2, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
sendmsg$can_bcm(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f000000000001"], 0x48}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), r4)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan0\x00'})
sendmsg$NL80211_CMD_SET_CQM(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=ANY=[@ANYBLOB="34020000", @ANYRES16=r5, @ANYBLOB="050000000000000000003f00000008000300", @ANYRESDEC=r0, @ANYBLOB="6c005e80080003000300000008000200a609000008000600c0dc00000800090005000000080007009801000020", @ANYRES64, @ANYRES8=r1], 0x234}, 0x1, 0x0, 0x0, 0x44800}, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(0xffffffffffffffff, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r6 = syz_create_resource$binfmt(0x0)
r7 = socket(0x25, 0x6, 0x8)
sendmsg$nl_route(r7, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c0000006800ff7f00000000000000000a0000000000f10004000400"], 0x1c}, 0x1, 0x0, 0x0, 0x20004880}, 0x0)
openat$binfmt(0xffffffffffffff9c, r6, 0x42, 0x1ff)
r8 = socket(0xa, 0x800, 0x9)
setsockopt$inet6_group_source_req(r8, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0xff7ffffd}}, {{0xa, 0x4e08, 0x4a3, @local, 0x4f1}}}, 0x108)

2.361864663s ago: executing program 2 (id=3037):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000fa0000000000000000010000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], 0x0, 0x2, 0x0, 0x0, 0x41100, 0x8}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='devices.list\x00', 0x275a, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340))
r0 = socket$inet(0xa, 0x801, 0x84)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0))
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
accept4(r0, 0x0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x1f, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r1], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

2.231791564s ago: executing program 2 (id=3038):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
setxattr$security_ima(&(0x7f0000000200)='./file0\x00', &(0x7f0000000580), &(0x7f00000005c0)=@md5={0x1, "5d4c68d1ce11f931ab06d4529b887f9e"}, 0x11, 0x3)
getsockname$packet(r2, &(0x7f0000000080)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000000016000000", @ANYRES32=r3, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
r5 = socket(0x10, 0x803, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r5)
getsockname$packet(r5, &(0x7f0000000180)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000980)=@delchain={0xcc0, 0x2c, 0xf31, 0xfffff000, 0x2000, {0x0, 0x0, 0x0, r6, {}, {0xfff2, 0xffff}, {0xffff, 0x1}}, [@filter_kind_options=@f_u32={{0x8}, {0x48, 0x2, [@TCA_U32_SEL={0x34, 0x5, {0xa, 0x6, 0x2, 0x6, 0x80, 0x7, 0x2, 0x2, [{0x7, 0x1, 0x9}, {0xb, 0x2, 0x6, 0x8}]}}, @TCA_U32_LINK={0x8, 0x3, 0xff}, @TCA_U32_CLASSID={0x8, 0x1, {0xffff, 0x14}}]}}, @filter_kind_options=@f_u32={{0x8}, {0xc44, 0x2, [@TCA_U32_INDEV={0x14, 0x8, 'veth1_virt_wifi\x00'}, @TCA_U32_POLICE={0xc2c, 0x6, [@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x58bd, 0xffff7fff, 0x5, 0x7, 0x0, 0x7, 0x10, 0x1, 0x3ff, 0xfffffffa, 0x1, 0x6, 0x7ff, 0x7, 0x2, 0x9, 0x2, 0xa1, 0x4, 0xf, 0x7, 0x0, 0x3, 0x5, 0x7, 0xc614, 0x1000, 0x5fc4, 0x8, 0x100, 0xffffff12, 0x1, 0x3, 0x2, 0xa0b, 0x7, 0x1, 0x6, 0x8, 0x8, 0xff, 0x1, 0x8, 0xb, 0x2789, 0x4f8d62f3, 0x10001, 0x80000000, 0xd, 0x80000000, 0x4, 0x5, 0x5, 0x6, 0x4, 0xfffff0c0, 0xffffffff, 0x0, 0x5, 0x5, 0x6, 0x2, 0x8, 0xf9c, 0xd7, 0xfffffffd, 0xbf000000, 0x3888, 0x4, 0x7, 0x7fffffff, 0x4, 0x9, 0x95e, 0x7, 0x4, 0x4, 0xc, 0x2, 0x7ff, 0x29a40717, 0xe9087c9, 0x9b14, 0x7, 0x9, 0x478c, 0x3, 0x1, 0x101, 0x40, 0x8000, 0x7, 0x8, 0x80000001, 0x5, 0x9, 0x5, 0xfffffffd, 0x4, 0x1ff, 0xd9, 0x3, 0xd5, 0x8, 0x3ff, 0x3, 0x9, 0x0, 0x1, 0xff, 0x0, 0x1, 0x0, 0x902, 0x5, 0x3, 0x8, 0xe, 0x43ff, 0x1, 0x7ff, 0x9, 0x80000000, 0x3108e000, 0x313, 0x4, 0x8, 0x86f9, 0xfffffff8, 0x1, 0x6a, 0x6, 0x6, 0x401, 0x0, 0x7ff, 0xe, 0x7, 0x7, 0x3, 0x1, 0x7, 0xfff, 0xff, 0x7, 0x10001, 0xfff, 0x4, 0x40, 0x200, 0x1, 0x80000001, 0x3, 0x1ff, 0x4, 0x5, 0xb203, 0xfffffc00, 0x0, 0x1, 0x98f80, 0x1, 0x6, 0x40, 0x400, 0x80000001, 0x5, 0x6, 0x9, 0x1, 0x3, 0x7ff, 0x8, 0xd, 0x1, 0x3, 0x9, 0x4000, 0x0, 0x5, 0x7, 0x2, 0xa, 0xc4, 0x8001, 0x80, 0x12000, 0x2c6e, 0x6, 0x8, 0x7, 0x9, 0x1, 0x10001, 0x101, 0x2, 0x4000000, 0xfffffff9, 0x0, 0xfffffff8, 0x7, 0x10, 0x2, 0x4, 0x81, 0x5, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x3, 0x9, 0x3, 0x3, 0x40000000, 0x520, 0x8, 0x800, 0x4454, 0x3, 0x6, 0x73285283, 0x0, 0x0, 0x6, 0x8, 0x81, 0x3, 0x8, 0x8, 0x4, 0xffff, 0x4, 0x3, 0xffffffff, 0x5, 0x8, 0x5, 0x9, 0x2, 0x7fff, 0x0, 0x7f, 0x0, 0x35a8, 0x4, 0x7, 0x9, 0x8, 0xa, 0x2db7, 0x66eb, 0x8d2, 0x55a4eb59, 0x6]}, @TCA_POLICE_AVRATE={0x8, 0x4, 0x9}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x10, 0x7, 0xfffffffa, 0x7ff, 0x6, 0x0, 0xfffffffb, 0x8, 0x6, 0x6d6d4c02, 0x4, 0xfffffffd, 0x4, 0x4e, 0x5, 0x3, 0x6, 0x2, 0xb2a, 0xd5, 0x7, 0x1000, 0x5, 0x7, 0xabac, 0xe52c, 0x3c1a, 0x0, 0x7, 0x1ff, 0x1, 0x0, 0x1, 0xd0, 0x0, 0x5, 0x200, 0xfff, 0xffff, 0x6, 0x9, 0xb8ce, 0x3, 0x3, 0x1, 0x10001, 0x6e3, 0xfffffff9, 0xc, 0x80000000, 0x0, 0x7ff, 0x80, 0x240, 0x7f, 0x5, 0x5a0, 0x3, 0x8a4, 0x3, 0x8, 0x8, 0x1, 0x1ff, 0xfffffffb, 0xdf, 0x3, 0x7fffffff, 0x8, 0x7, 0x0, 0x2, 0x4cd, 0xc, 0xfff, 0x4ea0, 0x8, 0x5c, 0x1, 0x3888, 0xffff0001, 0x6f, 0xe0c, 0x1000, 0x7ff, 0xf, 0xffff, 0x7, 0x8, 0xdd, 0x2, 0x28ebe965, 0x9, 0xb, 0xe43, 0x5, 0x1, 0xfe6, 0x2f3, 0x1, 0x3, 0x4, 0x7, 0x1ff, 0x3, 0x800, 0x18000, 0x9, 0x9, 0x8774, 0xa220, 0x3, 0x1c5, 0x99, 0xe2e, 0x9, 0x8, 0xa, 0xc, 0x2, 0x100, 0x4292, 0x40, 0xba, 0x621a8877, 0x8001, 0x6, 0x4, 0x6, 0x5, 0xd41c, 0x3, 0x9, 0x1, 0x3, 0x8, 0x2, 0x1, 0x5a77, 0xfffffffe, 0xaa6c, 0x8, 0x4, 0x4, 0x1, 0x0, 0x5, 0x4, 0x8, 0xc88, 0xc3, 0x0, 0xee1a, 0x550c, 0x8, 0x1, 0x1ff, 0xff, 0x8, 0x9, 0x38, 0xa, 0x3, 0x0, 0x40, 0x8, 0xfffffffe, 0xfffff001, 0x7fff, 0x10000, 0xc, 0x3, 0x8, 0x3, 0x2, 0xfffff0dc, 0x4, 0xc0, 0x9, 0x1, 0x7ff, 0x7, 0x1000, 0xaf, 0x5, 0xc, 0x4, 0x37, 0x94, 0x1, 0xff, 0x4, 0x401, 0x7ff, 0x5, 0x74f, 0x6, 0x1, 0x1, 0xa3a, 0x4, 0x10, 0x5, 0x7, 0x7, 0x4, 0x1d15, 0x4, 0x3ff, 0x10, 0x0, 0x907, 0x2, 0x7, 0x7fffffff, 0x6, 0xfffffffd, 0x7, 0x61e, 0x9, 0x6, 0x2, 0x8, 0x9, 0x9, 0x3, 0x56c, 0xfffff800, 0x6, 0x1, 0x200, 0x9, 0xfffffe01, 0xd, 0x2, 0x0, 0x6, 0x5, 0xf10, 0x8, 0x4a, 0x9, 0x8000, 0x7, 0x6, 0x6162dca1, 0x2, 0x101, 0x7, 0x2, 0xfff, 0xa7, 0x0, 0x0, 0x10001, 0x4]}, @TCA_POLICE_AVRATE={0x8, 0x4, 0xfffffff8}, @TCA_POLICE_PEAKRATE={0x404, 0x3, [0x3, 0x10001, 0xffffffff, 0xe, 0x8, 0x10001, 0x1000, 0x14a1, 0x9, 0x4, 0x0, 0x4, 0x0, 0x19, 0xb23, 0x0, 0x9, 0x2, 0x80000001, 0x0, 0x3ff, 0x9, 0x6, 0x4, 0x14, 0x7ff, 0x100, 0x3ff, 0x5, 0x7ff, 0x81, 0xe, 0xa50, 0x3, 0x5, 0x4, 0x0, 0x6, 0x6, 0x8, 0x2, 0x0, 0x5, 0x101, 0x9, 0x12000, 0x5, 0x7, 0x5, 0xd93, 0x3, 0x9, 0xfd6, 0x5, 0x3, 0x7, 0x2, 0x9, 0x400, 0x900, 0xfffffff9, 0x1ff, 0x74f, 0x3ff, 0x3, 0x0, 0x0, 0x4, 0x80000001, 0xa3, 0x8, 0x4, 0x5, 0x3, 0x69, 0x4, 0xfff, 0x5, 0x80, 0x9, 0xfffffe01, 0x30, 0x5, 0x9, 0x1b, 0x4, 0x9, 0x4, 0x2, 0x5, 0x7, 0x5, 0xd68, 0xfffffffc, 0xb, 0xffffffff, 0x6, 0x4, 0x8000, 0x4, 0xedc1, 0x7, 0x1, 0x0, 0x2, 0x6, 0x9, 0x2, 0x8, 0x0, 0x7, 0x2, 0x80000000, 0x5, 0x2, 0x7, 0xeb, 0x2, 0x3, 0xffff, 0x8, 0x80000000, 0xfffffeff, 0xf9a2, 0x4705, 0xfffffffa, 0x4, 0x3, 0x6, 0x7a891e80, 0x5a, 0x0, 0x7, 0x8, 0x6, 0x92d, 0xed, 0xfffffdf7, 0x80, 0xc, 0x0, 0x0, 0x9, 0x8, 0xfffffffe, 0x2f, 0x4, 0x5, 0x4d04, 0x7, 0x40, 0x0, 0xa95f, 0xb9f3, 0x9, 0xc55b, 0x510, 0x315, 0x3, 0x0, 0x7fffffff, 0x8, 0x6, 0x2, 0x1a3, 0x7, 0x8, 0x5, 0xfffffffa, 0xa, 0xffffffff, 0xb, 0xf, 0x7f7f688d, 0x2, 0x8000, 0x3ff, 0xd, 0x101, 0xded, 0x6, 0x1, 0xf, 0x8, 0x0, 0x6, 0xd37, 0x1000, 0x0, 0xff, 0x5, 0x9, 0xf8, 0x4, 0x1dfe00, 0x5, 0x8, 0x59, 0x1, 0x5, 0x8, 0x1, 0x9cb5, 0x3, 0x200, 0x200, 0x4, 0x80, 0x4, 0x9, 0x3, 0x10001, 0x5, 0x0, 0x100, 0xd, 0x7, 0x6, 0xd9, 0x5, 0x9, 0x0, 0x8, 0x9, 0x8, 0x5, 0x6, 0x8, 0x100, 0x25, 0x4, 0xffff, 0x9, 0x2, 0xd, 0x63, 0x0, 0x4, 0x7bb, 0x1, 0x6, 0x4, 0x6, 0x401, 0x7, 0x9, 0x7fff, 0x200, 0xf70b, 0x1, 0xe18, 0x80000001, 0xfffffc01, 0x72, 0x7, 0x6]}, @TCA_POLICE_RATE64={0xc, 0x8, 0xffff}]}]}}]}, 0xcc0}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010)

2.056278484s ago: executing program 2 (id=3039):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$kcm(0x10, 0x2, 0x0)
syz_open_dev$dvb_frontend(&(0x7f00000002c0), 0x0, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x6, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x395, 0xffffffffffffffff, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0xffffffff, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x2002c810)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e0b080510"], 0xe)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2000000000002)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x3)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pread64(0xffffffffffffffff, 0x0, 0x0, 0x7)
bind$netlink(0xffffffffffffffff, &(0x7f0000000500)={0x10, 0x0, 0x25dfdbfc, 0x2000000}, 0xc)
r3 = syz_io_uring_setup(0x18d7, &(0x7f0000000540)={0x0, 0x0, 0x2, 0x0, 0xc}, &(0x7f0000ffe000), &(0x7f0000ffe000))
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r3, 0x2, &(0x7f0000000180), 0xfe)
socket$nl_generic(0x10, 0x3, 0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000280)=0x8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={0x0, 0x0, 0x43}, 0x28)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffc}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r4, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r5=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x3, &(0x7f0000000400)=@framed, &(0x7f0000000300)='GPL\x00', 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', r5}, 0x94)
socket$inet6_sctp(0xa, 0x1, 0x84)

1.780856839s ago: executing program 2 (id=3040):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001f40)={&(0x7f0000001e80)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x12, 0xc, 0x6, [@fwd={0x5}]}, {0x0, [0x61, 0x0, 0x30, 0x61]}}, 0x0, 0x2a, 0x0, 0x1, 0xfff}, 0x28)

1.761702237s ago: executing program 2 (id=3041):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x34, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x48001)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1a, &(0x7f0000000000)={0x0, 0xd, "fe4042c317ae82c6d1a51a1e45"}, 0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
ioctl$sock_ifreq(r3, 0x8910, &(0x7f0000000000)={'macsec0\x00', @ifru_ivalue=0x7})
ioctl$sock_netdev_private(r3, 0x8949, &(0x7f0000000000))
syz_emit_ethernet(0x46, &(0x7f0000000100)={@local, @multicast, @val={@val={0x88a8, 0x5, 0x1}, {0x8100, 0x5, 0x1, 0x2}}, {@ipv6={0x86dd, @udp={0x0, 0x6, "3000bb", 0x8, 0x2b, 0x0, @private2, @local, {[], {0x0, 0x0, 0x8}}}}}}, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc2c45512, &(0x7f00000003c0)={{0x9, 0x1, 0x0, 0x6, 'syz0\x00', 0x63}, 0x0, [0xfffffd5f, 0x2, 0x5, 0x687, 0x74859516, 0x6, 0x40000002, 0x4, 0x2, 0x2, 0x8000, 0xc59, 0x4a13, 0xa, 0x6, 0x8, 0xfffffff8, 0xfffffff8, 0x10, 0xc, 0x7ff, 0x9, 0x10, 0x7, 0x10000, 0xacb, 0x10000, 0x3, 0x81, 0xfffffffe, 0x3, 0x5, 0x15, 0x1, 0x10000, 0x2, 0x6, 0x4, 0x8, 0x7, 0xfffffff7, 0x401, 0x1, 0x1, 0x5, 0x1, 0x1, 0xffffff95, 0x1, 0x5354fdb3, 0x6, 0x9, 0xcd, 0xb, 0x4, 0xfff, 0x2, 0x6, 0x800, 0x3, 0x80000000, 0x8, 0xa, 0x7, 0x4, 0x5, 0xc, 0x81, 0x1ff, 0x3, 0x7, 0x101, 0x6, 0x2020000, 0x2, 0xfffffffa, 0x9, 0x3, 0x6, 0x800, 0x800004, 0x3ff, 0x0, 0x275, 0x2, 0x4, 0x9, 0x0, 0x2, 0x3ff, 0x81, 0x6, 0x8, 0x893a, 0x3, 0x800, 0xf38f, 0xd926, 0x2, 0x1, 0x80000002, 0x3, 0x9, 0x3, 0x3, 0x4, 0x6, 0x10000, 0x8, 0x32284b62, 0x5, 0x48f, 0xdd00, 0xb, 0xfffff801, 0x7bd6, 0x7, 0xfffffbff, 0x6, 0x2, 0x10000, 0x1, 0x1, 0x549ac63b, 0x1, 0x4, 0x8001, 0x2]})
ioctl$EVIOCGMASK(r1, 0x5b02, 0x0)
r4 = getpgid(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000280)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r7 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_SET_TIMEOUT(r7, 0x2201, &(0x7f0000000000)=0xc)
setxattr$trusted_overlay_opaque(&(0x7f0000000180)='./bus\x00', &(0x7f00000001c0), 0x0, 0x0, 0x1)
listxattr(&(0x7f0000001cc0)='./bus\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='nfsd\x00', 0x0, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000780)={0xffffffffffffffff, 0x20, &(0x7f0000000040)={0x0, 0x0, 0x0, &(0x7f00000006c0)=""/150, 0x96}}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
mknod$loop(0x0, 0xfff, 0x0)

1.579768163s ago: executing program 4 (id=3043):
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bsg/2:0:0:0\x00', 0x10000, 0x0)
ioctl$BSG_IO(r0, 0x2285, 0x0)

1.488815794s ago: executing program 4 (id=3045):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB='`\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000007000000080001006e00000008000300", @ANYRES32, @ANYBLOB="0c009900"], 0x60}}, 0x0)

1.421018651s ago: executing program 4 (id=3048):
syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYRES8], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$tty1(0xc, 0x4, 0x3)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x1000000a, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000380)=[{0x6, 0xfc, 0x5, 0x7fffff7f}]})
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000300), 0x44002, &(0x7f0000000400)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [{@fsuuid={'fsuuid', 0x3d, {[0x61, 0x30, 0x38, 0x34, 0x66, 0x39, 0x64, 0x34], 0x2d, [0x32, 0x65, 0x37, 0x63], 0x2d, [0x63, 0x30, 0x37, 0x66], 0x2d, [0x33, 0x5f, 0x38, 0x35], 0x2d, [0x36, 0x36, 0x37, 0x64, 0x35, 0x31, 0x65, 0xf]}}}], 0x2f})
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x18)
getdents64(r2, 0x0, 0x0)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x80c80, 0xcd)
getdents64(r3, 0x0, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)
r4 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
recvmmsg$unix(r4, &(0x7f0000001280)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000012c0)=""/4113, 0x1011}], 0x1}}], 0x1, 0x58ca2280, 0x0)
ioctl$FE_DISEQC_SEND_BURST(r4, 0x6f41, &(0x7f0000000140)=0x1)
prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r5 = syz_open_dev$MSR(&(0x7f00000003c0), 0xfffffffe, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_generic(0x10, 0x3, 0x10)
syz_io_uring_setup(0x6b46, &(0x7f00000000c0)={0x0, 0xe6f, 0x4, 0x0, 0x272, 0x0, r4}, &(0x7f0000000340)=<r6=>0x0, &(0x7f00000002c0))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r7 = socket$inet6_sctp(0xa, 0x801, 0x84)
shutdown(r7, 0x1)

1.341834417s ago: executing program 0 (id=3049):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000100)={0x6, 0x1f, 0x6})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0xdb, 0x1ff, 0xb})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000000000)={0x7fff, 0x8, 0x100})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000240)={0x2, 0x5, 0x40003})
r3 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000080)={0x8, 0x8169, 0x6, 0x0, <r5=>0x0})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r3, 0xc02064b2, &(0x7f0000000280)={0x40, 0x403, 0xc})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r2, 0xc02064b2, &(0x7f0000001580)={0x30000, 0x1, 0x7})
ioctl$DRM_IOCTL_MODE_DESTROY_DUMB(r3, 0xc00464b4, &(0x7f0000000400)={r5})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000040)={0x49, 0x7fff, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000002c0)={0x8, 0xd7, 0x8})
close_range(r0, 0xffffffffffffffff, 0x0)
r6 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff2500008000", @ANYRES32=r6, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}}, 0x4084)
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmmsg(r6, &(0x7f0000000000), 0x4000000000001f2, 0x0)
sendmsg$NFNL_MSG_CTHELPER_NEW(r6, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x20, 0x0, 0x9, 0x401, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000000}, 0x801)

1.250368186s ago: executing program 0 (id=3050):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mkdirat(0xffffffffffffff9c, 0x0, 0x1c0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
epoll_create1(0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, 0x0, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000)
syz_clone(0xfb, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)='%[', 0x2, 0x800, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)

439.227222ms ago: executing program 3 (id=3054):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x50, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x115, 0x5224}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x18, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0xffe}, @IFLA_VLAN_FLAGS={0xc, 0x2, {0x1a, 0x13}}]}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x50}, 0x1, 0x0, 0x0, 0x28001}, 0x8000002)
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x1b, r2, 0x1, 0x1, 0x6, @local}, 0x14)
r3 = socket$netlink(0x10, 0x3, 0xf)
r4 = socket$netlink(0x10, 0x3, 0xf)
bind$netlink(r4, &(0x7f0000000a40)={0x10, 0x0, 0x25dfdbfb, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r4, 0x1, 0x8, &(0x7f0000000000), 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r4, 0x10e, 0x4, &(0x7f00000003c0)=0x6, 0xdc)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000006c0)=@newlink={0x48, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14}}}}]}, 0x48}}, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3)
r6 = openat$dsp(0xffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r6, 0xc0045006, &(0x7f0000000180)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

396.001475ms ago: executing program 3 (id=3055):
r0 = fsopen(&(0x7f0000000080)='ramfs\x00', 0x0)
r1 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0)
ioctl$VIDIOC_SUBSCRIBE_EVENT(r1, 0x4020565a, &(0x7f00000000c0)={0x3, 0x980900})
ioctl$VIDIOC_QUERYMENU(r1, 0xc008561c, &(0x7f0000000100)={0x980914, 0x7, @name="ea8dd03fa72836ba95935cd834c7b2bb431da1f2462e78a208e78fe608a462a8"})
sendmsg$unix(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002c40)=ANY=[], 0x10, 0x8}, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
sendmmsg(r2, &(0x7f0000001440), 0x10, 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r3 = fsmount(r0, 0x0, 0x2)
fsconfig$FSCONFIG_SET_FLAG(r3, 0x0, &(0x7f00000000c0)='lazytime\x00', 0x0, 0x0)

320.713142ms ago: executing program 3 (id=3056):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet(0x2, 0x3, 0x33)
setsockopt$sock_int(r1, 0x1, 0x2d, &(0x7f0000000080), 0x4)
ioctl$BTRFS_IOC_RM_DEV(r1, 0x5000940b, &(0x7f0000000500)={{r1}, "cc17098405ea2147c85d0970f5f4520c71a564df4bdcf67082a74ba8961dd0767d209e9244513a075bab50e80719071b5ee2bb43e49eb2d50381dfb71d96644a68305264dd5e942742db3024979dc8738d22ef1988c40ea553451ed56cba36caf1c56650879d29f2e5841246da0d1840f15c1b668311e5d7ad73796c344494ce33f10605d64e5cc421d4468580515ba1a1e58709b2ae397216d48bc96e0c9f5fb4b82f9039660b8f9c1adb610201341296ef4eb4477b9557e5fa74bd7bfc598388f33e52b28a8bf4f89a0e9663d6bdd4b7e9c82d6b01a45757e17672766e8497c9cd2250d1205ec60dc96d8a58fbf28426388855f1feaa427931f05b227c7772825cddca7db3a828ae6560367338fe8120a0982cce15b0a8b32ecd10f78a80d941d9eb977c099e353b7c9bad4a1b0509166d8df733ebba994edc0387d2da6296c110ce8b9c0b9d3275173dc017ca49276ab8bed395c6de19f1d651eb799c633c1387d658762c921abe29e12216aa9a146c45acfaba3494afecfb1072227bdc1d2efa6fa9e884f4acb12268c76c08a9b2603ac89965d3e13cbe56f078794fd9c6894012f8ea76eae5fa0c302d6f9edb409276d1c10232aca7496942d9f5ae3471a5b51ee9d6acf776f0235b793f1c110f067ed335bf3da7e271297d6da213c4101b20448759c8ae98c72a49895f4ece48a8f3b44f48ff08b6d061c50e55b65db6d692e8c288077f2faffebdfcaf054fc7cabda7ade9ea97a379aec19e8ff02a3a648540a6068bcd0c862d55bcc120451f470fcac7d85571cdcc5d958f0c70c53258d19ff962c75d5b83d0b569636aeb25be2537985a7719097c0161ab1b3ace163f743cc4beb60ea777fa4647dfcba8d5e1786721356d9d15c10ad27740e72117350bd8f04bf53cef5b3ce4188c29963a00ea3e53489b59f82d91d9855ed15311e3b39ea5f8f9fa2417ee7a871541c366e9785a9bbcf91b3e2b18e29ce7a569cc06f9c6595e2b24922c5bb01ce70eee26cdc01ca1fabc83a4ea698f8fbdd3ea45000c84a9841c01c8b7b8aefebffdb565f6a22af735923bc56c53f3b896fead8200d783edb6538fa4d0abc2c8108ac8f4a624462f3d1e5f642923bc39f80988d8bb090f5a3775df903d884524744dc5e2242db2aca7abe324edfc9fcc2a45b70fec69609be8361c7f9739e7ee8bfff4ec6ae12791f80c09d68c732cd8e6dbdd6e829cf0b54b03a0c86edd37d4e41abceeb7d7a00bd96e5fc1d5440b3ed160a5e9aecc0fe42bd3a2d8915db81c9345f13785c3020cdc068f8acc5ec4b6f2efc0584bce76da5ee5cdcf106a51f050a8f9bdcaa187346cd613ebfa69daf423797dd7eebfd1d1c74f13da680d3bf84681b9d512b2f3818df3da108d3cced297c32b1c203c6a0425ef6835c65231fc9866864a7fc8a6e97d6558bf1ea730274e98c43fa6089b156d207835d29c806257713f40f8d299861f62fbd80e1285b77644fb6eaac40e1ddc35944f88849dfb550a188e568e3fcf97df5850b9bbf5e737395de00368b40b755543ab4e3786ff1af88e5f02a0b9a89bf0ecede05c473da4e9b5cb7e53a3b099773bb9d54a6fdbdd35a3a72b2949d99fe2a61a772f7bc6c50f542073f77da696a67be5ee2b00cc5e177fecf97894e8399ca16f3626edc48d5978490824bd64d43961125b82c82721dd147e7e8266d15278ee4ad072166c2b1ebe3831076545eb7a7e8ae641b0bac0cc4e5f5056e1063e6564d5e53a857bdf6798efe0eba33f76c9e3364d71545bfc2efd2b075e90b39f7fe895c6a0d88fcdeb7869fe1e6d9ee3778a70ae992f466812ffadb700a4570e885fa34eb4396808c03e4639bf2bf8b143f52734be2e6cc5646ac92fc66609d960d97fb917145bcf3f4f189bda38c3ec98a80f0967b9b5e5ed9e54822e60ea9eb11baffe42ef1cfdc87b8f37868d6ffc2a94bd98a32557c76dde5bf0c583e1cef8dc65dd918368e4660e5fb13b84814e7e73e4a2bc53f0148af1784e26a425517aca69e28ef72a1216266b5659147c1f561c38a81d1578c38246e22b30b6b570de10ee85875baf03fe4c961a6e38b1d4f2415d270847fb87e70c750fd2123eb44a3c54cef180821a65b6fd2c5f3a0cdae13df5329d5718c1d09f1db2e3f77f450553af941128464abc8748fa7d39ef996d4ef8ff18912837c6a8430a8552d975f66384d9898d53bfe6e9ee6c89d16ca72263c7b189ac7fe9c19550f82d41b9eb8c5382640290c630f1818b069acb8bf84195a0d2eb13acc1558acee142c4b5294458c7b7398f074ea92c455c1d43cd0b16e6ed4c7fa5478e3d087462d00dacd2f803a2cf1e5b9b9cc3dc8820fee25f16634864ea7a8dd972fcf564edf00b1b60a6cf2c9f98a38b29716bf5e10232197b952519a0688d1123a175290b0f02b06c0c43fc95f05ab962794dc436cfe04f2dac97e539f56238e5a7a578c06447d7947a0cb88da2cf0c0adc08806d8d78a9e42f302b7fcfbedf9a9952af76c04873a87b51741c1f62e472391aa7426f47ccb9a717ae325d3849245e3b05cb614e8b6888b71f6b1685bc47f6ffda4a70cb3d54f4804ac68a434d200e463a444d9010d10bf8480236058ce782b1763c9c6cb782cec2a1f4b85e8df42d1d88ea964d6b0be0d65c40aa7be1973abf88ec4ee1a72db3b50760e780f8194d57e445007552566aba35a185e7ad07cc8341348dc8bef0c71f3761fe8b20ff078d0b4f8607bcbff0e2027cfed55d18c215903f26b3f7b409b6d894584d8879c8c5ed2342ecd1ca9644245b90858bd99e30acb0997ffedb01c9dca0ba48222740d43d8ab9b0ae480a117477bc5e479ff30657b344e59656085faf74e192e397fc5556a711b2ca24af9912b976fad1f5c104a8098b3d67c9c4b4f99131982566b81c45d8f825b8aac9969d358d0c3c4770f455730313237ea9e5df27b2110ca4546c0eac5dae7f8790484f3b460d5db3d60c729a7e596bf20f012be6594fc65c86a0635a341bb2bdd57e57b21cffa84a7b7617062386e6d859d9d674d1d3b2a8407ec90e3e28579d90388e90ee3b40de033cc46e176c1c75ba316bbe4e04d06f9d1d7c6e7546b34a444a833af1c4bb12819393a61a1100fd5590b4ed8fab97b3a390f6d204dbdc3c0cd06e1224609c32a50d220b660ff7e7b18390a301d713c9e213927dbd4652f6dea499fafb56e5e503c9f43b6d18c711916efbee0596d0439458f447bf5f463d2534fe47186cbb5502f13758da2b2d5f49c8397b46881d726bea10b80c3ba9730dc14aeaecebfa9eb37c5215b847526441afcf9298c6f1e3ede8b4b9bbdba79d8a617281f6bf1ce8acd4d99c250793afb7bbc81efa26a7f605858233e2f202e743831e4b483ec1ff772ee2d3a100d55ad584b0b4eb6623078581417854aeee6e907844ecf98e1aa9a71bc83ad97c7c4b1edafe19d33c5b4f253d8012fe283e286d0234a2c3daec5320145918db2cc9820de53f3c987fb9e82f097d2af4851de0d3b1d15f687143d2722b7d45b4ab0990f1143055921c7aea8a89532381b96662a1e624158baedee04c244720467c361a16150597861c56ed720f187a4329d7b8f493eafac462ae935924971afbb6134ff3fdc95794a1e5831bf0147945abf6c3a46d24ca01d262bca2179baa370a16ab3de96105320e133b73f1070bc666905c76b6268cf0df66e5ea449cf99f5131affd39d65314d956183d027ceb4ef02b4249ca743e18cb1b68fbae8f0d7149bcc79b3c1450e36da4791cbc06dbf859aa9ef072ba3ec127ae94fcdbf4458c772c975470a0f7fe06326f15b6c825e859030d946e16452631ef315b98d7fe6c6a1a4d2a98e88df18a3772f3836e8e348eea9e0064975c3b40c9355f470fa0b0db5e76baaa26a3331b1983503c39bc6d0b499ac880a41e91d2fb7d264ef76a909e2e20940da5731a5c1d7cfdc893bc67fac67a659a4ff65c412ed78006b6328c43262c49a8817aa65b1551234ff79bf6d8f3201f6210eeb831d48b913efc7b893d92a747341125a2159b44cf349558f08a01f44fd6e35d5b17f31604682d74248d7821cb72a52b22c123fa3dde8c5b58e58e56e4fc81eec0d02e590a745b56167c4f740b8246bbc7363e86530c669b491abdc989e627013bde0c58f66ed1be224abeec4dbf055205b30b9b7db195af203315b7f8c7f196b61aeedf43ef52ed2c7b09bbc85c8c116bcd28f5b6deccb9f06e515dd048e330ccb389aea0d5570f8e09e8bf23b11882c25f484eb6a0c0644f9e4aefefff9720314ec4c19e18761338ea566875c799785bec2120bba660f692cfc69b23c8b0694d06af3e9057e16fe9307cd35fa4d6e776152a5de1fe30aab8a924fade1a08eaebe92d877da194ac47ff68e43450b8a20a321b5e14e4617e34efa0348e6c4a9cd380f6e8691655dbd427a4180a546e6a79b10566261ce3709efc466cb4b66c698ed0547c1fd4f988126c358254ae531590a653494a1feea1010c40f3e22f4d488e29f3e09eeeb69ea65fc5fbb2eaec590f4e19804afd7a9725b2a734a2744bf5316b98f5e01aaa340151e313f1ce1a066f0d332ce1c0daa1dd58be52863d9ba5dd873623a346ec3d03ac36ed9ae598c79e702ca66aa7b04f6939a7d831ddf0daaa70f44429abe54cdc7c359e5f8ff6952664bdda77673e5e6c3cf8ebd68b0dbfa94a1d7db892a4cd60ad1cf1340c56a1f38479a2c2fee615fdd3cf7d38f70012283f4a89a5f09fe0851620dfa505be3b06056d7dc4b75e02b791993164d96f497505af41ad0c4ff21c6210344234df65f8f1fdf4b1fcd3bcd59ba209b2594bcaaba789856ddc4f6fb3c4298f15363013c5a42278cc1770ef60058c55e5649c0c466431e487479a77df94b48728f354ef5e296ec3153347a728a75415d19647477103651de877729e259dd472a648a06db75565d5d46c76021a90a8c80f72bddbd69e673da13d16f11d2dccc9d4cdf962dc1b0e893009e13557c176bfd3c1e6d4a5abc923143c65d3992826f597362ff58db50c72f5be5b0680f2332e655126adaf154301c9ca546bda75f8c047639d798dd140d45b844c953cb20aec39183c22547d321978190e751ee592f22e517ac272718d012a6555ee7ecf0610de3c25f08acbc60c963aca97ed0ef90ef9fe52ca3597266ae70e02e2c1e3fe34fcf29d2c6ca72f8d4c926bbcec516f02ae8941c1dfd6056a849d860719d7bf07aa1d201cfcf32ca01a60c3b8efc9eac1a59d07a73e62c346c9e9c5cf677fc843f3739028705411d8da6b0f1bcfcdc05e693f00c1f9766a8c3acbe7109b6b0a882813b12e3e0cd185aacdf4886f4f13fd7663884d812ae8b15d8fdf18fe5d21aff92215878cd0fcac77e7a787951dbc28aac01bf523be2c13208fd48b86415dc969e32c616025abed8c9ff35c57630525fd805796bae34225c1a46c32c399c77efee3087a00c3f5e31a48c25042729fa5d2d2dfdb9381239dc1296878aec6bdc3cf1e2b243366b5b7ac10b1316bb46d65a0d5d14b5447a53d73d49936d3e5f9cf9a07befb155314dffd8cdb638fded43340529491b1e54af28b32a7698fbbcea7f9ae9c6a002a60aa5b237e0c1e3ab6640d685927216970f05878637a4989fb4f9b14e77caceea3705218dce13277b30b78d2d989196d48c3d5ad27e4b771d772b8b409ac6882fcd769893b9bd5c4fa1fbf592677d261849d9c1bbd558efca4f861136fcfb2b30f70f9f807bfacb3e54aa34d1174b1fb9312e0be8ed02fea328ebef207"})
sendmsg$nl_route(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x200e3}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)

311.005394ms ago: executing program 0 (id=3057):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000001580)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000100)=0x5)
ioctl$TCSETSW2(r1, 0x402c542c, &(0x7f0000000200)={0xffffeff7, 0x10100150, 0x8, 0x7f, 0x2f, "fc2aff7f87680000810000001000007fcb3678", 0x0, 0xd})
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)=0xd)

211.938343ms ago: executing program 0 (id=3058):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)=@generic={&(0x7f0000000100)='./file0/../file0\x00', 0x0, 0x8}, 0x14)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x19d10b1, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x23e9c9e, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000280)='./file0/../file0\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x28a5291, 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000300)='devpts\x00', 0x101c040, 0x0)

211.570168ms ago: executing program 0 (id=3059):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000480)={0x0, 0x0, 0x43}, 0x28)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001440)={r0, 0xe0, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x3, &(0x7f0000000400)=@framed, &(0x7f0000000300)='GPL\x00', 0xb, 0x0, 0x0, 0x0, 0x0, '\x00', r1}, 0x94)

142.132025ms ago: executing program 0 (id=3060):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, 0x0, 0x20008880)
sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x80}, 0x8044)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
sendmsg(r1, 0x0, 0x0)
r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r3, &(0x7f0000000900)={0x2020, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x2020)
sched_setscheduler(r4, 0x0, &(0x7f0000000000)=0x7)
setsockopt$inet_sctp_SCTP_AUTOCLOSE(0xffffffffffffffff, 0x84, 0x4, 0x0, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, 0x0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000300)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x2c, 0x0, @remote, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2}}}}}}, 0x0)
sendmsg$inet_sctp(0xffffffffffffffff, 0x0, 0x24000000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
munlockall()
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

141.972661ms ago: executing program 3 (id=3061):
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
socket$inet_mptcp(0x2, 0x1, 0x106)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x13, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000fa0000000000000000010000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a000000000000850000000600000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x8}, 0x94)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340))
r0 = socket$inet(0xa, 0x801, 0x84)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0))
connect$inet(r0, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
accept4(r0, 0x0, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x1f, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000200fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r1], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)

51.187678ms ago: executing program 3 (id=3062):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x1000000)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1})
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$I2C(&(0x7f00000000c0), 0x0, 0x121c80)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f00000001c0)={&(0x7f0000001840)=[{0x0, 0x0, 0x0, 0x0}], 0x1})
mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil)

0s ago: executing program 3 (id=3063):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x200000, 0x0)
r1 = socket$l2tp6(0xa, 0x2, 0x73)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x800000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x0)
sendmmsg$inet6(r1, &(0x7f0000002800)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0xb97, @private0={0xfc, 0x0, '\x00', 0x1}, 0x3}, 0x1c, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="10000000294cfb003e00000000000000"], 0x10}}], 0x1, 0x20000000)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
setpriority(0x2, 0x0, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xffde}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
syz_create_resource$binfmt(&(0x7f0000000200)='./file0\x00')
sendmsg$nl_route_sched(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0xe, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x8, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x4}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x0)
write$cgroup_int(r5, &(0x7f0000000040)=0x1c8, 0x12)
fsmount(r5, 0x1, 0x4)
r6 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha224)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, 0x0, 0x0)
r8 = accept4$alg(r7, 0x0, 0x0, 0x800)
sendmsg$alg(r8, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000400)="cef3b02527457a0b37d00b8951e0caa91e516d09dc037b3ec052cbf2446c5034b938b1a6f29b2f308852940dcc79ae5f15e004f2452fdea769dffd4ff82823aab75c966e8e429ac579f54a028854d3259d5d05f02931d63455326d34b7e1c24e1bc502485a5096dfc8941473d74667c85b84a92ff49082a02aea9614aa3d0817f9d566c605b2edd04dce6e4fc1ef3abc9d3ab47f83d0803a876f960630de25cd8c8a06f671daada0d76063171248", 0xae}], 0x1, 0x0, 0x0, 0x4008080}, 0x4004)
ioctl$VHOST_SET_VRING_BASE(r6, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_BASE(r6, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f})
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)

kernel console output (not intermixed with test programs):

] audit: type=1326 audit(1770993444.387:16554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14531 comm="syz.0.2504" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75f6c code=0x7ffc0000
[  458.941186][   T40] audit: type=1326 audit(1770993444.387:16555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14531 comm="syz.0.2504" exe="/syz-executor" sig=0 arch=40000003 syscall=265 compat=1 ip=0xf7f75f6c code=0x7ffc0000
[  458.947968][   T40] audit: type=1326 audit(1770993444.387:16556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14531 comm="syz.0.2504" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75f6c code=0x7ffc0000
[  458.955095][   T40] audit: type=1326 audit(1770993444.387:16557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14531 comm="syz.0.2504" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75f6c code=0x7ffc0000
[  458.961914][   T40] audit: type=1326 audit(1770993444.387:16558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14531 comm="syz.0.2504" exe="/syz-executor" sig=0 arch=40000003 syscall=83 compat=1 ip=0xf7f75f6c code=0x7ffc0000
[  458.968723][   T40] audit: type=1326 audit(1770993444.387:16559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14531 comm="syz.0.2504" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f75f6c code=0x7ffc0000
[  458.981117][ T5946] Bluetooth: hci0: command 0x041b tx timeout
[  459.952785][T14547] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2507'.
[  461.441115][ T5946] Bluetooth: hci2: unexpected event for opcode 0x1005
[  461.586569][ T5946] Bluetooth: hci0: unexpected event for opcode 0x1005
[  461.706605][T14575] netlink: 5292 bytes leftover after parsing attributes in process `syz.4.2514'.
[  461.709547][T14575] openvswitch: netlink: Flow key attr not present in new flow.
[  462.020780][T14582] netlink: 5292 bytes leftover after parsing attributes in process `syz.3.2515'.
[  462.026227][T14582] openvswitch: netlink: Flow key attr not present in new flow.
[  462.081964][T14586] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2516'.
[  462.088803][T14586] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2516'.
[  462.095414][T14586] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2516'.
[  462.100292][T14586] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2516'.
[  462.258865][T14591] netlink: 'syz.2.2518': attribute type 21 has an invalid length.
[  462.265272][T14591] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2518'.
[  462.268174][T14591] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2518'.
[  463.238622][T14611] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2523'.
[  464.076323][T14615] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2526'.
[  464.207112][ T5946] Bluetooth: hci3: unexpected event for opcode 0x1005
[  464.243403][ T6069] kernel read not supported for file /virtual_nci (pid: 6069 comm: kworker/0:4)
[  464.368973][T14636] openvswitch: netlink: Flow key attr not present in new flow.
[  464.456290][T14639] FAULT_INJECTION: forcing a failure.
[  464.456290][T14639] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  464.460317][T14639] CPU: 2 UID: 0 PID: 14639 Comm: syz.3.2531 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  464.460334][T14639] Tainted: [L]=SOFTLOCKUP
[  464.460342][T14639] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  464.460349][T14639] Call Trace:
[  464.460353][T14639]  <TASK>
[  464.460359][T14639]  dump_stack_lvl+0x100/0x190
[  464.460378][T14639]  should_fail_ex.cold+0x5/0xa
[  464.460392][T14639]  _copy_to_user+0x32/0xd0
[  464.460409][T14639]  simple_read_from_buffer+0xcb/0x170
[  464.460423][T14639]  proc_fail_nth_read+0x1af/0x230
[  464.460438][T14639]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  464.460453][T14639]  ? rw_verify_area+0xce/0x6d0
[  464.460464][T14639]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  464.460478][T14639]  vfs_read+0x1e4/0xb30
[  464.460492][T14639]  ? __pfx_vfs_read+0x10/0x10
[  464.460503][T14639]  ? find_held_lock+0x2b/0x80
[  464.460519][T14639]  ? __fget_files+0x215/0x3d0
[  464.460534][T14639]  ? __fget_files+0x21f/0x3d0
[  464.460551][T14639]  ksys_read+0x12a/0x250
[  464.460563][T14639]  ? __pfx_ksys_read+0x10/0x10
[  464.460579][T14639]  do_int80_emulation+0x141/0x6b0
[  464.460597][T14639]  asm_int80_emulation+0x1a/0x20
[  464.460608][T14639] RIP: 0023:0xf717572b
[  464.460617][T14639] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  464.460628][T14639] RSP: 002b:00000000f54364bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  464.460638][T14639] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f54365d0
[  464.460645][T14639] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  464.460651][T14639] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  464.460657][T14639] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  464.460663][T14639] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  464.460678][T14639]  </TASK>
[  465.687404][T14666] FAULT_INJECTION: forcing a failure.
[  465.687404][T14666] name failslab, interval 1, probability 0, space 0, times 0
[  465.710570][T14666] CPU: 0 UID: 0 PID: 14666 Comm: syz.3.2540 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  465.710591][T14666] Tainted: [L]=SOFTLOCKUP
[  465.710595][T14666] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  465.710601][T14666] Call Trace:
[  465.710605][T14666]  <TASK>
[  465.710610][T14666]  dump_stack_lvl+0x100/0x190
[  465.710630][T14666]  should_fail_ex.cold+0x5/0xa
[  465.710642][T14666]  should_failslab+0xc2/0x120
[  465.710657][T14666]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  465.710669][T14666]  ? __alloc_skb+0x140/0x710
[  465.710695][T14666]  ? rcu_is_watching+0x12/0xc0
[  465.710713][T14666]  __alloc_skb+0x140/0x710
[  465.710725][T14666]  ? __alloc_skb+0x5b7/0x710
[  465.710738][T14666]  ? __pfx___alloc_skb+0x10/0x10
[  465.710756][T14666]  netlink_ack+0x117/0xb80
[  465.710777][T14666]  netlink_rcv_skb+0x333/0x420
[  465.710793][T14666]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  465.710809][T14666]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  465.710830][T14666]  ? netlink_deliver_tap+0x1ae/0xcc0
[  465.710848][T14666]  netlink_unicast+0x5aa/0x870
[  465.710866][T14666]  ? __pfx_netlink_unicast+0x10/0x10
[  465.710887][T14666]  netlink_sendmsg+0x8b0/0xda0
[  465.710905][T14666]  ? __pfx_netlink_sendmsg+0x10/0x10
[  465.710922][T14666]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  465.710938][T14666]  ____sys_sendmsg+0xa54/0xc30
[  465.710950][T14666]  ? __pfx_____sys_sendmsg+0x10/0x10
[  465.710960][T14666]  ? _parse_integer_limit+0x17f/0x1d0
[  465.710974][T14666]  ? _kstrtoull+0x13c/0x1f0
[  465.710984][T14666]  ? __pfx__kstrtoull+0x10/0x10
[  465.710997][T14666]  ___sys_sendmsg+0x190/0x1e0
[  465.711009][T14666]  ? __pfx____sys_sendmsg+0x10/0x10
[  465.711020][T14666]  ? __lock_acquire+0x4a5/0x2630
[  465.711037][T14666]  ? find_held_lock+0x2b/0x80
[  465.711061][T14666]  __sys_sendmmsg+0x2ff/0x430
[  465.711077][T14666]  ? __pfx___sys_sendmmsg+0x10/0x10
[  465.711096][T14666]  ? __fget_files+0x215/0x3d0
[  465.711116][T14666]  ? fput+0x79/0x100
[  465.711135][T14666]  ? ksys_write+0x1ac/0x250
[  465.711147][T14666]  ? __pfx_ksys_write+0x10/0x10
[  465.711161][T14666]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  465.711176][T14666]  ? lockdep_hardirqs_on+0x78/0x100
[  465.711191][T14666]  __do_fast_syscall_32+0xe3/0x8c0
[  465.711209][T14666]  do_fast_syscall_32+0x32/0x70
[  465.711224][T14666]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  465.711238][T14666] RIP: 0023:0xf7f78f6c
[  465.711247][T14666] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  465.711257][T14666] RSP: 002b:00000000f543650c EFLAGS: 00000292 ORIG_RAX: 0000000000000159
[  465.711268][T14666] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  465.711275][T14666] RDX: 00000000000001f2 RSI: 0000000000000000 RDI: 0000000000000000
[  465.711281][T14666] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  465.711287][T14666] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  465.711293][T14666] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  465.711307][T14666]  </TASK>
[  468.233921][T14701] __nla_validate_parse: 5 callbacks suppressed
[  468.233954][T14701] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2550'.
[  468.577271][T14715] bond1: left promiscuous mode
[  468.578851][T14715] bond1: left allmulticast mode
[  468.583418][T14715] bond2: left promiscuous mode
[  468.586658][T14715] bond3: left promiscuous mode
[  468.588219][T14715] bond3: left allmulticast mode
[  469.165295][T14722] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2558'.
[  470.827058][T14734] can0: slcan on pty21.
[  470.883695][T14740] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  470.929263][ T5946] Bluetooth: hci0: unexpected event for opcode 0x1005
[  471.081147][T13078] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  471.282586][T13078] usb 5-1: config 0 has no interfaces?
[  471.287123][T13078] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f
[  471.290698][T13078] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  471.294585][T13078] usb 5-1: Product: syz
[  471.295932][T13078] usb 5-1: Manufacturer: syz
[  471.297397][T13078] usb 5-1: SerialNumber: syz
[  471.300633][T13078] usb 5-1: config 0 descriptor??
[  471.504260][T14734] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2562'.
[  471.509105][T13078] usb 5-1: USB disconnect, device number 23
[  471.591931][T14733] can0 (unregistered): slcan off pty21.
[  471.998772][T14774] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2569'.
[  472.494666][T14778] wg1: entered allmulticast mode
[  472.496882][T14778] FAULT_INJECTION: forcing a failure.
[  472.496882][T14778] name failslab, interval 1, probability 0, space 0, times 0
[  472.501247][T14778] CPU: 1 UID: 0 PID: 14778 Comm: syz.0.2571 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  472.501285][T14778] Tainted: [L]=SOFTLOCKUP
[  472.501292][T14778] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  472.501301][T14778] Call Trace:
[  472.501309][T14778]  <TASK>
[  472.501316][T14778]  dump_stack_lvl+0x100/0x190
[  472.501345][T14778]  should_fail_ex.cold+0x5/0xa
[  472.501358][T14778]  should_failslab+0xc2/0x120
[  472.501373][T14778]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  472.501386][T14778]  ? __alloc_skb+0x140/0x710
[  472.501402][T14778]  __alloc_skb+0x140/0x710
[  472.501415][T14778]  ? __alloc_skb+0x5b7/0x710
[  472.501428][T14778]  ? __pfx___alloc_skb+0x10/0x10
[  472.501441][T14778]  ? rtnl_prop_list_size+0x144/0x2c0
[  472.501456][T14778]  ? if_nlmsg_size+0x4a4/0xb30
[  472.501472][T14778]  rtmsg_ifinfo_build_skb+0x81/0x260
[  472.501492][T14778]  rtmsg_ifinfo+0xa4/0x1b0
[  472.501510][T14778]  __dev_notify_flags+0x24c/0x2e0
[  472.501525][T14778]  ? __pfx___dev_notify_flags+0x10/0x10
[  472.501539][T14778]  ? __dev_change_flags+0x505/0x6f0
[  472.501554][T14778]  ? __pfx___dev_change_flags+0x10/0x10
[  472.501568][T14778]  ? validate_linkmsg+0x57c/0xba0
[  472.501586][T14778]  netif_change_flags+0x108/0x160
[  472.501602][T14778]  do_setlink.isra.0+0x1abb/0x3e50
[  472.501622][T14778]  ? __pfx_do_setlink.isra.0+0x10/0x10
[  472.501641][T14778]  ? __pfx___schedule+0x10/0x10
[  472.501658][T14778]  ? preempt_schedule_thunk+0x16/0x30
[  472.501671][T14778]  ? preempt_schedule_common+0x42/0xc0
[  472.501685][T14778]  ? preempt_schedule_thunk+0x16/0x30
[  472.501701][T14778]  ? __mutex_lock+0x8ef/0x1b90
[  472.501715][T14778]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  472.501737][T14778]  ? rtnl_newlink+0x8bb/0x2380
[  472.501757][T14778]  ? __nla_validate_parse+0x1e7/0x28b0
[  472.501783][T14778]  ? __pfx___mutex_lock+0x10/0x10
[  472.501808][T14778]  ? apparmor_capable+0x1d7/0x4e0
[  472.501837][T14778]  ? full_name_hash+0xbc/0x100
[  472.501856][T14778]  ? netdev_name_node_lookup+0x107/0x150
[  472.501871][T14778]  rtnl_newlink+0x11bd/0x2380
[  472.501891][T14778]  ? __pfx_rtnl_newlink+0x10/0x10
[  472.501915][T14778]  ? __lock_acquire+0x4a5/0x2630
[  472.501927][T14778]  ? preempt_schedule_common+0x42/0xc0
[  472.501941][T14778]  ? preempt_schedule_thunk+0x16/0x30
[  472.501959][T14778]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  472.501973][T14778]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  472.502018][T14778]  ? __pfx_rtnl_newlink+0x10/0x10
[  472.502033][T14778]  rtnetlink_rcv_msg+0x95e/0xe90
[  472.502050][T14778]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  472.502076][T14778]  netlink_rcv_skb+0x159/0x420
[  472.502105][T14778]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  472.502122][T14778]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  472.502147][T14778]  netlink_unicast+0x5aa/0x870
[  472.502165][T14778]  ? __pfx_netlink_unicast+0x10/0x10
[  472.502187][T14778]  netlink_sendmsg+0x8b0/0xda0
[  472.502205][T14778]  ? __pfx_netlink_sendmsg+0x10/0x10
[  472.502223][T14778]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  472.502238][T14778]  ____sys_sendmsg+0xa54/0xc30
[  472.502251][T14778]  ? __pfx_____sys_sendmsg+0x10/0x10
[  472.502265][T14778]  ? lock_acquire+0x17c/0x330
[  472.502278][T14778]  ___sys_sendmsg+0x190/0x1e0
[  472.502290][T14778]  ? __pfx____sys_sendmsg+0x10/0x10
[  472.502321][T14778]  __sys_sendmsg+0x170/0x220
[  472.502336][T14778]  ? __pfx___sys_sendmsg+0x10/0x10
[  472.502369][T14778]  __do_fast_syscall_32+0xe3/0x8c0
[  472.502400][T14778]  do_fast_syscall_32+0x32/0x70
[  472.502426][T14778]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  472.502446][T14778] RIP: 0023:0xf7f75f6c
[  472.502455][T14778] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  472.502466][T14778] RSP: 002b:00000000f543650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  472.502476][T14778] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[  472.502484][T14778] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  472.502490][T14778] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  472.502496][T14778] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  472.502502][T14778] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  472.502516][T14778]  </TASK>
[  472.905455][T14780] FAULT_INJECTION: forcing a failure.
[  472.905455][T14780] name failslab, interval 1, probability 0, space 0, times 0
[  472.918508][T14780] CPU: 0 UID: 0 PID: 14780 Comm: syz.0.2572 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  472.918528][T14780] Tainted: [L]=SOFTLOCKUP
[  472.918532][T14780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  472.918539][T14780] Call Trace:
[  472.918543][T14780]  <TASK>
[  472.918547][T14780]  dump_stack_lvl+0x100/0x190
[  472.918566][T14780]  should_fail_ex.cold+0x5/0xa
[  472.918580][T14780]  should_failslab+0xc2/0x120
[  472.918595][T14780]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  472.918607][T14780]  ? alloc_vmap_area+0x64d/0x2b80
[  472.918624][T14780]  alloc_vmap_area+0x64d/0x2b80
[  472.918644][T14780]  ? __pfx_alloc_vmap_area+0x10/0x10
[  472.918663][T14780]  __get_vm_area_node+0x1ca/0x330
[  472.918680][T14780]  ? vb2_vmalloc_alloc+0x135/0x410
[  472.918693][T14780]  __vmalloc_node_range_noprof+0x213/0x1530
[  472.918710][T14780]  ? vb2_vmalloc_alloc+0x135/0x410
[  472.918721][T14780]  ? do_fast_syscall_32+0x32/0x70
[  472.918736][T14780]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  472.918753][T14780]  ? vb2_vmalloc_alloc+0x135/0x410
[  472.918769][T14780]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  472.918792][T14780]  ? vb2_vmalloc_alloc+0x135/0x410
[  472.918804][T14780]  vmalloc_user_noprof+0x9e/0xe0
[  472.918821][T14780]  ? vb2_vmalloc_alloc+0x135/0x410
[  472.918833][T14780]  vb2_vmalloc_alloc+0x135/0x410
[  472.918846][T14780]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  472.918859][T14780]  __vb2_queue_alloc+0x8d5/0x1160
[  472.918879][T14780]  vb2_core_reqbufs+0x899/0xf30
[  472.918894][T14780]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  472.918917][T14780]  __vb2_init_fileio+0x32d/0x1000
[  472.918930][T14780]  ? vb2_fop_write+0xe5/0x550
[  472.918944][T14780]  __vb2_perform_fileio+0x91e/0x1380
[  472.918960][T14780]  ? __pfx___vb2_perform_fileio+0x10/0x10
[  472.918972][T14780]  ? find_held_lock+0x2b/0x80
[  472.918986][T14780]  ? get_pid_task+0xfc/0x250
[  472.919004][T14780]  vb2_fop_write+0x1f8/0x550
[  472.919018][T14780]  v4l2_write+0x229/0x2c0
[  472.919029][T14780]  vfs_write+0x2aa/0x1070
[  472.919043][T14780]  ? __pfx_v4l2_write+0x10/0x10
[  472.919053][T14780]  ? __pfx_vfs_write+0x10/0x10
[  472.919065][T14780]  ? find_held_lock+0x2b/0x80
[  472.919078][T14780]  ? __fget_files+0x215/0x3d0
[  472.919091][T14780]  ? __fget_files+0x215/0x3d0
[  472.919106][T14780]  ? __fget_files+0x21f/0x3d0
[  472.919123][T14780]  ksys_write+0x12a/0x250
[  472.919135][T14780]  ? __pfx_ksys_write+0x10/0x10
[  472.919148][T14780]  ? __pfx_ksys_write+0x10/0x10
[  472.919163][T14780]  __do_fast_syscall_32+0xe3/0x8c0
[  472.919181][T14780]  do_fast_syscall_32+0x32/0x70
[  472.919196][T14780]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  472.919209][T14780] RIP: 0023:0xf7f75f6c
[  472.919219][T14780] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  472.919229][T14780] RSP: 002b:00000000f543650c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  472.919239][T14780] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000100
[  472.919246][T14780] RDX: 00000000fffffd9d RSI: 0000000000000000 RDI: 0000000000000000
[  472.919252][T14780] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  472.919258][T14780] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  472.919264][T14780] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  472.919278][T14780]  </TASK>
[  472.919293][T14780] warn_alloc: 1 callbacks suppressed
[  472.919299][T14780] syz.0.2572: vmalloc error: size 53248, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
[  473.010748][T14783] comedi comedi2: rti802: I/O port conflict (0xfffffffffffffbff,4)
[  473.019591][T14780] ,cpuset=/,mems_allowed=0-1
[  473.038599][T14780] CPU: 0 UID: 0 PID: 14780 Comm: syz.0.2572 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  473.038617][T14780] Tainted: [L]=SOFTLOCKUP
[  473.038621][T14780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  473.038627][T14780] Call Trace:
[  473.038631][T14780]  <TASK>
[  473.038636][T14780]  dump_stack_lvl+0x100/0x190
[  473.038656][T14780]  warn_alloc.cold+0x95/0x1c1
[  473.038674][T14780]  ? __pfx_warn_alloc+0x10/0x10
[  473.038685][T14780]  ? lockdep_hardirqs_on+0x78/0x100
[  473.038702][T14780]  ? __get_vm_area_node+0x2c5/0x330
[  473.038720][T14780]  ? __get_vm_area_node+0x208/0x330
[  473.038738][T14780]  __vmalloc_node_range_noprof+0xbf4/0x1530
[  473.038755][T14780]  ? do_fast_syscall_32+0x32/0x70
[  473.038770][T14780]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  473.038786][T14780]  ? vb2_vmalloc_alloc+0x135/0x410
[  473.038804][T14780]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  473.038827][T14780]  ? vb2_vmalloc_alloc+0x135/0x410
[  473.038839][T14780]  vmalloc_user_noprof+0x9e/0xe0
[  473.038855][T14780]  ? vb2_vmalloc_alloc+0x135/0x410
[  473.038868][T14780]  vb2_vmalloc_alloc+0x135/0x410
[  473.038880][T14780]  ? __pfx_vb2_vmalloc_alloc+0x10/0x10
[  473.038893][T14780]  __vb2_queue_alloc+0x8d5/0x1160
[  473.038912][T14780]  vb2_core_reqbufs+0x899/0xf30
[  473.038928][T14780]  ? __pfx_vb2_core_reqbufs+0x10/0x10
[  473.038948][T14780]  __vb2_init_fileio+0x32d/0x1000
[  473.038960][T14780]  ? vb2_fop_write+0xe5/0x550
[  473.038974][T14780]  __vb2_perform_fileio+0x91e/0x1380
[  473.038995][T14780]  ? __pfx___vb2_perform_fileio+0x10/0x10
[  473.039007][T14780]  ? find_held_lock+0x2b/0x80
[  473.039022][T14780]  ? get_pid_task+0xfc/0x250
[  473.039036][T14780]  vb2_fop_write+0x1f8/0x550
[  473.039049][T14780]  v4l2_write+0x229/0x2c0
[  473.039061][T14780]  vfs_write+0x2aa/0x1070
[  473.039074][T14780]  ? __pfx_v4l2_write+0x10/0x10
[  473.039085][T14780]  ? __pfx_vfs_write+0x10/0x10
[  473.039097][T14780]  ? find_held_lock+0x2b/0x80
[  473.039110][T14780]  ? __fget_files+0x215/0x3d0
[  473.039123][T14780]  ? __fget_files+0x215/0x3d0
[  473.039138][T14780]  ? __fget_files+0x21f/0x3d0
[  473.039154][T14780]  ksys_write+0x12a/0x250
[  473.039167][T14780]  ? __pfx_ksys_write+0x10/0x10
[  473.039179][T14780]  ? __pfx_ksys_write+0x10/0x10
[  473.039195][T14780]  __do_fast_syscall_32+0xe3/0x8c0
[  473.039212][T14780]  do_fast_syscall_32+0x32/0x70
[  473.039228][T14780]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  473.039241][T14780] RIP: 0023:0xf7f75f6c
[  473.039250][T14780] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  473.039261][T14780] RSP: 002b:00000000f543650c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  473.039271][T14780] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000100
[  473.039278][T14780] RDX: 00000000fffffd9d RSI: 0000000000000000 RDI: 0000000000000000
[  473.039284][T14780] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  473.039290][T14780] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  473.039296][T14780] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  473.039310][T14780]  </TASK>
[  473.039314][T14780] Mem-Info:
[  473.141067][T14780] active_anon:11573 inactive_anon:136 isolated_anon:0
[  473.141067][T14780]  active_file:5788 inactive_file:26196 isolated_file:0
[  473.141067][T14780]  unevictable:1768 dirty:196 writeback:0
[  473.141067][T14780]  slab_reclaimable:8658 slab_unreclaimable:58574
[  473.141067][T14780]  mapped:30583 shmem:7362 pagetables:1252
[  473.141067][T14780]  sec_pagetables:316 bounce:0
[  473.141067][T14780]  kernel_misc_reclaimable:0
[  473.141067][T14780]  free:50660 free_pcp:12769 free_cma:0
[  473.171281][T14780] Node 0 active_anon:0kB inactive_anon:36kB active_file:4kB inactive_file:152kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:2064kB dirty:4kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:7704kB pagetables:1584kB sec_pagetables:1144kB all_unreclaimable? yes Balloon:0kB
[  473.171328][T14780] Node 1 active_anon:46492kB inactive_anon:508kB active_file:23148kB inactive_file:104632kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:110268kB dirty:780kB writeback:0kB shmem:27812kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5620kB pagetables:3224kB sec_pagetables:120kB all_unreclaimable? no Balloon:0kB
[  473.171354][T14780] Node 0 DMA free:2748kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:12kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:396kB local_pcp:0kB free_cma:0kB
[  473.171386][T14780] lowmem_reserve[]: 0 286 286 286 286
[  473.171408][T14780] Node 0 DMA32 free:16188kB boost:0kB min:13088kB low:16360kB high:19632kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:24kB active_file:4kB inactive_file:152kB unevictable:3536kB writepending:4kB zspages:0kB present:1032196kB managed:293804kB mlocked:0kB bounce:0kB free_pcp:12356kB local_pcp:3772kB free_cma:0kB
[  473.171438][T14780] lowmem_reserve[]: 0 0 0 0 0
[  473.171459][T14780] Node 1 DMA32 free:179704kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:0KB free_highatomic:0KB active_anon:46292kB inactive_anon:508kB active_file:23148kB inactive_file:104632kB unevictable:3536kB writepending:780kB zspages:2652kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:42912kB local_pcp:13408kB free_cma:0kB
[  473.171490][T14780] lowmem_reserve[]: 0 0 0 0 0
[  473.171511][T14780] Node 0 DMA: 177*4kB (U) 55*8kB (U) 22*16kB (U) 9*32kB (U) 3*64kB (U) 0*128kB 1*256kB (U) 1*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 2748kB
[  473.171591][T14780] Node 0 DMA32: 197*4kB (UME) 29*8kB (UME) 22*16kB (UME) 47*32kB (UME) 24*64kB (UME) 18*128kB (UME) 11*256kB (UME) 9*512kB (UM) 2*1024kB (M) 0*2048kB 0*4096kB = 16188kB
[  473.171677][T14780] Node 1 DMA32: 3208*4kB (UE) 2432*8kB (UME) 2040*16kB (UME) 347*32kB (UME) 195*64kB (UME) 114*128kB (UME) 37*256kB (UME) 21*512kB (UM) 33*1024kB (UM) 7*2048kB (U) 2*4096kB (U) = 179648kB
[  473.171770][T14780] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  473.171778][T14780] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  473.171787][T14780] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  473.171795][T14780] Node 1 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  473.171804][T14780] 40558 total pagecache pages
[  473.171808][T14780] 739 pages in swap cache
[  473.171813][T14780] Free swap  = 117480kB
[  473.171817][T14780] Total swap = 124996kB
[  473.171822][T14780] 524155 pages RAM
[  473.171826][T14780] 0 pages HighMem/MovableOnly
[  473.171830][T14780] 209811 pages reserved
[  473.171834][T14780] 0 pages cma reserved
[  473.490644][T14799] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2579'.
[  473.897911][T14802] comedi comedi2: rti802: I/O port conflict (0xfffffffffffffbff,4)
[  474.427367][T14817] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2586'.
[  477.502290][ T5946] Bluetooth: hci3: unexpected event for opcode 0x1005
[  477.630315][T14846] netlink: 5292 bytes leftover after parsing attributes in process `syz.0.2593'.
[  477.634483][T14846] openvswitch: netlink: Flow key attr not present in new flow.
[  477.653345][ T5946] Bluetooth: hci4: unexpected event for opcode 0x1005
[  477.885650][T14854] netlink: 'syz.4.2597': attribute type 2 has an invalid length.
[  477.921401][T14857] netlink: 5292 bytes leftover after parsing attributes in process `syz.2.2596'.
[  477.927091][T14854] Bluetooth: hci1: Frame reassembly failed (-84)
[  477.929917][T14854] Bluetooth: hci1: Frame reassembly failed (-84)
[  477.937425][T14854] Bluetooth: hci1: Frame reassembly failed (-84)
[  477.940486][T14854] Bluetooth: hci1: Frame reassembly failed (-84)
[  477.944075][   T60] Bluetooth: hci1: Frame reassembly failed (-84)
[  477.951598][T14854] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9)
[  477.953712][T14854] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  477.954330][T14857] openvswitch: netlink: Flow key attr not present in new flow.
[  477.957494][T14854] vhci_hcd vhci_hcd.0: Device attached
[  478.087805][T14865] FAULT_INJECTION: forcing a failure.
[  478.087805][T14865] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  478.094210][T14865] CPU: 3 UID: 0 PID: 14865 Comm: syz.3.2599 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  478.094238][T14865] Tainted: [L]=SOFTLOCKUP
[  478.094244][T14865] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  478.094255][T14865] Call Trace:
[  478.094262][T14865]  <TASK>
[  478.094269][T14865]  dump_stack_lvl+0x100/0x190
[  478.094304][T14865]  should_fail_ex.cold+0x5/0xa
[  478.094323][T14865]  _copy_to_user+0x32/0xd0
[  478.094349][T14865]  simple_read_from_buffer+0xcb/0x170
[  478.094372][T14865]  proc_fail_nth_read+0x1af/0x230
[  478.094396][T14865]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  478.094422][T14865]  ? rw_verify_area+0xce/0x6d0
[  478.094439][T14865]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  478.094459][T14865]  vfs_read+0x1e4/0xb30
[  478.094483][T14865]  ? __pfx_vfs_read+0x10/0x10
[  478.094501][T14865]  ? find_held_lock+0x2b/0x80
[  478.094526][T14865]  ? __fget_files+0x215/0x3d0
[  478.094564][T14865]  ? __fget_files+0x21f/0x3d0
[  478.094594][T14865]  ksys_read+0x12a/0x250
[  478.094614][T14865]  ? __pfx_ksys_read+0x10/0x10
[  478.094642][T14865]  do_int80_emulation+0x141/0x6b0
[  478.094671][T14865]  asm_int80_emulation+0x1a/0x20
[  478.094687][T14865] RIP: 0023:0xf717572b
[  478.094701][T14865] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  478.094718][T14865] RSP: 002b:00000000f54154bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  478.094736][T14865] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54155d0
[  478.094747][T14865] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  478.094757][T14865] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  478.094767][T14865] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  478.094778][T14865] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  478.094800][T14865]  </TASK>
[  478.221104][   T39] usb 46-1: SetAddress Request (6) to port 0
[  478.223449][   T39] usb 46-1: new SuperSpeed USB device number 6 using vhci_hcd
[  478.508412][T14863] vhci_hcd: connection reset by peer
[  478.511542][ T1145] vhci_hcd vhci_hcd.4: stop threads
[  478.513340][ T1145] vhci_hcd vhci_hcd.4: release socket
[  478.515141][ T1145] vhci_hcd vhci_hcd.4: disconnect device
[  479.701083][T14894] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  479.703289][T14894] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  479.706099][T14894] vhci_hcd vhci_hcd.0: Device attached
[  479.851680][T14895] vhci_hcd: connection closed
[  479.851889][ T1145] vhci_hcd vhci_hcd.3: stop threads
[  479.855115][ T1145] vhci_hcd vhci_hcd.3: release socket
[  479.856983][ T1145] vhci_hcd vhci_hcd.3: disconnect device
[  479.891196][ T1322] vhci_hcd vhci_hcd.3: vhci_device speed not set
[  480.011297][ T5946] Bluetooth: hci1: Opcode 0x1003 failed: -110
[  480.086726][T14900] FAULT_INJECTION: forcing a failure.
[  480.086726][T14900] name failslab, interval 1, probability 0, space 0, times 0
[  480.090764][T14900] CPU: 1 UID: 0 PID: 14900 Comm: syz.0.2610 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  480.090781][T14900] Tainted: [L]=SOFTLOCKUP
[  480.090785][T14900] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  480.090792][T14900] Call Trace:
[  480.090796][T14900]  <TASK>
[  480.090800][T14900]  dump_stack_lvl+0x100/0x190
[  480.090820][T14900]  should_fail_ex.cold+0x5/0xa
[  480.090833][T14900]  ? tomoyo_encode2+0xfb/0x3c0
[  480.090843][T14900]  should_failslab+0xc2/0x120
[  480.090857][T14900]  __kmalloc_noprof+0xe0/0x850
[  480.090869][T14900]  ? d_absolute_path+0x136/0x1b0
[  480.090882][T14900]  tomoyo_encode2+0xfb/0x3c0
[  480.090894][T14900]  tomoyo_encode+0x29/0x50
[  480.090904][T14900]  tomoyo_realpath_from_path+0x18c/0x690
[  480.090918][T14900]  tomoyo_path_number_perm+0x23c/0x580
[  480.090932][T14900]  ? tomoyo_path_number_perm+0x22e/0x580
[  480.090948][T14900]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  480.090978][T14900]  ? find_held_lock+0x2b/0x80
[  480.091007][T14900]  ? hook_file_ioctl_common+0x146/0x410
[  480.091023][T14900]  ? __fget_files+0x215/0x3d0
[  480.091038][T14900]  ? __fget_files+0x21f/0x3d0
[  480.091053][T14900]  security_file_ioctl_compat+0xd3/0x230
[  480.091070][T14900]  __ia32_compat_sys_ioctl+0xc2/0x360
[  480.091084][T14900]  __do_fast_syscall_32+0xe3/0x8c0
[  480.091102][T14900]  do_fast_syscall_32+0x32/0x70
[  480.091118][T14900]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  480.091132][T14900] RIP: 0023:0xf7f75f6c
[  480.091141][T14900] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  480.091152][T14900] RSP: 002b:00000000f543650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  480.091162][T14900] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000004008af13
[  480.091169][T14900] RDX: 0000000080000340 RSI: 0000000000000000 RDI: 0000000000000000
[  480.091175][T14900] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  480.091182][T14900] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  480.091188][T14900] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  480.091202][T14900]  </TASK>
[  480.163032][T14900] ERROR: Out of memory at tomoyo_realpath_from_path.
[  480.478943][T14325] Bluetooth: hci0: unexpected event for opcode 0x1005
[  480.815287][T14909] netlink: 5292 bytes leftover after parsing attributes in process `syz.3.2611'.
[  480.818873][T14909] openvswitch: netlink: Flow key attr not present in new flow.
[  481.637443][T14932] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  481.639560][T14932] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  481.643497][T14932] vhci_hcd vhci_hcd.0: Device attached
[  481.750179][T14933] vhci_hcd: connection closed
[  481.750458][ T1145] vhci_hcd vhci_hcd.2: stop threads
[  481.754674][ T1145] vhci_hcd vhci_hcd.2: release socket
[  481.756810][ T1145] vhci_hcd vhci_hcd.2: disconnect device
[  482.396882][T14954] FAULT_INJECTION: forcing a failure.
[  482.396882][T14954] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  482.411043][T14954] CPU: 2 UID: 0 PID: 14954 Comm: syz.0.2625 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  482.411062][T14954] Tainted: [L]=SOFTLOCKUP
[  482.411066][T14954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  482.411073][T14954] Call Trace:
[  482.411077][T14954]  <TASK>
[  482.411081][T14954]  dump_stack_lvl+0x100/0x190
[  482.411101][T14954]  should_fail_ex.cold+0x5/0xa
[  482.411113][T14954]  _copy_to_user+0x32/0xd0
[  482.411144][T14954]  simple_read_from_buffer+0xcb/0x170
[  482.411159][T14954]  proc_fail_nth_read+0x1af/0x230
[  482.411175][T14954]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  482.411190][T14954]  ? rw_verify_area+0xce/0x6d0
[  482.411201][T14954]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  482.411215][T14954]  vfs_read+0x1e4/0xb30
[  482.411230][T14954]  ? __pfx_vfs_read+0x10/0x10
[  482.411242][T14954]  ? find_held_lock+0x2b/0x80
[  482.411257][T14954]  ? __fget_files+0x215/0x3d0
[  482.411273][T14954]  ? __fget_files+0x21f/0x3d0
[  482.411289][T14954]  ksys_read+0x12a/0x250
[  482.411302][T14954]  ? __pfx_ksys_read+0x10/0x10
[  482.411319][T14954]  do_int80_emulation+0x141/0x6b0
[  482.411338][T14954]  asm_int80_emulation+0x1a/0x20
[  482.411349][T14954] RIP: 0023:0xf717572b
[  482.411358][T14954] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  482.411370][T14954] RSP: 002b:00000000f54364bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  482.411381][T14954] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54365d0
[  482.411387][T14954] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  482.411394][T14954] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  482.411400][T14954] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  482.411406][T14954] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  482.411421][T14954]  </TASK>
[  482.757916][ T5340]  pmem0: [POWERTEC] p1 p2
[  482.759850][ T5340] pmem0: p1 start 285212672 is beyond EOD, truncated
[  482.765953][ T5340] pmem0: p2 size 4294901760 extends beyond EOD, truncated
[  483.203013][T14988] netlink: 'syz.4.2638': attribute type 64 has an invalid length.
[  483.206264][T14988] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2638'.
[  483.217316][T14988] netlink: 'syz.4.2638': attribute type 64 has an invalid length.
[  483.220567][T14988] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2638'.
[  483.291450][   T39] usb 46-1: device descriptor read/8, error -110
[  483.684391][   T39] usb usb46-port1: attempt power cycle
[  483.977243][T15015] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2647'.
[  484.249605][   T39] usb usb46-port1: unable to enumerate USB device
[  484.411225][   T40] kauditd_printk_skb: 38 callbacks suppressed
[  484.411246][   T40] audit: type=1326 audit(1770993469.917:16598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15016 comm="syz.4.2649" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000
[  484.421538][   T40] audit: type=1326 audit(1770993469.917:16599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15016 comm="syz.4.2649" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000
[  484.433530][   T40] audit: type=1326 audit(1770993469.917:16600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15016 comm="syz.4.2649" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf6feef6c code=0x7ffc0000
[  484.448166][   T40] audit: type=1326 audit(1770993469.917:16601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15016 comm="syz.4.2649" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000
[  484.459584][   T40] audit: type=1326 audit(1770993469.917:16602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15016 comm="syz.4.2649" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000
[  484.472530][   T40] audit: type=1326 audit(1770993469.917:16603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15016 comm="syz.4.2649" exe="/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf6feef6c code=0x7ffc0000
[  484.487977][   T40] audit: type=1326 audit(1770993469.917:16604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15016 comm="syz.4.2649" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000
[  484.499322][   T40] audit: type=1326 audit(1770993469.917:16605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15016 comm="syz.4.2649" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000
[  484.515993][   T40] audit: type=1326 audit(1770993469.917:16606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15016 comm="syz.4.2649" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6feef6c code=0x7ffc0000
[  484.531111][   T40] audit: type=1326 audit(1770993469.917:16608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15016 comm="syz.4.2649" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf6feef6c code=0x7ffc0000
[  485.164002][T15034] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2656'.
[  485.225031][   T59] libceph: connect (1)[c::]:6789 error -101
[  485.227100][   T59] libceph: mon0 (1)[c::]:6789 connect error
[  485.274467][T15034] netlink: 'syz.4.2656': attribute type 1 has an invalid length.
[  485.276922][T15034] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2656'.
[  485.279642][T15034] netlink: 'syz.4.2656': attribute type 1 has an invalid length.
[  485.282425][T15034] netlink: 'syz.4.2656': attribute type 8 has an invalid length.
[  485.284821][T15034] netlink: 606 bytes leftover after parsing attributes in process `syz.4.2656'.
[  485.287516][T15034] netlink: 1 bytes leftover after parsing attributes in process `syz.4.2656'.
[  485.296511][T15034] sp0: Synchronizing with TNC
[  485.481621][   T59] libceph: connect (1)[c::]:6789 error -101
[  485.483927][T15032] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  485.484008][   T59] libceph: mon0 (1)[c::]:6789 connect error
[  485.486483][T15032] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  485.501180][T15032] vhci_hcd vhci_hcd.0: Device attached
[  485.533066][T15032] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  485.762183][T15040] vhci_hcd: connection closed
[  485.763163][   T46] vhci_hcd vhci_hcd.3: stop threads
[  485.766941][   T46] vhci_hcd vhci_hcd.3: release socket
[  485.769037][   T46] vhci_hcd vhci_hcd.3: disconnect device
[  485.791274][   T39] usb 44-1: enqueue for inactive port 0
[  485.991240][   T59] libceph: connect (1)[c::]:6789 error -101
[  485.993540][   T59] libceph: mon0 (1)[c::]:6789 connect error
[  485.996320][T15035] ceph: No mds server is up or the cluster is laggy
[  486.273482][T15051] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2659'.
[  487.160715][   T39] usb usb44-port1: attempt power cycle
[  487.334123][T14325] Bluetooth: hci3: unexpected event for opcode 0x1005
[  487.731555][   T39] usb usb44-port1: unable to enumerate USB device
[  487.872292][T14325] Bluetooth: hci0: unexpected event for opcode 0x1005
[  488.019625][T15075] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2664'.
[  489.222795][T14325] Bluetooth: hci3: unexpected event for opcode 0x1005
[  489.273062][T15087] FAULT_INJECTION: forcing a failure.
[  489.273062][T15087] name failslab, interval 1, probability 0, space 0, times 0
[  489.277375][T15087] CPU: 3 UID: 0 PID: 15087 Comm: syz.2.2667 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  489.277394][T15087] Tainted: [L]=SOFTLOCKUP
[  489.277398][T15087] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  489.277404][T15087] Call Trace:
[  489.277409][T15087]  <TASK>
[  489.277414][T15087]  dump_stack_lvl+0x100/0x190
[  489.277436][T15087]  should_fail_ex.cold+0x5/0xa
[  489.277449][T15087]  should_failslab+0xc2/0x120
[  489.277463][T15087]  __kmalloc_cache_noprof+0x7a/0x6f0
[  489.277480][T15087]  ? sctp_add_bind_addr+0xae/0x3e0
[  489.277497][T15087]  sctp_add_bind_addr+0xae/0x3e0
[  489.277513][T15087]  sctp_copy_local_addr_list+0x349/0x550
[  489.277531][T15087]  ? __pfx_sctp_copy_local_addr_list+0x10/0x10
[  489.277548][T15087]  ? sctp_auth_asoc_copy_shkeys+0x2a5/0x360
[  489.277565][T15087]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  489.277581][T15087]  sctp_bind_addr_copy+0xe0/0x530
[  489.277599][T15087]  sctp_connect_new_asoc+0x1c9/0x770
[  489.277612][T15087]  ? __pfx_sctp_connect_new_asoc+0x10/0x10
[  489.277622][T15087]  ? sctp_endpoint_lookup_assoc+0x15c/0x2a0
[  489.277639][T15087]  ? sctp_endpoint_lookup_assoc+0x15c/0x2a0
[  489.277657][T15087]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  489.277673][T15087]  sctp_sendmsg+0x171a/0x22b0
[  489.277688][T15087]  ? __pfx_sctp_sendmsg+0x10/0x10
[  489.277704][T15087]  ? aa_sk_perm+0x2de/0xb40
[  489.277724][T15087]  ? __pfx_aa_sk_perm+0x10/0x10
[  489.277737][T15087]  ? __might_fault+0xc5/0x140
[  489.277752][T15087]  ? __pfx_sctp_sendmsg+0x10/0x10
[  489.277764][T15087]  inet_sendmsg+0x11c/0x140
[  489.277778][T15087]  __sys_sendto+0x467/0x520
[  489.277793][T15087]  ? __pfx___sys_sendto+0x10/0x10
[  489.277811][T15087]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  489.277860][T15087]  ? fput+0x79/0x100
[  489.277877][T15087]  ? ksys_write+0x1ac/0x250
[  489.277892][T15087]  __ia32_sys_sendto+0xdd/0x1b0
[  489.277910][T15087]  ? __do_fast_syscall_32+0x94/0x8c0
[  489.277926][T15087]  ? lockdep_hardirqs_on+0x78/0x100
[  489.277940][T15087]  __do_fast_syscall_32+0xe3/0x8c0
[  489.277957][T15087]  do_fast_syscall_32+0x32/0x70
[  489.277973][T15087]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  489.277988][T15087] RIP: 0023:0xf7fb8f6c
[  489.277998][T15087] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  489.278009][T15087] RSP: 002b:00000000f547650c EFLAGS: 00000292 ORIG_RAX: 0000000000000171
[  489.278020][T15087] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  489.278027][T15087] RDX: 0000000000000001 RSI: 0000000000000804 RDI: 00000000800001c0
[  489.278033][T15087] RBP: 000000000000001c R08: 0000000000000000 R09: 0000000000000000
[  489.278039][T15087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  489.278045][T15087] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  489.278060][T15087]  </TASK>
[  490.668934][T15097] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7)
[  490.671671][T15097] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  490.704946][T15105] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2671'.
[  490.754919][T15097] vhci_hcd vhci_hcd.0: Device attached
[  491.211611][ T6069] usb 45-1: new high-speed USB device number 7 using vhci_hcd
[  491.446695][T15097] FAULT_INJECTION: forcing a failure.
[  491.446695][T15097] name failslab, interval 1, probability 0, space 0, times 0
[  491.462628][T15097] CPU: 1 UID: 0 PID: 15097 Comm: syz.4.2672 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  491.462649][T15097] Tainted: [L]=SOFTLOCKUP
[  491.462653][T15097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  491.462660][T15097] Call Trace:
[  491.462664][T15097]  <TASK>
[  491.462669][T15097]  dump_stack_lvl+0x100/0x190
[  491.462688][T15097]  should_fail_ex.cold+0x5/0xa
[  491.462701][T15097]  should_failslab+0xc2/0x120
[  491.462715][T15097]  __kmalloc_cache_noprof+0x7a/0x6f0
[  491.462732][T15097]  ? file_f_owner_allocate+0x84/0x130
[  491.462748][T15097]  ? trace_kmem_cache_alloc+0x80/0xb0
[  491.462762][T15097]  ? kmem_cache_alloc_noprof+0x292/0x6e0
[  491.462776][T15097]  file_f_owner_allocate+0x84/0x130
[  491.462792][T15097]  fcntl_dirnotify+0x24f/0xb00
[  491.462812][T15097]  do_fcntl+0x996/0x1670
[  491.462828][T15097]  ? __pfx_do_fcntl+0x10/0x10
[  491.462844][T15097]  ? __fget_files+0x215/0x3d0
[  491.462861][T15097]  ? tomoyo_file_fcntl+0x6c/0xc0
[  491.462876][T15097]  do_compat_fcntl64+0x66d/0x720
[  491.462893][T15097]  ? __pfx_do_compat_fcntl64+0x10/0x10
[  491.462913][T15097]  ? fput+0x79/0x100
[  491.462928][T15097]  ? __pfx_ksys_write+0x10/0x10
[  491.462944][T15097]  __do_fast_syscall_32+0xe3/0x8c0
[  491.462962][T15097]  do_fast_syscall_32+0x32/0x70
[  491.462978][T15097]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  491.462991][T15097] RIP: 0023:0xf6feef6c
[  491.463001][T15097] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  491.463011][T15097] RSP: 002b:00000000f53dd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000037
[  491.463022][T15097] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000402
[  491.463029][T15097] RDX: 0000000000000026 RSI: 0000000000000000 RDI: 0000000000000000
[  491.463036][T15097] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  491.463042][T15097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  491.463048][T15097] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  491.463067][T15097]  </TASK>
[  491.555225][T15101] vhci_hcd: connection reset by peer
[  491.559344][ T1139] vhci_hcd vhci_hcd.4: stop threads
[  491.561103][ T1139] vhci_hcd vhci_hcd.4: release socket
[  491.569664][ T1139] vhci_hcd vhci_hcd.4: disconnect device
[  491.681853][T15113] FAULT_INJECTION: forcing a failure.
[  491.681853][T15113] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  491.686720][T15113] CPU: 0 UID: 0 PID: 15113 Comm: syz.2.2674 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  491.686738][T15113] Tainted: [L]=SOFTLOCKUP
[  491.686742][T15113] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  491.686748][T15113] Call Trace:
[  491.686753][T15113]  <TASK>
[  491.686759][T15113]  dump_stack_lvl+0x100/0x190
[  491.686779][T15113]  should_fail_ex.cold+0x5/0xa
[  491.686793][T15113]  _copy_to_user+0x32/0xd0
[  491.686810][T15113]  snd_pcm_oss_read2+0x294/0x400
[  491.686825][T15113]  ? __pfx_snd_pcm_oss_read2+0x10/0x10
[  491.686837][T15113]  ? snd_pcm_kernel_ioctl+0x14a/0x2e0
[  491.686855][T15113]  snd_pcm_oss_read+0x5aa/0x730
[  491.686869][T15113]  ? __pfx_snd_pcm_oss_read+0x10/0x10
[  491.686882][T15113]  vfs_read+0x1e4/0xb30
[  491.686897][T15113]  ? __pfx_vfs_read+0x10/0x10
[  491.686909][T15113]  ? find_held_lock+0x2b/0x80
[  491.686923][T15113]  ? __fget_files+0x215/0x3d0
[  491.686936][T15113]  ? __fget_files+0x215/0x3d0
[  491.686951][T15113]  ? __fget_files+0x21f/0x3d0
[  491.686968][T15113]  ksys_read+0x12a/0x250
[  491.686980][T15113]  ? __pfx_ksys_read+0x10/0x10
[  491.686992][T15113]  ? __pfx_ksys_write+0x10/0x10
[  491.687008][T15113]  __do_fast_syscall_32+0xe3/0x8c0
[  491.687026][T15113]  do_fast_syscall_32+0x32/0x70
[  491.687042][T15113]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  491.687056][T15113] RIP: 0023:0xf7fb8f6c
[  491.687065][T15113] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  491.687076][T15113] RSP: 002b:00000000f547650c EFLAGS: 00000292 ORIG_RAX: 0000000000000003
[  491.687090][T15113] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800063c0
[  491.687097][T15113] RDX: 0000000000002020 RSI: 0000000000000000 RDI: 0000000000000000
[  491.687103][T15113] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  491.687109][T15113] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  491.687115][T15113] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  491.687129][T15113]  </TASK>
[  492.042248][T15122] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3)
[  492.042291][T15122] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  492.044168][T15122] vhci_hcd vhci_hcd.0: Device attached
[  492.124214][T15120] ubi31: attaching mtd0
[  492.126900][T15120] ubi31: scanning is finished
[  492.184033][T15123] vhci_hcd: connection closed
[  492.184230][   T60] vhci_hcd vhci_hcd.0: stop threads
[  492.187358][   T60] vhci_hcd vhci_hcd.0: release socket
[  492.189940][   T60] vhci_hcd vhci_hcd.0: disconnect device
[  492.226174][T15126] overlayfs: missing 'workdir'
[  492.231356][ T6016] vhci_hcd vhci_hcd.0: vhci_device speed not set
[  492.294013][T15120] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  492.298706][T15120] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  492.301788][T15120] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  492.304125][T15120] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  492.307878][T15120] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  492.311653][T15120] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  492.314435][T15120] ubi31: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3789055374
[  492.317965][T15120] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  492.321829][T15131] ubi31: background thread "ubi_bgt31d" started, PID 15131
[  492.770119][T15145] netlink: 'syz.0.2686': attribute type 15 has an invalid length.
[  492.842151][T15148] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2684'.
[  493.817028][T15158] FAULT_INJECTION: forcing a failure.
[  493.817028][T15158] name failslab, interval 1, probability 0, space 0, times 0
[  493.822152][T15158] CPU: 0 UID: 0 PID: 15158 Comm: syz.4.2690 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  493.822180][T15158] Tainted: [L]=SOFTLOCKUP
[  493.822186][T15158] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  493.822196][T15158] Call Trace:
[  493.822202][T15158]  <TASK>
[  493.822209][T15158]  dump_stack_lvl+0x100/0x190
[  493.822236][T15158]  should_fail_ex.cold+0x5/0xa
[  493.822256][T15158]  ? lsm_blob_alloc+0x68/0x90
[  493.822273][T15158]  should_failslab+0xc2/0x120
[  493.822294][T15158]  __kmalloc_noprof+0xe0/0x850
[  493.822318][T15158]  lsm_blob_alloc+0x68/0x90
[  493.822335][T15158]  security_sk_alloc+0x2d/0x290
[  493.822357][T15158]  sk_prot_alloc+0x12a/0x2a0
[  493.822376][T15158]  sk_alloc+0x36/0xe80
[  493.822397][T15158]  bpf_prog_test_run_skb+0x4cd/0x3230
[  493.822427][T15158]  ? find_held_lock+0x2b/0x80
[  493.822449][T15158]  ? __fget_files+0x215/0x3d0
[  493.822476][T15158]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  493.822502][T15158]  ? fput+0x79/0x100
[  493.822526][T15158]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  493.822549][T15158]  __sys_bpf+0x1725/0x4b90
[  493.822576][T15158]  ? __pfx___sys_bpf+0x10/0x10
[  493.822599][T15158]  ? proc_fail_nth_write+0x9f/0x220
[  493.822620][T15158]  ? find_held_lock+0x2b/0x80
[  493.822646][T15158]  ? find_held_lock+0x2b/0x80
[  493.822668][T15158]  ? ksys_write+0x190/0x250
[  493.822691][T15158]  ? __mutex_unlock_slowpath+0x15c/0x790
[  493.822727][T15158]  ? fput+0x79/0x100
[  493.822749][T15158]  ? ksys_write+0x1ac/0x250
[  493.822771][T15158]  __ia32_sys_bpf+0x79/0xf0
[  493.822794][T15158]  ? lockdep_hardirqs_on+0x78/0x100
[  493.822821][T15158]  __do_fast_syscall_32+0xe3/0x8c0
[  493.822847][T15158]  do_fast_syscall_32+0x32/0x70
[  493.822870][T15158]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  493.822890][T15158] RIP: 0023:0xf6feef6c
[  493.822904][T15158] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  493.822921][T15158] RSP: 002b:00000000f53dd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000165
[  493.822936][T15158] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080000080
[  493.822947][T15158] RDX: 000000000000004c RSI: 0000000000000000 RDI: 0000000000000000
[  493.822957][T15158] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  493.822966][T15158] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  493.822976][T15158] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  493.822998][T15158]  </TASK>
[  494.143791][T15171] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2687'.
[  494.147730][T15171] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2687'.
[  494.163179][T15171] netlink: 'syz.3.2687': attribute type 4 has an invalid length.
[  494.166595][T15171] netlink: 17 bytes leftover after parsing attributes in process `syz.3.2687'.
[  494.388201][T14498] block nbd2: shutting down sockets
[  494.497131][T15192] overlayfs: conflicting lowerdir path
[  494.636639][T15195] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2700'.
[  495.131017][T15169] comedi comedi2: reset error (fatal)
[  495.609692][ T5946] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  495.614579][ T5946] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  495.618213][ T5946] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  495.622056][ T5946] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  495.624599][ T5946] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  495.655818][T15206] wlan1 speed is unknown, defaulting to 1000
[  495.746617][ T7021] bond0: (slave syz_tun): Releasing backup interface
[  495.848199][T15206] chnl_net:caif_netlink_parms(): no params data found
[  495.886935][T15206] bridge0: port 1(bridge_slave_0) entered blocking state
[  495.889349][T15206] bridge0: port 1(bridge_slave_0) entered disabled state
[  495.894851][T15206] bridge_slave_0: entered allmulticast mode
[  495.897697][T15206] bridge_slave_0: entered promiscuous mode
[  495.902038][T15206] bridge0: port 2(bridge_slave_1) entered blocking state
[  495.904316][T15206] bridge0: port 2(bridge_slave_1) entered disabled state
[  495.906560][T15206] bridge_slave_1: entered allmulticast mode
[  495.909328][T15206] bridge_slave_1: entered promiscuous mode
[  495.923855][T15206] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  495.928192][T15206] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  495.944384][T15206] team0: Port device team_slave_0 added
[  495.947361][T15206] team0: Port device team_slave_1 added
[  495.959796][T15206] batman_adv: batadv0: Adding interface: batadv_slave_0
[  495.961965][T15206] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  495.969756][T15206] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  495.973981][T15206] batman_adv: batadv0: Adding interface: batadv_slave_1
[  495.976071][T15206] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  495.983738][T15206] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  496.005236][T15206] hsr_slave_0: entered promiscuous mode
[  496.007505][T15206] hsr_slave_1: entered promiscuous mode
[  496.152664][T15206] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  496.171590][T14325] Bluetooth: hci0: unexpected event for opcode 0x1005
[  496.180571][T14325] Bluetooth: hci2: unexpected event for opcode 0x1005
[  496.321154][ T6069] vhci_hcd vhci_hcd.4: vhci_device speed not set
[  496.349457][T15206] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  496.478150][T15206] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  496.736353][T15206] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  496.754162][T15206] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  496.763846][T15206] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  496.783053][T15206] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  496.934472][T15206] 8021q: adding VLAN 0 to HW filter on device bond0
[  496.952801][T15246] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2712'.
[  496.992134][T15206] 8021q: adding VLAN 0 to HW filter on device team0
[  497.179559][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  497.181803][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  497.328927][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  497.331192][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  497.842612][T14325] Bluetooth: hci1: command tx timeout
[  497.972054][T15206] 8021q: adding VLAN 0 to HW filter on device batadv0
[  498.022987][T15206] veth0_vlan: entered promiscuous mode
[  498.039870][T15206] veth1_vlan: entered promiscuous mode
[  498.082501][T15206] veth0_macvtap: entered promiscuous mode
[  498.086633][T15206] veth1_macvtap: entered promiscuous mode
[  498.106152][T15206] batman_adv: batadv0: Interface activated: batadv_slave_0
[  498.113498][T15206] batman_adv: batadv0: Interface activated: batadv_slave_1
[  498.143613][ T1138] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  498.149486][ T1138] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  498.155124][   T60] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  498.161521][   T60] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  498.242059][ T1138] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  498.244486][ T1138] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  498.307415][   T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  498.309845][   T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  498.310611][T14325] Bluetooth: hci2: unexpected event for opcode 0x1005
[  498.317018][T14325] Bluetooth: hci4: unexpected event for opcode 0x1005
[  499.000963][T15281] netlink: zone id is out of range
[  499.002833][T15281] netlink: zone id is out of range
[  499.004362][T15281] netlink: zone id is out of range
[  499.005978][T15281] netlink: zone id is out of range
[  499.008045][T15281] netlink: zone id is out of range
[  499.010314][T15281] netlink: zone id is out of range
[  499.014539][T15281] netlink: zone id is out of range
[  499.016214][T15281] netlink: zone id is out of range
[  499.017782][T15281] netlink: zone id is out of range
[  499.019311][T15281] netlink: zone id is out of range
[  499.331899][T15290] input: syz1 as /devices/virtual/input/input19
[  499.438266][T15293] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2725'.
[  499.501920][T15295] comedi comedi3: pcmmio: I/O port conflict (0x4f28,32)
[  499.941932][T14325] Bluetooth: hci1: command tx timeout
[  500.782217][T15298] tipc: Can't bind to reserved service type 0
[  500.947828][T15302] netlink: 6040 bytes leftover after parsing attributes in process `syz.0.2729'.
[  500.973522][T15302] loop6: detected capacity change from 0 to 2640
[  500.976489][T14498] buffer_io_error: 11 callbacks suppressed
[  500.976499][T14498] Buffer I/O error on dev loop6, logical block 0, async page read
[  500.980763][T14498] Buffer I/O error on dev loop6, logical block 0, async page read
[  500.984687][T14498] Buffer I/O error on dev loop6, logical block 0, async page read
[  500.987457][T14498] Buffer I/O error on dev loop6, logical block 0, async page read
[  500.989977][T14498] Buffer I/O error on dev loop6, logical block 0, async page read
[  500.992635][T14498] Buffer I/O error on dev loop6, logical block 0, async page read
[  500.995215][T14498] Buffer I/O error on dev loop6, logical block 0, async page read
[  500.997840][T14498] Buffer I/O error on dev loop6, logical block 0, async page read
[  501.000166][T14498] ldm_validate_partition_table(): Disk read failed.
[  501.002976][T14498] Buffer I/O error on dev loop6, logical block 0, async page read
[  501.005801][T14498] Buffer I/O error on dev loop6, logical block 0, async page read
[  501.008237][T14498] Dev loop6: unable to read RDB block 0
[  501.009998][T14498]  loop6: unable to read partition table
[  501.154244][T15302] ldm_validate_partition_table(): Disk read failed.
[  501.157464][T15302] Dev loop6: unable to read RDB block 0
[  501.161107][T15302]  loop6: unable to read partition table
[  501.163963][T15302] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  501.794977][T14325] Bluetooth: hci0: unexpected event for opcode 0x1005
[  501.899689][   T40] kauditd_printk_skb: 336 callbacks suppressed
[  501.899701][   T40] audit: type=1326 audit(1770993487.607:16944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15313 comm="syz.0.2732" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fb7f6c code=0x0
[  502.011168][T14325] Bluetooth: hci1: command tx timeout
[  502.306414][T15334] wlan1 speed is unknown, defaulting to 1000
[  502.555900][T15334] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input20
[  504.091423][T14325] Bluetooth: hci1: command tx timeout
[  504.158675][T15344] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2739'.
[  504.224323][T15347] FAULT_INJECTION: forcing a failure.
[  504.224323][T15347] name failslab, interval 1, probability 0, space 0, times 0
[  504.240026][T15347] CPU: 3 UID: 0 PID: 15347 Comm: syz.2.2740 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  504.240055][T15347] Tainted: [L]=SOFTLOCKUP
[  504.240063][T15347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  504.240073][T15347] Call Trace:
[  504.240079][T15347]  <TASK>
[  504.240087][T15347]  dump_stack_lvl+0x100/0x190
[  504.240116][T15347]  should_fail_ex.cold+0x5/0xa
[  504.240141][T15347]  should_failslab+0xc2/0x120
[  504.240163][T15347]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  504.240184][T15347]  ? __rds_conn_create+0x734/0x2590
[  504.240206][T15347]  ? __rds_conn_create+0x1959/0x2590
[  504.240233][T15347]  __rds_conn_create+0x734/0x2590
[  504.240266][T15347]  ? __pfx___rds_conn_create+0x10/0x10
[  504.240292][T15347]  ? lockdep_init_map_type+0x5c/0x250
[  504.240314][T15347]  rds_conn_create_outgoing+0x44/0x60
[  504.240343][T15347]  rds_sendmsg+0x10bc/0x33d0
[  504.240372][T15347]  ? __pfx_rds_sendmsg+0x10/0x10
[  504.240394][T15347]  ? __pfx_aa_sk_perm+0x10/0x10
[  504.240424][T15347]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  504.240450][T15347]  ? ____sys_sendmsg+0xa54/0xc30
[  504.240466][T15347]  ____sys_sendmsg+0xa54/0xc30
[  504.240487][T15347]  ? __pfx_____sys_sendmsg+0x10/0x10
[  504.240516][T15347]  ___sys_sendmsg+0x190/0x1e0
[  504.240539][T15347]  ? __pfx____sys_sendmsg+0x10/0x10
[  504.240586][T15347]  __sys_sendmsg+0x170/0x220
[  504.240609][T15347]  ? __pfx___sys_sendmsg+0x10/0x10
[  504.240641][T15347]  ? __pfx_ksys_write+0x10/0x10
[  504.240669][T15347]  __do_fast_syscall_32+0xe3/0x8c0
[  504.240697][T15347]  do_fast_syscall_32+0x32/0x70
[  504.240729][T15347]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  504.240751][T15347] RIP: 0023:0xf7fb8f6c
[  504.240765][T15347] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  504.240781][T15347] RSP: 002b:00000000f547650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  504.240799][T15347] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000800
[  504.240811][T15347] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000
[  504.240821][T15347] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  504.240831][T15347] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  504.240841][T15347] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  504.240864][T15347]  </TASK>
[  504.359547][T15351] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  504.361806][T15351] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  504.364999][T15351] vhci_hcd vhci_hcd.0: Device attached
[  504.462904][T15352] vhci_hcd: connection closed
[  504.463005][ T1138] vhci_hcd vhci_hcd.2: stop threads
[  504.466189][ T1138] vhci_hcd vhci_hcd.2: release socket
[  504.467850][ T1138] vhci_hcd vhci_hcd.2: disconnect device
[  504.603134][T15358] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  504.626798][T15358] kvm: pic: non byte read
[  504.635371][T15358] kvm: pic: level sensitive irq not supported
[  504.636347][T15358] kvm: pic: non byte read
[  504.642524][T15361] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  504.648236][T15358] kvm: pic: level sensitive irq not supported
[  504.649028][T15358] kvm: pic: non byte read
[  504.657177][T15361] kvm: pic: non byte read
[  504.659492][T15361] kvm: pic: level sensitive irq not supported
[  504.664463][T15361] kvm: pic: non byte read
[  504.669038][T15361] kvm: pic: level sensitive irq not supported
[  504.669360][T15361] kvm: pic: non byte read
[  505.272865][T15375] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  505.276425][T15375] FAULT_INJECTION: forcing a failure.
[  505.276425][T15375] name failslab, interval 1, probability 0, space 0, times 0
[  505.280230][T15375] CPU: 2 UID: 0 PID: 15375 Comm: syz.3.2749 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  505.280246][T15375] Tainted: [L]=SOFTLOCKUP
[  505.280250][T15375] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  505.280257][T15375] Call Trace:
[  505.280270][T15375]  <TASK>
[  505.280277][T15375]  dump_stack_lvl+0x100/0x190
[  505.280297][T15375]  should_fail_ex.cold+0x5/0xa
[  505.280309][T15375]  ? tomoyo_encode2+0xfb/0x3c0
[  505.280319][T15375]  should_failslab+0xc2/0x120
[  505.280333][T15375]  __kmalloc_noprof+0xe0/0x850
[  505.280349][T15375]  tomoyo_encode2+0xfb/0x3c0
[  505.280362][T15375]  tomoyo_encode+0x29/0x50
[  505.280371][T15375]  tomoyo_realpath_from_path+0x18c/0x690
[  505.280386][T15375]  tomoyo_path_number_perm+0x23c/0x580
[  505.280400][T15375]  ? tomoyo_path_number_perm+0x22e/0x580
[  505.280416][T15375]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  505.280447][T15375]  ? find_held_lock+0x2b/0x80
[  505.280461][T15375]  ? hook_file_ioctl_common+0x146/0x410
[  505.280476][T15375]  ? __fget_files+0x215/0x3d0
[  505.280492][T15375]  ? __fget_files+0x21f/0x3d0
[  505.280507][T15375]  security_file_ioctl_compat+0xd3/0x230
[  505.280524][T15375]  __ia32_compat_sys_ioctl+0xc2/0x360
[  505.280537][T15375]  __do_fast_syscall_32+0xe3/0x8c0
[  505.280555][T15375]  do_fast_syscall_32+0x32/0x70
[  505.280571][T15375]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  505.280585][T15375] RIP: 0023:0xf7f78f6c
[  505.280594][T15375] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  505.280605][T15375] RSP: 002b:00000000f543650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  505.280615][T15375] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000ae80
[  505.280622][T15375] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  505.280628][T15375] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  505.280634][T15375] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  505.280640][T15375] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  505.280654][T15375]  </TASK>
[  505.280704][T15375] ERROR: Out of memory at tomoyo_realpath_from_path.
[  505.354536][T15375] kvm: pic: non byte read
[  505.357114][T15375] kvm: pic: level sensitive irq not supported
[  505.357390][T15375] kvm: pic: non byte read
[  505.362183][T15375] kvm: pic: level sensitive irq not supported
[  505.362515][T15375] kvm: pic: non byte read
[  505.779742][T15379] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2748'.
[  505.896358][T14325] Bluetooth: hci0: unexpected event for opcode 0x1005
[  506.023093][ T1414] ieee802154 phy0 wpan0: encryption failed: -22
[  506.025094][ T1414] ieee802154 phy1 wpan1: encryption failed: -22
[  506.236030][T15391] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2751'.
[  507.432331][   T40] audit: type=1326 audit(1770993493.147:16945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15402 comm="syz.2.2757" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fb8f6c code=0x0
[  507.529597][T15405] netlink: 'syz.2.2757': attribute type 9 has an invalid length.
[  507.637771][T15410] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2759'.
[  507.641570][T15410] FAULT_INJECTION: forcing a failure.
[  507.641570][T15410] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  507.645644][T15410] CPU: 0 UID: 0 PID: 15410 Comm: syz.3.2759 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  507.645677][T15410] Tainted: [L]=SOFTLOCKUP
[  507.645681][T15410] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  507.645688][T15410] Call Trace:
[  507.645692][T15410]  <TASK>
[  507.645696][T15410]  dump_stack_lvl+0x100/0x190
[  507.645716][T15410]  should_fail_ex.cold+0x5/0xa
[  507.645728][T15410]  _copy_from_iter+0x1f4/0x1690
[  507.645746][T15410]  ? __asan_memset+0x23/0x50
[  507.645758][T15410]  ? __pfx__copy_from_iter+0x10/0x10
[  507.645773][T15410]  ? __pfx___alloc_skb+0x10/0x10
[  507.645793][T15410]  netlink_sendmsg+0x808/0xda0
[  507.645811][T15410]  ? __pfx_netlink_sendmsg+0x10/0x10
[  507.645829][T15410]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  507.645844][T15410]  ____sys_sendmsg+0xa54/0xc30
[  507.645857][T15410]  ? __pfx_____sys_sendmsg+0x10/0x10
[  507.645874][T15410]  ___sys_sendmsg+0x190/0x1e0
[  507.645886][T15410]  ? __pfx____sys_sendmsg+0x10/0x10
[  507.645914][T15410]  __sys_sendmsg+0x170/0x220
[  507.645943][T15410]  ? __pfx___sys_sendmsg+0x10/0x10
[  507.645962][T15410]  ? __pfx_ksys_write+0x10/0x10
[  507.645978][T15410]  __do_fast_syscall_32+0xe3/0x8c0
[  507.646000][T15410]  do_fast_syscall_32+0x32/0x70
[  507.646016][T15410]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  507.646029][T15410] RIP: 0023:0xf7f78f6c
[  507.646039][T15410] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  507.646049][T15410] RSP: 002b:00000000f543650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  507.646059][T15410] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000180
[  507.646066][T15410] RDX: 000000002c000010 RSI: 0000000000000000 RDI: 0000000000000000
[  507.646073][T15410] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  507.646079][T15410] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  507.646085][T15410] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  507.646099][T15410]  </TASK>
[  507.866894][T15414] FAULT_INJECTION: forcing a failure.
[  507.866894][T15414] name failslab, interval 1, probability 0, space 0, times 0
[  507.878700][T15414] CPU: 1 UID: 0 PID: 15414 Comm: syz.4.2761 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  507.878731][T15414] Tainted: [L]=SOFTLOCKUP
[  507.878738][T15414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  507.878748][T15414] Call Trace:
[  507.878756][T15414]  <TASK>
[  507.878763][T15414]  dump_stack_lvl+0x100/0x190
[  507.878790][T15414]  should_fail_ex.cold+0x5/0xa
[  507.878811][T15414]  should_failslab+0xc2/0x120
[  507.878835][T15414]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  507.878853][T15414]  ? dst_alloc+0x99/0x1a0
[  507.878878][T15414]  dst_alloc+0x99/0x1a0
[  507.878901][T15414]  rt_dst_alloc+0x35/0x3a0
[  507.878927][T15414]  ip_route_output_key_hash_rcu+0x87a/0x2870
[  507.878955][T15414]  ip_route_output_key_hash+0x118/0x2b0
[  507.878983][T15414]  ? __pfx_ip_route_output_key_hash+0x10/0x10
[  507.879011][T15414]  ? find_held_lock+0x2b/0x80
[  507.879039][T15414]  ip_route_output_flow+0x27/0x150
[  507.879062][T15414]  udp_sendmsg+0x1a77/0x2890
[  507.879090][T15414]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  507.879119][T15414]  ? __pfx_udp_sendmsg+0x10/0x10
[  507.879143][T15414]  ? rcu_read_unlock+0x2d/0xb0
[  507.879161][T15414]  ? rcu_read_unlock+0x2d/0xb0
[  507.879197][T15414]  ? aa_sk_perm+0x2de/0xb40
[  507.879236][T15414]  ? __pfx_udp_sendmsg+0x10/0x10
[  507.879263][T15414]  inet_sendmsg+0x105/0x140
[  507.879284][T15414]  ____sys_sendmsg+0x9ad/0xc30
[  507.879306][T15414]  ? __pfx_____sys_sendmsg+0x10/0x10
[  507.879330][T15414]  ? find_held_lock+0x2b/0x80
[  507.879352][T15414]  ? count_memcg_events_mm.constprop.0+0xfa/0x2a0
[  507.879380][T15414]  ___sys_sendmsg+0x190/0x1e0
[  507.879402][T15414]  ? __pfx____sys_sendmsg+0x10/0x10
[  507.879419][T15414]  ? do_user_addr_fault+0x7de/0x12f0
[  507.879455][T15414]  ? irqentry_exit+0x180/0x670
[  507.879479][T15414]  ? lockdep_hardirqs_on+0x78/0x100
[  507.879512][T15414]  ? __pfx___might_resched+0x10/0x10
[  507.879534][T15414]  ? __sys_sendmmsg+0x313/0x430
[  507.879561][T15414]  __sys_sendmmsg+0x2ff/0x430
[  507.879589][T15414]  ? __pfx___sys_sendmmsg+0x10/0x10
[  507.879623][T15414]  ? __fget_files+0x215/0x3d0
[  507.879672][T15414]  ? fput+0x79/0x100
[  507.879700][T15414]  ? ksys_write+0x1ac/0x250
[  507.879720][T15414]  ? __pfx_ksys_write+0x10/0x10
[  507.879743][T15414]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  507.879768][T15414]  ? lockdep_hardirqs_on+0x78/0x100
[  507.879793][T15414]  __do_fast_syscall_32+0xe3/0x8c0
[  507.879821][T15414]  do_fast_syscall_32+0x32/0x70
[  507.879847][T15414]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  507.879869][T15414] RIP: 0023:0xf6feef6c
[  507.879884][T15414] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  507.879901][T15414] RSP: 002b:00000000f53dd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000159
[  507.879920][T15414] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080007fc0
[  507.879931][T15414] RDX: 000000000800001d RSI: 000000000000001c RDI: 0000000000000000
[  507.879941][T15414] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  507.879951][T15414] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  507.879961][T15414] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  507.879990][T15414]  </TASK>
[  508.173130][T15422] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2762'.
[  508.177051][T15422] Bluetooth: MGMT ver 1.23
[  508.199618][T15424] FAULT_INJECTION: forcing a failure.
[  508.199618][T15424] name failslab, interval 1, probability 0, space 0, times 0
[  508.203753][T15424] CPU: 0 UID: 0 PID: 15424 Comm: syz.3.2765 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  508.203770][T15424] Tainted: [L]=SOFTLOCKUP
[  508.203774][T15424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  508.203781][T15424] Call Trace:
[  508.203785][T15424]  <TASK>
[  508.203790][T15424]  dump_stack_lvl+0x100/0x190
[  508.203809][T15424]  should_fail_ex.cold+0x5/0xa
[  508.203822][T15424]  ? lsm_blob_alloc+0x68/0x90
[  508.203833][T15424]  should_failslab+0xc2/0x120
[  508.203848][T15424]  __kmalloc_noprof+0xe0/0x850
[  508.203863][T15424]  lsm_blob_alloc+0x68/0x90
[  508.203875][T15424]  security_sk_alloc+0x2d/0x290
[  508.203890][T15424]  sk_prot_alloc+0x1d1/0x2a0
[  508.203902][T15424]  sk_alloc+0x36/0xe80
[  508.203916][T15424]  inet6_create+0x385/0x12b0
[  508.203933][T15424]  ? inet6_create+0x7f/0x12b0
[  508.203950][T15424]  __sock_create+0x339/0x860
[  508.203964][T15424]  mptcp_subflow_create_socket+0xec/0xa30
[  508.203978][T15424]  ? __pfx_mptcp_subflow_create_socket+0x10/0x10
[  508.203989][T15424]  ? __pfx_aa_label_sk_perm+0x10/0x10
[  508.204004][T15424]  ? find_held_lock+0x2b/0x80
[  508.204019][T15424]  ? tomoyo_check_inet_address+0x40d/0x6d0
[  508.204038][T15424]  __mptcp_nmpc_sk+0x17f/0x870
[  508.204051][T15424]  ? __pfx___mptcp_nmpc_sk+0x10/0x10
[  508.204062][T15424]  ? register_lock_class+0x40/0x560
[  508.204078][T15424]  mptcp_connect+0x7e/0xad0
[  508.204092][T15424]  __inet_stream_connect+0x208/0xfa0
[  508.204108][T15424]  ? __pfx___inet_stream_connect+0x10/0x10
[  508.204119][T15424]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  508.204134][T15424]  ? __pfx_inet_stream_connect+0x10/0x10
[  508.204146][T15424]  ? __local_bh_enable_ip+0x9e/0x120
[  508.204164][T15424]  ? __pfx_inet_stream_connect+0x10/0x10
[  508.204174][T15424]  inet_stream_connect+0x57/0xa0
[  508.204187][T15424]  __sys_connect_file+0x141/0x1a0
[  508.204201][T15424]  __sys_connect+0x141/0x170
[  508.204213][T15424]  ? __pfx___sys_connect+0x10/0x10
[  508.204232][T15424]  ? ksys_write+0x1ac/0x250
[  508.204244][T15424]  ? __pfx_ksys_write+0x10/0x10
[  508.204259][T15424]  __ia32_sys_connect+0x71/0xb0
[  508.204271][T15424]  ? lockdep_hardirqs_on+0x78/0x100
[  508.204286][T15424]  __do_fast_syscall_32+0xe3/0x8c0
[  508.204303][T15424]  do_fast_syscall_32+0x32/0x70
[  508.204319][T15424]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  508.204333][T15424] RIP: 0023:0xf7f78f6c
[  508.204342][T15424] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  508.204353][T15424] RSP: 002b:00000000f543650c EFLAGS: 00000292 ORIG_RAX: 000000000000016a
[  508.204363][T15424] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000040
[  508.204370][T15424] RDX: 000000000000001c RSI: 0000000000000000 RDI: 0000000000000000
[  508.204376][T15424] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  508.204382][T15424] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  508.204388][T15424] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  508.204402][T15424]  </TASK>
[  508.446883][T15431] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2767'.
[  508.508146][ T5946] Bluetooth: hci4: unexpected event for opcode 0x1005
[  509.029172][T15439] netlink: 'syz.0.2769': attribute type 1 has an invalid length.
[  509.231907][T15446] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2770'.
[  510.251321][ T5946] Bluetooth: hci0: command 0x041b tx timeout
[  510.578036][T14325] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  510.604036][T15470] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  510.606713][T15470] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  510.609903][T15470] vhci_hcd vhci_hcd.0: Device attached
[  510.773605][T15471] vhci_hcd: connection closed
[  510.773834][   T86] vhci_hcd vhci_hcd.4: stop threads
[  510.777513][   T86] vhci_hcd vhci_hcd.4: release socket
[  510.790129][   T86] vhci_hcd vhci_hcd.4: disconnect device
[  510.801265][   T59] vhci_hcd vhci_hcd.4: vhci_device speed not set
[  510.804122][T15486] FAULT_INJECTION: forcing a failure.
[  510.804122][T15486] name failslab, interval 1, probability 0, space 0, times 0
[  510.808102][T15486] CPU: 0 UID: 0 PID: 15486 Comm: syz.2.2785 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  510.808118][T15486] Tainted: [L]=SOFTLOCKUP
[  510.808122][T15486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  510.808129][T15486] Call Trace:
[  510.808133][T15486]  <TASK>
[  510.808137][T15486]  dump_stack_lvl+0x100/0x190
[  510.808157][T15486]  should_fail_ex.cold+0x5/0xa
[  510.808169][T15486]  ? tomoyo_encode2+0xfb/0x3c0
[  510.808180][T15486]  should_failslab+0xc2/0x120
[  510.808195][T15486]  __kmalloc_noprof+0xe0/0x850
[  510.808206][T15486]  ? d_absolute_path+0x136/0x1b0
[  510.808220][T15486]  tomoyo_encode2+0xfb/0x3c0
[  510.808232][T15486]  tomoyo_encode+0x29/0x50
[  510.808241][T15486]  tomoyo_realpath_from_path+0x18c/0x690
[  510.808255][T15486]  tomoyo_path_number_perm+0x23c/0x580
[  510.808269][T15486]  ? tomoyo_path_number_perm+0x22e/0x580
[  510.808285][T15486]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  510.808315][T15486]  ? find_held_lock+0x2b/0x80
[  510.808330][T15486]  ? hook_file_ioctl_common+0x146/0x410
[  510.808344][T15486]  ? __fget_files+0x215/0x3d0
[  510.808360][T15486]  ? __fget_files+0x21f/0x3d0
[  510.808375][T15486]  security_file_ioctl_compat+0xd3/0x230
[  510.808391][T15486]  __ia32_compat_sys_ioctl+0xc2/0x360
[  510.808405][T15486]  __do_fast_syscall_32+0xe3/0x8c0
[  510.808423][T15486]  do_fast_syscall_32+0x32/0x70
[  510.808438][T15486]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  510.808452][T15486] RIP: 0023:0xf7fb8f6c
[  510.808462][T15486] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  510.808472][T15486] RSP: 002b:00000000f547650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  510.808483][T15486] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000004008550d
[  510.808490][T15486] RDX: 00000000800002c0 RSI: 0000000000000000 RDI: 0000000000000000
[  510.808496][T15486] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  510.808502][T15486] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  510.808508][T15486] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  510.808522][T15486]  </TASK>
[  510.808533][T15486] ERROR: Out of memory at tomoyo_realpath_from_path.
[  510.913885][T14325] Bluetooth: hci4: unexpected event for opcode 0x1005
[  511.188771][T15495] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2788'.
[  512.249743][T15522] FAULT_INJECTION: forcing a failure.
[  512.249743][T15522] name failslab, interval 1, probability 0, space 0, times 0
[  512.253919][T15522] CPU: 1 UID: 0 PID: 15522 Comm: syz.4.2796 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  512.253943][T15522] Tainted: [L]=SOFTLOCKUP
[  512.253947][T15522] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  512.253953][T15522] Call Trace:
[  512.253958][T15522]  <TASK>
[  512.253962][T15522]  dump_stack_lvl+0x100/0x190
[  512.253982][T15522]  should_fail_ex.cold+0x5/0xa
[  512.253995][T15522]  ? nla_strdup+0xc3/0x150
[  512.254005][T15522]  should_failslab+0xc2/0x120
[  512.254019][T15522]  __kmalloc_noprof+0xe0/0x850
[  512.254035][T15522]  nla_strdup+0xc3/0x150
[  512.254046][T15522]  nf_tables_newtable+0xd8a/0x19f0
[  512.254062][T15522]  ? __pfx_nf_tables_newtable+0x10/0x10
[  512.254077][T15522]  ? __nla_parse+0x40/0x60
[  512.254090][T15522]  nfnetlink_rcv_batch+0x1418/0x2880
[  512.254112][T15522]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  512.254149][T15522]  ? __nla_parse+0x40/0x60
[  512.254163][T15522]  nfnetlink_rcv+0x3bd/0x440
[  512.254175][T15522]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  512.254191][T15522]  netlink_unicast+0x5aa/0x870
[  512.254210][T15522]  ? __pfx_netlink_unicast+0x10/0x10
[  512.254232][T15522]  netlink_sendmsg+0x8b0/0xda0
[  512.254250][T15522]  ? __pfx_netlink_sendmsg+0x10/0x10
[  512.254268][T15522]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  512.254285][T15522]  ____sys_sendmsg+0xa54/0xc30
[  512.254298][T15522]  ? __pfx_____sys_sendmsg+0x10/0x10
[  512.254316][T15522]  ___sys_sendmsg+0x190/0x1e0
[  512.254329][T15522]  ? __pfx____sys_sendmsg+0x10/0x10
[  512.254358][T15522]  __sys_sendmsg+0x170/0x220
[  512.254373][T15522]  ? __pfx___sys_sendmsg+0x10/0x10
[  512.254393][T15522]  ? __pfx_ksys_write+0x10/0x10
[  512.254410][T15522]  __do_fast_syscall_32+0xe3/0x8c0
[  512.254428][T15522]  do_fast_syscall_32+0x32/0x70
[  512.254444][T15522]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  512.254458][T15522] RIP: 0023:0xf6feef6c
[  512.254467][T15522] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  512.254478][T15522] RSP: 002b:00000000f53dd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  512.254489][T15522] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  512.254495][T15522] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  512.254501][T15522] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  512.254507][T15522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  512.254513][T15522] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  512.254527][T15522]  </TASK>
[  512.422611][T14325] Bluetooth: hci0: unexpected event for opcode 0x1005
[  512.882263][T15555] FAULT_INJECTION: forcing a failure.
[  512.882263][T15555] name failslab, interval 1, probability 0, space 0, times 0
[  512.886412][T15555] CPU: 3 UID: 0 PID: 15555 Comm: syz.2.2805 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  512.886431][T15555] Tainted: [L]=SOFTLOCKUP
[  512.886435][T15555] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  512.886441][T15555] Call Trace:
[  512.886446][T15555]  <TASK>
[  512.886450][T15555]  dump_stack_lvl+0x100/0x190
[  512.886469][T15555]  should_fail_ex.cold+0x5/0xa
[  512.886482][T15555]  should_failslab+0xc2/0x120
[  512.886497][T15555]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  512.886510][T15555]  ? __alloc_skb+0x140/0x710
[  512.886523][T15555]  ? tipc_nametbl_remove_publ+0xa6c/0x14d0
[  512.886542][T15555]  __alloc_skb+0x140/0x710
[  512.886556][T15555]  ? __pfx___alloc_skb+0x10/0x10
[  512.886574][T15555]  tipc_buf_acquire+0x26/0xe0
[  512.886586][T15555]  named_prepare_buf+0x29/0x170
[  512.886602][T15555]  tipc_named_withdraw+0x206/0x680
[  512.886618][T15555]  tipc_nametbl_withdraw+0x131/0x3a0
[  512.886637][T15555]  tipc_sk_withdraw+0x683/0x7c0
[  512.886655][T15555]  ? __pfx_tipc_sk_withdraw+0x10/0x10
[  512.886672][T15555]  ? __local_bh_enable_ip+0x9e/0x120
[  512.886691][T15555]  tipc_sk_bind+0x2ff/0x380
[  512.886702][T15555]  tipc_bind+0x18d/0x280
[  512.886713][T15555]  __sys_bind+0x1a9/0x260
[  512.886725][T15555]  ? __pfx___sys_bind+0x10/0x10
[  512.886742][T15555]  ? ksys_write+0x1ac/0x250
[  512.886754][T15555]  ? arch_syscall_is_vdso_sigreturn+0x19b/0x200
[  512.886770][T15555]  __ia32_sys_bind+0x71/0xb0
[  512.886781][T15555]  ? lockdep_hardirqs_on+0x78/0x100
[  512.886796][T15555]  __do_fast_syscall_32+0xe3/0x8c0
[  512.886814][T15555]  do_fast_syscall_32+0x32/0x70
[  512.886830][T15555]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  512.886843][T15555] RIP: 0023:0xf7fb8f6c
[  512.886865][T15555] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  512.886876][T15555] RSP: 002b:00000000f543450c EFLAGS: 00000292 ORIG_RAX: 0000000000000169
[  512.886887][T15555] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000000000
[  512.886894][T15555] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  512.886900][T15555] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  512.886906][T15555] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  512.886912][T15555] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  512.886930][T15555]  </TASK>
[  512.886966][T15555] tipc: Withdrawal distribution failure
[  513.015161][T15557] program syz.0.2806 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  513.021919][T15557] ata1.00: invalid service action 2
[  513.456645][ T6339] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  513.626595][T15571] netlink: 'syz.3.2807': attribute type 4 has an invalid length.
[  513.643921][T15571] netlink: 'syz.3.2807': attribute type 4 has an invalid length.
[  513.647472][ T6339] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  513.650262][ T6339] usb 5-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config
[  513.660726][ T6339] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  513.665699][ T6339] usb 5-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  513.680054][ T6339] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11
[  513.690176][ T6339] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  513.697128][ T6339] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  513.711328][ T6339] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  513.713957][ T6339] usb 5-1: Product: syz
[  513.715301][ T6339] usb 5-1: Manufacturer: syz
[  513.722462][T15557] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  513.725365][ T6339] cdc_wdm 5-1:1.0: skipping garbage
[  513.731208][ T6339] cdc_wdm 5-1:1.0: skipping garbage
[  513.733979][ T6339] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  513.738148][ T6339] cdc_wdm 5-1:1.0: Unknown control protocol
[  513.761781][T14325] Bluetooth: hci4: ACL packet for unknown connection handle 3584
[  513.764364][T14325] Bluetooth: hci4: ACL packet for unknown connection handle 201
[  513.811074][   T59] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  513.971082][   T59] usb 9-1: Using ep0 maxpacket: 16
[  513.974399][   T59] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  513.977980][   T59] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  513.981346][   T59] usb 9-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  513.984469][   T59] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  513.990512][   T59] usb 9-1: config 0 descriptor??
[  514.154243][    C0] wdm_int_callback: 21 callbacks suppressed
[  514.154259][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  514.158282][    C0] wdm_int_callback: 21 callbacks suppressed
[  514.158292][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  514.162333][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  514.164448][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  514.166572][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  514.168650][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  514.170762][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  514.172889][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  514.175061][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  514.177148][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  514.179277][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  514.181364][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  514.183510][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  514.185587][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  514.187797][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  514.189894][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  514.192006][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  514.194128][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  514.196237][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  514.198319][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  514.203621][T15568] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  514.206839][  T826] usb 5-1: USB disconnect, device number 24
[  514.208792][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  514.209394][T15568] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  514.229546][T13078] usb 9-1: USB disconnect, device number 14
[  514.847124][T14325] Bluetooth: hci2: unexpected event for opcode 0x1005
[  515.681080][  T826] usb 8-1: new full-speed USB device number 26 using dummy_hcd
[  515.832733][  T826] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  515.835788][  T826] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  515.844739][  T826] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  515.847571][  T826] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.967969][T15619] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2822'.
[  516.071275][  T826] usb 8-1: usb_control_msg returned -32
[  516.076154][  T826] usbtmc 8-1:16.0: can't read capabilities
[  517.271394][   T86] bridge_slave_1: left allmulticast mode
[  517.273719][   T86] bridge_slave_1: left promiscuous mode
[  517.276068][   T86] bridge0: port 2(bridge_slave_1) entered disabled state
[  517.280287][   T86] bridge_slave_0: left allmulticast mode
[  517.283042][   T86] bridge_slave_0: left promiscuous mode
[  517.285437][   T86] bridge0: port 1(bridge_slave_0) entered disabled state
[  517.293235][   T86] batman_adv: batadv0: Interface deactivated: gretap1
[  517.470622][   T86] bond2 (unregistering): (slave ip6gretap1): Releasing active interface
[  517.586665][   T86] batman_adv: batadv0: Removing interface: gretap1
[  517.590283][T15634] FAULT_INJECTION: forcing a failure.
[  517.590283][T15634] name failslab, interval 1, probability 0, space 0, times 0
[  517.601112][T15634] CPU: 1 UID: 0 PID: 15634 Comm: syz.0.2828 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  517.601141][T15634] Tainted: [L]=SOFTLOCKUP
[  517.601147][T15634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  517.601158][T15634] Call Trace:
[  517.601164][T15634]  <TASK>
[  517.601170][T15634]  dump_stack_lvl+0x100/0x190
[  517.601198][T15634]  should_fail_ex.cold+0x5/0xa
[  517.601218][T15634]  should_failslab+0xc2/0x120
[  517.601241][T15634]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  517.601259][T15634]  ? skb_clone+0x190/0x400
[  517.601302][T15634]  skb_clone+0x190/0x400
[  517.601326][T15634]  netlink_deliver_tap+0xaed/0xcc0
[  517.601354][T15634]  netlink_unicast+0x650/0x870
[  517.601382][T15634]  ? __pfx_netlink_unicast+0x10/0x10
[  517.601416][T15634]  netlink_sendmsg+0x8b0/0xda0
[  517.601444][T15634]  ? __pfx_netlink_sendmsg+0x10/0x10
[  517.601484][T15634]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  517.601512][T15634]  ____sys_sendmsg+0xa54/0xc30
[  517.601531][T15634]  ? __pfx_____sys_sendmsg+0x10/0x10
[  517.601566][T15634]  ___sys_sendmsg+0x190/0x1e0
[  517.601608][T15634]  ? __pfx____sys_sendmsg+0x10/0x10
[  517.601655][T15634]  __sys_sendmsg+0x170/0x220
[  517.601678][T15634]  ? __pfx___sys_sendmsg+0x10/0x10
[  517.601709][T15634]  ? __pfx_ksys_write+0x10/0x10
[  517.601734][T15634]  __do_fast_syscall_32+0xe3/0x8c0
[  517.601762][T15634]  do_fast_syscall_32+0x32/0x70
[  517.601786][T15634]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  517.601807][T15634] RIP: 0023:0xf7fb7f6c
[  517.601820][T15634] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  517.601836][T15634] RSP: 002b:00000000f547650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  517.601853][T15634] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  517.601863][T15634] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  517.601874][T15634] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  517.601883][T15634] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  517.601894][T15634] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  517.601917][T15634]  </TASK>
[  518.024844][   T86] bond0 (unregistering): (slave 
3
0
): Releasing backup interface
[  518.029060][   T86] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  518.033597][   T86] bond0 (unregistering): Released all slaves
[  518.038729][   T86] bond1 (unregistering): Released all slaves
[  518.047629][T14325] Bluetooth: hci4: unexpected event for opcode 0x1005
[  518.053058][   T86] bond2 (unregistering): Released all slaves
[  518.060088][   T86] bond3 (unregistering): left allmulticast mode
[  518.062378][   T86] dummy0: left allmulticast mode
[  518.083635][   T86] bond3 (unregistering): (slave dummy0): Releasing backup interface
[  518.088013][   T86] bond3 (unregistering): Released all slaves
[  518.097212][   T86] bond4 (unregistering): Released all slaves
[  518.190467][T15645] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2833'.
[  518.235847][   T86] tipc: Disabling bearer <udp:syz2>
[  518.248405][   T86] tipc: Left network mode
[  518.377266][T15653] input: syz1 as /devices/virtual/input/input21
[  518.465972][   T59] usb 8-1: USB disconnect, device number 26
[  518.526841][   T86] hsr_slave_0: left promiscuous mode
[  518.530490][   T86] hsr_slave_1: left promiscuous mode
[  518.534843][   T86] batman_adv: batadv0: Removing interface: batadv_slave_0
[  518.541728][   T86] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  518.544117][   T86] batman_adv: batadv0: Removing interface: batadv_slave_1
[  518.554563][   T86] batadv_slave_1: left promiscuous mode
[  518.556373][   T86] veth0_macvtap: left promiscuous mode
[  518.558192][   T86] veth1_vlan: left promiscuous mode
[  518.559968][   T86] veth0_vlan: left promiscuous mode
[  518.630211][   T86] pim6reg9 (unregistering): left allmulticast mode
[  518.855753][T15659] comedi comedi3: pcmmio: I/O port conflict (0x4f28,32)
[  519.064104][   T86] team0 (unregistering): Port device team_slave_1 removed
[  519.071263][   T86] team0 (unregistering): Port device team_slave_0 removed
[  519.610192][   T86] IPVS: stop unused estimator thread 0...
[  520.489630][T15672] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2840'.
[  520.573456][T14325] Bluetooth: hci0: unexpected event for opcode 0x1005
[  520.795855][T15681] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2843'.
[  520.989182][T15693] FAULT_INJECTION: forcing a failure.
[  520.989182][T15693] name failslab, interval 1, probability 0, space 0, times 0
[  520.993812][T15693] CPU: 2 UID: 0 PID: 15693 Comm: syz.2.2847 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  520.993830][T15693] Tainted: [L]=SOFTLOCKUP
[  520.993834][T15693] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  520.993841][T15693] Call Trace:
[  520.993845][T15693]  <TASK>
[  520.993850][T15693]  dump_stack_lvl+0x100/0x190
[  520.993870][T15693]  should_fail_ex.cold+0x5/0xa
[  520.993882][T15693]  ? hash_netportnet6_del+0xaca/0x1810
[  520.993893][T15693]  should_failslab+0xc2/0x120
[  520.993908][T15693]  __kmalloc_noprof+0xe0/0x850
[  520.993920][T15693]  ? mark_held_locks+0x40/0x70
[  520.993934][T15693]  hash_netportnet6_del+0xaca/0x1810
[  520.993951][T15693]  ? __pfx_hash_netportnet6_del+0x10/0x10
[  520.993966][T15693]  hash_netportnet6_uadt+0xd57/0x1290
[  520.993979][T15693]  ? __pfx_hash_netportnet6_del+0x10/0x10
[  520.993991][T15693]  ? __pfx_hash_netportnet6_uadt+0x10/0x10
[  520.994009][T15693]  ? mark_held_locks+0x40/0x70
[  520.994021][T15693]  call_ad.isra.0+0x16e/0x940
[  520.994036][T15693]  ? __pfx_call_ad.isra.0+0x10/0x10
[  520.994048][T15693]  ? __pfx___nla_validate_parse+0x10/0x10
[  520.994066][T15693]  ? __nla_parse+0x40/0x60
[  520.994079][T15693]  ip_set_ad.isra.0+0x3eb/0x8a0
[  520.994095][T15693]  ? __pfx_ip_set_ad.isra.0+0x10/0x10
[  520.994108][T15693]  ? __mutex_lock+0x7ca/0x1b90
[  520.994123][T15693]  ? __mutex_lock+0x26a/0x1b90
[  520.994149][T15693]  ? find_held_lock+0x2b/0x80
[  520.994167][T15693]  nfnetlink_rcv_msg+0x9f4/0x1200
[  520.994185][T15693]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  520.994214][T15693]  ? __pfx___dev_queue_xmit+0x10/0x10
[  520.994228][T15693]  netlink_rcv_skb+0x159/0x420
[  520.994245][T15693]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  520.994258][T15693]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  520.994280][T15693]  ? ns_capable+0xd2/0xf0
[  520.994298][T15693]  nfnetlink_rcv+0x1b3/0x440
[  520.994310][T15693]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  520.994321][T15693]  ? netlink_deliver_tap+0x1ae/0xcc0
[  520.994339][T15693]  netlink_unicast+0x5aa/0x870
[  520.994357][T15693]  ? __pfx_netlink_unicast+0x10/0x10
[  520.994378][T15693]  netlink_sendmsg+0x8b0/0xda0
[  520.994397][T15693]  ? __pfx_netlink_sendmsg+0x10/0x10
[  520.994414][T15693]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  520.994430][T15693]  ____sys_sendmsg+0xa54/0xc30
[  520.994443][T15693]  ? __pfx_____sys_sendmsg+0x10/0x10
[  520.994453][T15693]  ? _parse_integer_limit+0x17f/0x1d0
[  520.994467][T15693]  ? _kstrtoull+0x13c/0x1f0
[  520.994477][T15693]  ? __pfx__kstrtoull+0x10/0x10
[  520.994490][T15693]  ___sys_sendmsg+0x190/0x1e0
[  520.994503][T15693]  ? __pfx____sys_sendmsg+0x10/0x10
[  520.994514][T15693]  ? __lock_acquire+0x4a5/0x2630
[  520.994536][T15693]  ? find_held_lock+0x2b/0x80
[  520.994559][T15693]  __sys_sendmmsg+0x2ff/0x430
[  520.994576][T15693]  ? __pfx___sys_sendmmsg+0x10/0x10
[  520.994596][T15693]  ? __fget_files+0x215/0x3d0
[  520.994615][T15693]  ? fput+0x79/0x100
[  520.994630][T15693]  ? ksys_write+0x1ac/0x250
[  520.994642][T15693]  ? __pfx_ksys_write+0x10/0x10
[  520.994656][T15693]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  520.994672][T15693]  ? lockdep_hardirqs_on+0x78/0x100
[  520.994687][T15693]  __do_fast_syscall_32+0xe3/0x8c0
[  520.994704][T15693]  do_fast_syscall_32+0x32/0x70
[  520.994720][T15693]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  520.994734][T15693] RIP: 0023:0xf7fb8f6c
[  520.994744][T15693] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  520.994754][T15693] RSP: 002b:00000000f545550c EFLAGS: 00000292 ORIG_RAX: 0000000000000159
[  520.994765][T15693] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000800002c0
[  520.994771][T15693] RDX: 000000000000009f RSI: 0000000000000000 RDI: 0000000000000000
[  520.994778][T15693] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  520.994784][T15693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  520.994790][T15693] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  520.994803][T15693]  </TASK>
[  521.144425][T15698] input: syz1 as /devices/virtual/input/input22
[  521.423411][T15699] comedi comedi3: pcmmio: I/O port conflict (0x4f28,32)
[  521.646880][T15707] netlink: 6040 bytes leftover after parsing attributes in process `syz.3.2852'.
[  521.680752][T15707] loop6: detected capacity change from 0 to 2640
[  521.686459][T15707] buffer_io_error: 27 callbacks suppressed
[  521.686623][T15707] Buffer I/O error on dev loop6, logical block 0, async page read
[  521.691706][T15707] Buffer I/O error on dev loop6, logical block 0, async page read
[  521.694359][T15707] Buffer I/O error on dev loop6, logical block 0, async page read
[  521.696907][T15707] Buffer I/O error on dev loop6, logical block 0, async page read
[  521.699439][T15707] Buffer I/O error on dev loop6, logical block 0, async page read
[  521.703384][T15707] Buffer I/O error on dev loop6, logical block 0, async page read
[  521.706079][T15707] Buffer I/O error on dev loop6, logical block 0, async page read
[  521.709150][T15707] Buffer I/O error on dev loop6, logical block 0, async page read
[  521.713371][T15707] ldm_validate_partition_table(): Disk read failed.
[  521.715860][T15707] Buffer I/O error on dev loop6, logical block 0, async page read
[  521.718423][T15707] Buffer I/O error on dev loop6, logical block 0, async page read
[  521.720939][T15707] Dev loop6: unable to read RDB block 0
[  521.726280][T15707]  loop6: unable to read partition table
[  521.732366][T15707] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  522.184696][T15736] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2855'.
[  522.526971][T15750] loop5: detected capacity change from 0 to 7
[  522.533317][T15750] Dev loop5: unable to read RDB block 7
[  522.535603][T15750]  loop5: AHDI p1
[  522.543025][T15750] loop5: partition table partially beyond EOD, truncated
[  522.543705][T14325] Bluetooth: hci0: unexpected event for opcode 0x1005
[  523.097810][T15769] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2864'.
[  523.937866][T15785] wlan1 speed is unknown, defaulting to 1000
[  524.199002][T15785] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input23
[  524.248615][T15797] fuse: Bad value for 'fd'
[  524.356482][T15800] macvtap1: entered promiscuous mode
[  524.358437][T15800] macvtap1: entered allmulticast mode
[  524.360156][T15800] veth1_vlan: entered allmulticast mode
[  525.090320][ T5340]  pmem0: [POWERTEC] p1 p2
[  525.092310][ T5340] pmem0: p1 start 285212672 is beyond EOD, truncated
[  525.094515][ T5340] pmem0: p2 size 4294901760 extends beyond EOD, truncated
[  525.456000][T14325] Bluetooth: hci2: unexpected event for opcode 0x1005
[  525.781903][T15818] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  525.890530][T15821] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  525.996066][T15827] binder: 15826:15827 ioctl ae01 b returned -22
[  526.141132][ T6016] usb 8-1: new full-speed USB device number 27 using dummy_hcd
[  526.302731][ T6016] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  526.305932][ T6016] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  526.310630][ T6016] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  526.314310][ T6016] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  526.543756][ T6016] usb 8-1: usb_control_msg returned -32
[  526.569258][ T6016] usbtmc 8-1:16.0: can't read capabilities
[  526.689481][   T39] usb 8-1: USB disconnect, device number 27
[  526.824776][T14325] Bluetooth: hci0: unexpected event for opcode 0x0419
[  526.922469][T15848] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  527.081553][T14325] Bluetooth: hci4: unexpected event for opcode 0x1005
[  527.242013][T15854] mkiss: ax0: crc mode is auto.
[  527.282186][T15857] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2887'.
[  527.285813][T15857] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2887'.
[  527.291474][T15858] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2887'.
[  527.295127][T15858] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2887'.
[  527.342715][T15860] netlink: 27 bytes leftover after parsing attributes in process `syz.0.2889'.
[  527.581117][ T6069] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  527.759494][T15871] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2893'.
[  528.264037][T15875] netlink: 'syz.4.2895': attribute type 1 has an invalid length.
[  528.281784][T15875] 8021q: adding VLAN 0 to HW filter on device bond5
[  529.086039][ T6069] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  529.090330][ T6069] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  529.093640][ T6069] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  529.097962][ T6069] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  529.100710][ T6069] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  529.107500][ T6069] usb 5-1: config 0 descriptor??
[  529.166092][T14325] Bluetooth: hci4: unexpected event for opcode 0x0419
[  529.182806][T15886] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add()
[  529.341289][T15903] f2fs: Unknown parameter 'grpquota'
[  529.400678][T15908] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2900'.
[  529.412135][T15908] veth1_vlan: left allmulticast mode
[  529.414284][T15908] macvtap1: left promiscuous mode
[  529.415929][T15908] macvtap1: left allmulticast mode
[  529.517979][T15906] wlan1 speed is unknown, defaulting to 1000
[  529.522694][ T6069] plantronics 0003:047F:FFFF.0008: ignoring exceeding usage max
[  529.540700][ T6069] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  529.596750][T15911] net_ratelimit: 70 callbacks suppressed
[  529.596794][T15911] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  530.106025][T15921] syzkaller0: entered promiscuous mode
[  530.107927][T15921] syzkaller0: entered allmulticast mode
[  530.348087][T15930] comedi comedi3: pcmmio: I/O port conflict (0x4f28,32)
[  530.380958][T15932] input: syz1 as /devices/virtual/input/input26
[  530.444581][T13078] usb 5-1: USB disconnect, device number 25
[  530.591609][T15933] comedi comedi3: pcmmio: I/O port conflict (0x4f28,32)
[  532.322834][ T6016] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  532.443964][T15966] comedi comedi3: pcmmio: I/O port conflict (0x4f28,32)
[  532.563343][T15973] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  532.631870][T13078] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  532.801071][T13078] usb 9-1: Using ep0 maxpacket: 32
[  532.804156][T13078] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  532.809044][T13078] usb 9-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  532.812263][T13078] usb 9-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  532.814838][T13078] usb 9-1: Product: syz
[  532.816162][T13078] usb 9-1: Manufacturer: syz
[  532.817763][T13078] usb 9-1: SerialNumber: syz
[  532.820764][T13078] usb 9-1: config 0 descriptor??
[  532.823448][T15962] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  532.826538][T13078] hub 9-1:0.0: bad descriptor, ignoring hub
[  532.828779][T13078] hub 9-1:0.0: probe with driver hub failed with error -5
[  533.142876][T13078] usb 9-1: USB disconnect, device number 15
[  542.336537][T16044] 9pnet_fd: Insufficient options for proto=fd
[  543.318171][T14325] Bluetooth: hci2: unexpected event for opcode 0x1005
[  543.504829][T16055] bond0: (slave bond_slave_1): Releasing backup interface
[  543.998850][T16061] wlan1 speed is unknown, defaulting to 1000
[  544.257658][   T39] IPVS: starting estimator thread 0...
[  544.361109][T16070] IPVS: using max 45 ests per chain, 108000 per kthread
[  544.450819][T16072] kAFS: No cell specified
[  544.649547][T16083] kAFS: No cell specified
[  544.695991][T16087] kAFS: No cell specified
[  544.770810][T14325] Bluetooth: hci2: connection err: -111
[  544.777242][T16091] input: syz1 as /devices/virtual/input/input28
[  544.780957][T16093] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2953'.
[  544.921877][ T5946] Bluetooth: hci4: unexpected event for opcode 0x1005
[  545.107330][T16110] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2956'.
[  546.457292][T16127] comedi comedi3: pcl818: I/O port conflict (0x4f23,16)
[  546.599438][T16122] wlan1 speed is unknown, defaulting to 1000
[  547.276847][T16149] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2970'.
[  547.471093][ T6016] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  547.628139][ T6016] usb 9-1: Using ep0 maxpacket: 16
[  547.632749][ T6016] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  547.639675][ T6016] usb 9-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  547.644142][ T6016] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  547.647473][ T6016] usb 9-1: Product: syz
[  547.649236][ T6016] usb 9-1: Manufacturer: syz
[  547.651700][ T6016] usb 9-1: SerialNumber: syz
[  547.711937][ T6016] usb 9-1: config 0 descriptor??
[  547.716169][ T6016] em28xx 9-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  547.719712][ T6016] em28xx 9-1:0.0: DVB interface 0 found: bulk
[  547.771150][   T40] audit: type=1326 audit(1770993540.393:16946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16155 comm="syz.3.2973" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f78f6c code=0x7ffc0000
[  547.779545][   T40] audit: type=1326 audit(1770993540.393:16947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16155 comm="syz.3.2973" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f78f6c code=0x7ffc0000
[  547.787339][   T40] audit: type=1326 audit(1770993540.393:16948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16155 comm="syz.3.2973" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f78f6c code=0x7ffc0000
[  547.795909][   T40] audit: type=1326 audit(1770993540.393:16949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16155 comm="syz.3.2973" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f78f6c code=0x7ffc0000
[  547.804742][   T40] audit: type=1326 audit(1770993540.393:16950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16155 comm="syz.3.2973" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f78f6c code=0x7ffc0000
[  547.813775][   T40] audit: type=1326 audit(1770993540.393:16951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16155 comm="syz.3.2973" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf717572b code=0x7ffc0000
[  547.820730][   T40] audit: type=1326 audit(1770993540.393:16952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16155 comm="syz.3.2973" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f78f6c code=0x7ffc0000
[  547.828067][   T40] audit: type=1326 audit(1770993540.393:16953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16155 comm="syz.3.2973" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f78f6c code=0x7ffc0000
[  547.835139][   T40] audit: type=1326 audit(1770993540.393:16954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16155 comm="syz.3.2973" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f78f6c code=0x7ffc0000
[  547.842372][   T40] audit: type=1326 audit(1770993540.533:16955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16155 comm="syz.3.2973" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f78f6c code=0x7ffc0000
[  548.387351][T16178] input: syz0 as /devices/virtual/input/input29
[  548.403886][T16177] ALSA: mixer_oss: invalid OSS volume 'u'
[  548.535096][T16184] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2978'.
[  548.600770][T16186] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2980'.
[  548.726526][ T6016] em28xx 9-1:0.0: unknown em28xx chip ID (0)
[  549.926400][T16212] comedi comedi3: dmm32at: I/O port conflict (0x4f28,16)
[  549.958224][T16212] ip6tnl1: entered promiscuous mode
[  549.964534][T16212] ip6tnl1: entered allmulticast mode
[  549.982297][   T24] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[  550.103471][ T6016] em28xx 9-1:0.0: failed to get i2c transfer status from bridge register (error=-5)
[  550.106130][ T6016] em28xx 9-1:0.0: board has no eeprom
[  550.226077][   T24] usb 8-1: config 0 has no interfaces?
[  550.228238][   T24] usb 8-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  550.251597][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  550.255496][   T24] usb 8-1: config 0 descriptor??
[  550.281081][ T6016] em28xx 9-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  550.283665][ T6016] em28xx 9-1:0.0: dvb set to bulk mode.
[  550.287183][   T24] em28xx 9-1:0.0: Binding DVB extension
[  550.321852][ T6016] usb 9-1: USB disconnect, device number 16
[  550.339813][   T24] em28xx 9-1:0.0: Registering input extension
[  550.351551][ T6016] em28xx 9-1:0.0: Disconnecting em28xx
[  550.353629][ T6016] em28xx 9-1:0.0: Closing input extension
[  550.392414][T16220] dlm: no local IP address has been set
[  550.395398][T16220] dlm: cannot start dlm midcomms -107
[  550.422147][ T6016] em28xx 9-1:0.0: Freeing device
[  550.512789][T16226] dlm: no local IP address has been set
[  550.514708][T16226] dlm: cannot start dlm midcomms -107
[  550.545475][ T5946] Bluetooth: hci4: unexpected event for opcode 0x1005
[  550.701845][T16207] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2986'.
[  550.823075][T16222] netlink: 7 bytes leftover after parsing attributes in process `syz.0.2991'.
[  550.907353][T16207] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2986'.
[  551.000590][   T29] usb 8-1: USB disconnect, device number 28
[  551.665534][   T24] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  551.680634][T16255] binder: 16254:16255 ioctl c0306201 800003c0 returned -14
[  552.075268][T16271] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  552.657918][T16277] FAULT_INJECTION: forcing a failure.
[  552.657918][T16277] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  552.663604][T16277] CPU: 3 UID: 0 PID: 16277 Comm: syz.4.3010 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  552.663632][T16277] Tainted: [L]=SOFTLOCKUP
[  552.663639][T16277] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  552.663649][T16277] Call Trace:
[  552.663656][T16277]  <TASK>
[  552.663664][T16277]  dump_stack_lvl+0x100/0x190
[  552.663694][T16277]  should_fail_ex.cold+0x5/0xa
[  552.663714][T16277]  _copy_to_user+0x32/0xd0
[  552.663741][T16277]  simple_read_from_buffer+0xcb/0x170
[  552.663764][T16277]  proc_fail_nth_read+0x1af/0x230
[  552.663789][T16277]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  552.663813][T16277]  ? rw_verify_area+0xce/0x6d0
[  552.663831][T16277]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  552.663855][T16277]  vfs_read+0x1e4/0xb30
[  552.663880][T16277]  ? __pfx_vfs_read+0x10/0x10
[  552.663898][T16277]  ? find_held_lock+0x2b/0x80
[  552.663924][T16277]  ? __fget_files+0x215/0x3d0
[  552.663950][T16277]  ? __fget_files+0x21f/0x3d0
[  552.663979][T16277]  ksys_read+0x12a/0x250
[  552.664000][T16277]  ? __pfx_ksys_read+0x10/0x10
[  552.664019][T16277]  ? fput+0x79/0x100
[  552.664050][T16277]  do_int80_emulation+0x141/0x6b0
[  552.664081][T16277]  asm_int80_emulation+0x1a/0x20
[  552.664099][T16277] RIP: 0023:0xf712572b
[  552.664113][T16277] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  552.664131][T16277] RSP: 002b:00000000f53dd4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  552.664149][T16277] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f53dd5d0
[  552.664161][T16277] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  552.664171][T16277] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  552.664181][T16277] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  552.664192][T16277] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  552.664217][T16277]  </TASK>
[  552.984474][T16301] netlink: 'syz.2.3013': attribute type 4 has an invalid length.
[  553.108178][T16308] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2142054965 (4284109930 ns) > initial count (2850433972 ns). Using initial count to start timer.
[  553.721866][T16323] bridge0: port 2(bridge_slave_1) entered disabled state
[  553.725339][T16323] bridge0: port 1(bridge_slave_0) entered disabled state
[  553.786338][T16323] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  553.797454][T16323] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  553.865463][ T1186] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  553.869166][ T1186] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  553.874506][ T1186] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  553.877539][ T1186] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  553.907904][T16327] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3023'.
[  554.053546][T16332] FAULT_INJECTION: forcing a failure.
[  554.053546][T16332] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  554.057576][T16332] CPU: 0 UID: 0 PID: 16332 Comm: syz.2.3025 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  554.057594][T16332] Tainted: [L]=SOFTLOCKUP
[  554.057598][T16332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  554.057605][T16332] Call Trace:
[  554.057610][T16332]  <TASK>
[  554.057614][T16332]  dump_stack_lvl+0x100/0x190
[  554.057646][T16332]  should_fail_ex.cold+0x5/0xa
[  554.057659][T16332]  _copy_to_user+0x32/0xd0
[  554.057676][T16332]  simple_read_from_buffer+0xcb/0x170
[  554.057690][T16332]  proc_fail_nth_read+0x1af/0x230
[  554.057705][T16332]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  554.057721][T16332]  ? rw_verify_area+0xce/0x6d0
[  554.057732][T16332]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  554.057746][T16332]  vfs_read+0x1e4/0xb30
[  554.057760][T16332]  ? __pfx_vfs_read+0x10/0x10
[  554.057771][T16332]  ? find_held_lock+0x2b/0x80
[  554.057787][T16332]  ? __fget_files+0x215/0x3d0
[  554.057803][T16332]  ? __fget_files+0x21f/0x3d0
[  554.057819][T16332]  ksys_read+0x12a/0x250
[  554.057832][T16332]  ? __pfx_ksys_read+0x10/0x10
[  554.057848][T16332]  do_int80_emulation+0x141/0x6b0
[  554.057867][T16332]  asm_int80_emulation+0x1a/0x20
[  554.057877][T16332] RIP: 0023:0xf71b572b
[  554.057886][T16332] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  554.057897][T16332] RSP: 002b:00000000f54764bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  554.057907][T16332] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f54765d0
[  554.057914][T16332] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  554.057920][T16332] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  554.057926][T16332] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  554.057932][T16332] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  554.057947][T16332]  </TASK>
[  554.401142][T16348] 8021q: VLANs not supported on gre0
[  554.575383][T16355] netlink: 536 bytes leftover after parsing attributes in process `syz.2.3033'.
[  555.195891][T16370] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3038'.
[  555.283805][ T5946] Bluetooth: hci4: unexpected event for opcode 0x1005
[  555.653445][T16379] netlink: 'syz.0.3036': attribute type 1 has an invalid length.
[  555.686436][T16379] 8021q: adding VLAN 0 to HW filter on device bond1
[  555.961840][T16393] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3045'.
[  556.088645][T16401] faux_driver vkms: [drm] Unknown color mode 6; guessing buffer size.
[  556.106904][T16401] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3049'.
[  556.109758][T16401] netlink: 'syz.0.3049': attribute type 30 has an invalid length.
[  556.119285][ T1145] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  556.120932][T16401] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3049'.
[  556.122185][ T1145] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  556.125128][T16401] netlink: 'syz.0.3049': attribute type 30 has an invalid length.
[  556.127887][ T1145] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  556.133031][ T1145] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  556.232302][ T6016] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  556.371381][ T6016] usb 9-1: device descriptor read/64, error -71
[  556.611288][ T6016] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[  556.742301][ T6016] usb 9-1: device descriptor read/64, error -71
[  556.858273][ T6016] usb usb9-port1: attempt power cycle
[  557.115551][T16418] bridge0: port 2(bridge_slave_1) entered disabled state
[  557.118056][T16418] bridge0: port 1(bridge_slave_0) entered disabled state
[  557.193781][T16418] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  557.198994][T16418] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  557.233768][ T6016] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[  557.262814][ T6016] usb 9-1: device descriptor read/8, error -71
[  557.268441][ T1186] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  557.272552][ T1186] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  557.281364][   T46] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  557.285404][   T46] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  557.444954][T16434] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  557.502545][T16434] 
[  557.503355][T16434] ======================================================
[  557.505520][T16434] WARNING: possible circular locking dependency detected
[  557.507732][T16434] syzkaller #0 Tainted: G             L     
[  557.510178][T16434] ------------------------------------------------------
[  557.512433][T16434] syz.3.3063/16434 is trying to acquire lock:
[  557.514321][T16434] ffff8880128d1290 (&ovl_i_mutex_dir_key[depth]){++++}-{4:4}, at: lookup_slow+0x42/0x70
[  557.517557][T16434] 
[  557.517557][T16434] but task is already holding lock:
[  557.519915][T16434] ffff888013d4d488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  557.522900][T16434] 
[  557.522900][T16434] which lock already depends on the new lock.
[  557.522900][T16434] 
[  557.526358][T16434] 
[  557.526358][T16434] the existing dependency chain (in reverse order) is:
[  557.529256][T16434] 
[  557.529256][T16434] -> #4 (&of->mutex){+.+.}-{4:4}:
[  557.531527][T16434]        __mutex_lock+0x1a2/0x1b90
[  557.533150][T16434]        kernfs_seq_start+0x4f/0x2a0
[  557.534839][T16434]        seq_read_iter+0x2c1/0x1270
[  557.536578][T16434]        kernfs_fop_read_iter+0x46c/0x610
[  557.538451][T16434]        vfs_read+0x825/0xb30
[  557.540027][T16434]        ksys_read+0x12a/0x250
[  557.541590][T16434]        __do_fast_syscall_32+0xe3/0x8c0
[  557.543465][T16434]        do_fast_syscall_32+0x32/0x70
[  557.545192][T16434]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  557.547531][T16434] 
[  557.547531][T16434] -> #3 (&p->lock){+.+.}-{4:4}:
[  557.549956][T16434]        __mutex_lock+0x1a2/0x1b90
[  557.551637][T16434]        seq_read_iter+0xe1/0x1270
[  557.553395][T16434]        proc_reg_read_iter+0x220/0x310
[  557.555161][T16434]        copy_splice_read+0x4ba/0xb90
[  557.556900][T16434]        do_splice_read+0x285/0x370
[  557.558630][T16434]        splice_file_to_pipe+0x82/0x120
[  557.560417][T16434]        do_splice+0xda1/0x1fd0
[  557.562066][T16434]        __do_splice+0x113/0x370
[  557.563692][T16434]        __ia32_sys_splice+0x189/0x250
[  557.565476][T16434]        __do_fast_syscall_32+0xe3/0x8c0
[  557.567295][T16434]        do_fast_syscall_32+0x32/0x70
[  557.569033][T16434]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  557.571239][T16434] 
[  557.571239][T16434] -> #2 (&pipe->mutex){+.+.}-{4:4}:
[  557.573684][T16434]        __mutex_lock+0x1a2/0x1b90
[  557.575307][T16434]        pipe_lock+0x69/0x80
[  557.576807][T16434]        iter_file_splice_write+0x1f8/0x10a0
[  557.578769][T16434]        do_splice+0x109c/0x1fd0
[  557.580546][T16434]        __do_splice+0x33b/0x370
[  557.582222][T16434]        __ia32_sys_splice+0x189/0x250
[  557.584044][T16434]        __do_fast_syscall_32+0xe3/0x8c0
[  557.585907][T16434]        do_fast_syscall_32+0x32/0x70
[  557.587660][T16434]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  557.589892][T16434] 
[  557.589892][T16434] -> #1 (sb_writers#5){.+.+}-{0:0}:
[  557.592325][T16434]        mnt_want_write+0x6f/0x450
[  557.594099][T16434]        ovl_xattr_set+0x137/0x5a0
[  557.595761][T16434]        ovl_own_xattr_set+0x86/0xd0
[  557.597496][T16434]        __vfs_setxattr+0x175/0x1e0
[  557.599192][T16434]        __vfs_setxattr_noperm+0x127/0x660
[  557.601318][T16434]        __vfs_setxattr_locked+0x127/0x2b0
[  557.603187][T16434]        vfs_setxattr+0x14a/0x390
[  557.604942][T16434]        do_setxattr+0x145/0x180
[  557.606551][T16434]        filename_setxattr+0x167/0x1d0
[  557.608341][T16434]        path_setxattrat+0x1ff/0x3b0
[  557.610030][T16434]        __ia32_sys_setxattr+0xc4/0x140
[  557.611854][T16434]        __do_fast_syscall_32+0xe3/0x8c0
[  557.613717][T16434]        do_fast_syscall_32+0x32/0x70
[  557.615524][T16434]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  557.617727][T16434] 
[  557.617727][T16434] -> #0 (&ovl_i_mutex_dir_key[depth]){++++}-{4:4}:
[  557.620529][T16434]        __lock_acquire+0x14b8/0x2630
[  557.622538][T16434]        lock_acquire+0x17c/0x330
[  557.624148][T16434]        down_read+0x99/0x460
[  557.625735][T16434]        lookup_slow+0x42/0x70
[  557.627312][T16434]        path_lookupat+0x5e8/0xc40
[  557.629025][T16434]        filename_lookup+0x202/0x590
[  557.630759][T16434]        kern_path+0x37/0x50
[  557.632284][T16434]        lookup_bdev+0xd8/0x280
[  557.634216][T16434]        resume_store+0x1d6/0x460
[  557.636350][T16434]        kobj_attr_store+0x58/0x80
[  557.638527][T16434]        sysfs_kf_write+0xf2/0x150
[  557.640691][T16434]        kernfs_fop_write_iter+0x3e0/0x5f0
[  557.643186][T16434]        vfs_write+0x6ac/0x1070
[  557.645261][T16434]        ksys_write+0x12a/0x250
[  557.647298][T16434]        __do_fast_syscall_32+0xe3/0x8c0
[  557.649669][T16434]        do_fast_syscall_32+0x32/0x70
[  557.651915][T16434]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  557.654814][T16434] 
[  557.654814][T16434] other info that might help us debug this:
[  557.654814][T16434] 
[  557.659021][T16434] Chain exists of:
[  557.659021][T16434]   &ovl_i_mutex_dir_key[depth] --> &p->lock --> &of->mutex
[  557.659021][T16434] 
[  557.664437][T16434]  Possible unsafe locking scenario:
[  557.664437][T16434] 
[  557.667479][T16434]        CPU0                    CPU1
[  557.669149][T16434]        ----                    ----
[  557.670841][T16434]   lock(&of->mutex);
[  557.672256][T16434]                                lock(&p->lock);
[  557.674593][T16434]                                lock(&of->mutex);
[  557.677326][T16434]   rlock(&ovl_i_mutex_dir_key[depth]);
[  557.679659][T16434] 
[  557.679659][T16434]  *** DEADLOCK ***
[  557.679659][T16434] 
[  557.683014][T16434] 4 locks held by syz.3.3063/16434:
[  557.685187][T16434]  #0: ffff88805258fb38 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2aa/0x380
[  557.688944][T16434]  #1: ffff88802114e420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250
[  557.692745][T16434]  #2: ffff888013d4d488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0
[  557.696786][T16434]  #3: ffff88801c7be788 (kn->active#68){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0
[  557.700972][T16434] 
[  557.700972][T16434] stack backtrace:
[  557.703546][T16434] CPU: 0 UID: 0 PID: 16434 Comm: syz.3.3063 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  557.703577][T16434] Tainted: [L]=SOFTLOCKUP
[  557.703585][T16434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  557.703597][T16434] Call Trace:
[  557.703606][T16434]  <TASK>
[  557.703615][T16434]  dump_stack_lvl+0x100/0x190
[  557.703645][T16434]  print_circular_bug.cold+0x178/0x1c7
[  557.703675][T16434]  check_noncircular+0x146/0x160
[  557.703710][T16434]  __lock_acquire+0x14b8/0x2630
[  557.703733][T16434]  lock_acquire+0x17c/0x330
[  557.703751][T16434]  ? lookup_slow+0x42/0x70
[  557.703779][T16434]  ? __pfx___might_resched+0x10/0x10
[  557.703801][T16434]  ? try_to_unlazy+0x296/0x910
[  557.703821][T16434]  down_read+0x99/0x460
[  557.703837][T16434]  ? lookup_slow+0x42/0x70
[  557.703864][T16434]  ? __pfx_down_read+0x10/0x10
[  557.703883][T16434]  lookup_slow+0x42/0x70
[  557.703911][T16434]  path_lookupat+0x5e8/0xc40
[  557.703933][T16434]  filename_lookup+0x202/0x590
[  557.703957][T16434]  ? __pfx_filename_lookup+0x10/0x10
[  557.703990][T16434]  ? __asan_memcpy+0x3c/0x60
[  557.704007][T16434]  ? do_getname_kernel+0x1be/0x250
[  557.704032][T16434]  kern_path+0x37/0x50
[  557.704051][T16434]  lookup_bdev+0xd8/0x280
[  557.704078][T16434]  ? __pfx_lookup_bdev+0x10/0x10
[  557.704106][T16434]  ? __asan_memcpy+0x3c/0x60
[  557.704126][T16434]  resume_store+0x1d6/0x460
[  557.704151][T16434]  ? __pfx_resume_store+0x10/0x10
[  557.704176][T16434]  ? find_held_lock+0x2b/0x80
[  557.704201][T16434]  ? sysfs_file_kobj+0xe4/0x290
[  557.704226][T16434]  ? sysfs_file_kobj+0xe4/0x290
[  557.704249][T16434]  ? __pfx_resume_store+0x10/0x10
[  557.704272][T16434]  kobj_attr_store+0x58/0x80
[  557.704306][T16434]  ? __pfx_kobj_attr_store+0x10/0x10
[  557.704335][T16434]  sysfs_kf_write+0xf2/0x150
[  557.704361][T16434]  kernfs_fop_write_iter+0x3e0/0x5f0
[  557.704383][T16434]  ? __pfx_sysfs_kf_write+0x10/0x10
[  557.704409][T16434]  vfs_write+0x6ac/0x1070
[  557.704430][T16434]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  557.704452][T16434]  ? __pfx_vfs_write+0x10/0x10
[  557.704481][T16434]  ksys_write+0x12a/0x250
[  557.704502][T16434]  ? __pfx_ksys_write+0x10/0x10
[  557.704527][T16434]  __do_fast_syscall_32+0xe3/0x8c0
[  557.704555][T16434]  do_fast_syscall_32+0x32/0x70
[  557.704582][T16434]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  557.704607][T16434] RIP: 0023:0xf7f78f6c
[  557.704622][T16434] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  557.704640][T16434] RSP: 002b:00000000f543650c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  557.704658][T16434] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000040
[  557.704670][T16434] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000000
[  557.704681][T16434] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  557.704692][T16434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  557.704703][T16434] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  557.704721][T16434]  </TASK>
[  557.704819][ T6016] usb 9-1: new high-speed USB device number 20 using dummy_hcd
[  557.718065][T16434] PM: Image not found (code -22)
[  557.741683][ T6016] usb 9-1: device descriptor read/8, error -71
[  557.911410][ T6016] usb usb9-port1: unable to enumerate USB device
[  567.452734][ T1414] ieee802154 phy0 wpan0: encryption failed: -22
[  567.454932][ T1414] ieee802154 phy1 wpan1: encryption failed: -22