last executing test programs:

7m28.461520642s ago: executing program 1 (id=1224):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000000)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f00000004c0)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c)
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
sendto$inet6(r0, &(0x7f0000000340)="83cab01fa736113c629cb941a4ac12c3634bf2258eeef85b0a", 0x19, 0x4000000, 0x0, 0x0)

7m28.461277401s ago: executing program 1 (id=1225):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_int(r2, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
ppoll(&(0x7f0000000100)=[{r2, 0x8010}], 0x1, 0x0, 0x0, 0x0)
r3 = dup(r1)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$inet6(r1, &(0x7f0000000800)={&(0x7f0000000480)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0xe53729bd61505fe4)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10)
shutdown(r1, 0x1)
close_range(r0, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x0, 0x939, &(0x7f0000000840)=ANY=[@ANYBLOB="12015002731c66403d1bcb01b7d1010203010902270903677620c9090417010d9c29000109050e03280407921007250100ba020009050700ff03010880090501014000060702c63001b28dc87ec5e69b2ee955c10e74b2c6c82d33f8bdb55b3ce2532299eaa39812b802bab9b431e1d31293403151a46be65ef4fe353be51378a32f8bacea9f96c34429b054c4d4f15f874cf8288e1165b2484578c1c77c26bc9bf76528e3ec5bc9c629f4e8be15d928ea959078320eb6e7967f0b56756b61e2216d0b978a5ef39ef812b95b524d0ee505c367def3a15a0954cc7578fa8b27fb7ec85922946ca81a4eec6b7a6b7a7765b9df75f3c626b69518ecb6c61d88dcc59a4b9bb2a50bd2c3ab6a6b070725010c0605000905081000040e03086521557b1c375ba6d0aa61cdbe5bd89c5f93573890141e16efef87ce3afd24958bbabcc2b6ac9309d4c527a41f5b5184676451ae02d7142091784728b166005088709b979bd247c8a6ee50bfb78418e680a3e3e28d9ff59273a788b5e1187c3e8d124ed28b0905060020000100ce0905050010000d00060a23d8f9cc82ba4e1ef2992168071d7152e94f91a7669e56a46924de94a73d8d6236061f32d9816b49b4e19c735b48251201b476684d2c46e8484d8f5a5592b8a3af319ee005c34c3deb8227f4c9d22b4910342d188d9bf3909793765f8c843e497a753dc1880827ffe55857701a8a7290f925735c83b9a0d903d0cb3fca2fa753ae6ca905a5e5c4ca6cfa2d531e61444484653aa5516d939547ff86263fd9c0f125110905040808008104090725010807420009050104ef0308010709050f0420000e0206da30522ea7c3d1e39b46d10da6808e88eb35e256ed4b8ed40d6e8c7b8a94bba2d8544c6cfb67f94037cc5c06c4773232094f264030f12bcdd583b650bf08014114960d16949de42117b48b9fa790f355d3068a5a9d15229d2b004092c59d4ea3739b97fe6242dd36dcfb013e41e84336db01be576921962560df10e0915d52355cef655f65c10cedc2428d6e6076f9cdbf056231b0d4f1c9736eb354b3cf8e3dcb2bb4d38628a3224f933cd0e14c5740b0f1ddaba0217d10878b056cb5c036642a4feac56f5ab8a4171dd3f11dd6c8be21bf53124c906f91089709050500ef0340090301319addc8a7c403ce65d66b693f4a2d01fc9058d22844e671ea68277e5c323f5f6cb88d9452b8444f9ae17bddac0acffbd4a6c4125bf7177ab28b4b10d38ae5fe3afd74e61bf475a4ec7d72246b5f52761eb20e370a6645320645e697bff7e41f01dba384d3311f736c4708975754370a5aab67f03790726a8b6e2e2b7e289018acfcd939d5927df0e654a98f21de175a2938ec55fdf76fa6fcfc6a8964527cc1be35133b44e9ac74ddbcf68e22238325ee119a341c740799539bed304381bd1d76cfc9d0bef4340a129b8401d0257d3de3d09efc287d5878428b6a5d0521457952255161b7198a8699f000e85aaa5cbe82ebf363531e9ee0523a3a8cec56bdd80905800c10002c0204090503030800040000090502064000090703f603d1cda14ed26a90afb0f35fadaa0827e9e1eba4c0327253ec9fbc939736e2bea0387ba469c10ad8c9afbc8be23df9e896be262ff5acf70d5a030989971736ef523e8feeac1ad7e0d23e3b847c72122b606a29ba22e668cb47772f1eb3488196d2c83202d8273e0cf529b0cfd5c66864d1e0f13584e3fff0bd613fb6ecb9ef3c5829636753f64d43efc5d06a6e3e56272dcc130e7ee2e6250d43f78fef802ca97beb7ec9015dfa56a9b5ed8255b4cba8a816ec6234d41ff5f66ec7ec239b5fb0de41d4efd26907b86f3a879bad71240ae8e4e2a70d53edef1c8f1483392a9fdf57769bc98de98d3a0c9d50e4c610a56b56592879c6072501080108000904940708e1fb8b070924060000026938af05240003000d240f01070000000800abe90106241a020029052415020006240702080006241a020020ba372ec0bb1a12f4f2bf0890ae1beb45bb58af5ce9b55ac5bc7bdf29112b617f33ae7cdf4bfb4db550f096336cf4815929b7fe28421c1ad9bf6c3ce7782dc32767a9228d67504fa9783b6aa018a5bdf21fec1f656627ca0de4631a69248f591926531122466125f3428e3f668f3ee0536faeb3638c64d96c44cd58a26682bb9c8a864fef37549108cdc88d3e04ba7dc4c8eb7ea5e260da394ad53c500768bc8150e5911d3ffa923bc18bd0fb48236bbdbc090838d57a68138ff809050d041000050411290ac340dd3c6f322bee55b38446793ea52b58051d060010a2fcae5c7f9437d07d6f79129fd96afe57090505002000468007072501040001000725010c00030009050810000410079b072501040500000725010c01ff0009050c0300028e3a026d30e2761d689923e8383ffbd2404333d7b5d2dfaf5885fb331ba10cd227d722b0025ff6c22ed8c414fa398bbcf40cbed00cc3a65f947f37fd71c4b29f288d3c91494556f362b43fd07162a89490b56592831537e769fc136d6d37c4074d20ea9b98cdccaa9f97fe43a31bd26c452393c7c9128d01da599f018d24b0601acec9bad6ef7b57a41016af12a80d38137541cf8e0e6cf4b9012cd0aafd5a9b3ed4cfddcb873ecaeea805f73a0308c015f0a23e6e09050010200009080767217915ce0f75db4828df50aa0fa03226f547e45fe3941aad9a44540b8874e35fd016081bebd1d8ab1a7541cfa0227f29a3cc35b1d9fe491b0dd865673d25055ccf2961c88bafa985a4cf97b12116ac08faeb7eefb72b9221170f76410b2dbf506cdc7e92bf010905010408000414020725010c4009002a3a6d81b7656b739b06a6cc063dc51b37db70bf509fb6cd5310331494a7afaa2d1cb0234a0ae76ff5d609050808000481370c09050300880008000709040a05011ed626370905801000047705c1420e8f0b6b8646f4584476127e1cdeadecd5ae46b9350478760c247bbf96a8aa5f42376f26d3ee73e9015dbcb3cad5307e4bb686559f825dc7554824423d4677b0fcc5046f7be74535a2370160f4d0a041b2da47fdb5f543f749e8c3a1ad3b08ba5330f6b1b6cba073c29f1ae8f1a81b79455ec5fff2d3041891b9dceea8746db904a792188292e1a5763d3b405f93af333882f2516b0843749550e2bbec8ba1d47621ee78cb2e96a644477202c9b398d59067c76efe6e6a532cb9d33e66f4cd75fbb11687a26d3af110dec8b91a0afd70bbbaf345b981288da60bc8c58ef28d2d537d62ea3f42125996f6f4c1c2d39997d08c2cc6611216fa6e8bb2fed973121f80fe3261e4fd"], &(0x7f00000003c0)={0xa, &(0x7f0000000080)={0xa, 0x6, 0x310, 0x2, 0x9, 0x40, 0x18, 0xd}, 0xa7, &(0x7f0000000140)={0x5, 0xf, 0xa7, 0x5, [@generic={0x7b, 0x10, 0x4, "a5480ec051e18704c4685262c8864ff8a07332af747be5b9bcb24ac681ef461d924a3232c3165582e1c6c7bf53da61e47973bd0ba6510d3475ab913e0b89557580f51dd496efd909ea72aacaddb2eb6047b120650f26fb14a47fda07f9fff50443b7ab04382c5d4d37354f3bfcda6275a53b7191f1d40b1a"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x4c, 0x9, 0x8}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0x5, 0x2, 0x6}, @wireless={0xb, 0x10, 0x1, 0x4, 0x35, 0x7, 0xd, 0x7ff, 0x1}, @wireless={0xb, 0x10, 0x1, 0xc, 0x80, 0x1, 0x9, 0x4, 0xe3}]}, 0x5, [{0x35, &(0x7f0000000200)=@string={0x35, 0x3, "b6b27d5a83f6fa9600274039c8e1c96fed010f8f481e92f1acea0b8cab2534c7dfabfae8687ab17d7a9dab2263238f149cffa3"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x425}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0xfaa9658d1fb0785d}}, {0x47, &(0x7f00000002c0)=@string={0x47, 0x3, "bbb59755d5f6e3aaaa2c258412db68e0a43efa0828b1d4371c5fd30afeaab5c1a5b6794a1f201e0569b07aad01fccd3679becc2a6edf7c7f8790b9c5a6ca01fb797bf80cd4"}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x4001}}]})

7m26.991919265s ago: executing program 1 (id=1233):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000000)={0x0, 0x0}, 0x10)
sendmsg$NLBL_UNLABEL_C_ACCEPT(0xffffffffffffffff, 0x0, 0x804d)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6a, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
sched_setscheduler(0x0, 0x5, &(0x7f0000000240)=0xfffff800)
r1 = getpid()
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x20, '\x00', 0x0, 0x2}, 0x94)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="8c00000010001fff28bd70000000800000000000", @ANYRES32=0x0, @ANYBLOB="efb00000800000006c0012800b00010062726964676500005c00028008000500010000000c002e"], 0x8c}, 0x1, 0x0, 0x0, 0x4000084}, 0x14)
r3 = syz_pidfd_open(r1, 0x0)
setns(r3, 0x24020000)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x152)
mount$bind(&(0x7f0000000200)='.\x00', &(0x7f00000004c0)='./file0\x00', 0x0, 0x2125099, 0x0)
r4 = open_tree(0xffffffffffffff9c, &(0x7f0000000500)='./file0/../file0\x00', 0x89901)
r5 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x81)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r5, 0x0)
move_mount(r4, &(0x7f0000000180)='./file0/../file0\x00', r5, &(0x7f0000000100)='./file0/../file0\x00', 0x42)

7m25.752698826s ago: executing program 1 (id=1238):
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x10, 0x4, 0x4, 0x2}, 0x50)
r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x141a82, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x3)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x4b564d03, 0x0, 0x1}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
sendfile(r0, r0, &(0x7f0000000000)=0x1, 0x4)

7m25.552806643s ago: executing program 1 (id=1239):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101)
mount$fuse(0x0, 0x0, 0x0, 0x2b18094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000140)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x12d)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f00000000c0)={<r2=>0xffffffffffffffff})
splice(r2, 0x0, r1, 0x0, 0xffffffffffff8000, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={0xffffffffffffffff, r1, 0x11, 0x0, @void}, 0x10)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}})
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180))

7m24.637654428s ago: executing program 1 (id=1246):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], 0x0, 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
ptrace$poke(0x5, 0x0, &(0x7f0000000080), 0xf5)
ptrace$PTRACE_SETSIGMASK(0x420b, 0x0, 0x8, &(0x7f00000005c0)={[0x8, 0x4]})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0200000004000000080000000f00000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000000fff30000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
keyctl$session_to_parent(0x12)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
keyctl$session_to_parent(0x12)

7m9.659141955s ago: executing program 32 (id=1246):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], 0x0, 0x6, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
ptrace$poke(0x5, 0x0, &(0x7f0000000080), 0xf5)
ptrace$PTRACE_SETSIGMASK(0x420b, 0x0, 0x8, &(0x7f00000005c0)={[0x8, 0x4]})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="0200000004000000080000000f00000000000000", @ANYRES32, @ANYBLOB="00000000000000000000000000fff30000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
keyctl$session_to_parent(0x12)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
keyctl$session_to_parent(0x12)

6m48.457313s ago: executing program 2 (id=1428):
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x2200, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x34, 0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x40000000})
pipe(&(0x7f0000000500)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r3, 0x5, &(0x7f00000005c0)='fd', 0x0, r2)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = fsmount(r3, 0x0, 0x2)
symlinkat(&(0x7f0000000040)='./file1\x00', r4, &(0x7f00000002c0)='./file1\x00')
r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r5, r5)
setpgid(0x0, r5)
fchdir(r4)
r6 = inotify_init1(0x800)
inotify_add_watch(r6, &(0x7f0000000000)='./file1\x00', 0x9)
syz_io_uring_setup(0x707d, &(0x7f0000000300)={0x0, 0x9fe9, 0x20, 0x0, 0xa2, 0x0, r0}, &(0x7f00000000c0)=<r7=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0xc8, &(0x7f00000003c0)=0x1000000, 0x0, 0x4)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='net/wireless\x00')
socket$inet(0x2, 0x2, 0x0)

6m47.512741063s ago: executing program 2 (id=1431):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @objref={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_OBJREF_SET_ID={0x8}, @NFTA_OBJREF_SET_SREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0)
syz_genetlink_get_family_id$tipc(0x0, 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(0xffffffffffffffff, 0x0, 0x800)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
bind$bt_l2cap(r1, &(0x7f00000000c0)={0x1f, 0x8006, @none, 0x5, 0x2}, 0xe)
connect$bt_l2cap(r1, &(0x7f00000003c0)={0x1f, 0xc739, @any, 0x367, 0x2}, 0xe)
r2 = socket$pptp(0x18, 0x1, 0x2)
bind$pptp(r2, &(0x7f0000000140)={0x18, 0x2, {0xffff, @dev={0xac, 0x14, 0x14, 0x20}}}, 0x1e)
connect$pptp(r2, &(0x7f0000000080)={0x18, 0x2, {0x4, @multicast1}}, 0x1e)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000680), 0x101402, 0x0)
ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000040)=0x1)
ioctl$PPPIOCATTACH(r3, 0x4004743d, &(0x7f00000001c0))

6m47.07168236s ago: executing program 2 (id=1433):
mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
getsockopt$sock_buf(r1, 0x1, 0x1c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$adsp1(0xffffffffffffff9c, 0x0, 0x2200, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x34, 0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x40000000})
pipe(&(0x7f0000000500)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f00000005c0)='fd', 0x0, r3)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x2)
symlinkat(&(0x7f0000000040)='./file1\x00', r5, &(0x7f00000002c0)='./file1\x00')
r6 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(0x0, r6)
fchdir(r5)
r7 = inotify_init1(0x800)
inotify_add_watch(r7, &(0x7f0000000000)='./file1\x00', 0x9)
syz_io_uring_setup(0x707d, &(0x7f0000000300)={0x0, 0x9fe9, 0x20, 0x0, 0xa2, 0x0, r0}, &(0x7f00000000c0)=<r8=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0xc8, &(0x7f00000003c0)=0x1000000, 0x0, 0x4)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
syz_open_procfs(0x0, &(0x7f0000000040)='net/wireless\x00')
socket$inet(0x2, 0x2, 0x0)

6m46.526235803s ago: executing program 2 (id=1435):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000004c0)={0x0, 0x1f, &(0x7f0000000480)={0x0, 0x32}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r2, @ANYBLOB="0000000a0100000018001200080001"], 0x38}}, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=ANY=[@ANYBLOB="bc030000100039042abd7000eaffffff000503e4", @ANYRES32=r2, @ANYBLOB="130000afc418060030001280080001007369740024000280060011004e22000005000900290000000800140a0101006c031680100001800c000446549fca27a448fb8dc17220e3380449c9ff7c4a83185dc181ef47ccdb36d9f5823a0c750c26aab6552904f9e6e9ceaa88d189d048a2ee6f0adf6f8dad8dc2070e57d85e2ae7aa8f54255dc96a28a9bcd22045e1d3f77ebc08ea1a997e58098f3a2a9b6bbd81990da6407ca309465bda76985e1976136d1b922576cfd5381f"], 0x3bc}, 0x1, 0x0, 0x0, 0x8000}, 0x2000c044)

6m46.42185796s ago: executing program 2 (id=1436):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101)
mount$fuse(0x0, 0x0, 0x0, 0x2b18094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000140)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x12d)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f00000000c0)={<r2=>0xffffffffffffffff})
splice(r2, 0x0, r1, 0x0, 0xffffffffffff8000, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={0xffffffffffffffff, r1, 0x11, 0x0, @void}, 0x10)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x4000}})
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180))

6m45.586947505s ago: executing program 2 (id=1439):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-aes-aesni\x00'}, 0x58)
r1 = openat$vmci(0xffffff9c, &(0x7f0000000340), 0x2, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_DETACH(r1, 0x7aa, &(0x7f0000000380)={{@my=0x0, 0x9}, 0x3ff, 0x8})
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$802154_dgram(r2, &(0x7f0000000000)={0x24, @short={0x2, 0x3, 0xaaa2}}, 0x14)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = userfaultfd(0x80000)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000300)={&(0x7f0000fe9000/0x14000)=nil, &(0x7f0000ff9000/0x2000)=nil, 0x14000, 0x1})
r4 = accept4(r0, 0x0, 0x0, 0x800)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000009500001400000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_genetlink_get_family_id$gtp(&(0x7f00000001c0), r4)
setsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000000)={0x3, 0x46eb, 0x6, 0x0, 0x8, 0x80, 0x7}, 0xc)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r5 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43)
mknodat$loop(r5, &(0x7f00000002c0)='./file1\x00', 0x10, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
renameat2(0xffffffffffffff9c, &(0x7f00000007c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file2\x00', 0x5)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @none, 0x7ff}, 0xa)
sendmmsg(0xffffffffffffffff, &(0x7f00000042c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000180)="e9c31a1d31afd0890516354ae9", 0xd}], 0x1}}, {{0x0, 0x0, &(0x7f0000003a80)=[{&(0x7f0000002600)="d840c8fd9fb4666119f0f0df6f2fa2ba06bc3c6f5e6eae94d83e976e5ee50d93472ab14f16663fbd6072d93a79cb3f19195a20cccb450c42fa09aeeb0968ef4b6eb340f9112d0324b6ac1c4a6ec35446da9aeb84ba28d8d35202d0a8563a992769fe70b323aa0876b7cfd350dbbd69087eac242fc4400965b09b69d65e1b8eb69c1cdd9e52dda1c73e8867a0f334222ccf3d31bdf6b84670ea91c74d15852ea0d350d690f8570d735be770230afaeeab10b41f0ac7634bd09eeae1a9c05260f414f2e22da7bb5b04d8477ea277", 0xcd}, {&(0x7f0000002700)="6e0d556cccedda4f43c5354d2b5f3db37c7c977d32cc059b8f5d29946fb035bf085ad7c6834b2208515ca3e85d2be94c7144757e1a5f5778829941b6a322ad4114e7240d8cea00b565ea5b9d8cb7925ee8f08067ba5faf20fe8fbbe69dfb24190a4bf77f4c0606c013630fcf4b2dff908eb61ad62ad80d610edd51258c453fe1d926611cac6275c32f92054bff46f434a0f6f49c253af42cf5273fecead53c1adb644408cf9ad630c9cb43bd22332f512278e949b4ca5eced531ce3da95c2f757a4ec7e5db91234196ea500b573b58ee945070a6bdd2603ce0c3dfd13b7c204462035a", 0xe3}, {&(0x7f0000002800)="83516876f31f2a06169166958d49cb8057a7fb7c81c234b5c4c03330cb0c3bcc61ef33858561ae96ccb432e78dc0d157c99a566cf7293c2bbf7332bdfabd94c89e917a28217b487c97e6520586ef6cbf32ebc45aac0502f8057ab5", 0x5b}, {&(0x7f0000002880)="4d310e48a2808d6f89b4bec44c91091347987e25eb04f9a943d411871d59f88f700f73e1a0f63c5e2814bd7977aac8a3136532a0f9c2d5cc0fd840b1512102bee21fb411389ff9d01c131821a12301d113c48eb42072747ba101fbf1dd66520bd3cfcd6b8c959ed2f86983448db35b6f0f5736a2a205bd88614c49ac4345b48ec10d59d7841dd8a698a89d28bb48d912deb6daeeb334", 0x96}], 0x4}}], 0x2, 0x800)

6m30.07740024s ago: executing program 33 (id=1439):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-aes-aesni\x00'}, 0x58)
r1 = openat$vmci(0xffffff9c, &(0x7f0000000340), 0x2, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_DETACH(r1, 0x7aa, &(0x7f0000000380)={{@my=0x0, 0x9}, 0x3ff, 0x8})
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
bind$802154_dgram(r2, &(0x7f0000000000)={0x24, @short={0x2, 0x3, 0xaaa2}}, 0x14)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r3 = userfaultfd(0x80000)
ioctl$UFFDIO_COPY(r3, 0xc028aa03, &(0x7f0000000300)={&(0x7f0000fe9000/0x14000)=nil, &(0x7f0000ff9000/0x2000)=nil, 0x14000, 0x1})
r4 = accept4(r0, 0x0, 0x0, 0x800)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000000000000000000009500001400000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x11, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
syz_genetlink_get_family_id$gtp(&(0x7f00000001c0), r4)
setsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000000)={0x3, 0x46eb, 0x6, 0x0, 0x8, 0x80, 0x7}, 0xc)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r5 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43)
mknodat$loop(r5, &(0x7f00000002c0)='./file1\x00', 0x10, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
renameat2(0xffffffffffffff9c, &(0x7f00000007c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000005c0)='./file2\x00', 0x5)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe)
connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000080)={0x1f, 0x0, @none, 0x7ff}, 0xa)
sendmmsg(0xffffffffffffffff, &(0x7f00000042c0)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000180)="e9c31a1d31afd0890516354ae9", 0xd}], 0x1}}, {{0x0, 0x0, &(0x7f0000003a80)=[{&(0x7f0000002600)="d840c8fd9fb4666119f0f0df6f2fa2ba06bc3c6f5e6eae94d83e976e5ee50d93472ab14f16663fbd6072d93a79cb3f19195a20cccb450c42fa09aeeb0968ef4b6eb340f9112d0324b6ac1c4a6ec35446da9aeb84ba28d8d35202d0a8563a992769fe70b323aa0876b7cfd350dbbd69087eac242fc4400965b09b69d65e1b8eb69c1cdd9e52dda1c73e8867a0f334222ccf3d31bdf6b84670ea91c74d15852ea0d350d690f8570d735be770230afaeeab10b41f0ac7634bd09eeae1a9c05260f414f2e22da7bb5b04d8477ea277", 0xcd}, {&(0x7f0000002700)="6e0d556cccedda4f43c5354d2b5f3db37c7c977d32cc059b8f5d29946fb035bf085ad7c6834b2208515ca3e85d2be94c7144757e1a5f5778829941b6a322ad4114e7240d8cea00b565ea5b9d8cb7925ee8f08067ba5faf20fe8fbbe69dfb24190a4bf77f4c0606c013630fcf4b2dff908eb61ad62ad80d610edd51258c453fe1d926611cac6275c32f92054bff46f434a0f6f49c253af42cf5273fecead53c1adb644408cf9ad630c9cb43bd22332f512278e949b4ca5eced531ce3da95c2f757a4ec7e5db91234196ea500b573b58ee945070a6bdd2603ce0c3dfd13b7c204462035a", 0xe3}, {&(0x7f0000002800)="83516876f31f2a06169166958d49cb8057a7fb7c81c234b5c4c03330cb0c3bcc61ef33858561ae96ccb432e78dc0d157c99a566cf7293c2bbf7332bdfabd94c89e917a28217b487c97e6520586ef6cbf32ebc45aac0502f8057ab5", 0x5b}, {&(0x7f0000002880)="4d310e48a2808d6f89b4bec44c91091347987e25eb04f9a943d411871d59f88f700f73e1a0f63c5e2814bd7977aac8a3136532a0f9c2d5cc0fd840b1512102bee21fb411389ff9d01c131821a12301d113c48eb42072747ba101fbf1dd66520bd3cfcd6b8c959ed2f86983448db35b6f0f5736a2a205bd88614c49ac4345b48ec10d59d7841dd8a698a89d28bb48d912deb6daeeb334", 0x96}], 0x4}}], 0x2, 0x800)

3m45.921468929s ago: executing program 3 (id=2167):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2)
ioctl$UDMABUF_CREATE_LIST(r2, 0x40087543, &(0x7f0000000100)=ANY=[@ANYBLOB="1133e84c2fa3"])
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), r1)
syz_open_procfs(0x0, &(0x7f0000000180)='net/vlan/vlan0\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000040000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r3, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = syz_open_procfs(0x0, &(0x7f0000000180)='net/vlan/vlan0\x00')
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={<r5=>0xffffffffffffffff})
ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r5, 0x8982, &(0x7f0000002800)={0x1, 'netpci0\x00', {}, 0xfff5})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$pppl2tp(0x18, 0x1, 0x1)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r7, &(0x7f0000000240)=@pppol2tpin6={0x18, 0x1, {0x0, r8, 0x2, 0x0, 0x0, 0x0, {0xa, 0x0, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x6}}}, 0x32)
r9 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000009c0)=ANY=[@ANYRESOCT, @ANYRES16=r9, @ANYBLOB="01000cbd7015040000e704000000080009002c0000fd35ac50ea42ea91fd3502"], 0x34}, 0x1, 0x0, 0x0, 0x40811}, 0x20)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r4, 0xe0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r11=>0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f0000000240)=[0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0], 0x0, 0x73, &(0x7f00000003c0)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000400), &(0x7f00000005c0), 0x8, 0x77, 0x8, 0x8, &(0x7f0000000600)}}, 0x10)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f0000000a00)=ANY=[@ANYBLOB="f800000019000100000000000000000020010000000000000000000000000000ac14141500000000000000000000000000000005000000000a00200000000000", @ANYRES32=r11, @ANYRES32, @ANYBLOB="00000000000000000000000000956246280000000000000000000000000000000050ae00000000ffff0000000000000000020000000000e7ffff0900000000000000000000008040000000000000000008000000000000000001000000440005f800000000000000000000000000000000000004d23c00000000000000ffffffff0000000000003c1cefcdf005779cfd9e0e04f79b8d4600000000000000000000000303404900000000000000bd0300"/189], 0xf8}}, 0x0)
syz_emit_ethernet(0x76, &(0x7f0000000540)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb0800450000680000000000069078ac1414bbac1414aa00004001", @ANYRES32=0x41424344, @ANYRES8=r10, @ANYBLOB="50020000b0780000"], 0x0)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f00000007c0), r6)
sendmsg$NL80211_CMD_START_P2P_DEVICE(r6, &(0x7f0000000940)={&(0x7f0000000780)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000840)={&(0x7f0000000800)={0x20, r12, 0x100, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x80000001, 0x11}}}}, ["", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x24000000}, 0x0)
r13 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r13, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100000000000000000000000000fc01000000000000000000000000000000000000000000000a0000"], 0xfc}}, 0x0)
r14 = socket$inet6(0xa, 0x2, 0x0)
sendto$inet6(r14, 0x0, 0x0, 0x3a, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c)
syz_genetlink_get_family_id$l2tp(&(0x7f0000000000), r6)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000b40)=ANY=[@ANYBLOB="14000000", @ANYBLOB="7de45d9ef812ed4ed9ad6aa09b387b0a89c6886b8cd338302b3723c5caf5a3f489bb19d54bec7b44894bd9cbbdeb4d30bd617bf11db60af2980f2eff9ba8545fd93b4a29bc59fb5f289bfbae5116ec86d86024671c24847e2491009602ebad61a6efebff2eb85cdbdba3ea62dd565c337a00e3ead17b82a5331307876f57e8001fbe8ac0ee3188c86536a1ae550fde1515bd6cdfe833142ee33e5cb825e40dd1043a46f149426c2f7bd2dd340785560dec7ca068b533626c24", @ANYBLOB="0100cbbd7000fedbdf2528000000"], 0x14}, 0x1, 0x0, 0x0, 0x24000000}, 0x4004080)

3m45.535812146s ago: executing program 3 (id=2169):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000480), 0x0, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) (fail_nth: 2)

3m45.30147176s ago: executing program 3 (id=2170):
r0 = socket$tipc(0x1e, 0x2, 0x0)
getsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f0000000000), &(0x7f0000000140)=0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000480), 0x0, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

3m45.181582802s ago: executing program 3 (id=2171):
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x18d883, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x89801)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xfff6)

3m45.131352233s ago: executing program 3 (id=2172):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b0000000500000002000000040000"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000d00)={0x11, 0x15, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000047b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000100850000000100000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000010000850000008200000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000a80)={r2, 0x0, 0x0}, 0x10)

3m41.541392544s ago: executing program 3 (id=2186):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x10000, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x8, 0x0, 0x100000001, 0x0, 0x0, 0xffffffffffffb473, 0xffffffffffffffff}, {0x1000000000, 0x2000000000000000, 0x0, 0xffffffffffffffff}, 0xfffffffe}}, 0xb8}}, 0x4004)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x1000, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000, 0x4}}}, 0xb8}}, 0x2c000010)
sendmsg$nl_xfrm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b800f000140001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000100000000a"], 0xb8}, 0x1, 0x0, 0x0, 0x404c830}, 0x0)

3m41.541238355s ago: executing program 34 (id=2186):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x10000, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x8, 0x0, 0x100000001, 0x0, 0x0, 0xffffffffffffb473, 0xffffffffffffffff}, {0x1000000000, 0x2000000000000000, 0x0, 0xffffffffffffffff}, 0xfffffffe}}, 0xb8}}, 0x4004)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x1000, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000, 0x4}}}, 0xb8}}, 0x2c000010)
sendmsg$nl_xfrm(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b800f000140001000000000000000000e00000020000000000000000000000000000000000000000000000000000000000000000100000000a"], 0xb8}, 0x1, 0x0, 0x0, 0x404c830}, 0x0)

3m6.713217895s ago: executing program 6 (id=2354):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000080)={0x24, &(0x7f0000000200)=ANY=[@ANYRES64=r0, @ANYBLOB="266a48a299005ad587d554351a063c9a2cea0e7327f9a60bcb18c35a718b789364ccd3defec4ac281b5276b85cdb15e03a6d2259fff9de10c5e6af0dc12d8a7e306633a1371332a6ee8673a1e3ccb48e0f2df46849aae2b9cd53fa2533fe8e251e5a6dc5741704099e73d3feecb8f443143789ebdf34d1ed0fa96b7537fde8c923a3b27c0edfcde8a4687c5fd30de7a7fa6ed1fa96de977d03e47bc93503dd1a15040213dae973e8b374a22ebd5efcfd0dff253e541010f2055f1d4cc11a8d2e661d46459b2795d2053ed94a7d245fb64ba35f23b9386af5f69f4d22f2ba9d17c9d71be8cfff49165592bc3bb9826cf6f984172ecfdb0ffd46f78ff261b32950bd0aaff6440ee9f2e365309d99f775b31daefb108ca1beb045f14be79363fe4bb2d912f28842df78531c9620503f42faabfb0758bd04c7ca89518ed0dc0ea33a43bb5f1c5035628c6bb787a635ab0b1026b0c90ac8eb2c7dffe5234f1eaa1a960b6e65085ccddf16bc720c038dceef81a5e1c181c0720d01b619c15c5d059091d879e73935b8103e7baa359a94fe5b44b4e70ab56b7de5add276828bac8e60b236b387086e1d1619a13e4164a57f0ab756c29e1a88f6c405391c442c2d2e3e6be942096d8e8d2d424036d0405e8a36aca335308e75fb3f0fe532af0de77cfe828d5ec40b3fefbe4029c10e5b9dbde4a87155862811c57120f1c70e1cddec3e6c1257a111caf3b406930cb0538dc37ad2a057782578dbfc47fb30b85075e9a8872344a81920cc56bd7af60b3ddeec140f9adef9e2f6054b361515c49280a4c7eca1fda9224f99531a9a1837b2e3bede0b82a68e2e2545518da8d7dedeb1aa00317a6f52620a22c0b352541b3d555a4547811ae18d0203d9aa2f7fcc7e8f0562534e78c0bf466d9b28542cd11e3872e6cbfffbd2e73313c9d5252ab7f7c81f7c8caae78842c99e23d43446186657601c70df2b1bd0b350d6e46d9b63756234a42811c38712318c0062780c1a30e4217253a3732ee8a25f7b3cebacac083d4653595055b23e6d42e4e3786191821bcf23f9f05e595be9d76dc225a48b445e7ad8f9ad7369611184ae259593f5cb7bdaea4c6b3895f621dae6ba66b158716e1af2e0efe69d134d0dae0185d47a3574d59ff32b826861518bc24c5cc718fef77b04dde6b5c6c8e2401ba0c8d1517d15ec9ac171b82c78fd5f969a11290b98650c0e9b15319cd23c0f3735f2d97577d5265d1ddf767fde04c9d306a59e3bafa153a5f820930c6acfe17c2cc6c69f1dbdd1000d4f56d17ec40d37247ae3fcae2cdcad29865f17231c95a0348cacd0eda2d32fa33c74f1502df51b22ba5795361172f728de4534789e92679256799ff04352b6490ad34448853f8eb67c3a69783675b24acc8aac63a1b29ef6e721464006998b07405a0a1dbb53f0b65afaed3e117b815aac7767c77800f00e00660931c369312ebc4b8ef157d589e741dabf22fab945d48f75a623834f1d26f036f1b6fca4c795161f75120f8c1c933435e261b272582c51ef8ea75110ccec0e6a23b6bcdb2475336dded78e54610d67d6ee2e695459ac1812c9f66cb2662aa6c17d985ce0deaef38d5714ad38563365ab29ea617dae8161878fa0ab5b874dfcb1db1a9bb56340d6197603701a1891428a581fc184bea10bf87921171828d23db196df6c0be72fd0148d3d696e23490b6b8a8197a305aa138ed6fc73eea96e76d595eb9156b97942c0d2367c773d961123f72ff6a5a505c2cb938bb52168e3e34e58a1ea1c40b2459f71e0766a87c3219f190e5f832535efc99dd3bcdf2724fd7261459f2deb6086c8481a184fe45daa64dc6b66689243f1435ec07e573802f45c0ba4446c0de847bd5e4883fe8c08d29c3e2ffd4ffd17eac85ee354f37095f5c6b8fd31d66c488bab4a787fbed2f1909aaf823194d5d1e99ccef05c3d79f6a05da2690854a0c4e5ad09ebd1526cccdbff33ebb24ec0ce9591a1a5225c3adc08dfe19ec00070d904cae9e12b6ea7e31515afd295a0934af69de258438cbbe06393086e0c5b452f5a37717680aeb239fb484afcec7aa7fd616ce6c94ca1a4152280e360a8f5c0e420936ddbc646f44e0cb285363f364fd90d4e2aa218f8a4045db040b401f6b3f55b93495798ed46e2c7e0fc857d9745c7115dc38e75179f1470f28cbce28f2662aae11acac9d802e17b92a972b79756caa6ba41e6ac7fe13bd749551fbd1db19d17368be4ff0d0eb53c5ed44119f6b6d973f420fffa21f5732a19dd45c888573e72f5e6193645aaca8fe204c978b23119c0f272c37970cdd3589acc72eb63c2911d788e26c6e625bad060809c224e282f398bd18c3aee795c03ccb6309079e4d7ee0ba3b1323fef6e11ea419311182cc2c992713af1f75ab64e38cb6baeba16c6b8d47571aca49923b751c171c265085e42232ddd29e6d859fb79e1a6dccb299a8ab9819402a3d409c04c6b44dd5776226cb03319364d93f100e7cd21eca27725f383529bbd3089e68fb6d00139bf98beeed4b46170c0bf83935dbf699065c716db9f9a2cfd9860ab80fb74235fe7393af180de8db9724678b7107e3ac97010988a78f1bd5de916f35ecf794cc463227468aac1410567f0f10395ffbe5e59a9fc79e5d4976a82e4171243283cc8eebe47080fc9a2f95e69a83df028a4f76413b7e2080d8a125dcd7737340633db7ea6b4d47c380c7effe91916dc04c40930376fed97d3548bc6f64cf841fcb37f8e91cf9f4ceef8a5a2d4e435cae872697d61b86e140bf1f9c3e8eb51fdbafc00838cff6387c5d2af259b39815abbcac5632aed0b4b0ffe3095b3b4582f6493f49d9abe2c2c5ea4f03c7fdce9a2ea2c444e317aec56915e87de31a906afba62c17fec6dc3d5dc95277811ed799724dc5d7feef2f65f4b350f22fabbccdd59ace337622982c268e6cea1ae822c645b1d1920cc5acd5e5ca4d4adc1532b3c47bd71184a1de7b51a09b501ed73a49e837a4277597e07b1025a2f4c4ab7d1ff1a7d56a420ba593c744aae099755099eff0bccef50682822da927afb3fe53ae663df3b4d2eb97123efb90af498a5c18d53c4508d1bbeeb6060371a8cb42578ea1d1ebbc009aa640e97cd76813a2165d587c53cd7cc03c48566253d506c64c73a9361249a9721aae0d78461c69640851d70a65fc314a977f1ad8bb8d4e06c9a01f7de19ee936478ddd749eda9f2b6810e5ff50dd97488c9d0dd91e3e0ab91c72b35fc457111fb0d5e908356e1947fe1d21b681dd746a44239478839c09cc93f3b09e74265dd3116233d751ce87bf534ad8435780dd2ede204576b8aa2ab6fcf97a939758f42390a007892f2689fc13bf85d335fe83e3da13950d73a3fe77d2975a0bd3ada364753bc13721befcfdd149168abe31ebafc59f36971e30eb418507dc25ff3052941e907b09305c174f7f6b9202c504be5b93162e04ca320e8f7743ada182873018469aca2669f0a7eb7bb77a97c7864bc839038a501505a984c648e124fb3fb1fd4128d285f83a6f8a955efde8ac53851792ab76be9e22f3ece748b514b250677e925b0fe2c8aa1eef6489fc5000e505d80fc4b316310e3f6eaf87dc2df839fa813d5b8c88233b8c5e15baf9d9f79a6297f0f194f8a463ecce67d9ccf1ceca9d7a92c070bf6aed5fa1d23fa06cf4a6c52e97c25226d0acf9cd424994178d312ccfe1941a948a7097f9511bac4ed88a70a2e8f9c5fff702311a671f55b1eb24c5501137dce77504c2c61144e51fd3c29cd2ca79ff2239515aa9cbb6e3e4ce245473dbfc2da38139191e07cab9adb7fbf5ff6a046ab8441c7149f333d7691449b69cc6f4c6c964e91938c96f8b51c9081f109356c07d1b2e9c24fb7d5f50020991f16c00482540ae8afa1eb6499de3e046448f7ec20a35bc38c3390b8cf19d7f4f1c39c197175de7bd4ff5cc84fa1d841c5634a86e718b93ec766e166bd80c118fbc28f9319a7e44a055cc07f42ffb64fa26c993bde06d2a01c8c1bef10c23911c8d460e69eb050dd7f5204ed432fdf00524f9bd992c3ca8e41941e1ad81fbdded0cac6546e1017fc861ee2838e4f52479a96cef6d28c28539b46c047b60a5f99a2188d201fb5e105a2f3788d5e79f6f9f1983a5a050838ec166c9c1d359462195ae350e4140e0b100adf493fa4b65ab5322a41162d64dbbf01617825e4106ac1f969f718d89eece08950989170d57982d80a06bf24a7d5360ebd0136b5eff7c6c945c649de22c082c7d7e11f81d81eda96790a29756663bf00001fadc38ce467454d4fa7802564cfba82ecb0e42065bdae23267d661495c672493a36e07714dac52e10ecec862337f582de8be235e57d9b8bfa35956a027d9769ead3cef6fad624b4fac29b61adca4a727cfa79d6fb8b8af38ccbd080e08eabf4dd5539693557ea78ff99061d65b8858933e41be6701b5fcc16f8b87ff30de77e9ba56211eefa5b6f4e97790645ed34f7f65ee630b08919b131ddaa66f4adec208f47a94a22cda21d9f4650b4dd320a3966a2ec8000b502d60873511fdea8e52f798bb877c826b44b6ceb5ed56e5a54131b3c136cb775f08905561849c1fe86fa46f4af2321cf84ec88d53774f40297220b5334f118c4f370e4b86c74386b1e82451f6c641e6617553ce46289f7f59f7cabba89434c445ee693fb2bc1ec796eeebf624129bccf8a1d709313b5a629530941ef5370f906e3fb9a17be9f70e587ad58d38c02cf04945b8f7d89a052b21e82ce84b20dfa5f1e1ba11a65f62539feda2a4c1351cbed4f270cfd41aefcb48e08bc2df712aafbba35ffe7b2bf5b2d1f66eff065dcfe6bddee602fa09dc9f96aa8fedea419619066f5ab2c9d4ca6627950e607211f41795d7998cf8dfb437300f00dd377894b751c3df7320a1b421fc628543ec2a95ed17fc82b7783691c64c6c7b208da0abe63bc83423f7886290aa1155ad2467206598d7ea9250cf94f64f1ff88a46da61c1267bf468ede6f610a6e343f40e7970a73a84355f9c77785434b68c2e9d5c7195091596c6a493d48f95618a290caf40445ad55ff6c9918a275c9077f3038bbab94da90dd943ae9ebb4e7553ff6df4b37c24ba944793a7f2237bd68cdd9acabdc657e9e8505e3ed5f52b33e309210967540ac6ec22140c9c5dfbbea8a0f6d780f791075a47312d7756efdc83e9da50cec6f29cb22eb6ed5f651affdf2d1264b5a9af7d723f599a31a6162547bcdd49fef864561b7478e4b17f1d4f64a60de1cabcc6ce94568506e8aef67de46473cace036ee1cd7fd4f6fd4c8a8fa0d702532c4bd9e95c0e3f6777703e3626d141ac80419d20b1bbb45bd745e0197744003f7fc200bbe5b548b00a73b84804731ef8f73bf3007059742bca26b43d5d62cc1e84c0d49b0b7a618a5206a72c4f37b619eedce9cfd44ca40b8979d0c7254b5fd8169f5cfb3ac17b65a1629700ffb2f54598a2f80626514092fec83d7f2a873e8f80f2b323062b0ed72ea40ba0287393eca11f3bbba82e78edbe2ffce5ef8b9d55ddad3264069eee32c4234ce7b4ccc39294799978108b828b801c8783fb8910d9e12cf6ac4e2e08bdeba7efe08d17ed4f64feef68655ad95eb5539e431d92edacefe0ea1e67b1c3eb38415cbff435eb2a909faf379e786174c2219f7230b3d59e6a79b6bed0389bcaa9cf32e98eb734c249da1acfec56180c070e1ace140122e7c596b0f7e38b907ec1feeafe89f956044715999a38ee950ce74a72c9254beba3b0590fd27390fb285db6894981398d520bacbd675", @ANYBLOB="183673863881233b5de8dc4907d93bad9a18741cdb915068cf89fe71df6fec340a4750381d314d30702211c81b1f74cf13472f601779122d71349dfeda22d71321ac1b3685d633cb6f0d7bca290b598caf0c28f671d7da717c5fa133bb001c5d1cf99b24d8f795c5b9c39b61c6a84f9a6d768197ee5d094c531fd84fb0126f27fa1d1040b5fec9b11af1f658b0114f2c20d0047c08579cc1a7fc605388aaa651ad1af7db4e52cf8fe52312e1cf674863d2ce08f41c2a1c6c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0d, &(0x7f0000000040))

3m3.560072919s ago: executing program 6 (id=2363):
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) (async, rerun: 64)
r0 = getpid() (async, rerun: 64)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 32)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}) (rerun: 32)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) (async)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async, rerun: 32)
syz_usbip_server_init(0x6) (rerun: 32)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0)
ioctl$RTC_AIE_ON(r3, 0x7001)
ioctl$RTC_ALM_SET(r3, 0x40247007, &(0x7f0000000100)={0x3b, 0x29, 0x3, 0x4, 0x3, 0xd4a, 0x0, 0x12a, 0x1}) (async, rerun: 64)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) (async, rerun: 64)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0) (async)
mount(&(0x7f00000001c0)=@sr0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000200)='ext2\x00', 0x21000d, 0x0) (async, rerun: 32)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x5, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x71, 0x11, 0x24}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0xe}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0xf, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70) (async, rerun: 32)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x16, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="85000000c20000006a0a006d0d19359fac3a9ec28ccc32ff000000000c1b5aa79db573a2ce5f2b8dcb4043f1ed3df258a56601d165b70d9980734e26ec8a73e9db17d9691ce2a936cdc6c9c3e59132af2d37aae5a76326a8814b1b05a343c745b6266897cd9df2083dbce75400964bb917050e9e9b540e0de681bd7849f70fededb7e2eba15d060a66ef1cc88191de5c7d44da7b8c92e82fd0ddbf4bd818cb918622e730299149d60de63e8f6c2eb6ee2861e317ae00b2220ca216b827dc62f354bd03c65c2de34aa16900"/213, @ANYRES32, @ANYBLOB="000000000000000005000000000000009500000000000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0xffa0, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x8, 0x0, 0x1e, 0x10, 0x0, 0x1e}, 0x2d)
sched_setscheduler(r0, 0x5, &(0x7f00000003c0)=0x9)
r4 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r4, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) (async)
ioctl$TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0xb3d)
ioctl$KVM_GET_MSRS_cpu(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000340)={0x1, 0x0, [{0x176, 0x0, 0x3}]})

3m3.411116204s ago: executing program 6 (id=2365):
syz_open_dev$loop(&(0x7f0000000140), 0x3, 0x189083)
r0 = syz_open_procfs(0x0, 0x0)
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
openat$cgroup_subtree(r0, &(0x7f0000000040), 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo\x00')
r1 = socket(0x1, 0x803, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x804}, 0x20024010)
r2 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
accept4$inet6(r1, 0x0, &(0x7f0000000280), 0x0)
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
ptrace$cont(0x1f, r2, 0xc, 0x8001)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r5 = io_uring_setup(0x332, &(0x7f0000000080)={0x0, 0x21e, 0x10})
io_uring_register$IORING_REGISTER_BUFFERS(r5, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)

3m2.236355354s ago: executing program 6 (id=2371):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101)
mount$fuse(0x0, 0x0, 0x0, 0x2b18094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000140)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x12d)
getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x26, 0x0, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x8)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r1, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x8100, 0x0)
sendfile(r2, r2, 0x0, 0x2000fb)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
setsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14)
setsockopt$inet6_mreq(r3, 0x29, 0x1c, &(0x7f00000001c0)={@remote}, 0x14)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000280)={0x5, 0x81, 0x9, 0x10001, 0x9})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
rename(&(0x7f0000000100)='./bus\x00', &(0x7f0000000180)='./file1\x00')
lstat(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000200))
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$PTP_PIN_SETFUNC2(r0, 0x40603d10, &(0x7f0000000380)={'\x00', 0x5, 0x0, 0x1})
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

3m2.099213169s ago: executing program 6 (id=2373):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="51ca9c67be6b65c0ad2b824556c8392800000000", @ANYRES16=r1, @ANYBLOB="050000000000000000000600000008000300", @ANYRES32=r2, @ANYBLOB="0800050003000000"], 0x24}}, 0x20004810)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000000)={r4, 0xffffffffffffffff, 0x1e, 0x0, @val=@netkit={@void, @value=r4}}, 0x1c)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0)
utimensat(0xffffffffffffff9c, &(0x7f00000003c0)='.\x00', 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sysfs$2(0x2, 0x817fff, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r8 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0)
ioprio_set$pid(0x2, 0x0, 0x0)
ioctl$VHOST_SET_VRING_BASE(r8, 0xaf01, 0x0)

3m1.810524521s ago: executing program 6 (id=2376):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', <r2=>0x0})
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xa, 0x3, &(0x7f0000000b40)=ANY=[@ANYBLOB="850000002200000007000000000000089500000000000000e26c9bd1a6361b80cdd64bdf00000000000869045aac0000659f55df08f9b90788ff7f00000010000029c21ebbcde61d8ab5920aef6c3e007fe61241638962cf0b89ef506cfd3f1d4163d3cfca3733b30070a7cf53021a95fdaf3c7220a0e23db436659a8c54328a702688f92b6b71569d65e33d46f8d8ae24ba69c657afac04379cb536008c219991704f11c51b1d076f03b0f917c766f3a7598bbc00feb3bc8e88f79df517b37b56bcbc290080000000000000e675458a43b8a8935bf9cf0be7d0aeaac41405e341cd0ba0d6fd562489dad595712a4051bb6cf826ab757193fc09d305f95c55d5746419000000000000007b61803bd430ef06000000000000001e93f640f159320c8b088f4d6497682eb312d4967aff9e4c14c66c90000054ed82c7cba4c81f91d6dfed18767bf0df584b4b6c4204df411f921e3aa02a67dd324b8176020e9c024751e539c05727f82c92046bfe64babb6d7ba86526b7886a0c2481c5812812a6fa3fca3758cbd8c32b25c28be225bd1f16297baa065f5bf96330fad0aaa4388c06c0eb2ecdf829af9577fcd868cc269b740000b7ad193c5e5850df01aff96877d73a63246ce6f0467167626329ab910b7a13d9ec9a64e7f6b56aeab8c38f69a213c96e2d2ad7978c9d721c270f27e7025d576535198742d403ec43572d7d0baf00e882617b260627805ca44200335ea4363066944d0aa6feb9705b09ba40d4642519281151f875cbf13a582f90ad719f0eccf02a473dd508a16138904933689ea6050041206473075eaeff2b69c2f2bf6f691c3560e068743a08e9771280da61fd8fdc3f7a35ea352e35753c59ebc1bd27ab6603e6afb1b3f057fbb7ed3aabe702b3c6301d3f5c295d1d69d1541d0e64631c95d6c0999e27e8d1a58f6a00f19102d2bfaf53f25a45637b1c577ae50c4c5669b13a4ed999dd10d2f091dcda39d9abc40c64a20c14ff0b1bf4d23fe07ae90fa0eba9c64bf89b26e7d8d70710b04f9ece5969023acadbb4582272e5b3a0429a5645b0c824ad36f7cc8be12b3874d5a19349b0ede845e9dddcab4a78b08ed60104002aabb17eb1840bc8e0ed1dd8b9b7eeaf32a185d80250a7f2252775905eeeb756eadafe20bbc616bc44b347abc8caf722b2c3b06884c1d3690f23b06fa4541bb2a81073b452764f04bd39008b65ee222cf697ac21b087548e9708dffaff2859e973b1e88668c8022cc6dac8548167e5798ec9c7d288a7fa7749f07513187cd8f060abbbc5e37dd1ba3aab927be1b409be733b7408534e5b0951e9ecfd0a1c77e3a29be47e896aecac0bc4093330124615056e3ce0ce6ac91b1242d3bb2e787a186dc2ec284d60e9d8a03884a22eeaa1efa497ee88c6cb565b164a260afb5157e392b1ebb1a4d4f992011ecbac4a0a7ff5bdcef7994a422bb2761edd2d8f20f5f879a88f89d48b8314f862585e4b7a9d6a6681f40e8b82cc6555dce2db951d164cc9a70e640ac8974faa2587a6e3af3b9458f7d4b4077b3002536b10ea24d73307a33090c4c270909a5322eac32cb175e68fa83457b21465c08c02dcefccc0c714c2862ddbe567755f05c1e671328d160d3752345ca1db6e74c720e42afca982ba6befd96c5575f1dd8f87ff6606301c0000000000000000000000000000000000000004d0d54b4caf78018766cdb971e8b168d4763c1f00000003d4e1d842caf457797f93db93e4f38a9dbd79f6bf5dc40b55fdbf9b856665061b2e2924f27eb2d2b5a181ccfd9eeb11dec165b6f12433f00bb06124041ffdcdcdc91f3b3b76635a689c9249cf69bcae654bfa81e75b7c7002b883c56026d83520395b7d511f607cf2f899c7b1c75e2192f775d72247167285857588ace1115fbebfee3c16b84cf7036d41c493a63c09f2ce46c1f5995c2d7fe58c15e64bb4cb7e7f336cc22fa1ea1363bce375bd3d579be1dddb08ed5147b629e4b3f0e65783ee5e20d9270802f2a7500738d95216743bc36a04ba8d486fb26252d684b84fa24639089064ca7b93057c041f12d544dab4d24a4f952b4f265a69ba279929959991b7ac63786055b3c029a0e8b6e42ad33cba2661957cff0700000000000029bb61462623a58556cd62844d4d23cc738ee5b36c71d2c010b089251d5806000b1ade92dd9f441468967c052aecd9de81b4b55d06670597991f37ddc4fa19a6369d5bf76c474633a337f676ad255869881da5cadcf49ce9188129cc978977f87b32bd4945717075cbb4d3e01e67ff087644f52fcf0a3c732b0586cb87972c43d2616bf4e521dc310fbf1760243d51a197d3ecfd74bd625e9f496175513f3e97854ea76e26e96a8639a297871485a8609f8ca842b3321932c4d9e224a0cec5946cec9e359fd3687415cad5fb8c678136f36d9f781fade9f2469477748f4dfa0f56c326c89bb5d07f35aaf95303b5a620fc84e1c73557b2277831f8f633f0d293c0e3f4f93149887271e645f50a4e57010a9b76457f6ad73231a905206bbb1b95248aed85a9df9dea64cc1fd1f06a98530000000000000045fcc1fb138fce0faec0a423e860d5b308d7849381b294106af25f15fec047d5b844a99f36e342165df728e381b48c20e0900f8d265157467d3494f2b93c7f3c817688cec2d226f50edb115c2e075f3c663a4b4169bc6fd7d4fbce205f2a1ae263ae0db900fa0a13cf796e0d7a9dad86953c13ed6241206d682e194c64c491de6a531e9bd45abe705f07000a82ccd41a2c1b23bac44b7371a3a0aeab3647c56f0680cd30ca260189dffed79c2cfae39d8160d3fac695b75654a4a5695b9edec673e75d97950fd4d80bdf8e2d83a3232768b1231b09ef4d995a783eb8f731523e9f6c2ee9119d567acd471bc391bd4f07600d5b04b71c1f1fd7e219b8df5123e4c529db3ce74353e8a39e2d21ce0954334951d509cdce531fb14230fa3b7331a943e7223b0ac8725a0d45a213fa249a8801959480ecdc5999c9df72debe8510d0620fce7be7086d5b72e857243f0a7883d9749b1f40936b51631e0060a0d9901d730000000000000000"], &(0x7f0000014ff5)='GPL\x00', 0x2, 0x103a, &(0x7f0000014000)=""/4096, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2a3}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r3, 0x0, 0x26, 0x0, &(0x7f00000006c0)="e460cdfbef2408002900119343056a0f000000072beb3014cd3ec8a755c1e1380081ffad0004", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000140)={'erspan0\x00', &(0x7f0000000340)={'sit0\x00', <r4=>r2, 0x8, 0x80, 0x80000001, 0x2, {{0x19, 0x4, 0x3, 0x9, 0x64, 0x66, 0x0, 0xf9, 0x2f, 0x0, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@noop, @generic={0x94, 0xa, "f88bcb98a51e6faf"}, @end, @cipso={0x86, 0x2f, 0x3, [{0x7, 0xb, "6c7a44f601c8a8c56d"}, {0x1, 0x4, "22a6"}, {0x2, 0x4, "863e"}, {0x0, 0x2}, {0x5, 0x10, "ab1914dc629160f7d8a605531274"}, {0x0, 0x4, "124a"}]}, @ra={0x94, 0x4}, @timestamp_addr={0x44, 0xc, 0x12, 0x1, 0x0, [{@local, 0x5}]}, @ra={0x94, 0x4}, @noop]}}}}})
sendto$packet(r1, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb10000a8880088f74803", 0x1a, 0x4040000, &(0x7f00000001c0)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @remote}, 0x14)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
read$FUSE(r5, &(0x7f0000006380)={0x2020}, 0x2020)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x10000000000000)
r6 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r6, 0x0, 0x0)
r8 = openat$cgroup_pressure(r7, &(0x7f0000000800)='io.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r8, &(0x7f0000000040)={'some', 0x20, 0x17e, 0x20, 0x100002}, 0x2f)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r9, 0xffffffffffffffff, 0x100000000000000)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e20, 0x7, @mcast1, 0x80}, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x31}}, @in={0x2, 0x4e20, @local}, @in={0x2, 0x4e21, @empty}, @in6={0xa, 0x4e24, 0x8000, @loopback, 0x3}, @in6={0xa, 0x4e21, 0x4, @mcast2, 0x7}, @in6={0xa, 0x4e24, 0xc, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1}, @in6={0xa, 0x4e20, 0x1, @remote, 0x4}], 0xbc)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r11, @ANYBLOB="1f003300d00000000802110000010802110000005050505050500000", @ANYRES8=r0], 0x3c}, 0x1, 0x0, 0x0, 0x14}, 0x10)

3m1.729223485s ago: executing program 35 (id=2376):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', <r2=>0x0})
r3 = bpf$PROG_LOAD(0x5, &(0x7f000000d000)={0xa, 0x3, &(0x7f0000000b40)=ANY=[@ANYBLOB="850000002200000007000000000000089500000000000000e26c9bd1a6361b80cdd64bdf00000000000869045aac0000659f55df08f9b90788ff7f00000010000029c21ebbcde61d8ab5920aef6c3e007fe61241638962cf0b89ef506cfd3f1d4163d3cfca3733b30070a7cf53021a95fdaf3c7220a0e23db436659a8c54328a702688f92b6b71569d65e33d46f8d8ae24ba69c657afac04379cb536008c219991704f11c51b1d076f03b0f917c766f3a7598bbc00feb3bc8e88f79df517b37b56bcbc290080000000000000e675458a43b8a8935bf9cf0be7d0aeaac41405e341cd0ba0d6fd562489dad595712a4051bb6cf826ab757193fc09d305f95c55d5746419000000000000007b61803bd430ef06000000000000001e93f640f159320c8b088f4d6497682eb312d4967aff9e4c14c66c90000054ed82c7cba4c81f91d6dfed18767bf0df584b4b6c4204df411f921e3aa02a67dd324b8176020e9c024751e539c05727f82c92046bfe64babb6d7ba86526b7886a0c2481c5812812a6fa3fca3758cbd8c32b25c28be225bd1f16297baa065f5bf96330fad0aaa4388c06c0eb2ecdf829af9577fcd868cc269b740000b7ad193c5e5850df01aff96877d73a63246ce6f0467167626329ab910b7a13d9ec9a64e7f6b56aeab8c38f69a213c96e2d2ad7978c9d721c270f27e7025d576535198742d403ec43572d7d0baf00e882617b260627805ca44200335ea4363066944d0aa6feb9705b09ba40d4642519281151f875cbf13a582f90ad719f0eccf02a473dd508a16138904933689ea6050041206473075eaeff2b69c2f2bf6f691c3560e068743a08e9771280da61fd8fdc3f7a35ea352e35753c59ebc1bd27ab6603e6afb1b3f057fbb7ed3aabe702b3c6301d3f5c295d1d69d1541d0e64631c95d6c0999e27e8d1a58f6a00f19102d2bfaf53f25a45637b1c577ae50c4c5669b13a4ed999dd10d2f091dcda39d9abc40c64a20c14ff0b1bf4d23fe07ae90fa0eba9c64bf89b26e7d8d70710b04f9ece5969023acadbb4582272e5b3a0429a5645b0c824ad36f7cc8be12b3874d5a19349b0ede845e9dddcab4a78b08ed60104002aabb17eb1840bc8e0ed1dd8b9b7eeaf32a185d80250a7f2252775905eeeb756eadafe20bbc616bc44b347abc8caf722b2c3b06884c1d3690f23b06fa4541bb2a81073b452764f04bd39008b65ee222cf697ac21b087548e9708dffaff2859e973b1e88668c8022cc6dac8548167e5798ec9c7d288a7fa7749f07513187cd8f060abbbc5e37dd1ba3aab927be1b409be733b7408534e5b0951e9ecfd0a1c77e3a29be47e896aecac0bc4093330124615056e3ce0ce6ac91b1242d3bb2e787a186dc2ec284d60e9d8a03884a22eeaa1efa497ee88c6cb565b164a260afb5157e392b1ebb1a4d4f992011ecbac4a0a7ff5bdcef7994a422bb2761edd2d8f20f5f879a88f89d48b8314f862585e4b7a9d6a6681f40e8b82cc6555dce2db951d164cc9a70e640ac8974faa2587a6e3af3b9458f7d4b4077b3002536b10ea24d73307a33090c4c270909a5322eac32cb175e68fa83457b21465c08c02dcefccc0c714c2862ddbe567755f05c1e671328d160d3752345ca1db6e74c720e42afca982ba6befd96c5575f1dd8f87ff6606301c0000000000000000000000000000000000000004d0d54b4caf78018766cdb971e8b168d4763c1f00000003d4e1d842caf457797f93db93e4f38a9dbd79f6bf5dc40b55fdbf9b856665061b2e2924f27eb2d2b5a181ccfd9eeb11dec165b6f12433f00bb06124041ffdcdcdc91f3b3b76635a689c9249cf69bcae654bfa81e75b7c7002b883c56026d83520395b7d511f607cf2f899c7b1c75e2192f775d72247167285857588ace1115fbebfee3c16b84cf7036d41c493a63c09f2ce46c1f5995c2d7fe58c15e64bb4cb7e7f336cc22fa1ea1363bce375bd3d579be1dddb08ed5147b629e4b3f0e65783ee5e20d9270802f2a7500738d95216743bc36a04ba8d486fb26252d684b84fa24639089064ca7b93057c041f12d544dab4d24a4f952b4f265a69ba279929959991b7ac63786055b3c029a0e8b6e42ad33cba2661957cff0700000000000029bb61462623a58556cd62844d4d23cc738ee5b36c71d2c010b089251d5806000b1ade92dd9f441468967c052aecd9de81b4b55d06670597991f37ddc4fa19a6369d5bf76c474633a337f676ad255869881da5cadcf49ce9188129cc978977f87b32bd4945717075cbb4d3e01e67ff087644f52fcf0a3c732b0586cb87972c43d2616bf4e521dc310fbf1760243d51a197d3ecfd74bd625e9f496175513f3e97854ea76e26e96a8639a297871485a8609f8ca842b3321932c4d9e224a0cec5946cec9e359fd3687415cad5fb8c678136f36d9f781fade9f2469477748f4dfa0f56c326c89bb5d07f35aaf95303b5a620fc84e1c73557b2277831f8f633f0d293c0e3f4f93149887271e645f50a4e57010a9b76457f6ad73231a905206bbb1b95248aed85a9df9dea64cc1fd1f06a98530000000000000045fcc1fb138fce0faec0a423e860d5b308d7849381b294106af25f15fec047d5b844a99f36e342165df728e381b48c20e0900f8d265157467d3494f2b93c7f3c817688cec2d226f50edb115c2e075f3c663a4b4169bc6fd7d4fbce205f2a1ae263ae0db900fa0a13cf796e0d7a9dad86953c13ed6241206d682e194c64c491de6a531e9bd45abe705f07000a82ccd41a2c1b23bac44b7371a3a0aeab3647c56f0680cd30ca260189dffed79c2cfae39d8160d3fac695b75654a4a5695b9edec673e75d97950fd4d80bdf8e2d83a3232768b1231b09ef4d995a783eb8f731523e9f6c2ee9119d567acd471bc391bd4f07600d5b04b71c1f1fd7e219b8df5123e4c529db3ce74353e8a39e2d21ce0954334951d509cdce531fb14230fa3b7331a943e7223b0ac8725a0d45a213fa249a8801959480ecdc5999c9df72debe8510d0620fce7be7086d5b72e857243f0a7883d9749b1f40936b51631e0060a0d9901d730000000000000000"], &(0x7f0000014ff5)='GPL\x00', 0x2, 0x103a, &(0x7f0000014000)=""/4096, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x2a3}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r3, 0x0, 0x26, 0x0, &(0x7f00000006c0)="e460cdfbef2408002900119343056a0f000000072beb3014cd3ec8a755c1e1380081ffad0004", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000140)={'erspan0\x00', &(0x7f0000000340)={'sit0\x00', <r4=>r2, 0x8, 0x80, 0x80000001, 0x2, {{0x19, 0x4, 0x3, 0x9, 0x64, 0x66, 0x0, 0xf9, 0x2f, 0x0, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}, {[@noop, @generic={0x94, 0xa, "f88bcb98a51e6faf"}, @end, @cipso={0x86, 0x2f, 0x3, [{0x7, 0xb, "6c7a44f601c8a8c56d"}, {0x1, 0x4, "22a6"}, {0x2, 0x4, "863e"}, {0x0, 0x2}, {0x5, 0x10, "ab1914dc629160f7d8a605531274"}, {0x0, 0x4, "124a"}]}, @ra={0x94, 0x4}, @timestamp_addr={0x44, 0xc, 0x12, 0x1, 0x0, [{@local, 0x5}]}, @ra={0x94, 0x4}, @noop]}}}}})
sendto$packet(r1, &(0x7f0000000180)="0b032200e0ff25000200475400f6a13bb10000a8880088f74803", 0x1a, 0x4040000, &(0x7f00000001c0)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @remote}, 0x14)
r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
read$FUSE(r5, &(0x7f0000006380)={0x2020}, 0x2020)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x8000, 0x0)
fcntl$setpipe(0xffffffffffffffff, 0x407, 0x10000000000000)
r6 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r6, 0x0, 0x0)
r8 = openat$cgroup_pressure(r7, &(0x7f0000000800)='io.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r8, &(0x7f0000000040)={'some', 0x20, 0x17e, 0x20, 0x100002}, 0x2f)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r9, 0xffffffffffffffff, 0x100000000000000)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e20, 0x7, @mcast1, 0x80}, @in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x31}}, @in={0x2, 0x4e20, @local}, @in={0x2, 0x4e21, @empty}, @in6={0xa, 0x4e24, 0x8000, @loopback, 0x3}, @in6={0xa, 0x4e21, 0x4, @mcast2, 0x7}, @in6={0xa, 0x4e24, 0xc, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x1}, @in6={0xa, 0x4e20, 0x1, @remote, 0x4}], 0xbc)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r11, @ANYBLOB="1f003300d00000000802110000010802110000005050505050500000", @ANYRES8=r0], 0x3c}, 0x1, 0x0, 0x0, 0x14}, 0x10)

2m59.530000328s ago: executing program 0 (id=2386):
r0 = openat$dma_heap(0xffffff9c, &(0x7f0000000040), 0x208e81, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f00000001c0), 0x1, 0x80802)
ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r1, 0xc1105518, &(0x7f0000000300)={{0x1, 0x1, 0x81, 0x4, '\x00', 0x81}, 0x3, 0x40, 0xff, 0x0, 0x0, 0xfffffff7, 'syz0\x00', 0x0})
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e21, @broadcast}, 0x2f)
connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x1b}}, 0x10)
sendto$inet(r2, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f00000000c0)='bbr', 0x3)
connect$inet(r2, &(0x7f0000000100)={0x2, 0x4e22, @local}, 0x10)
recvfrom$inet(r2, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000440)=@security={'security\x00', 0xe, 0x4, 0x324, 0xffffffff, 0x174, 0x94, 0x0, 0xffffffff, 0xffffffff, 0x290, 0x290, 0x290, 0xffffffff, 0x4, &(0x7f0000000140), {[{{@uncond, 0x0, 0x70, 0x94}, @common=@inet=@SYNPROXY={0x24, 'SYNPROXY\x00', 0x0, {0x1, 0x6}}}, {{@uncond, 0x0, 0xbc, 0xe0, 0x0, {}, [@common=@socket0={{0x20}}, @common=@addrtype={{0x2c}, {0x980, 0x44, 0x1}}]}, @common=@unspec=@CLASSIFY={0x24, 'CLASSIFY\x00', 0x0, {0xb}}}, {{@ip={@private=0xa010101, @initdev={0xac, 0x1e, 0x0, 0x0}, 0xff000000, 0xff, 'ip6erspan0\x00', 'macvlan1\x00', {0xff}, {0xff}, 0xbf228b9b121d4f6d, 0x2, 0x40}, 0x0, 0xbc, 0x11c, 0x0, {}, [@common=@socket0={{0x20}}, @common=@addrtype={{0x2c}, {0x222, 0x1c2, 0x1}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x1, 0x2, 0x4, 0x4, 0x4, 0x4], 0x3, 0x2}, {0x1, [0x2, 0x0, 0x2, 0x5, 0x2, 0x5], 0x2, 0x3}}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x380)
sendfile(r0, r1, &(0x7f0000000080)=0x2, 0xfffff800)
r3 = socket$qrtr(0x2a, 0x2, 0x0)
bind$qrtr(r3, &(0x7f0000002540)={0x2a, 0x1, 0x3fff}, 0xc)
openat$qrtrtun(0xffffff9c, &(0x7f0000000000), 0x0)
ioctl$XFS_IOC_INUMBERS(r3, 0x80405880, &(0x7f0000000200)={{0x2, 0x6, 0xabf9, 0x7, 0x8}, [{0x4, 0x5, 0x0, 0x4}, {0xff, 0x3, 0x0, 0x7}, {0x7, 0x2a4, 0xf3, 0x3}, {0x3, 0x7, 0x4, 0x6d}, {0x80000001, 0xff, 0x4, 0x4}, {0x6, 0x3, 0x3, 0x2b}, {0x400, 0x7ff, 0x8, 0x6}]})

2m58.474901328s ago: executing program 0 (id=2391):
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8b34, &(0x7f0000000000)={'wlan1\x00', @random="0003230c1100"})
r0 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="36400000240091"], 0xfe33)

2m58.474660764s ago: executing program 0 (id=2392):
pipe2(&(0x7f0000001cc0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x800)
mount$9p_fd(0x0, &(0x7f0000000000)='.\x00', &(0x7f0000000080), 0x800000, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@noextend}, {@access_client}]}})
ioctl$TIOCL_SELLOADLUT(r0, 0x541c, &(0x7f0000000040)={0x5, 0x9, 0x87, 0x2, 0x7ff})
getpid()
open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9902)
bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="0600000004000000040400000900000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="04000000000000000000000000000000000000000000020000000000"], 0x50)
socket(0x18, 0x8000f, 0x9)
socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4)
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={<r3=>0xffffffffffffffff})
getpeername$packet(r3, &(0x7f0000000000)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmmsg(r2, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0x0, r4, 0x2f000000}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000180)='O', 0x36}], 0x1}}], 0x1, 0x0)

2m58.299521552s ago: executing program 0 (id=2393):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101)
mount$fuse(0x0, 0x0, 0x0, 0x2b18094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000140)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x12d)
getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x26, 0x0, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x8)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r1, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x8100, 0x0)
sendfile(r2, r2, 0x0, 0x2000fb)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
setsockopt$inet6_mreq(r3, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14)
setsockopt$inet6_mreq(r3, 0x29, 0x1c, &(0x7f00000001c0)={@remote}, 0x14)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000280)={0x5, 0x81, 0x9, 0x10001, 0x9})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
rename(&(0x7f0000000100)='./bus\x00', &(0x7f0000000180)='./file1\x00')
lstat(&(0x7f00000002c0)='./file1\x00', &(0x7f0000000200))
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, 0x0)

2m58.235520368s ago: executing program 0 (id=2394):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x200, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x1, 0x1003, 0x12}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x0, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000240)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000300)={0x1c, r2, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004080}, 0x8010)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
read$FUSE(0xffffffffffffffff, &(0x7f00000008c0)={0x2020, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}, 0x2020)
openat$ttynull(0xffffff9c, 0x0, 0x24800, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r9 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r9, 0xc01064d1, &(0x7f0000000040)={0x2, 0x0, &(0x7f00000000c0)=[0x0, 0x0]})
ptrace$ARCH_GET_MAX_TAG_BITS(0x1e, r7, &(0x7f0000000340), 0x4003)
connect$unix(r8, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r10 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0xa02, 0x0)
dup(r10)

2m55.193806479s ago: executing program 0 (id=2409):
syz_open_dev$sndctrl(0x0, 0x8, 0x191000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0xc000) (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$RDMA_USER_CM_CMD_GET_EVENT(r0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0) (async)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, 0x0, 0x0) (async)
socket$nl_rdma(0x10, 0x3, 0x14)
r2 = socket$kcm(0x10, 0x2, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async)
getitimer(0x2, &(0x7f00000001c0)) (async, rerun: 64)
r3 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0) (async, rerun: 32)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000480)={'wlan1\x00', <r5=>0x0}) (rerun: 32)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r6, &(0x7f0000004580)=[{{&(0x7f0000000a00)={0xa, 0x4e20, 0x7992, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x8}, 0x1c, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="20000000290000003200000000000000000000000000ffffac141430d3"], 0x20}}], 0x1, 0x10) (async)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8ab8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b703000010000000850000006900000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r8, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) (async, rerun: 64)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async, rerun: 64)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x401, 0x0, 0x80000000000, 0x0, 0xfffffffffffff30a, 0x5}, &(0x7f0000000000)={0x1f, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffffffffffe, 0x9}, 0x0, 0x0, 0x0) (async, rerun: 64)
r9 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
sendmsg$NL80211_CMD_REGISTER_FRAME(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={0x28, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x40}]}, 0x28}}, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

2m54.996342815s ago: executing program 36 (id=2409):
syz_open_dev$sndctrl(0x0, 0x8, 0x191000)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0xc000) (async)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$RDMA_USER_CM_CMD_GET_EVENT(r0, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x0, 0x0) (async)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, 0x0, 0x0) (async)
socket$nl_rdma(0x10, 0x3, 0x14)
r2 = socket$kcm(0x10, 0x2, 0x0) (async)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async)
getitimer(0x2, &(0x7f00000001c0)) (async, rerun: 64)
r3 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0) (async, rerun: 32)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000480)={'wlan1\x00', <r5=>0x0}) (rerun: 32)
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
sendmmsg$inet6(r6, &(0x7f0000004580)=[{{&(0x7f0000000a00)={0xa, 0x4e20, 0x7992, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x8}, 0x1c, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="20000000290000003200000000000000000000000000ffffac141430d3"], 0x20}}], 0x1, 0x10) (async)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x3, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8ab8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r7, @ANYBLOB="0000000000000000b703000010000000850000006900000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r8, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) (async, rerun: 64)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async, rerun: 64)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x401, 0x0, 0x80000000000, 0x0, 0xfffffffffffff30a, 0x5}, &(0x7f0000000000)={0x1f, 0x0, 0x0, 0x0, 0x1, 0x0, 0xfffffffffffffffe, 0x9}, 0x0, 0x0, 0x0) (async, rerun: 64)
r9 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
sendmsg$NL80211_CMD_REGISTER_FRAME(r9, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)={0x28, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x40}]}, 0x28}}, 0x0)
sendmsg$kcm(r2, &(0x7f0000000600)={0x0, 0xc, &(0x7f0000000000)=[{&(0x7f0000000080)="2e00000010008188e6b62aa73772cc9f1ba1f848480000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)

3.882353765s ago: executing program 7 (id=3170):
r0 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee4, 0x0, 0xfffffffd, 0xbfdfffbc}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x85c3}})
io_uring_enter(r0, 0x32d7, 0x0, 0x46, 0x0, 0x0)

3.762376645s ago: executing program 7 (id=3172):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x220c)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r1, 0x0)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r2, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
listen(0xffffffffffffffff, 0x9)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x0)
setuid(0xee01)
r5 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r5, &(0x7f0000000040)=[{&(0x7f0000000200)="580000001400192340834b80040d8c560a06e7bc45ff810500000000000058000b480000945f64009400050028925a01000000000000008000f0fffeffa809000000fff5dd0000001000010002081000418e00000004fcff", 0x58}], 0x1)

3.591034528s ago: executing program 7 (id=3174):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = syz_clone(0x100, 0x0, 0xffffff23, 0x0, 0x0, 0x0)
process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f0000001bc0)=""/142, 0x8e}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x74}], 0x1, 0x0)

3.484631891s ago: executing program 7 (id=3176):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402609333340000000000109022400010000000009040000010301000009210000000122010009058103"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f"], 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0x1, {[@global=@item_012={0x0, 0x1, 0x5}]}}, 0x0}, 0x0)

2.767035343s ago: executing program 4 (id=3180):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x105d, &(0x7f0000000400)={0x0, 0x5889, 0x1000, 0x1004, 0xf0}, &(0x7f0000000280)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0x40, 0x0, r0, 0x61, &(0x7f00000000c0)=@un=@abs={0x1, 0x0, 0x4e20}})
io_uring_enter(r1, 0x3516, 0x483, 0x0, 0x0, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)

2.704005095s ago: executing program 4 (id=3181):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
getpeername(r3, &(0x7f0000000180)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, &(0x7f0000000240)=0x80)
request_key(&(0x7f0000001000)='dns_resolver\x00', &(0x7f0000001040)={'syz', 0x2}, &(0x7f0000001080)='\x00', 0x0)
request_key(&(0x7f00000010c0)='dns_resolver\x00', 0x0, 0x0, 0x0)
futex(0x0, 0x800000000006, 0x0, 0x0, 0x0, 0x2)
mount(&(0x7f0000000000)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./cgroup\x00', &(0x7f00000000c0)='btrfs\x00', 0x418, 0x0)
landlock_create_ruleset(&(0x7f00000002c0)={0x2001}, 0x18, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x14, 0x0, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)

2.084038213s ago: executing program 8 (id=3188):
syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000480)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0xe53729bd61505fe4)
shutdown(r0, 0x1)

1.774272925s ago: executing program 4 (id=3190):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2})
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=@newqdisc={0x3c, 0x24, 0x4ee4e6a52ff56541, 0x1, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_INGRESS={0x8, 0xf, 0x1}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40088c1}, 0x50)

1.582293209s ago: executing program 4 (id=3191):
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRESOCT, @ANYRESOCT], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x2}, 0x94)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="5800000002060300000034e40000000000000008050005000a000000050001000600000005000400000000000900020073797a310000000011000300686173683a69702c706f7274000000000c00078008000640"], 0x58}, 0x1, 0x0, 0x0, 0x20000081}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="54000000090601020000000000000000020000000900020073797a310000000005000100070000002c0007801800018014000240fe80000000000000000000007649ec6106000440000400000500070006"], 0x54}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)

1.582117157s ago: executing program 4 (id=3192):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000002c0)={0x1b, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1}, 0x50)

1.446505035s ago: executing program 8 (id=3193):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000022c0)=@newtfilter={0x94, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r5, {0x0, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x64, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x1a29c}, @TCA_FLOW_ACT={0x50, 0x9, 0x0, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x1003d1, 0x3, 0x20000000, 0x6, 0x86}, 0x69}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}]}]}}]}, 0x94}, 0x1, 0x0, 0x0, 0xc804}, 0x2)
close(r3)
socket$unix(0x1, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r6 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r6, 0x107, 0xf, &(0x7f0000000600), 0x56)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
sendmsg$kcm(r6, &(0x7f0000000280)={&(0x7f0000000540)=@xdp={0x2c, 0x0, r8, 0x42}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000200)="27030200dc0f14000e00003c0ff000000000ff840000000200000003125ce882cbf490d908f1523f", 0x28}, {&(0x7f0000002680)="76e69c0141b4", 0x6}], 0x2}, 0x4005)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=@gettfilter={0x24, 0x2e, 0x205, 0x70bd2c, 0x25dfdafd, {0x0, 0x0, 0x0, r9, {0xc, 0xc}, {0x0, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000801}, 0x4041080)

1.32611198s ago: executing program 8 (id=3194):
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
socket$key(0xf, 0x3, 0x2)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1d, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x40, 0x7fff0000}]})
socket$kcm(0x10, 0x2, 0x4)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000a80)='ns/cgroup\x00')
open_by_handle_at(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="20000000f1000100", @ANYRES64=r0], 0x0)

1.293792098s ago: executing program 8 (id=3195):
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040f04eee71b04"], 0x7)

1.208157082s ago: executing program 8 (id=3196):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_UNBLANKSCREEN(r0, 0x560f, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
mknod(0x0, 0x1, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000180), 0xffffffffffffffff)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x10, 0x16, &(0x7f0000000780)=ANY=[@ANYBLOB="61122400000000006113340000000000bf1000000000000015000200091b00003d030100000000008701000000000000bc26000000000000bf67000000000000560300000ee600f06702000014000000140300000ee600f0bf050000000000000f610000000000006507f4ff02000400070700004c0040001f75000000000000bf54000000000000070500000300f9ffad430100000000009500000000000000050000000000000095000000000000004d9bd591d568253e9988431ec068e3a82983d58719d72183f2cb7f43dd55788be820b236dcb695dbfd737cbf719506d2d6b05fe7030586e3f640f9f7e9a73b761ad4f0952a70046270d2b6436fdeecd791614ed46de741eb8cf91c046ef9beca574b350021c7ec6ef130f53748068ca432dae4e248b22b9ad8b2811f67916a1764578cba4b069037bfb3362d5691ac397f7e207145d970f0d97867552629b146645c785fb77dbeca38e49a9d5221f1f45f0a25890d04d91a15a05ae7e7ed6252c3d6c1973fb858de1da70d67317e7872b0603ce47ed2c1520e71b527bb42aa2e20e1e85df73736ed0a782ab7e7278dd54358cfdf6313d40f926332623625b49626481054787ab2dff85a9bebd6b317f26c691a65aa97bb3d1506a3a565e9c7ea5ad4611d2d77ee8a5c1b23814a26b6a20061fbb65bdd03770fa849f2a29ba69f90625f42592a70ba890f7a92878ae73574c3a233ee5954119931a1905210715fa77a8795f2fbec3797cb90f59fe8a4abec25f40c87bf25b750bbaa"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x48)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000200)={0xffffffffffffffff, 0x20, &(0x7f00000001c0)={&(0x7f0000000040)=""/85, 0x55, 0x0, 0x0}}, 0x10)

731.931143ms ago: executing program 7 (id=3202):
keyctl$get_keyring_id(0x0, 0x0, 0x81)

731.664882ms ago: executing program 7 (id=3204):
openat$kvm(0xffffffffffffff9c, 0x0, 0xe01, 0x0)
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$FS_IOC_FSGETXATTR(0xffffffffffffffff, 0x801c581f, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
shmat(0x0, &(0x7f0000ffc000/0x3000)=nil, 0x4000)
setsockopt$packet_int(r0, 0x107, 0x13, 0x0, 0x0)
lseek(0xffffffffffffffff, 0x1, 0x2)
bind$802154_raw(0xffffffffffffffff, 0x0, 0x0)
get_robust_list(0x0, 0x0, 0x0)

631.259273ms ago: executing program 4 (id=3207):
r0 = syz_open_dev$evdev(0x0, 0x1, 0x101441)
syz_usb_disconnect(r0)
syz_emit_vhci(&(0x7f0000000880)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x7, 0x0, 0x803}}}, 0x7)

631.16472ms ago: executing program 5 (id=3208):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x1)
ioctl$KVM_CHECK_EXTENSION_VM(r1, 0xae03, 0x9)

481.694572ms ago: executing program 5 (id=3209):
io_submit(0x0, 0x1, &(0x7f0000001300)=[&(0x7f0000000140)={0x0, 0x0, 0x0, 0x8, 0x4, 0xffffffffffffffff, &(0x7f0000000040)="feff", 0x2, 0x400}])
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000b, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000040)={[0x4, 0x2, 0x80, 0x5, 0x4, 0x7f, 0x4232, 0x0, 0x81, 0x9c1, 0x8001, 0x5, 0x7, 0x4db6, 0x0, 0xfffffdfffffffffd], 0xdddd1000, 0x80300})
ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000140)=@x86={0x40, 0x1, 0xc, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x7e, 0x9, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0xff, 0xff})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

268.148547ms ago: executing program 5 (id=3210):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x80102, 0x0)
ioctl$F2FS_IOC_SEC_TRIM_FILE(r0, 0x4018f514, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = eventfd2(0x4001, 0x800)
r3 = eventfd2(0x4, 0x0)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r3, 0x7, 0x2, r2})
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000000c0)={r3, 0x7})

267.909082ms ago: executing program 8 (id=3211):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mount(0x0, 0x0, &(0x7f0000000000)='devpts\x00', 0x38130d1, 0x0)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000))
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r3, &(0x7f0000001ff0), 0x10)
sendmsg$can_raw(r3, &(0x7f0000001fc8)={0x0, 0x0, &(0x7f0000000ff0)={&(0x7f000000a000)=@canfd={{0x1}, 0x2, 0x0, 0x0, 0x0, "0327e1b22b5fcef7739c699f5ff986ca08990039576a7d5cb2bdac3fa80acf584ecb5fee496e6866856b76b5ee00000000000000004e2f9663a918fa1efd9b0b"}, 0xfe68}, 0xee}, 0x0)
ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448c9, 0x0)

150.509431ms ago: executing program 5 (id=3212):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xca100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000000, 0x0, 0x20, 0x0, 0x0, 0x2004c9, 0x7000, 0x0, 0x0, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x4000000000000004, 0x2], 0xffff1000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

159.394µs ago: executing program 5 (id=3213):
unshare(0x28020600)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, 0x0, 0x0)

0s ago: executing program 5 (id=3214):
r0 = syz_open_dev$loop(&(0x7f0000000240), 0x100000001, 0x100862)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/power/pm_freeze_timeout', 0x0, 0xed)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000080)={r1, 0x0, {0x0, 0x0, 0x0, 0x7, 0x4010000000000ffd, 0x0, 0x0, 0x19, 0xc, "faf98317e5a1149989fc8dbe43ea6acc96e3a2503dc3bd3fe37d58128bbad0099cebdc25f5ab60c9e6d680f985881a7beda9d69098c8b534464c516bdd8a0f35", "32d8cc26f7061a74df2cfc06c89f3d9e234b30c50997d3bef409ff2176ff7bfe55cd4a5d83cd4a524bd3ffe70c7f3f800b2f7b6aa54cc50a1fcaed1e831fa79a", "675237601a8ca5b07dcc141802c4dae4162e43ac61b7ad3300", [0xfffffffffffffce8, 0x6]}})
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r1)

kernel console output (not intermixed with test programs):

 593.687027][T14828] lowmem_reserve[]: 0 285 285 285 285
[  593.688807][T14828] Node 0 DMA32 free:29508kB boost:16384kB min:29456kB low:32724kB high:35992kB reserved_highatomic:0KB free_highatomic:0KB active_anon:104kB inactive_anon:0kB active_file:48kB inactive_file:2340kB unevictable:3536kB writepending:4kB zspages:1432kB present:1032196kB managed:292588kB mlocked:0kB bounce:0kB free_pcp:2480kB local_pcp:2048kB free_cma:0kB
[  593.699208][T14828] lowmem_reserve[]: 0 0 0 0 0
[  593.701159][T14828] Node 1 DMA32 free:171736kB boost:0kB min:47140kB low:58924kB high:70708kB reserved_highatomic:0KB free_highatomic:0KB active_anon:14128kB inactive_anon:6420kB active_file:19944kB inactive_file:23260kB unevictable:3536kB writepending:1756kB zspages:5188kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:31652kB local_pcp:6788kB free_cma:0kB
[  593.711787][T14828] lowmem_reserve[]: 0 0 0 0 0
[  593.713390][T14828] Node 0 DMA: 232*4kB (UE) 55*8kB (UE) 11*16kB (UE) 39*32kB (UE) 15*64kB (UE) 3*128kB (UE) 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4136kB
[  593.718162][T14828] Node 0 DMA32: 1109*4kB (UME) 420*8kB (UME) 147*16kB (UME) 199*32kB (UME) 45*64kB (UME) 21*128kB (UME) 7*256kB (UME) 5*512kB (M) 3*1024kB (M) 0*2048kB 0*4096kB = 29508kB
[  593.723761][T14828] Node 1 DMA32: 3752*4kB (UM) 3461*8kB (UME) 2856*16kB (UME) 18*32kB (UME) 89*64kB (UME) 103*128kB (UM) 61*256kB (UME) 54*512kB (UME) 12*1024kB (ME) 4*2048kB (UM) 0*4096kB = 171592kB
[  593.731843][T14828] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  593.734883][T14828] Node 0 hugepages_total=1 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  593.737857][T14828] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  593.740872][T14828] Node 1 hugepages_total=3 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  593.743841][T14828] 16506 total pagecache pages
[  593.745387][T14828] 463 pages in swap cache
[  593.746836][T14828] Free swap  = 100232kB
[  593.748296][T14828] Total swap = 124996kB
[  593.749652][T14828] 524155 pages RAM
[  593.750882][T14828] 0 pages HighMem/MovableOnly
[  593.752517][T14828] 210115 pages reserved
[  593.753890][T14828] 0 pages cma reserved
[  593.797510][ T6018] usb 12-1: new high-speed USB device number 2 using dummy_hcd
[  593.957281][ T6018] usb 12-1: Using ep0 maxpacket: 8
[  593.961944][ T6018] usb 12-1: config 0 has an invalid interface number: 55 but max is 0
[  593.965250][ T6018] usb 12-1: config 0 has no interface number 0
[  593.968395][ T6018] usb 12-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  593.975707][ T6018] usb 12-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  593.981150][ T6018] usb 12-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  593.985285][ T6018] usb 12-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  593.990373][ T6018] usb 12-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  593.994428][ T6018] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  594.002493][ T6018] usb 12-1: config 0 descriptor??
[  594.008203][ T6018] ldusb 12-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  595.344504][T14849] syzkaller1: entered promiscuous mode
[  595.346293][T14849] syzkaller1: entered allmulticast mode
[  596.300838][ T6018] usb 12-1: USB disconnect, device number 2
[  596.304602][ T6018] ldusb 12-1:0.55: LD USB Device #0 now disconnected
[  597.037859][T14879] netlink: 'syz.7.2497': attribute type 10 has an invalid length.
[  597.040752][T14879] netlink: 228 bytes leftover after parsing attributes in process `syz.7.2497'.
[  597.053656][   T40] kauditd_printk_skb: 123 callbacks suppressed
[  597.053667][   T40] audit: type=1326 audit(1773754610.014:3260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14863 comm="syz.8.2498" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  597.117020][   T40] audit: type=1326 audit(1773754610.014:3261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14863 comm="syz.8.2498" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  597.136644][   T40] audit: type=1326 audit(1773754610.014:3262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14863 comm="syz.8.2498" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  597.143680][   T40] audit: type=1326 audit(1773754610.014:3263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14863 comm="syz.8.2498" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  597.167780][   T40] audit: type=1326 audit(1773754610.014:3264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14863 comm="syz.8.2498" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  597.174662][   T40] audit: type=1326 audit(1773754610.014:3265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14863 comm="syz.8.2498" exe="/syz-executor" sig=0 arch=40000003 syscall=297 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  597.199626][   T40] audit: type=1326 audit(1773754610.014:3266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14863 comm="syz.8.2498" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  597.211186][   T40] audit: type=1326 audit(1773754610.014:3267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14863 comm="syz.8.2498" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  597.219792][   T40] audit: type=1326 audit(1773754610.014:3268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14863 comm="syz.8.2498" exe="/syz-executor" sig=0 arch=40000003 syscall=358 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  597.236982][   T40] audit: type=1326 audit(1773754610.024:3269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14863 comm="syz.8.2498" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  597.637040][ T1325] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  597.806972][ T1325] usb 10-1: Using ep0 maxpacket: 8
[  597.872600][ T1325] usb 10-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  597.875916][ T1325] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  597.879856][ T1325] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  597.883820][ T1325] usb 10-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  597.888147][ T1325] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  597.891276][ T1325] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  597.903950][ T1325] usbtmc 10-1:16.0: bulk endpoints not found
[  598.815909][ T1325] libceph: connect (1)[c::]:6789 error -101
[  598.818693][ T1325] libceph: mon0 (1)[c::]:6789 connect error
[  598.909504][T14898] ceph: No mds server is up or the cluster is laggy
[  599.512407][T14913] netlink: 'syz.4.2508': attribute type 10 has an invalid length.
[  599.516104][T14913] netlink: 228 bytes leftover after parsing attributes in process `syz.4.2508'.
[  600.702002][ T6018] usb 10-1: USB disconnect, device number 9
[  601.035217][T14930] netlink: 'syz.8.2510': attribute type 10 has an invalid length.
[  601.038145][T14930] netlink: 228 bytes leftover after parsing attributes in process `syz.8.2510'.
[  601.685715][T14932] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  602.073796][T14943] netlink: 'syz.5.2514': attribute type 10 has an invalid length.
[  602.076363][T14943] netlink: 228 bytes leftover after parsing attributes in process `syz.5.2514'.
[  603.112116][T14946] comedi comedi3: comedi_test: 10 microvolt, 2046 microsecond waveform attached
[  603.195035][T14950] Mount JFS Failure: -5
[  605.222199][T14969] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(9)
[  605.224394][T14969] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  605.246981][T14969] vhci_hcd vhci_hcd.0: Device attached
[  605.537742][   T34] usb 48-1: SetAddress Request (10) to port 0
[  605.537783][   T34] usb 48-1: new SuperSpeed USB device number 10 using vhci_hcd
[  606.170363][T14980] syzkaller0: entered promiscuous mode
[  606.170385][T14980] syzkaller0: entered allmulticast mode
[  606.917167][T14996] loop2: detected capacity change from 0 to 7
[  606.925383][T13569] Dev loop2: unable to read RDB block 7
[  606.927634][T13569]  loop2: AHDI p1 p2 p3
[  606.929053][T13569] loop2: partition table partially beyond EOD, truncated
[  606.932231][T13569] loop2: p1 start 1601398130 is beyond EOD, truncated
[  606.934541][T13569] loop2: p2 start 1702059890 is beyond EOD, truncated
[  607.088169][T14996] Dev loop2: unable to read RDB block 7
[  607.090031][T14996]  loop2: AHDI p1 p2 p3
[  607.091412][T14996] loop2: partition table partially beyond EOD, truncated
[  607.094818][T14996] loop2: p1 start 1601398130 is beyond EOD, truncated
[  607.098891][T14996] loop2: p2 start 1702059890 is beyond EOD, truncated
[  608.833401][T14993] Cannot find add_set index 2 as target
[  608.864959][T14970] vhci_hcd: connection reset by peer
[  608.870895][   T59] vhci_hcd vhci_hcd.5: stop threads
[  608.873272][   T59] vhci_hcd vhci_hcd.5: release socket
[  608.876197][   T59] vhci_hcd vhci_hcd.5: disconnect device
[  610.617604][   T34] usb 48-1: device descriptor read/8, error -110
[  611.026375][   T34] usb usb48-port1: attempt power cycle
[  611.610847][   T34] usb usb48-port1: unable to enumerate USB device
[  613.457459][T15071] 9pnet_virtio: no channels available for device syz
[  614.763004][T15097] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2558'.
[  616.706558][T15133] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2567'.
[  616.746539][T15135] Cannot find add_set index 2 as target
[  617.467359][   T10] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[  617.575141][T15157] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2576'.
[  617.698248][   T10] usb 10-1: config index 0 descriptor too short (expected 23569, got 27)
[  617.701487][   T10] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  617.705987][   T10] usb 10-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[  617.717760][   T10] usb 10-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[  617.721221][   T10] usb 10-1: Manufacturer: syz
[  617.737997][   T10] usb 10-1: config 0 descriptor??
[  617.859663][   T10] rc_core: IR keymap rc-hauppauge not found
[  617.861776][   T10] Registered IR keymap rc-empty
[  617.872088][   T10] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0
[  617.890835][   T10] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/rc/rc0/input96
[  617.978938][ T5938] usb 10-1: USB disconnect, device number 10
[  619.315044][T15191] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2586'.
[  619.709470][T15201] netlink: 32 bytes leftover after parsing attributes in process `syz.7.2590'.
[  621.069303][T15223] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2595'.
[  622.184649][T15249] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2604'.
[  622.883864][T15265] syzkaller0: entered promiscuous mode
[  622.885986][T15265] syzkaller0: entered allmulticast mode
[  623.170646][T15273] netlink: 'syz.4.2611': attribute type 1 has an invalid length.
[  623.435110][T15279] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2614'.
[  623.670908][T15283] FAULT_INJECTION: forcing a failure.
[  623.670908][T15283] name failslab, interval 1, probability 0, space 0, times 0
[  623.675161][T15283] CPU: 1 UID: 0 PID: 15283 Comm: syz.7.2615 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  623.675191][T15283] Tainted: [L]=SOFTLOCKUP
[  623.675195][T15283] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  623.675202][T15283] Call Trace:
[  623.675207][T15283]  <TASK>
[  623.675213][T15283]  dump_stack_lvl+0x100/0x190
[  623.675234][T15283]  should_fail_ex.cold+0x5/0xa
[  623.675247][T15283]  ? fib_trie_table+0xf3/0x2a0
[  623.675261][T15283]  should_failslab+0xc2/0x120
[  623.675273][T15283]  __kmalloc_noprof+0xe0/0x850
[  623.675292][T15283]  fib_trie_table+0xf3/0x2a0
[  623.675308][T15283]  fib_trie_unmerge+0xb5/0xbd0
[  623.675323][T15283]  ? fib_newrule+0x180a/0x1ed0
[  623.675339][T15283]  ? trace_kmalloc+0x101/0x130
[  623.675378][T15283]  ? __kasan_kmalloc+0xaa/0xb0
[  623.675404][T15283]  ? __pfx_fib_trie_unmerge+0x10/0x10
[  623.675420][T15283]  ? __pfx___mutex_lock+0x10/0x10
[  623.675441][T15283]  fib_unmerge+0xee/0x510
[  623.675457][T15283]  ? __pfx_fib_nl2rule.constprop.0+0x10/0x10
[  623.675474][T15283]  fib4_rule_configure+0x383/0x10c0
[  623.675489][T15283]  fib_newrule+0x356/0x1ed0
[  623.675510][T15283]  ? __pfx_fib_newrule+0x10/0x10
[  623.675528][T15283]  ? __pfx___schedule+0x10/0x10
[  623.675551][T15283]  ? find_held_lock+0x2b/0x80
[  623.675561][T15283]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  623.675577][T15283]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  623.675593][T15283]  ? __pfx_fib_nl_newrule+0x10/0x10
[  623.675609][T15283]  rtnetlink_rcv_msg+0x95e/0xe90
[  623.675626][T15283]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  623.675648][T15283]  netlink_rcv_skb+0x159/0x420
[  623.675665][T15283]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  623.675681][T15283]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  623.675703][T15283]  ? rcu_is_watching+0x12/0xc0
[  623.675727][T15283]  netlink_unicast+0x5aa/0x870
[  623.675745][T15283]  ? __pfx_netlink_unicast+0x10/0x10
[  623.675767][T15283]  netlink_sendmsg+0x8b0/0xda0
[  623.675786][T15283]  ? __pfx_netlink_sendmsg+0x10/0x10
[  623.675804][T15283]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  623.675824][T15283]  ____sys_sendmsg+0x9e1/0xb70
[  623.675834][T15283]  ? __pfx_netlink_sendmsg+0x10/0x10
[  623.675851][T15283]  ? __pfx_____sys_sendmsg+0x10/0x10
[  623.675869][T15283]  ___sys_sendmsg+0x190/0x1e0
[  623.675882][T15283]  ? __pfx____sys_sendmsg+0x10/0x10
[  623.675910][T15283]  __sys_sendmsg+0x170/0x220
[  623.675926][T15283]  ? __pfx___sys_sendmsg+0x10/0x10
[  623.675945][T15283]  ? exit_to_user_mode_loop+0xdd/0x4a0
[  623.675962][T15283]  __do_fast_syscall_32+0xe3/0x8c0
[  623.675980][T15283]  do_fast_syscall_32+0x32/0x70
[  623.675996][T15283]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  623.676010][T15283] RIP: 0023:0xf70aef6c
[  623.676020][T15283] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  623.676030][T15283] RSP: 002b:00000000f545b50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  623.676041][T15283] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000140
[  623.676048][T15283] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  623.676054][T15283] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  623.676060][T15283] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  623.676066][T15283] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  623.676080][T15283]  </TASK>
[  623.823884][T15283] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  623.828197][T15283] 9pnet_virtio: no channels available for device syz
[  624.552656][T15293] i2c i2c-1: dvb_frontend_start: failed to start kthread (-4)
[  625.173984][T15302] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2620'.
[  625.241020][T15307] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2623'.
[  627.160333][T15344] FAULT_INJECTION: forcing a failure.
[  627.160333][T15344] name failslab, interval 1, probability 0, space 0, times 0
[  627.165814][T15344] CPU: 0 UID: 0 PID: 15344 Comm: syz.5.2634 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  627.165843][T15344] Tainted: [L]=SOFTLOCKUP
[  627.165849][T15344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  627.165860][T15344] Call Trace:
[  627.165867][T15344]  <TASK>
[  627.165874][T15344]  dump_stack_lvl+0x100/0x190
[  627.165903][T15344]  should_fail_ex.cold+0x5/0xa
[  627.165927][T15344]  should_failslab+0xc2/0x120
[  627.165945][T15344]  __kmalloc_cache_noprof+0x7a/0x6f0
[  627.165968][T15344]  ? ovl_dir_open+0xa9/0x3a0
[  627.165998][T15344]  ovl_dir_open+0xa9/0x3a0
[  627.166023][T15344]  ? __pfx_apparmor_file_open+0x10/0x10
[  627.166051][T15344]  ? __pfx_ovl_dir_open+0x10/0x10
[  627.166079][T15344]  ? fsnotify_open_perm_and_set_mode+0x17a/0xa80
[  627.166104][T15344]  do_dentry_open+0x6d8/0x1660
[  627.166122][T15344]  ? __pfx_ovl_dir_open+0x10/0x10
[  627.166153][T15344]  vfs_open+0x82/0x3f0
[  627.166178][T15344]  path_openat+0x208c/0x31a0
[  627.166206][T15344]  ? fred_int80_emulation+0x630/0x6a0
[  627.166235][T15344]  ? __pfx_path_openat+0x10/0x10
[  627.166262][T15344]  do_file_open+0x20e/0x430
[  627.166283][T15344]  ? __pfx_do_file_open+0x10/0x10
[  627.166317][T15344]  ? _raw_spin_unlock+0x28/0x50
[  627.166339][T15344]  ? alloc_fd+0x476/0x790
[  627.166363][T15344]  do_sys_openat2+0x10d/0x1e0
[  627.166386][T15344]  ? __pfx_do_sys_openat2+0x10/0x10
[  627.166413][T15344]  ? __fget_files+0x21f/0x3d0
[  627.166433][T15344]  __ia32_compat_sys_open+0xfe/0x1c0
[  627.166457][T15344]  ? __pfx___ia32_compat_sys_open+0x10/0x10
[  627.166483][T15344]  ? __pfx_ksys_write+0x10/0x10
[  627.166505][T15344]  __do_fast_syscall_32+0xe3/0x8c0
[  627.166532][T15344]  do_fast_syscall_32+0x32/0x70
[  627.166556][T15344]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  627.166578][T15344] RIP: 0023:0xf6ffef6c
[  627.166593][T15344] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  627.166610][T15344] RSP: 002b:00000000f53ed50c EFLAGS: 00000292 ORIG_RAX: 0000000000000005
[  627.166628][T15344] RAX: ffffffffffffffda RBX: 0000000080000100 RCX: 0000000000149800
[  627.166639][T15344] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000
[  627.166650][T15344] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  627.166660][T15344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  627.166670][T15344] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  627.166692][T15344]  </TASK>
[  627.729451][T15357] overlay: Unknown parameter 'defcontext'
[  627.935373][T15361] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2639'.
[  627.940570][T15361] bridge_slave_1: left allmulticast mode
[  627.943013][T15361] bridge_slave_1: left promiscuous mode
[  627.944311][T15363] input: syz1 as /devices/virtual/input/input97
[  627.950854][T15361] bridge0: port 2(bridge_slave_1) entered disabled state
[  627.987963][T15361] bridge_slave_0: left allmulticast mode
[  628.071056][T15361] bridge_slave_0: left promiscuous mode
[  628.073279][T15361] bridge0: port 1(bridge_slave_0) entered disabled state
[  628.626561][T15374] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2642'.
[  628.722299][T15389] FAULT_INJECTION: forcing a failure.
[  628.722299][T15389] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  628.728518][T15389] CPU: 0 UID: 0 PID: 15389 Comm: syz.4.2647 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  628.728557][T15389] Tainted: [L]=SOFTLOCKUP
[  628.728562][T15389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  628.728572][T15389] Call Trace:
[  628.728579][T15389]  <TASK>
[  628.728586][T15389]  dump_stack_lvl+0x100/0x190
[  628.728614][T15389]  should_fail_ex.cold+0x5/0xa
[  628.728633][T15389]  _copy_from_user+0x2e/0xd0
[  628.728653][T15389]  get_compat_msghdr+0xb3/0x4b0
[  628.728674][T15389]  ? __pfx_get_compat_msghdr+0x10/0x10
[  628.728703][T15389]  ___sys_sendmsg+0x1b6/0x1e0
[  628.728722][T15389]  ? __pfx____sys_sendmsg+0x10/0x10
[  628.728765][T15389]  __sys_sendmsg+0x170/0x220
[  628.728788][T15389]  ? __pfx___sys_sendmsg+0x10/0x10
[  628.728817][T15389]  ? __pfx_ksys_write+0x10/0x10
[  628.728837][T15389]  __do_fast_syscall_32+0xe3/0x8c0
[  628.728863][T15389]  do_fast_syscall_32+0x32/0x70
[  628.728885][T15389]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  628.728904][T15389] RIP: 0023:0xf700ef6c
[  628.728918][T15389] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  628.728933][T15389] RSP: 002b:00000000f53fd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  628.728948][T15389] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
[  628.728958][T15389] RDX: 0000000020000000 RSI: 0000000000000000 RDI: 0000000000000000
[  628.728967][T15389] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  628.728977][T15389] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  628.728986][T15389] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  628.729007][T15389]  </TASK>
[  628.934379][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  629.158374][T15399] block nbd5: NBD_DISCONNECT
[  629.161930][T15398] block nbd5: Disconnected due to user request.
[  629.164445][T15398] block nbd5: shutting down sockets
[  629.199598][T15402] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2649'.
[  629.597309][ T6021] usb 10-1: new low-speed USB device number 11 using dummy_hcd
[  629.781061][ T6021] usb 10-1: config 0 has an invalid interface number: 55 but max is 0
[  629.784715][ T6021] usb 10-1: config 0 has no interface number 0
[  629.788568][ T6021] usb 10-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  629.793530][ T6021] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8
[  629.824270][ T6021] usb 10-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  629.846603][ T6021] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10
[  629.848472][T15411] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2655'.
[  629.852112][ T6021] usb 10-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8
[  629.887489][ T6021] usb 10-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  629.893346][ T6021] usb 10-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  629.897047][ T6021] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  629.907178][ T6021] usb 10-1: config 0 descriptor??
[  629.910342][T15407] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  629.913595][T15407] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  629.954374][ T6021] ldusb 10-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  630.174047][T15407] ldusb 10-1:0.55: Write buffer overflow, 1 bytes dropped
[  630.446796][    T9] usb 10-1: USB disconnect, device number 11
[  630.452450][    T9] ldusb 10-1:0.55: LD USB Device #0 now disconnected
[  630.979620][T15435] syz.4.2661 (15435): drop_caches: 2
[  631.182009][T15443] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2665'.
[  631.185691][T15443] netlink: 'syz.8.2665': attribute type 30 has an invalid length.
[  631.199907][   T46] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  631.203874][   T46] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  631.210338][   T46] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  631.214354][   T46] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  631.228606][T15443] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2665'.
[  631.232319][T15443] netlink: 'syz.8.2665': attribute type 30 has an invalid length.
[  631.456182][T15445] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2666'.
[  632.837228][T11323] usb 9-1: new high-speed USB device number 28 using dummy_hcd
[  632.893266][T15482] ufs: You didn't specify the type of your ufs filesystem
[  632.893266][T15482] 
[  632.893266][T15482] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  632.893266][T15482] 
[  632.893266][T15482] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  632.904124][T15482] ufs: ufstype=old is supported read-only
[  632.997515][T11323] usb 9-1: Using ep0 maxpacket: 8
[  633.003949][T11323] usb 9-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  633.007051][T11323] usb 9-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  633.011970][T11323] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  633.014720][T11323] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  633.020882][T11323] usbtmc 9-1:16.0: bulk endpoints not found
[  633.779372][T15497] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2685'.
[  633.817753][T15494] siw: device registration error -23
[  633.951509][   T40] kauditd_printk_skb: 9 callbacks suppressed
[  633.951526][   T40] audit: type=1326 audit(1773754646.833:3279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15499 comm="syz.8.2686" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  633.961500][   T40] audit: type=1326 audit(1773754646.833:3280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15499 comm="syz.8.2686" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf71b5cab code=0x7ffc0000
[  633.982354][   T40] audit: type=1326 audit(1773754646.833:3281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15499 comm="syz.8.2686" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  633.993924][   T40] audit: type=1326 audit(1773754646.833:3282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15499 comm="syz.8.2686" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  634.006509][   T40] audit: type=1326 audit(1773754646.851:3283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15499 comm="syz.8.2686" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  634.018971][   T40] audit: type=1326 audit(1773754646.851:3284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15499 comm="syz.8.2686" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  634.066947][   T40] audit: type=1326 audit(1773754646.945:3285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15499 comm="syz.8.2686" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  634.144646][   T40] audit: type=1326 audit(1773754647.020:3286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15499 comm="syz.8.2686" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  634.205098][T14419] usb 13-1: new high-speed USB device number 2 using dummy_hcd
[  634.207975][   T40] audit: type=1326 audit(1773754647.076:3287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15499 comm="syz.8.2686" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  634.216340][   T40] audit: type=1326 audit(1773754647.076:3288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15499 comm="syz.8.2686" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  634.376019][T14419] usb 13-1: Using ep0 maxpacket: 8
[  634.436594][T14419] usb 13-1: config index 0 descriptor too short (expected 74, got 45)
[  634.439791][T14419] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024
[  634.444464][T14419] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  634.448652][T14419] usb 13-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024
[  634.453137][T14419] usb 13-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  634.457059][T14419] usb 13-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  634.462391][T14419] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  634.465916][T14419] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  634.941607][T14419] usb 13-1: usb_control_msg returned -32
[  634.944468][T14419] usbtmc 13-1:16.0: can't read capabilities
[  635.837825][T14419] usb 9-1: USB disconnect, device number 28
[  635.924488][T15519] syz.5.2690 (15519) used greatest stack depth: 17784 bytes left
[  636.292401][T15526] tmpfs: Bad value for 'mpol'
[  636.517110][T15528] only policy match revision 0 supported
[  636.517130][T15528] unable to load match
[  637.732852][T15555] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2701'.
[  637.808800][T15555] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2701'.
[  637.884310][ T6021] usb 13-1: USB disconnect, device number 2
[  638.053023][T15560] FAULT_INJECTION: forcing a failure.
[  638.053023][T15560] name failslab, interval 1, probability 0, space 0, times 0
[  638.057612][T15560] CPU: 1 UID: 0 PID: 15560 Comm: syz.5.2703 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  638.057640][T15560] Tainted: [L]=SOFTLOCKUP
[  638.057648][T15560] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  638.057658][T15560] Call Trace:
[  638.057665][T15560]  <TASK>
[  638.057673][T15560]  dump_stack_lvl+0x100/0x190
[  638.057704][T15560]  should_fail_ex.cold+0x5/0xa
[  638.057727][T15560]  should_failslab+0xc2/0x120
[  638.057747][T15560]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  638.057775][T15560]  ? __alloc_skb+0x140/0x710
[  638.057803][T15560]  __alloc_skb+0x140/0x710
[  638.057825][T15560]  ? __alloc_skb+0x5b7/0x710
[  638.057847][T15560]  ? __pfx___alloc_skb+0x10/0x10
[  638.057872][T15560]  ? up_write+0x290/0x4f0
[  638.057900][T15560]  alloc_skb_with_frags+0xe0/0x810
[  638.057931][T15560]  ? tomoyo_check_open_permission+0x1db/0x3c0
[  638.057955][T15560]  sock_alloc_send_pskb+0x801/0x980
[  638.057985][T15560]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  638.058008][T15560]  ? __lock_acquire+0x4a5/0x2630
[  638.058038][T15560]  unix_dgram_sendmsg+0x3c7/0x1820
[  638.058062][T15560]  ? tomoyo_socket_sendmsg_permission+0x14e/0x3c0
[  638.058087][T15560]  ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10
[  638.058113][T15560]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  638.058137][T15560]  ? __might_fault+0xc5/0x140
[  638.058161][T15560]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  638.058194][T15560]  ____sys_sendmsg+0x9e1/0xb70
[  638.058211][T15560]  ? __pfx_unix_dgram_sendmsg+0x10/0x10
[  638.058233][T15560]  ? __pfx_____sys_sendmsg+0x10/0x10
[  638.058251][T15560]  ? _parse_integer_limit+0x17f/0x1d0
[  638.058279][T15560]  ? _kstrtoull+0x13c/0x1f0
[  638.058312][T15560]  ? __pfx__kstrtoull+0x10/0x10
[  638.058340][T15560]  ___sys_sendmsg+0x190/0x1e0
[  638.058361][T15560]  ? __pfx____sys_sendmsg+0x10/0x10
[  638.058381][T15560]  ? __lock_acquire+0x4a5/0x2630
[  638.058413][T15560]  ? find_held_lock+0x2b/0x80
[  638.058446][T15560]  __sys_sendmmsg+0x2ff/0x430
[  638.058475][T15560]  ? __pfx___sys_sendmmsg+0x10/0x10
[  638.058508][T15560]  ? __fget_files+0x215/0x3d0
[  638.058536][T15560]  ? fput+0x79/0x100
[  638.058557][T15560]  ? ksys_write+0x1ac/0x250
[  638.058572][T15560]  ? __pfx_ksys_write+0x10/0x10
[  638.058591][T15560]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  638.058617][T15560]  ? lockdep_hardirqs_on+0x78/0x100
[  638.058643][T15560]  __do_fast_syscall_32+0xe3/0x8c0
[  638.058672][T15560]  do_fast_syscall_32+0x32/0x70
[  638.058698][T15560]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  638.058721][T15560] RIP: 0023:0xf6ffef6c
[  638.058736][T15560] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  638.058753][T15560] RSP: 002b:00000000f53ed50c EFLAGS: 00000292 ORIG_RAX: 0000000000000159
[  638.058771][T15560] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080001c00
[  638.058782][T15560] RDX: 0000000000000159 RSI: 0000000000040840 RDI: 0000000000000000
[  638.058793][T15560] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  638.058803][T15560] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  638.058813][T15560] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  638.058835][T15560]  </TASK>
[  638.240895][T15565] AppArmor: change_hat: Invalid input '0x'
[  638.457889][T15567] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2706'.
[  638.566475][T15579] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2711'.
[  638.600150][T15579] bridge0: port 1(geneve2) entered blocking state
[  638.602262][T15579] bridge0: port 1(geneve2) entered disabled state
[  638.604419][T15579] geneve2: entered allmulticast mode
[  638.607076][T15579] geneve2: entered promiscuous mode
[  639.257458][T15599] xt_connbytes: Forcing CT accounting to be enabled
[  639.260057][T15599] xt_TPROXY: Can be used only with -p tcp or -p udp
[  639.378025][T15601] netlink: 84 bytes leftover after parsing attributes in process `syz.4.2716'.
[  639.988642][T15615] netlink: 32 bytes leftover after parsing attributes in process `syz.5.2722'.
[  640.216473][T15631] FAULT_INJECTION: forcing a failure.
[  640.216473][T15631] name failslab, interval 1, probability 0, space 0, times 0
[  640.220685][T15631] CPU: 3 UID: 0 PID: 15631 Comm: syz.7.2729 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  640.220703][T15631] Tainted: [L]=SOFTLOCKUP
[  640.220707][T15631] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  640.220714][T15631] Call Trace:
[  640.220718][T15631]  <TASK>
[  640.220727][T15631]  dump_stack_lvl+0x100/0x190
[  640.220747][T15631]  should_fail_ex.cold+0x5/0xa
[  640.220760][T15631]  should_failslab+0xc2/0x120
[  640.220772][T15631]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  640.220788][T15631]  ? __alloc_skb+0x140/0x710
[  640.220805][T15631]  __alloc_skb+0x140/0x710
[  640.220819][T15631]  ? __alloc_skb+0x5b7/0x710
[  640.220832][T15631]  ? __pfx___alloc_skb+0x10/0x10
[  640.220850][T15631]  netlink_alloc_large_skb+0x69/0x150
[  640.220868][T15631]  netlink_sendmsg+0x680/0xda0
[  640.220887][T15631]  ? __pfx_netlink_sendmsg+0x10/0x10
[  640.220905][T15631]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  640.220925][T15631]  ____sys_sendmsg+0x9e1/0xb70
[  640.220935][T15631]  ? __pfx_netlink_sendmsg+0x10/0x10
[  640.220953][T15631]  ? __pfx_____sys_sendmsg+0x10/0x10
[  640.220970][T15631]  ___sys_sendmsg+0x190/0x1e0
[  640.220982][T15631]  ? __pfx____sys_sendmsg+0x10/0x10
[  640.221009][T15631]  __sys_sendmsg+0x170/0x220
[  640.221026][T15631]  ? __pfx___sys_sendmsg+0x10/0x10
[  640.221045][T15631]  ? __pfx_ksys_write+0x10/0x10
[  640.221058][T15631]  __do_fast_syscall_32+0xe3/0x8c0
[  640.221076][T15631]  do_fast_syscall_32+0x32/0x70
[  640.221092][T15631]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  640.221106][T15631] RIP: 0023:0xf70aef6c
[  640.221115][T15631] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  640.221126][T15631] RSP: 002b:00000000f549d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  640.221140][T15631] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  640.221167][T15631] RDX: 0000000004008840 RSI: 0000000000000000 RDI: 0000000000000000
[  640.221173][T15631] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  640.221179][T15631] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  640.221188][T15631] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  640.221205][T15631]  </TASK>
[  640.463687][T15645] input: syz1 as /devices/virtual/input/input98
[  640.945497][T15655] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  640.961494][T15655] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  641.066814][   T13] netdevsim netdevsim8 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  641.070511][   T13] netdevsim netdevsim8 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  641.081313][   T13] netdevsim netdevsim8 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  641.085168][   T13] netdevsim netdevsim8 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  641.094324][   T13] netdevsim netdevsim8 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  641.098583][   T13] netdevsim netdevsim8 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  641.108287][   T13] netdevsim netdevsim8 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  641.111683][   T13] netdevsim netdevsim8 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  641.317623][   T40] kauditd_printk_skb: 58 callbacks suppressed
[  641.317635][   T40] audit: type=1326 audit(1773754653.729:3347): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=unconfined pid=15669 comm="syz.7.2740" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70aef6c code=0x0
[  641.980453][T15685] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2743'.
[  642.203192][T15690] [U] 
[  642.204919][T15690] [U] K{�
[  642.205953][T15690] [U] �t �1��Š�F���fˊ�`G�J��g���������o��/�mC�
[  642.208215][T15690] [U] t�ؖ/,�~�Ĝ��j���}8���'o1��"�7-�JQ�K��W��q�5c%"�H12��Y������X�`����`+��(��!(���z'�tXln�I�g�j����ݭ�p�~�7�!���"�����(�5�Ob���̓J�
[  642.213192][T15690] [U] �k\&�}6�6�X�HX�������.`�a�$�40|϶��9��ި����U��4���Vbz��}�w�M�T���Q��Φr�4��
[  642.216524][T15690] [U] ".h6��"�k�[����J�4��I�n��[Z(��C|T�]z{��3�c=��x�����4�w�)\T�XJ��SH{q;칢��t��+���g����d�.˂�>y����wUh�fN����hl]S�2���\g%�O�&z)��'�pul�_<�	�ذ����`ұT�������;_�"(�u{7j��2X �/�'��c���I����H�c�ճ�V�=��Ai�%w�Es� R��j���g��r����hI
���a��6-�D��V�� i"��n� ��Asc~4���8c�*�OO5/��J�~���w�vK+����3��Y)��M���v��yq潀DTr�
Otpem%f��ej�A5��T_-X~�^aaۂ�q��
[  642.228279][T15690] [U] 	+�w�G?]��'a:	��)�
����' B>t���f/��<'�U�'��h�i�.+]e�.�-ɿ���%��>2`�^U�8F.�6��3��+�A�«���g3�p��6:�^0��t��v�'E�t����YC�n��rϩ�n�Pj�;�Z������8!��\���A�ʖ2��$�­wi.��#��/Bai���`��4j��d�y@�z��gW�5˿B��ٜ�N�y"vI2��
[  642.236060][T15690] [U] �T�_K5�t�YJ���9��c�$br�L�Nul��9w���|�G�"ʃ�%����C�؝���q��
 ��3��q��N^HP*��$	�.�7yӱ�2�
[  642.239637][T15690] [U] �?���h��*����3�7�鍾^#Q�"0~���(�o�XL�b�,'v��=���C�S���G�S��0�ւ��`���ه��=1(��p#�2DO*Ƀ
[  642.243562][T15690] [U] �s��g������Gu��d-{���|&������2��L�c_��!`��oz֥�B��%>�r��w���Ss�H"�yA4�O.�Y��䏄RTԶ�B�[+/<<R�B����|Фe���۠�V96#���ͤ�j�U�%
s851���ҩs�P��\��?q�|L��QX�0�K�1orɴ2��|��d�F�������2ޔ���0��H�}C[/����px^��o
[  642.262655][T15690] [U] �؛���(J�Л��m��xz�;�����؝_����*3�3��5�\�xm��U��AK!aQ`��;F�I+��VUH���m�j��Ʒ��Z�c��z���)_矡	���&�����a�xto���_� ���:���%�P���C���y�+_�����}U�m��ƫC�!KJ�7��g��=b�
[  642.270850][T15690] [U] ٽ�F�%�XA��l�2r*g��VW��$��j	�A��F�ߝ�+��9̈́Vi�֗�kپ�1}_��
�%�r6��(]��/����řYܺ��h����r g��rn/ܫ�#!�d����%���D��-{�$�vU��T���$:mtr�E�C1V�D~��];[�����sq����(��e,X�8�"�
��G�d���2@T8��������t8.Rc+�@�ꦇp�u�
p����C���'�yL�-Ss1E?�7�O���^]����c��H]�Jkr]Rkq܆��ݣ��OTc��x���4�N�	��&���ڋ��@�:m7�~�+�W*���xM��>>��{q���
_�՝LX8�U����{�Z����)��7?�rR;�c�r�hײڣ����1�>)�Mă��t���(��aϝ�}9�ڥ�J*Mќ�ġ�'L��q	�DW����=��|q�	�Æ�W;5��Ž�!�dB�x`��/��E�`ƦM��X��"�\
[  642.286482][T15690] [U] {;����٘_�o2��)�o��.2�W2���y���x_  HPϱ�S�D����:]�{������
[  642.290140][T15690] [U] I,�>��	��5�1��^1�N4�oǶ�'0�?֒i�9w.�_.�W�a���V��`)�Z���c6Giӹ�a��XL[����F�*��O�W)+��'\n�
[K@����2�Ǭ���p"^`���	��
[  642.295931][T15690] [U] 22��Ʃ���x?0;3u�
[  642.297847][T15690] [U] ޜ�
��sObx�8�W�4�(�~/���K�U��ԖoQ�e+�G�-y�gY_
�>v�����3.h�ә]̈́�2��)�D�,	��	�D~�d���+�w;A\�F
P��Ș|$��)�
KؐI���ɿk�YT^R���癵��A=�#�ܜ	����ae��t�1��ݯ4K�.e"R�S|��s���:��>p��r�"z������#P!�KY"�}��F�N84����hޱ�o��sߙ̫%Dlw�m��
[  642.308267][T15690] [U] [�['xn�'�����,mr��/����1D=!D�x91B�
w�R�lf���K�Z��#�`�l؛�˜��b~�m���
[  642.311847][T15690] [U] �L�>��d+�d�����"5���h3<���iR=F^�f�n��������v���D�OIO�:U�>�Y�
[  642.315020][T15690] [U] 'B�6v�20��瞥�׌�"t8�{9�FW��]���쩍
[  642.317325][T15690] [U] �72�����u�C6����τI]8c��tۨQSk�Y��I��� �|V'�TV/��g�$[� 9kh`�"����}��[^=��0�]��%�̂T�����F�_v�4C���
[  642.321641][T15690] [U] �ec�
[  642.323060][T15690] [U] ���|���<��:^�3$7nK~�-�@��?��/mtl��۾�I�w�@g~t�{��P�+�$�jp|���I�Ri�pm� ��Y� ��8�t���V�����,�l�,�
[  642.626879][T15698] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  643.016125][T15689] [U] �K�����)0���~��ʪ�iP'�f��z��r���@B�]�5��{��ʼ�'�8�ƥF��UTqUd
ǩ�K;7��0c[��y���YC���ذm��L�8�T�͚�5���rx����W� x���oQhVi'8����L�
[  645.196292][T15724] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(8)
[  645.198603][T15724] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  645.201633][T15724] vhci_hcd vhci_hcd.0: Device attached
[  645.205352][T15724] random: crng reseeded on system resumption
[  645.219232][T15724] EXT4-fs (sr0): VFS: Can't find ext4 filesystem
[  645.228507][T15736] EXT4-fs (sr0): VFS: Can't find ext4 filesystem
[  645.364467][T15732] vhci_hcd: connection closed
[  645.364791][   T13] vhci_hcd vhci_hcd.7: stop threads
[  645.369032][   T13] vhci_hcd vhci_hcd.7: release socket
[  645.374705][   T13] vhci_hcd vhci_hcd.7: disconnect device
[  645.557640][T15745] overlay: ./file0 is not a directory
[  646.499483][T15777] No control pipe specified
[  646.548155][T15781] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2772'.
[  646.555431][T15782] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2772'.
[  646.566788][T15783] 9pnet_virtio: no channels available for device syz
[  647.684570][T15801] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2778'.
[  647.816545][T15803] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2781'.
[  648.109592][T15808] FAULT_INJECTION: forcing a failure.
[  648.109592][T15808] name failslab, interval 1, probability 0, space 0, times 0
[  648.116241][T15808] CPU: 1 UID: 0 PID: 15808 Comm: syz.7.2783 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  648.116281][T15808] Tainted: [L]=SOFTLOCKUP
[  648.116286][T15808] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  648.116295][T15808] Call Trace:
[  648.116301][T15808]  <TASK>
[  648.116308][T15808]  dump_stack_lvl+0x100/0x190
[  648.116336][T15808]  should_fail_ex.cold+0x5/0xa
[  648.116358][T15808]  should_failslab+0xc2/0x120
[  648.116375][T15808]  __kmalloc_cache_noprof+0x7a/0x6f0
[  648.116395][T15808]  ? vkms_plane_duplicate_state+0x87/0x130
[  648.116418][T15808]  vkms_plane_duplicate_state+0x87/0x130
[  648.116436][T15808]  drm_atomic_get_plane_state+0x279/0x760
[  648.116453][T15808]  ? __lock_acquire+0x4a5/0x2630
[  648.116475][T15808]  drm_atomic_set_property+0x72f/0x3d30
[  648.116500][T15808]  ? __pfx_drm_atomic_set_property+0x10/0x10
[  648.116524][T15808]  ? find_held_lock+0x2b/0x80
[  648.116541][T15808]  ? __might_fault+0xc5/0x140
[  648.116561][T15808]  ? __might_fault+0xc5/0x140
[  648.116591][T15808]  drm_mode_atomic_ioctl+0x6c5/0x2680
[  648.116635][T15808]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  648.116655][T15808]  ? __lock_acquire+0x4a5/0x2630
[  648.116686][T15808]  ? drm_is_current_master+0x2c/0x40
[  648.116704][T15808]  ? drm_is_current_master+0x2c/0x40
[  648.116727][T15808]  ? do_raw_spin_unlock+0x145/0x1e0
[  648.116757][T15808]  drm_ioctl_kernel+0x1f3/0x3e0
[  648.116779][T15808]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  648.116804][T15808]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  648.116832][T15808]  drm_ioctl+0x5e6/0xc60
[  648.116857][T15808]  ? __pfx_drm_mode_atomic_ioctl+0x10/0x10
[  648.116878][T15808]  ? __pfx_drm_ioctl+0x10/0x10
[  648.116914][T15808]  drm_compat_ioctl+0x376/0x4b0
[  648.116941][T15808]  ? __pfx_drm_compat_ioctl+0x10/0x10
[  648.116963][T15808]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  648.116989][T15808]  __do_fast_syscall_32+0xe3/0x8c0
[  648.117020][T15808]  do_fast_syscall_32+0x32/0x70
[  648.117042][T15808]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  648.117063][T15808] RIP: 0023:0xf70aef6c
[  648.117076][T15808] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  648.117093][T15808] RSP: 002b:00000000f546950c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  648.117112][T15808] RAX: ffffffffffffffda RBX: 000000000000000f RCX: 00000000c03864bc
[  648.117122][T15808] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000
[  648.117131][T15808] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  648.117140][T15808] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  648.117149][T15808] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  648.117175][T15808]  </TASK>
[  648.905130][   T40] audit: type=1326 audit(1773754660.823:3348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15813 comm="syz.5.2785" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  648.920340][   T40] audit: type=1326 audit(1773754660.841:3349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15813 comm="syz.5.2785" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7135cab code=0x7ffc0000
[  648.929978][   T40] audit: type=1326 audit(1773754660.841:3350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15813 comm="syz.5.2785" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  648.940036][   T40] audit: type=1326 audit(1773754660.841:3351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15813 comm="syz.5.2785" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  648.950428][   T40] audit: type=1326 audit(1773754660.841:3352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15813 comm="syz.5.2785" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  648.962751][   T40] audit: type=1326 audit(1773754660.841:3353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15813 comm="syz.5.2785" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7135cab code=0x7ffc0000
[  648.970389][   T40] audit: type=1326 audit(1773754660.841:3354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15813 comm="syz.5.2785" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  648.979502][   T40] audit: type=1326 audit(1773754660.841:3355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15813 comm="syz.5.2785" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7135cab code=0x7ffc0000
[  648.988716][   T40] audit: type=1326 audit(1773754660.841:3356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15813 comm="syz.5.2785" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7135cab code=0x7ffc0000
[  648.997712][   T40] audit: type=1326 audit(1773754660.841:3357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15813 comm="syz.5.2785" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7135cab code=0x7ffc0000
[  649.134274][    T9] usb 13-1: new low-speed USB device number 3 using dummy_hcd
[  649.295392][    T9] usb 13-1: config 168 descriptor has 1 excess byte, ignoring
[  649.304491][    T9] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  649.308633][    T9] usb 13-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  649.313154][    T9] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  649.326478][    T9] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  649.333384][    T9] usb 13-1: config 168 descriptor has 1 excess byte, ignoring
[  649.336482][    T9] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  649.340616][    T9] usb 13-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  649.345118][    T9] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  649.349965][    T9] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  649.354934][    T9] usb 13-1: config 168 descriptor has 1 excess byte, ignoring
[  649.357261][    T9] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  649.361631][    T9] usb 13-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  649.366220][    T9] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  649.370632][    T9] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  649.377964][    T9] usb 13-1: string descriptor 0 read error: -22
[  649.381538][    T9] usb 13-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  649.385131][    T9] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  649.395746][    T9] adutux 13-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  651.759543][T15842] siw: device registration error -23
[  653.374205][ T5938] usb 13-1: USB disconnect, device number 3
[  653.698655][T15867] siw: device registration error -23
[  654.339809][T15890] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2803'.
[  654.514441][T15890] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2803'.
[  654.682471][T15894] usb usb7: usbfs: process 15894 (syz.5.2807) did not claim interface 0 before use
[  655.847096][   T40] kauditd_printk_skb: 18 callbacks suppressed
[  655.847141][   T40] audit: type=1326 audit(1773754667.327:3376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15899 comm="syz.5.2809" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf6ffef6c code=0x0
[  656.164854][  T829] usb 12-1: new high-speed USB device number 3 using dummy_hcd
[  656.346521][  T829] usb 12-1: Using ep0 maxpacket: 8
[  656.350209][  T829] usb 12-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  656.353411][  T829] usb 12-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  656.358230][  T829] usb 12-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  656.362332][  T829] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  656.395115][  T829] usbtmc 12-1:16.0: bulk endpoints not found
[  657.544106][T15928] netlink: 'syz.4.2818': attribute type 3 has an invalid length.
[  659.106784][  T829] usb 12-1: USB disconnect, device number 3
[  659.545121][T15963] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7)
[  659.547455][T15963] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  659.560398][T15963] vhci_hcd vhci_hcd.0: Device attached
[  659.565871][T15970] FAULT_INJECTION: forcing a failure.
[  659.565871][T15970] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  659.584729][T15970] CPU: 2 UID: 0 PID: 15970 Comm: syz.7.2829 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  659.584748][T15970] Tainted: [L]=SOFTLOCKUP
[  659.584752][T15970] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  659.584758][T15970] Call Trace:
[  659.584762][T15970]  <TASK>
[  659.584766][T15970]  dump_stack_lvl+0x100/0x190
[  659.584787][T15970]  should_fail_ex.cold+0x5/0xa
[  659.584800][T15970]  _copy_to_user+0x32/0xd0
[  659.584814][T15970]  simple_read_from_buffer+0xcb/0x170
[  659.584833][T15970]  proc_fail_nth_read+0x1af/0x230
[  659.584846][T15970]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  659.584860][T15970]  ? rw_verify_area+0xce/0x6d0
[  659.584875][T15970]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  659.584888][T15970]  vfs_read+0x1e4/0xb30
[  659.584907][T15970]  ? __pfx_vfs_read+0x10/0x10
[  659.584923][T15970]  ? find_held_lock+0x2b/0x80
[  659.584934][T15970]  ? __fget_files+0x215/0x3d0
[  659.584959][T15970]  ? __fget_files+0x21f/0x3d0
[  659.584974][T15970]  ksys_read+0x12a/0x250
[  659.584983][T15970]  ? __pfx_ksys_read+0x10/0x10
[  659.584997][T15970]  do_int80_emulation+0x141/0x6b0
[  659.585015][T15970]  asm_int80_emulation+0x1a/0x20
[  659.585026][T15970] RIP: 0023:0xf71e5cab
[  659.585035][T15970] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  659.585045][T15970] RSP: 002b:00000000f549d4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  659.585056][T15970] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f549d5d0
[  659.585063][T15970] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  659.585070][T15970] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  659.585076][T15970] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  659.585082][T15970] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  659.585096][T15970]  </TASK>
[  659.809014][ T1325] usb 45-1: new low-speed USB device number 3 using vhci_hcd
[  659.819721][ T6042] usb 9-1: new full-speed USB device number 29 using dummy_hcd
[  660.003925][ T6042] usb 9-1: config 0 has no interfaces?
[  660.007020][ T6042] usb 9-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[  660.011506][ T6042] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  660.047999][ T6042] usb 9-1: config 0 descriptor??
[  660.633875][T15967] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 2
[  660.636461][   T89] vhci_hcd vhci_hcd.4: stop threads
[  660.638643][   T89] vhci_hcd vhci_hcd.4: release socket
[  660.642314][   T89] vhci_hcd vhci_hcd.4: disconnect device
[  660.652504][ T6042] usb 9-1: USB disconnect, device number 29
[  662.686173][T15995] netlink: 16 bytes leftover after parsing attributes in process `syz.8.2837'.
[  662.843820][    T9] usb 12-1: new high-speed USB device number 4 using dummy_hcd
[  663.026480][    T9] usb 12-1: Using ep0 maxpacket: 8
[  663.037299][    T9] usb 12-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  663.041803][    T9] usb 12-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  663.048751][    T9] usb 12-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  663.052765][    T9] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  663.060749][    T9] usbtmc 12-1:16.0: bulk endpoints not found
[  663.379003][T16008] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2842'.
[  663.446792][T16015] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(6)
[  663.449104][T16015] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  663.454659][T16015] vhci_hcd vhci_hcd.0: Device attached
[  663.582471][T16017] vhci_hcd: connection closed
[  663.591716][ T1157] vhci_hcd vhci_hcd.8: stop threads
[  663.595409][ T1157] vhci_hcd vhci_hcd.8: release socket
[  663.597679][ T1157] vhci_hcd vhci_hcd.8: disconnect device
[  663.645919][    T9] vhci_hcd vhci_hcd.8: vhci_device speed not set
[  664.270743][T16025] syzkaller1: entered promiscuous mode
[  664.272617][T16025] syzkaller1: entered allmulticast mode
[  664.768418][T16030] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2848'.
[  664.875309][T16041] FAULT_INJECTION: forcing a failure.
[  664.875309][T16041] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  664.882118][T16041] CPU: 0 UID: 0 PID: 16041 Comm: syz.8.2853 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  664.882145][T16041] Tainted: [L]=SOFTLOCKUP
[  664.882153][T16041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  664.882162][T16041] Call Trace:
[  664.882169][T16041]  <TASK>
[  664.882177][T16041]  dump_stack_lvl+0x100/0x190
[  664.882239][T16041]  should_fail_ex.cold+0x5/0xa
[  664.882262][T16041]  _copy_from_user+0x2e/0xd0
[  664.882286][T16041]  get_compat_msghdr+0xb3/0x4b0
[  664.882312][T16041]  ? __pfx_get_compat_msghdr+0x10/0x10
[  664.882345][T16041]  ___sys_sendmsg+0x1b6/0x1e0
[  664.882369][T16041]  ? __pfx____sys_sendmsg+0x10/0x10
[  664.882418][T16041]  __sys_sendmsg+0x170/0x220
[  664.882444][T16041]  ? __pfx___sys_sendmsg+0x10/0x10
[  664.882479][T16041]  ? __pfx_ksys_write+0x10/0x10
[  664.882509][T16041]  __do_fast_syscall_32+0xe3/0x8c0
[  664.882539][T16041]  do_fast_syscall_32+0x32/0x70
[  664.882565][T16041]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  664.882588][T16041] RIP: 0023:0xf707ef6c
[  664.882605][T16041] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  664.882622][T16041] RSP: 002b:00000000f546d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  664.882641][T16041] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340
[  664.882653][T16041] RDX: 0000000004000881 RSI: 0000000000000000 RDI: 0000000000000000
[  664.882664][T16041] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  664.882675][T16041] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  664.882686][T16041] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  664.882710][T16041]  </TASK>
[  665.129541][   T40] audit: type=1326 audit(1773754676.011:3377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16045 comm="syz.8.2854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  665.137786][   T40] audit: type=1326 audit(1773754676.011:3378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16045 comm="syz.8.2854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  665.146125][   T40] audit: type=1326 audit(1773754676.020:3379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16045 comm="syz.8.2854" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf71b5cab code=0x7ffc0000
[  665.154253][   T40] audit: type=1326 audit(1773754676.020:3380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16045 comm="syz.8.2854" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  665.162159][   T40] audit: type=1326 audit(1773754676.020:3381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16045 comm="syz.8.2854" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  665.169517][   T40] audit: type=1326 audit(1773754676.020:3382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16045 comm="syz.8.2854" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  665.176738][   T40] audit: type=1326 audit(1773754676.020:3383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16045 comm="syz.8.2854" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf71b5cab code=0x7ffc0000
[  665.184275][   T40] audit: type=1326 audit(1773754676.020:3384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16045 comm="syz.8.2854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  665.191199][   T40] audit: type=1326 audit(1773754676.020:3385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16045 comm="syz.8.2854" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  665.199793][   T40] audit: type=1326 audit(1773754676.030:3386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16045 comm="syz.8.2854" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf71b5cab code=0x7ffc0000
[  665.269486][ T1325] vhci_hcd vhci_hcd.4: vhci_device speed not set
[  665.806369][ T6042] usb 12-1: USB disconnect, device number 4
[  666.220414][   T24] usb 13-1: new low-speed USB device number 4 using dummy_hcd
[  666.404733][   T24] usb 13-1: config 168 descriptor has 1 excess byte, ignoring
[  666.407307][   T24] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  666.410764][   T24] usb 13-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  666.418089][   T24] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  666.421816][   T24] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  666.426425][   T24] usb 13-1: config 168 descriptor has 1 excess byte, ignoring
[  666.429006][   T24] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  666.432484][   T24] usb 13-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  666.437084][   T24] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  666.440953][   T24] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  666.445993][   T24] usb 13-1: config 168 descriptor has 1 excess byte, ignoring
[  666.448506][   T24] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  666.452696][   T24] usb 13-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  666.457127][   T24] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  666.461338][   T24] usb 13-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  666.467492][   T24] usb 13-1: string descriptor 0 read error: -22
[  666.469578][   T24] usb 13-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  666.472815][   T24] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  666.484403][   T24] adutux 13-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  666.770112][ T1325] usb 9-1: new high-speed USB device number 30 using dummy_hcd
[  666.965534][ T1325] usb 9-1: Using ep0 maxpacket: 32
[  667.471444][ T1325] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  667.537963][T16074] autofs: Bad value for 'fd'
[  667.866197][   T24] usb 12-1: new high-speed USB device number 5 using dummy_hcd
[  668.037456][   T24] usb 12-1: Using ep0 maxpacket: 8
[  668.056204][   T24] usb 12-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  668.068850][   T24] usb 12-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  668.087201][   T24] usb 12-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  668.096633][   T24] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  668.138559][   T24] usbtmc 12-1:16.0: bulk endpoints not found
[  668.195223][ T1325] usb 9-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  668.205832][ T1325] usb 9-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  668.208625][ T1325] usb 9-1: Product: syz
[  668.209980][ T1325] usb 9-1: Manufacturer: syz
[  668.211916][ T1325] usb 9-1: SerialNumber: syz
[  668.217037][ T1325] usb 9-1: config 0 descriptor??
[  668.219944][T16063] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  668.563923][T11323] usb 9-1: USB disconnect, device number 30
[  669.199047][T16094] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2869'.
[  669.695852][T16101] mkiss: ax0: crc mode is auto.
[  670.606280][T16117] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2878'.
[  670.812703][T14419] usb 12-1: USB disconnect, device number 5
[  670.993310][T16128] mkiss: ax0: crc mode is auto.
[  671.109533][  T829] usb 13-1: USB disconnect, device number 4
[  672.037219][T16138] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2884'.
[  672.343608][T11323] usb 13-1: new high-speed USB device number 5 using dummy_hcd
[  672.514548][T11323] usb 13-1: Using ep0 maxpacket: 16
[  672.525841][T11323] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  672.535318][T11323] usb 13-1: config 0 interface 0 has no altsetting 0
[  672.541118][T11323] usb 13-1: New USB device found, idVendor=15c2, idProduct=0041, bcdDevice=1f.20
[  672.544990][T11323] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  672.557558][T11323] usb 13-1: Product: syz
[  672.559425][T11323] usb 13-1: Manufacturer: syz
[  672.561329][T11323] usb 13-1: SerialNumber: syz
[  672.577321][T11323] usb 13-1: config 0 descriptor??
[  672.846227][    C2] imon 13-1:0.0: imon usb_rx_callback_intf0: status(-71)
[  672.849290][T11323] input: iMON Panel, Knob and Mouse(15c2:0041) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:0.0/input/input99
[  672.860637][T11323] imon:send_packet: packet tx failed (-71)
[  672.899378][T11323] imon 13-1:0.0: panel buttons/knobs setup failed
[  672.943529][T16147] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2888'.
[  672.987594][T16149] libceph: resolve '0..' (ret=-3): failed
[  672.995486][T11323] rc_core: IR keymap rc-imon-pad not found
[  672.997581][T11323] Registered IR keymap rc-empty
[  672.999265][T11323] imon 13-1:0.0: Looks like you're trying to use an IR protocol this device does not support
[  673.002667][T11323] imon 13-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  673.006054][T11323] imon:send_packet: packet tx failed (-71)
[  673.029978][T11323] imon 13-1:0.0: remote input dev register failed
[  673.038549][T11323] imon 13-1:0.0: imon_init_intf0: rc device setup failed
[  673.108880][T11323] imon 13-1:0.0: unable to initialize intf0, err 0
[  673.115166][T11323] imon:imon_probe: failed to initialize context!
[  673.117922][T11323] imon 13-1:0.0: unable to register, err -19
[  673.134925][T11323] usb 13-1: USB disconnect, device number 5
[  673.519291][T11323] usb 13-1: new high-speed USB device number 6 using dummy_hcd
[  673.690463][T11323] usb 13-1: Using ep0 maxpacket: 16
[  673.700665][T11323] usb 13-1: config 0 interface 0 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  673.706499][T11323] usb 13-1: config 0 interface 0 has no altsetting 0
[  673.713879][T11323] usb 13-1: New USB device found, idVendor=15c2, idProduct=0041, bcdDevice=1f.20
[  673.728057][T11323] usb 13-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  673.742729][T11323] usb 13-1: Product: syz
[  673.750374][T11323] usb 13-1: Manufacturer: syz
[  673.754621][T11323] usb 13-1: SerialNumber: syz
[  673.772534][T11323] usb 13-1: config 0 descriptor??
[  675.582142][T16179] FAULT_INJECTION: forcing a failure.
[  675.582142][T16179] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  675.587708][T16179] CPU: 1 UID: 0 PID: 16179 Comm: syz.7.2896 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  675.587736][T16179] Tainted: [L]=SOFTLOCKUP
[  675.587743][T16179] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  675.587754][T16179] Call Trace:
[  675.587762][T16179]  <TASK>
[  675.587784][T16179]  dump_stack_lvl+0x100/0x190
[  675.587816][T16179]  should_fail_ex.cold+0x5/0xa
[  675.587838][T16179]  _copy_from_user+0x2e/0xd0
[  675.587860][T16179]  kstrtouint_from_user+0xd6/0x1d0
[  675.587886][T16179]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  675.587911][T16179]  ? __lock_acquire+0x4a5/0x2630
[  675.587937][T16179]  ? lock_acquire+0x1cf/0x380
[  675.587964][T16179]  proc_fail_nth_write+0x83/0x220
[  675.587987][T16179]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  675.588016][T16179]  vfs_write+0x2aa/0x1070
[  675.588034][T16179]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  675.588058][T16179]  ? __pfx_vfs_write+0x10/0x10
[  675.588084][T16179]  ? find_held_lock+0x2b/0x80
[  675.588101][T16179]  ? __fget_files+0x215/0x3d0
[  675.588123][T16179]  ? __fget_files+0x21f/0x3d0
[  675.588147][T16179]  ksys_write+0x12a/0x250
[  675.588164][T16179]  ? __pfx_ksys_write+0x10/0x10
[  675.588189][T16179]  do_int80_emulation+0x141/0x6b0
[  675.588218][T16179]  asm_int80_emulation+0x1a/0x20
[  675.588237][T16179] RIP: 0023:0xf71e5cab
[  675.588252][T16179] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  675.588269][T16179] RSP: 002b:00000000f549d4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[  675.588286][T16179] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f549d5d0
[  675.588297][T16179] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  675.588307][T16179] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  675.588317][T16179] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  675.588327][T16179] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  675.588350][T16179]  </TASK>
[  675.903406][T16181] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2897'.
[  676.262572][    C2] imon 13-1:0.0: imon usb_rx_callback_intf0: status(-71)
[  676.267963][T11323] input: iMON Panel, Knob and Mouse(15c2:0041) as /devices/platform/dummy_hcd.8/usb13/13-1/13-1:0.0/input/input101
[  676.293243][T11323] imon:send_packet: packet tx failed (-71)
[  676.309860][T11323] imon 13-1:0.0: panel buttons/knobs setup failed
[  676.367895][T16189] syzkaller0: entered promiscuous mode
[  676.369880][T16189] syzkaller0: entered allmulticast mode
[  676.453760][T11323] rc_core: IR keymap rc-imon-pad not found
[  676.477134][T11323] Registered IR keymap rc-empty
[  676.479985][T11323] imon 13-1:0.0: Looks like you're trying to use an IR protocol this device does not support
[  676.486408][T11323] imon 13-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[  676.490839][T11323] imon:send_packet: packet tx failed (-71)
[  676.521841][T11323] imon 13-1:0.0: remote input dev register failed
[  676.524841][T11323] imon 13-1:0.0: imon_init_intf0: rc device setup failed
[  676.568742][T11323] imon 13-1:0.0: unable to initialize intf0, err 0
[  676.571682][T11323] imon:imon_probe: failed to initialize context!
[  676.574473][T11323] imon 13-1:0.0: unable to register, err -19
[  676.579798][T11323] usb 13-1: USB disconnect, device number 6
[  676.681881][T16202] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(6)
[  676.684796][T16202] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  676.692128][T16202] vhci_hcd vhci_hcd.0: Device attached
[  676.741338][   T40] kauditd_printk_skb: 10 callbacks suppressed
[  676.741357][   T40] audit: type=1326 audit(1773754686.875:3397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16196 comm="syz.8.2903" exe="/syz-executor" sig=31 arch=40000003 syscall=20 compat=1 ip=0xf707ef6c code=0x0
[  676.992152][T11323] usb 54-1: SetAddress Request (2) to port 0
[  676.994248][T11323] usb 54-1: new SuperSpeed USB device number 2 using vhci_hcd
[  677.176557][T16212] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2907'.
[  677.272180][T16223] : entered promiscuous mode
[  677.293646][T16225] netlink: 348 bytes leftover after parsing attributes in process `syz.5.2912'.
[  677.443104][T16203] vhci_hcd: connection reset by peer
[  677.445086][  T191] vhci_hcd vhci_hcd.8: stop threads
[  677.451451][  T191] vhci_hcd vhci_hcd.8: release socket
[  677.458077][  T191] vhci_hcd vhci_hcd.8: disconnect device
[  677.474852][T16226] 9p: Bad value for 'rfdno'
[  677.692758][T16234] FAULT_INJECTION: forcing a failure.
[  677.692758][T16234] name failslab, interval 1, probability 0, space 0, times 0
[  677.696948][T16234] CPU: 2 UID: 0 PID: 16234 Comm: syz.5.2916 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  677.696975][T16234] Tainted: [L]=SOFTLOCKUP
[  677.696981][T16234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  677.696991][T16234] Call Trace:
[  677.696999][T16234]  <TASK>
[  677.697006][T16234]  dump_stack_lvl+0x100/0x190
[  677.697036][T16234]  should_fail_ex.cold+0x5/0xa
[  677.697057][T16234]  ? tomoyo_realpath_from_path+0xb6/0x690
[  677.697078][T16234]  should_failslab+0xc2/0x120
[  677.697097][T16234]  __kmalloc_noprof+0xe0/0x850
[  677.697142][T16234]  tomoyo_realpath_from_path+0xb6/0x690
[  677.697174][T16234]  tomoyo_path_number_perm+0x23c/0x580
[  677.697192][T16234]  ? tomoyo_path_number_perm+0x22e/0x580
[  677.697214][T16234]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  677.697254][T16234]  ? find_held_lock+0x2b/0x80
[  677.697272][T16234]  ? hook_file_ioctl_common+0x146/0x410
[  677.697289][T16234]  ? __fget_files+0x215/0x3d0
[  677.697310][T16234]  ? __fget_files+0x21f/0x3d0
[  677.697331][T16234]  security_file_ioctl_compat+0xd3/0x230
[  677.697350][T16234]  __ia32_compat_sys_ioctl+0xc2/0x360
[  677.697382][T16234]  __do_fast_syscall_32+0xe3/0x8c0
[  677.697411][T16234]  do_fast_syscall_32+0x32/0x70
[  677.697432][T16234]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  677.697454][T16234] RIP: 0023:0xf6ffef6c
[  677.697469][T16234] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  677.697484][T16234] RSP: 002b:00000000f53ed50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  677.697499][T16234] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004b72
[  677.697510][T16234] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[  677.697522][T16234] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  677.697531][T16234] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  677.697540][T16234] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  677.697555][T16234]  </TASK>
[  677.834721][T16234] ERROR: Out of memory at tomoyo_realpath_from_path.
[  677.904850][T16236] syzkaller1: entered promiscuous mode
[  677.906661][T16236] syzkaller1: entered allmulticast mode
[  678.530776][ T1325] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[  679.342923][ T1325] usb 10-1: Using ep0 maxpacket: 8
[  679.359829][ T1325] usb 10-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  679.363502][ T1325] usb 10-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  679.367856][ T1325] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  679.372314][ T1325] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  679.400366][ T1325] usbtmc 10-1:16.0: bulk endpoints not found
[  679.456798][T16259] syzkaller1: entered promiscuous mode
[  679.458594][T16259] syzkaller1: entered allmulticast mode
[  679.812686][T16273] siw: device registration error -23
[  679.898603][T16273] 9pnet_virtio: no channels available for device syz
[  680.386484][T16280] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2935'.
[  681.775091][T16280] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  681.795039][    T9] usb 10-1: USB disconnect, device number 12
[  681.836052][T16284] syzkaller1: entered promiscuous mode
[  681.838081][T16284] syzkaller1: entered allmulticast mode
[  681.906856][T16280] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  682.021737][T16280] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  682.061103][   T40] audit: type=1326 audit(1773754691.854:3398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16287 comm="syz.5.2938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  682.078916][   T40] audit: type=1326 audit(1773754691.854:3399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16287 comm="syz.5.2938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  682.087492][   T40] audit: type=1326 audit(1773754691.854:3400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16287 comm="syz.5.2938" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  682.109446][   T40] audit: type=1326 audit(1773754691.854:3401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16287 comm="syz.5.2938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  682.122864][   T40] audit: type=1326 audit(1773754691.854:3402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16287 comm="syz.5.2938" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  682.133529][   T40] audit: type=1326 audit(1773754691.854:3403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16287 comm="syz.5.2938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  682.143114][   T40] audit: type=1326 audit(1773754691.854:3404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16287 comm="syz.5.2938" exe="/syz-executor" sig=0 arch=40000003 syscall=103 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  682.146044][T16280] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  682.152495][   T40] audit: type=1326 audit(1773754691.891:3405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16287 comm="syz.5.2938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  682.165836][   T40] audit: type=1326 audit(1773754691.901:3406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16287 comm="syz.5.2938" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  682.338056][   T89] netdevsim netdevsim7 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  682.344776][   T89] netdevsim netdevsim7 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  682.352487][   T89] netdevsim netdevsim7 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  682.359510][   T89] netdevsim netdevsim7 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  682.368109][T16298] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2943'.
[  682.376180][T16298] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2943'.
[  682.388718][T11323] usb 54-1: device descriptor read/8, error -110
[  682.401063][T16298] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2943'.
[  682.816605][T11323] usb usb54-port1: attempt power cycle
[  683.111876][T16307] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  683.114707][T16307] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  683.117824][T16307] vhci_hcd vhci_hcd.0: Device attached
[  683.202599][T16307] macvlan2: entered promiscuous mode
[  683.204658][T16307] bridge0: entered promiscuous mode
[  683.318167][ T1325] usb 12-1: new high-speed USB device number 6 using dummy_hcd
[  683.404486][   T34] usb 48-1: SetAddress Request (14) to port 0
[  683.410046][   T34] usb 48-1: new SuperSpeed USB device number 14 using vhci_hcd
[  683.414914][T11323] usb usb54-port1: unable to enumerate USB device
[  683.489482][ T1325] usb 12-1: Using ep0 maxpacket: 8
[  683.492733][ T1325] usb 12-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  683.496125][ T1325] usb 12-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  683.500478][ T1325] usb 12-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  683.510539][ T1325] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  683.523520][ T1325] usbtmc 12-1:16.0: bulk endpoints not found
[  683.653404][T16308] vhci_hcd: connection reset by peer
[  683.655459][   T59] vhci_hcd vhci_hcd.5: stop threads
[  683.657303][   T59] vhci_hcd vhci_hcd.5: release socket
[  683.659380][   T59] vhci_hcd vhci_hcd.5: disconnect device
[  684.015255][T16326] usb usb8: usbfs: process 16326 (syz.8.2951) did not claim interface 0 before use
[  686.287803][ T1325] usb 12-1: USB disconnect, device number 6
[  686.537570][T16362] syzkaller1: entered promiscuous mode
[  686.540043][T16362] syzkaller1: entered allmulticast mode
[  686.898748][T16368] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  686.901649][T16368] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  686.940495][T16368] vhci_hcd vhci_hcd.0: Device attached
[  687.402436][T16368] macvlan3: entered promiscuous mode
[  687.509744][T16379] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(6)
[  687.512605][T16379] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  687.516626][T16379] vhci_hcd vhci_hcd.0: Device attached
[  687.607877][T16379] bridge0: entered promiscuous mode
[  687.610040][T16379] macvlan2: entered promiscuous mode
[  687.816966][ T5981] usb 52-1: SetAddress Request (3) to port 0
[  687.824725][ T5981] usb 52-1: new SuperSpeed USB device number 3 using vhci_hcd
[  688.138053][T16383] bond1: option arp_interval: invalid value (18446744073709551615)
[  688.141557][T16383] bond1: option arp_interval: allowed values 0 - 2147483647
[  688.147502][T16383] bond1 (unregistering): Released all slaves
[  688.347428][T16370] vhci_hcd: connection closed
[  688.370012][   T89] vhci_hcd vhci_hcd.5: stop threads
[  688.375580][   T89] vhci_hcd vhci_hcd.5: release socket
[  688.470364][T16380] vhci_hcd: connection reset by peer
[  688.693185][   T89] vhci_hcd vhci_hcd.5: disconnect device
[  688.695850][   T89] vhci_hcd vhci_hcd.7: stop threads
[  688.698028][   T89] vhci_hcd vhci_hcd.7: release socket
[  688.700700][   T89] vhci_hcd vhci_hcd.7: disconnect device
[  688.789402][   T34] usb 48-1: device descriptor read/8, error -110
[  689.699135][   T34] usb usb48-port1: attempt power cycle
[  690.185040][  T829] libceph: connect (1)[c::]:6789 error -101
[  690.187762][  T829] libceph: mon0 (1)[c::]:6789 connect error
[  690.239841][T16401] ceph: No mds server is up or the cluster is laggy
[  690.329207][   T34] usb usb48-port1: unable to enumerate USB device
[  690.425012][T16413] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2974'.
[  690.516295][T16418] syzkaller1: entered promiscuous mode
[  690.518115][T16418] syzkaller1: entered allmulticast mode
[  690.847857][   T34] hid-generic 0103:0004:0000.0007: unknown main item tag 0x0
[  690.851865][   T34] hid-generic 0103:0004:0000.0007: unknown main item tag 0x0
[  690.854330][   T34] hid-generic 0103:0004:0000.0007: unknown main item tag 0x0
[  690.856719][   T34] hid-generic 0103:0004:0000.0007: unknown main item tag 0x0
[  690.859077][   T34] hid-generic 0103:0004:0000.0007: unknown main item tag 0x0
[  690.861490][   T34] hid-generic 0103:0004:0000.0007: unknown main item tag 0x0
[  690.864066][   T34] hid-generic 0103:0004:0000.0007: unknown main item tag 0x0
[  690.866441][   T34] hid-generic 0103:0004:0000.0007: unknown main item tag 0x0
[  690.868837][   T34] hid-generic 0103:0004:0000.0007: unknown main item tag 0x0
[  690.871225][   T34] hid-generic 0103:0004:0000.0007: unknown main item tag 0x0
[  690.879831][   T34] hid-generic 0103:0004:0000.0007: hidraw1: <UNKNOWN> HID v0.02 Device [syz0] on syz1
[  690.963384][T16426] fido_id[16426]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  691.093598][T16430] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2980'.
[  691.658147][T16437] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(6)
[  691.658174][T16437] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  691.658428][T16437] vhci_hcd vhci_hcd.0: Device attached
[  691.833413][   T40] audit: type=1326 audit(1773754700.931:3407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.4.2981" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  691.842276][   T40] audit: type=1326 audit(1773754700.931:3408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.4.2981" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  691.851416][   T40] audit: type=1326 audit(1773754700.941:3409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.4.2981" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  691.860178][   T40] audit: type=1326 audit(1773754700.941:3410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.4.2981" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  691.888610][   T40] audit: type=1326 audit(1773754700.941:3411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.4.2981" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  691.906916][   T40] audit: type=1326 audit(1773754700.941:3412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.4.2981" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  691.915509][   T40] audit: type=1326 audit(1773754700.950:3413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.4.2981" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  691.952620][   T34] usb 54-1: SetAddress Request (6) to port 0
[  691.956596][   T34] usb 54-1: new SuperSpeed USB device number 6 using vhci_hcd
[  691.958024][   T40] audit: type=1326 audit(1773754700.950:3414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.4.2981" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  691.970227][   T40] audit: type=1326 audit(1773754700.959:3415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.4.2981" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  691.978335][   T40] audit: type=1326 audit(1773754700.969:3416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16440 comm="syz.4.2981" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  692.266326][T16445] vhci_hcd: connection reset by peer
[  692.269181][   T13] vhci_hcd vhci_hcd.8: stop threads
[  692.271577][   T13] vhci_hcd vhci_hcd.8: release socket
[  692.277530][   T13] vhci_hcd vhci_hcd.8: disconnect device
[  692.360029][T16457] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  692.363033][T16457] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  692.368248][T16457] vhci_hcd vhci_hcd.0: Device attached
[  692.685351][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  692.688995][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  692.689783][  T829] usb 47-1: new low-speed USB device number 2 using vhci_hcd
[  692.774504][T16467] ������: renamed from vlan0 (while UP)
[  693.245750][ T5981] usb 52-1: device descriptor read/8, error -110
[  693.453689][T16479] netlink: 'syz.7.2990': attribute type 39 has an invalid length.
[  693.674279][ T5981] usb usb52-port1: attempt power cycle
[  694.078974][T16458] vhci_hcd: connection reset by peer
[  694.083107][  T191] vhci_hcd vhci_hcd.5: stop threads
[  694.085330][  T191] vhci_hcd vhci_hcd.5: release socket
[  694.087975][  T191] vhci_hcd vhci_hcd.5: disconnect device
[  694.292433][ T5981] usb usb52-port1: unable to enumerate USB device
[  694.349053][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  696.581109][T13908] Bluetooth: hci2: command 0x0406 tx timeout
[  697.349110][   T34] usb 54-1: device descriptor read/8, error -110
[  697.788440][   T34] usb usb54-port1: attempt power cycle
[  698.193183][  T829] vhci_hcd vhci_hcd.5: vhci_device speed not set
[  698.255147][T16531] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(12)
[  698.257327][T16531] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  698.262530][T16531] vhci_hcd vhci_hcd.0: Device attached
[  698.482530][   T34] usb usb54-port1: unable to enumerate USB device
[  698.487473][T16532] vhci_hcd: connection closed
[  698.489219][  T191] vhci_hcd vhci_hcd.4: stop threads
[  698.493573][  T191] vhci_hcd vhci_hcd.4: release socket
[  698.496086][  T191] vhci_hcd vhci_hcd.4: disconnect device
[  699.231971][T16537] syzkaller1: entered promiscuous mode
[  699.234466][T16537] syzkaller1: entered allmulticast mode
[  699.834506][   T40] kauditd_printk_skb: 20 callbacks suppressed
[  699.834525][   T40] audit: type=1326 audit(1773754708.483:3437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16547 comm="syz.5.3011" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  699.847715][   T40] audit: type=1326 audit(1773754708.483:3438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16547 comm="syz.5.3011" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7135cab code=0x7ffc0000
[  699.914054][   T40] audit: type=1326 audit(1773754708.483:3439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16547 comm="syz.5.3011" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  699.923633][   T40] audit: type=1326 audit(1773754708.483:3440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16547 comm="syz.5.3011" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  699.933144][   T40] audit: type=1326 audit(1773754708.483:3441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16547 comm="syz.5.3011" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  699.942160][   T40] audit: type=1326 audit(1773754708.483:3442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16547 comm="syz.5.3011" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7135cab code=0x7ffc0000
[  699.951618][   T40] audit: type=1326 audit(1773754708.483:3443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16547 comm="syz.5.3011" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6ffef6c code=0x7ffc0000
[  699.960619][   T40] audit: type=1326 audit(1773754708.483:3444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16547 comm="syz.5.3011" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7135cab code=0x7ffc0000
[  699.970077][   T40] audit: type=1326 audit(1773754708.483:3445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16547 comm="syz.5.3011" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7135cab code=0x7ffc0000
[  699.979866][   T40] audit: type=1326 audit(1773754708.483:3446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16547 comm="syz.5.3011" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf7135cab code=0x7ffc0000
[  701.999617][T16569] FAULT_INJECTION: forcing a failure.
[  701.999617][T16569] name failslab, interval 1, probability 0, space 0, times 0
[  702.004935][T16569] CPU: 0 UID: 0 PID: 16569 Comm: syz.4.3015 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  702.004960][T16569] Tainted: [L]=SOFTLOCKUP
[  702.004967][T16569] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  702.004977][T16569] Call Trace:
[  702.004984][T16569]  <TASK>
[  702.004991][T16569]  dump_stack_lvl+0x100/0x190
[  702.005013][T16569]  should_fail_ex.cold+0x5/0xa
[  702.005026][T16569]  ? tomoyo_realpath_from_path+0xb6/0x690
[  702.005040][T16569]  should_failslab+0xc2/0x120
[  702.005052][T16569]  __kmalloc_noprof+0xe0/0x850
[  702.005074][T16569]  tomoyo_realpath_from_path+0xb6/0x690
[  702.005101][T16569]  tomoyo_path_number_perm+0x23c/0x580
[  702.005119][T16569]  ? tomoyo_path_number_perm+0x22e/0x580
[  702.005138][T16569]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  702.005181][T16569]  ? find_held_lock+0x2b/0x80
[  702.005197][T16569]  ? hook_file_ioctl_common+0x146/0x410
[  702.005214][T16569]  ? __fget_files+0x215/0x3d0
[  702.005231][T16569]  ? __fget_files+0x21f/0x3d0
[  702.005243][T16569]  security_file_ioctl_compat+0xd3/0x230
[  702.005265][T16569]  __ia32_compat_sys_ioctl+0xc2/0x360
[  702.005292][T16569]  __do_fast_syscall_32+0xe3/0x8c0
[  702.005319][T16569]  do_fast_syscall_32+0x32/0x70
[  702.005342][T16569]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  702.005363][T16569] RIP: 0023:0xf700ef6c
[  702.005377][T16569] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  702.005393][T16569] RSP: 002b:00000000f53dc50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  702.005409][T16569] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000400448c8
[  702.005420][T16569] RDX: 0000000080000280 RSI: 0000000000000000 RDI: 0000000000000000
[  702.005430][T16569] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  702.005439][T16569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  702.005449][T16569] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  702.005472][T16569]  </TASK>
[  702.005478][T16569] ERROR: Out of memory at tomoyo_realpath_from_path.
[  703.354481][ T5981] usb 13-1: new high-speed USB device number 7 using dummy_hcd
[  703.539496][ T5981] usb 13-1: Using ep0 maxpacket: 8
[  703.542595][ T5981] usb 13-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  703.546035][ T5981] usb 13-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  703.551819][ T5981] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  703.554851][ T5981] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  703.564758][ T5981] usbtmc 13-1:16.0: bulk endpoints not found
[  705.453904][T16615] bridge0: left promiscuous mode
[  706.311019][   T34] usb 13-1: USB disconnect, device number 7
[  706.414818][   T40] kauditd_printk_skb: 47 callbacks suppressed
[  706.414836][   T40] audit: type=1326 audit(1773754714.650:3494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16632 comm="syz.8.3034" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  706.429221][   T40] audit: type=1326 audit(1773754714.650:3495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16632 comm="syz.8.3034" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  706.445114][   T40] audit: type=1326 audit(1773754714.659:3496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16632 comm="syz.8.3034" exe="/syz-executor" sig=0 arch=40000003 syscall=51 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  706.480522][   T40] audit: type=1326 audit(1773754714.659:3497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16632 comm="syz.8.3034" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  706.501828][   T40] audit: type=1326 audit(1773754714.659:3498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16632 comm="syz.8.3034" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  706.516947][   T40] audit: type=1326 audit(1773754714.659:3499): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16632 comm="syz.8.3034" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  706.539150][   T40] audit: type=1326 audit(1773754714.659:3500): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16632 comm="syz.8.3034" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  706.552654][   T40] audit: type=1326 audit(1773754714.659:3501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16632 comm="syz.8.3034" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  706.565073][   T40] audit: type=1326 audit(1773754714.669:3502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16632 comm="syz.8.3034" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  706.576998][   T40] audit: type=1326 audit(1773754714.669:3503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16632 comm="syz.8.3034" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  706.593722][T16635] netlink: 24 bytes leftover after parsing attributes in process `syz.8.3034'.
[  708.284890][T16647] fuse: Bad value for 'fd'
[  709.416361][T16665] fuse: Bad value for 'fd'
[  711.776186][T16686] netlink: 12 bytes leftover after parsing attributes in process `syz.7.3050'.
[  711.801579][T16698] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  711.807931][T16698] block device autoloading is deprecated and will be removed.
[  711.851246][T16686] bridge2: port 1(veth3) entered blocking state
[  711.854371][T16686] bridge2: port 1(veth3) entered disabled state
[  711.857355][T16686] veth3: entered allmulticast mode
[  711.861806][T16686] veth3: entered promiscuous mode
[  714.764869][T16746] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3061'.
[  714.806011][T16746] bridge_slave_1: left allmulticast mode
[  714.816487][T16746] bridge_slave_1: left promiscuous mode
[  714.818467][T16746] bridge0: port 2(bridge_slave_1) entered disabled state
[  714.839604][T16746] bridge_slave_0: left allmulticast mode
[  714.842760][T16746] bridge_slave_0: left promiscuous mode
[  714.845737][T16746] bridge0: port 1(bridge_slave_0) entered disabled state
[  715.383734][T16754] binder: 16753:16754 ioctl c018620c 80000900 returned -1
[  715.600466][   T40] kauditd_printk_skb: 93 callbacks suppressed
[  715.600482][   T40] audit: type=1326 audit(1773754723.241:3597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16749 comm="syz.7.3063" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[  715.643847][   T40] audit: type=1326 audit(1773754723.241:3598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16749 comm="syz.7.3063" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[  715.652368][   T40] audit: type=1326 audit(1773754723.250:3599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16749 comm="syz.7.3063" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70aef6c code=0x7ffc0000
[  715.673370][   T40] audit: type=1326 audit(1773754723.250:3600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16749 comm="syz.7.3063" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[  715.686085][   T40] audit: type=1326 audit(1773754723.250:3601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16749 comm="syz.7.3063" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[  715.695602][   T40] audit: type=1326 audit(1773754723.259:3602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16749 comm="syz.7.3063" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70aef6c code=0x7ffc0000
[  715.704373][   T40] audit: type=1326 audit(1773754723.259:3603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16749 comm="syz.7.3063" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[  715.714322][   T40] audit: type=1326 audit(1773754723.259:3604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16749 comm="syz.7.3063" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[  715.748765][   T40] audit: type=1326 audit(1773754723.269:3605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16749 comm="syz.7.3063" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70aef6c code=0x7ffc0000
[  715.756262][   T40] audit: type=1326 audit(1773754723.278:3606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16749 comm="syz.7.3063" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70aef6c code=0x7ffc0000
[  719.227462][T16798] netlink: 27 bytes leftover after parsing attributes in process `syz.7.3076'.
[  719.858679][T16820] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  719.916341][T16820] overlayfs: failed lookup in lower (/, name='tracing', err=-66): unsupported object type
[  719.922483][T16820] overlayfs: failed to look up (tracing) for ino (-66)
[  720.950695][   T40] kauditd_printk_skb: 19 callbacks suppressed
[  720.950711][   T40] audit: type=1326 audit(1773754728.247:3626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16821 comm="syz.4.3081" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  721.274885][   T40] audit: type=1326 audit(1773754728.247:3627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16821 comm="syz.4.3081" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  721.296459][   T40] audit: type=1326 audit(1773754728.257:3628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16821 comm="syz.4.3081" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  721.304576][   T40] audit: type=1326 audit(1773754728.257:3629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16821 comm="syz.4.3081" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  721.339886][   T40] audit: type=1326 audit(1773754728.257:3630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16821 comm="syz.4.3081" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  721.349219][   T40] audit: type=1326 audit(1773754728.257:3631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16821 comm="syz.4.3081" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  721.358796][   T40] audit: type=1326 audit(1773754728.266:3632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16821 comm="syz.4.3081" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  721.373533][   T40] audit: type=1326 audit(1773754728.266:3633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16821 comm="syz.4.3081" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  721.385070][   T40] audit: type=1326 audit(1773754728.266:3634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16821 comm="syz.4.3081" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  721.395315][   T40] audit: type=1326 audit(1773754728.266:3635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16821 comm="syz.4.3081" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  722.907796][T16847] Bluetooth: MGMT ver 1.23
[  723.316082][ T5981] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[  723.476263][ T5981] usb 10-1: Using ep0 maxpacket: 8
[  723.479547][ T5981] usb 10-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  723.483042][ T5981] usb 10-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  723.488527][ T5981] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  723.492025][ T5981] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  723.507741][ T5981] usbtmc 10-1:16.0: bulk endpoints not found
[  726.309858][ T5981] usb 10-1: USB disconnect, device number 13
[  726.374509][T16899] vhci_hcd vhci_hcd.0: pdev(8) rhport(0) sockfd(6)
[  726.377266][T16899] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  726.380519][T16899] vhci_hcd vhci_hcd.0: Device attached
[  726.628862][ T5981] usb 53-1: new low-speed USB device number 3 using vhci_hcd
[  726.690627][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  726.694319][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  727.412962][T16900] vhci_hcd: connection reset by peer
[  727.441663][   T13] vhci_hcd vhci_hcd.8: stop threads
[  727.445333][   T13] vhci_hcd vhci_hcd.8: release socket
[  727.448398][   T13] vhci_hcd vhci_hcd.8: disconnect device
[  727.842666][T16928] overlayfs: failed to resolve './file2': -2
[  728.088805][   T40] kauditd_printk_skb: 47 callbacks suppressed
[  728.088816][   T40] audit: type=1326 audit(1773754734.929:3683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16931 comm="syz.4.3112" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  728.101931][   T40] audit: type=1326 audit(1773754734.929:3684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16931 comm="syz.4.3112" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  728.111526][   T40] audit: type=1326 audit(1773754734.938:3685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16931 comm="syz.4.3112" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7145cab code=0x7ffc0000
[  728.120480][   T40] audit: type=1326 audit(1773754734.938:3686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16931 comm="syz.4.3112" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  728.130969][   T40] audit: type=1326 audit(1773754734.938:3687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16931 comm="syz.4.3112" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  728.139438][   T40] audit: type=1326 audit(1773754734.938:3688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16931 comm="syz.4.3112" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  728.149029][   T40] audit: type=1326 audit(1773754734.938:3689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16931 comm="syz.4.3112" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7145cab code=0x7ffc0000
[  728.157095][   T40] audit: type=1326 audit(1773754734.938:3690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16931 comm="syz.4.3112" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  728.164388][   T40] audit: type=1326 audit(1773754734.938:3691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16931 comm="syz.4.3112" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  728.172277][   T40] audit: type=1326 audit(1773754734.957:3692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16931 comm="syz.4.3112" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf700ef6c code=0x7ffc0000
[  728.359829][   T34] usb 10-1: new low-speed USB device number 14 using dummy_hcd
[  728.532466][   T34] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  728.535169][   T34] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  728.539134][   T34] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  728.543721][   T34] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  728.547662][   T34] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  728.552725][   T34] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  728.555681][   T34] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  728.560312][   T34] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  728.565197][   T34] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  728.568832][   T34] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  728.573739][   T34] usb 10-1: config 168 descriptor has 1 excess byte, ignoring
[  728.576666][   T34] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[  728.580429][   T34] usb 10-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  728.585097][   T34] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  728.589267][   T34] usb 10-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[  728.609172][   T34] usb 10-1: string descriptor 0 read error: -22
[  728.611387][   T34] usb 10-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  728.618934][   T34] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  728.630062][   T34] adutux 10-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  728.750384][T16942] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3116'.
[  729.065356][T14419] usb 13-1: new high-speed USB device number 8 using dummy_hcd
[  729.236380][T14419] usb 13-1: Using ep0 maxpacket: 8
[  729.240104][T14419] usb 13-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  729.244241][T14419] usb 13-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  729.252940][T14419] usb 13-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  729.262857][T14419] usb 13-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  729.285288][T14419] usbtmc 13-1:16.0: bulk endpoints not found
[  730.771778][T16974] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3126'.
[  732.018036][   T34] usb 13-1: USB disconnect, device number 8
[  732.232196][T16996] syzkaller0: entered promiscuous mode
[  732.249551][T16992] sr 2:0:0:0: [sr0] CDROM not ready.  Make sure there is a disc in the drive.
[  732.370084][ T5981] vhci_hcd vhci_hcd.8: vhci_device speed not set
[  732.606563][  T829] libceph: connect (1)[c::]:6789 error -101
[  732.612062][  T829] libceph: mon0 (1)[c::]:6789 connect error
[  732.629349][T17000] ceph: No mds server is up or the cluster is laggy
[  733.112503][T17005] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3135'.
[  733.254604][  T829] usb 10-1: USB disconnect, device number 14
[  733.361675][T17011] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3137'.
[  733.458470][T17012] netlink: 4 bytes leftover after parsing attributes in process `syz.7.3136'.
[  733.469300][T17012] FAULT_INJECTION: forcing a failure.
[  733.469300][T17012] name failslab, interval 1, probability 0, space 0, times 0
[  733.473341][T17012] CPU: 2 UID: 0 PID: 17012 Comm: syz.7.3136 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  733.473358][T17012] Tainted: [L]=SOFTLOCKUP
[  733.473362][T17012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  733.473369][T17012] Call Trace:
[  733.473374][T17012]  <TASK>
[  733.473379][T17012]  dump_stack_lvl+0x100/0x190
[  733.473399][T17012]  should_fail_ex.cold+0x5/0xa
[  733.473413][T17012]  should_failslab+0xc2/0x120
[  733.473425][T17012]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  733.473441][T17012]  ? dst_alloc+0x99/0x1a0
[  733.473457][T17012]  dst_alloc+0x99/0x1a0
[  733.473471][T17012]  xfrm_lookup_with_ifid+0xb4e/0x1ce0
[  733.473488][T17012]  ? __pfx_xfrm_lookup_with_ifid+0x10/0x10
[  733.473508][T17012]  xfrm_lookup_route+0x3b/0x200
[  733.473522][T17012]  ip_route_output_flow+0x11e/0x150
[  733.473536][T17012]  udp_sendmsg+0x1a77/0x2890
[  733.473553][T17012]  ? __pfx_ip_generic_getfrag+0x10/0x10
[  733.473571][T17012]  ? __pfx_udp_sendmsg+0x10/0x10
[  733.473586][T17012]  ? mark_held_locks+0x40/0x70
[  733.473611][T17012]  ? aa_sk_perm+0x309/0xaa0
[  733.473631][T17012]  ? __pfx_udp_sendmsg+0x10/0x10
[  733.473647][T17012]  inet_sendmsg+0x105/0x140
[  733.473659][T17012]  ____sys_sendmsg+0x98d/0xb70
[  733.473669][T17012]  ? __pfx_inet_sendmsg+0x10/0x10
[  733.473681][T17012]  ? __pfx_____sys_sendmsg+0x10/0x10
[  733.473691][T17012]  ? _parse_integer_limit+0x17f/0x1d0
[  733.473709][T17012]  ? _kstrtoull+0x13c/0x1f0
[  733.473723][T17012]  ? __pfx__kstrtoull+0x10/0x10
[  733.473740][T17012]  ___sys_sendmsg+0x190/0x1e0
[  733.473753][T17012]  ? __pfx____sys_sendmsg+0x10/0x10
[  733.473764][T17012]  ? __lock_acquire+0x4a5/0x2630
[  733.473783][T17012]  ? find_held_lock+0x2b/0x80
[  733.473801][T17012]  __sys_sendmmsg+0x2ff/0x430
[  733.473819][T17012]  ? __pfx___sys_sendmmsg+0x10/0x10
[  733.473838][T17012]  ? __fget_files+0x215/0x3d0
[  733.473855][T17012]  ? fput+0x79/0x100
[  733.473867][T17012]  ? ksys_write+0x1ac/0x250
[  733.473877][T17012]  ? __pfx_ksys_write+0x10/0x10
[  733.473888][T17012]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  733.473903][T17012]  ? lockdep_hardirqs_on+0x78/0x100
[  733.473919][T17012]  __do_fast_syscall_32+0xe3/0x8c0
[  733.473950][T17012]  do_fast_syscall_32+0x32/0x70
[  733.473968][T17012]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  733.473982][T17012] RIP: 0023:0xf70aef6c
[  733.473991][T17012] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  733.474001][T17012] RSP: 002b:00000000f545b50c EFLAGS: 00000292 ORIG_RAX: 0000000000000159
[  733.474012][T17012] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080004d00
[  733.474018][T17012] RDX: 0000000000000300 RSI: 0000000000000f1c RDI: 0000000000000000
[  733.474024][T17012] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  733.474030][T17012] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  733.474036][T17012] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  733.474050][T17012]  </TASK>
[  733.590975][   T40] kauditd_printk_skb: 76 callbacks suppressed
[  733.590994][   T40] audit: type=1326 audit(1773754740.076:3769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17015 comm="syz.8.3138" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  733.603366][   T40] audit: type=1326 audit(1773754740.076:3770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17015 comm="syz.8.3138" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  733.611839][   T40] audit: type=1326 audit(1773754740.094:3771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17015 comm="syz.8.3138" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf71b5cab code=0x7ffc0000
[  733.620534][   T40] audit: type=1326 audit(1773754740.094:3772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17015 comm="syz.8.3138" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  733.626861][   T40] audit: type=1326 audit(1773754740.094:3773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17015 comm="syz.8.3138" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  733.634077][   T40] audit: type=1326 audit(1773754740.094:3774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17015 comm="syz.8.3138" exe="/syz-executor" sig=0 arch=40000003 syscall=346 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  733.641234][   T40] audit: type=1326 audit(1773754740.094:3775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17015 comm="syz.8.3138" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf71b5cab code=0x7ffc0000
[  733.647814][   T40] audit: type=1326 audit(1773754740.094:3776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17015 comm="syz.8.3138" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  733.654560][   T40] audit: type=1326 audit(1773754740.094:3777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17015 comm="syz.8.3138" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  733.661442][   T40] audit: type=1326 audit(1773754740.113:3778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17015 comm="syz.8.3138" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  734.245007][T17014] netlink: 'syz.5.3137': attribute type 1 has an invalid length.
[  735.157921][T17029] dvmrp1: entered allmulticast mode
[  735.575242][T17037] fuse: Unknown parameter 'group_i00000000000000000000'
[  737.759722][T17060] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(6)
[  737.762622][T17060] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  737.768068][T17060] vhci_hcd vhci_hcd.0: Device attached
[  737.908041][T17064] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  737.910932][T17064] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  737.940456][T17064] vhci_hcd vhci_hcd.0: Device attached
[  738.021413][ T1177] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  738.024956][ T1177] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  738.042353][   T34] usb 51-1: new low-speed USB device number 2 using vhci_hcd
[  738.190915][ T6042] usb 45-1: new low-speed USB device number 4 using vhci_hcd
[  738.551094][T17061] vhci_hcd: connection reset by peer
[  738.554575][   T12] vhci_hcd vhci_hcd.7: stop threads
[  738.556608][   T12] vhci_hcd vhci_hcd.7: release socket
[  738.563174][   T12] vhci_hcd vhci_hcd.7: disconnect device
[  739.415391][T17065] vhci_hcd: connection reset by peer
[  739.417983][   T59] vhci_hcd vhci_hcd.4: stop threads
[  739.420016][   T59] vhci_hcd vhci_hcd.4: release socket
[  739.422085][   T59] vhci_hcd vhci_hcd.4: disconnect device
[  739.753711][T17084] fuse: Unknown parameter 'group_i00000000000000000000'
[  741.572762][   T40] kauditd_printk_skb: 80 callbacks suppressed
[  741.572773][   T40] audit: type=1326 audit(1773754747.543:3859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.8.3160" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  741.581666][   T40] audit: type=1326 audit(1773754747.543:3860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.8.3160" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  741.588456][   T40] audit: type=1326 audit(1773754747.553:3861): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.8.3160" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  741.598276][   T40] audit: type=1326 audit(1773754747.553:3862): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.8.3160" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf71b5cab code=0x7ffc0000
[  741.612019][   T40] audit: type=1326 audit(1773754747.553:3863): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.8.3160" exe="/syz-executor" sig=0 arch=40000003 syscall=102 compat=1 ip=0xf71b5cab code=0x7ffc0000
[  741.619760][   T40] audit: type=1326 audit(1773754747.553:3864): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.8.3160" exe="/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  741.629051][   T40] audit: type=1326 audit(1773754747.553:3865): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.8.3160" exe="/syz-executor" sig=0 arch=40000003 syscall=91 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  741.636155][   T40] audit: type=1326 audit(1773754747.553:3866): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.8.3160" exe="/syz-executor" sig=0 arch=40000003 syscall=91 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  741.645042][   T40] audit: type=1326 audit(1773754747.553:3867): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.8.3160" exe="/syz-executor" sig=0 arch=40000003 syscall=125 compat=1 ip=0xf707ef6c code=0x7ffc0000
[  741.651761][   T40] audit: type=1326 audit(1773754747.553:3868): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17102 comm="syz.8.3160" exe="/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf71b5cab code=0x7ffc0000
[  741.746620][T17111] bridge0: port 2(bridge_slave_1) entered disabled state
[  741.749873][T17111] bridge0: port 1(bridge_slave_0) entered disabled state
[  741.789834][T17111] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  741.794769][T17111] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  741.854487][   T12] netdevsim netdevsim7 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[  741.858151][   T13] netdevsim netdevsim7 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[  741.863070][   T13] netdevsim netdevsim7 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[  741.872800][   T13] netdevsim netdevsim7 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[  743.492774][   T34] vhci_hcd vhci_hcd.7: vhci_device speed not set
[  743.673918][ T6042] vhci_hcd vhci_hcd.4: vhci_device speed not set
[  744.941213][T17136] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3168'.
[  745.641497][ T1325] usb 12-1: new high-speed USB device number 7 using dummy_hcd
[  745.790312][T17166] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  745.795193][T17166] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  745.812129][ T1325] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  745.816726][ T1325] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  745.822895][T17166] overlayfs: d_ino too big (., ino=4611686018427387905, xinobits=3)
[  745.826733][T17166] overlayfs: d_ino too big (.., ino=4611686018427387905, xinobits=3)
[  745.827473][ T1325] usb 12-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  745.830388][T17166] overlayfs: d_ino too big (445, ino=9223372036854778159, xinobits=3)
[  745.833390][ T1325] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  745.850926][ T1325] usb 12-1: config 0 descriptor??
[  745.864434][T17166] overlayfs: d_ino too big (syzcgroup, ino=9223372036854775816, xinobits=3)
[  745.874428][T17166] overlayfs: d_ino too big (syz-inputs, ino=9223372036854775815, xinobits=3)
[  745.885513][T17166] overlayfs: d_ino too big (sys, ino=9223372036854775814, xinobits=3)
[  745.889353][T17166] overlayfs: d_ino too big (selinux, ino=9223372036854775813, xinobits=3)
[  745.893401][T17166] overlayfs: d_ino too big (proc, ino=9223372036854775812, xinobits=3)
[  745.897408][T17166] overlayfs: d_ino too big (dev, ino=4611686018427387912, xinobits=3)
[  745.908057][T17166] overlayfs: d_ino too big (kernel, ino=4611686018427388466, xinobits=3)
[  746.150030][ T1325] usbhid 12-1:0.0: can't add hid device: -71
[  746.152090][ T1325] usbhid 12-1:0.0: probe with driver usbhid failed with error -71
[  746.161036][ T1325] usb 12-1: USB disconnect, device number 7
[  746.592859][T17181] kvm: requested 54476 ns i8254 timer period limited to 200000 ns
[  746.654479][ T1325] usb 12-1: new high-speed USB device number 8 using dummy_hcd
[  746.828696][ T1325] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  746.833504][ T1325] usb 12-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  746.842474][ T1325] usb 12-1: New USB device found, idVendor=097f, idProduct=3333, bcdDevice= 0.40
[  746.858631][ T1325] usb 12-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  746.865463][ T1325] usb 12-1: config 0 descriptor??
[  747.337756][ T1325] hid-generic 0003:097F:3333.0008: hidraw1: USB HID v0.00 Device [HID 097f:3333] on usb-dummy_hcd.7-1/input0
[  747.382730][T17203] syzkaller0: entered promiscuous mode
[  747.384962][T17203] syzkaller0: entered allmulticast mode
[  747.523991][ T5981] usb 12-1: USB disconnect, device number 8
[  748.151854][T17233] netlink: 136 bytes leftover after parsing attributes in process `syz.5.3205'.
[  748.155806][T17233] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check.
[  748.213148][T17236] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3206'.
[  748.873967][T17258] loop1: detected capacity change from 0 to 7
[  748.881477][    C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  748.884895][    C1] buffer_io_error: 11 callbacks suppressed
[  748.884910][    C1] Buffer I/O error on dev loop1, logical block 0, async page read
[  748.891700][    C1] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  748.894832][    C1] Buffer I/O error on dev loop1, logical block 0, async page read
[  748.897599][    C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  748.901645][    C0] Buffer I/O error on dev loop1, logical block 0, async page read
[  748.909386][    C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  748.913393][    C0] Buffer I/O error on dev loop1, logical block 0, async page read
[  748.917645][    C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  748.921767][    C0] Buffer I/O error on dev loop1, logical block 0, async page read
[  748.925252][    C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  748.929318][    C0] Buffer I/O error on dev loop1, logical block 0, async page read
[  748.938640][    C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  748.942706][    C0] Buffer I/O error on dev loop1, logical block 0, async page read
[  748.946168][T17258] ldm_validate_partition_table(): Disk read failed.
[  748.974797][T17259] 
[  748.975630][T17259] ======================================================
[  748.978236][T17259] WARNING: possible circular locking dependency detected
[  748.980574][T17259] syzkaller #0 Tainted: G             L     
[  748.982584][T17259] ------------------------------------------------------
[  748.985048][T17259] syz.5.3214/17259 is trying to acquire lock:
[  748.987040][T17259] ffff88801caf4220 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_iop_getattr+0x9c/0xf0
[  748.990389][T17259] 
[  748.990389][T17259] but task is already holding lock:
[  748.992803][T17259] ffff8880273e0060 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  748.996426][T17259] 
[  748.996426][T17259] which lock already depends on the new lock.
[  748.996426][T17259] 
[  748.999840][T17259] 
[  748.999840][T17259] the existing dependency chain (in reverse order) is:
[  749.003251][T17259] 
[  749.003251][T17259] -> #2 (&q->q_usage_counter(io)#18){++++}-{0:0}:
[  749.006221][T17259]        blk_alloc_queue+0x610/0x790
[  749.008116][T17259]        blk_mq_alloc_queue+0x174/0x290
[  749.009922][T17259]        __blk_mq_alloc_disk+0x29/0x120
[  749.011779][T17259]        loop_add+0x498/0xb60
[  749.013323][T17259]        loop_init+0x1d3/0x200
[  749.014898][T17259]        do_one_initcall+0x11d/0x760
[  749.016614][T17259]        kernel_init_freeable+0x6e5/0x7a0
[  749.018672][T17259]        kernel_init+0x1f/0x1e0
[  749.020338][T17259]        ret_from_fork+0x754/0xd80
[  749.022049][T17259]        ret_from_fork_asm+0x1a/0x30
[  749.023802][T17259] 
[  749.023802][T17259] -> #1 (fs_reclaim){+.+.}-{0:0}:
[  749.026126][T17259]        fs_reclaim_acquire+0xc4/0x100
[  749.028035][T17259]        kmem_cache_alloc_noprof+0x4c/0x6e0
[  749.029984][T17259]        __kernfs_iattrs+0x126/0x400
[  749.031757][T17259]        __kernfs_setattr+0x4d/0x3c0
[  749.033532][T17259]        kernfs_iop_setattr+0xda/0x130
[  749.035324][T17259]        notify_change+0xb25/0x1330
[  749.037064][T17259]        do_truncate+0x1df/0x240
[  749.038686][T17259]        path_openat+0x2a55/0x31a0
[  749.040362][T17259]        do_file_open+0x20e/0x430
[  749.041993][T17259]        do_sys_openat2+0x10d/0x1e0
[  749.043697][T17259]        __x64_sys_openat+0x12d/0x210
[  749.045487][T17259]        do_syscall_64+0x106/0xf80
[  749.047213][T17259]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  749.049274][T17259] 
[  749.049274][T17259] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}:
[  749.051993][T17259]        __lock_acquire+0x14b8/0x2630
[  749.053766][T17259]        lock_acquire+0x1cf/0x380
[  749.055409][T17259]        down_read+0x99/0x460
[  749.056943][T17259]        kernfs_iop_getattr+0x9c/0xf0
[  749.058709][T17259]        vfs_getattr_nosec+0x2d4/0x430
[  749.060474][T17259]        vfs_getattr+0x4a/0x60
[  749.062073][T17259]        loop_query_min_dio_size.isra.0+0x117/0x250
[  749.064212][T17259]        lo_ioctl+0x13aa/0x1bc0
[  749.065745][T17259]        lo_compat_ioctl+0xf3/0x160
[  749.067438][T17259]        compat_blkdev_ioctl+0x682/0x7b0
[  749.069180][T17259]        __ia32_compat_sys_ioctl+0x2cf/0x360
[  749.071114][T17259]        __do_fast_syscall_32+0xe3/0x8c0
[  749.072932][T17259]        do_fast_syscall_32+0x32/0x70
[  749.074681][T17259]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  749.076879][T17259] 
[  749.076879][T17259] other info that might help us debug this:
[  749.076879][T17259] 
[  749.080159][T17259] Chain exists of:
[  749.080159][T17259]   &root->kernfs_iattr_rwsem --> fs_reclaim --> &q->q_usage_counter(io)#18
[  749.080159][T17259] 
[  749.084728][T17259]  Possible unsafe locking scenario:
[  749.084728][T17259] 
[  749.087246][T17259]        CPU0                    CPU1
[  749.088936][T17259]        ----                    ----
[  749.090715][T17259]   lock(&q->q_usage_counter(io)#18);
[  749.092536][T17259]                                lock(fs_reclaim);
[  749.094787][T17259]                                lock(&q->q_usage_counter(io)#18);
[  749.097321][T17259]   rlock(&root->kernfs_iattr_rwsem);
[  749.099152][T17259] 
[  749.099152][T17259]  *** DEADLOCK ***
[  749.099152][T17259] 
[  749.101752][T17259] 3 locks held by syz.5.3214/17259:
[  749.103450][T17259]  #0: ffff888027593448 (&lo->lo_mutex){+.+.}-{4:4}, at: loop_global_lock_killable+0x30/0xb0
[  749.106702][T17259]  #1: ffff8880273e0060 (&q->q_usage_counter(io)#18){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  749.110448][T17259]  #2: ffff8880273e0098 (&q->q_usage_counter(queue)#2){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20
[  749.114260][T17259] 
[  749.114260][T17259] stack backtrace:
[  749.116191][T17259] CPU: 2 UID: 0 PID: 17259 Comm: syz.5.3214 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  749.116207][T17259] Tainted: [L]=SOFTLOCKUP
[  749.116211][T17259] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  749.116218][T17259] Call Trace:
[  749.116223][T17259]  <TASK>
[  749.116228][T17259]  dump_stack_lvl+0x100/0x190
[  749.116245][T17259]  print_circular_bug.cold+0x178/0x1c7
[  749.116263][T17259]  check_noncircular+0x146/0x160
[  749.116278][T17259]  __lock_acquire+0x14b8/0x2630
[  749.116295][T17259]  lock_acquire+0x1cf/0x380
[  749.116309][T17259]  ? kernfs_iop_getattr+0x9c/0xf0
[  749.116324][T17259]  ? __pfx___might_resched+0x10/0x10
[  749.116342][T17259]  down_read+0x99/0x460
[  749.116359][T17259]  ? kernfs_iop_getattr+0x9c/0xf0
[  749.116374][T17259]  ? find_held_lock+0x2b/0x80
[  749.116384][T17259]  ? __pfx_down_read+0x10/0x10
[  749.116402][T17259]  ? kernfs_root+0xee/0x2a0
[  749.116416][T17259]  kernfs_iop_getattr+0x9c/0xf0
[  749.116430][T17259]  vfs_getattr_nosec+0x2d4/0x430
[  749.116442][T17259]  ? __pfx_kernfs_iop_getattr+0x10/0x10
[  749.116458][T17259]  vfs_getattr+0x4a/0x60
[  749.116470][T17259]  loop_query_min_dio_size.isra.0+0x117/0x250
[  749.116485][T17259]  ? __pfx_loop_query_min_dio_size.isra.0+0x10/0x10
[  749.116505][T17259]  lo_ioctl+0x13aa/0x1bc0
[  749.116519][T17259]  ? __pfx_lo_ioctl+0x10/0x10
[  749.116535][T17259]  ? tomoyo_path_number_perm+0x46d/0x580
[  749.116547][T17259]  ? kasan_quarantine_put+0x104/0x240
[  749.116563][T17259]  ? blk_get_meta_cap+0xd4/0x6c0
[  749.116579][T17259]  ? __pfx_blk_get_meta_cap+0x10/0x10
[  749.116592][T17259]  ? find_held_lock+0x2b/0x80
[  749.116602][T17259]  ? tomoyo_path_number_perm+0x28f/0x580
[  749.116614][T17259]  ? blkdev_common_ioctl+0x515/0x2ba0
[  749.116630][T17259]  ? __pfx_blkdev_common_ioctl+0x10/0x10
[  749.116646][T17259]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  749.116664][T17259]  ? do_vfs_ioctl+0x226/0x13e0
[  749.116679][T17259]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  749.116695][T17259]  lo_compat_ioctl+0xf3/0x160
[  749.116710][T17259]  ? __pfx_lo_compat_ioctl+0x10/0x10
[  749.116724][T17259]  compat_blkdev_ioctl+0x682/0x7b0
[  749.116739][T17259]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  749.116755][T17259]  ? __pfx_compat_blkdev_ioctl+0x10/0x10
[  749.116770][T17259]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  749.116786][T17259]  __do_fast_syscall_32+0xe3/0x8c0
[  749.116802][T17259]  do_fast_syscall_32+0x32/0x70
[  749.116818][T17259]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  749.116832][T17259] RIP: 0023:0xf6ffef6c
[  749.116841][T17259] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  749.116851][T17259] RSP: 002b:00000000f53cc50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  749.116862][T17259] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004c06
[  749.116869][T17259] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000
[  749.116875][T17259] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  749.116881][T17259] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  749.116887][T17259] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  749.116897][T17259]  </TASK>
[  749.241387][    C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  749.244563][    C0] Buffer I/O error on dev loop1, logical block 0, async page read
[  749.250265][    C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  749.253509][    C0] Buffer I/O error on dev loop1, logical block 0, async page read
[  749.256828][    C0] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  749.260394][    C0] Buffer I/O error on dev loop1, logical block 0, async page read
[  749.266405][T17258] Dev loop1: unable to read RDB block 0
[  749.268688][T17258]  loop1: unable to read partition table
[  749.270688][T17258] loop1: partition table beyond EOD, truncated
[  749.272874][T17258] loop_reread_partitions: partition scan of loop1 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)
[  749.273885][T17157] ldm_validate_partition_table(): Disk read failed.
[  749.280446][T17157] Dev loop1: unable to read RDB block 0
[  749.282815][T17157]  loop1: unable to read partition table
[  749.285336][T17157] loop1: partition table beyond EOD, truncated
[  749.292505][T17259] ldm_validate_partition_table(): Disk read failed.
[  749.295257][T17259] Dev loop1: unable to read RDB block 0
[  749.297360][T17259]  loop1: unable to read partition table
[  749.299247][T17259] loop1: partition table beyond EOD, truncated
[  749.301285][T17259] loop_reread_partitions: partition scan of loop1 (���������C�j̖�P=ý?�}X���	���%��`��ր���{��֐�ȵ4FLQk݊) failed (rc=-5)