last executing test programs:

4.623832323s ago: executing program 0 (id=833):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x1000000, &(0x7f0000000580)})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000001a40)={0x4c, 0x0, &(0x7f0000001b40)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0})

4.623365833s ago: executing program 0 (id=834):
socket$inet_udplite(0x2, 0x2, 0x88)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x25dfdbfe, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3fff, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x12, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40, 0x0, 0x20000004, 0x2}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x1, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
r3 = fsmount(0xffffffffffffffff, 0x0, 0x70)
sendmsg$IPCTNL_MSG_EXP_GET_STATS_CPU(r3, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0x14, 0x3, 0x2, 0x201, 0x0, 0x0, {0x1, 0x0, 0x1}, ["", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x40d4}, 0x800)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', 0x0, 0x0, 0x0)
mount(0x0, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000200)='ext2\x00', 0x21000d, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x80800)
sendmmsg$alg(r4, &(0x7f00000002c0)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001ac0)=@delchain={0x558, 0x65, 0x200, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xd, 0xb}, {0xd, 0x7}, {0xfff1, 0x10}}, [@filter_kind_options=@f_basic={{0xa}, {0x528, 0x2, [@TCA_BASIC_ACT={0x404, 0x3, [@m_mpls={0x90, 0x20, 0x0, 0x0, {{0x9}, {0x24, 0x2, 0x0, 0x1, [@TCA_MPLS_PROTO={0x6, 0x4, 0x6001}, @TCA_MPLS_BOS={0x5, 0x8, 0x1}, @TCA_MPLS_TTL={0x5, 0x7, 0x1}, @TCA_MPLS_TTL={0x5, 0x7, 0x3}]}, {0x43, 0x6, "5fb01aa85ae08b968c00bfffa9e89177cea6b05f79fa50cf168b1400381fae59d7ae5028c2cb48e15c6bcaf1e5fb6095ce734de19f6c66aea5c4ada4cdb4d3"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2}}}}, @m_gact={0x8c, 0x1c, 0x0, 0x0, {{0x9}, {0x40, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x68, 0x0, 0x1, 0x9, 0xff}}, @TCA_GACT_PROB={0xc, 0x3, {0x2, 0xb58, 0x8}}, @TCA_GACT_PROB={0xc, 0x3, {0x1, 0x13d1, 0x6}}, @TCA_GACT_PROB={0xc, 0x3, {0x2, 0x1901, 0x7}}]}, {0x24, 0x6, "fffafc30f81308515ebdd7f07485c6ec3a46426887a0a9391c6cb55882e6bf25"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0xfbc90779a78df647}}}}, @m_connmark={0x2e4, 0x17, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3a63cb5b, 0x5, 0x10000000, 0xfffffc01, 0x401}, 0x3}}]}, {0x295, 0x6, "2582e759734971b2057b819d51f98c8c1b4cdfe9bf4dcbe9b0d3a5a34a585c5922539675af924940ee5cd870d19b6d9e67b3970c113d8d52dba105e0bf6659cc3d4f1fd22b9d8083da32690f8958e258fbb0da84a1191ff49dbe37b306536fb68acdf9d9191a9a022cab1f6764a91f16b832c472bbfa246a3aa1446bd5f2eeaedf81096c5071273240305db42836974c890a09ac2e6bc33c6c15b8df4b7461a8afa26d60cf74497bbb765450334719031a248770937be4c1598d834fe4b7b57b05d6e2aefc6dba8a758763e2cb41473faa6011691f3dba45689ac59244fbcc0e18050b87679236ea538f81e70c590b53c994f32e1ce4ab8fed37d27412507131dc9bc56ad40645ef3d9724e8497a64b49e3abd624bf6ad0886730d9f23d5bd6148b436600fc91badf5f9761fb81385becc54fb87c377c649c2a997c4a9e5febc305060fa12b6bac857aee1215ab3cc62288a2151f44cd1eac07391144f4ff6c48be3abbde8f7a59c9db98f109d4d273cb4316252f2b9a3fa4eebfe0ac214b826522098ac4947cc5191fcb6c60e57726a8e19c1670c71e1b87cd3dd51e81a72686fe54cc871c3691000a59b6df190b4ba3a9368281503b94bfc21e7ceb942520e8398ad318d57fc2b146b0802d29a1e2789d05580d792798b00feef816e405b219b5e88719659d97eaa7954fd79e299e917dd4a237d03b837e1e96b0b8cfffb64fa5c1d6cdf3a1c92677b227f5ac6d61965a178457dc5804d72c5d52f0409471f792750b40c709dd17d957df25fbf45c60240bbc35baeda421dc2c77968161cc78b2f0deec9d61840755d9b0ac48c0e024100af1a0d32f8b21af5541a7a967ef2e410e4949b65ffd7664210e30edcdb11106acc6b0bb4e1556f425cda68faa6498f4aa612e53cfa9156265bcfa52fb21fda"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1}}}}]}, @TCA_BASIC_ACT={0x120, 0x3, [@m_tunnel_key={0x84, 0x1f, 0x0, 0x0, {{0xf}, {0x44, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{0xfffffd70, 0x70d3, 0x2, 0x7, 0x5}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV4_SRC={0x8, 0x3, @rand_addr=0x64010101}, @TCA_TUNNEL_KEY_ENC_DST_PORT={0x6, 0x9, 0x4e22}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x14, 0x5, @local}]}, {0x14, 0x6, "d2243e74d161b0ba235708d259e80fa1"}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}, @m_connmark={0x6c, 0x13, 0x0, 0x0, {{0xd}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x8000, 0x40, 0x2, 0x7, 0x6}, 0x24}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xb340fd8, 0x0, 0x8, 0x50b182be, 0x1}, 0x9}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x4}}}}, @m_ife={0x2c, 0x5, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}]}}]}, 0x558}, 0x1, 0x0, 0x0, 0x4080}, 0xc050)
r5 = socket(0x1e, 0x1, 0x0)
shutdown(r5, 0x2)
recvmsg$can_raw(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000ac0)=""/4096, 0x1000}], 0x1}, 0x40)
socket$nl_generic(0x10, 0x3, 0x10)

3.708482977s ago: executing program 3 (id=836):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x10044084}, 0x20048000)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x40)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc2c45512, &(0x7f0000000640)={{0xd, 0x5, 0x81, 0x53, 'syz1\x00', 0x9}, 0x0, [0x380, 0xb, 0x0, 0xcc1, 0x80, 0x101, 0x80000001, 0xa6d8, 0x2, 0x1, 0x9, 0x8, 0x8, 0xfffefff7, 0x8, 0x10, 0x5, 0x4, 0x2ff, 0x80, 0x962, 0x0, 0x1, 0x4, 0x7fffffff, 0xc360, 0x80000001, 0x6, 0x60e3, 0x6, 0x0, 0x10000, 0x7, 0x1000009, 0x107430, 0x2, 0x5, 0x609, 0x1, 0x3, 0x8, 0x5, 0x9, 0x8, 0x9, 0x1, 0x8, 0x0, 0x1, 0x2, 0x0, 0x6, 0x9000, 0xe93, 0x4, 0x800, 0x7, 0x3, 0x50b, 0x0, 0x6, 0x7ff, 0x1000, 0xffffffff, 0x7, 0x5, 0x7a, 0x2, 0x9, 0x2, 0x6, 0x7, 0x1000ac, 0x7, 0x7, 0x4, 0x8000, 0x5, 0x4, 0x7, 0xd, 0x7, 0x5, 0x0, 0x0, 0x40, 0x2, 0x8000, 0xfff, 0x3, 0x3b9, 0x6, 0x3, 0x4660917f, 0x487d, 0x8000, 0x1, 0x5, 0x3, 0x0, 0x800005, 0x4, 0x11, 0x1, 0x7, 0x9, 0xc, 0x4, 0x1, 0x1, 0x3ce, 0xa, 0x8, 0x9, 0x0, 0x6, 0xffffdff7, 0xffffbf90, 0xfffffffd, 0x7, 0x2, 0x0, 0x7, 0xa, 0x809, 0xbfffffff, 0x73938332, 0x7763]})
mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='romfs\x00', 0x208000, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000000)={0x2, @sdr={0x0, 0x1}})
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f00000002c0)={0x2, @pix={0x4, 0x0, 0x30383653, 0x4, 0x800, 0x4, 0x5, 0x4, 0x0, 0x4, 0x1, 0x6}})
fcntl$notify(r0, 0x402, 0x1a)
syz_emit_ethernet(0x82, &(0x7f0000000100)={@multicast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x3, 0x61, 0x0, {0x16, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x2f, 0x9, @dev={0xac, 0x14, 0x14, 0x10}, @remote, {[@timestamp_addr={0x44, 0x44, 0x0, 0x1, 0x0, [{@rand_addr=0x86dd}, {@remote}, {@dev={0xac, 0x14, 0x14, 0x32}}, {@rand_addr, 0x4f}, {@multicast2}, {@loopback}, {@local, 0x4}, {@multicast1}]}]}}}}}}}, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$IPT_SO_GET_ENTRIES(r4, 0x0, 0x41, &(0x7f0000000340)={'raw\x00', 0xb4, "312a383b4fd14c24fccd9c3cb433804eb45def512a2eb582131546c410322b13de1f842cfc4107aca1bb7f849cd61f5be47881cbe942dc95abd6e420e33051849e90d0ade6b6f433ee265e8284edee031b2229d56f252bb8bf56217c86ad12f60d41a592e398c32f28cdbc1e011c2e63af53456ff4c8daf6aa85aee5af88a37f78fc9820270d228142b845dccb1cc64aadfe790f290e013116771247841522e61b9d6ebb365bb8bfc1721cbd0da708a916344529"}, &(0x7f0000000440)=0xd8)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f00000002c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x58, r1, 0x20, 0x70bd29, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0xc, 0xcd, [0xfff, 0x10, 0x5, 0x1]}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xd76}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0xc1}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1ff}], @NL80211_ATTR_CSA_C_OFFSETS_TX={0xe, 0xcd, [0xc0, 0x8bb, 0x9, 0x6, 0xd78]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x58}}, 0x44)

3.633181443s ago: executing program 3 (id=838):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = syz_io_uring_setup(0x6058, &(0x7f0000000440)={0x0, 0x9a05, 0x3180, 0x8000, 0xd7}, 0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
r5 = memfd_create(&(0x7f0000000200)='-@-!))\x00\x88\"\xd0\xc0\xdb\v\x1c\x1e\xf2\xb6A\x01\x04\x00\x00\xbfw\xc3\x134\xce3J\xb6\x1c}\xf7\x06\x00\x00\x00\x05\x00\x00\x00\x80\xf1\x9f\xde\x953\xc7e\xa9s\xdbYp\'\xf13\x7f\x13\x8du\x81\xab\xba\x1eh\xc6\xf1\xbf\xa9\xd6k\xb8\x02\x00\x00\x00\x00\x00\x00\x00\x1c\x14\x8b\xf9\xb0\x14N\xc9\xd4\x0e\x87U\xe4\xb7\x05\x86\x0e\x11k\a\x00\x00\x00\x00\x00\x00\x00\x8bF\n&\xe4q\t\\\xca\x03\xc0\xb2o\xb6r?N\x9e\x95\x06\x00\x00\x13\xd2\xbf\xfd\xdab\x00\xf6\x1a\'\xcf\xae\x98,\xb4\x00\x00\x15w@\x9a|\xcdF\xdd\xec\xc8\x80ix\xb0<\xf7\xf4\xa9\xfen\x15r\xcc\xb4\xdcg\xe4}\xc0\x03\x8c\xf6\x13\x8c\x12\xcb\xb4`\x97\xe6\xa0\xe1\xba\xc0\xc0\xb2)OQ\xc2\n\xf2Z,J)\x9d\x1d=\x12B\xbfC2\x83\xf3\xa5\xd9;]e\xc5\x1f\x15d\xeaz\xdf\x18Z)\xe2\xa2Q*-\f\x88\xfb\x15\x9a\xb9\xc4\xe8mX\x06\x00\x00\x00\x00\x00\x00\x00\xc9\x9e\xdd\xfao\xa6\xbcD\x16\x1c\x88\x8e\xde>\xbb0\x8b\xe2@\x9f\xf3 L\xbf39Tr:1\xc7>\x17\x9be\xd5UO\xb9\x0e:\x06\xc2\x83\x1b\xe6\x9bI\xa9X\x96I97\xc0z\xfa\x8b\xe3)m\xb1\x1d9\xb3\xb5\xe7@=A,H\x1f.A\x85\x13\xab\xf4\x10!\x13\xe3\x83\xc5\xd4\xa8f\xd4\xff\xea\xd2gDT\xd6\xde.\xaf\xf8\xe7\x93\n\x91h\x83ND\x80\x91\xff\xff\x00\x00}\xc5\xae\xc9\x17\xaf\x997=\xabZ\v\x99;\xba58i\xdb\x8cB\xe4\x8a\x81\x03l\x97a\x97\x86g\x99K\xb4d0\xda\xce\f\xfe[(\x88\x93\x00\x00\x00\x00\x00\x00X\xaff\xa2\xfc\xc92\xaf\xb9\x16\bKM;\x92\xff\x9aB0\x92\xc5\xc26\xaa\xc1\n\x02\xc4\xcaA\x1f\xa6\xd5K\x81\xc2\xb0\x9a\x8f\t\xbd\xe5\xba\xdb\xe48\x8a\xac\xf9&Zm\xee\x14\xd9|pQ\x10\x00\x00\x00\x00\x00~\xd8\x12\x8b%r\x9e\xe1\xe1S\xcc1K\x95\x93\x95O\x1c\xe6):rKk\xc9\xdf\x14\xd3n}\x9a\x03\xeeF*\xc7\xa5}\x921\xb4a\xe1\f\xc5Z\xa3\x01\x13j\xfb\xcd\x87\xd8', 0x2)
mmap(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x13, r5, 0x497e3000)
syz_io_uring_submit(0x0, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x6000, @fd, 0xffffffffffffffff, &(0x7f00000006c0)=""/210, 0xd2, 0x2, 0x1})
io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x30)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, 0x0, 0x8001)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000180)=0xffffffffffffff4a)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, &(0x7f0000000600), 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$TIOCNXCL(r0, 0x540d)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x15, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b700000028000000bca30000000000002403000006feffff7b0af0ff0000000079a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000e61141800000000001d430000000000007a0a00fe0000001f61141c0000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f2440000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c9494963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fbf05b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7ed9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b60f132a2bf8a858392f34072d99aee0ec70aa6d75096e608d97ac4b7bfa2e0ae3e59718e7a7691a98b1334e34553300"/4140], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2}, 0x48)

3.582900054s ago: executing program 2 (id=839):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x8, 0x395, 0x5, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x2, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r4 = io_uring_setup(0x332, &(0x7f0000000080)={0x0, 0x21e, 0x10})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="05000000070000000200000007"], 0x50)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000b98cad95850000000300000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000000000000850000008600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000180)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f00000000c0)=r7, 0x4)
sendmsg$unix(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)

3.215116194s ago: executing program 1 (id=840):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = getpgrp(0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0x5)
sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r1, &(0x7f0000000140)='\x00', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x6, @loopback={0xfec0ffffffffffff, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r1, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0x1, 0x0, 0x3}, 0xe)
shutdown(r1, 0x1)
recvmmsg(r1, &(0x7f0000000840)=[{{0x0, 0x41, 0x0}}], 0x414, 0x406, 0x0) (fail_nth: 6)

2.763683465s ago: executing program 0 (id=841):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00008feff0)={0x0, 0x40}}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000080)='binder\x00', 0x3, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a90000000060a030400000000000000000a0000050900010073797a3100000000500004804c0001800b00010074617267657400003c000280240003007339f2f304fdd672bad09dfb0400003667feee96325d0c0dabf95ddc91967c2008000240000000000c00010052415445455354000900020073797a3200000000140000001100010000000000000000000100000ae184a193b70fca8e1ecb987780e60593e20c26d33867972e4e669d1a9a24e56bf767763fcd1b555d0f79b9b10a4ba72d74004b640a2914970ae9343640b6eeedcaa4a0dda71cee8fddb3"], 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x20008040)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
bpf$MAP_CREATE(0x700000000000000, &(0x7f0000001a00)=ANY=[@ANYBLOB="1d00000004000000020000000000000001020000", @ANYRES32=r1, @ANYBLOB="000000000000000000000000000000007d1d0000", @ANYRES32=0x0, @ANYRES32, @ANYRES8=r3], 0x50)
mmap(&(0x7f00000fe000/0xd000)=nil, 0xd000, 0x1000005, 0xd2952, 0xffffffffffffffff, 0xfffff000)
socket$inet6_tcp(0xa, 0x1, 0x0)
write$UHID_CREATE2(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x118)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r5, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000200)={<r6=>0x0, 0x1c, &(0x7f0000000240)=[@in6={0xa, 0x4e21, 0x383, @dev={0xfe, 0x80, '\x00', 0x3c}, 0x4}]}, &(0x7f0000000140)=0x10)
keyctl$dh_compute(0x17, &(0x7f0000001200), 0x0, 0x0, &(0x7f00000013c0)={&(0x7f0000001340)={'hmac(streebog512)\x00'}})
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r5, 0x84, 0x7a, &(0x7f0000000340)={r6, @in6={{0xa, 0x3, 0x4, @mcast1}}}, &(0x7f0000000040)=0x84)
sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x3, 0x0}, 0x0)

2.760900693s ago: executing program 1 (id=842):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000000)={0x1, 'veth0_virt_wifi\x00', 0x2000000}, 0x18)
setsockopt$IP_VS_SO_SET_STOPDAEMON(r0, 0x0, 0x48c, &(0x7f00000002c0)={0x1, 'ipvlan1\x00', 0x100}, 0x18)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f000000c340)={0xa802100, 0x0, 0x0, 0x0, {0x2e}, 0x0, 0x0, 0x0, &(0x7f000000c2c0)=[0x0], 0x1}, 0x58)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xe, 0x4, 0x8, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r1}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0xc, &(0x7f0000002640)=ANY=[@ANYBLOB="1800000000000000000000000000000018150000", @ANYRES32=r2, @ANYBLOB="0000002f526b5b270000db5a00fea1000000bfa200000004000007020000f8ffffffb70300eb07000000b704ffffffff000085000800150034c262f22b989f98a75300"/82], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0xcc03, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
preadv2(r2, &(0x7f00000025c0)=[{&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000000040)=""/208, 0xd0}, {&(0x7f0000000140)=""/142, 0x8e}, {&(0x7f0000000200)=""/165, 0xa5}, {&(0x7f0000001300)=""/177, 0xb1}, {&(0x7f00000013c0)=""/4096, 0x1000}, {&(0x7f00000023c0)=""/131, 0x83}, {&(0x7f0000002480)=""/8, 0x8}, {&(0x7f00000024c0)=""/234, 0xea}], 0x9, 0x0, 0x0, 0x2)

2.692306788s ago: executing program 1 (id=843):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$video(&(0x7f0000000980), 0x6, 0x20000)
ioctl$VIDIOC_G_INPUT(r1, 0x80045626, &(0x7f00000009c0))
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000300)="63ecedda41c3903803ed69d8d41f", 0x0, 0x0, 0xfffff000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_XCRS(0xffffffffffffffff, 0x4188aea7, &(0x7f00000002c0)={0xb, 0x0, [{0x0, 0x0, 0x1}, {0xffffffff, 0x0, 0x100000001}, {0x2}, {0x9, 0x0, 0x80}, {0x20000001, 0x0, 0x2e}, {0x4b2e, 0x0, 0x2}, {0xfffffffa, 0x0, 0xb3}, {0x80, 0x0, 0x6}, {0xa, 0x0, 0x3d}, {0x40, 0x0, 0x8}, {0x0, 0x0, 0x47}, {0x3f, 0x0, 0x5}, {0x7, 0x0, 0x1}, {0xfffffff9, 0x0, 0x2}, {0xfffffffb, 0x0, 0x3}, {0x40, 0x0, 0x10f4}]})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udp(0xa, 0x2, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x3c, 0x0, 0x200, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x5}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x8000000}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x4}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20008845}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="5a759eba0a3086e8010000", @ANYRES16=0x0, @ANYBLOB="000825bd7000ffdbdf2518000000080001007063690011000200303030303a30303a31302e3000000000080003000300000008000b008000000006001600030000000500120001000000060011000000000008000b00060000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000300000008000b00ff00000006001600060000000500120000000000060011000200000008000b00080000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000300000008000b0080ffffff06001600f20000000500120000000000060011003e08000008000b0001000000080001007063690011000200303030303a30303a31302e3000000000080003000100000008000b000000000006001600080000000500120001000000060011006783000008000b0001800000080001007063690011000200303030303a30303a31302e3000000000080003000100000008000b0006000000060016000a0000000500120001000000060011000500000008000b00030000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000000000008000b000000000006001600890000000500120000000000060011000100000008000b0005000000"], 0x1e8}}, 0x4004004)
io_submit(0x0, 0x1, &(0x7f0000000400)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x40, 0xffffffffffffffff, &(0x7f0000000200)='8', 0x1, 0x10000000005971}])
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2.663904378s ago: executing program 2 (id=844):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r1, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r2 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r2, &(0x7f0000006d40)=[{{&(0x7f0000000100)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000180)=[{&(0x7f0000000140)='j', 0x1}], 0x1}}, {{&(0x7f0000000840)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000002a00)=[{&(0x7f0000000300)="189a55d9", 0x4}], 0x1}}], 0x2, 0x20040040)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xc, &(0x7f0000000040)=@assoc_value, &(0x7f0000000000)=0x8)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd28, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x22, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x10000000, 0x3, 0xf}}]}, {0xffffffe1}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x13, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x7}}}]}, {0xffffffffffffffad}, {0x52}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$IPT_SO_SET_ADD_COUNTERS(r4, 0x0, 0x41, &(0x7f00000000c0)=ANY=[@ANYBLOB="6e617000000000010000000000000000000000000000000000000000000000000a00"/68], 0x44)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="050000000c0000004300000040000000c0"], 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100), &(0x7f00000001c0), 0x10f0, r7}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000004c0), &(0x7f0000000640), 0x16c5, r7}, 0x38)
ioctl$SNDCTL_DSP_SYNC(r1, 0x5001, 0x0)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1}, [@call={0x85, 0x0, 0x0, 0x2a}, @call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xffffff80}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r8, 0x27, 0xe, 0x55, &(0x7f00000003c0)="f9ad48cc42cb29fc99d41a08320a", 0x0, 0x13fd, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
ioctl$SNDCTL_DSP_SETFMT(r1, 0xc0045005, &(0x7f0000000080)=0x1)
r9 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r9, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)

2.661126847s ago: executing program 3 (id=845):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
read(r1, 0x0, 0x20)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000083c0)={{0x1, 0x0, 0x0, 0x1}}) (fail_nth: 6)

2.193686633s ago: executing program 1 (id=846):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x3, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="5c0000070206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c0000000800124000000000050005000200000005000400000000000d000300686173683a6e6574"], 0x5c}}, 0x0)

2.193387905s ago: executing program 1 (id=847):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x10044084}, 0x20048000)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x40)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc2c45512, &(0x7f0000000640)={{0xd, 0x5, 0x81, 0x53, 'syz1\x00', 0x9}, 0x0, [0x380, 0xb, 0x0, 0xcc1, 0x80, 0x101, 0x80000001, 0xa6d8, 0x2, 0x1, 0x9, 0x8, 0x8, 0xfffefff7, 0x8, 0x10, 0x5, 0x4, 0x2ff, 0x80, 0x962, 0x0, 0x1, 0x4, 0x7fffffff, 0xc360, 0x80000001, 0x6, 0x60e3, 0x6, 0x0, 0x10000, 0x7, 0x1000009, 0x107430, 0x2, 0x5, 0x609, 0x1, 0x3, 0x8, 0x5, 0x9, 0x8, 0x9, 0x1, 0x8, 0x0, 0x1, 0x2, 0x0, 0x6, 0x9000, 0xe93, 0x4, 0x800, 0x7, 0x3, 0x50b, 0x0, 0x6, 0x7ff, 0x1000, 0xffffffff, 0x7, 0x5, 0x7a, 0x2, 0x9, 0x2, 0x6, 0x7, 0x1000ac, 0x7, 0x7, 0x4, 0x8000, 0x5, 0x4, 0x7, 0xd, 0x7, 0x5, 0x0, 0x0, 0x40, 0x2, 0x8000, 0xfff, 0x3, 0x3b9, 0x6, 0x3, 0x4660917f, 0x487d, 0x8000, 0x1, 0x5, 0x3, 0x0, 0x800005, 0x4, 0x11, 0x1, 0x7, 0x9, 0xc, 0x4, 0x1, 0x1, 0x3ce, 0xa, 0x8, 0x9, 0x0, 0x6, 0xffffdff7, 0xffffbf90, 0xfffffffd, 0x7, 0x2, 0x0, 0x7, 0xa, 0x809, 0xbfffffff, 0x73938332, 0x7763]})
mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='romfs\x00', 0x208000, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000000)={0x2, @sdr={0x0, 0x1}})
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f00000002c0)={0x2, @pix={0x4, 0x0, 0x30383653, 0x4, 0x800, 0x4, 0x5, 0x4, 0x0, 0x4, 0x1, 0x6}})
fcntl$notify(r0, 0x402, 0x1a)
syz_emit_ethernet(0x82, &(0x7f0000000100)={@multicast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x3, 0x61, 0x0, {0x16, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x2f, 0x9, @dev={0xac, 0x14, 0x14, 0x10}, @remote, {[@timestamp_addr={0x44, 0x44, 0x0, 0x1, 0x0, [{@rand_addr=0x86dd}, {@remote}, {@dev={0xac, 0x14, 0x14, 0x32}}, {@rand_addr, 0x4f}, {@multicast2}, {@loopback}, {@local, 0x4}, {@multicast1}]}]}}}}}}}, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$IPT_SO_GET_ENTRIES(r4, 0x0, 0x41, &(0x7f0000000340)={'raw\x00', 0xb4, "312a383b4fd14c24fccd9c3cb433804eb45def512a2eb582131546c410322b13de1f842cfc4107aca1bb7f849cd61f5be47881cbe942dc95abd6e420e33051849e90d0ade6b6f433ee265e8284edee031b2229d56f252bb8bf56217c86ad12f60d41a592e398c32f28cdbc1e011c2e63af53456ff4c8daf6aa85aee5af88a37f78fc9820270d228142b845dccb1cc64aadfe790f290e013116771247841522e61b9d6ebb365bb8bfc1721cbd0da708a916344529"}, &(0x7f0000000440)=0xd8)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f00000002c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x58, r1, 0x20, 0x70bd29, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0xc, 0xcd, [0xfff, 0x10, 0x5, 0x1]}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xd76}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0xc1}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1ff}], @NL80211_ATTR_CSA_C_OFFSETS_TX={0xe, 0xcd, [0xc0, 0x8bb, 0x9, 0x6, 0xd78]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x58}}, 0x44)

2.113526573s ago: executing program 1 (id=848):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, 0x0, 0x0)
io_uring_setup(0x734a, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0xfff7fffc})
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB])
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x6, 0x2}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f0000000380)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r4, &(0x7f0000000180)={0x1a, 0x0, 0xf9, 0x8, 0xff, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, 0x10)
sendmmsg(r4, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000080)='./file0\x00')
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000480), 0x2000000, &(0x7f0000000000)={[{@upperdir={'upperdir', 0x3d, './file1'}}]})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000), 0x8)
r6 = socket$packet(0x11, 0x3, 0x300)
bind$packet(r6, &(0x7f0000000140)={0x11, 0x1b, 0x0, 0x1, 0xf9, 0x6, @remote}, 0x14)
open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)

1.852375196s ago: executing program 2 (id=849):
r0 = socket$netlink(0x10, 0x3, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000100)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x380})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x4, 0x4, &(0x7f0000000240)=@framed={{0x18, 0x2, 0x0, 0x0, 0x2}, [@call={0x85, 0x0, 0x0, 0x23}]}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
getrandom(0x0, 0x0, 0x600)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000002c0)={'veth1_to_batadv\x00', &(0x7f0000000280)=@ethtool_stats={0x1d, 0x2, [0xe, 0x3]}})
getpeername$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000140)=0x14)
ioctl$sock_inet6_SIOCADDRT(r2, 0x890b, &(0x7f0000000180)={@dev={0xfe, 0x80, '\x00', 0x25}, @mcast2, @dev={0xfe, 0x80, '\x00', 0x42}, 0xf4b, 0x6, 0x81, 0x100, 0x6, 0x80008, r3})
ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00001b1000/0x4000)=nil, 0x400000, 0x3, 0x2})
lstat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0})
r5 = getegid()
getgroups(0x2, &(0x7f00000003c0)=[r4, r5])
r6 = syz_open_dev$mouse(&(0x7f0000000200), 0x2, 0x100000)
ioctl$SG_SET_KEEP_ORPHAN(r6, 0x2287, &(0x7f0000000400)=0x8)
setsockopt$MRT_DEL_VIF(r6, 0x0, 0xcb, &(0x7f0000000240)={0x0, 0x8, 0x7, 0x90, @vifc_lcl_ifindex=r3, @empty}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000002d80)=@newqdisc={0xa0, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {0x0, 0xfff3}, {0x0, 0x3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x70, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x0, [], 0x0, [], [0x79, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}, @TCA_TAPRIO_ATTR_TXTIME_DELAY={0x8}]}}]}, 0xa0}}, 0x0)

1.816648473s ago: executing program 0 (id=850):
socket$nl_netfilter(0x10, 0x3, 0xc)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000005100)={0x0, 0x0, &(0x7f00000050c0)={&(0x7f0000000000)={0x18, 0x140e, 0x400, 0x70bd29, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x18}, 0x1, 0x0, 0x0, 0xfd001707709cba22}, 0x20008004)
socket(0x23, 0x80000, 0x0)
r1 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r3, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_io_uring_setup(0x4be7, 0x0, &(0x7f0000000100)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_io_uring_submit(r4, r5, 0x0)
r6 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f066bbeeb, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
connect$unix(r7, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r8, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r6, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r7, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_route(0x10, 0x3, 0x0)
fallocate(r2, 0x28, 0x5, 0x1ce)
add_key$keyring(&(0x7f0000000400), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
syz_open_dev$vim2m(&(0x7f0000000300), 0x6ae, 0x2)

1.686229177s ago: executing program 3 (id=851):
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000002140)={0x2020, 0x0, <r1=>0x0, <r2=>0x0, <r3=>0x0}, 0x2020)
syz_fuse_handle_req(r0, &(0x7f0000004180)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9464a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d806b2ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a409ce174532a492ef550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0x1, {0x6, 0x2, 0xffffffffffffeffe, 0xfffffffffffffffd, 0x0, 0x0, {0x40, 0x8, 0xb, 0xfffc, 0x0, 0x1, 0x0, 0x0, 0x120, 0x2000, 0x0, r2, r3, 0x501, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0d000003005a"], 0x50)
open$dir(&(0x7f00000001c0)='./file0/file0\x00', 0x4100, 0x1e0) (fail_nth: 6)
write$FUSE_INIT(r0, &(0x7f0000000440)={0x50, 0x0, r1, {0x7, 0x29, 0x0, 0x1086cce0, 0x40, 0x73, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fffffff}}, 0x50)

1.313468202s ago: executing program 2 (id=852):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) (async)
ptrace$ARCH_SHSTK_DISABLE(0x1e, r0, 0x3, 0x5002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000000500)='fd/3\x00')
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r3, 0x541b, 0x0)
recvmmsg$unix(r3, &(0x7f00000068c0)=[{{&(0x7f00000003c0)=@abs, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000440)=""/165, 0xa5}, {&(0x7f00000005c0)=""/178, 0xb2}, {&(0x7f0000000680)=""/157, 0x9d}, {&(0x7f0000000100)=""/61, 0x3d}, {&(0x7f0000000740)=""/4096, 0x1000}], 0x5, &(0x7f0000001740)=[@cred={{0x18}}, @cred={{0x18}}], 0x30}}, {{&(0x7f0000001780)=@abs, 0x6e, &(0x7f0000004b00)=[{&(0x7f0000001800)=""/4096, 0x1000}, {&(0x7f0000002800)=""/223, 0xdf}, {&(0x7f0000002900)=""/126, 0x7e}, {&(0x7f0000002980)=""/4096, 0x1000}, {&(0x7f0000003980)=""/4096, 0x1000}, {&(0x7f0000004980)=""/71, 0x47}, {&(0x7f0000004a00)=""/220, 0xdc}], 0x7, &(0x7f0000004b40)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x34}}, {{&(0x7f0000004b80), 0x6e, &(0x7f0000004e40)=[{&(0x7f0000004c00)=""/96, 0x60}, {&(0x7f0000004c80)=""/106, 0x6a}, {&(0x7f0000004d00)=""/196, 0xc4}, {&(0x7f0000004e00)=""/17, 0x11}], 0x4, &(0x7f0000004e80)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}], 0x30}}, {{&(0x7f0000004ec0)=@abs, 0x6e, &(0x7f0000006000)=[{&(0x7f0000004f40)=""/4096, 0x1000}, {&(0x7f0000005f40)=""/70, 0x46}, {&(0x7f0000005fc0)=""/56, 0x38}], 0x3, &(0x7f0000006040)=[@cred={{0x18}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0xc}}], 0x74}}, {{&(0x7f00000060c0)=@abs, 0x6e, &(0x7f0000006200)=[{&(0x7f0000006140)=""/18, 0x12}, {&(0x7f0000006180)=""/74, 0x4a}], 0x2}}, {{&(0x7f0000006240), 0x6e, &(0x7f0000006300)=[{&(0x7f00000062c0)=""/47, 0x2f}], 0x1, &(0x7f0000006340)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}], 0xe4}}, {{&(0x7f0000006440), 0x6e, &(0x7f0000006600)=[{&(0x7f00000064c0)=""/243, 0xf3}, {&(0x7f00000065c0)=""/6, 0x6}], 0x2, &(0x7f0000006640)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}], 0x24}}, {{0x0, 0x0, &(0x7f00000067c0)=[{&(0x7f0000006680)=""/224, 0xe0}, {&(0x7f0000006780)=""/9, 0x9}], 0x2, &(0x7f0000006800)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x18}}, @cred={{0x18}}], 0x94}}], 0x8, 0x100, &(0x7f00000069c0)={0x77359400})
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) (async)
prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0x10) (async)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0) (async)
openat$comedi(0xffffffffffffff9c, 0x0, 0x401, 0x0) (async)
mkdir(0x0, 0x0)
pipe2(&(0x7f0000000040)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x800)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x18, 0x8, &(0x7f00000000c0)=@framed={{}, [@jmp={0x5, 0x0, 0x5, 0x0, 0x0, 0x3}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffc}, @jmp={0x5, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffe}, @map_idx_val={0x18, 0x7, 0x6, 0x0, 0xd, 0x0, 0x0, 0x0, 0xcc}]}, &(0x7f0000000140)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x25, r4}, 0x94)

872.201697ms ago: executing program 3 (id=853):
symlink(&(0x7f0000000040)='.\x00', &(0x7f0000000100)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff})
pivot_root(&(0x7f0000000480)='./bus\x00', &(0x7f0000000500)='./bus\x00')
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x201, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0x8}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}]}], {0x14}}, 0x64}}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_GET(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000000c0)={0x14, r3, 0x2b8ee6cf79dab3f, 0x0, 0x0, {0x2e}}, 0x14}, 0x1, 0x0, 0x0, 0x4008040}, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r4 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.empty_time\x00', 0x275a, 0x0)
setxattr$incfs_size(&(0x7f0000000000)='./file2\x00', &(0x7f0000000180), &(0x7f00000001c0)=0xc5, 0x8, 0x4)
ioctl$LOOP_CONFIGURE(r4, 0x4c0a, &(0x7f00000002c0)={r5, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x11, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d960001000000000000000000007efff100004000", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c527d3d458dd4992861ac00", "f4bf000000801900001f00", [0x8, 0xffffffff9673e35d]}})

783.154084ms ago: executing program 3 (id=854):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = syz_io_uring_setup(0x6058, &(0x7f0000000440)={0x0, 0x9a05, 0x3180, 0x8000, 0xd7}, 0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
fcntl$addseals(0xffffffffffffffff, 0x409, 0x15)
mmap(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x13, 0xffffffffffffffff, 0x497e3000)
syz_io_uring_submit(0x0, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x6000, @fd, 0xffffffffffffffff, &(0x7f00000006c0)=""/210, 0xd2, 0x2, 0x1})
io_uring_enter(r2, 0x627, 0x4c1, 0x43, 0x0, 0x30)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, 0x0, 0x8001)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x5421, &(0x7f0000000180)=0xffffffffffffff4a)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={0xffffffffffffffff, 0x2000000, 0x0, 0x0, &(0x7f0000000600), 0x0, 0x7ffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$TIOCNXCL(r0, 0x540d)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x15, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b700000028000000bca30000000000002403000006feffff7b0af0ff0000000079a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000e61141800000000001d430000000000007a0a00fe0000001f61141c0000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f2440000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c9494963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fbf05b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7ed9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b60f132a2bf8a858392f34072d99aee0ec70aa6d75096e608d97ac4b7bfa2e0ae3e59718e7a7691a98b1334e34553300"/4140], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2}, 0x48)

653.327149ms ago: executing program 2 (id=855):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$video(&(0x7f0000000980), 0x6, 0x20000)
ioctl$VIDIOC_G_INPUT(r1, 0x80045626, &(0x7f00000009c0))
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x2000000, 0xe, 0x0, &(0x7f0000000300)="63ecedda41c3903803ed69d8d41f", 0x0, 0x0, 0xfffff000, 0x0, 0x0, 0x0, 0x0}, 0x50)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_SET_XCRS(0xffffffffffffffff, 0x4188aea7, &(0x7f00000002c0)={0xb, 0x0, [{0x0, 0x0, 0x1}, {0xffffffff, 0x0, 0x100000001}, {0x2}, {0x9, 0x0, 0x80}, {0x20000001, 0x0, 0x2e}, {0x4b2e, 0x0, 0x2}, {0xfffffffa, 0x0, 0xb3}, {0x80, 0x0, 0x6}, {0xa, 0x0, 0x3d}, {0x40, 0x0, 0x8}, {0x0, 0x0, 0x47}, {0x3f, 0x0, 0x5}, {0x7, 0x0, 0x1}, {0xfffffff9, 0x0, 0x2}, {0xfffffffb, 0x0, 0x3}, {0x40, 0x0, 0x10f4}]})
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$inet6_udp(0xa, 0x2, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x3c, 0x0, 0x200, 0x1070bd2c, 0x4, {0x5}, [@L2TP_ATTR_PW_TYPE={0x6, 0x1, 0x5}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x5}, @L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x8000000}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x4}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20008845}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r6=>0x0})
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_SET(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[@ANYBLOB="5a759eba0a3086e8010000", @ANYRES16=0x0, @ANYBLOB="000825bd7000ffdbdf2518000000080001007063690011000200303030303a30303a31302e3000000000080003000300000008000b008000000006001600030000000500120001000000060011000000000008000b00060000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000300000008000b00ff00000006001600060000000500120000000000060011000200000008000b00080000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000300000008000b0080ffffff06001600f20000000500120000000000060011003e08000008000b0001000000080001007063690011000200303030303a30303a31302e3000000000080003000100000008000b000000000006001600080000000500120001000000060011006783000008000b0001800000080001007063690011000200303030303a30303a31302e3000000000080003000100000008000b0006000000060016000a0000000500120001000000060011000500000008000b00030000000e0001006e657464657673696d0000000f0002006e657464657673696d300000080003000000000008000b000000000006001600890000000500120000000000060011000100000008000b0005000000"], 0x1e8}}, 0x4004004)
io_submit(0x0, 0x1, &(0x7f0000000400)=[&(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x40, 0xffffffffffffffff, &(0x7f0000000200)='8', 0x1, 0x10000000005971}])
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r6, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

83.358193ms ago: executing program 0 (id=856):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="34000004", @ANYRES32=0x0, @ANYBLOB="0000000000000000120012800a000100767863616e0000000400028000001c00", @ANYRES32], 0x34}, 0x1, 0x0, 0x0, 0x10044084}, 0x20048000)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
r2 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x40)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc2c45512, &(0x7f0000000640)={{0xd, 0x5, 0x81, 0x53, 'syz1\x00', 0x9}, 0x0, [0x380, 0xb, 0x0, 0xcc1, 0x80, 0x101, 0x80000001, 0xa6d8, 0x2, 0x1, 0x9, 0x8, 0x8, 0xfffefff7, 0x8, 0x10, 0x5, 0x4, 0x2ff, 0x80, 0x962, 0x0, 0x1, 0x4, 0x7fffffff, 0xc360, 0x80000001, 0x6, 0x60e3, 0x6, 0x0, 0x10000, 0x7, 0x1000009, 0x107430, 0x2, 0x5, 0x609, 0x1, 0x3, 0x8, 0x5, 0x9, 0x8, 0x9, 0x1, 0x8, 0x0, 0x1, 0x2, 0x0, 0x6, 0x9000, 0xe93, 0x4, 0x800, 0x7, 0x3, 0x50b, 0x0, 0x6, 0x7ff, 0x1000, 0xffffffff, 0x7, 0x5, 0x7a, 0x2, 0x9, 0x2, 0x6, 0x7, 0x1000ac, 0x7, 0x7, 0x4, 0x8000, 0x5, 0x4, 0x7, 0xd, 0x7, 0x5, 0x0, 0x0, 0x40, 0x2, 0x8000, 0xfff, 0x3, 0x3b9, 0x6, 0x3, 0x4660917f, 0x487d, 0x8000, 0x1, 0x5, 0x3, 0x0, 0x800005, 0x4, 0x11, 0x1, 0x7, 0x9, 0xc, 0x4, 0x1, 0x1, 0x3ce, 0xa, 0x8, 0x9, 0x0, 0x6, 0xffffdff7, 0xffffbf90, 0xfffffffd, 0x7, 0x2, 0x0, 0x7, 0xa, 0x809, 0xbfffffff, 0x73938332, 0x7763]})
mount(&(0x7f0000000140)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000040)='romfs\x00', 0x208000, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000000)={0x2, @sdr={0x0, 0x1}})
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f00000002c0)={0x2, @pix={0x4, 0x0, 0x30383653, 0x4, 0x800, 0x4, 0x5, 0x4, 0x0, 0x4, 0x1, 0x6}})
fcntl$notify(r0, 0x402, 0x1a)
syz_emit_ethernet(0x82, &(0x7f0000000100)={@multicast, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x3, 0x61, 0x0, {0x16, 0x4, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x2f, 0x9, @dev={0xac, 0x14, 0x14, 0x10}, @remote, {[@timestamp_addr={0x44, 0x44, 0x0, 0x1, 0x0, [{@rand_addr=0x86dd}, {@remote}, {@dev={0xac, 0x14, 0x14, 0x32}}, {@rand_addr, 0x4f}, {@multicast2}, {@loopback}, {@local, 0x4}, {@multicast1}]}]}}}}}}}, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$IPT_SO_GET_ENTRIES(r4, 0x0, 0x41, &(0x7f0000000340)={'raw\x00', 0xb4, "312a383b4fd14c24fccd9c3cb433804eb45def512a2eb582131546c410322b13de1f842cfc4107aca1bb7f849cd61f5be47881cbe942dc95abd6e420e33051849e90d0ade6b6f433ee265e8284edee031b2229d56f252bb8bf56217c86ad12f60d41a592e398c32f28cdbc1e011c2e63af53456ff4c8daf6aa85aee5af88a37f78fc9820270d228142b845dccb1cc64aadfe790f290e013116771247841522e61b9d6ebb365bb8bfc1721cbd0da708a916344529"}, &(0x7f0000000440)=0xd8)
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f00000002c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000240)={0x58, r1, 0x20, 0x70bd29, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0xc, 0xcd, [0xfff, 0x10, 0x5, 0x1]}, @NL80211_ATTR_DURATION={0x8, 0x57, 0xd76}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0xc1}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1ff}], @NL80211_ATTR_CSA_C_OFFSETS_TX={0xe, 0xcd, [0xc0, 0x8bb, 0x9, 0x6, 0xd78]}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x58}}, 0x44)

672.062µs ago: executing program 2 (id=857):
clock_gettime(0x2, &(0x7f0000000040))
r0 = socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x4, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0xfffffffc, 0x0, 0x0, 0x2}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYBLOB="00000000010000000000000000000000000000000000000000000000c7b2ab217728fd00"], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2, 0x40091}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_INITSTATE(r2, 0x113, 0x4, &(0x7f0000000000), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x8, 0x3f8, 0xb, 0x32}, 0x9c)
sendto$inet6(r5, 0x0, 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
modify_ldt$read(0x0, &(0x7f0000000400)=""/229, 0xe5)
syz_io_uring_setup(0x779b, &(0x7f0000000380)={0x0, 0xf5a5, 0x0, 0xffffffff, 0x2028a}, 0x0, &(0x7f0000000200))
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x121a03, 0x0)
ioctl$TIOCSETD(r6, 0x5423, 0x0)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000000c0)=0xae)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
add_key$fscrypt_provisioning(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x2}, &(0x7f0000000500)=ANY=[@ANYBLOB="29aabf20d09f4e4d373401000000000000000102030405060708090a0b0c0d0e0f1011121314151617"], 0x48, 0xffffffffffffffff)
close_range(r7, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001000ffff25bd700001dcdf2500000000", @ANYRES32=0x0, @ANYBLOB="000004002308e2ff09000100bbbbfbbbbbbb0000180012800e000100697036677265746170"], 0x44}, 0x1, 0x0, 0x0, 0x4044064}, 0x20040000)

0s ago: executing program 0 (id=858):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x84}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@gettfilter={0x3c, 0x2e, 0x100, 0x70bc25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {0x10, 0xd}, {0xe}, {0x8, 0xc}}, [{0x8, 0xb, 0xc0e}, {0x8, 0xb, 0x8a}, {0x8, 0xb, 0x5}]}, 0x3c}}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x237, &(0x7f0000000380)={0x0, 0x260e, 0x10100, 0x0, 0x170}, &(0x7f00000002c0)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
request_key(0x0, &(0x7f0000000440)={'syz', 0x1}, 0x0, 0x0)
io_uring_enter(r3, 0x708, 0x41e3, 0x0, 0x0, 0x0)
io_setup(0x8, &(0x7f0000000680)=<r6=>0x0)
io_pgetevents(r6, 0x2, 0x2, &(0x7f0000000100)=[{}, {}], 0x0, 0x0)
io_uring_register$IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, &(0x7f00000000c0)={0x1, 0xffffffffffffffff, 0x35, {0x5, 0x1}, 0x1}, 0x1)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x200000d, 0x8010, 0xffffffffffffffff, 0x0)
socket(0x10, 0x803, 0x0)
r7 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r7, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
fcntl$lock(r8, 0x7, &(0x7f0000000100)={0x1, 0x1, 0x3, 0xfffffffffffffffe})
fcntl$lock(r8, 0x26, &(0x7f0000000080))
unshare(0x22020400)
fcntl$lock(r8, 0x7, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x3})
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
close_range(r9, 0xffffffffffffffff, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r10=>0x0})
sendto$packet(r7, &(0x7f00000002c0)="1a040500d3fc03fc01004788031c09", 0x10025, 0x4000004, &(0x7f0000000300)={0x11, 0x0, r10, 0x1, 0x6, 0x6, @remote}, 0x14)

kernel console output (not intermixed with test programs):

cs 0003:047F:FFFF.0003: unknown main item tag 0x0
[  146.779062][    T9] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  146.781548][    T9] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  146.784260][    T9] plantronics 0003:047F:FFFF.0003: unknown main item tag 0x0
[  146.795210][ T5947] Bluetooth: hci3: command 0x0c1a tx timeout
[  146.795235][ T5949] Bluetooth: hci1: command 0x0c1a tx timeout
[  146.801254][    T9] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  147.224404][ T7595] netlink: 4 bytes leftover after parsing attributes in process `syz.1.444'.
[  147.273464][   T10] usb usb40-port1: unable to enumerate USB device
[  148.768845][   T71] usb 7-1: USB disconnect, device number 6
[  148.794750][ T5949] Bluetooth: hci2: command 0x0c1a tx timeout
[  148.874793][ T5949] Bluetooth: hci3: command 0x0c1a tx timeout
[  148.877110][ T5949] Bluetooth: hci1: command 0x0c1a tx timeout
[  150.192242][ T7633] netlink: 4 bytes leftover after parsing attributes in process `syz.0.453'.
[  150.880656][ T5947] Bluetooth: hci2: command 0x0c1a tx timeout
[  150.959756][ T5947] Bluetooth: hci1: command 0x0c1a tx timeout
[  150.960068][ T5949] Bluetooth: hci3: command 0x0c1a tx timeout
[  151.040375][ T7650] FAULT_INJECTION: forcing a failure.
[  151.040375][ T7650] name fail_futex, interval 1, probability 0, space 0, times 1
[  151.046040][ T7650] CPU: 1 UID: 0 PID: 7650 Comm: syz.2.459 Not tainted syzkaller #0 PREEMPT(full) 
[  151.046065][ T7650] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  151.046075][ T7650] Call Trace:
[  151.046082][ T7650]  <TASK>
[  151.046089][ T7650]  dump_stack_lvl+0x100/0x190
[  151.046118][ T7650]  should_fail_ex.cold+0x5/0xa
[  151.046138][ T7650]  get_futex_key+0x295/0x1620
[  151.046162][ T7650]  ? __pfx_get_futex_key+0x10/0x10
[  151.046182][ T7650]  ? get_futex_key+0x507/0x1620
[  151.046206][ T7650]  futex_wait_setup+0x83/0x510
[  151.046238][ T7650]  futex_wait_requeue_pi+0x240/0x870
[  151.046265][ T7650]  ? __pfx_futex_wait_requeue_pi+0x10/0x10
[  151.046298][ T7650]  ? __lock_acquire+0x4a5/0x2630
[  151.046319][ T7650]  ? rcu_is_watching+0x12/0xc0
[  151.046349][ T7650]  ? __lock_acquire+0x4a5/0x2630
[  151.046380][ T7650]  ? __pfx_futex_wake_mark+0x10/0x10
[  151.046407][ T7650]  ? finish_task_switch.isra.0+0x205/0xb80
[  151.046424][ T7650]  ? lockdep_hardirqs_on+0x78/0x100
[  151.046444][ T7650]  ? finish_task_switch.isra.0+0x205/0xb80
[  151.046461][ T7650]  ? rcu_is_watching+0x12/0xc0
[  151.046488][ T7650]  do_futex+0x24f/0x350
[  151.046508][ T7650]  ? __pfx_do_futex+0x10/0x10
[  151.046529][ T7650]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  151.046553][ T7650]  __ia32_sys_futex_time32+0x2f4/0x470
[  151.046580][ T7650]  ? __pfx___ia32_sys_futex_time32+0x10/0x10
[  151.046612][ T7650]  __do_fast_syscall_32+0xe3/0x8c0
[  151.046636][ T7650]  do_fast_syscall_32+0x32/0x70
[  151.046656][ T7650]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  151.046677][ T7650] RIP: 0023:0xf707ef6c
[  151.046691][ T7650] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  151.046707][ T7650] RSP: 002b:00000000f542b50c EFLAGS: 00000292 ORIG_RAX: 00000000000000f0
[  151.046723][ T7650] RAX: ffffffffffffffda RBX: 000000008000cffc RCX: 000000000000000b
[  151.046733][ T7650] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000080048000
[  151.046743][ T7650] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  151.046753][ T7650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  151.046763][ T7650] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  151.046803][ T7650]  </TASK>
[  151.307903][   T10] page_pool_release_retry() stalled pool shutdown: id 25, 1 inflight 60 sec
[  151.435157][ T7656] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  151.437390][ T7656] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  151.453106][ T7656] vhci_hcd vhci_hcd.0: Device attached
[  151.562019][ T7661] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  151.744840][ T6107] usb 40-1: SetAddress Request (18) to port 0
[  151.747547][ T6107] usb 40-1: new SuperSpeed USB device number 18 using vhci_hcd
[  153.513161][ T7657] vhci_hcd: connection reset by peer
[  153.515318][   T90] vhci_hcd vhci_hcd.1: stop threads
[  153.517701][   T90] vhci_hcd vhci_hcd.1: release socket
[  153.521059][   T90] vhci_hcd vhci_hcd.1: disconnect device
[  153.639253][ T7682] netlink: 8 bytes leftover after parsing attributes in process `syz.2.469'.
[  153.692281][ T7688] wg2 speed is unknown, defaulting to 1000
[  153.793479][ T7693] binder: 7692:7693 ioctl c0306201 0 returned -14
[  154.338956][ T7680] overlayfs: statfs failed on './file0'
[  155.486499][ T7716] overlayfs: overlapping lowerdir path
[  155.530182][ T7721] FAULT_INJECTION: forcing a failure.
[  155.530182][ T7721] name failslab, interval 1, probability 0, space 0, times 0
[  155.536655][ T7721] CPU: 1 UID: 0 PID: 7721 Comm: syz.3.480 Not tainted syzkaller #0 PREEMPT(full) 
[  155.536678][ T7721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  155.536688][ T7721] Call Trace:
[  155.536694][ T7721]  <TASK>
[  155.536701][ T7721]  dump_stack_lvl+0x100/0x190
[  155.536732][ T7721]  should_fail_ex.cold+0x5/0xa
[  155.536782][ T7721]  should_failslab+0xc2/0x120
[  155.536807][ T7721]  __kmalloc_cache_noprof+0x7a/0x6f0
[  155.536829][ T7721]  ? tcf_chain_create+0x98/0x370
[  155.536853][ T7721]  tcf_chain_create+0x98/0x370
[  155.536875][ T7721]  __tcf_chain_get+0x153/0x1b0
[  155.536898][ T7721]  tc_new_tfilter+0x640/0x24a0
[  155.536931][ T7721]  ? rcu_is_watching+0x12/0xc0
[  155.536957][ T7721]  ? kasan_quarantine_put+0x104/0x240
[  155.536981][ T7721]  ? lockdep_hardirqs_on+0x78/0x100
[  155.537003][ T7721]  ? __pfx_tc_new_tfilter+0x10/0x10
[  155.537027][ T7721]  ? kmem_cache_free+0x124/0x6a0
[  155.537048][ T7721]  ? skb_release_data+0x7a0/0x9d0
[  155.537074][ T7721]  ? __lock_acquire+0x4a5/0x2630
[  155.537107][ T7721]  ? find_held_lock+0x2b/0x80
[  155.537123][ T7721]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  155.537146][ T7721]  ? __pfx_tc_new_tfilter+0x10/0x10
[  155.537170][ T7721]  rtnetlink_rcv_msg+0x95e/0xe90
[  155.537194][ T7721]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  155.537222][ T7721]  ? ref_tracker_free+0x37e/0x6c0
[  155.537245][ T7721]  netlink_rcv_skb+0x159/0x420
[  155.537268][ T7721]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  155.537290][ T7721]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  155.537322][ T7721]  ? netlink_deliver_tap+0x1ae/0xcc0
[  155.537349][ T7721]  netlink_unicast+0x5aa/0x870
[  155.537375][ T7721]  ? __pfx_netlink_unicast+0x10/0x10
[  155.537408][ T7721]  netlink_sendmsg+0x8b0/0xda0
[  155.537436][ T7721]  ? __pfx_netlink_sendmsg+0x10/0x10
[  155.537462][ T7721]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  155.537491][ T7721]  ____sys_sendmsg+0x9e1/0xb70
[  155.537516][ T7721]  ? __pfx_netlink_sendmsg+0x10/0x10
[  155.537541][ T7721]  ? __pfx_____sys_sendmsg+0x10/0x10
[  155.537579][ T7721]  ___sys_sendmsg+0x190/0x1e0
[  155.537607][ T7721]  ? __pfx____sys_sendmsg+0x10/0x10
[  155.537665][ T7721]  __sys_sendmsg+0x170/0x220
[  155.537687][ T7721]  ? __pfx___sys_sendmsg+0x10/0x10
[  155.537717][ T7721]  ? __pfx_ksys_write+0x10/0x10
[  155.537738][ T7721]  __do_fast_syscall_32+0xe3/0x8c0
[  155.537764][ T7721]  do_fast_syscall_32+0x32/0x70
[  155.537790][ T7721]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  155.537811][ T7721] RIP: 0023:0xf704ef6c
[  155.537826][ T7721] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  155.537841][ T7721] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  155.537857][ T7721] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000000
[  155.537868][ T7721] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  155.537877][ T7721] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  155.537887][ T7721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  155.537897][ T7721] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  155.537921][ T7721]  </TASK>
[  156.044748][   T10] usb 8-1: new full-speed USB device number 18 using dummy_hcd
[  156.197086][   T10] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  156.201532][   T10] usb 8-1: config 0 has 1 interface, different from the descriptor's value: 2
[  156.238906][   T10] usb 8-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  156.244432][   T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  156.258135][   T10] usb 8-1: config 0 descriptor??
[  156.266612][   T10] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  156.271183][   T10] dvb-usb: bulk message failed: -22 (3/0)
[  156.283524][   T10] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  156.309782][   T10] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  156.313548][   T10] usb 8-1: media controller created
[  156.351473][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  156.366053][   T10] dvb-usb: bulk message failed: -22 (6/0)
[  156.370309][   T10] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  156.420592][   T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb8/8-1/input/input12
[  156.441990][   T10] dvb-usb: schedule remote query interval to 150 msecs.
[  156.445173][   T10] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  156.490394][   T10] usb 8-1: USB disconnect, device number 18
[  156.535951][   T10] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  156.795093][ T6107] usb 40-1: device descriptor read/8, error -110
[  156.869231][ T7746] bridge0: port 2(bridge_slave_1) entered disabled state
[  156.872356][ T7746] bridge0: port 1(bridge_slave_0) entered disabled state
[  156.879431][ T7746] bridge0: port 2(bridge_slave_1) entered blocking state
[  156.882342][ T7746] bridge0: port 2(bridge_slave_1) entered forwarding state
[  156.885243][ T7746] bridge0: port 1(bridge_slave_0) entered blocking state
[  156.888389][ T7746] bridge0: port 1(bridge_slave_0) entered forwarding state
[  156.895919][ T7746] team0: Port device bridge0 added
[  157.116436][ T7755] netlink: 4 bytes leftover after parsing attributes in process `syz.3.488'.
[  157.195299][ T6107] usb usb40-port1: attempt power cycle
[  158.092207][ T6107] usb usb40-port1: unable to enumerate USB device
[  158.118965][ T7764] FAULT_INJECTION: forcing a failure.
[  158.118965][ T7764] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  158.136091][ T7764] CPU: 2 UID: 0 PID: 7764 Comm: syz.3.491 Not tainted syzkaller #0 PREEMPT(full) 
[  158.136108][ T7764] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  158.136115][ T7764] Call Trace:
[  158.136132][ T7764]  <TASK>
[  158.136138][ T7764]  dump_stack_lvl+0x100/0x190
[  158.136160][ T7764]  should_fail_ex.cold+0x5/0xa
[  158.136174][ T7764]  _copy_from_iter+0x1f4/0x1690
[  158.136188][ T7764]  ? __asan_memset+0x23/0x50
[  158.136205][ T7764]  ? __pfx__copy_from_iter+0x10/0x10
[  158.136216][ T7764]  ? __pfx___alloc_skb+0x10/0x10
[  158.136236][ T7764]  netlink_sendmsg+0x808/0xda0
[  158.136255][ T7764]  ? __pfx_netlink_sendmsg+0x10/0x10
[  158.136273][ T7764]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  158.136298][ T7764]  ____sys_sendmsg+0x9e1/0xb70
[  158.136315][ T7764]  ? __pfx_netlink_sendmsg+0x10/0x10
[  158.136332][ T7764]  ? __pfx_____sys_sendmsg+0x10/0x10
[  158.136357][ T7764]  ___sys_sendmsg+0x190/0x1e0
[  158.136376][ T7764]  ? __pfx____sys_sendmsg+0x10/0x10
[  158.136413][ T7764]  __sys_sendmsg+0x170/0x220
[  158.136427][ T7764]  ? __pfx___sys_sendmsg+0x10/0x10
[  158.136447][ T7764]  ? __pfx_ksys_write+0x10/0x10
[  158.136461][ T7764]  __do_fast_syscall_32+0xe3/0x8c0
[  158.136479][ T7764]  do_fast_syscall_32+0x32/0x70
[  158.136495][ T7764]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  158.136510][ T7764] RIP: 0023:0xf704ef6c
[  158.136520][ T7764] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  158.136532][ T7764] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  158.136543][ T7764] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000480
[  158.136550][ T7764] RDX: 0000000004000080 RSI: 0000000000000000 RDI: 0000000000000000
[  158.136556][ T7764] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  158.136562][ T7764] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  158.136568][ T7764] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  158.136582][ T7764]  </TASK>
[  158.814291][ T7775] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  158.917575][ T7783] tmpfs: Unknown parameter 'ÿ'
[  159.105582][ T6107] usb 7-1: new full-speed USB device number 7 using dummy_hcd
[  159.337799][ T6107] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  159.342256][ T6107] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  159.354402][ T6107] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  159.364730][ T6107] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.381475][ T6107] usb 7-1: config 0 descriptor??
[  159.389545][ T6107] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  159.393794][ T6107] dvb-usb: bulk message failed: -22 (3/0)
[  159.411012][ T6107] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  159.414222][ T6107] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  159.431804][ T7796] netlink: 4 bytes leftover after parsing attributes in process `syz.1.501'.
[  159.433386][ T6107] usb 7-1: media controller created
[  159.439931][ T6107] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  159.449716][ T6107] dvb-usb: bulk message failed: -22 (6/0)
[  159.451786][ T6107] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  159.456205][ T6107] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input13
[  159.469310][ T6107] dvb-usb: schedule remote query interval to 150 msecs.
[  159.471738][ T6107] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  159.626424][ T6107] usb 7-1: USB disconnect, device number 7
[  159.689739][ T6107] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  160.515177][ T6107] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  160.664716][ T6107] usb 6-1: Using ep0 maxpacket: 32
[  160.676227][ T6107] usb 6-1: config 0 has an invalid interface number: 119 but max is 0
[  160.679271][ T6107] usb 6-1: config 0 has no interface number 0
[  160.681271][ T6107] usb 6-1: config 0 interface 119 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  160.685176][ T6107] usb 6-1: config 0 interface 119 altsetting 0 has an endpoint descriptor with address 0xD3, changing to 0x83
[  160.689285][ T6107] usb 6-1: config 0 interface 119 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 2
[  160.692436][ T6107] usb 6-1: config 0 interface 119 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  160.699684][ T6107] usb 6-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73
[  160.704828][ T6107] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  160.707519][ T6107] usb 6-1: Product: syz
[  160.708888][ T6107] usb 6-1: Manufacturer: syz
[  160.710406][ T6107] usb 6-1: SerialNumber: syz
[  160.713942][ T6107] usb 6-1: config 0 descriptor??
[  160.716530][ T7819] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  160.721856][ T6107] input: bcm5974 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.119/input/input14
[  160.725911][ T5329] usb 6-1: BOGUS urb xfer, pipe 1 != type 3
[  160.856385][ T7843] FAULT_INJECTION: forcing a failure.
[  160.856385][ T7843] name failslab, interval 1, probability 0, space 0, times 0
[  160.860402][ T7843] CPU: 2 UID: 0 PID: 7843 Comm: syz.3.518 Not tainted syzkaller #0 PREEMPT(full) 
[  160.860417][ T7843] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  160.860424][ T7843] Call Trace:
[  160.860428][ T7843]  <TASK>
[  160.860432][ T7843]  dump_stack_lvl+0x100/0x190
[  160.860453][ T7843]  should_fail_ex.cold+0x5/0xa
[  160.860466][ T7843]  should_failslab+0xc2/0x120
[  160.860479][ T7843]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  160.860496][ T7843]  ? skb_clone+0x190/0x400
[  160.860512][ T7843]  skb_clone+0x190/0x400
[  160.860526][ T7843]  netlink_deliver_tap+0xaed/0xcc0
[  160.860541][ T7843]  ? __pfx_inet_dump_fib+0x10/0x10
[  160.860559][ T7843]  netlink_dump+0xa60/0xd30
[  160.860574][ T7843]  ? __pfx_netlink_dump+0x10/0x10
[  160.860587][ T7843]  ? __pfx___mutex_lock+0x10/0x10
[  160.860613][ T7843]  __netlink_dump_start+0x6d6/0x990
[  160.860629][ T7843]  ? __pfx_inet_dump_fib+0x10/0x10
[  160.860643][ T7843]  rtnetlink_rcv_msg+0xb3e/0xe90
[  160.860657][ T7843]  ? __pfx_inet_dump_fib+0x10/0x10
[  160.860673][ T7843]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  160.860687][ T7843]  ? __pfx_rtnl_dumpit+0x10/0x10
[  160.860704][ T7843]  ? __pfx_inet_dump_fib+0x10/0x10
[  160.860720][ T7843]  ? ref_tracker_free+0x37e/0x6c0
[  160.860734][ T7843]  netlink_rcv_skb+0x159/0x420
[  160.860749][ T7843]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  160.860764][ T7843]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  160.860784][ T7843]  ? netlink_deliver_tap+0x1ae/0xcc0
[  160.860801][ T7843]  netlink_unicast+0x5aa/0x870
[  160.860818][ T7843]  ? __pfx_netlink_unicast+0x10/0x10
[  160.860838][ T7843]  netlink_sendmsg+0x8b0/0xda0
[  160.860856][ T7843]  ? __pfx_netlink_sendmsg+0x10/0x10
[  160.860872][ T7843]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  160.860891][ T7843]  sock_write_iter+0x524/0x5a0
[  160.860920][ T7843]  ? __pfx_netlink_sendmsg+0x10/0x10
[  160.860935][ T7843]  ? __pfx_sock_write_iter+0x10/0x10
[  160.860951][ T7843]  ? get_pid_task+0xfc/0x250
[  160.860970][ T7843]  ? bpf_lsm_file_permission+0x9/0x10
[  160.860987][ T7843]  ? security_file_permission+0x76/0x210
[  160.861000][ T7843]  ? rw_verify_area+0xce/0x6d0
[  160.861017][ T7843]  vfs_write+0x6ac/0x1070
[  160.861035][ T7843]  ? __pfx_sock_write_iter+0x10/0x10
[  160.861066][ T7843]  ? __pfx_vfs_write+0x10/0x10
[  160.861083][ T7843]  ? find_held_lock+0x2b/0x80
[  160.861103][ T7843]  ksys_write+0x1f8/0x250
[  160.861113][ T7843]  ? __pfx_ksys_write+0x10/0x10
[  160.861122][ T7843]  ? __pfx_ksys_write+0x10/0x10
[  160.861135][ T7843]  __do_fast_syscall_32+0xe3/0x8c0
[  160.861151][ T7843]  do_fast_syscall_32+0x32/0x70
[  160.861166][ T7843]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  160.861180][ T7843] RIP: 0023:0xf704ef6c
[  160.861189][ T7843] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  160.861199][ T7843] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  160.861210][ T7843] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[  160.861217][ T7843] RDX: 0000000000000024 RSI: 0000000000000000 RDI: 0000000000000000
[  160.861223][ T7843] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  160.861229][ T7843] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  160.861235][ T7843] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  160.861249][ T7843]  </TASK>
[  161.080530][ T7847] FAULT_INJECTION: forcing a failure.
[  161.080530][ T7847] name failslab, interval 1, probability 0, space 0, times 0
[  161.084897][ T7847] CPU: 3 UID: 0 PID: 7847 Comm: syz.3.520 Not tainted syzkaller #0 PREEMPT(full) 
[  161.084913][ T7847] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  161.084919][ T7847] Call Trace:
[  161.084924][ T7847]  <TASK>
[  161.084929][ T7847]  dump_stack_lvl+0x100/0x190
[  161.084949][ T7847]  should_fail_ex.cold+0x5/0xa
[  161.084962][ T7847]  ? tomoyo_encode2+0xfb/0x3c0
[  161.084975][ T7847]  should_failslab+0xc2/0x120
[  161.084987][ T7847]  __kmalloc_noprof+0xe0/0x850
[  161.085003][ T7847]  ? d_absolute_path+0x136/0x1b0
[  161.085021][ T7847]  tomoyo_encode2+0xfb/0x3c0
[  161.085035][ T7847]  tomoyo_encode+0x29/0x50
[  161.085046][ T7847]  tomoyo_realpath_from_path+0x18c/0x690
[  161.085063][ T7847]  tomoyo_path_number_perm+0x23c/0x580
[  161.085080][ T7847]  ? tomoyo_path_number_perm+0x22e/0x580
[  161.085099][ T7847]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  161.085131][ T7847]  ? find_held_lock+0x2b/0x80
[  161.085141][ T7847]  ? hook_file_ioctl_common+0x146/0x410
[  161.085159][ T7847]  ? __fget_files+0x215/0x3d0
[  161.085172][ T7847]  ? __fget_files+0x21f/0x3d0
[  161.085184][ T7847]  security_file_ioctl_compat+0xd3/0x230
[  161.085204][ T7847]  __ia32_compat_sys_ioctl+0xc2/0x360
[  161.085222][ T7847]  __do_fast_syscall_32+0xe3/0x8c0
[  161.085239][ T7847]  do_fast_syscall_32+0x32/0x70
[  161.085254][ T7847]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  161.085268][ T7847] RIP: 0023:0xf704ef6c
[  161.085277][ T7847] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  161.085288][ T7847] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  161.085299][ T7847] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000000000125f
[  161.085306][ T7847] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  161.085312][ T7847] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  161.085323][ T7847] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  161.085329][ T7847] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  161.085343][ T7847]  </TASK>
[  161.085354][ T7847] ERROR: Out of memory at tomoyo_realpath_from_path.
[  161.224817][   T10] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[  161.276366][ T7855] FAULT_INJECTION: forcing a failure.
[  161.276366][ T7855] name failslab, interval 1, probability 0, space 0, times 0
[  161.281816][ T7855] CPU: 2 UID: 0 PID: 7855 Comm: syz.3.523 Not tainted syzkaller #0 PREEMPT(full) 
[  161.281839][ T7855] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  161.281850][ T7855] Call Trace:
[  161.281856][ T7855]  <TASK>
[  161.281864][ T7855]  dump_stack_lvl+0x100/0x190
[  161.281894][ T7855]  should_fail_ex.cold+0x5/0xa
[  161.281915][ T7855]  should_failslab+0xc2/0x120
[  161.281934][ T7855]  __kmalloc_cache_noprof+0x7a/0x6f0
[  161.281957][ T7855]  ? nf_tables_newtable+0xcff/0x19f0
[  161.281989][ T7855]  nf_tables_newtable+0xcff/0x19f0
[  161.282021][ T7855]  ? __pfx_nf_tables_newtable+0x10/0x10
[  161.282053][ T7855]  ? __nla_parse+0x40/0x60
[  161.282079][ T7855]  nfnetlink_rcv_batch+0x1418/0x2880
[  161.282112][ T7855]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  161.282130][ T7855]  ? find_held_lock+0x2b/0x80
[  161.282151][ T7855]  ? __local_bh_enable_ip+0x9e/0x120
[  161.282169][ T7855]  ? lockdep_hardirqs_on+0x78/0x100
[  161.282195][ T7855]  ? __dev_queue_xmit+0x8a0/0x4800
[  161.282260][ T7855]  ? __nla_parse+0x40/0x60
[  161.282284][ T7855]  nfnetlink_rcv+0x3bd/0x440
[  161.282302][ T7855]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  161.282327][ T7855]  netlink_unicast+0x5aa/0x870
[  161.282355][ T7855]  ? __pfx_netlink_unicast+0x10/0x10
[  161.282388][ T7855]  netlink_sendmsg+0x8b0/0xda0
[  161.282416][ T7855]  ? __pfx_netlink_sendmsg+0x10/0x10
[  161.282442][ T7855]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  161.282471][ T7855]  ____sys_sendmsg+0x9e1/0xb70
[  161.282495][ T7855]  ? __pfx_netlink_sendmsg+0x10/0x10
[  161.282520][ T7855]  ? __pfx_____sys_sendmsg+0x10/0x10
[  161.282558][ T7855]  ___sys_sendmsg+0x190/0x1e0
[  161.282586][ T7855]  ? __pfx____sys_sendmsg+0x10/0x10
[  161.282644][ T7855]  __sys_sendmsg+0x170/0x220
[  161.282665][ T7855]  ? __pfx___sys_sendmsg+0x10/0x10
[  161.282694][ T7855]  ? __pfx_ksys_write+0x10/0x10
[  161.282716][ T7855]  __do_fast_syscall_32+0xe3/0x8c0
[  161.282741][ T7855]  do_fast_syscall_32+0x32/0x70
[  161.282764][ T7855]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  161.282786][ T7855] RIP: 0023:0xf704ef6c
[  161.282801][ T7855] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  161.282817][ T7855] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  161.282855][ T7855] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000c40
[  161.282867][ T7855] RDX: 0000000000000080 RSI: 0000000000000000 RDI: 0000000000000000
[  161.282877][ T7855] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  161.282887][ T7855] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  161.282911][ T7855] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  161.282936][ T7855]  </TASK>
[  161.500399][   T10] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  161.504438][   T10] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  161.514930][   T10] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  161.518496][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.523353][   T10] usb 7-1: config 0 descriptor??
[  161.533271][   T10] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  161.538416][   T10] dvb-usb: bulk message failed: -22 (3/0)
[  161.547363][   T10] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  161.553184][   T10] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  161.556250][   T10] usb 7-1: media controller created
[  161.559475][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  161.567818][   T10] dvb-usb: bulk message failed: -22 (6/0)
[  161.569733][   T10] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  161.584235][   T10] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input15
[  161.601594][   T10] dvb-usb: schedule remote query interval to 150 msecs.
[  161.603857][   T10] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  161.743734][   T10] usb 7-1: USB disconnect, device number 8
[  161.760674][   T10] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  162.406639][ T7868] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT
[  162.410354][ T7868] FAULT_INJECTION: forcing a failure.
[  162.410354][ T7868] name failslab, interval 1, probability 0, space 0, times 0
[  162.414517][ T7868] CPU: 3 UID: 0 PID: 7868 Comm: syz.3.527 Not tainted syzkaller #0 PREEMPT(full) 
[  162.414532][ T7868] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  162.414539][ T7868] Call Trace:
[  162.414544][ T7868]  <TASK>
[  162.414549][ T7868]  dump_stack_lvl+0x100/0x190
[  162.414569][ T7868]  should_fail_ex.cold+0x5/0xa
[  162.414583][ T7868]  ? tomoyo_realpath_from_path+0xb6/0x690
[  162.414596][ T7868]  should_failslab+0xc2/0x120
[  162.414607][ T7868]  __kmalloc_noprof+0xe0/0x850
[  162.414639][ T7868]  tomoyo_realpath_from_path+0xb6/0x690
[  162.414657][ T7868]  tomoyo_path_number_perm+0x23c/0x580
[  162.414675][ T7868]  ? tomoyo_path_number_perm+0x22e/0x580
[  162.414693][ T7868]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  162.414726][ T7868]  ? find_held_lock+0x2b/0x80
[  162.414736][ T7868]  ? hook_file_ioctl_common+0x146/0x410
[  162.414754][ T7868]  ? __fget_files+0x215/0x3d0
[  162.414767][ T7868]  ? __fget_files+0x21f/0x3d0
[  162.414780][ T7868]  security_file_ioctl_compat+0xd3/0x230
[  162.414800][ T7868]  __ia32_compat_sys_ioctl+0xc2/0x360
[  162.414818][ T7868]  __do_fast_syscall_32+0xe3/0x8c0
[  162.414853][ T7868]  do_fast_syscall_32+0x32/0x70
[  162.414873][ T7868]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  162.414887][ T7868] RIP: 0023:0xf704ef6c
[  162.414897][ T7868] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  162.414907][ T7868] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  162.414918][ T7868] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000c2c45512
[  162.414925][ T7868] RDX: 0000000080000340 RSI: 0000000000000000 RDI: 0000000000000000
[  162.414931][ T7868] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  162.414938][ T7868] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  162.414944][ T7868] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  162.414958][ T7868]  </TASK>
[  162.481061][ T7868] ERROR: Out of memory at tomoyo_realpath_from_path.
[  163.073392][ T6107] usb 6-1: USB disconnect, device number 5
[  163.145059][  T844] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[  163.296750][  T844] usb 8-1: config 0 has no interfaces?
[  163.298579][  T844] usb 8-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00
[  163.301504][  T844] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.309390][  T844] usb 8-1: config 0 descriptor??
[  163.616894][ T6107] usb 7-1: new full-speed USB device number 9 using dummy_hcd
[  163.626336][   T71] usb 8-1: USB disconnect, device number 19
[  163.701726][ T7894] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  163.704704][ T7894] syzkaller0: entered promiscuous mode
[  163.707187][ T7894] syzkaller0: entered allmulticast mode
[  163.718390][ T7893] tipc: Resetting bearer <eth:syzkaller0>
[  163.729562][ T7893] tipc: Disabling bearer <eth:syzkaller0>
[  163.786225][ T6107] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  163.789608][ T6107] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  163.792576][ T6107] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  163.796223][ T6107] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.801095][ T6107] usb 7-1: config 0 descriptor??
[  163.807352][ T6107] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  163.809782][ T6107] dvb-usb: bulk message failed: -22 (3/0)
[  163.813788][ T6107] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  163.818484][ T6107] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  163.821571][ T6107] usb 7-1: media controller created
[  163.824579][ T6107] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  163.833197][ T6107] dvb-usb: bulk message failed: -22 (6/0)
[  163.835252][ T6107] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  163.839123][ T6107] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input16
[  163.845709][ T6107] dvb-usb: schedule remote query interval to 150 msecs.
[  163.848928][ T6107] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  164.008036][ T6107] dvb-usb: bulk message failed: -22 (1/0)
[  164.010072][ T6107] dvb-usb: error while querying for an remote control event.
[  164.015854][ T6107] usb 7-1: USB disconnect, device number 9
[  164.025589][ T6107] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  164.939750][ T7920] netlink: 4 bytes leftover after parsing attributes in process `syz.0.544'.
[  165.907766][ T7925] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  165.910110][ T7925] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  165.912611][ T7925] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  166.078659][ T7938] x_tables: duplicate underflow at hook 1
[  166.295356][ T6025] hid-generic 0006:0004:0009.0004: unknown main item tag 0x0
[  166.298119][ T6025] hid-generic 0006:0004:0009.0004: unknown main item tag 0x0
[  166.300915][ T6025] hid-generic 0006:0004:0009.0004: unknown main item tag 0x0
[  166.303602][   T29] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  166.306210][ T6025] hid-generic 0006:0004:0009.0004: unknown main item tag 0x0
[  166.449976][ T7947] netlink: 4 bytes leftover after parsing attributes in process `syz.2.553'.
[  166.601351][ T7955] netlink: 4 bytes leftover after parsing attributes in process `syz.2.554'.
[  167.114758][ T5949] Bluetooth: hci2: command 0x0c1a tx timeout
[  167.145593][ T6025] hid-generic 0006:0004:0009.0004: unknown main item tag 0x0
[  167.150420][ T6025] hid-generic 0006:0004:0009.0004: unknown main item tag 0x0
[  167.153697][ T6025] hid-generic 0006:0004:0009.0004: unknown main item tag 0x0
[  167.157401][ T6025] hid-generic 0006:0004:0009.0004: unknown main item tag 0x0
[  167.160286][ T6025] hid-generic 0006:0004:0009.0004: unknown main item tag 0x0
[  167.162821][ T6025] hid-generic 0006:0004:0009.0004: unknown main item tag 0x0
[  167.181277][ T6025] hid-generic 0006:0004:0009.0004: hidraw1: VIRTUAL HID v0.04 Device [syz1] on syz0
[  167.230298][ T7959] fido_id[7959]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  167.306425][   T29] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  167.310463][   T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  167.314251][   T29] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  167.925746][ T5949] Bluetooth: hci3: command 0x0c1a tx timeout
[  167.926321][ T5947] Bluetooth: hci1: command 0x0c1a tx timeout
[  167.928161][   T29] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  167.943897][   T29] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  167.947871][   T29] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  167.951323][   T29] usb 6-1: Manufacturer: syz
[  167.955686][   T29] usb 6-1: config 0 descriptor??
[  168.244134][ T7973] wg2 speed is unknown, defaulting to 1000
[  168.372763][   T29] appleir 0003:05AC:8243.0005: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  168.589185][ T7980] syz_tun: entered allmulticast mode
[  168.615738][ T7936] FAULT_INJECTION: forcing a failure.
[  168.615738][ T7936] name failslab, interval 1, probability 0, space 0, times 0
[  168.621347][ T7936] CPU: 3 UID: 0 PID: 7936 Comm: syz.1.549 Not tainted syzkaller #0 PREEMPT(full) 
[  168.621363][ T7936] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  168.621370][ T7936] Call Trace:
[  168.621374][ T7936]  <TASK>
[  168.621379][ T7936]  dump_stack_lvl+0x100/0x190
[  168.621399][ T7936]  should_fail_ex.cold+0x5/0xa
[  168.621413][ T7936]  ? usb_alloc_urb+0x66/0xa0
[  168.621430][ T7936]  should_failslab+0xc2/0x120
[  168.621442][ T7936]  __kmalloc_noprof+0xe0/0x850
[  168.621462][ T7936]  usb_alloc_urb+0x66/0xa0
[  168.621480][ T7936]  usb_control_msg+0x1d3/0x4a0
[  168.621492][ T7936]  ? __pfx_usb_control_msg+0x10/0x10
[  168.621507][ T7936]  usb_get_string+0xab/0x1a0
[  168.621521][ T7936]  usb_string_sub+0x103/0x3b0
[  168.621531][ T7936]  ? kasan_save_track+0x14/0x30
[  168.621550][ T7936]  usb_string+0x2ff/0x570
[  168.621563][ T7936]  hiddev_ioctl_string.constprop.0.isra.0+0xf3/0x210
[  168.621583][ T7936]  hiddev_ioctl+0x612/0x15b0
[  168.621602][ T7936]  ? __pfx_hiddev_ioctl+0x10/0x10
[  168.621622][ T7936]  ? find_held_lock+0x2b/0x80
[  168.621634][ T7936]  ? hook_file_ioctl_common+0x146/0x410
[  168.621656][ T7936]  ? __fget_files+0x21f/0x3d0
[  168.621668][ T7936]  ? __pfx_hiddev_ioctl+0x10/0x10
[  168.621684][ T7936]  compat_ptr_ioctl+0x6e/0xa0
[  168.621700][ T7936]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[  168.621715][ T7936]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  168.621733][ T7936]  __do_fast_syscall_32+0xe3/0x8c0
[  168.621756][ T7936]  do_fast_syscall_32+0x32/0x70
[  168.621770][ T7936]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  168.621785][ T7936] RIP: 0023:0xf706ef6c
[  168.621794][ T7936] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  168.621805][ T7936] RSP: 002b:00000000f545d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  168.621816][ T7936] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000081044804
[  168.621823][ T7936] RDX: 0000000080000400 RSI: 0000000000000000 RDI: 0000000000000000
[  168.621829][ T7936] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  168.621835][ T7936] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  168.621841][ T7936] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  168.621856][ T7936]  </TASK>
[  168.631681][ T7969] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  168.722125][ T7969] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  168.724544][ T7969] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  169.109515][ T7987] syzkaller0: entered promiscuous mode
[  169.113784][ T7987] syzkaller0: entered allmulticast mode
[  169.129070][ T7987] FAULT_INJECTION: forcing a failure.
[  169.129070][ T7987] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  169.134402][ T7987] CPU: 1 UID: 0 PID: 7987 Comm: syz.3.561 Not tainted syzkaller #0 PREEMPT(full) 
[  169.134424][ T7987] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  169.134433][ T7987] Call Trace:
[  169.134439][ T7987]  <TASK>
[  169.134444][ T7987]  dump_stack_lvl+0x100/0x190
[  169.134471][ T7987]  should_fail_ex.cold+0x5/0xa
[  169.134489][ T7987]  _copy_to_user+0x32/0xd0
[  169.134507][ T7987]  simple_read_from_buffer+0xcb/0x170
[  169.134538][ T7987]  proc_fail_nth_read+0x1af/0x230
[  169.134559][ T7987]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  169.134579][ T7987]  ? rw_verify_area+0xce/0x6d0
[  169.134600][ T7987]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  169.134618][ T7987]  vfs_read+0x1e4/0xb30
[  169.134660][ T7987]  ? __pfx_vfs_read+0x10/0x10
[  169.134685][ T7987]  ? find_held_lock+0x2b/0x80
[  169.134707][ T7987]  ? __fget_files+0x215/0x3d0
[  169.134726][ T7987]  ? __fget_files+0x21f/0x3d0
[  169.134748][ T7987]  ksys_read+0x12a/0x250
[  169.134773][ T7987]  ? __pfx_ksys_read+0x10/0x10
[  169.134829][ T7987]  do_int80_emulation+0x141/0x6b0
[  169.134857][ T7987]  asm_int80_emulation+0x1a/0x20
[  169.134876][ T7987] RIP: 0023:0xf7185cab
[  169.134905][ T7987] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  169.134923][ T7987] RSP: 002b:00000000f543d4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  169.134940][ T7987] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000f543d5d0
[  169.134952][ T7987] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  169.134963][ T7987] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  169.134973][ T7987] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  169.134983][ T7987] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  169.135007][ T7987]  </TASK>
[  169.142498][ T7985] wg2 speed is unknown, defaulting to 1000
[  169.417935][ T7991] netlink: 4 bytes leftover after parsing attributes in process `syz.3.562'.
[  169.586988][ T7994] netlink: 4 bytes leftover after parsing attributes in process `syz.2.563'.
[  169.788433][ T8001] trusted_key: encrypted_key: insufficient parameters specified
[  170.084824][ T5947] Bluetooth: hci2: command 0x0c1a tx timeout
[  170.794762][ T5949] Bluetooth: hci1: command 0x0c1a tx timeout
[  170.797033][ T5947] Bluetooth: hci3: command 0x0c1a tx timeout
[  171.008949][   T29] usb 6-1: USB disconnect, device number 6
[  171.945025][ T8025] netlink: 4 bytes leftover after parsing attributes in process `syz.2.572'.
[  172.118819][ T8028] netlink: 4 bytes leftover after parsing attributes in process `syz.0.573'.
[  172.247482][ T8037] FAULT_INJECTION: forcing a failure.
[  172.247482][ T8037] name failslab, interval 1, probability 0, space 0, times 0
[  172.251523][ T8037] CPU: 1 UID: 0 PID: 8037 Comm: syz.0.577 Not tainted syzkaller #0 PREEMPT(full) 
[  172.251538][ T8037] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  172.251544][ T8037] Call Trace:
[  172.251548][ T8037]  <TASK>
[  172.251553][ T8037]  dump_stack_lvl+0x100/0x190
[  172.251573][ T8037]  should_fail_ex.cold+0x5/0xa
[  172.251586][ T8037]  should_failslab+0xc2/0x120
[  172.251598][ T8037]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  172.251615][ T8037]  ? mm_alloc+0x1c/0xd0
[  172.251629][ T8037]  mm_alloc+0x1c/0xd0
[  172.251643][ T8037]  alloc_bprm+0x2af/0x710
[  172.251661][ T8037]  do_execveat_common.isra.0+0x19c/0x580
[  172.251679][ T8037]  ? do_getname+0x191/0x390
[  172.251694][ T8037]  __ia32_compat_sys_execve+0x9c/0xd0
[  172.251712][ T8037]  __do_fast_syscall_32+0xe3/0x8c0
[  172.251728][ T8037]  do_fast_syscall_32+0x32/0x70
[  172.251743][ T8037]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  172.251757][ T8037] RIP: 0023:0xf709ef6c
[  172.251766][ T8037] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  172.251778][ T8037] RSP: 002b:00000000f548d50c EFLAGS: 00000292 ORIG_RAX: 000000000000000b
[  172.251789][ T8037] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000000000
[  172.251796][ T8037] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  172.251802][ T8037] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  172.251808][ T8037] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  172.251814][ T8037] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  172.251827][ T8037]  </TASK>
[  172.289649][ T8039] netlink: 'syz.0.578': attribute type 10 has an invalid length.
[  172.475141][   T29] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[  172.628602][   T29] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  173.425008][   T29] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[  173.429653][   T29] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  173.433535][   T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.188279][   T29] usb 6-1: config 0 descriptor??
[  174.198132][   T29] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  174.201177][   T29] dvb-usb: bulk message failed: -22 (3/0)
[  174.207519][   T29] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  174.222126][   T29] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  174.246982][ T8053] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  174.249748][ T8053] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  174.253449][ T8053] vhci_hcd vhci_hcd.0: Device attached
[  174.262232][   T29] usb 6-1: media controller created
[  174.301195][   T29] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  174.344429][ T8054] vhci_hcd: connection closed
[  174.348262][  T220] vhci_hcd vhci_hcd.3: stop threads
[  174.352668][  T220] vhci_hcd vhci_hcd.3: release socket
[  174.364588][  T220] vhci_hcd vhci_hcd.3: disconnect device
[  174.370653][ T8053] netlink: 16 bytes leftover after parsing attributes in process `syz.3.581'.
[  174.422593][ T8065] netlink: 4 bytes leftover after parsing attributes in process `syz.2.584'.
[  174.468420][   T29] dvb-usb: bulk message failed: -22 (6/0)
[  174.482841][   T29] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  174.526998][ T8067] netlink: 4 bytes leftover after parsing attributes in process `syz.2.585'.
[  174.564833][   T29] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb6/6-1/input/input17
[  174.582137][   T29] dvb-usb: schedule remote query interval to 150 msecs.
[  174.585331][   T29] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  174.590303][   T29] usb 6-1: USB disconnect, device number 7
[  174.615835][   T29] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  174.658421][ T8042] netlink: 'syz.0.579': attribute type 4 has an invalid length.
[  174.694537][ T8071] FAULT_INJECTION: forcing a failure.
[  174.694537][ T8071] name failslab, interval 1, probability 0, space 0, times 0
[  174.701639][ T8071] CPU: 1 UID: 0 PID: 8071 Comm: syz.2.586 Not tainted syzkaller #0 PREEMPT(full) 
[  174.701656][ T8071] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  174.701663][ T8071] Call Trace:
[  174.701667][ T8071]  <TASK>
[  174.701671][ T8071]  dump_stack_lvl+0x100/0x190
[  174.701692][ T8071]  should_fail_ex.cold+0x5/0xa
[  174.701706][ T8071]  should_failslab+0xc2/0x120
[  174.701718][ T8071]  __kmalloc_cache_noprof+0x7a/0x6f0
[  174.701732][ T8071]  ? __inet_diag_dump_start+0x8e/0x8f0
[  174.701750][ T8071]  __inet_diag_dump_start+0x8e/0x8f0
[  174.701767][ T8071]  __netlink_dump_start+0x60e/0x990
[  174.701784][ T8071]  inet_diag_rcv_msg_compat+0x275/0x2d0
[  174.701800][ T8071]  ? __pfx_inet_diag_rcv_msg_compat+0x10/0x10
[  174.701814][ T8071]  ? __pfx_inet_diag_dump_start_compat+0x10/0x10
[  174.701827][ T8071]  ? __pfx_inet_diag_dump_compat+0x10/0x10
[  174.701841][ T8071]  ? __pfx_inet_diag_dump_done+0x10/0x10
[  174.701855][ T8071]  ? sock_diag_rcv_msg+0x33d/0x7a0
[  174.701866][ T8071]  ? sock_diag_rcv_msg+0x33d/0x7a0
[  174.701880][ T8071]  sock_diag_rcv_msg+0x375/0x7a0
[  174.701893][ T8071]  netlink_rcv_skb+0x159/0x420
[  174.701909][ T8071]  ? __pfx_sock_diag_rcv_msg+0x10/0x10
[  174.701921][ T8071]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  174.701942][ T8071]  ? netlink_deliver_tap+0x1ae/0xcc0
[  174.701958][ T8071]  netlink_unicast+0x5aa/0x870
[  174.701975][ T8071]  ? __pfx_netlink_unicast+0x10/0x10
[  174.701996][ T8071]  netlink_sendmsg+0x8b0/0xda0
[  174.702013][ T8071]  ? __pfx_netlink_sendmsg+0x10/0x10
[  174.702030][ T8071]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  174.702048][ T8071]  ____sys_sendmsg+0x9e1/0xb70
[  174.702065][ T8071]  ? __pfx_netlink_sendmsg+0x10/0x10
[  174.702081][ T8071]  ? __pfx_____sys_sendmsg+0x10/0x10
[  174.702109][ T8071]  ___sys_sendmsg+0x190/0x1e0
[  174.702128][ T8071]  ? __pfx____sys_sendmsg+0x10/0x10
[  174.702163][ T8071]  __sys_sendmsg+0x170/0x220
[  174.702177][ T8071]  ? __pfx___sys_sendmsg+0x10/0x10
[  174.702196][ T8071]  ? __pfx_ksys_write+0x10/0x10
[  174.702209][ T8071]  __do_fast_syscall_32+0xe3/0x8c0
[  174.702226][ T8071]  do_fast_syscall_32+0x32/0x70
[  174.702240][ T8071]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  174.702255][ T8071] RIP: 0023:0xf707ef6c
[  174.702265][ T8071] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  174.702276][ T8071] RSP: 002b:00000000f544c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  174.702287][ T8071] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000240
[  174.702294][ T8071] RDX: 0000000004000010 RSI: 0000000000000000 RDI: 0000000000000000
[  174.702300][ T8071] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  174.702306][ T8071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  174.702312][ T8071] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  174.702326][ T8071]  </TASK>
[  175.091379][ T8084] openvswitch: netlink: IP tunnel dst address not specified
[  175.227025][ T8095] netlink: 4 bytes leftover after parsing attributes in process `syz.2.594'.
[  175.388095][   T40] kauditd_printk_skb: 37 callbacks suppressed
[  175.388113][   T40] audit: type=1326 audit(1773175231.433:577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8086 comm="syz.1.592" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x7ffc0000
[  175.400425][   T40] audit: type=1326 audit(1773175231.433:578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8086 comm="syz.1.592" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x7ffc0000
[  175.412069][   T40] audit: type=1326 audit(1773175231.433:579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8086 comm="syz.1.592" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf706ef6c code=0x7ffc0000
[  175.421563][   T40] audit: type=1326 audit(1773175231.433:580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8086 comm="syz.1.592" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x7ffc0000
[  175.432492][ T8102] netlink: 'syz.2.596': attribute type 21 has an invalid length.
[  175.437257][   T40] audit: type=1326 audit(1773175231.433:581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8086 comm="syz.1.592" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x7ffc0000
[  175.447772][   T40] audit: type=1326 audit(1773175231.433:582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8086 comm="syz.1.592" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf706ef6c code=0x7ffc0000
[  175.457143][   T40] audit: type=1326 audit(1773175231.463:583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8086 comm="syz.1.592" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x7ffc0000
[  175.466514][   T40] audit: type=1326 audit(1773175231.463:584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8086 comm="syz.1.592" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x7ffc0000
[  175.475933][   T40] audit: type=1326 audit(1773175231.473:585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8086 comm="syz.1.592" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf706ef6c code=0x7ffc0000
[  175.485341][   T40] audit: type=1326 audit(1773175231.473:586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8086 comm="syz.1.592" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x7ffc0000
[  175.906202][ T8111] syzkaller1: entered promiscuous mode
[  175.908776][ T8111] syzkaller1: entered allmulticast mode
[  175.921635][ T8114] syzkaller0: entered promiscuous mode
[  175.927422][ T8114] syzkaller0: entered allmulticast mode
[  176.209663][ T8100] orangefs_mount: mount request failed with -4
[  176.219879][ T8122] netlink: 4 bytes leftover after parsing attributes in process `syz.0.604'.
[  176.305987][ T6107] usb 6-1: new full-speed USB device number 8 using dummy_hcd
[  176.486705][ T6107] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  176.487498][ T8133] syzkaller0: entered promiscuous mode
[  176.490943][ T6107] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[  176.493175][ T8133] syzkaller0: entered allmulticast mode
[  176.497599][ T6107] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  176.503756][ T6107] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.578835][ T6107] usb 6-1: config 0 descriptor??
[  176.583170][ T6107] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  176.587641][ T6107] dvb-usb: bulk message failed: -22 (3/0)
[  176.595027][ T6107] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  176.599664][ T6107] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  176.603208][ T6107] usb 6-1: media controller created
[  176.606670][ T6107] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  176.617500][ T6107] dvb-usb: bulk message failed: -22 (6/0)
[  176.627664][ T6107] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  176.641462][ T6107] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb6/6-1/input/input18
[  176.655043][ T6107] dvb-usb: schedule remote query interval to 150 msecs.
[  176.658940][ T6107] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  176.784261][ T6107] usb 6-1: USB disconnect, device number 8
[  176.821215][ T6107] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  177.280106][ T8127] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  177.515361][ T8144] syzkaller1: entered promiscuous mode
[  177.517781][ T8144] syzkaller1: entered allmulticast mode
[  177.659622][ T8154] syzkaller0: entered promiscuous mode
[  177.662088][ T8154] syzkaller0: entered allmulticast mode
[  177.668552][ T8154] FAULT_INJECTION: forcing a failure.
[  177.668552][ T8154] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  177.674290][ T8154] CPU: 2 UID: 0 PID: 8154 Comm: syz.2.611 Not tainted syzkaller #0 PREEMPT(full) 
[  177.674312][ T8154] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  177.674321][ T8154] Call Trace:
[  177.674327][ T8154]  <TASK>
[  177.674334][ T8154]  dump_stack_lvl+0x100/0x190
[  177.674361][ T8154]  should_fail_ex.cold+0x5/0xa
[  177.674385][ T8154]  _copy_to_user+0x32/0xd0
[  177.674404][ T8154]  simple_read_from_buffer+0xcb/0x170
[  177.674434][ T8154]  proc_fail_nth_read+0x1af/0x230
[  177.674458][ T8154]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  177.674479][ T8154]  ? rw_verify_area+0xce/0x6d0
[  177.674504][ T8154]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  177.674526][ T8154]  vfs_read+0x1e4/0xb30
[  177.674555][ T8154]  ? __pfx_vfs_read+0x10/0x10
[  177.674580][ T8154]  ? find_held_lock+0x2b/0x80
[  177.674599][ T8154]  ? __fget_files+0x215/0x3d0
[  177.674621][ T8154]  ? __fget_files+0x21f/0x3d0
[  177.674665][ T8154]  ksys_read+0x12a/0x250
[  177.674693][ T8154]  ? __pfx_ksys_read+0x10/0x10
[  177.674726][ T8154]  do_int80_emulation+0x141/0x6b0
[  177.674769][ T8154]  asm_int80_emulation+0x1a/0x20
[  177.674786][ T8154] RIP: 0023:0xf71b5cab
[  177.674802][ T8154] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  177.674818][ T8154] RSP: 002b:00000000f546d4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  177.674836][ T8154] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 00000000f546d5d0
[  177.674846][ T8154] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  177.674855][ T8154] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  177.674864][ T8154] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  177.674876][ T8154] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  177.674899][ T8154]  </TASK>
[  178.324749][ T6107] usb 7-1: new full-speed USB device number 10 using dummy_hcd
[  178.479214][ T6107] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  178.485198][ T6107] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[  178.491627][ T6107] usb 7-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  178.512067][ T6107] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  178.523463][ T6107] usb 7-1: config 0 descriptor??
[  178.530706][ T6107] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  178.533283][ T6107] dvb-usb: bulk message failed: -22 (3/0)
[  178.536854][ T6107] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  178.539905][ T6107] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  178.542235][ T6107] usb 7-1: media controller created
[  178.544788][ T6107] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  178.553006][ T6107] dvb-usb: bulk message failed: -22 (6/0)
[  178.555267][ T6107] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  178.609088][ T8171] FAULT_INJECTION: forcing a failure.
[  178.609088][ T8171] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  178.614017][ T8171] CPU: 1 UID: 0 PID: 8171 Comm: syz.0.621 Not tainted syzkaller #0 PREEMPT(full) 
[  178.614032][ T8171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  178.614039][ T8171] Call Trace:
[  178.614044][ T8171]  <TASK>
[  178.614048][ T8171]  dump_stack_lvl+0x100/0x190
[  178.614068][ T8171]  should_fail_ex.cold+0x5/0xa
[  178.614082][ T8171]  _copy_from_user+0x2e/0xd0
[  178.614093][ T8171]  get_compat_msghdr+0xb3/0x4b0
[  178.614111][ T8171]  ? __pfx_get_compat_msghdr+0x10/0x10
[  178.614134][ T8171]  ___sys_sendmsg+0x1b6/0x1e0
[  178.614152][ T8171]  ? __pfx____sys_sendmsg+0x10/0x10
[  178.614187][ T8171]  __sys_sendmsg+0x170/0x220
[  178.614201][ T8171]  ? __pfx___sys_sendmsg+0x10/0x10
[  178.614219][ T8171]  ? __pfx_ksys_write+0x10/0x10
[  178.614233][ T8171]  __do_fast_syscall_32+0xe3/0x8c0
[  178.614249][ T8171]  do_fast_syscall_32+0x32/0x70
[  178.614264][ T8171]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  178.614279][ T8171] RIP: 0023:0xf709ef6c
[  178.614287][ T8171] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  178.614298][ T8171] RSP: 002b:00000000f548d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  178.614309][ T8171] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000380
[  178.614316][ T8171] RDX: 000000000404c810 RSI: 0000000000000000 RDI: 0000000000000000
[  178.614322][ T8171] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  178.614328][ T8171] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  178.614334][ T8171] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  178.614348][ T8171]  </TASK>
[  178.616409][ T6107] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb7/7-1/input/input19
[  178.728113][ T6107] dvb-usb: schedule remote query interval to 150 msecs.
[  178.731026][ T6107] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  178.743418][ T6107] usb 7-1: USB disconnect, device number 10
[  178.816924][ T8181] binder: 8180:8181 ioctl 4018620d 0 returned -22
[  178.972762][ T6107] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  179.408629][ T8188] netlink: 4 bytes leftover after parsing attributes in process `syz.3.627'.
[  181.262892][ T8212] wg2 speed is unknown, defaulting to 1000
[  182.647233][ T8223] binder: 8222:8223 ioctl c0306201 0 returned -14
[  182.902553][ T8201] netlink: 4 bytes leftover after parsing attributes in process `syz.1.630'.
[  183.051044][ T8228] binder_alloc: binder_alloc_mmap_handler: 8227 80ffe000-81000000 already mapped failed -16
[  183.545673][ T8240] bridge0: port 2(bridge_slave_1) entered disabled state
[  183.549251][ T8240] bridge0: port 1(bridge_slave_0) entered disabled state
[  183.982958][ T8259] netlink: 'syz.1.646': attribute type 62 has an invalid length.
[  184.056363][ T8240] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  184.061134][ T8240] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  184.067128][ T5947] block nbd1: Receive control failed (result -107)
[  184.095104][ T8253] netlink: 4 bytes leftover after parsing attributes in process `syz.1.646'.
[  184.136327][ T8255] nbd1: detected capacity change from 0 to 18
[  184.140053][ T5948] block nbd1: Dead connection, failed to find a fallback
[  184.142474][ T5948] block nbd1: shutting down sockets
[  184.144358][ T5948] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  184.150743][ T5948] Buffer I/O error on dev nbd1, logical block 0, async page read
[  184.153431][ T5948] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  184.156606][ T5948] Buffer I/O error on dev nbd1, logical block 0, async page read
[  184.159254][ T5948] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  184.162357][ T5948] Buffer I/O error on dev nbd1, logical block 0, async page read
[  184.165133][ T5948] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  184.168504][ T5948] Buffer I/O error on dev nbd1, logical block 0, async page read
[  184.171165][ T5948] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  184.174263][ T5948] Buffer I/O error on dev nbd1, logical block 0, async page read
[  184.177451][ T5948] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  184.180524][ T5948] Buffer I/O error on dev nbd1, logical block 0, async page read
[  184.183181][ T5948] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  184.186438][ T5948] Buffer I/O error on dev nbd1, logical block 0, async page read
[  184.193965][ T5948] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  184.198834][ T5948] Buffer I/O error on dev nbd1, logical block 0, async page read
[  184.207330][ T5948] ldm_validate_partition_table(): Disk read failed.
[  184.210462][ T5948] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  184.214816][ T5948] Buffer I/O error on dev nbd1, logical block 0, async page read
[  184.229102][ T5948] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  184.234902][ T5948] Buffer I/O error on dev nbd1, logical block 0, async page read
[  184.238373][ T5948] Dev nbd1: unable to read RDB block 0
[  184.241186][ T5948]  nbd1: unable to read partition table
[  184.243428][ T5948] nbd1: partition table beyond EOD, truncated
[  184.249286][ T5948] ldm_validate_partition_table(): Disk read failed.
[  184.252404][ T5948] Dev nbd1: unable to read RDB block 0
[  184.254899][ T5948]  nbd1: unable to read partition table
[  184.257364][ T5948] nbd1: partition table beyond EOD, truncated
[  184.260032][ T8242] netlink: 8 bytes leftover after parsing attributes in process `syz.2.643'.
[  184.272772][   T41] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  184.282927][   T41] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  184.288121][   T41] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  184.291884][   T41] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  184.367860][ T8267] netlink: 8 bytes leftover after parsing attributes in process `syz.2.648'.
[  184.641686][ T5947] Bluetooth: hci1: ACL packet for unknown connection handle 200
[  184.753278][ T8285] FAULT_INJECTION: forcing a failure.
[  184.753278][ T8285] name failslab, interval 1, probability 0, space 0, times 0
[  184.758088][ T8285] CPU: 0 UID: 0 PID: 8285 Comm: syz.0.654 Not tainted syzkaller #0 PREEMPT(full) 
[  184.758104][ T8285] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  184.758110][ T8285] Call Trace:
[  184.758114][ T8285]  <TASK>
[  184.758118][ T8285]  dump_stack_lvl+0x100/0x190
[  184.758138][ T8285]  should_fail_ex.cold+0x5/0xa
[  184.758152][ T8285]  should_failslab+0xc2/0x120
[  184.758164][ T8285]  __kmalloc_node_track_caller_noprof+0xe3/0x850
[  184.758182][ T8285]  ? kasprintf+0xc7/0x100
[  184.758196][ T8285]  kvasprintf+0xbc/0x150
[  184.758207][ T8285]  ? __pfx_kvasprintf+0x10/0x10
[  184.758223][ T8285]  kasprintf+0xc7/0x100
[  184.758233][ T8285]  ? __pfx_kasprintf+0x10/0x10
[  184.758249][ T8285]  ? alloc_bprm+0x145/0x710
[  184.758266][ T8285]  alloc_bprm+0x453/0x710
[  184.758283][ T8285]  do_execveat_common.isra.0+0x19c/0x580
[  184.758300][ T8285]  ? do_getname+0x191/0x390
[  184.758315][ T8285]  __ia32_compat_sys_execveat+0xe4/0x130
[  184.758335][ T8285]  __do_fast_syscall_32+0xe3/0x8c0
[  184.758351][ T8285]  do_fast_syscall_32+0x32/0x70
[  184.758366][ T8285]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  184.758380][ T8285] RIP: 0023:0xf709ef6c
[  184.758389][ T8285] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  184.758400][ T8285] RSP: 002b:00000000f548d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000166
[  184.758411][ T8285] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000
[  184.758417][ T8285] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000001000
[  184.758424][ T8285] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  184.758430][ T8285] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  184.758436][ T8285] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  184.758449][ T8285]  </TASK>
[  184.915313][ T8296] netlink: 4 bytes leftover after parsing attributes in process `syz.0.657'.
[  185.171989][ T8301] wg2 speed is unknown, defaulting to 1000
[  185.258008][ T8305] ieee802154 phy1 wpan1: encryption failed: -22
[  187.202486][ T8317] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  187.205151][ T8317] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  187.207852][ T8317] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  187.669439][ T8334] ieee802154 phy1 wpan1: encryption failed: -22
[  187.683483][ T8337] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  187.686420][ T8337] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  187.690604][ T8337] vhci_hcd vhci_hcd.0: Device attached
[  187.903512][ T8338] vhci_hcd: connection closed
[  187.903789][  T181] vhci_hcd vhci_hcd.1: stop threads
[  187.910110][  T181] vhci_hcd vhci_hcd.1: release socket
[  187.912627][  T181] vhci_hcd vhci_hcd.1: disconnect device
[  188.101380][ T8347] FAULT_INJECTION: forcing a failure.
[  188.101380][ T8347] name failslab, interval 1, probability 0, space 0, times 0
[  188.106414][ T8347] CPU: 1 UID: 0 PID: 8347 Comm: syz.2.673 Not tainted syzkaller #0 PREEMPT(full) 
[  188.106435][ T8347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  188.106444][ T8347] Call Trace:
[  188.106450][ T8347]  <TASK>
[  188.106456][ T8347]  dump_stack_lvl+0x100/0x190
[  188.106486][ T8347]  should_fail_ex.cold+0x5/0xa
[  188.106505][ T8347]  should_failslab+0xc2/0x120
[  188.106521][ T8347]  __kmalloc_cache_noprof+0x7a/0x6f0
[  188.106541][ T8347]  ? binder_transaction+0x1c15/0x9ee0
[  188.106568][ T8347]  binder_transaction+0x1c15/0x9ee0
[  188.106610][ T8347]  ? __lock_acquire+0x4a5/0x2630
[  188.106631][ T8347]  ? __pfx_binder_transaction+0x10/0x10
[  188.106653][ T8347]  ? __lock_acquire+0x4a5/0x2630
[  188.106705][ T8347]  ? __lock_acquire+0x4a5/0x2630
[  188.106729][ T8347]  ? __lock_acquire+0x4a5/0x2630
[  188.106763][ T8347]  ? __lock_acquire+0x4a5/0x2630
[  188.106782][ T8347]  ? __lock_acquire+0x4a5/0x2630
[  188.106802][ T8347]  ? kernel_text_address+0x8d/0x100
[  188.106822][ T8347]  ? __pfx_widen_string+0x10/0x10
[  188.106852][ T8347]  ? find_held_lock+0x2b/0x80
[  188.106866][ T8347]  ? __might_fault+0xc5/0x140
[  188.106881][ T8347]  ? __might_fault+0xc5/0x140
[  188.106902][ T8347]  binder_thread_write+0x131f/0x4dd0
[  188.106920][ T8347]  ? kasan_save_free_info+0x3b/0x70
[  188.106937][ T8347]  ? __lock_acquire+0x4a5/0x2630
[  188.106950][ T8347]  ? __pfx_binder_thread_write+0x10/0x10
[  188.106967][ T8347]  ? binder_debug+0xe0/0x190
[  188.106980][ T8347]  ? __pfx_binder_debug+0x10/0x10
[  188.106994][ T8347]  ? binder_debug+0xe0/0x190
[  188.107007][ T8347]  ? __pfx_binder_debug+0x10/0x10
[  188.107028][ T8347]  ? __pfx_binder_ioctl+0x10/0x10
[  188.107043][ T8347]  binder_ioctl+0x2941/0x7610
[  188.107061][ T8347]  ? tomoyo_path_number_perm+0x28f/0x580
[  188.107079][ T8347]  ? tomoyo_path_number_perm+0x28f/0x580
[  188.107099][ T8347]  ? tomoyo_path_number_perm+0x188/0x580
[  188.107118][ T8347]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  188.107137][ T8347]  ? __pfx_binder_ioctl+0x10/0x10
[  188.107155][ T8347]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  188.107175][ T8347]  ? do_vfs_ioctl+0x226/0x13e0
[  188.107191][ T8347]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  188.107210][ T8347]  ? find_held_lock+0x2b/0x80
[  188.107220][ T8347]  ? hook_file_ioctl_common+0x146/0x410
[  188.107242][ T8347]  ? __fget_files+0x21f/0x3d0
[  188.107253][ T8347]  ? __pfx_binder_ioctl+0x10/0x10
[  188.107269][ T8347]  compat_ptr_ioctl+0x6e/0xa0
[  188.107284][ T8347]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[  188.107298][ T8347]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  188.107316][ T8347]  __do_fast_syscall_32+0xe3/0x8c0
[  188.107332][ T8347]  do_fast_syscall_32+0x32/0x70
[  188.107346][ T8347]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  188.107362][ T8347] RIP: 0023:0xf707ef6c
[  188.107371][ T8347] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  188.107381][ T8347] RSP: 002b:00000000f546d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  188.107392][ T8347] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201
[  188.107399][ T8347] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000
[  188.107405][ T8347] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  188.107411][ T8347] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  188.107417][ T8347] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  188.107431][ T8347]  </TASK>
[  188.365991][ T8349] overlayfs: workdir and upperdir must be separate subtrees
[  188.973573][ T8362] netlink: 8 bytes leftover after parsing attributes in process `syz.0.680'.
[  188.974507][ T8364] netlink: 20 bytes leftover after parsing attributes in process `syz.1.681'.
[  188.980865][ T8364] netlink: 12 bytes leftover after parsing attributes in process `syz.1.681'.
[  189.000053][ T8362] FAULT_INJECTION: forcing a failure.
[  189.000053][ T8362] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  189.005953][ T8362] CPU: 3 UID: 0 PID: 8362 Comm: syz.0.680 Not tainted syzkaller #0 PREEMPT(full) 
[  189.005975][ T8362] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  189.005985][ T8362] Call Trace:
[  189.005991][ T8362]  <TASK>
[  189.005998][ T8362]  dump_stack_lvl+0x100/0x190
[  189.006026][ T8362]  should_fail_ex.cold+0x5/0xa
[  189.006046][ T8362]  _copy_to_user+0x32/0xd0
[  189.006064][ T8362]  simple_read_from_buffer+0xcb/0x170
[  189.006091][ T8362]  proc_fail_nth_read+0x1af/0x230
[  189.006111][ T8362]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  189.006133][ T8362]  ? rw_verify_area+0xce/0x6d0
[  189.006156][ T8362]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  189.006175][ T8362]  vfs_read+0x1e4/0xb30
[  189.006202][ T8362]  ? __pfx_vfs_read+0x10/0x10
[  189.006225][ T8362]  ? find_held_lock+0x2b/0x80
[  189.006241][ T8362]  ? __fget_files+0x215/0x3d0
[  189.006260][ T8362]  ? __fget_files+0x21f/0x3d0
[  189.006282][ T8362]  ksys_read+0x12a/0x250
[  189.006305][ T8362]  ? __pfx_ksys_read+0x10/0x10
[  189.006337][ T8362]  do_int80_emulation+0x141/0x6b0
[  189.006361][ T8362]  asm_int80_emulation+0x1a/0x20
[  189.006379][ T8362] RIP: 0023:0xf71d5cab
[  189.006392][ T8362] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  189.006407][ T8362] RSP: 002b:00000000f548d4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  189.006424][ T8362] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000f548d5d0
[  189.006434][ T8362] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  189.006443][ T8362] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  189.006452][ T8362] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  189.006462][ T8362] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  189.006484][ T8362]  </TASK>
[  189.275849][ T5947] Bluetooth: hci2: command 0x0c1a tx timeout
[  189.282415][ T8373] random: crng reseeded on system resumption
[  189.307101][ T8372] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  189.354788][ T5947] Bluetooth: hci1: command 0x0c1a tx timeout
[  189.364931][ T5987] usb 6-1: new full-speed USB device number 9 using dummy_hcd
[  189.366527][ T5947] Bluetooth: hci3: command 0x0c1a tx timeout
[  189.465169][ T8382] FAULT_INJECTION: forcing a failure.
[  189.465169][ T8382] name failslab, interval 1, probability 0, space 0, times 0
[  189.472504][ T8382] CPU: 3 UID: 0 PID: 8382 Comm: syz.2.685 Not tainted syzkaller #0 PREEMPT(full) 
[  189.472526][ T8382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  189.472535][ T8382] Call Trace:
[  189.472541][ T8382]  <TASK>
[  189.472547][ T8382]  dump_stack_lvl+0x100/0x190
[  189.472574][ T8382]  should_fail_ex.cold+0x5/0xa
[  189.472587][ T8382]  should_failslab+0xc2/0x120
[  189.472600][ T8382]  __kmalloc_cache_noprof+0x7a/0x6f0
[  189.472615][ T8382]  ? fuse_dentry_init+0x45/0x100
[  189.472634][ T8382]  ? kmem_cache_alloc_lru_noprof+0x297/0x6e0
[  189.472650][ T8382]  ? __d_alloc+0x34/0xa80
[  189.472662][ T8382]  ? __pfx_fuse_dentry_init+0x10/0x10
[  189.472678][ T8382]  fuse_dentry_init+0x45/0x100
[  189.472692][ T8382]  ? __pfx_fuse_dentry_init+0x10/0x10
[  189.472707][ T8382]  __d_alloc+0x62b/0xa80
[  189.472720][ T8382]  d_alloc_parallel+0x111/0x14e0
[  189.472738][ T8382]  ? look_up_lock_class+0x55/0x120
[  189.472753][ T8382]  ? register_lock_class+0x40/0x560
[  189.472769][ T8382]  ? __pfx_d_alloc_parallel+0x10/0x10
[  189.472787][ T8382]  ? lockdep_init_map_type+0x5c/0x250
[  189.472802][ T8382]  ? lockdep_init_map_type+0x5c/0x250
[  189.472819][ T8382]  __lookup_slow+0x193/0x460
[  189.472833][ T8382]  ? __pfx___lookup_slow+0x10/0x10
[  189.472860][ T8382]  lookup_slow+0x50/0x70
[  189.472874][ T8382]  path_lookupat+0x5e8/0xc40
[  189.472893][ T8382]  filename_lookup+0x202/0x590
[  189.472910][ T8382]  ? kasan_save_track+0x14/0x30
[  189.472929][ T8382]  ? __pfx_filename_lookup+0x10/0x10
[  189.472962][ T8382]  filename_linkat+0x145/0x640
[  189.472977][ T8382]  ? __pfx_filename_linkat+0x10/0x10
[  189.472995][ T8382]  ? do_getname+0x191/0x390
[  189.473010][ T8382]  __ia32_sys_link+0x80/0xb0
[  189.473023][ T8382]  __do_fast_syscall_32+0xe3/0x8c0
[  189.473039][ T8382]  do_fast_syscall_32+0x32/0x70
[  189.473053][ T8382]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  189.473068][ T8382] RIP: 0023:0xf707ef6c
[  189.473077][ T8382] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  189.473088][ T8382] RSP: 002b:00000000f544c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000009
[  189.473099][ T8382] RAX: ffffffffffffffda RBX: 0000000080000280 RCX: 0000000080000400
[  189.473106][ T8382] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  189.473112][ T8382] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  189.473118][ T8382] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  189.473126][ T8382] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  189.473140][ T8382]  </TASK>
[  189.576280][ T5987] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  189.579515][ T5987] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  189.582858][ T5987] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  189.587406][ T5987] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  189.590397][ T5987] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.598208][ T5987] usbtmc 6-1:16.0: probe with driver usbtmc failed with error -22
[  189.624790][   T71] usb 8-1: new high-speed USB device number 20 using dummy_hcd
[  189.800813][   T71] usb 8-1: config 1 interface 0 altsetting 3 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  189.804600][   T71] usb 8-1: config 1 interface 0 altsetting 3 endpoint 0x81 has invalid wMaxPacketSize 0
[  189.808136][   T71] usb 8-1: config 1 interface 0 altsetting 3 bulk endpoint 0x82 has invalid maxpacket 64
[  189.811676][   T71] usb 8-1: config 1 interface 0 altsetting 3 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  189.816158][   T71] usb 8-1: config 1 interface 0 has no altsetting 0
[  189.820335][   T71] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  189.823628][   T71] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.826439][   T71] usb 8-1: Product: syz
[  189.828043][   T71] usb 8-1: Manufacturer: �唉谪Ꚁ▰꼮婘Ʞ磸垰਑��졳�딵ᛰﱮ㎕�잘蔊�젳芣��䇎톻ﶿﲾ﹭跫⿺礱橼㮪➵蟌✭먬⥲ច鵯陵埉�戕⧥蕼딱쯺糸욮�猻辒
[  189.835137][   T71] usb 8-1: SerialNumber: syz
[  189.841588][ T8373] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  189.844999][ T8373] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  190.443612][ T8395] netlink: 'syz.2.688': attribute type 2 has an invalid length.
[  190.455356][ T8395] ‚#{6c: entered promiscuous mode
[  190.461256][ T8395] netlink: 'syz.2.688': attribute type 2 has an invalid length.
[  190.465468][ T8395] ‚#{6c: left promiscuous mode
[  190.601052][ T8401] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  190.813213][ T8406] binder_alloc: binder_alloc_mmap_handler: 8405 80ffe000-81000000 already mapped failed -16
[  191.229304][ T8414] netlink: 'syz.2.696': attribute type 3 has an invalid length.
[  191.233091][ T8414] netlink: 'syz.2.696': attribute type 3 has an invalid length.
[  191.992920][ T1456] usb 6-1: USB disconnect, device number 9
[  192.081666][   T71] cdc_ether 8-1:1.0: probe with driver cdc_ether failed with error -22
[  192.088471][   T71] usb 8-1: USB disconnect, device number 20
[  192.157845][ T8430] binder_alloc: binder_alloc_mmap_handler: 8429 80ffe000-81000000 already mapped failed -16
[  192.192590][ T8432] netlink: 12 bytes leftover after parsing attributes in process `syz.3.704'.
[  192.195119][ T8434] netlink: 8 bytes leftover after parsing attributes in process `syz.1.702'.
[  192.385543][ T8441] batadv_slave_0: entered promiscuous mode
[  192.779111][ T8454] netlink: 4 bytes leftover after parsing attributes in process `syz.3.708'.
[  195.724558][ T8481] netlink: 4 bytes leftover after parsing attributes in process `syz.3.717'.
[  196.150556][ T8495] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  196.154138][ T8495] batadv_slave_0: entered promiscuous mode
[  196.574741][   T29] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  196.665281][ T8502] batman_adv: batadv0: Adding interface: gretap1
[  196.667665][ T8502] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  196.676773][ T8502] batman_adv: batadv0: Interface activated: gretap1
[  196.689118][ T8502] netlink: 52 bytes leftover after parsing attributes in process `syz.0.723'.
[  196.693596][ T8502] netlink: 4 bytes leftover after parsing attributes in process `syz.0.723'.
[  196.735332][   T29] usb 6-1: too many configurations: 9, using maximum allowed: 8
[  196.739670][   T29] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  196.743246][   T29] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  196.748890][   T29] usb 6-1: config 0 interface 0 has no altsetting 0
[  196.755106][   T29] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  196.759139][   T29] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  196.763900][   T29] usb 6-1: config 0 interface 0 has no altsetting 0
[  196.768055][   T29] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  196.772025][   T29] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  196.776909][   T29] usb 6-1: config 0 interface 0 has no altsetting 0
[  196.781156][   T29] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  196.785137][   T29] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  196.789890][   T29] usb 6-1: config 0 interface 0 has no altsetting 0
[  196.794049][   T29] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  196.798118][   T29] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  196.803229][   T29] usb 6-1: config 0 interface 0 has no altsetting 0
[  196.809313][   T29] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  196.813601][   T29] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  196.818419][   T29] usb 6-1: config 0 interface 0 has no altsetting 0
[  196.822303][   T29] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  196.826751][   T29] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  196.831730][   T29] usb 6-1: config 0 interface 0 has no altsetting 0
[  196.835940][   T29] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 9
[  196.840626][   T29] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  196.846105][   T29] usb 6-1: config 0 interface 0 has no altsetting 0
[  196.853470][   T29] usb 6-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  196.858415][   T29] usb 6-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  196.862585][   T29] usb 6-1: Product: syz
[  196.864928][   T29] usb 6-1: Manufacturer: syz
[  196.867046][   T29] usb 6-1: SerialNumber: syz
[  196.879176][   T29] usb 6-1: config 0 descriptor??
[  196.896554][   T29] yurex 6-1:0.0: USB YUREX device now attached to Yurex #0
[  196.987181][ T8509] netlink: 4 bytes leftover after parsing attributes in process `syz.0.726'.
[  197.272367][ T8517] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[  197.274579][ T8517] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  197.277660][ T8517] vhci_hcd vhci_hcd.0: Device attached
[  197.584767][   T71] usb 44-1: SetAddress Request (14) to port 0
[  197.587038][   T71] usb 44-1: new SuperSpeed USB device number 14 using vhci_hcd
[  197.710555][ T8518] vhci_hcd: connection reset by peer
[  197.712511][   T12] vhci_hcd vhci_hcd.3: stop threads
[  197.714235][   T12] vhci_hcd vhci_hcd.3: release socket
[  197.718275][   T12] vhci_hcd vhci_hcd.3: disconnect device
[  198.189099][ T8533] tmpfs: Bad value for 'mpol'
[  198.207564][ T8533] wg2 speed is unknown, defaulting to 1000
[  198.557237][ T8533] FAULT_INJECTION: forcing a failure.
[  198.557237][ T8533] name failslab, interval 1, probability 0, space 0, times 0
[  198.563121][ T8533] CPU: 3 UID: 0 PID: 8533 Comm: syz.0.732 Not tainted syzkaller #0 PREEMPT(full) 
[  198.563144][ T8533] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  198.563155][ T8533] Call Trace:
[  198.563162][ T8533]  <TASK>
[  198.563169][ T8533]  dump_stack_lvl+0x100/0x190
[  198.563199][ T8533]  should_fail_ex.cold+0x5/0xa
[  198.563221][ T8533]  should_failslab+0xc2/0x120
[  198.563240][ T8533]  __kvmalloc_node_noprof+0xfa/0xa00
[  198.563266][ T8533]  ? xt_alloc_table_info+0x44/0xa0
[  198.563298][ T8533]  xt_alloc_table_info+0x44/0xa0
[  198.563323][ T8533]  ip6t_register_table+0xaf/0x430
[  198.563351][ T8533]  ? __pfx_ip6t_register_table+0x10/0x10
[  198.563384][ T8533]  ? ip6t_alloc_initial_table+0x5ed/0x730
[  198.563412][ T8533]  ip6table_security_table_init+0x40/0x60
[  198.563440][ T8533]  xt_find_table_lock+0x2df/0x520
[  198.563472][ T8533]  xt_request_find_table_lock+0x28/0xf0
[  198.563501][ T8533]  get_info+0x196/0x5d0
[  198.563525][ T8533]  ? __pfx_get_info+0x10/0x10
[  198.563548][ T8533]  ? find_held_lock+0x2b/0x80
[  198.563563][ T8533]  ? __might_fault+0xc5/0x140
[  198.563591][ T8533]  ? lock_acquire+0x1cf/0x380
[  198.563618][ T8533]  ? rcu_is_watching+0x12/0xc0
[  198.563649][ T8533]  ? bpf_lsm_capable+0x9/0x10
[  198.563666][ T8533]  ? security_capable+0x80/0x260
[  198.563695][ T8533]  do_ip6t_get_ctl+0x169/0xa50
[  198.563719][ T8533]  ? __mutex_unlock_slowpath+0x15c/0x790
[  198.563744][ T8533]  ? __lock_acquire+0x4a5/0x2630
[  198.563765][ T8533]  ? __pfx_do_ip6t_get_ctl+0x10/0x10
[  198.563802][ T8533]  ? nf_sockopt_find.isra.0+0x222/0x290
[  198.563831][ T8533]  nf_getsockopt+0x7c/0xe0
[  198.563857][ T8533]  ipv6_getsockopt+0x207/0x2a0
[  198.563885][ T8533]  ? __pfx_ipv6_getsockopt+0x10/0x10
[  198.563907][ T8533]  ? find_held_lock+0x2b/0x80
[  198.563932][ T8533]  udpv6_getsockopt+0x61/0xb0
[  198.563950][ T8533]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  198.563974][ T8533]  do_sock_getsockopt+0x259/0x3d0
[  198.564000][ T8533]  ? __pfx_do_sock_getsockopt+0x10/0x10
[  198.564044][ T8533]  __sys_getsockopt+0x133/0x1d0
[  198.564067][ T8533]  ? ksys_write+0x1ac/0x250
[  198.564087][ T8533]  ? __ia32_sys_getsockopt+0xbc/0x160
[  198.564106][ T8533]  __ia32_sys_getsockopt+0xbc/0x160
[  198.564125][ T8533]  ? __do_fast_syscall_32+0x94/0x8c0
[  198.564147][ T8533]  ? lockdep_hardirqs_on+0x78/0x100
[  198.564167][ T8533]  __do_fast_syscall_32+0xe3/0x8c0
[  198.564193][ T8533]  do_fast_syscall_32+0x32/0x70
[  198.564215][ T8533]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  198.564237][ T8533] RIP: 0023:0xf709ef6c
[  198.564251][ T8533] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  198.564267][ T8533] RSP: 002b:00000000f548d50c EFLAGS: 00000292 ORIG_RAX: 000000000000016d
[  198.564284][ T8533] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000000000029
[  198.564294][ T8533] RDX: 0000000000000040 RSI: 0000000080000080 RDI: 0000000080000040
[  198.564305][ T8533] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  198.564315][ T8533] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  198.564325][ T8533] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  198.564349][ T8533]  </TASK>
[  198.829786][ T8542] FAULT_INJECTION: forcing a failure.
[  198.829786][ T8542] name failslab, interval 1, probability 0, space 0, times 0
[  198.835355][ T8542] CPU: 3 UID: 0 PID: 8542 Comm: syz.0.735 Not tainted syzkaller #0 PREEMPT(full) 
[  198.835377][ T8542] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  198.835387][ T8542] Call Trace:
[  198.835393][ T8542]  <TASK>
[  198.835400][ T8542]  dump_stack_lvl+0x100/0x190
[  198.835432][ T8542]  should_fail_ex.cold+0x5/0xa
[  198.835459][ T8542]  should_failslab+0xc2/0x120
[  198.835477][ T8542]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  198.835503][ T8542]  ? __alloc_skb+0x140/0x710
[  198.835528][ T8542]  __alloc_skb+0x140/0x710
[  198.835546][ T8542]  ? __alloc_skb+0x5b7/0x710
[  198.835565][ T8542]  ? __pfx___alloc_skb+0x10/0x10
[  198.835583][ T8542]  ? genl_rcv_msg+0x4be/0x800
[  198.835616][ T8542]  netlink_ack+0x117/0xb80
[  198.835647][ T8542]  netlink_rcv_skb+0x333/0x420
[  198.835670][ T8542]  ? __pfx_genl_rcv_msg+0x10/0x10
[  198.835697][ T8542]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  198.835730][ T8542]  ? netlink_deliver_tap+0x1ae/0xcc0
[  198.835757][ T8542]  genl_rcv+0x28/0x40
[  198.835779][ T8542]  netlink_unicast+0x5aa/0x870
[  198.835806][ T8542]  ? __pfx_netlink_unicast+0x10/0x10
[  198.835840][ T8542]  netlink_sendmsg+0x8b0/0xda0
[  198.835867][ T8542]  ? __pfx_netlink_sendmsg+0x10/0x10
[  198.835894][ T8542]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  198.835924][ T8542]  ____sys_sendmsg+0x9e1/0xb70
[  198.835947][ T8542]  ? __pfx_netlink_sendmsg+0x10/0x10
[  198.835972][ T8542]  ? __pfx_____sys_sendmsg+0x10/0x10
[  198.836010][ T8542]  ___sys_sendmsg+0x190/0x1e0
[  198.836039][ T8542]  ? __pfx____sys_sendmsg+0x10/0x10
[  198.836099][ T8542]  __sys_sendmsg+0x170/0x220
[  198.836122][ T8542]  ? __pfx___sys_sendmsg+0x10/0x10
[  198.836152][ T8542]  ? __pfx_ksys_write+0x10/0x10
[  198.836175][ T8542]  __do_fast_syscall_32+0xe3/0x8c0
[  198.836202][ T8542]  do_fast_syscall_32+0x32/0x70
[  198.836224][ T8542]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  198.836246][ T8542] RIP: 0023:0xf709ef6c
[  198.836260][ T8542] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  198.836276][ T8542] RSP: 002b:00000000f548d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  198.836294][ T8542] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180
[  198.836305][ T8542] RDX: 00000000040008c0 RSI: 0000000000000000 RDI: 0000000000000000
[  198.836315][ T8542] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  198.836324][ T8542] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  198.836334][ T8542] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  198.836359][ T8542]  </TASK>
[  199.064383][ T8549] netlink: 4 bytes leftover after parsing attributes in process `syz.0.738'.
[  199.098970][ T8553] binder: BINDER_SET_CONTEXT_MGR already set
[  199.101374][ T8553] binder: 8552:8553 ioctl 4018620d 80004a80 returned -16
[  199.198837][ T1415] ieee802154 phy1 wpan1: encryption failed: -22
[  199.241255][ T8558] binder_alloc: binder_alloc_mmap_handler: 8557 80ffe000-81000000 already mapped failed -16
[  199.501147][   T29] usb 6-1: USB disconnect, device number 10
[  199.523088][   T29] yurex 6-1:0.0: USB YUREX #0 now disconnected
[  199.637075][ T8565] netlink: 20 bytes leftover after parsing attributes in process `syz.1.743'.
[  199.768128][ T8563] netlink: 68 bytes leftover after parsing attributes in process `syz.0.744'.
[  199.849725][ T5948] udevd[5948]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  199.903728][ T8582] FAULT_INJECTION: forcing a failure.
[  199.903728][ T8582] name failslab, interval 1, probability 0, space 0, times 0
[  199.909100][ T8582] CPU: 1 UID: 0 PID: 8582 Comm: syz.3.747 Not tainted syzkaller #0 PREEMPT(full) 
[  199.909115][ T8582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  199.909123][ T8582] Call Trace:
[  199.909127][ T8582]  <TASK>
[  199.909131][ T8582]  dump_stack_lvl+0x100/0x190
[  199.909153][ T8582]  should_fail_ex.cold+0x5/0xa
[  199.909167][ T8582]  ? tomoyo_realpath_from_path+0xb6/0x690
[  199.909181][ T8582]  should_failslab+0xc2/0x120
[  199.909194][ T8582]  __kmalloc_noprof+0xe0/0x850
[  199.909214][ T8582]  tomoyo_realpath_from_path+0xb6/0x690
[  199.909232][ T8582]  tomoyo_path_number_perm+0x23c/0x580
[  199.909250][ T8582]  ? tomoyo_path_number_perm+0x22e/0x580
[  199.909270][ T8582]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  199.909305][ T8582]  ? find_held_lock+0x2b/0x80
[  199.909316][ T8582]  ? hook_file_ioctl_common+0x146/0x410
[  199.909335][ T8582]  ? __fget_files+0x215/0x3d0
[  199.909348][ T8582]  ? __fget_files+0x21f/0x3d0
[  199.909361][ T8582]  security_file_ioctl_compat+0xd3/0x230
[  199.909382][ T8582]  __ia32_compat_sys_ioctl+0xc2/0x360
[  199.909401][ T8582]  __do_fast_syscall_32+0xe3/0x8c0
[  199.909419][ T8582]  do_fast_syscall_32+0x32/0x70
[  199.909434][ T8582]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  199.909454][ T8582] RIP: 0023:0xf704ef6c
[  199.909468][ T8582] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  199.909482][ T8582] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  199.909520][ T8582] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0405668
[  199.909530][ T8582] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000
[  199.909541][ T8582] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  199.909551][ T8582] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  199.909560][ T8582] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  199.909585][ T8582]  </TASK>
[  199.909643][ T8582] ERROR: Out of memory at tomoyo_realpath_from_path.
[  199.965461][ T8584] input: syz0 as /devices/virtual/input/input20
[  200.049878][ T8589] binder_alloc: binder_alloc_mmap_handler: 8588 80ffe000-81000000 already mapped failed -16
[  200.127829][ T8584] [U] VÔ3¸ÂFÙ¾"SÇÁ/ÉÊ4:ÃXTZ“W¡T‘’LWµ«=
[  200.130511][ T8584] [U] J"—E:ÀÆ"


[  200.142710][ T8593] batman_adv: batadv0: Adding interface: gretap1
[  200.145802][ T8593] batman_adv: batadv0: Interface activated: gretap1
[  200.159412][ T8593] netlink: 52 bytes leftover after parsing attributes in process `syz.2.751'.
[  200.165384][ T8593] netlink: 4 bytes leftover after parsing attributes in process `syz.2.751'.
[  200.979755][ T8609] FAULT_INJECTION: forcing a failure.
[  200.979755][ T8609] name failslab, interval 1, probability 0, space 0, times 0
[  200.985909][ T8609] CPU: 2 UID: 0 PID: 8609 Comm: syz.0.756 Not tainted syzkaller #0 PREEMPT(full) 
[  200.985925][ T8609] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  200.985932][ T8609] Call Trace:
[  200.985948][ T8609]  <TASK>
[  200.985954][ T8609]  dump_stack_lvl+0x100/0x190
[  200.985976][ T8609]  should_fail_ex.cold+0x5/0xa
[  200.985990][ T8609]  should_failslab+0xc2/0x120
[  200.986002][ T8609]  __kmalloc_cache_noprof+0x7a/0x6f0
[  200.986017][ T8609]  ? binder_get_thread+0x201/0x850
[  200.986035][ T8609]  binder_get_thread+0x201/0x850
[  200.986051][ T8609]  binder_poll+0x3f/0x430
[  200.986067][ T8609]  ? __pfx_binder_poll+0x10/0x10
[  200.986081][ T8609]  do_select+0xd54/0x1850
[  200.986109][ T8609]  ? __pfx_do_select+0x10/0x10
[  200.986127][ T8609]  ? __pfx___pollwait+0x10/0x10
[  200.986146][ T8609]  ? __pfx_pollwake+0x10/0x10
[  200.986163][ T8609]  ? __pfx_pollwake+0x10/0x10
[  200.986181][ T8609]  ? __pfx_pollwake+0x10/0x10
[  200.986217][ T8609]  ? find_held_lock+0x2b/0x80
[  200.986228][ T8609]  ? compat_core_sys_select+0x1e6/0x8b0
[  200.986245][ T8609]  ? compat_core_sys_select+0x1e6/0x8b0
[  200.986265][ T8609]  ? compat_core_sys_select+0x68a/0x8b0
[  200.986281][ T8609]  compat_core_sys_select+0x68a/0x8b0
[  200.986302][ T8609]  ? __pfx_compat_core_sys_select+0x10/0x10
[  200.986319][ T8609]  ? rcu_is_watching+0x12/0xc0
[  200.986350][ T8609]  ? __pfx_set_compat_user_sigmask+0x10/0x10
[  200.986372][ T8609]  do_compat_pselect+0x27a/0x2b0
[  200.986391][ T8609]  ? __pfx_do_compat_pselect+0x10/0x10
[  200.986411][ T8609]  ? fput+0x79/0x100
[  200.986425][ T8609]  __ia32_compat_sys_pselect6_time32+0x16c/0x1e0
[  200.986440][ T8609]  __do_fast_syscall_32+0xe3/0x8c0
[  200.986462][ T8609]  do_fast_syscall_32+0x32/0x70
[  200.986487][ T8609]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  200.986505][ T8609] RIP: 0023:0xf709ef6c
[  200.986514][ T8609] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  200.986525][ T8609] RSP: 002b:00000000f546c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000134
[  200.986536][ T8609] RAX: ffffffffffffffda RBX: 0000000000000040 RCX: 00000000800001c0
[  200.986543][ T8609] RDX: 0000000000000000 RSI: 00000000800002c0 RDI: 0000000000000000
[  200.986549][ T8609] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  200.986555][ T8609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  200.986561][ T8609] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  200.986575][ T8609]  </TASK>
[  201.448675][ T8611] binder: BINDER_SET_CONTEXT_MGR already set
[  201.450767][ T8611] binder: 8610:8611 ioctl 4018620d 80004a80 returned -16
[  202.406885][ T8634] FAULT_INJECTION: forcing a failure.
[  202.406885][ T8634] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  202.412674][ T8634] CPU: 3 UID: 0 PID: 8634 Comm: syz.1.763 Not tainted syzkaller #0 PREEMPT(full) 
[  202.412697][ T8634] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  202.412707][ T8634] Call Trace:
[  202.412713][ T8634]  <TASK>
[  202.412720][ T8634]  dump_stack_lvl+0x100/0x190
[  202.412749][ T8634]  should_fail_ex.cold+0x5/0xa
[  202.412770][ T8634]  _copy_from_iter+0x1f4/0x1690
[  202.412790][ T8634]  ? __asan_memset+0x23/0x50
[  202.412814][ T8634]  ? __pfx__copy_from_iter+0x10/0x10
[  202.412830][ T8634]  ? __pfx___alloc_skb+0x10/0x10
[  202.412857][ T8634]  netlink_sendmsg+0x808/0xda0
[  202.412884][ T8634]  ? __pfx_netlink_sendmsg+0x10/0x10
[  202.412908][ T8634]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  202.412936][ T8634]  ____sys_sendmsg+0x9e1/0xb70
[  202.412959][ T8634]  ? __pfx_netlink_sendmsg+0x10/0x10
[  202.412982][ T8634]  ? __pfx_____sys_sendmsg+0x10/0x10
[  202.413018][ T8634]  ___sys_sendmsg+0x190/0x1e0
[  202.413046][ T8634]  ? __pfx____sys_sendmsg+0x10/0x10
[  202.413102][ T8634]  __sys_sendmsg+0x170/0x220
[  202.413124][ T8634]  ? __pfx___sys_sendmsg+0x10/0x10
[  202.413152][ T8634]  ? __pfx_ksys_write+0x10/0x10
[  202.413174][ T8634]  __do_fast_syscall_32+0xe3/0x8c0
[  202.413198][ T8634]  do_fast_syscall_32+0x32/0x70
[  202.413218][ T8634]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  202.413239][ T8634] RIP: 0023:0xf706ef6c
[  202.413254][ T8634] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  202.413270][ T8634] RSP: 002b:00000000f545d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  202.413285][ T8634] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000800001c0
[  202.413294][ T8634] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  202.413304][ T8634] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  202.413313][ T8634] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  202.413323][ T8634] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  202.413346][ T8634]  </TASK>
[  202.627640][ T8636] FAULT_INJECTION: forcing a failure.
[  202.627640][ T8636] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  202.644941][   T71] usb 44-1: device descriptor read/8, error -110
[  202.655955][ T8636] CPU: 1 UID: 0 PID: 8636 Comm: syz.3.764 Not tainted syzkaller #0 PREEMPT(full) 
[  202.655980][ T8636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  202.655996][ T8636] Call Trace:
[  202.656002][ T8636]  <TASK>
[  202.656009][ T8636]  dump_stack_lvl+0x100/0x190
[  202.656039][ T8636]  should_fail_ex.cold+0x5/0xa
[  202.656061][ T8636]  _copy_from_user+0x2e/0xd0
[  202.656082][ T8636]  memdup_user+0x6b/0xe0
[  202.656099][ T8636]  hidraw_send_report+0x1d6/0x410
[  202.656129][ T8636]  hidraw_write+0x98/0xe0
[  202.656152][ T8636]  vfs_write+0x2aa/0x1070
[  202.656180][ T8636]  ? __pfx_hidraw_write+0x10/0x10
[  202.656206][ T8636]  ? __pfx_vfs_write+0x10/0x10
[  202.656230][ T8636]  ? find_held_lock+0x2b/0x80
[  202.656246][ T8636]  ? __fget_files+0x215/0x3d0
[  202.656262][ T8636]  ? __fget_files+0x215/0x3d0
[  202.656282][ T8636]  ? __fget_files+0x21f/0x3d0
[  202.656306][ T8636]  ksys_write+0x12a/0x250
[  202.656322][ T8636]  ? __pfx_ksys_write+0x10/0x10
[  202.656337][ T8636]  ? __pfx_ksys_write+0x10/0x10
[  202.656359][ T8636]  __do_fast_syscall_32+0xe3/0x8c0
[  202.656386][ T8636]  do_fast_syscall_32+0x32/0x70
[  202.656408][ T8636]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  202.656429][ T8636] RIP: 0023:0xf704ef6c
[  202.656444][ T8636] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  202.656460][ T8636] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000004
[  202.656477][ T8636] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0
[  202.656487][ T8636] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000000
[  202.656496][ T8636] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  202.656506][ T8636] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  202.656516][ T8636] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  202.656540][ T8636]  </TASK>
[  202.709645][ T8648] fuse: Unknown parameter 'user_i0000000000000000000000000000000000000000'
[  202.793747][ T8653] binder: 8652:8653 ioctl c0306201 0 returned -14
[  202.843752][ T8656] batman_adv: batadv0: Adding interface: gretap1
[  202.846518][ T8656] batman_adv: batadv0: The MTU of interface gretap1 is too small (1250) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  202.858158][ T8656] batman_adv: batadv0: Interface activated: gretap1
[  203.049558][   T71] usb usb44-port1: attempt power cycle
[  203.187890][ T8673] netlink: 4 bytes leftover after parsing attributes in process `syz.2.776'.
[  203.655633][   T71] usb usb44-port1: unable to enumerate USB device
[  203.782228][ T8682] binder: 8681:8682 ioctl c0306201 0 returned -14
[  203.846665][ T8684] binder: 8683:8684 ioctl 89f8 80000000 returned -22
[  203.873843][ T8687] FAULT_INJECTION: forcing a failure.
[  203.873843][ T8687] name failslab, interval 1, probability 0, space 0, times 0
[  203.881478][ T8687] CPU: 0 UID: 0 PID: 8687 Comm: syz.1.782 Not tainted syzkaller #0 PREEMPT(full) 
[  203.881502][ T8687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  203.881519][ T8687] Call Trace:
[  203.881525][ T8687]  <TASK>
[  203.881532][ T8687]  dump_stack_lvl+0x100/0x190
[  203.881563][ T8687]  should_fail_ex.cold+0x5/0xa
[  203.881585][ T8687]  should_failslab+0xc2/0x120
[  203.881605][ T8687]  __kmalloc_cache_noprof+0x7a/0x6f0
[  203.881628][ T8687]  ? binder_transaction+0x1c15/0x9ee0
[  203.881659][ T8687]  binder_transaction+0x1c15/0x9ee0
[  203.881707][ T8687]  ? __lock_acquire+0x4a5/0x2630
[  203.881730][ T8687]  ? __pfx_binder_transaction+0x10/0x10
[  203.881756][ T8687]  ? __lock_acquire+0x4a5/0x2630
[  203.881784][ T8687]  ? __lock_acquire+0x4a5/0x2630
[  203.881812][ T8687]  ? __lock_acquire+0x4a5/0x2630
[  203.881852][ T8687]  ? __lock_acquire+0x4a5/0x2630
[  203.881874][ T8687]  ? __lock_acquire+0x4a5/0x2630
[  203.881896][ T8687]  ? kernel_text_address+0x8d/0x100
[  203.881920][ T8687]  ? __pfx_widen_string+0x10/0x10
[  203.881954][ T8687]  ? find_held_lock+0x2b/0x80
[  203.881969][ T8687]  ? __might_fault+0xc5/0x140
[  203.881992][ T8687]  ? __might_fault+0xc5/0x140
[  203.882025][ T8687]  binder_thread_write+0x9f2/0x4dd0
[  203.882053][ T8687]  ? kasan_save_free_info+0x3b/0x70
[  203.882080][ T8687]  ? __lock_acquire+0x4a5/0x2630
[  203.882100][ T8687]  ? __pfx_binder_thread_write+0x10/0x10
[  203.882126][ T8687]  ? binder_debug+0xe0/0x190
[  203.882147][ T8687]  ? __pfx_binder_debug+0x10/0x10
[  203.882176][ T8687]  ? __might_fault+0xc5/0x140
[  203.882216][ T8687]  ? __pfx_binder_ioctl+0x10/0x10
[  203.882240][ T8687]  binder_ioctl+0x2941/0x7610
[  203.882268][ T8687]  ? tomoyo_path_number_perm+0x28f/0x580
[  203.882295][ T8687]  ? tomoyo_path_number_perm+0x28f/0x580
[  203.882327][ T8687]  ? tomoyo_path_number_perm+0x188/0x580
[  203.882356][ T8687]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  203.882384][ T8687]  ? __pfx_binder_ioctl+0x10/0x10
[  203.882415][ T8687]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  203.882444][ T8687]  ? do_vfs_ioctl+0x226/0x13e0
[  203.882469][ T8687]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  203.882498][ T8687]  ? find_held_lock+0x2b/0x80
[  203.882518][ T8687]  ? hook_file_ioctl_common+0x146/0x410
[  203.882549][ T8687]  ? __fget_files+0x21f/0x3d0
[  203.882566][ T8687]  ? __pfx_binder_ioctl+0x10/0x10
[  203.882614][ T8687]  compat_ptr_ioctl+0x6e/0xa0
[  203.882636][ T8687]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[  203.882657][ T8687]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  203.882683][ T8687]  __do_fast_syscall_32+0xe3/0x8c0
[  203.882708][ T8687]  do_fast_syscall_32+0x32/0x70
[  203.882729][ T8687]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  203.882751][ T8687] RIP: 0023:0xf706ef6c
[  203.882765][ T8687] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  203.882782][ T8687] RSP: 002b:00000000f545d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  203.882799][ T8687] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000c0306201
[  203.882810][ T8687] RDX: 0000000080004a40 RSI: 0000000000000000 RDI: 0000000000000000
[  203.882821][ T8687] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  203.882831][ T8687] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  203.882841][ T8687] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  203.882865][ T8687]  </TASK>
[  204.246975][ T8705] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  204.249700][ T8705] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 1th superblock
[  204.253982][ T8707] netlink: 216 bytes leftover after parsing attributes in process `syz.1.789'.
[  204.257764][ T8707] netlink: 'syz.1.789': attribute type 2 has an invalid length.
[  204.260774][ T8707] FAULT_INJECTION: forcing a failure.
[  204.260774][ T8707] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  204.265536][ T8705] F2FS-fs (nullb0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  204.268118][ T8705] F2FS-fs (nullb0): Can't find valid F2FS filesystem in 2th superblock
[  204.271222][ T8707] CPU: 2 UID: 0 PID: 8707 Comm: syz.1.789 Not tainted syzkaller #0 PREEMPT(full) 
[  204.271237][ T8707] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  204.271244][ T8707] Call Trace:
[  204.271247][ T8707]  <TASK>
[  204.271251][ T8707]  dump_stack_lvl+0x100/0x190
[  204.271271][ T8707]  should_fail_ex.cold+0x5/0xa
[  204.271285][ T8707]  _copy_to_user+0x32/0xd0
[  204.271298][ T8707]  simple_read_from_buffer+0xcb/0x170
[  204.271317][ T8707]  proc_fail_nth_read+0x1af/0x230
[  204.271331][ T8707]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  204.271346][ T8707]  ? rw_verify_area+0xce/0x6d0
[  204.271362][ T8707]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  204.271375][ T8707]  vfs_read+0x1e4/0xb30
[  204.271394][ T8707]  ? __pfx_vfs_read+0x10/0x10
[  204.271410][ T8707]  ? find_held_lock+0x2b/0x80
[  204.271421][ T8707]  ? __fget_files+0x215/0x3d0
[  204.271433][ T8707]  ? __fget_files+0x21f/0x3d0
[  204.271447][ T8707]  ksys_read+0x12a/0x250
[  204.271464][ T8707]  ? __pfx_ksys_read+0x10/0x10
[  204.271486][ T8707]  do_int80_emulation+0x141/0x6b0
[  204.271502][ T8707]  asm_int80_emulation+0x1a/0x20
[  204.271514][ T8707] RIP: 0023:0xf71a5cab
[  204.271522][ T8707] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  204.271535][ T8707] RSP: 002b:00000000f545d4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  204.271546][ T8707] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f545d5d0
[  204.271552][ T8707] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  204.271559][ T8707] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  204.271565][ T8707] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  204.271571][ T8707] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  204.271585][ T8707]  </TASK>
[  204.343153][ T8705] capability: warning: `syz.2.787' uses deprecated v2 capabilities in a way that may be insecure
[  204.417009][ T8712] batman_adv: batadv0: Adding interface: gretap1
[  204.420002][ T8712] batman_adv: batadv0: Interface activated: gretap1
[  204.999633][ T8717] binder_alloc: binder_alloc_mmap_handler: 8716 80ffe000-81000000 already mapped failed -16
[  205.336507][ T8724] random: crng reseeded on system resumption
[  205.584104][ T8743] tmpfs: Bad value for 'mpol'
[  205.589545][ T8741] overlayfs: failed to resolve './file2': -2
[  205.640785][ T8743] wg2 speed is unknown, defaulting to 1000
[  206.369101][ T8760] binder_alloc: binder_alloc_mmap_handler: 8759 80ffe000-81000000 already mapped failed -16
[  206.454506][ T8764] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  207.134971][ T5949] block nbd0: Receive control failed (result -32)
[  207.136849][ T8763] block nbd0: shutting down sockets
[  207.574802][   T71] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  207.734824][   T71] usb 6-1: Using ep0 maxpacket: 16
[  207.756685][   T71] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  207.761210][   T71] usb 6-1: config 0 interface 0 has no altsetting 0
[  207.777261][   T71] usb 6-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  207.781086][   T71] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  207.784508][   T71] usb 6-1: Product: syz
[  207.786517][   T71] usb 6-1: Manufacturer: syz
[  207.789498][   T71] usb 6-1: SerialNumber: syz
[  207.797463][   T71] usb 6-1: config 0 descriptor??
[  208.153745][ T8799] binder_alloc: binder_alloc_mmap_handler: 8798 80ffe000-81000000 already mapped failed -16
[  208.748735][ T8814] syz.0.817 (8814): drop_caches: 2
[  209.095010][ T8818] FAULT_INJECTION: forcing a failure.
[  209.095010][ T8818] name failslab, interval 1, probability 0, space 0, times 0
[  209.099970][ T8818] CPU: 3 UID: 0 PID: 8818 Comm: syz.3.818 Not tainted syzkaller #0 PREEMPT(full) 
[  209.099990][ T8818] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  209.099999][ T8818] Call Trace:
[  209.100004][ T8818]  <TASK>
[  209.100010][ T8818]  dump_stack_lvl+0x100/0x190
[  209.100036][ T8818]  should_fail_ex.cold+0x5/0xa
[  209.100054][ T8818]  should_failslab+0xc2/0x120
[  209.100070][ T8818]  __kmalloc_cache_noprof+0x7a/0x6f0
[  209.100088][ T8818]  ? fuse_file_alloc+0x51/0x2d0
[  209.100105][ T8818]  ? __pfx_hook_file_open+0x10/0x10
[  209.100124][ T8818]  fuse_file_alloc+0x51/0x2d0
[  209.100139][ T8818]  ? apparmor_file_open+0x1a6/0xb70
[  209.100161][ T8818]  fuse_file_open+0x249/0x820
[  209.100178][ T8818]  ? __pfx_apparmor_file_open+0x10/0x10
[  209.100200][ T8818]  fuse_open+0x229/0x9d0
[  209.100219][ T8818]  do_dentry_open+0x6d8/0x1660
[  209.100233][ T8818]  ? __pfx_fuse_open+0x10/0x10
[  209.100253][ T8818]  vfs_open+0x82/0x3f0
[  209.100273][ T8818]  path_openat+0x208c/0x31a0
[  209.100295][ T8818]  ? __pfx_path_openat+0x10/0x10
[  209.100312][ T8818]  ? stack_trace_save+0x8e/0xc0
[  209.100325][ T8818]  ? __pfx_stack_trace_save+0x10/0x10
[  209.100341][ T8818]  do_file_open+0x20e/0x430
[  209.100357][ T8818]  ? __pfx_do_file_open+0x10/0x10
[  209.100371][ T8818]  ? kasan_save_stack+0x30/0x50
[  209.100391][ T8818]  ? kasan_save_track+0x14/0x30
[  209.100412][ T8818]  ? __kasan_slab_alloc+0x89/0x90
[  209.100446][ T8818]  do_open_execat+0xd1/0x360
[  209.100467][ T8818]  ? __pfx_do_open_execat+0x10/0x10
[  209.100488][ T8818]  ? __might_fault+0xc5/0x140
[  209.100507][ T8818]  ? __might_fault+0xc5/0x140
[  209.100531][ T8818]  alloc_bprm+0x2d/0x710
[  209.100552][ T8818]  do_execveat_common.isra.0+0x19c/0x580
[  209.100574][ T8818]  ? do_getname+0x191/0x390
[  209.100593][ T8818]  __ia32_compat_sys_execveat+0xe4/0x130
[  209.100630][ T8818]  __do_fast_syscall_32+0xe3/0x8c0
[  209.100651][ T8818]  do_fast_syscall_32+0x32/0x70
[  209.100669][ T8818]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  209.100687][ T8818] RIP: 0023:0xf704ef6c
[  209.100699][ T8818] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  209.100713][ T8818] RSP: 002b:00000000f541c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000166
[  209.100728][ T8818] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080001400
[  209.100737][ T8818] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  209.100746][ T8818] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  209.100753][ T8818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  209.100762][ T8818] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  209.100781][ T8818]  </TASK>
[  209.412471][ T8822] FAULT_INJECTION: forcing a failure.
[  209.412471][ T8822] name failslab, interval 1, probability 0, space 0, times 0
[  209.417497][ T8822] CPU: 0 UID: 0 PID: 8822 Comm: syz.2.820 Not tainted syzkaller #0 PREEMPT(full) 
[  209.417519][ T8822] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  209.417528][ T8822] Call Trace:
[  209.417534][ T8822]  <TASK>
[  209.417541][ T8822]  dump_stack_lvl+0x100/0x190
[  209.417569][ T8822]  should_fail_ex.cold+0x5/0xa
[  209.417587][ T8822]  should_failslab+0xc2/0x120
[  209.417605][ T8822]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  209.417627][ T8822]  ? alloc_empty_file+0x55/0x1c0
[  209.417650][ T8822]  alloc_empty_file+0x55/0x1c0
[  209.417669][ T8822]  alloc_file_pseudo+0x13a/0x230
[  209.417690][ T8822]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  209.417711][ T8822]  ? hugetlbfs_get_inode+0x36e/0x750
[  209.417728][ T8822]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  209.417752][ T8822]  hugetlb_file_setup+0x2a8/0x5b0
[  209.417773][ T8822]  ksys_mmap_pgoff+0x232/0x650
[  209.417790][ T8822]  ? fput+0x79/0x100
[  209.417808][ T8822]  ? __pfx_ksys_mmap_pgoff+0x10/0x10
[  209.417824][ T8822]  ? __pfx_ksys_write+0x10/0x10
[  209.417844][ T8822]  __do_fast_syscall_32+0xe3/0x8c0
[  209.417867][ T8822]  do_fast_syscall_32+0x32/0x70
[  209.417887][ T8822]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  209.417908][ T8822] RIP: 0023:0xf707ef6c
[  209.417921][ T8822] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  209.417937][ T8822] RSP: 002b:00000000f546d50c EFLAGS: 00000292 ORIG_RAX: 00000000000000c0
[  209.417953][ T8822] RAX: ffffffffffffffda RBX: 0000000080400000 RCX: 0000000000c00000
[  209.417964][ T8822] RDX: 000000000400000d RSI: 000000000005d031 RDI: 00000000ffffffff
[  209.417974][ T8822] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  209.417984][ T8822] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  209.417993][ T8822] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  209.418020][ T8822]  </TASK>
[  210.349698][   T71] usb 6-1: USB disconnect, device number 11
[  210.442634][ T8847] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  211.669651][ T8870] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6)
[  211.672591][ T8870] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  211.677852][ T8870] vhci_hcd vhci_hcd.0: Device attached
[  211.703438][ T8870] random: crng reseeded on system resumption
[  211.954767][ T5987] usb 38-1: SetAddress Request (14) to port 0
[  211.957324][ T5987] usb 38-1: new SuperSpeed USB device number 14 using vhci_hcd
[  212.173684][ T8871] vhci_hcd: connection reset by peer
[  212.176691][  T181] vhci_hcd vhci_hcd.0: stop threads
[  212.179177][  T181] vhci_hcd vhci_hcd.0: release socket
[  212.183301][  T181] vhci_hcd vhci_hcd.0: disconnect device
[  212.512581][   T40] kauditd_printk_skb: 13 callbacks suppressed
[  212.512599][   T40] audit: type=1326 audit(1773175268.553:600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8873 comm="syz.1.835" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x7fc00000
[  212.569159][   T40] audit: type=1326 audit(1773175268.553:601): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8873 comm="syz.1.835" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf706ef6c code=0x7fc00000
[  212.595155][   T40] audit: type=1326 audit(1773175268.553:602): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8873 comm="syz.1.835" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x7fc00000
[  212.737052][   T40] audit: type=1326 audit(1773175268.553:603): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8873 comm="syz.1.835" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x7fc00000
[  212.752942][   T40] audit: type=1326 audit(1773175268.553:604): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8873 comm="syz.1.835" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x7fc00000
[  212.771370][   T40] audit: type=1326 audit(1773175268.553:605): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8873 comm="syz.1.835" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706ef6c code=0x7fc00000
[  212.948566][ T8891] FAULT_INJECTION: forcing a failure.
[  212.948566][ T8891] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  212.954472][ T8891] CPU: 2 UID: 0 PID: 8891 Comm: syz.1.840 Not tainted syzkaller #0 PREEMPT(full) 
[  212.954494][ T8891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  212.954504][ T8891] Call Trace:
[  212.954511][ T8891]  <TASK>
[  212.954518][ T8891]  dump_stack_lvl+0x100/0x190
[  212.954570][ T8891]  should_fail_ex.cold+0x5/0xa
[  212.954591][ T8891]  _copy_from_user+0x2e/0xd0
[  212.954610][ T8891]  get_compat_msghdr+0xb3/0x4b0
[  212.954649][ T8891]  ? __pfx_get_compat_msghdr+0x10/0x10
[  212.954672][ T8891]  ? ___sys_recvmsg+0x177/0x1a0
[  212.954697][ T8891]  ? kfree+0x2ec/0x6b0
[  212.954723][ T8891]  ___sys_recvmsg+0x193/0x1a0
[  212.954750][ T8891]  ? __pfx____sys_recvmsg+0x10/0x10
[  212.954781][ T8891]  ? find_held_lock+0x2b/0x80
[  212.954807][ T8891]  ? __pfx___might_resched+0x10/0x10
[  212.954837][ T8891]  do_recvmmsg+0x563/0x760
[  212.954868][ T8891]  ? __pfx_do_recvmmsg+0x10/0x10
[  212.954897][ T8891]  ? ksys_write+0x190/0x250
[  212.954912][ T8891]  ? ksys_write+0x190/0x250
[  212.954938][ T8891]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  212.954967][ T8891]  __sys_recvmmsg+0x21f/0x270
[  212.954990][ T8891]  ? __pfx___sys_recvmmsg+0x10/0x10
[  212.955013][ T8891]  ? ksys_write+0x1ac/0x250
[  212.955033][ T8891]  __ia32_compat_sys_recvmmsg_time32+0xc4/0x160
[  212.955055][ T8891]  ? __do_fast_syscall_32+0x94/0x8c0
[  212.955077][ T8891]  ? lockdep_hardirqs_on+0x78/0x100
[  212.955098][ T8891]  __do_fast_syscall_32+0xe3/0x8c0
[  212.955123][ T8891]  do_fast_syscall_32+0x32/0x70
[  212.955144][ T8891]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  212.955167][ T8891] RIP: 0023:0xf706ef6c
[  212.955182][ T8891] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  212.955198][ T8891] RSP: 002b:00000000f545d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000151
[  212.955216][ T8891] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000840
[  212.955226][ T8891] RDX: 0000000000000414 RSI: 0000000000000406 RDI: 0000000000000000
[  212.955237][ T8891] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  212.955247][ T8891] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  212.955256][ T8891] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  212.955280][ T8891]  </TASK>
[  213.107417][ T8895] IPVS: stopping master sync thread 8896 ...
[  213.311852][   T40] audit: type=1326 audit(1773175269.353:606): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8893 comm="syz.0.841" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  213.321399][   T40] audit: type=1326 audit(1773175269.363:607): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8893 comm="syz.0.841" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  213.330918][ T8908] FAULT_INJECTION: forcing a failure.
[  213.330918][ T8908] name failslab, interval 1, probability 0, space 0, times 0
[  213.341676][ T8908] CPU: 3 UID: 0 PID: 8908 Comm: syz.3.845 Not tainted syzkaller #0 PREEMPT(full) 
[  213.341692][ T8908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  213.341699][ T8908] Call Trace:
[  213.341703][ T8908]  <TASK>
[  213.341707][ T8908]  dump_stack_lvl+0x100/0x190
[  213.341728][ T8908]  should_fail_ex.cold+0x5/0xa
[  213.341742][ T8908]  should_failslab+0xc2/0x120
[  213.341754][ T8908]  __kmalloc_cache_noprof+0x7a/0x6f0
[  213.341769][ T8908]  ? __request_module+0x2b7/0x6c0
[  213.341797][ T8908]  ? lockdep_hardirqs_on+0x78/0x100
[  213.341814][ T8908]  __request_module+0x2b7/0x6c0
[  213.341830][ T8908]  ? __pfx___request_module+0x10/0x10
[  213.341846][ T8908]  ? __mutex_unlock_slowpath+0x15c/0x790
[  213.341867][ T8908]  ? snd_timer_open+0xcf9/0x1020
[  213.341881][ T8908]  snd_timer_open+0xd1b/0x1020
[  213.341891][ T8908]  ? snd_timer_instance_new+0x65/0x2e0
[  213.341910][ T8908]  ? __pfx_snd_timer_open+0x10/0x10
[  213.341922][ T8908]  ? kstrdup+0xb3/0xe0
[  213.341941][ T8908]  __snd_timer_user_ioctl.isra.0+0xd6d/0x27c0
[  213.341954][ T8908]  ? __pfx___snd_timer_user_ioctl.isra.0+0x10/0x10
[  213.341966][ T8908]  ? lock_acquire+0x1cf/0x380
[  213.341982][ T8908]  ? rcu_is_watching+0x12/0xc0
[  213.342001][ T8908]  ? __mutex_lock+0x26a/0x1b90
[  213.342015][ T8908]  ? snd_timer_user_ioctl_compat+0xaf/0x450
[  213.342030][ T8908]  ? __pfx___mutex_lock+0x10/0x10
[  213.342045][ T8908]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  213.342071][ T8908]  snd_timer_user_ioctl_compat+0x21a/0x450
[  213.342083][ T8908]  ? find_held_lock+0x2b/0x80
[  213.342093][ T8908]  ? __pfx_snd_timer_user_ioctl_compat+0x10/0x10
[  213.342108][ T8908]  ? __fget_files+0x21f/0x3d0
[  213.342121][ T8908]  ? __pfx_snd_timer_user_ioctl_compat+0x10/0x10
[  213.342134][ T8908]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  213.342152][ T8908]  __do_fast_syscall_32+0xe3/0x8c0
[  213.342169][ T8908]  do_fast_syscall_32+0x32/0x70
[  213.342183][ T8908]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  213.342198][ T8908] RIP: 0023:0xf704ef6c
[  213.342207][ T8908] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  213.342217][ T8908] RSP: 002b:00000000f541c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  213.342228][ T8908] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000040345410
[  213.342234][ T8908] RDX: 00000000800083c0 RSI: 0000000000000000 RDI: 0000000000000000
[  213.342241][ T8908] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  213.342247][ T8908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  213.342253][ T8908] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  213.342267][ T8908]  </TASK>
[  213.343002][   T40] audit: type=1326 audit(1773175269.363:608): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8893 comm="syz.0.841" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  213.455963][   T40] audit: type=1326 audit(1773175269.373:609): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8893 comm="syz.0.841" exe="/syz-executor" sig=0 arch=40000003 syscall=373 compat=1 ip=0xf709ef6c code=0x7ffc0000
[  214.316334][ T8929] FAULT_INJECTION: forcing a failure.
[  214.316334][ T8929] name failslab, interval 1, probability 0, space 0, times 0
[  214.321659][ T8929] CPU: 3 UID: 0 PID: 8929 Comm: syz.3.851 Not tainted syzkaller #0 PREEMPT(full) 
[  214.321682][ T8929] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  214.321693][ T8929] Call Trace:
[  214.321699][ T8929]  <TASK>
[  214.321708][ T8929]  dump_stack_lvl+0x100/0x190
[  214.321737][ T8929]  should_fail_ex.cold+0x5/0xa
[  214.321757][ T8929]  should_failslab+0xc2/0x120
[  214.321775][ T8929]  __kmalloc_cache_noprof+0x7a/0x6f0
[  214.321796][ T8929]  ? fuse_dentry_init+0x45/0x100
[  214.321817][ T8929]  ? kmem_cache_alloc_lru_noprof+0x297/0x6e0
[  214.321841][ T8929]  ? __d_alloc+0x34/0xa80
[  214.321858][ T8929]  ? __pfx_fuse_dentry_init+0x10/0x10
[  214.321881][ T8929]  fuse_dentry_init+0x45/0x100
[  214.321903][ T8929]  ? __pfx_fuse_dentry_init+0x10/0x10
[  214.321926][ T8929]  __d_alloc+0x62b/0xa80
[  214.321946][ T8929]  d_alloc_parallel+0x111/0x14e0
[  214.321978][ T8929]  ? find_held_lock+0x2b/0x80
[  214.321993][ T8929]  ? __d_lookup+0x25c/0x4a0
[  214.322015][ T8929]  ? __pfx_d_alloc_parallel+0x10/0x10
[  214.322041][ T8929]  ? __d_lookup+0x266/0x4a0
[  214.322069][ T8929]  lookup_open.isra.0+0x57c/0x11b0
[  214.322100][ T8929]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  214.322140][ T8929]  ? lookup_fast+0x2da/0x600
[  214.322167][ T8929]  path_openat+0xa98/0x31a0
[  214.322189][ T8929]  ? fred_int80_emulation+0x630/0x6a0
[  214.322215][ T8929]  ? __pfx_path_openat+0x10/0x10
[  214.322243][ T8929]  do_file_open+0x20e/0x430
[  214.322265][ T8929]  ? __pfx_do_file_open+0x10/0x10
[  214.322300][ T8929]  ? _raw_spin_unlock+0x28/0x50
[  214.322317][ T8929]  ? alloc_fd+0x476/0x790
[  214.322341][ T8929]  do_sys_openat2+0x10d/0x1e0
[  214.322363][ T8929]  ? __pfx_do_sys_openat2+0x10/0x10
[  214.322389][ T8929]  ? __fget_files+0x21f/0x3d0
[  214.322407][ T8929]  __ia32_compat_sys_open+0xfe/0x1c0
[  214.322428][ T8929]  ? __pfx___ia32_compat_sys_open+0x10/0x10
[  214.322452][ T8929]  ? __pfx_ksys_write+0x10/0x10
[  214.322479][ T8929]  __do_fast_syscall_32+0xe3/0x8c0
[  214.322503][ T8929]  do_fast_syscall_32+0x32/0x70
[  214.322549][ T8929]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  214.322570][ T8929] RIP: 0023:0xf704ef6c
[  214.322584][ T8929] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  214.322599][ T8929] RSP: 002b:00000000f541c50c EFLAGS: 00000292 ORIG_RAX: 0000000000000005
[  214.322617][ T8929] RAX: ffffffffffffffda RBX: 00000000800001c0 RCX: 0000000000004100
[  214.322627][ T8929] RDX: 00000000000001e0 RSI: 0000000000000000 RDI: 0000000000000000
[  214.322636][ T8929] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  214.322645][ T8929] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  214.322654][ T8929] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  214.322676][ T8929]  </TASK>
[  215.010493][ T8936] netlink: 4 bytes leftover after parsing attributes in process `syz.3.853'.
[  215.051286][ T5940] overlayfs: failed lookup in lower (newroot/202, name='bus', err=-40): overlapping layers
[  215.056012][ T5940] overlayfs: failed lookup in lower (newroot/202, name='bus', err=-40): overlapping layers
[  216.032492][  T220] 
[  216.033375][  T220] ======================================================
[  216.035658][  T220] WARNING: possible circular locking dependency detected
[  216.038157][  T220] syzkaller #0 Not tainted
[  216.039843][  T220] ------------------------------------------------------
[  216.042157][  T220] kworker/u32:8/220 is trying to acquire lock:
[  216.044560][  T220] ffff88801caf4220 (&root->kernfs_iattr_rwsem){++++}-{4:4}, at: kernfs_unlink_sibling+0xa3/0x320
[  216.047955][  T220] 
[  216.047955][  T220] but task is already holding lock:
[  216.050324][  T220] ffff88801caf4188 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_remove_by_name_ns+0x3d/0xf0
[  216.053597][  T220] 
[  216.053597][  T220] which lock already depends on the new lock.
[  216.053597][  T220] 
[  216.056953][  T220] 
[  216.056953][  T220] the existing dependency chain (in reverse order) is:
[  216.059829][  T220] 
[  216.059829][  T220] -> #10 (&root->kernfs_rwsem){++++}-{4:4}:
[  216.062458][  T220]        down_write+0x8b/0x1f0
[  216.064051][  T220]        kernfs_add_one+0x38/0x850
[  216.065720][  T220]        kernfs_create_dir_ns+0xfc/0x1a0
[  216.067582][  T220]        internal_create_group+0x36f/0xf40
[  216.069488][  T220]        cpuhp_invoke_callback+0x3ab/0x9a0
[  216.071390][  T220]        cpuhp_issue_call+0x1b8/0x970
[  216.073168][  T220]        __cpuhp_setup_state_cpuslocked+0x431/0x880
[  216.075301][  T220]        __cpuhp_setup_state+0xf4/0x300
[  216.077115][  T220]        do_one_initcall+0x11d/0x760
[  216.078849][  T220]        kernel_init_freeable+0x6e5/0x7a0
[  216.081127][  T220]        kernel_init+0x1f/0x1e0
[  216.082913][  T220]        ret_from_fork+0x754/0xd80
[  216.084853][  T220]        ret_from_fork_asm+0x1a/0x30
[  216.086995][  T220] 
[  216.086995][  T220] -> #9 (cpuhp_state_mutex){+.+.}-{4:4}:
[  216.090742][  T220] 
[  216.090742][  T220] -> #8 (cpu_hotplug_lock){++++}-{0:0}:
[  216.094145][  T220]        cpus_read_lock+0x42/0x170
[  216.096046][  T220]        static_key_disable+0x12/0x20
[  216.097794][  T220]        __inet_hash_connect+0x1378/0x1e40
[  216.099701][  T220]        tcp_v4_connect+0xeb0/0x1b40
[  216.101442][  T220]        __inet_stream_connect+0x208/0xfa0
[  216.103374][  T220]        inet_stream_connect+0x57/0xa0
[  216.105153][  T220]        __sys_connect_file+0x141/0x1a0
[  216.106964][  T220]        __sys_connect+0x141/0x170
[  216.108644][  T220]        __ia32_compat_sys_socketcall+0x45e/0x770
[  216.110729][  T220]        __do_fast_syscall_32+0xe3/0x8c0
[  216.112527][  T220]        do_fast_syscall_32+0x32/0x70
[  216.114268][  T220]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  216.116465][  T220] 
[  216.116465][  T220] -> #7 (sk_lock-AF_INET){+.+.}-{0:0}:
[  216.118930][  T220]        lock_sock_nested+0x41/0xf0
[  216.120559][  T220]        inet_shutdown+0x67/0x410
[  216.122211][  T220]        nbd_mark_nsock_dead+0xae/0x5c0
[  216.124025][  T220]        recv_work+0x5fb/0x8c0
[  216.125559][  T220]        process_one_work+0x9d7/0x1920
[  216.127327][  T220]        worker_thread+0x5da/0xe40
[  216.128976][  T220]        kthread+0x370/0x450
[  216.130499][  T220]        ret_from_fork+0x754/0xd80
[  216.132191][  T220]        ret_from_fork_asm+0x1a/0x30
[  216.133912][  T220] 
[  216.133912][  T220] -> #6 (&nsock->tx_lock){+.+.}-{4:4}:
[  216.136422][  T220]        __mutex_lock+0x1a2/0x1b90
[  216.138093][  T220]        nbd_queue_rq+0x428/0x1080
[  216.139772][  T220]        blk_mq_dispatch_rq_list+0x422/0x1e70
[  216.141777][  T220]        __blk_mq_sched_dispatch_requests+0xcea/0x1620
[  216.143999][  T220]        blk_mq_sched_dispatch_requests+0xd7/0x1c0
[  216.146114][  T220]        blk_mq_run_hw_queue+0x23c/0x670
[  216.147940][  T220]        blk_mq_dispatch_list+0x51d/0x1360
[  216.149832][  T220]        blk_mq_flush_plug_list+0x130/0x600
[  216.151754][  T220]        __blk_flush_plug+0x2c4/0x4b0
[  216.153493][  T220]        __submit_bio+0x584/0x6c0
[  216.155141][  T220]        submit_bio_noacct_nocheck+0x562/0xc10
[  216.157115][  T220]        submit_bio_noacct+0xd17/0x2010
[  216.158917][  T220]        submit_bh_wbc+0x59c/0x770
[  216.160521][  T220]        block_read_full_folio+0x4c8/0x8e0
[  216.162412][  T220]        filemap_read_folio+0xfc/0x3b0
[  216.164226][  T220]        do_read_cache_folio+0x2d7/0x6b0
[  216.166073][  T220]        read_part_sector+0xd1/0x370
[  216.167818][  T220]        adfspart_check_ICS+0x93/0x910
[  216.169598][  T220]        bdev_disk_changed+0x7f8/0xc80
[  216.171372][  T220]        blkdev_get_whole+0x187/0x290
[  216.173146][  T220]        bdev_open+0x2c7/0xe40
[  216.174717][  T220]        blkdev_open+0x34e/0x4f0
[  216.176346][  T220]        do_dentry_open+0x6d8/0x1660
[  216.178060][  T220]        vfs_open+0x82/0x3f0
[  216.179581][  T220]        path_openat+0x208c/0x31a0
[  216.181266][  T220]        do_file_open+0x20e/0x430
[  216.182936][  T220]        do_sys_openat2+0x10d/0x1e0
[  216.184628][  T220]        __x64_sys_openat+0x12d/0x210
[  216.186394][  T220]        do_syscall_64+0x106/0xf80
[  216.188076][  T220]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.190145][  T220] 
[  216.190145][  T220] -> #5 (&cmd->lock){+.+.}-{4:4}:
[  216.192467][  T220]        __mutex_lock+0x1a2/0x1b90
[  216.194100][  T220]        nbd_queue_rq+0xba/0x1080
[  216.195732][  T220]        blk_mq_dispatch_rq_list+0x422/0x1e70
[  216.197715][  T220]        __blk_mq_sched_dispatch_requests+0xcea/0x1620
[  216.199922][  T220]        blk_mq_sched_dispatch_requests+0xd7/0x1c0
[  216.202039][  T220]        blk_mq_run_hw_queue+0x23c/0x670
[  216.203864][  T220]        blk_mq_dispatch_list+0x51d/0x1360
[  216.205751][  T220]        blk_mq_flush_plug_list+0x130/0x600
[  216.207688][  T220]        __blk_flush_plug+0x2c4/0x4b0
[  216.209423][  T220]        __submit_bio+0x584/0x6c0
[  216.211064][  T220]        submit_bio_noacct_nocheck+0x562/0xc10
[  216.213074][  T220]        submit_bio_noacct+0xd17/0x2010
[  216.214877][  T220]        submit_bh_wbc+0x59c/0x770
[  216.216553][  T220]        block_read_full_folio+0x4c8/0x8e0
[  216.218461][  T220]        filemap_read_folio+0xfc/0x3b0
[  216.220241][  T220]        do_read_cache_folio+0x2d7/0x6b0
[  216.222076][  T220]        read_part_sector+0xd1/0x370
[  216.223820][  T220]        adfspart_check_ICS+0x93/0x910
[  216.225577][  T220]        bdev_disk_changed+0x7f8/0xc80
[  216.227378][  T220]        blkdev_get_whole+0x187/0x290
[  216.229099][  T220]        bdev_open+0x2c7/0xe40
[  216.230483][  T220]        blkdev_open+0x34e/0x4f0
[  216.232111][  T220]        do_dentry_open+0x6d8/0x1660
[  216.233876][  T220]        vfs_open+0x82/0x3f0
[  216.235404][  T220]        path_openat+0x208c/0x31a0
[  216.236968][  T220]        do_file_open+0x20e/0x430
[  216.238621][  T220]        do_sys_openat2+0x10d/0x1e0
[  216.240314][  T220]        __x64_sys_openat+0x12d/0x210
[  216.242070][  T220]        do_syscall_64+0x106/0xf80
[  216.243774][  T220]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.245835][  T220] 
[  216.245835][  T220] -> #4 (set->srcu){.+.+}-{0:0}:
[  216.248150][  T220]        __synchronize_srcu+0xa1/0x2a0
[  216.249914][  T220]        blk_mq_quiesce_queue+0x149/0x1c0
[  216.251776][  T220]        elevator_switch+0x17b/0x7e0
[  216.253567][  T220]        elevator_change+0x352/0x530
[  216.255317][  T220]        elevator_set_default+0x29e/0x360
[  216.257249][  T220]        blk_register_queue+0x412/0x590
[  216.259056][  T220]        __add_disk+0x73f/0xe40
[  216.260665][  T220]        add_disk_fwnode+0x118/0x5c0
[  216.262383][  T220]        nbd_dev_add+0x77a/0xb10
[  216.264023][  T220]        nbd_init+0x291/0x2b0
[  216.265555][  T220]        do_one_initcall+0x11d/0x760
[  216.267406][  T220]        kernel_init_freeable+0x6e5/0x7a0
[  216.269262][  T220]        kernel_init+0x1f/0x1e0
[  216.270871][  T220]        ret_from_fork+0x754/0xd80
[  216.272550][  T220]        ret_from_fork_asm+0x1a/0x30
[  216.274231][  T220] 
[  216.274231][  T220] -> #3 (&q->elevator_lock){+.+.}-{4:4}:
[  216.276792][  T220]        __mutex_lock+0x1a2/0x1b90
[  216.278482][  T220]        elevator_change+0x1bc/0x530
[  216.280237][  T220]        elevator_set_none+0x92/0xf0
[  216.281979][  T220]        blk_mq_update_nr_hw_queues+0x4c1/0x15f0
[  216.284072][  T220]        nbd_start_device+0x1a6/0xbd0
[  216.285834][  T220]        nbd_ioctl+0x4a6/0xd30
[  216.287478][  T220]        compat_blkdev_ioctl+0x682/0x7b0
[  216.289330][  T220]        __ia32_compat_sys_ioctl+0x2cf/0x360
[  216.291315][  T220]        __do_fast_syscall_32+0xe3/0x8c0
[  216.293263][  T220]        do_fast_syscall_32+0x32/0x70
[  216.295010][  T220]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  216.297306][  T220] 
[  216.297306][  T220] -> #2 (&q->q_usage_counter(io)#49){++++}-{0:0}:
[  216.300052][  T220]        blk_alloc_queue+0x610/0x790
[  216.301832][  T220]        blk_mq_alloc_queue+0x174/0x290
[  216.303901][  T220]        __blk_mq_alloc_disk+0x29/0x120
[  216.305786][  T220]        nbd_dev_add+0x492/0xb10
[  216.307575][  T220]        nbd_init+0x291/0x2b0
[  216.309113][  T220]        do_one_initcall+0x11d/0x760
[  216.310839][  T220]        kernel_init_freeable+0x6e5/0x7a0
[  216.312686][  T220]        kernel_init+0x1f/0x1e0
[  216.314280][  T220]        ret_from_fork+0x754/0xd80
[  216.315942][  T220]        ret_from_fork_asm+0x1a/0x30
[  216.317494][  T220] 
[  216.317494][  T220] -> #1 (fs_reclaim){+.+.}-{0:0}:
[  216.319735][  T220]        fs_reclaim_acquire+0xc4/0x100
[  216.321511][  T220]        kmem_cache_alloc_noprof+0x4c/0x6e0
[  216.323452][  T220]        __kernfs_iattrs+0x126/0x400
[  216.325166][  T220]        __kernfs_setattr+0x4d/0x3c0
[  216.327041][  T220]        kernfs_iop_setattr+0xda/0x130
[  216.329167][  T220]        notify_change+0xb25/0x1330
[  216.331240][  T220]        do_truncate+0x1df/0x240
[  216.333199][  T220]        path_openat+0x2a55/0x31a0
[  216.334862][  T220]        do_file_open+0x20e/0x430
[  216.336527][  T220]        do_sys_openat2+0x10d/0x1e0
[  216.338612][  T220]        __x64_sys_openat+0x12d/0x210
[  216.340352][  T220]        do_syscall_64+0x106/0xf80
[  216.341927][  T220]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  216.343945][  T220] 
[  216.343945][  T220] -> #0 (&root->kernfs_iattr_rwsem){++++}-{4:4}:
[  216.346732][  T220]        __lock_acquire+0x14b8/0x2630
[  216.348984][  T220]        lock_acquire+0x1cf/0x380
[  216.350656][  T220]        down_write+0x8b/0x1f0
[  216.352231][  T220]        kernfs_unlink_sibling+0xa3/0x320
[  216.354113][  T220]        __kernfs_remove+0x308/0x910
[  216.355862][  T220]        kernfs_remove_by_name_ns+0x68/0xf0
[  216.357888][  T220]        remove_files+0x96/0x1c0
[  216.359537][  T220]        sysfs_remove_group+0x8b/0x1b0
[  216.361643][  T220]        sysfs_remove_groups+0x60/0xb0
[  216.363905][  T220]        net_rx_queue_update_kobjects+0x53c/0x760
[  216.366315][  T220]        netdev_unregister_kobject+0x154/0x540
[  216.368361][  T220]        unregister_netdevice_many_notify+0x1817/0x2580
[  216.370594][  T220]        unregister_netdevice_queue+0x30b/0x3c0
[  216.372664][  T220]        nsim_destroy+0x1a0/0x830
[  216.374299][  T220]        __nsim_dev_port_del+0x189/0x240
[  216.376159][  T220]        nsim_dev_reload_destroy+0x10a/0x4a0
[  216.378773][  T220]        nsim_dev_reload_down+0x66/0xd0
[  216.381231][  T220]        devlink_reload+0x173/0x790
[  216.383523][  T220]        devlink_pernet_pre_exit+0x222/0x330
[  216.386146][  T220]        ops_undo_list+0x187/0xab0
[  216.388391][  T220]        cleanup_net+0x499/0x920
[  216.390562][  T220]        process_one_work+0x9d7/0x1920
[  216.392931][  T220]        worker_thread+0x5da/0xe40
[  216.395186][  T220]        kthread+0x370/0x450
[  216.397234][  T220]        ret_from_fork+0x754/0xd80
[  216.399507][  T220]        ret_from_fork_asm+0x1a/0x30
[  216.401846][  T220] 
[  216.401846][  T220] other info that might help us debug this:
[  216.401846][  T220] 
[  216.405740][  T220] Chain exists of:
[  216.405740][  T220]   &root->kernfs_iattr_rwsem --> cpuhp_state_mutex --> &root->kernfs_rwsem
[  216.405740][  T220] 
[  216.410310][  T220]  Possible unsafe locking scenario:
[  216.410310][  T220] 
[  216.412744][  T220]        CPU0                    CPU1
[  216.414473][  T220]        ----                    ----
[  216.416667][  T220]   lock(&root->kernfs_rwsem);
[  216.418623][  T220]                                lock(cpuhp_state_mutex);
[  216.420909][  T220]                                lock(&root->kernfs_rwsem);
[  216.423284][  T220]   lock(&root->kernfs_iattr_rwsem);
[  216.425006][  T220] 
[  216.425006][  T220]  *** DEADLOCK ***
[  216.425006][  T220] 
[  216.427657][  T220] 7 locks held by kworker/u32:8/220:
[  216.429354][  T220]  #0: ffff88801caf5148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920
[  216.432759][  T220]  #1: ffffc90002b6fd08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920
[  216.435968][  T220]  #2: ffffffff905fac10 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920
[  216.438724][  T220]  #3: ffff88806b8b30e8 (&dev->mutex){....}-{4:4}, at: devlink_pernet_pre_exit+0x185/0x330
[  216.441768][  T220]  #4: ffff88806b8b2250 (&devlink->lock_key){+.+.}-{4:4}, at: devlink_pernet_pre_exit+0x18f/0x330
[  216.445351][  T220]  #5: ffffffff90613468 (rtnl_mutex){+.+.}-{4:4}, at: nsim_destroy+0x108/0x830
[  216.449035][  T220]  #6: ffff88801caf4188 (&root->kernfs_rwsem){++++}-{4:4}, at: kernfs_remove_by_name_ns+0x3d/0xf0
[  216.453204][  T220] 
[  216.453204][  T220] stack backtrace:
[  216.455130][  T220] CPU: 3 UID: 0 PID: 220 Comm: kworker/u32:8 Not tainted syzkaller #0 PREEMPT(full) 
[  216.455144][  T220] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  216.455151][  T220] Workqueue: netns cleanup_net
[  216.455169][  T220] Call Trace:
[  216.455174][  T220]  <TASK>
[  216.455178][  T220]  dump_stack_lvl+0x100/0x190
[  216.455195][  T220]  print_circular_bug.cold+0x178/0x1c7
[  216.455213][  T220]  check_noncircular+0x146/0x160
[  216.455228][  T220]  __lock_acquire+0x14b8/0x2630
[  216.455243][  T220]  ? __lock_acquire+0x4a5/0x2630
[  216.455257][  T220]  lock_acquire+0x1cf/0x380
[  216.455269][  T220]  ? kernfs_unlink_sibling+0xa3/0x320
[  216.455285][  T220]  ? __pfx___might_resched+0x10/0x10
[  216.455302][  T220]  down_write+0x8b/0x1f0
[  216.455317][  T220]  ? kernfs_unlink_sibling+0xa3/0x320
[  216.455332][  T220]  ? __pfx_down_write+0x10/0x10
[  216.455348][  T220]  kernfs_unlink_sibling+0xa3/0x320
[  216.455363][  T220]  __kernfs_remove+0x308/0x910
[  216.455379][  T220]  ? kernfs_find_ns+0x283/0x540
[  216.455395][  T220]  kernfs_remove_by_name_ns+0x68/0xf0
[  216.455406][  T220]  remove_files+0x96/0x1c0
[  216.455421][  T220]  sysfs_remove_group+0x8b/0x1b0
[  216.455436][  T220]  sysfs_remove_groups+0x60/0xb0
[  216.455452][  T220]  net_rx_queue_update_kobjects+0x53c/0x760
[  216.455471][  T220]  netdev_unregister_kobject+0x154/0x540
[  216.455488][  T220]  ? rtmsg_ifinfo_send+0xcc/0x110
[  216.455503][  T220]  unregister_netdevice_many_notify+0x1817/0x2580
[  216.455526][  T220]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[  216.455541][  T220]  ? do_raw_spin_lock+0x128/0x260
[  216.455559][  T220]  unregister_netdevice_queue+0x30b/0x3c0
[  216.455573][  T220]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[  216.455590][  T220]  nsim_destroy+0x1a0/0x830
[  216.455602][  T220]  __nsim_dev_port_del+0x189/0x240
[  216.455613][  T220]  nsim_dev_reload_destroy+0x10a/0x4a0
[  216.455627][  T220]  nsim_dev_reload_down+0x66/0xd0
[  216.455640][  T220]  devlink_reload+0x173/0x790
[  216.455651][  T220]  ? __pfx_devlink_reload+0x10/0x10
[  216.455664][  T220]  devlink_pernet_pre_exit+0x222/0x330
[  216.455682][  T220]  ? __pfx_devlink_pernet_pre_exit+0x10/0x10
[  216.455699][  T220]  ? kobject_put+0xb9/0x640
[  216.455713][  T220]  ? __pfx_devlink_pernet_pre_exit+0x10/0x10
[  216.455729][  T220]  ops_undo_list+0x187/0xab0
[  216.455744][  T220]  ? __pfx_ops_undo_list+0x10/0x10
[  216.455757][  T220]  ? cleanup_net+0x332/0x920
[  216.455771][  T220]  ? cleanup_net+0x332/0x920
[  216.455785][  T220]  ? idr_destroy+0x62/0x2e0
[  216.455802][  T220]  cleanup_net+0x499/0x920
[  216.455818][  T220]  ? __pfx_cleanup_net+0x10/0x10
[  216.455833][  T220]  ? rcu_is_watching+0x12/0xc0
[  216.455850][  T220]  process_one_work+0x9d7/0x1920
[  216.455868][  T220]  ? __pfx_process_one_work+0x10/0x10
[  216.455885][  T220]  ? __pfx_cleanup_net+0x10/0x10
[  216.455900][  T220]  worker_thread+0x5da/0xe40
[  216.455917][  T220]  ? __pfx_worker_thread+0x10/0x10
[  216.455933][  T220]  ? kthread+0x13a/0x450
[  216.455946][  T220]  ? __pfx_worker_thread+0x10/0x10
[  216.455961][  T220]  kthread+0x370/0x450
[  216.455974][  T220]  ? __pfx_kthread+0x10/0x10
[  216.455988][  T220]  ret_from_fork+0x754/0xd80
[  216.456003][  T220]  ? __pfx_ret_from_fork+0x10/0x10
[  216.456024][  T220]  ? __switch_to+0x7b4/0x1120
[  216.456035][  T220]  ? __pfx_kthread+0x10/0x10
[  216.456049][  T220]  ret_from_fork_asm+0x1a/0x30
[  216.456064][  T220]  </TASK>
[  216.892528][  T220] bridge_slave_1: left allmulticast mode
[  216.894438][  T220] bridge_slave_1: left promiscuous mode
[  216.898589][  T220] bridge0: port 2(bridge_slave_1) entered disabled state
[  216.901519][  T220] bridge_slave_0: left allmulticast mode
[  216.903444][  T220] bridge_slave_0: left promiscuous mode
[  216.905401][  T220] bridge0: port 1(bridge_slave_0) entered disabled state
[  216.908824][  T220] batman_adv: batadv0: Interface deactivated: gretap1
[  216.944870][  T220] batman_adv: batadv0: Removing interface: gretap1
[  217.044702][ T5987] usb 38-1: device descriptor read/8, error -110
[  217.147015][  T220] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  217.150444][  T220] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  217.153619][  T220] bond0 (unregistering): Released all slaves
[  217.435418][ T5987] usb usb38-port1: attempt power cycle
[  217.536445][  T220] hsr_slave_0: left promiscuous mode
[  217.539210][  T220] batman_adv: batadv0: Removing interface: batadv_slave_0
[  217.542619][  T220] batman_adv: batadv0: Removing interface: batadv_slave_1
[  217.628541][  T220] team0 (unregistering): Port device team_slave_1 removed
[  217.634995][  T220] team0 (unregistering): Port device team_slave_0 removed
[  217.995137][ T5987] usb usb38-port1: unable to enumerate USB device