last executing test programs:

9m5.655533433s ago: executing program 3 (id=28):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f0000000640)={0x2, 0x3, 0x0, 0x9, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0xe, @in={0x2, 0x0, @rand_addr=0x64010100}}, @sadb_sa={0x2, 0x1, 0x0, 0x3, 0x0, 0x2, 0xff}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x1, @rand_addr=0x64010100}}]}, 0x50}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_sctp(0x2, 0x1, 0x84)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='mm_shrink_slab_start\x00', r1, 0x0, 0x2}, 0x18)
set_mempolicy(0x2, &(0x7f0000000140)=0x8001, 0x2)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000613000/0x3000)=nil, 0x3)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000400)={0x93de, 0x1, 0x0, 0x3, 0x1ff, 0x7, 0xdff8, 0xb}, 0x20)

9m5.638851021s ago: executing program 3 (id=30):
syz_open_dev$evdev(0x0, 0x0, 0x2002)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x11, &(0x7f00000005c0)=@framed={{0x18, 0x2}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x6}}, @call={0x85, 0x0, 0x0, 0xc6}]}, &(0x7f0000000380)='GPL\x00'}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
sync_file_range(r1, 0x0, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=ANY=[@ANYRES8=0x0], 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x14, &(0x7f0000000500)=ANY=[@ANYBLOB="18020000000000000000000061db000018110000", @ANYRES32=r2, @ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x60}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r3, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xe00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x2a)
eventfd(0x80200003)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sndmidi(&(0x7f0000001b80), 0x9, 0x20000)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x6, 0x100000b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r5 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_pkt_type_change={{0x1d, 0x5}, {0x6, 0xc8, 0x7}}}, 0x8)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
write$6lowpan_control(r5, 0x0, 0x0)
syz_io_uring_setup(0x286, &(0x7f0000000440)={0x0, 0xfad9, 0x400, 0x0, 0x0, 0x0, r5}, &(0x7f0000000340)=<r6=>0x0, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r7, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000980)=ANY=[@ANYBLOB="380000001214010027bd7000fddbdf25080001000200000008001500ad96666008004f000000000008004b00130000000800030001000008"], 0x38}, 0x1, 0x0, 0x0, 0x40084}, 0x810)
syz_io_uring_submit(r6, 0x0, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x48, 0x4000, @fd_index=0x3, 0x5, 0x0, 0x0, 0x2})
r8 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0)
write$sysctl(r8, 0x0, 0x0)
prctl$PR_GET_TSC(0x43, &(0x7f0000000040))
write$sysctl(r8, &(0x7f0000000000)='2\x00', 0x2)

9m4.596302054s ago: executing program 3 (id=33):
r0 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
fsetxattr$security_ima(r0, &(0x7f0000000040), &(0x7f0000000480)=ANY=[@ANYBLOB="060327"], 0xa, 0x300)

9m4.441113787s ago: executing program 3 (id=34):
r0 = syz_open_dev$mouse(&(0x7f0000000440), 0x1001, 0x4609c3)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='nv', 0x2)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0xc, &(0x7f0000000140)=ANY=[@ANYBLOB="180200000000000000000000000000008500000013000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000080)='GPL\x00'}, 0x94)
r2 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x4)
r3 = dup(r2)
ioctl$SIOCSIFHWADDR(r3, 0x8925, &(0x7f0000002640)={'team_slave_0\x00', @random="76f64c34b99d"})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0xa5bc, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x62)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x10000, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave'])
chdir(&(0x7f0000000240)='./file0\x00')
r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
syz_clone(0x4000000, &(0x7f00000002c0), 0x0, 0x0, 0x0, 0x0)
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r6, &(0x7f0000000240), 0x3af4701e)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28012, r6, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$FS_IOC_RESVSP(r5, 0x4030582b, &(0x7f0000000c00)={0x0, 0x1, 0x4, 0x40000000000000, 0x0, 0xf0})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r7 = creat(&(0x7f0000000040)='./file0\x00', 0x40)
fadvise64(r7, 0xfff, 0x8, 0x2)
openat$dsp1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')

9m3.783925492s ago: executing program 3 (id=36):
socket$inet_udp(0x2, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x5, 0x0, 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1/file0\x00', 0x80c3, 0x1)
write$cgroup_pressure(r0, &(0x7f0000000480)={'some', 0x20, 0x10, 0x20, 0x3}, 0x2f)
r1 = creat(&(0x7f0000000500)='./file1/file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x800, &(0x7f0000000100)=ANY=[@ANYBLOB="67727071756f76615f696e6f64655f686172646c696d69ed3d3235652c00"])
syz_open_dev$usbfs(&(0x7f0000000000), 0x3, 0x208002)
setsockopt$inet_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000180)=0x3, 0x4)
socket(0xa, 0x3, 0x3a)
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$vbi(&(0x7f0000000080), 0x2, 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000400)={{0x1, 0x1, 0x18, r2}, './file0\x00'})
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./bus\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file1/file0\x00', 0x0)
mount$bind(0x0, &(0x7f0000000280)='./file1/file0\x00', 0x0, 0x1085408, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000003c0), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file1/file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)

9m3.193135225s ago: executing program 3 (id=40):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = socket$kcm(0x2b, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pipe2$watch_queue(&(0x7f0000001100), 0x80)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r2, &(0x7f0000000000)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
ioctl$COMEDI_CMD(0xffffffffffffffff, 0x80406409, &(0x7f0000000040)={0x1000, 0x40, 0x20, 0x5, 0x40, 0x8, 0x40, 0x0, 0x100, 0x3c1d742f, 0x0, 0x200, 0x0, 0x0, &(0x7f0000000180)="adf7fff97c3f402d6c06ff1a0b49b0a7cb08873dbc81572da5de7c5847b789ffcc90a41961b6c293040a393844438a6ba0a4c4cb83f13ccadf56992c4b9cae840cc44e59891b2cab803773b4eebd5ff953cc08acab152bb10d9c4fd667472cb490d8b5209f8c782a184661a463d53487d771f0733ce5d4ac", 0x78})
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000140)={0x8000, 0x1, 0x4})
connect$netrom(0xffffffffffffffff, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48)
listen(r2, 0x80)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000003c0)='rxrpc_transmit\x00', r0, 0x0, 0x9}, 0x18)
pipe2$9p(&(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB="2c7766646e9cb9", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000,\x00'])
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

9m3.067330884s ago: executing program 32 (id=40):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r0 = socket$kcm(0x2b, 0x1, 0x0)
socket$kcm(0x10, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
pipe2$watch_queue(&(0x7f0000001100), 0x80)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r2, &(0x7f0000000000)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
ioctl$COMEDI_CMD(0xffffffffffffffff, 0x80406409, &(0x7f0000000040)={0x1000, 0x40, 0x20, 0x5, 0x40, 0x8, 0x40, 0x0, 0x100, 0x3c1d742f, 0x0, 0x200, 0x0, 0x0, &(0x7f0000000180)="adf7fff97c3f402d6c06ff1a0b49b0a7cb08873dbc81572da5de7c5847b789ffcc90a41961b6c293040a393844438a6ba0a4c4cb83f13ccadf56992c4b9cae840cc44e59891b2cab803773b4eebd5ff953cc08acab152bb10d9c4fd667472cb490d8b5209f8c782a184661a463d53487d771f0733ce5d4ac", 0x78})
r3 = syz_open_dev$vim2m(&(0x7f0000000080), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000140)={0x8000, 0x1, 0x4})
connect$netrom(0xffffffffffffffff, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48)
listen(r2, 0x80)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000003c0)='rxrpc_transmit\x00', r0, 0x0, 0x9}, 0x18)
pipe2$9p(&(0x7f00000000c0)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x0)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB="2c7766646e9cb9", @ANYRESHEX=r5, @ANYBLOB=',version=9p2000,\x00'])
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

8m30.664853593s ago: executing program 2 (id=220):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000040)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xc, 0x1c, &(0x7f0000000540)=@ringbuf={{0x18, 0x0, 0x0, 0x700}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

8m30.624314327s ago: executing program 2 (id=221):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x10, 0x117, 0x3, 0x1}], 0x10}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1, 0x0, 0x0, 0xfdef}, 0x40010040)

8m30.545316332s ago: executing program 2 (id=223):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000004380)=ANY=[@ANYBLOB="380000001000030400000000fdd3df2500000000", @ANYRES32=0x0, @ANYBLOB="00000000420000001800128008000100677470000c00028008000200", @ANYRES32], 0x38}, 0x1, 0xba01}, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x9})

8m30.479795846s ago: executing program 2 (id=226):
mount$binderfs(0x0, &(0x7f0000000480)='./binderfs\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000500)={[{@max={'max', 0x3d, 0x6}}]})
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x50, 0x0, 0x1, 0x401, 0x0, 0x1a14, {0x2, 0x0, 0x10}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x18, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @local}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}]}]}, 0x50}}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000080900010073797a30000000005c000000030a03000000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140004"], 0xa4}}, 0x0)

8m30.452575534s ago: executing program 2 (id=228):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x300)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='tmpfs\x00', 0x0, 0x0)
creat(&(0x7f0000000440)='./file0/file0\x00', 0x188)
ioctl$DRM_IOCTL_SET_VERSION(r0, 0xc0106407, &(0x7f0000000100)={0xfff, 0xfffffffe, 0x6, 0x8})
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'})

8m30.36494591s ago: executing program 2 (id=229):
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x127)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
memfd_secret(0x7c2c44e850a180fd)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newtaction={0x204, 0x30, 0x1, 0x0, 0x0, {}, [{0x1f0, 0x1, [@m_mirred={0x1a4, 0x8, 0x0, 0x0, {{0xb}, {0xc4, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x8, 0xfff, 0x4, 0x5, 0xfff}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xbd15, 0x7, 0x20000000, 0x6, 0xfffffff7}, 0x8f64f81f7773db03}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xff, 0x955a, 0x5, 0x5, 0x1}, 0x3}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x3, 0x8, 0x6, 0x8, 0x8}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x9, 0x5f4f, 0x0, 0x2, 0x2}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x3, 0x9, 0x0, 0x2, 0x3}, 0x4}}]}, {0xb6, 0x6, "afa3c8d817e4cba62fe57c7f870891666f5c4a596f58e26d08d2a2260d89a82504ccaa5140f7b7aa6ac4dc820dd1eca1c6381d0f4ef0dc4a14d6c20aead320dfda8be808eb7501fbde8772f341561243898d5c643253b7ed36970cedc8e627977b48feca3d84bada17059c5b1723f538424f896ea625ee0d1dd5e266e2adee752ee64895a9aaf17ad47347e8233796db05223cf076ba825745d9b435c5365b003b9d56abf477093e5fc55594b5514f31b49f"}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0xfffffffc}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x204}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x5)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, 0x0)
ptrace$ARCH_SHSTK_STATUS(0x1e, r0, 0x0, 0x5005)
socket$netlink(0x10, 0x3, 0x15)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r3 = shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0)
shmat(r3, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
lseek(r4, 0x289e0cb5, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})

8m15.337775789s ago: executing program 33 (id=229):
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, 0x0, 0x127)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000380), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
memfd_secret(0x7c2c44e850a180fd)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newtaction={0x204, 0x30, 0x1, 0x0, 0x0, {}, [{0x1f0, 0x1, [@m_mirred={0x1a4, 0x8, 0x0, 0x0, {{0xb}, {0xc4, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0x8, 0xfff, 0x4, 0x5, 0xfff}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xbd15, 0x7, 0x20000000, 0x6, 0xfffffff7}, 0x8f64f81f7773db03}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0xff, 0x955a, 0x5, 0x5, 0x1}, 0x3}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x3, 0x8, 0x6, 0x8, 0x8}, 0x1}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x9, 0x5f4f, 0x0, 0x2, 0x2}, 0x2}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x3, 0x9, 0x0, 0x2, 0x3}, 0x4}}]}, {0xb6, 0x6, "afa3c8d817e4cba62fe57c7f870891666f5c4a596f58e26d08d2a2260d89a82504ccaa5140f7b7aa6ac4dc820dd1eca1c6381d0f4ef0dc4a14d6c20aead320dfda8be808eb7501fbde8772f341561243898d5c643253b7ed36970cedc8e627977b48feca3d84bada17059c5b1723f538424f896ea625ee0d1dd5e266e2adee752ee64895a9aaf17ad47347e8233796db05223cf076ba825745d9b435c5365b003b9d56abf477093e5fc55594b5514f31b49f"}, {0xc}, {0xc, 0x8, {0x2, 0x3}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x0, 0xfffffffc}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x204}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x5)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, 0x0)
ptrace$ARCH_SHSTK_STATUS(0x1e, r0, 0x0, 0x5005)
socket$netlink(0x10, 0x3, 0x15)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xe, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r3 = shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x5, 0x0)
shmat(r3, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
lseek(r4, 0x289e0cb5, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})

6m51.953964177s ago: executing program 0 (id=895):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00'}, 0x94)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
get_mempolicy(0x0, 0x0, 0xdf8, &(0x7f0000ff5000/0x4000)=nil, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={0x0, r0}, 0x18)
unshare(0x6a040000)
r1 = socket$kcm(0x10, 0x2, 0x0)
recvmsg(r1, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
write$cgroup_subtree(r1, 0x0, 0xfe33)
r2 = socket$inet(0xa, 0x801, 0x84)
r3 = socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$inet6_udp_int(r3, 0x11, 0xa, &(0x7f0000000040)=0x8000000, 0x4)
getsockopt$IPT_SO_GET_INFO(r2, 0x29, 0x40, &(0x7f00000000c0)={'nat\x00', 0x0, [0x4, 0x5, 0x8, 0x4, 0x9]}, &(0x7f0000000200)=0x54)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1f, 0xc, &(0x7f0000000640)=ANY=[@ANYBLOB="180000000100000000000000000000008500000005000000180100002020642500001e00002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000010000085000000060000009500000000000000"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x30, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x19, '\x00', 0x0, @fallback=0x15}, 0x94)
r5 = syz_io_uring_setup(0x10d2, &(0x7f0000000500)={0x0, 0x7736, 0x80, 0x0, 0x26e}, &(0x7f0000000140)=<r6=>0x0, &(0x7f0000000080)=<r7=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x24, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r5, 0x47bc, 0x0, 0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0xd, 0x4, &(0x7f0000000000)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x31, 0x9c}, [@call={0x25}], {0x95, 0x0, 0xd00}}, &(0x7f0000000040)='syzkaller\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x8, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, 0x0, 0x8000000, 0x10, 0x0, 0xfffffffffffffed8}, 0x3f)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r4}, 0xc)

6m51.079993574s ago: executing program 0 (id=903):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0x14, 0x30, 0xb, 0x5}, 0x14}, 0x1, 0x0, 0x0, 0x8890}, 0x40)
syz_open_dev$vcsu(&(0x7f0000000180), 0x1, 0x20800)
r1 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=<r2=>0x0, &(0x7f0000000000)=<r3=>0x0)
unlinkat(0xffffffffffffff9c, 0x0, 0x8cff)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22})
io_uring_enter(r1, 0x48e9, 0x0, 0x2, 0x0, 0x0)

6m50.882353452s ago: executing program 0 (id=904):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000100)='syzkaller\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ptrace$poke(0x5, 0xffffffffffffffff, &(0x7f0000000040), 0xe7e)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x0, &(0x7f0000000000)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a94000000060a0b0400000000000000000200000068000480540001800a0001006d617463680000004400028008000240000000002c000300ebae551382395ae74d23edfcbe6d55b57cb15e63c15c46395916e2b388abc3d6ce2316334e8278ad0a0001006c696d6974000000000001800a0001006c696d69740000000900010073797a30000000000900020073797a32"], 0xbc}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800)
fcntl$notify(0xffffffffffffffff, 0x402, 0x1a)
sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000094c0)=ANY=[@ANYBLOB="8c45000043000701fefffffffcdbdf25017c000004004580744501800500500000000000080051000002"], 0x458c}, 0x1, 0x0, 0x0, 0xc004}, 0xc000)

6m47.863840595s ago: executing program 0 (id=925):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000280)='./file0\x00', 0x0, 0x97801, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f000000b240)={0x14, 0x2e, 0x301, 0x70bd26, 0xfffffffd, {0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x1882}, 0x4044080)
r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r4 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000dc0)={0x0}, 0x1, 0x0, 0x0, 0x24000800}, 0x40004)
r5 = dup(r3)
write$UHID_INPUT(r5, &(0x7f0000002080)={0xc, {"a2e3ad9bed0d52f91b30330887f70e06d038e7ff7fc6e5539b3272298b089b07081b4d090890e0878f0e1ac6e7049b3365959bfc9a240d2567f3988f7ef31952013fffe8d178708c523c921b1b9b39070d075d0936cd3b78130d9b61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c9000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdc80c47ee4f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78ff95b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af0000807e0000000002d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b4051db55e0510a6e4114a53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a6d8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000200)={0x1b, 0x0, 0x0, 0x5a1, 0x0, r2, 0x7, '\x00', 0x0, r2, 0x4, 0x1, 0x2}, 0x50)
r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)
getsockopt$PNPIPE_IFINDEX(r2, 0x113, 0x2, &(0x7f00000004c0)=<r8=>0x0, &(0x7f0000000500)=0x4)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000680)={0x6, 0x14, &(0x7f00000002c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@alu={0x7, 0x0, 0x9, 0x9, 0xc4874ae8ec05f7ac, 0xfffffffffffffffe, 0x1}, @alu={0x7, 0x0, 0x1, 0xa, 0x5, 0xe, 0xffffffffffffffff}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x4}, @map_val={0x18, 0x1, 0x2, 0x0, r7, 0x0, 0x0, 0x0, 0x8}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000380)='GPL\x00', 0x2, 0xf1, &(0x7f00000003c0)=""/241, 0x41000, 0x40, '\x00', r8, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000540)={0x1, 0x2}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, &(0x7f0000000580)=[{0x5, 0x5, 0xa, 0x4}, {0x2, 0x2, 0xb}, {0x0, 0x5, 0x8, 0x2}, {0x3, 0x4, 0x9, 0x3}, {0x5, 0x3, 0x0, 0x8}, {0x2, 0x4, 0xe, 0x5}, {0x4, 0x4, 0xc, 0x6}, {0x3, 0x3, 0x6}, {0x0, 0x5, 0x3, 0x7}], 0x10, 0x2}, 0x94)
move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x112)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x30, r9, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @val={0xc, 0x99, {0x5, 0x5}}}}, [@NL80211_ATTR_4ADDR={0x5, 0x53, 0x5}]}, 0x30}}, 0x0)

6m47.744299801s ago: executing program 0 (id=926):
setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000003040)}], 0x1}}], 0x1, 0x4000000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004003}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f00000000c0)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="4c000000100039042abd70000000000000000000", @ANYRES32=r3, @ANYBLOB="01180200031100002c0012800e00010069703665727370616e0000001800028008001500a8bc0d00040012"], 0x4c}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000180)=@newlink={0x54, 0x10, 0x401, 0x70bd28, 0x3, {0x0, 0x0, 0x0, r3, 0x0, 0x1c05}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x1}, @IFLA_GRE_LINK={0x8, 0x1, r3}, @IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x2}]}}}]}, 0x54}, 0x1, 0x0, 0x0, 0x10}, 0x12)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x3000, 0x0, 0x1})
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x2, 0x34000, 0x1})
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0xeeee8000, 0x2000, 0x1})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

6m47.600878019s ago: executing program 0 (id=928):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000160000000063010000000000009500000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x80)

6m47.553713063s ago: executing program 34 (id=928):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x4, &(0x7f0000000140)=ANY=[@ANYBLOB="1800000000000000000000160000000063010000000000009500000000000000"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x80)

3.27544484s ago: executing program 6 (id=3503):
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b70000001a000000bca30000000000002403000020feffff720af8fff8ffffff71a4f2ff000000001f030000000000002e100200000000002604fdffff0200007b01a700000000001d130000000000607a0a00fe0000001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a274000000000000000000000000000000000000000000000009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27}, 0x48)

3.274743805s ago: executing program 1 (id=3505):
add_key(0x0, 0x0, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x9)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
prlimit64(0x0, 0x0, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
syz_io_uring_setup(0x839, &(0x7f00000000c0)={0x0, 0x1998, 0x400, 0x2000004, 0x3ce}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000140))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000000680)={0x1, 0x40, 0x1, 0x0})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200))
ioctl$SNDCTL_DSP_SUBDIVIDE(0xffffffffffffffff, 0xc0045009, &(0x7f00000002c0)=0x1)
ioctl$SNDCTL_DSP_SUBDIVIDE(0xffffffffffffffff, 0xc0045009, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000002340)='mountstats\x00')
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000000200)={0x2020}, 0x2020)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r0, 0x80047213, &(0x7f00000001c0))
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000040)='binder\x00', 0x2200892, 0x0)
pread64(r3, &(0x7f0000002380)=""/253, 0xfd, 0x4eb) (fail_nth: 2)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000011c0), 0xffffffffffffffff)

3.217254245s ago: executing program 6 (id=3506):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x7, &(0x7f0000000380)={0x8, 0x21d7c00}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x9)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000280), 0x10db, 0x5b5700)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}, {0x0}], 0x2)
r1 = syz_open_dev$I2C(0x0, 0x1, 0x2003)
r2 = socket$xdp(0x2c, 0x3, 0x0)
r3 = syz_io_uring_setup(0x82f, &(0x7f0000000440)={0x0, 0xefe1, 0x8000, 0x2, 0x3ce}, &(0x7f0000000140)=<r4=>0x0, &(0x7f00000000c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0x81, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000240)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)=0x80)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
times(0x0)
ioctl$I2C_SMBUS(r1, 0x720, 0x0)
io_uring_enter(0xffffffffffffffff, 0x3517, 0xc2de, 0x9, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
r7 = openat$vsock(0xffffff9c, &(0x7f00000003c0), 0x1cb100, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000001c0)={'geneve1\x00', <r9=>0x0})
sendto$packet(r8, &(0x7f0000000400)="3f031c000302140006001e00895a", 0xe, 0x2004c8d5, &(0x7f0000000100)={0xc9, 0x88a8, r9, 0x1, 0x1, 0x6, @random="982fde63ab3e"}, 0x14)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000700)={r7, r9, 0x25, 0x0, @val=@tracing={0x0, 0x5}}, 0x1c)
r10 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r10, 0xc0045009, 0x0)
r11 = syz_open_procfs(0x0, &(0x7f0000000340)='mountstats\x00')
ioctl$FAT_IOCTL_GET_VOLUME_ID(r6, 0x80047213, 0x0)
mount(&(0x7f0000000300), 0x0, &(0x7f0000000040)='binder\x00', 0x2200892, 0x0)
pread64(r11, &(0x7f0000002380)=""/253, 0xfffffffffffffee6, 0x4eb)

2.749528661s ago: executing program 5 (id=3509):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0xff48, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001f000000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000500000000002604fdffff02000014010000033800001d13f8ff000000007a0af0ff0000001f0f14000000000050b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27}, 0x48)

2.748736372s ago: executing program 5 (id=3510):
socket$nl_xfrm(0x10, 0x3, 0x6)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
io_setup(0x23, &(0x7f00000001c0)=<r0=>0x0)
io_submit(r0, 0x1, &(0x7f0000000700)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}])
r1 = openat$uinput(0xffffff9c, &(0x7f0000000180), 0x802, 0x0)
ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000000)={{}, 'syz1\x00'})
ioctl$UI_DEV_CREATE(r1, 0x5501)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046208, 0x0)
mlockall(0x2)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'lo\x00'})
shmctl$SHM_UNLOCK(0x0, 0xc)

2.520228674s ago: executing program 5 (id=3511):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002002000001f1f120000060001000000000008000500", @ANYRES32=r0], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0)

2.400453642s ago: executing program 5 (id=3512):
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(0xffffffffffffffff, 0x84, 0x6b, &(0x7f0000000000)=[@in={0x2, 0x4e23, @remote}, @in6={0xa, 0x4e23, 0x8, @local, 0x413}, @in6={0xa, 0x4e23, 0x401, @remote, 0x200}], 0x48)
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) (async)
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f0000000040))
ioctl$FS_IOC_GETVERSION(r1, 0xc0145b0e, &(0x7f0000000000)) (async)
prctl$PR_SET_SECUREBITS(0x1c, 0x73) (async)
setuid(0xee01) (async)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r2, &(0x7f00000028c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x38, 0x1410, 0x1, 0x70bd2c, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_RES_LQPN={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_STAT_RES={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x24001850) (async)
r3 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)={0x2, 0x1, 0x0, 0x7, 0xc, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @empty}}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @remote}}]}, 0x60}}, 0x0) (async)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000000)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) (async)
r5 = getgid()
r6 = syz_open_dev$sndpcmc(&(0x7f0000004240), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_STATUS64(r6, 0xc0884123, &(0x7f0000000080)) (async)
lstat(&(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, <r7=>0x0}) (async)
getresgid(&(0x7f0000000180), &(0x7f00000001c0)=<r8=>0x0, &(0x7f0000000200))
setresgid(r5, r7, r8)
r9 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00')
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r10, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x64, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x38, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @numgen={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_NG_MODULUS={0x8}, @NFTA_NG_DREG={0x8, 0x1, 0x1, 0x0, 0x17}, @NFTA_NG_TYPE={0x8}, @NFTA_NG_OFFSET={0x8, 0x4, 0x1, 0x0, 0xf1d6}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xa}}}, 0x8c}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)
name_to_handle_at(r9, &(0x7f0000000240)='./mnt\x00', &(0x7f0000000280)=@FILEID_INO32_GEN_PARENT={0x10, 0x2, {{0x9, 0x8007}, 0x7f, 0x2}}, &(0x7f00000002c0), 0x1000)

2.40023626s ago: executing program 1 (id=3513):
add_key(0x0, 0x0, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xf, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x9)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
prlimit64(0x0, 0x0, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
syz_io_uring_setup(0x839, &(0x7f00000000c0)={0x0, 0x1998, 0x400, 0x2000004, 0x3ce}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000140))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
openat$sndseq(0xffffffffffffff9c, 0x0, 0x400240)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(0xffffffffffffffff, 0x0, 0x10)
mq_notify(0xffffffffffffffff, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_RECVMSG={0xa, 0x34, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000010c0)={0x0, 0x0, 0x0}, 0x0, 0x40000000})
r4 = syz_io_uring_setup(0x487, &(0x7f0000000100)={0x0, 0x59c4, 0x800, 0x1000, 0x1cc}, &(0x7f0000000300)=<r5=>0x0, &(0x7f0000000080))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/201, 0xc9}], 0x1)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000200)=[{0x30, 0x4, 0x0, 0x2}]}, 0x8)

1.480537037s ago: executing program 1 (id=3515):
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd2c, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x1a, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e76, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0xc}}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x880}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0xe2981)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0xfffffffc}}, &(0x7f0000000300)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r4}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x300, &(0x7f0000000040)={&(0x7f0000000d00)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000002c000000030a01080000002200000000010000000900030073797a32000000000900010073797a30000000005c000000060a010400000000000000000100000008000b40000000000900010073797a300000000034000480300001800a0001"], 0xd0}}, 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'})
sendmsg$NFQNL_MSG_VERDICT(0xffffffffffffffff, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000700)={0x20, 0x1, 0x3, 0x401, 0x0, 0x0, {}, [@NFQA_VERDICT_HDR={0xc}]}, 0x20}}, 0x0)

1.480019757s ago: executing program 6 (id=3516):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
setsockopt$sock_attach_bpf(r0, 0x1, 0x7, &(0x7f0000000340), 0x4)
sendmsg$inet(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000006c0), r1)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r1, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000040)={0x28, r2, 0x5, 0x70bd2a, 0x25dfdbff, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x5, 0x78}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x40008d2}, 0x40000)
r4 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r4, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0x9}, 0xa)
getpeername(r4, 0x0, &(0x7f00000000c0))
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000100)={0x1b, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x359a, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3}, 0x50)
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000180)={0xc, <r6=>r4, 'id0\x00'})
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={&(0x7f0000000480)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xac, 0xac, 0x7, [@enum={0x8, 0xa, 0x0, 0x6, 0x4, [{0xe, 0xfffffffa}, {0xe, 0x7}, {0x0, 0x5}, {0x10, 0x4}, {0x10, 0x5}, {0xf, 0x3}, {0x10, 0x7}, {0x8, 0x1}, {0x10, 0xfffeffff}, {0x10, 0x3}]}, @const={0x9, 0x0, 0x0, 0xa, 0x5}, @func_proto={0x0, 0x7, 0x0, 0xd, 0x0, [{0x8, 0x1}, {0x7, 0x1}, {0xa, 0x3}, {0x9, 0xfff}, {0xc, 0x1}, {0xf, 0x3}, {}]}]}, {0x0, [0x30, 0x61, 0x0, 0x2e, 0x30]}}, &(0x7f0000000580)=""/23, 0xcb, 0x17, 0x0, 0xa75}, 0x28)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000a00)={0xffffffffffffffff, 0xe0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000640)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x5, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000740)=[0x0, 0x0, 0x0, 0x0, 0x0], <r8=>0x0, 0x1a, &(0x7f0000000780)=[{}], 0x8, 0x10, &(0x7f0000000840), &(0x7f0000000880), 0x8, 0x78, 0x8, 0x8, &(0x7f00000008c0)}}, 0x10)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000a40)={{0x1, 0x1, 0x18, <r9=>r1, {0x8}}, './file0\x00'})
r10 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffbfff, 0x1, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000810018110000", @ANYRES32=r10, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0xa, 0x28, &(0x7f0000000200)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x1000}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x8}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @btf_id={0x18, 0x7, 0x3, 0x0, 0x4}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, 0x1}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000380)='GPL\x00', 0x5, 0x8c, &(0x7f00000003c0)=""/140, 0x41100, 0x18, '\x00', 0x0, @fallback=0x22, r7, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000600)={0x1, 0xa, 0x1, 0x400}, 0x10, r8, r9, 0x5, &(0x7f0000000a80)=[r10, 0x1], &(0x7f0000000ac0)=[{0x2, 0x2, 0x4}, {0x5, 0x4, 0x1}, {0x0, 0x1, 0xe}, {0x2, 0x3, 0x5, 0x4}, {0x5, 0x1, 0xa, 0x2}], 0x10, 0x1000}, 0x94)

1.380350242s ago: executing program 4 (id=3517):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r0}, 0x18)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xc53})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_GUEST_DEBUG_x86(r3, 0x4048ae9b, &(0x7f00000010c0)={0x150002, 0x0, {[0x0, 0x3ff, 0x4, 0x5, 0x5, 0x3, 0x5, 0x9]}})
syz_init_net_socket$ax25(0x3, 0x2, 0x32ac52efa01a7819)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$SNDCTL_DSP_RESET(0xffffffffffffffff, 0x80044dff, 0x1000000000000)

1.216801103s ago: executing program 4 (id=3518):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x9)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = syz_open_dev$I2C(0x0, 0x1, 0x2003)
r3 = socket$xdp(0x2c, 0x3, 0x0)
r4 = syz_io_uring_setup(0x839, &(0x7f00000000c0)={0x0, 0x1998, 0x400, 0x2000004, 0x3ce}, &(0x7f0000000040)=<r5=>0x0, &(0x7f0000000140)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000240)=@IORING_OP_SEND={0x1a, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0)
ioctl$I2C_SMBUS(r2, 0x720, 0x0)
io_uring_enter(0xffffffffffffffff, 0x3517, 0xc2de, 0x9, 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200))
r7 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r7, 0xc0045009, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f0000002340)='mountstats\x00')
ioctl$FAT_IOCTL_GET_VOLUME_ID(r0, 0x80047213, 0x0)
mount(&(0x7f0000000300), 0x0, &(0x7f0000000040)='binder\x00', 0x2200892, 0x0)
pread64(r8, &(0x7f0000002380)=""/253, 0xfd, 0x4eb)

646.904766ms ago: executing program 5 (id=3519):
socket$nl_xfrm(0x10, 0x3, 0x6)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
io_setup(0x23, &(0x7f00000001c0)=<r0=>0x0)
io_submit(r0, 0x1, &(0x7f0000000700)=[&(0x7f00000002c0)={0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x0}])
r1 = openat$uinput(0xffffff9c, &(0x7f0000000180), 0x802, 0x0)
ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000000)={{}, 'syz1\x00'})
ioctl$UI_DEV_CREATE(r1, 0x5501)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0x40046208, 0x0)
mlockall(0x2)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'lo\x00'})
shmctl$SHM_UNLOCK(0x0, 0xc)

510.867045ms ago: executing program 5 (id=3520):
add_key(0x0, 0x0, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x9)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
prlimit64(0x0, 0x0, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
syz_io_uring_setup(0x839, &(0x7f00000000c0)={0x0, 0x1998, 0x400, 0x2000004, 0x3ce}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000140))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000000680)={0x1, 0x40, 0x1, 0x0})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200))
ioctl$SNDCTL_DSP_SUBDIVIDE(0xffffffffffffffff, 0xc0045009, &(0x7f00000002c0)=0x1)
ioctl$SNDCTL_DSP_SUBDIVIDE(0xffffffffffffffff, 0xc0045009, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000002340)='mountstats\x00')
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000000200)={0x2020}, 0x2020)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r0, 0x80047213, &(0x7f00000001c0))
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000040)='binder\x00', 0x2200892, 0x0)
pread64(r3, &(0x7f0000002380)=""/253, 0xfd, 0x4eb)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000011c0), 0xffffffffffffffff)

446.068717ms ago: executing program 1 (id=3521):
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) (async)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000a40)={'ip6tnl0\x00', 0x0}) (async)
sendmsg(0xffffffffffffffff, 0x0, 0x0) (async)
socket$can_bcm(0x1d, 0x2, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$KVM_UNREGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae68, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r1 = syz_clone(0x61400, 0x0, 0xffffffffffffff7c, 0x0, 0x0, 0x0)
ptrace(0x10, r1) (async)
ptrace$getregset(0x4205, r1, 0x200, 0x0) (async)
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0) (async)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4)
r3 = accept4(r2, 0x0, 0x0, 0x80800)
sendmmsg$alg(r3, &(0x7f0000000400), 0x23, 0x8040010)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1, 0x0, 0x0, 0xf5000000}, 0x0) (async)
r4 = syz_io_uring_setup(0x239, &(0x7f0000000300)={0x0, 0x9c0e, 0x10100}, &(0x7f0000000000)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x0, 0x0, @fd_index=0x7})
io_uring_enter(r4, 0x2df0, 0x0, 0x0, 0x0, 0x0) (async)
syz_open_dev$tty1(0xc, 0x4, 0x1)

285.569218ms ago: executing program 4 (id=3522):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0xff48, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x2, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b70000001f000000bca30000000000002403000020feffff620af0fff8ffffff71a4f2ff000000001f03000000000000e5000500000000002604fdffff02000014010000033800001d13f8ff000000007a0af0ff0000001f0f14000000000060b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564163427afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101a3062cd54f9ff51d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a90144022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab540b8d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0981000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f80fb60e14b9eee094277bbc170882c8890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b6ef9d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec035d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2740000000000000000000000000000000000000000000a0009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb0000000000000005375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e4d5295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000000000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c975520000000000000000000000219cf5c1376ab33786f6b856d354e90a2733f78f2d188057cead3480eade49d55b770fad7fa000d23da6275768810b6b2df91d3a991ea98d929d271696c258d5b735d5db11df434e7dd1b7c1ca05cea3977df564115f4ec6ffab1d2ff8a642ca50934b3fbe44b0abeba9df209566984a29dfc0466e439a94e177b3c4d5f6e92b8176b9d6ddeeeb196fa964217f88e1acc180aaa4"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1f, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xfffffffffffffd27}, 0x48)

250.912282ms ago: executing program 6 (id=3523):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={0x58, 0x2, 0x6, 0x201, 0xe4340000, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x100}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x81}, 0x400001f)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000e8000000000040d900008500000023000000850000000f00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='mm_page_alloc\x00', r4}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000}, 0x94)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e40)=@newtfilter={0x38, 0x2c, 0xd27, 0x70bd2d, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0x0, 0x3}, {}, {0xfff3, 0xffe0}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x851}, 0x0)
r5 = socket(0x400000000010, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r5, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@delchain={0x24, 0x66, 0x221, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r7, {0x0, 0x1}, {}, {0xb, 0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x8848}, 0x20004800)
r8 = syz_genetlink_get_family_id$gtp(&(0x7f00000001c0), 0xffffffffffffffff)
r9 = ioctl$TUNGETDEVNETNS(r0, 0x54e3, 0x0)
r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r10, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r10, 0x0)
sendmsg$GTP_CMD_NEWPDP(r1, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000340)={&(0x7f0000000440)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r8, @ANYBLOB, @ANYRES32=r9, @ANYBLOB="0800090002000000080002000000000008000100", @ANYRES32=r3, @ANYBLOB="fa428558d19a8c5c", @ANYRES32=r10, @ANYBLOB], 0x64}, 0x1, 0x0, 0x0, 0x40040001}, 0x4)
mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r11=>0xffffffffffffffff})
sendmmsg$unix(r11, &(0x7f00000025c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}}, {{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x20000004}}], 0x2, 0x0)
socket(0xa, 0x1, 0x0)

171.087928ms ago: executing program 4 (id=3524):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r1=>0x0}) (async)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000073c0), r0)
sendmsg$NL80211_CMD_SET_MPATH(r0, &(0x7f00000074c0)={0x0, 0x0, &(0x7f0000007480)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01fbdbdf25160000000800030000000000007a6a437db0340f4b250b1e2d92506ca69e95268e1d9160ce2d870205ec6040b072c2c7d38ed483735196bef847bbb84aef4219d0019eac90b81f7f923e1a79495717564014e31d0fad43d9fdc9220b258fffbd23c314948a81d0c982e382160f20ce98842cd83e6ef08647cc311fd539b758d1529852f6cbd304f17ce1af54ee", @ANYRES32=r1, @ANYBLOB="0a0006000802110000010000"], 0x28}, 0x1, 0x0, 0x0, 0x24000000}, 0x0) (async)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) (async, rerun: 64)
shmget$private(0x0, 0x4000, 0x4, &(0x7f0000ffc000/0x4000)=nil) (async, rerun: 64)
openat$ppp(0xffffff9c, &(0x7f0000000040), 0x121000, 0x0)
close(0x3)

133.000674ms ago: executing program 1 (id=3525):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002002000001f1f120000060001000000000008000500", @ANYRES32=r0], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0)

60.163888ms ago: executing program 1 (id=3526):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000680)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r0}, 0x18)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r2, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0xc53})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_GUEST_DEBUG_x86(r3, 0x4048ae9b, &(0x7f00000010c0)={0x150002, 0x0, {[0x0, 0x3ff, 0x4, 0x5, 0x5, 0x3, 0x5, 0x9]}})
syz_init_net_socket$ax25(0x3, 0x2, 0x32ac52efa01a7819)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
ioctl$SNDCTL_DSP_RESET(0xffffffffffffffff, 0x80044dff, 0x1000000000000)

59.729119ms ago: executing program 4 (id=3527):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x12, 0x4000000a, 0x8, 0x2}, 0x50)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r0, 0x8008f513, &(0x7f0000000000))
read$FUSE(r1, &(0x7f0000019300)={0x2020}, 0x2020)

59.544942ms ago: executing program 6 (id=3528):
r0 = socket(0xa, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000ec0)=@raw={'raw\x00', 0xc08, 0x3, 0x418, 0x310, 0x5002004a, 0xb, 0x310, 0xea13, 0x3a8, 0x3c8, 0x3c8, 0x3a8, 0x3c8, 0x3, 0x0, {[{{@ip={@multicast2, @private=0xa010101, 0xff, 0xffffffff, 'bridge0\x00', 'veth0_macvtap\x00', {}, {0xff}, 0x5c, 0x3, 0x2}, 0x0, 0x2a0, 0x2e8, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{}, {0x16}, {0x4}, {}, {}, {0x0, 0x0, 0x5e}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x6}, {0x0, 0x0, 0x4}, {}, {0x4, 0x8}, {}, {}, {0x1}, {0x0, 0x0, 0x0, 0x7f}, {0x0, 0x4}, {}, {}, {}, {0xfffc}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {0x0, 0x0, 0x40}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x80}, {}, {}, {0x700}, {}, {}, {0x0, 0x0, 0xfd}]}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x478)

594.27µs ago: executing program 4 (id=3529):
add_key(0x0, 0x0, 0x0, 0x0, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x9)
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
prlimit64(0x0, 0x0, 0x0, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
syz_io_uring_setup(0x839, &(0x7f00000000c0)={0x0, 0x1998, 0x400, 0x2000004, 0x3ce}, &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000140))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, &(0x7f0000000680)={0x1, 0x40, 0x1, 0x0})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200))
ioctl$SNDCTL_DSP_SUBDIVIDE(0xffffffffffffffff, 0xc0045009, &(0x7f00000002c0)=0x1)
ioctl$SNDCTL_DSP_SUBDIVIDE(0xffffffffffffffff, 0xc0045009, 0x0)
r3 = syz_open_procfs(0x0, &(0x7f0000002340)='mountstats\x00')
r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000000200)={0x2020}, 0x2020)
ioctl$FAT_IOCTL_GET_VOLUME_ID(r0, 0x80047213, &(0x7f00000001c0))
mount(&(0x7f0000000300), &(0x7f0000000080)='.\x00', &(0x7f0000000040)='binder\x00', 0x2200892, 0x0)
pread64(r3, &(0x7f0000002380)=""/253, 0xfd, 0x4eb) (fail_nth: 4)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000011c0), 0xffffffffffffffff)

0s ago: executing program 6 (id=3530):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
lstat(&(0x7f0000000040)='./file1\x00', &(0x7f0000000080))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f00000003c0), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='quota'])
r0 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r0, &(0x7f0000000340)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r0, 0x8)
accept4(r0, 0x0, 0x0, 0x0)
recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000680)=@nl, 0x80, &(0x7f0000000300)=[{&(0x7f0000000280)=""/96, 0x60}, {&(0x7f0000000400)=""/151, 0x97}, {&(0x7f00000004c0)=""/98, 0x62}, {&(0x7f0000000540)=""/102, 0x66}, {&(0x7f00000005c0)=""/133, 0x85}], 0x5, &(0x7f00000001c0)=""/114, 0x72}, 0x40006160)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x1c5}]})
openat(0xffffffffffffff9c, &(0x7f0000004d00)='./file1\x00', 0x351142, 0x1cd)

kernel console output (not intermixed with test programs):

fc0000
[  473.030769][   T40] audit: type=1326 audit(1764433885.051:749): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15652 comm="syz.1.2716" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000
[  473.039280][   T40] audit: type=1326 audit(1764433885.051:750): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15652 comm="syz.1.2716" exe="/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf701d579 code=0x7ffc0000
[  473.046230][   T40] audit: type=1326 audit(1764433885.051:751): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15652 comm="syz.1.2716" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000
[  473.611567][T15687] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  473.616265][T15687] pvfs2: Unknown parameter './cgroup/syz0'
[  473.630704][T15685] netlink: 'syz.1.2724': attribute type 21 has an invalid length.
[  473.700152][T15692] input: syz0 as /devices/virtual/input/input43
[  474.033338][T15708] kvm: Disabled LAPIC found during irq injection
[  474.153532][T15716] __nla_validate_parse: 1 callbacks suppressed
[  474.153576][T15716] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2731'.
[  475.084632][   T54] usb 40-1: device descriptor read/8, error -110
[  475.175592][T15746] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(5)
[  475.178363][T15746] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  475.189810][T15746] vhci_hcd vhci_hcd.0: Device attached
[  475.281576][T15754] overlayfs: overlapping lowerdir path
[  475.454441][  T840] usb 50-1: SetAddress Request (26) to port 0
[  475.457121][  T840] usb 50-1: new SuperSpeed USB device number 26 using vhci_hcd
[  475.485543][   T54] usb usb40-port1: attempt power cycle
[  475.774419][T15747] vhci_hcd: connection reset by peer
[  475.776686][ T1143] vhci_hcd: stop threads
[  475.778114][ T1143] vhci_hcd: release socket
[  475.779697][ T1143] vhci_hcd: disconnect device
[  475.842937][T15758] netlink: 'syz.1.2747': attribute type 3 has an invalid length.
[  475.844801][T15757] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  475.845572][T15758] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2747'.
[  475.847587][T15757] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  475.853270][T15757] vhci_hcd vhci_hcd.0: Device attached
[  475.949281][   T83] bond0: (slave bond_slave_0): interface is now down
[  475.950978][T15757] netlink: 'syz.4.2750': attribute type 10 has an invalid length.
[  475.956809][   T83] bond0: (slave bond_slave_1): interface is now down
[  475.959529][T15757] syz_tun: entered promiscuous mode
[  475.964633][T15757] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  475.974429][   T83] bond0: (slave bond_slave_0): interface is now down
[  475.976638][   T83] bond0: (slave bond_slave_1): interface is now down
[  475.978795][   T83] bond0: (slave syz_tun): interface is now down
[  475.983702][   T83] bond0: now running without any active interface!
[  476.044987][   T54] usb usb40-port1: unable to enumerate USB device
[  476.373806][ T7588] usb 46-1: SetAddress Request (50) to port 0
[  476.381260][ T7588] usb 46-1: new SuperSpeed USB device number 50 using vhci_hcd
[  476.396258][T15762] vhci_hcd: connection reset by peer
[  476.401417][   T60] vhci_hcd: stop threads
[  476.403226][   T60] vhci_hcd: release socket
[  476.407223][   T60] vhci_hcd: disconnect device
[  476.539321][T15772] overlayfs: overlapping lowerdir path
[  476.613846][T15767] ebtables: wrong size: *len 264, entries_size 144, replsz 144
[  476.617888][T15767] netlink: 'syz.6.2752': attribute type 10 has an invalid length.
[  476.981223][   T61] usb 11-1: new high-speed USB device number 4 using dummy_hcd
[  477.134472][   T61] usb 11-1: Using ep0 maxpacket: 8
[  477.138441][   T61] usb 11-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  477.143065][   T61] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  477.147595][   T61] usb 11-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  477.151716][   T61] usb 11-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  477.157332][   T61] usb 11-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  477.161428][   T61] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  477.390542][   T61] usb 11-1: GET_CAPABILITIES returned 0
[  477.392934][   T61] usbtmc 11-1:16.0: can't read capabilities
[  477.805730][   T54] usb 11-1: USB disconnect, device number 4
[  477.938987][T15798] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  477.941466][T15798] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  477.944464][T15798] vhci_hcd vhci_hcd.0: Device attached
[  478.234474][T14905] usb 48-1: SetAddress Request (47) to port 0
[  478.236824][T14905] usb 48-1: new SuperSpeed USB device number 47 using vhci_hcd
[  478.412894][T15810] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2764'.
[  478.417553][T15810] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2764'.
[  478.464115][T15799] vhci_hcd: connection reset by peer
[  478.472168][ T1141] vhci_hcd: stop threads
[  478.474180][ T1141] vhci_hcd: release socket
[  478.477514][ T1141] vhci_hcd: disconnect device
[  478.503386][T15814] netlink: 108 bytes leftover after parsing attributes in process `syz.6.2766'.
[  478.506964][T15814] netlink: 108 bytes leftover after parsing attributes in process `syz.6.2766'.
[  478.825359][T15816] ubi31: attaching mtd0
[  478.844202][T15816] ubi31: scanning is finished
[  478.846953][T15816] ubi31: empty MTD device detected
[  479.159981][T15816] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  479.163166][T15816] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  479.166631][T15816] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  479.169709][T15816] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  479.172794][T15816] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  479.175939][T15816] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  479.179735][T15816] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3942388016
[  479.184165][T15816] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  479.189453][T15821] ubi31: background thread "ubi_bgt31d" started, PID 15821
[  479.328839][T15826] overlayfs: missing 'lowerdir'
[  479.574188][T15835] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  479.583684][T15835] pvfs2: Unknown parameter './cgroup/syz0'
[  479.742403][T15841] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2773'.
[  479.766954][T15828] binder: 15827:15828 ioctl 0 80000040 returned -22
[  479.772150][T15828] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2769'.
[  479.783750][T15828] netlink: 'syz.1.2769': attribute type 6 has an invalid length.
[  479.825821][T15828] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2769'.
[  480.524562][  T840] usb 50-1: device descriptor read/8, error -110
[  480.927250][  T840] usb usb50-port1: attempt power cycle
[  481.186240][T15868] tipc: Started in network mode
[  481.188302][T15868] tipc: Node identity c29fa8efe028, cluster identity 4711
[  481.191398][T15868] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  481.195605][T15868] syzkaller0: entered promiscuous mode
[  481.198014][T15868] syzkaller0: entered allmulticast mode
[  481.213066][T15868] tipc: Resetting bearer <eth:syzkaller0>
[  481.226082][T15867] tipc: Resetting bearer <eth:syzkaller0>
[  481.238767][T15867] tipc: Disabling bearer <eth:syzkaller0>
[  481.340976][T15870] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2783'.
[  481.374824][   T34] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  481.414474][ T7588] usb 46-1: device descriptor read/8, error -110
[  481.439464][T15876] efs: cannot read volume header
[  481.507781][  T840] usb usb50-port1: unable to enumerate USB device
[  481.526742][   T34] usb 6-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  481.542074][   T34] usb 6-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[  481.551589][   T34] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  481.554683][T15883] syz_tun: left promiscuous mode
[  481.556527][   T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  481.573218][T15883] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  481.768609][   T34] usb 6-1: USB disconnect, device number 10
[  481.836771][ T7588] usb usb46-port1: attempt power cycle
[  481.981727][T15866] random: crng reseeded on system resumption
[  481.991908][T15866] netlink: 'syz.1.2781': attribute type 10 has an invalid length.
[  482.001256][T15866] 8021q: adding VLAN 0 to HW filter on device team0
[  482.006889][T15866] bond0: (slave team0): Enslaving as an active interface with an up link
[  482.017261][T15866] netlink: 'syz.1.2781': attribute type 10 has an invalid length.
[  482.028381][T15866] bond0: (slave syz_tun): Enslaving as an active interface with an up link
[  482.050112][T15866] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  482.354113][T15889] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  482.361873][T15889] pvfs2: Unknown parameter './cgroup/syz0'
[  482.424241][ T7588] usb usb46-port1: unable to enumerate USB device
[  482.793359][ T5304] Bluetooth: hci4: Malformed Event: 0x2f
[  482.933415][T15910] netlink: 20 bytes leftover after parsing attributes in process `syz.6.2798'.
[  483.324776][T14905] usb 48-1: device descriptor read/8, error -110
[  483.739371][T14905] usb usb48-port1: attempt power cycle
[  483.880654][T15933] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  484.084362][T15944] IPVS: set_ctl: invalid protocol: 58 172.20.20.170:0
[  484.091919][T15943] input: syz0 as /devices/virtual/input/input44
[  484.117871][T15951] netlink: 'syz.4.2809': attribute type 1 has an invalid length.
[  484.140259][T15951] 8021q: adding VLAN 0 to HW filter on device bond1
[  484.163963][T15951] 8021q: adding VLAN 0 to HW filter on device bond1
[  484.166379][T15951] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  484.170237][T15951] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  484.231832][T15964] bond2: entered promiscuous mode
[  484.236085][T15962] input: syz0 as /devices/virtual/input/input45
[  484.236442][T15964] 8021q: adding VLAN 0 to HW filter on device bond2
[  484.242868][T15964] bond1: (slave bond2): Enslaving as an active interface with a down link
[  484.286287][T15964] macvlan2: entered promiscuous mode
[  484.288005][T15964] macvlan2: entered allmulticast mode
[  484.290043][T15964] bond1: entered promiscuous mode
[  484.291978][T15964] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  484.296459][T15964] bond1: left promiscuous mode
[  484.306305][T14905] usb usb48-port1: unable to enumerate USB device
[  484.402846][T15971] 9pnet_fd: Insufficient options for proto=fd
[  484.433876][T15962] Process accounting resumed
[  484.481271][T15976] overlayfs: workdir and upperdir must reside under the same mount
[  484.686134][T15992] overlayfs: overlapping lowerdir path
[  484.911586][ T7549] usb 11-1: new high-speed USB device number 5 using dummy_hcd
[  485.305789][ T7549] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  485.314157][ T7549] usb 11-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  485.317540][ T7549] usb 11-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  485.322269][ T7549] usb 11-1: New USB device found, idVendor=057e, idProduct=2019, bcdDevice= 0.00
[  485.334416][ T7549] usb 11-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  485.338867][ T7549] usb 11-1: config 0 descriptor??
[  485.453519][T16011] 9pnet_fd: Insufficient options for proto=fd
[  485.458415][T16007] overlayfs: missing 'lowerdir'
[  485.498999][T16013] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR
[  485.502926][ T7588] libceph: connect (1)[c::]:6789 error -101
[  485.508073][ T7588] libceph: mon0 (1)[c::]:6789 connect error
[  485.521436][T16024] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  485.549763][T16017] ceph: No mds server is up or the cluster is laggy
[  485.558655][ T7549] usbhid 11-1:0.0: can't add hid device: -71
[  485.569359][ T7549] usbhid 11-1:0.0: probe with driver usbhid failed with error -71
[  485.594574][ T7549] usb 11-1: USB disconnect, device number 5
[  485.599783][T16030] overlayfs: overlapping lowerdir path
[  485.691001][T16033] kAFS: unable to lookup cell '.,'
[  486.294985][T16061] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  486.622195][T16069] hub 9-0:1.0: USB hub found
[  486.624941][T16069] hub 9-0:1.0: 1 port detected
[  486.936602][T16074] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2846'.
[  487.632806][T16091] overlay: Unknown parameter '/'
[  487.722532][T16085] mac80211_hwsim hwsim23 wlan1: entered allmulticast mode
[  488.070174][T16104] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2855'.
[  488.346605][T16108] binder: 16105:16108 ioctl 0 80000040 returned -22
[  488.349602][T16108] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2856'.
[  488.352588][T16108] netlink: 'syz.1.2856': attribute type 6 has an invalid length.
[  488.355266][T16108] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2856'.
[  489.078516][T16121] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2860'.
[  489.087446][T16121] vlan2: entered promiscuous mode
[  489.089676][T16121] batadv0: entered promiscuous mode
[  489.128289][T16123] overlay: Unknown parameter '/'
[  489.361843][   T34] kernel write not supported for file /dsp (pid: 34 comm: kworker/3:0)
[  489.896230][T16150] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  489.898489][T16150] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  489.907048][T16148] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2866'.
[  489.939550][T16150] vhci_hcd vhci_hcd.0: Device attached
[  490.091984][T16148] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  490.305705][ T7588] usb 48-1: SetAddress Request (51) to port 0
[  490.308676][ T7588] usb 48-1: new SuperSpeed USB device number 51 using vhci_hcd
[  490.411835][T16151] vhci_hcd: connection reset by peer
[  490.414998][ T1143] vhci_hcd: stop threads
[  490.419036][ T1143] vhci_hcd: release socket
[  490.421184][ T1143] vhci_hcd: disconnect device
[  490.560853][T16164] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(7)
[  490.563375][T16164] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  490.584645][T16164] vhci_hcd vhci_hcd.0: Device attached
[  490.586103][T16172] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  490.598994][   T40] kauditd_printk_skb: 1 callbacks suppressed
[  490.599005][   T40] audit: type=1800 audit(1764433902.741:753): pid=16164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.2872" name="SYSV00000000" dev="hugetlbfs" ino=23 res=0 errno=0
[  490.761761][T16177] netlink: 'syz.1.2876': attribute type 1 has an invalid length.
[  490.766720][T16178] netlink: 'syz.1.2876': attribute type 1 has an invalid length.
[  490.821808][T16177] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  490.825894][T16177] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  490.909821][ T7549] usb 50-1: SetAddress Request (30) to port 0
[  490.911802][ T7549] usb 50-1: new SuperSpeed USB device number 30 using vhci_hcd
[  490.951376][T16173] vhci_hcd: connection reset by peer
[  490.972006][   T83] vhci_hcd: stop threads
[  490.973811][   T83] vhci_hcd: release socket
[  490.976635][   T83] vhci_hcd: disconnect device
[  491.034825][T16184] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2877'.
[  491.037833][T16184] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2877'.
[  491.259337][T16184] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2877'.
[  491.262225][T16184] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2877'.
[  491.274637][  T840] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  491.588736][  T840] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  491.593107][  T840] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 24367, setting to 1024
[  491.598043][  T840] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024
[  491.601482][  T840] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  491.604666][  T840] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  491.619999][T16178] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  491.635172][  T840] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  491.700851][T16199] netlink: 'syz.6.2881': attribute type 27 has an invalid length.
[  491.738239][T16199] gretap1: left promiscuous mode
[  491.760154][T16199] bond1: left promiscuous mode
[  491.762211][T16199] erspan1: left promiscuous mode
[  491.764471][T16199] bond1: left allmulticast mode
[  491.784167][T16199] erspan1: left allmulticast mode
[  491.965545][  T840] usb 6-1: USB disconnect, device number 11
[  492.084468][T16202] 8021q: adding VLAN 0 to HW filter on device bond0
[  492.089385][T16202] 8021q: adding VLAN 0 to HW filter on device team0
[  492.097050][T16202] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  492.853640][T16222] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  492.856361][T16222] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  492.861766][T16222] vhci_hcd vhci_hcd.0: Device attached
[  492.926821][  T840] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x4
[  492.929660][  T840] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x2
[  492.931996][  T840] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x0
[  492.936354][  T840] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x0
[  492.940049][  T840] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x0
[  492.942562][  T840] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x0
[  492.945206][  T840] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x0
[  492.947834][  T840] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x0
[  492.950445][  T840] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x0
[  492.952884][  T840] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x0
[  492.961209][  T840] hid-generic 0000:3000000:0000.0006: hidraw1: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  492.996771][T16227] fido_id[16227]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  493.105345][T16229] netlink: 'syz.1.2887': attribute type 1 has an invalid length.
[  493.113050][T16229] __nla_validate_parse: 3 callbacks suppressed
[  493.113065][T16229] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2887'.
[  493.130694][T16231] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2888'.
[  493.194465][   T61] usb 46-1: SetAddress Request (54) to port 0
[  493.197392][   T61] usb 46-1: new SuperSpeed USB device number 54 using vhci_hcd
[  493.212257][T16223] vhci_hcd: connection closed
[  493.213226][ T1143] vhci_hcd: stop threads
[  493.217588][ T1143] vhci_hcd: release socket
[  493.219650][ T1143] vhci_hcd: disconnect device
[  493.461649][T16241] gfs2: error -5 reading superblock
[  494.230656][T16249] hub 9-0:1.0: USB hub found
[  494.233141][T16249] hub 9-0:1.0: 1 port detected
[  495.309069][T16276] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2903'.
[  495.404469][ T7588] usb 48-1: device descriptor read/8, error -110
[  495.548977][T16286] hub 9-0:1.0: USB hub found
[  495.552206][T16286] hub 9-0:1.0: 1 port detected
[  495.608105][T16284] binder: 16277:16284 ioctl 0 80000040 returned -22
[  495.620746][T16284] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2904'.
[  495.624701][T16284] netlink: 'syz.4.2904': attribute type 6 has an invalid length.
[  495.627952][T16284] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2904'.
[  495.722253][T16268] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  495.735354][T16268] Bluetooth: hci3: Error when powering off device on rfkill (-4)
[  495.786317][T16268] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  495.788225][T16268] Bluetooth: hci4: Error when powering off device on rfkill (-4)
[  495.809248][T16268] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  495.811149][T16268] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  495.821871][ T7588] usb usb48-port1: attempt power cycle
[  495.974404][ T7549] usb 50-1: device descriptor read/8, error -110
[  496.387897][T16299] overlay: Unknown parameter 'obj_type'
[  496.413464][ T7588] usb usb48-port1: unable to enumerate USB device
[  496.425588][ T7549] usb usb50-port1: attempt power cycle
[  496.529732][T16303] fuse: Bad value for 'rootmode'
[  496.839688][ T6028] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  497.200498][ T7549] usb usb50-port1: unable to enumerate USB device
[  498.298461][   T61] usb 46-1: device descriptor read/8, error -110
[  498.348842][T16337] netlink: 'syz.6.2917': attribute type 1 has an invalid length.
[  498.716094][T16337] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR
[  498.719273][   T61] usb usb46-port1: attempt power cycle
[  498.998395][T16361] netlink: 1 bytes leftover after parsing attributes in process `syz.6.2921'.
[  499.240424][T16362] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  499.320602][T16365] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  499.326873][T16365] pvfs2: Unknown parameter './cgroup/syz0'
[  499.347016][T16365] FAULT_INJECTION: forcing a failure.
[  499.347016][T16365] name failslab, interval 1, probability 0, space 0, times 0
[  499.348621][T16367] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  499.352310][T16365] CPU: 1 UID: 0 PID: 16365 Comm: syz.6.2923 Not tainted syzkaller #0 PREEMPT(full) 
[  499.352347][T16365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  499.352358][T16365] Call Trace:
[  499.352365][T16365]  <TASK>
[  499.352371][T16365]  dump_stack_lvl+0x16c/0x1f0
[  499.352396][T16365]  should_fail_ex+0x512/0x640
[  499.352421][T16365]  ? kmem_cache_alloc_noprof+0x62/0x6e0
[  499.352442][T16365]  should_failslab+0xc2/0x120
[  499.352465][T16365]  kmem_cache_alloc_noprof+0x75/0x6e0
[  499.352481][T16365]  ? getname_flags.part.0+0x4c/0x550
[  499.352511][T16365]  ? getname_flags.part.0+0x4c/0x550
[  499.352533][T16365]  getname_flags.part.0+0x4c/0x550
[  499.352560][T16365]  getname_flags+0x93/0xf0
[  499.352578][T16365]  __ia32_sys_mkdir+0x51/0x80
[  499.352596][T16365]  __do_fast_syscall_32+0x7c/0x300
[  499.352620][T16365]  do_fast_syscall_32+0x32/0x80
[  499.352642][T16365]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  499.352662][T16365] RIP: 0023:0xf705d579
[  499.352676][T16365] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  499.352692][T16365] RSP: 002b:00000000f544d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000027
[  499.352709][T16365] RAX: ffffffffffffffda RBX: 0000000080000300 RCX: 0000000000000000
[  499.352720][T16365] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  499.352729][T16365] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  499.352738][T16365] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  499.352748][T16365] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  499.352770][T16365]  </TASK>
[  499.407012][   T61] usb usb46-port1: unable to enumerate USB device
[  499.423469][T16367] pvfs2: Unknown parameter './cgroup/syz0'
[  499.450854][T16370] overlayfs: overlapping lowerdir path
[  499.468469][T16372] netlink: 'syz.6.2925': attribute type 1 has an invalid length.
[  499.493017][T16372] 8021q: adding VLAN 0 to HW filter on device bond2
[  499.512745][T16372] bond2: (slave geneve2): making interface the new active one
[  499.519084][T16372] bond2: (slave geneve2): Enslaving as an active interface with an up link
[  499.522697][ T1141] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  499.528775][ T1141] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  499.531632][ T1141] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  499.542372][ T1141] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  500.148262][T16394] binder: 16384:16394 ioctl 0 80000040 returned -22
[  500.372413][T16391] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2931'.
[  500.375439][T16391] netlink: 'syz.6.2931': attribute type 6 has an invalid length.
[  500.378314][T16391] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2931'.
[  500.508648][T16398] FAULT_INJECTION: forcing a failure.
[  500.508648][T16398] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  500.514166][T16398] CPU: 2 UID: 0 PID: 16398 Comm: syz.4.2934 Not tainted syzkaller #0 PREEMPT(full) 
[  500.514190][T16398] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  500.514201][T16398] Call Trace:
[  500.514208][T16398]  <TASK>
[  500.514216][T16398]  dump_stack_lvl+0x16c/0x1f0
[  500.514240][T16398]  should_fail_ex+0x512/0x640
[  500.514270][T16398]  _copy_from_user+0x2e/0xd0
[  500.514314][T16398]  __ia32_compat_sys_setrlimit+0xe5/0x1f0
[  500.514341][T16398]  ? __pfx___ia32_compat_sys_setrlimit+0x10/0x10
[  500.514367][T16398]  ? __pfx_ksys_write+0x10/0x10
[  500.514388][T16398]  ? rcu_is_watching+0x12/0xc0
[  500.514406][T16398]  ? syscall_enter_from_user_mode_prepare+0x68/0xe0
[  500.514430][T16398]  __do_fast_syscall_32+0x7c/0x300
[  500.514455][T16398]  do_fast_syscall_32+0x32/0x80
[  500.514476][T16398]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  500.514498][T16398] RIP: 0023:0xf7f55579
[  500.514511][T16398] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  500.514527][T16398] RSP: 002b:00000000f544655c EFLAGS: 00000296 ORIG_RAX: 000000000000004b
[  500.514542][T16398] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000000
[  500.514551][T16398] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  500.514561][T16398] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  500.514571][T16398] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  500.514581][T16398] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  500.514601][T16398]  </TASK>
[  500.797242][T16409] overlayfs: overlapping lowerdir path
[  500.847933][T16411] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  500.854193][T16411] pvfs2: Unknown parameter './cgroup/syz0'
[  500.907253][T16407] random: crng reseeded on system resumption
[  500.911769][T16407] Hibernate inconsistent memory map detected!
[  500.914611][T16407] PM: hibernation: Image mismatch: architecture specific data
[  500.920138][T16407] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2937'.
[  500.930801][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  500.950773][T16414] input: syz1 as /devices/virtual/input/input46
[  501.116195][T16424] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2941'.
[  501.690309][T16427] netlink: 4536 bytes leftover after parsing attributes in process `syz.4.2943'.
[  501.693435][T16427] netlink: 4536 bytes leftover after parsing attributes in process `syz.4.2943'.
[  501.731221][T16429] fuse: Unknown parameter 'è›g0x0000000000000004'
[  502.030009][T16436] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  502.034200][T16436] pvfs2: Unknown parameter './cgroup/syz0'
[  502.037590][T16436] FAULT_INJECTION: forcing a failure.
[  502.037590][T16436] name failslab, interval 1, probability 0, space 0, times 0
[  502.041677][T16436] CPU: 2 UID: 0 PID: 16436 Comm: syz.1.2947 Not tainted syzkaller #0 PREEMPT(full) 
[  502.041692][T16436] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  502.041698][T16436] Call Trace:
[  502.041702][T16436]  <TASK>
[  502.041707][T16436]  dump_stack_lvl+0x16c/0x1f0
[  502.041723][T16436]  should_fail_ex+0x512/0x640
[  502.041739][T16436]  ? kmem_cache_alloc_lru_noprof+0x66/0x6e0
[  502.041752][T16436]  should_failslab+0xc2/0x120
[  502.041767][T16436]  kmem_cache_alloc_lru_noprof+0x79/0x6e0
[  502.041777][T16436]  ? __d_lookup+0x25c/0x4a0
[  502.041792][T16436]  ? __d_alloc+0x32/0xae0
[  502.041806][T16436]  ? __d_alloc+0x32/0xae0
[  502.041816][T16436]  __d_alloc+0x32/0xae0
[  502.041829][T16436]  d_alloc+0x4a/0x1e0
[  502.041843][T16436]  lookup_one_qstr_excl+0x175/0x250
[  502.041859][T16436]  ? mnt_want_write+0x161/0x450
[  502.041876][T16436]  filename_create+0x1e7/0x4a0
[  502.041886][T16436]  ? __pfx_filename_create+0x10/0x10
[  502.041896][T16436]  ? find_held_lock+0x2b/0x80
[  502.041912][T16436]  do_mkdirat+0xaa/0x3e0
[  502.041924][T16436]  ? __pfx_do_mkdirat+0x10/0x10
[  502.041935][T16436]  ? getname_flags.part.0+0x1c5/0x550
[  502.041953][T16436]  __ia32_sys_mkdir+0x61/0x80
[  502.041965][T16436]  __do_fast_syscall_32+0x7c/0x300
[  502.041986][T16436]  do_fast_syscall_32+0x32/0x80
[  502.042005][T16436]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  502.042023][T16436] RIP: 0023:0xf701d579
[  502.042035][T16436] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  502.042046][T16436] RSP: 002b:00000000f540d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000027
[  502.042056][T16436] RAX: ffffffffffffffda RBX: 0000000080000300 RCX: 0000000000000000
[  502.042062][T16436] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  502.042069][T16436] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  502.042077][T16436] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  502.042092][T16436] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  502.042115][T16436]  </TASK>
[  502.569098][T16444] overlayfs: failed to get index nlink (file1/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa, err=-61)
[  502.588400][T16442] binder: 16438:16442 ioctl 0 80000040 returned -22
[  502.594205][T16442] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2948'.
[  502.597964][T16442] netlink: 'syz.1.2948': attribute type 6 has an invalid length.
[  502.600674][T16442] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2948'.
[  502.939906][T16449] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  502.949348][T16449] pvfs2: Unknown parameter './cgroup/syz0'
[  503.338331][T16458] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  503.343782][T16458] pvfs2: Unknown parameter './cgroup/syz0'
[  503.427439][T16460] dlm: no locking on control device
[  503.816209][T16475] binder: 16465:16475 ioctl 0 80000040 returned -22
[  503.825205][T16475] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2958'.
[  503.829086][T16475] netlink: 'syz.1.2958': attribute type 6 has an invalid length.
[  504.676108][T16490] input: syz1 as /devices/virtual/input/input47
[  504.680759][T16489] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  504.690518][T16489] pvfs2: Unknown parameter './cgroup/syz0'
[  505.039785][   T46] Bluetooth: hci2: Frame reassembly failed (-84)
[  505.043531][ T1143] Bluetooth: hci2: Frame reassembly failed (-84)
[  505.072185][T16503] binder: 16497:16503 ioctl 0 80000040 returned -22
[  505.080291][T16503] __nla_validate_parse: 1 callbacks suppressed
[  505.080326][T16503] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2969'.
[  505.087276][T16503] netlink: 'syz.1.2969': attribute type 6 has an invalid length.
[  505.090613][T16503] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2969'.
[  505.098697][T16508] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2972'.
[  505.119161][T16508] team0: No ports can be present during mode change
[  505.491154][T16515] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(6)
[  505.493361][T16515] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  505.496500][T16515] vhci_hcd vhci_hcd.0: Device attached
[  505.501679][T16515] vhci_hcd vhci_hcd.0: port 0 already used
[  505.781143][T16529] input: syz1 as /devices/virtual/input/input48
[  505.794505][ T7549] usb 50-1: SetAddress Request (34) to port 0
[  505.797391][ T7549] usb 50-1: new SuperSpeed USB device number 34 using vhci_hcd
[  506.119747][T16516] vhci_hcd: connection reset by peer
[  506.121842][   T46] vhci_hcd: stop threads
[  506.123346][   T46] vhci_hcd: release socket
[  506.125091][   T46] vhci_hcd: disconnect device
[  506.568300][T16545] loop6: detected capacity change from 0 to 524279808
[  506.605090][T16545] loop6: detected capacity change from 524279808 to 1
[  506.611052][T16545] Dev loop6: unable to read RDB block 1
[  506.613663][T16545]  loop6: unable to read partition table
[  506.616566][T16545] loop6: partition table beyond EOD, truncated
[  506.619451][T16545] loop_reread_partitions: partition scan of loop6 (‰u0v°Ï	) failed (rc=-5)
[  506.698364][T16545] Unknown options in mask b7f2
[  506.755727][ T5354] Dev loop6: unable to read RDB block 1
[  506.758129][ T5354]  loop6: unable to read partition table
[  506.760729][ T5354] loop6: partition table beyond EOD, truncated
[  506.988292][T16562] kvm: vcpu 1027: requested lapic timer restore with starting count register 0x390=3759311525 (7518623050 ns) > initial count (6372733808 ns). Using initial count to start timer.
[  507.084458][   T64] Bluetooth: hci2: command 0x1003 tx timeout
[  507.084484][ T5304] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  507.206657][T16565] binder: 16555:16565 ioctl 0 80000040 returned -22
[  507.209830][T16565] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2986'.
[  507.219820][T16565] netlink: 'syz.5.2986': attribute type 6 has an invalid length.
[  507.223184][T16565] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2986'.
[  507.241122][ T1143] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  507.254569][ T1143] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  507.263856][ T1143] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  507.269657][ T1143] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  507.818330][T16576] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  507.820822][T16576] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  507.833311][T16576] vhci_hcd vhci_hcd.0: Device attached
[  507.899478][T16584] binder_alloc: 16583: binder_alloc_buf size 28672 failed, no address space
[  507.903729][T16584] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 16384 (num: 1 largest: 16384)
[  508.001262][T16592] netlink: 'syz.1.2998': attribute type 13 has an invalid length.
[  508.274618][   T61] usb 46-1: SetAddress Request (58) to port 0
[  508.276677][   T61] usb 46-1: new SuperSpeed USB device number 58 using vhci_hcd
[  508.372245][T16597] vlan0: entered promiscuous mode
[  508.378419][T16597] vlan0: entered allmulticast mode
[  508.413130][T16597] hsr_slave_1: entered allmulticast mode
[  508.556435][T16578] vhci_hcd: connection reset by peer
[  508.565333][   T60] vhci_hcd: stop threads
[  508.566768][   T60] vhci_hcd: release socket
[  508.568258][   T60] vhci_hcd: disconnect device
[  508.610907][T16602] macsec1: entered promiscuous mode
[  508.612733][T16602] macsec1: entered allmulticast mode
[  508.747772][T16604] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  508.756506][T16604] pvfs2: Unknown parameter './cgroup/syz0'
[  508.769449][T16604] FAULT_INJECTION: forcing a failure.
[  508.769449][T16604] name failslab, interval 1, probability 0, space 0, times 0
[  508.774098][T16604] CPU: 1 UID: 0 PID: 16604 Comm: syz.1.3002 Not tainted syzkaller #0 PREEMPT(full) 
[  508.774125][T16604] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  508.774132][T16604] Call Trace:
[  508.774137][T16604]  <TASK>
[  508.774141][T16604]  dump_stack_lvl+0x16c/0x1f0
[  508.774165][T16604]  should_fail_ex+0x512/0x640
[  508.774188][T16604]  ? __kmalloc_cache_noprof+0x5f/0x780
[  508.774209][T16604]  should_failslab+0xc2/0x120
[  508.774233][T16604]  __kmalloc_cache_noprof+0x72/0x780
[  508.774251][T16604]  ? afs_lookup_cell+0x8b2/0x1900
[  508.774288][T16604]  ? afs_lookup_cell+0x8b2/0x1900
[  508.774305][T16604]  afs_lookup_cell+0x8b2/0x1900
[  508.774323][T16604]  ? __pfx_afs_lookup_cell+0x10/0x10
[  508.774339][T16604]  ? find_held_lock+0x2b/0x80
[  508.774350][T16604]  ? net_generic+0xea/0x2a0
[  508.774367][T16604]  afs_dynroot_lookup+0x2e2/0xa90
[  508.774380][T16604]  ? d_alloc_parallel+0x12/0x1510
[  508.774396][T16604]  ? __pfx_afs_dynroot_lookup+0x10/0x10
[  508.774410][T16604]  ? lockdep_init_map_type+0x5c/0x280
[  508.774425][T16604]  ? lockdep_init_map_type+0x5c/0x280
[  508.774441][T16604]  __lookup_slow+0x251/0x460
[  508.774457][T16604]  ? __pfx___lookup_slow+0x10/0x10
[  508.774474][T16604]  ? __mod_node_page_state+0xd0/0x1d0
[  508.774492][T16604]  ? __mod_node_page_state+0xd0/0x1d0
[  508.774507][T16604]  ? d_lookup+0xe7/0x190
[  508.774524][T16604]  lookup_one_unlocked+0xd4/0x120
[  508.774540][T16604]  ovl_lookup_single+0x435/0x1330
[  508.774561][T16604]  ? __pfx_ovl_lookup_single+0x10/0x10
[  508.774580][T16604]  ovl_lookup_layer+0x3d4/0x480
[  508.774599][T16604]  ? __pfx_ovl_lookup_layer+0x10/0x10
[  508.774615][T16604]  ? ovl_lookup+0x1243/0x21a0
[  508.774626][T16604]  ovl_lookup+0x13f9/0x21a0
[  508.774641][T16604]  ? __pfx_ovl_lookup+0x10/0x10
[  508.774649][T16604]  ? __lock_acquire+0xb8a/0x1c90
[  508.774666][T16604]  ? rcu_is_watching+0x12/0xc0
[  508.774680][T16604]  ? do_raw_spin_lock+0x12c/0x2b0
[  508.774699][T16604]  ? do_raw_spin_unlock+0x172/0x230
[  508.774708][T16604]  ? _raw_spin_unlock+0x28/0x50
[  508.774721][T16604]  lookup_one_qstr_excl+0x1d1/0x250
[  508.774735][T16604]  ? mnt_want_write+0x161/0x450
[  508.774752][T16604]  filename_create+0x1e7/0x4a0
[  508.774763][T16604]  ? __pfx_filename_create+0x10/0x10
[  508.774772][T16604]  ? find_held_lock+0x2b/0x80
[  508.774788][T16604]  do_mkdirat+0xaa/0x3e0
[  508.774801][T16604]  ? __pfx_do_mkdirat+0x10/0x10
[  508.774813][T16604]  ? getname_flags.part.0+0x1c5/0x550
[  508.774830][T16604]  __ia32_sys_mkdir+0x61/0x80
[  508.774842][T16604]  __do_fast_syscall_32+0x7c/0x300
[  508.774856][T16604]  do_fast_syscall_32+0x32/0x80
[  508.774869][T16604]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  508.774882][T16604] RIP: 0023:0xf701d579
[  508.774891][T16604] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  508.774900][T16604] RSP: 002b:00000000f540d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000027
[  508.774911][T16604] RAX: ffffffffffffffda RBX: 0000000080000300 RCX: 0000000000000000
[  508.774917][T16604] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  508.774923][T16604] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  508.774929][T16604] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  508.774935][T16604] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  508.774948][T16604]  </TASK>
[  509.123778][T16617] binder_alloc: 16616: binder_alloc_buf size 73984 failed, no address space
[  509.127649][T16617] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 16384 (num: 1 largest: 16384)
[  509.317030][T16623] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3004'.
[  509.320170][T16623] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3004'.
[  510.120506][T14905] libceph: connect (1)[c::]:6789 error -101
[  510.142323][T14905] libceph: mon0 (1)[c::]:6789 connect error
[  510.175951][T16638] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  510.183091][T16638] pvfs2: Unknown parameter './cgroup/syz0'
[  510.243464][   T40] audit: type=1326 audit(1764433922.381:754): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16628 comm="syz.1.3009" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x0
[  510.389846][T16631] ceph: No mds server is up or the cluster is laggy
[  510.404142][T16645] hub 9-0:1.0: USB hub found
[  510.408777][T16645] hub 9-0:1.0: 1 port detected
[  510.414751][T14905] libceph: connect (1)[c::]:6789 error -101
[  510.417092][T14905] libceph: mon0 (1)[c::]:6789 connect error
[  510.674000][ T1141] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  510.844656][ T7549] usb 50-1: device descriptor read/8, error -110
[  511.046949][T16650] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  511.051630][T16650] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  511.154549][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  511.845171][   T83] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  512.204843][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  512.315838][   T40] audit: type=1800 audit(1764433924.461:755): pid=16671 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3019" name="SYSV00000000" dev="hugetlbfs" ino=2 res=0 errno=0
[  512.534365][ T7549] usb usb50-port1: attempt power cycle
[  512.545396][ T7588] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  512.647920][T16678] binder: 16675:16678 ioctl 0 80000040 returned -22
[  512.653641][T16678] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3020'.
[  512.657047][T16678] netlink: 'syz.5.3020': attribute type 6 has an invalid length.
[  512.723494][T16678] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3020'.
[  512.974929][ T1259] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  512.977261][T14905] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  512.995519][T16696] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  512.998914][T16696] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  513.176119][ T7549] usb usb50-port1: unable to enumerate USB device
[  513.244673][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  513.338380][   T61] usb 46-1: device descriptor read/8, error -110
[  513.750956][   T61] usb usb46-port1: attempt power cycle
[  514.097116][T14562] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  514.356084][T16714] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  514.367204][T16714] pvfs2: Unknown parameter './cgroup/syz0'
[  514.449488][   T61] usb usb46-port1: unable to enumerate USB device
[  514.863816][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  515.005193][ T7588] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  515.884816][ T9493] net_ratelimit: 2 callbacks suppressed
[  515.884835][ T9493] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  516.355721][ T1259] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  516.925846][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  517.455164][T14562] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  517.964886][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  518.555292][ T1259] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  518.606764][ T7588] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  519.004725][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  519.655319][T14564] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  520.045288][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  521.084563][    T9] net_ratelimit: 3 callbacks suppressed
[  521.084580][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  521.405743][ T7588] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  521.920608][T16735] fuse: Unknown parameter 'l0x0000000000000004ÿÿ00000000000000000000'
[  521.962484][T14562] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  522.136525][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  522.377499][T16761] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  522.379666][T16761] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  522.400491][T16761] vhci_hcd vhci_hcd.0: Device attached
[  523.054472][ T7588] usb 40-1: SetAddress Request (66) to port 0
[  523.056936][ T7588] usb 40-1: new SuperSpeed USB device number 66 using vhci_hcd
[  523.080150][T14562] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  523.276160][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  523.337667][T16762] vhci_hcd: connection reset by peer
[  523.340714][   T83] vhci_hcd: stop threads
[  523.342889][   T83] vhci_hcd: release socket
[  523.347592][   T83] vhci_hcd: disconnect device
[  523.894192][T16780] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3036'.
[  523.897254][T16780] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3036'.
[  524.785011][ T1141] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  524.919613][   T61] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  525.006940][ T9493] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  525.301260][T16794] hub 9-0:1.0: USB hub found
[  525.303913][T16794] hub 9-0:1.0: 1 port detected
[  525.907828][ T1259] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  527.015276][ T1259] net_ratelimit: 1 callbacks suppressed
[  527.015288][ T1259] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  527.084752][ T6211] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  527.558978][T16831] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3050'.
[  527.631071][T16834] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3047'.
[  527.634053][T16834] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3047'.
[  527.662896][T16837] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  527.668388][T16837] pvfs2: Unknown parameter './cgroup/syz0'
[  527.890088][T16843] evm: overlay not supported
[  527.948821][T16834] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3047'.
[  527.951603][T16834] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3047'.
[  527.974790][   T61] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  528.012982][T16834] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3047'.
[  528.015853][T16834] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3047'.
[  528.293463][ T7588] usb 40-1: device descriptor read/8, error -110
[  528.487025][   T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  528.697323][ T7588] usb usb40-port1: attempt power cycle
[  528.776111][T16860] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3059'.
[  529.070756][T16875] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3064'.
[  529.073641][T16875] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3064'.
[  529.197662][ T6211] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  529.354952][ T7588] usb usb40-port1: unable to enumerate USB device
[  529.446124][T16881] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3065'.
[  529.449255][T16881] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3065'.
[  529.454953][ T4288] usb 6-1: new full-speed USB device number 12 using dummy_hcd
[  529.650766][ T4288] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  529.664923][ T1141] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  529.686875][ T4288] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2
[  529.695623][ T4288] usb 6-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  529.697092][T16881] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3065'.
[  529.698610][ T4288] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  529.701267][T16881] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3065'.
[  529.725220][ T6015] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  529.749428][ T4288] usb 6-1: config 0 descriptor??
[  529.825051][ T4288] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  529.836963][ T4288] dvb-usb: bulk message failed: -22 (3/0)
[  529.868697][T16881] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3065'.
[  529.871564][T16881] netlink: 32 bytes leftover after parsing attributes in process `syz.6.3065'.
[  529.895051][ T4288] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  529.904672][ T4288] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  529.907091][ T4288] usb 6-1: media controller created
[  529.910654][ T4288] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  529.926757][ T4288] dvb-usb: bulk message failed: -22 (6/0)
[  529.929315][ T4288] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  529.936733][ T4288] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb6/6-1/input/input50
[  529.946295][ T4288] dvb-usb: schedule remote query interval to 150 msecs.
[  529.948716][ T4288] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  529.996128][T16870] ip6_vti0: Caught tx_queue_len zero misconfig
[  530.068824][ T4288] usb 6-1: USB disconnect, device number 12
[  530.131973][T16899] netlink: 48 bytes leftover after parsing attributes in process `syz.6.3070'.
[  530.142314][T16900] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3069'.
[  530.171656][ T4288] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  530.181158][T16902] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  530.183881][T16902] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  530.246703][T16904] bridge0: port 2(bridge_slave_1) entered disabled state
[  530.249111][T16904] bridge0: port 1(bridge_slave_0) entered disabled state
[  530.336401][ T6211] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  530.365024][ T7588] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  530.787071][ T1143] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  530.877620][T16921] binder: 16913:16921 ioctl 0 80000040 returned -22
[  530.884453][T16921] netlink: 'syz.1.3075': attribute type 6 has an invalid length.
[  531.142007][T16926] binder: 16910:16926 ioctl 0 80000040 returned -22
[  531.147084][T16926] netlink: 'syz.4.3074': attribute type 6 has an invalid length.
[  531.868923][T16935] input: syz1 as /devices/virtual/input/input51
[  531.985325][T16939] overlayfs: missing 'lowerdir'
[  532.035283][ T1143] net_ratelimit: 3 callbacks suppressed
[  532.035295][ T1143] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  532.625769][    T9] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  533.167056][ T1141] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  533.564646][    C3] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  533.629105][T16981] vlan0: entered promiscuous mode
[  533.631694][T16981] batadv0: entered promiscuous mode
[  533.645774][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  534.178819][T16999] __nla_validate_parse: 9 callbacks suppressed
[  534.178834][T16999] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3100'.
[  534.284957][ T1143] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  534.704758][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  534.845194][ T7588] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  534.960261][T17017] binder_alloc: 17016: binder_alloc_buf size 4043321344 failed, no address space
[  534.964054][T17017] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 16384 (num: 1 largest: 16384)
[  535.219190][T17023] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3108'.
[  535.384961][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  535.645610][T17028] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(6)
[  535.647756][T17028] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  535.650553][T17028] vhci_hcd vhci_hcd.0: Device attached
[  535.666933][T17028] fuse: Unknown parameter 'ÿÿÿÿ0x000000000000000a'
[  535.682337][T17035] vhci_hcd: connection closed
[  535.682608][   T46] vhci_hcd: stop threads
[  535.686546][   T46] vhci_hcd: release socket
[  535.695013][   T46] vhci_hcd: disconnect device
[  535.735148][ T9493] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  536.374445][ T6028] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  536.406786][T17047] binder_alloc: 17046: binder_alloc_buf size 4294979568 failed, no address space
[  536.410979][T17047] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 16384 (num: 1 largest: 16384)
[  536.747437][ T6028] usb 9-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  536.751696][ T6028] usb 9-1: config 0 interface 0 has no altsetting 0
[  536.758019][ T6028] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  536.761730][ T6028] usb 9-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  536.765243][ T6028] usb 9-1: Product: syz
[  536.766967][ T6028] usb 9-1: Manufacturer: syz
[  536.768908][ T6028] usb 9-1: SerialNumber: syz
[  536.773339][ T6028] usb 9-1: config 0 descriptor??
[  536.781759][ T6028] usb 9-1: selecting invalid altsetting 0
[  537.014640][   T10] usb 9-1: USB disconnect, device number 10
[  537.342945][T17060] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3118'.
[  537.348810][T17060] vlan3: entered promiscuous mode
[  537.350483][T17060] batadv0: entered promiscuous mode
[  537.467204][T17062] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3119'.
[  537.509643][T17064] netlink: 48 bytes leftover after parsing attributes in process `syz.5.3120'.
[  537.587511][T17067] input: syz1 as /devices/virtual/input/input52
[  537.627503][   T46] net_ratelimit: 2 callbacks suppressed
[  537.627513][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  537.804997][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  537.885262][ T7588] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  538.137819][T17076] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  538.140292][T17076] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  538.142978][T17076] vhci_hcd vhci_hcd.0: Device attached
[  538.156804][T17078] vhci_hcd: connection closed
[  538.157265][ T1259] vhci_hcd: stop threads
[  538.160360][ T1259] vhci_hcd: release socket
[  538.161819][ T1259] vhci_hcd: disconnect device
[  538.585003][T17088] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  538.592621][T17088] pvfs2: Unknown parameter './cgroup/syz0'
[  538.646568][T17094] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  539.375904][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  539.386923][ T1259] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  539.563144][T17106] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3131'.
[  539.578351][T17106] vlan0: entered promiscuous mode
[  539.814036][T17121] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3133'.
[  539.817153][T17121] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3133'.
[  540.025321][T17121] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3133'.
[  540.028279][T17121] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3133'.
[  540.054229][T17125] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  540.074130][T17125] pvfs2: Unknown parameter './cgroup/syz0'
[  540.253107][T17121] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3133'.
[  540.258638][T17121] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3133'.
[  540.274104][ T4288] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  540.336533][T17135] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3141'.
[  540.444723][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  540.650803][ T1259] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  540.717214][   T40] audit: type=1326 audit(1764433952.851:756): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17137 comm="syz.6.3142" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x0
[  540.926065][ T7588] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  541.701451][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  541.713427][T17165] input: syz1 as /devices/virtual/input/input53
[  541.877243][T17170] FAULT_INJECTION: forcing a failure.
[  541.877243][T17170] name failslab, interval 1, probability 0, space 0, times 0
[  541.881749][T17170] CPU: 2 UID: 0 PID: 17170 Comm: syz.1.3148 Not tainted syzkaller #0 PREEMPT(full) 
[  541.881764][T17170] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  541.881770][T17170] Call Trace:
[  541.881774][T17170]  <TASK>
[  541.881779][T17170]  dump_stack_lvl+0x16c/0x1f0
[  541.881796][T17170]  should_fail_ex+0x512/0x640
[  541.881812][T17170]  ? kmem_cache_alloc_node_noprof+0x65/0x770
[  541.881825][T17170]  should_failslab+0xc2/0x120
[  541.881839][T17170]  kmem_cache_alloc_node_noprof+0x78/0x770
[  541.881850][T17170]  ? __alloc_skb+0x2b2/0x380
[  541.881869][T17170]  ? __alloc_skb+0x2b2/0x380
[  541.881883][T17170]  ? __pfx_netlink_insert+0x10/0x10
[  541.881893][T17170]  __alloc_skb+0x2b2/0x380
[  541.881909][T17170]  ? __pfx___alloc_skb+0x10/0x10
[  541.881925][T17170]  ? netlink_autobind.isra.0+0x158/0x370
[  541.881939][T17170]  netlink_alloc_large_skb+0x69/0x140
[  541.881951][T17170]  netlink_sendmsg+0x698/0xdd0
[  541.881965][T17170]  ? __pfx_netlink_sendmsg+0x10/0x10
[  541.881977][T17170]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  541.881995][T17170]  ____sys_sendmsg+0xa98/0xc70
[  541.882007][T17170]  ? full_page_sectors_uptodate+0xd0/0x230
[  541.882021][T17170]  ? __pfx_____sys_sendmsg+0x10/0x10
[  541.882033][T17170]  ? get_compat_msghdr+0x11a/0x170
[  541.882049][T17170]  ___sys_sendmsg+0x134/0x1d0
[  541.882060][T17170]  ? __pfx____sys_sendmsg+0x10/0x10
[  541.882076][T17170]  ? find_held_lock+0x2b/0x80
[  541.882096][T17170]  __sys_sendmsg+0x16d/0x220
[  541.882107][T17170]  ? __pfx___sys_sendmsg+0x10/0x10
[  541.882122][T17170]  ? rcu_is_watching+0x12/0xc0
[  541.882135][T17170]  __do_fast_syscall_32+0x7c/0x300
[  541.882150][T17170]  do_fast_syscall_32+0x32/0x80
[  541.882163][T17170]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  541.882176][T17170] RIP: 0023:0xf701d579
[  541.882185][T17170] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  541.882195][T17170] RSP: 002b:00000000f540d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  541.882205][T17170] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000240
[  541.882211][T17170] RDX: 0000000004000000 RSI: 0000000000000000 RDI: 0000000000000000
[  541.882217][T17170] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  541.882223][T17170] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  541.882229][T17170] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  541.882242][T17170]  </TASK>
[  542.040791][T17149] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  543.067569][T14562] net_ratelimit: 1 callbacks suppressed
[  543.067585][T14562] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  543.069658][T17189] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3154'.
[  543.098747][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  543.140939][T17198] binder: BINDER_SET_CONTEXT_MGR already set
[  543.144041][T17198] binder: 17194:17198 ioctl 4018620d 80000040 returned -16
[  543.167982][T17200] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3158'.
[  543.173925][T17200] vlan0: entered promiscuous mode
[  544.070833][ T7588] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  544.136851][ T9493] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  544.199409][T17223] 
: renamed from bridge_slave_0 (while UP)
[  544.607889][ T1259] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  545.577013][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  545.598338][T17236] binder: 17235:17236 ioctl 0 80000040 returned -22
[  545.600771][T17248] binder: 17247:17248 ioctl c0306201 800001c0 returned -14
[  545.605839][T17236] __nla_validate_parse: 1 callbacks suppressed
[  545.605848][T17236] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3169'.
[  545.611752][T17236] netlink: 'syz.6.3169': attribute type 6 has an invalid length.
[  545.614723][T17236] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3169'.
[  545.737542][   T46] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  546.605122][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  546.683995][T17265] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3177'.
[  546.864646][   T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  547.095497][ T7588] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  547.541844][   T40] audit: type=1326 audit(1764433959.681:757): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17281 comm="syz.1.3182" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf701d579 code=0x0
[  547.549213][   T40] audit: type=1326 audit(1764433959.691:758): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17281 comm="syz.1.3182" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf701d579 code=0x0
[  547.765707][T17288] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(5)
[  547.768434][T17288] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  547.785376][T17288] vhci_hcd vhci_hcd.0: Device attached
[  547.808769][T17267] binder: 17266:17267 ioctl 0 80000040 returned -22
[  547.812944][T17267] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3179'.
[  547.815876][T17267] netlink: 'syz.4.3179': attribute type 6 has an invalid length.
[  547.818473][T17267] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3179'.
[  547.826983][T17292] binder: BINDER_SET_CONTEXT_MGR already set
[  547.828974][T17292] binder: 17291:17292 ioctl 4018620d 80000040 returned -16
[  547.831688][T17292] binder: 17291:17292 ioctl c0306201 800001c0 returned -14
[  547.869777][T17297] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  547.872186][T17297] overlayfs: failed to set xattr on upper
[  547.874134][T17297] overlayfs: ...falling back to redirect_dir=nofollow.
[  547.876379][T17297] overlayfs: ...falling back to metacopy=off.
[  547.878406][T17297] overlayfs: ...falling back to index=off.
[  547.880366][T17297] overlayfs: ...falling back to uuid=null.
[  547.909932][T17297] pimreg: entered allmulticast mode
[  547.930679][T17300] FAULT_INJECTION: forcing a failure.
[  547.930679][T17300] name failslab, interval 1, probability 0, space 0, times 0
[  547.936694][T17300] CPU: 3 UID: 0 PID: 17300 Comm: syz.4.3186 Not tainted syzkaller #0 PREEMPT(full) 
[  547.936718][T17300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  547.936729][T17300] Call Trace:
[  547.936735][T17300]  <TASK>
[  547.936741][T17300]  dump_stack_lvl+0x16c/0x1f0
[  547.936768][T17300]  should_fail_ex+0x512/0x640
[  547.936792][T17300]  ? __kmalloc_cache_noprof+0x5f/0x780
[  547.936813][T17300]  should_failslab+0xc2/0x120
[  547.936836][T17300]  __kmalloc_cache_noprof+0x72/0x780
[  547.936852][T17300]  ? net_generic+0xea/0x2a0
[  547.936874][T17300]  ? ip_set_create+0x346/0x14d0
[  547.936902][T17300]  ? ip_set_create+0x346/0x14d0
[  547.936926][T17300]  ip_set_create+0x346/0x14d0
[  547.936955][T17300]  ? __pfx_ip_set_create+0x10/0x10
[  547.936998][T17300]  ? find_held_lock+0x2b/0x80
[  547.937024][T17300]  nfnetlink_rcv_msg+0x9fc/0x1200
[  547.937058][T17300]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  547.937085][T17300]  ? consume_skb+0xcc/0x100
[  547.937127][T17300]  ? __pfx___dev_queue_xmit+0x10/0x10
[  547.937157][T17300]  netlink_rcv_skb+0x158/0x420
[  547.937176][T17300]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  547.937201][T17300]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  547.937230][T17300]  ? ns_capable+0xd7/0x110
[  547.937254][T17300]  nfnetlink_rcv+0x1b3/0x430
[  547.937277][T17300]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  547.937298][T17300]  ? netlink_deliver_tap+0x1ae/0xd30
[  547.937321][T17300]  netlink_unicast+0x5aa/0x870
[  547.937344][T17300]  ? __pfx_netlink_unicast+0x10/0x10
[  547.937371][T17300]  netlink_sendmsg+0x8c8/0xdd0
[  547.937394][T17300]  ? __pfx_netlink_sendmsg+0x10/0x10
[  547.937417][T17300]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  547.937447][T17300]  ____sys_sendmsg+0xa98/0xc70
[  547.937466][T17300]  ? full_page_sectors_uptodate+0xd0/0x230
[  547.937490][T17300]  ? __pfx_____sys_sendmsg+0x10/0x10
[  547.937510][T17300]  ? get_compat_msghdr+0x11a/0x170
[  547.937535][T17300]  ___sys_sendmsg+0x134/0x1d0
[  547.937555][T17300]  ? __pfx____sys_sendmsg+0x10/0x10
[  547.937585][T17300]  ? find_held_lock+0x2b/0x80
[  547.937625][T17300]  __sys_sendmsg+0x16d/0x220
[  547.937643][T17300]  ? __pfx___sys_sendmsg+0x10/0x10
[  547.937675][T17300]  ? rcu_is_watching+0x12/0xc0
[  547.937698][T17300]  __do_fast_syscall_32+0x7c/0x300
[  547.937724][T17300]  do_fast_syscall_32+0x32/0x80
[  547.937746][T17300]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  547.937768][T17300] RIP: 0023:0xf7f55579
[  547.937782][T17300] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  547.937799][T17300] RSP: 002b:00000000f544655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  547.937814][T17300] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000240
[  547.937826][T17300] RDX: 0000000004000000 RSI: 0000000000000000 RDI: 0000000000000000
[  547.937837][T17300] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  547.937846][T17300] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  547.937855][T17300] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  547.937879][T17300]  </TASK>
[  548.069634][    C3] vkms_vblank_simulate: vblank timer overrun
[  548.087299][T17289] vhci_hcd: connection closed
[  548.087569][ T1143] vhci_hcd: stop threads
[  548.090634][ T1143] vhci_hcd: release socket
[  548.093535][ T1143] vhci_hcd: disconnect device
[  548.150998][T17302] hub 9-0:1.0: USB hub found
[  548.152866][T17302] hub 9-0:1.0: 1 port detected
[  548.555053][   T60] net_ratelimit: 1 callbacks suppressed
[  548.555072][   T60] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  549.074840][   T10] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  549.386259][T17321] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3191'.
[  549.389393][T17321] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3191'.
[  549.615351][   T34] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  549.638259][T17321] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3191'.
[  549.641250][T17321] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3191'.
[  549.747481][T17321] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3191'.
[  549.962499][T14562] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  550.038721][T17332] fuse: Bad value for 'fd'
[  550.124933][ T9493] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  550.127564][   T61] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  551.086284][ T1141] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  551.109378][T17344] __nla_validate_parse: 1 callbacks suppressed
[  551.109393][T17344] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3198'.
[  551.115439][T17343] input: syz1 as /devices/virtual/input/input54
[  551.166790][T17347] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3200'.
[  551.171524][T17348] overlayfs: conflicting lowerdir path
[  551.174908][T17347] vlan0: entered promiscuous mode
[  551.193245][ T9493] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  551.404466][T17354] netlink: 'syz.5.3202': attribute type 4 has an invalid length.
[  551.493301][   T40] audit: type=1326 audit(1764433963.631:759): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17371 comm="syz.4.3216" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x0
[  551.994497][T17348] orangefs_mount: mount request failed with -4
[  552.470213][T17390] input: syz1 as /devices/virtual/input/input55
[  552.599373][T17388] hub 9-0:1.0: USB hub found
[  552.602070][T17388] hub 9-0:1.0: 1 port detected
[  553.176880][T17397] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3213'.
[  553.201975][T17400] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3215'.
[  553.212740][T17400] vlan0: entered promiscuous mode
[  553.397816][T17409] binder: 17407:17409 ioctl c0306201 800001c0 returned -14
[  553.574163][T17417] hub 9-0:1.0: USB hub found
[  553.581907][T17417] hub 9-0:1.0: 1 port detected
[  554.389785][T17422] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  554.395211][T17422] pvfs2: Unknown parameter './cgroup/syz0'
[  554.399484][T17422] overlay: filesystem on ./file1 not supported as upperdir
[  554.404124][T17422] netlink: 'syz.5.3223': attribute type 1 has an invalid length.
[  554.515984][T17424] binder: 17413:17424 ioctl 0 80000040 returned -22
[  554.521493][T17424] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3222'.
[  554.526714][T17424] netlink: 'syz.1.3222': attribute type 6 has an invalid length.
[  554.529277][T17424] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3222'.
[  554.928916][T17437] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3227'.
[  555.069232][T17444] binder: 17443:17444 ioctl c0306201 800001c0 returned -14
[  555.656540][   T60] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  556.216361][   T60] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  556.246317][   T64] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  556.250177][   T64] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  556.253615][   T64] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  556.258889][   T64] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  556.262957][   T64] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  556.327813][ T5304] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  556.330435][ T5304] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  556.334857][ T5304] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  556.335440][   T60] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  556.349512][ T5304] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  556.354259][ T5304] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  556.490146][   T60] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  556.535302][T17454] chnl_net:caif_netlink_parms(): no params data found
[  556.583928][T17454] bridge0: port 1(bridge_slave_0) entered blocking state
[  556.586422][T17469] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3236'.
[  556.586805][T17469] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3236'.
[  556.593412][T17454] bridge0: port 1(bridge_slave_0) entered disabled state
[  556.596877][T17454] bridge_slave_0: entered allmulticast mode
[  556.599660][T17454] bridge_slave_0: entered promiscuous mode
[  556.603048][T17454] bridge0: port 2(bridge_slave_1) entered blocking state
[  556.605972][T17454] bridge0: port 2(bridge_slave_1) entered disabled state
[  556.608506][T17454] bridge_slave_1: entered allmulticast mode
[  556.611213][T17454] bridge_slave_1: entered promiscuous mode
[  556.630275][T17454] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  556.636469][T17454] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  556.675694][T17454] team0: Port device team_slave_0 added
[  556.697777][T17454] team0: Port device team_slave_1 added
[  556.709145][T17469] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3236'.
[  556.713141][T17469] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3236'.
[  556.718542][T17454] batman_adv: batadv0: Adding interface: batadv_slave_0
[  556.726374][T17454] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  556.746715][T17454] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  556.776592][T17454] batman_adv: batadv0: Adding interface: batadv_slave_1
[  556.784862][T17454] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  556.804525][T17454] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  556.821844][T17469] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3236'.
[  556.825866][T17469] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3236'.
[  556.846898][T17454] hsr_slave_0: entered promiscuous mode
[  556.850296][T17454] hsr_slave_1: entered promiscuous mode
[  556.853007][T17454] debugfs: 'hsr0' already exists in 'hsr'
[  556.855029][T17454] Cannot create hsr debugfs directory
[  556.900873][   T60] bridge_slave_1: left allmulticast mode
[  556.902764][   T60] bridge_slave_1: left promiscuous mode
[  556.904990][   T60] bridge0: port 2(bridge_slave_1) entered disabled state
[  556.908497][   T60] bridge_slave_0: left allmulticast mode
[  556.910601][   T60] bridge_slave_0: left promiscuous mode
[  556.913207][   T60] bridge0: port 1(bridge_slave_0) entered disabled state
[  557.083801][   T60] bond1 (unregistering): (slave erspan1): Releasing active interface
[  557.142161][   T60] bond2 (unregistering): (slave geneve2): Releasing active interface
[  557.296149][   T40] audit: type=1326 audit(1764433969.441:760): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17477 comm="syz.1.3237" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000
[  557.313374][   T40] audit: type=1326 audit(1764433969.441:761): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17477 comm="syz.1.3237" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000
[  557.327201][   T40] audit: type=1326 audit(1764433969.441:762): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17477 comm="syz.1.3237" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf701d579 code=0x7ffc0000
[  557.335717][   T40] audit: type=1326 audit(1764433969.441:763): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17477 comm="syz.1.3237" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000
[  557.342757][   T40] audit: type=1326 audit(1764433969.441:764): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17477 comm="syz.1.3237" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000
[  557.350757][   T40] audit: type=1326 audit(1764433969.441:765): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17477 comm="syz.1.3237" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf701d579 code=0x7ffc0000
[  557.358725][   T40] audit: type=1326 audit(1764433969.441:766): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17477 comm="syz.1.3237" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000
[  557.368056][   T40] audit: type=1326 audit(1764433969.441:767): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17477 comm="syz.1.3237" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000
[  557.375876][   T40] audit: type=1326 audit(1764433969.441:768): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17477 comm="syz.1.3237" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf701d579 code=0x7ffc0000
[  557.383913][   T40] audit: type=1326 audit(1764433969.471:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17477 comm="syz.1.3237" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf701d579 code=0x7ffc0000
[  557.506533][   T60] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  557.512299][   T60] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  557.516784][   T60] bond0 (unregistering): Released all slaves
[  557.631979][   T60] bond1 (unregistering): Released all slaves
[  557.724754][   T60] bond2 (unregistering): Released all slaves
[  557.822076][T17489] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  557.910633][T17489] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  558.064214][   T60] tipc: Left network mode
[  558.228807][T17497] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  558.230995][T17497] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  558.233743][T17497] vhci_hcd vhci_hcd.0: Device attached
[  558.263033][T17482] netlink: 7 bytes leftover after parsing attributes in process `syz.1.3239'.
[  558.329640][   T60] hsr_slave_0: left promiscuous mode
[  558.348059][   T60] hsr_slave_1: left promiscuous mode
[  558.350355][   T60] batman_adv: batadv0: Removing interface: batadv_slave_0
[  558.353130][   T60] batman_adv: batadv0: Removing interface: batadv_slave_1
[  558.425306][T17498] vhci_hcd: connection closed
[  558.425586][ T1141] vhci_hcd: stop threads
[  558.428583][ T1141] vhci_hcd: release socket
[  558.430212][ T1141] vhci_hcd: disconnect device
[  558.447162][ T5304] Bluetooth: hci1: command tx timeout
[  558.567906][T17509] hub 9-0:1.0: USB hub found
[  558.570130][T17509] hub 9-0:1.0: 1 port detected
[  558.839049][   T60] team0 (unregistering): Port device team_slave_1 removed
[  558.943568][   T60] team0 (unregistering): Port device C removed
[  559.058539][T17511] fuse: Unknown parameter ''
[  559.835462][T17537] input: syz1 as /devices/virtual/input/input56
[  559.947110][T17454] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  559.958277][T17454] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  559.964246][T17454] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  559.972867][T17454] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  560.030040][T17454] 8021q: adding VLAN 0 to HW filter on device bond0
[  560.042251][T17454] 8021q: adding VLAN 0 to HW filter on device team0
[  560.050525][T14562] bridge0: port 1(bridge_slave_0) entered blocking state
[  560.053623][T14562] bridge0: port 1(bridge_slave_0) entered forwarding state
[  560.068365][T14562] bridge0: port 2(bridge_slave_1) entered blocking state
[  560.071447][T14562] bridge0: port 2(bridge_slave_1) entered forwarding state
[  560.192610][T17454] 8021q: adding VLAN 0 to HW filter on device batadv0
[  560.336904][T17454] veth0_vlan: entered promiscuous mode
[  560.342167][T17454] veth1_vlan: entered promiscuous mode
[  560.358105][T17454] veth0_macvtap: entered promiscuous mode
[  560.363542][T17454] veth1_macvtap: entered promiscuous mode
[  560.374901][T17454] batman_adv: batadv0: Interface activated: batadv_slave_0
[  560.381707][T17454] batman_adv: batadv0: Interface activated: batadv_slave_1
[  560.390319][   T83] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  560.394001][   T83] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  560.401004][   T83] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  560.407489][   T83] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  560.456810][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  560.459747][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  560.476835][   T83] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  560.480163][   T83] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  560.524812][ T5304] Bluetooth: hci1: command tx timeout
[  561.548994][T17587] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3256'.
[  561.670386][T17592] input: syz1 as /devices/virtual/input/input57
[  562.366945][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[  562.605385][ T5304] Bluetooth: hci1: command tx timeout
[  563.504428][   T40] kauditd_printk_skb: 6 callbacks suppressed
[  563.504446][   T40] audit: type=1326 audit(1764433975.631:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17615 comm="syz.6.3266" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  563.522220][   T40] audit: type=1326 audit(1764433975.631:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17615 comm="syz.6.3266" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  563.530642][   T40] audit: type=1326 audit(1764433975.631:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17615 comm="syz.6.3266" exe="/syz-executor" sig=0 arch=40000003 syscall=47 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  563.537787][   T40] audit: type=1326 audit(1764433975.631:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17615 comm="syz.6.3266" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  563.558197][   T40] audit: type=1326 audit(1764433975.631:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17615 comm="syz.6.3266" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  563.560859][T17626] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3267'.
[  563.566044][   T40] audit: type=1326 audit(1764433975.651:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17615 comm="syz.6.3266" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bd579 code=0x7ffc0000
[  563.566069][   T40] audit: type=1326 audit(1764433975.651:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17615 comm="syz.6.3266" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70bd598 code=0x7ffc0000
[  563.594844][   T40] audit: type=1326 audit(1764433975.651:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17615 comm="syz.6.3266" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70bd598 code=0x7ffc0000
[  563.602057][   T40] audit: type=1326 audit(1764433975.651:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17615 comm="syz.6.3266" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70bd598 code=0x7ffc0000
[  563.609977][   T40] audit: type=1326 audit(1764433975.651:785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17615 comm="syz.6.3266" exe="/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70bd598 code=0x7ffc0000
[  563.886104][T17643] hub 9-0:1.0: USB hub found
[  563.888901][T17643] hub 9-0:1.0: 1 port detected
[  563.956994][T17633] vlan3: entered promiscuous mode
[  563.959825][T17633] bond0: entered promiscuous mode
[  563.963017][T17633] bond_slave_0: entered promiscuous mode
[  563.976410][T17633] bond_slave_1: entered promiscuous mode
[  564.685818][ T5304] Bluetooth: hci1: command tx timeout
[  564.905699][T17652] hub 9-0:1.0: USB hub found
[  564.907647][T17652] hub 9-0:1.0: 1 port detected
[  565.602820][T17648] hub 9-0:1.0: USB hub found
[  565.605191][T17648] hub 9-0:1.0: 1 port detected
[  565.718394][T17654] overlayfs: maximum fs stacking depth exceeded
[  566.884113][T17672] input: syz1 as /devices/virtual/input/input59
[  567.576583][T17682] input: syz1 as /devices/virtual/input/input60
[  568.263421][T17693] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  568.281886][T17693] pvfs2: Unknown parameter './cgroup/syz0'
[  568.358521][T17694] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  568.360737][T17694] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  568.463602][T17694] vhci_hcd vhci_hcd.0: Device attached
[  568.549460][T17687] hub 9-0:1.0: USB hub found
[  568.551768][T17687] hub 9-0:1.0: 1 port detected
[  568.821849][T17695] vhci_hcd: connection closed
[  568.822666][   T46] vhci_hcd: stop threads
[  568.827231][   T46] vhci_hcd: release socket
[  568.829509][   T46] vhci_hcd: disconnect device
[  568.854473][ T7549] usb 40-1: enqueue for inactive port 0
[  569.356755][ T7549] usb usb40-port1: attempt power cycle
[  569.429081][T17717] input: syz1 as /devices/virtual/input/input61
[  569.849687][T17736] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3296'.
[  569.916327][T17738] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  569.924366][T17738] pvfs2: Unknown parameter './cgroup/syz0'
[  570.049477][ T7549] usb usb40-port1: unable to enumerate USB device
[  570.495552][T17736] Process accounting resumed
[  570.602167][T17747] hub 9-0:1.0: USB hub found
[  570.605970][T17747] hub 9-0:1.0: 1 port detected
[  570.936888][T17770] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3311'.
[  571.019113][T17762] binder: 17750:17762 ioctl 0 80000040 returned -22
[  571.027413][T17762] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3303'.
[  571.030870][T17762] netlink: 'syz.6.3303': attribute type 6 has an invalid length.
[  571.033606][T17762] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3303'.
[  571.058310][   T60] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  571.062844][   T60] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  571.068148][   T60] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  571.071636][   T60] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  571.325970][T17776] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  571.328027][T17776] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  571.331443][T17776] vhci_hcd vhci_hcd.0: Device attached
[  571.434986][T17778] hub 9-0:1.0: USB hub found
[  571.437407][T17778] hub 9-0:1.0: 1 port detected
[  571.877926][T17788] sp0: Synchronizing with TNC
[  571.909403][T17777] vhci_hcd: connection closed
[  571.910269][ T1141] vhci_hcd: stop threads
[  571.913266][ T1141] vhci_hcd: release socket
[  571.919381][ T1141] vhci_hcd: disconnect device
[  571.964575][   T61] usb 48-1: enqueue for inactive port 0
[  572.454894][T17795] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  572.456887][T17795] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  572.457192][   T61] usb usb48-port1: attempt power cycle
[  572.461802][T17795] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  573.037932][   T61] usb usb48-port1: unable to enumerate USB device
[  573.726097][T17811] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3322'.
[  574.076434][T17832] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3328'.
[  574.465259][ T5304] Bluetooth: hci1: command 0x0c1a tx timeout
[  574.769955][T17842] binder: 17836:17842 ioctl 0 80000040 returned -22
[  574.774159][T17842] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3330'.
[  574.777634][T17842] netlink: 'syz.5.3330': attribute type 6 has an invalid length.
[  574.780148][T17842] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3330'.
[  575.395181][T17853] 9pnet_fd: p9_fd_create_tcp (17853): problem connecting socket to 127.0.0.1
[  575.491556][T17855] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  575.494413][T17855] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  575.498536][T17855] vhci_hcd vhci_hcd.0: Device attached
[  575.502073][T17859] input: syz1 as /devices/virtual/input/input62
[  575.740928][T17863] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3336'.
[  575.774486][ T7588] usb 46-1: SetAddress Request (62) to port 0
[  575.777239][ T7588] usb 46-1: new SuperSpeed USB device number 62 using vhci_hcd
[  575.951001][T17871] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3339'.
[  576.108817][T17856] vhci_hcd: connection reset by peer
[  576.114486][   T60] vhci_hcd: stop threads
[  576.115886][   T60] vhci_hcd: release socket
[  576.123767][   T60] vhci_hcd: disconnect device
[  576.525374][ T5304] Bluetooth: hci1: command 0x0c1a tx timeout
[  577.386894][T17901] binder: 17887:17901 ioctl 0 80000040 returned -22
[  577.394762][T17901] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3345'.
[  577.398372][T17901] netlink: 'syz.5.3345': attribute type 6 has an invalid length.
[  577.401595][T17901] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3345'.
[  578.106271][T17922] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(5)
[  578.108823][T17922] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  578.112049][T17922] vhci_hcd vhci_hcd.0: Device attached
[  578.203749][T17926] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3356'.
[  578.374411][ T7549] usb 48-1: SetAddress Request (59) to port 0
[  578.377113][ T7549] usb 48-1: new SuperSpeed USB device number 59 using vhci_hcd
[  578.412226][T17941] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3362'.
[  578.510083][T17923] vhci_hcd: connection reset by peer
[  578.514918][   T83] vhci_hcd: stop threads
[  578.516757][   T83] vhci_hcd: release socket
[  578.518600][   T83] vhci_hcd: disconnect device
[  578.615326][ T5304] Bluetooth: hci1: command 0x0c1a tx timeout
[  579.242391][T17951] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3366'.
[  579.409057][T17956] hub 9-0:1.0: USB hub found
[  579.411145][T17956] hub 9-0:1.0: 1 port detected
[  580.649268][T17965] hub 9-0:1.0: USB hub found
[  580.660828][T17965] hub 9-0:1.0: 1 port detected
[  581.186403][ T7588] usb 46-1: device descriptor read/8, error -110
[  581.867870][T17990] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  581.870525][T17990] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  581.877099][T17990] vhci_hcd vhci_hcd.0: Device attached
[  582.068702][T17991] vhci_hcd: connection closed
[  582.069108][   T46] vhci_hcd: stop threads
[  582.072658][   T46] vhci_hcd: release socket
[  582.074430][ T7588] usb 46-1: SetAddress Request (63) to port 0
[  582.074468][ T7588] usb 46-1: new SuperSpeed USB device number 63 using vhci_hcd
[  582.077206][   T46] vhci_hcd: disconnect device
[  582.094438][ T7588] usb 46-1: enqueue for inactive port 0
[  582.344430][ T7588] usb usb46-port1: attempt power cycle
[  582.739337][T18004] hub 9-0:1.0: USB hub found
[  582.744000][T18004] hub 9-0:1.0: 1 port detected
[  582.904988][ T7588] usb usb46-port1: unable to enumerate USB device
[  583.260716][T18011] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3384'.
[  583.359601][T18014] hub 9-0:1.0: USB hub found
[  583.361934][T18014] hub 9-0:1.0: 1 port detected
[  583.487236][ T7549] usb 48-1: device descriptor read/8, error -110
[  583.908048][ T7549] usb usb48-port1: attempt power cycle
[  584.674949][T18024] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5)
[  584.676994][T18024] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  584.679673][T18024] vhci_hcd vhci_hcd.0: Device attached
[  584.817151][ T7549] usb usb48-port1: unable to enumerate USB device
[  585.030880][   T10] usb 46-1: SetAddress Request (66) to port 0
[  585.033623][   T10] usb 46-1: new SuperSpeed USB device number 66 using vhci_hcd
[  585.176022][T18043] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  585.178815][T18043] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  585.193192][T18043] vhci_hcd vhci_hcd.0: Device attached
[  585.355447][T18028] vhci_hcd: connection reset by peer
[  585.359531][   T60] vhci_hcd: stop threads
[  585.361910][   T60] vhci_hcd: release socket
[  585.364676][   T60] vhci_hcd: disconnect device
[  585.485004][ T7549] usb 40-1: SetAddress Request (75) to port 0
[  585.487275][ T7549] usb 40-1: new SuperSpeed USB device number 75 using vhci_hcd
[  585.768694][T18044] vhci_hcd: connection reset by peer
[  585.770875][   T60] vhci_hcd: stop threads
[  585.773340][   T60] vhci_hcd: release socket
[  585.775229][   T60] vhci_hcd: disconnect device
[  586.945103][T18065] netlink: 220 bytes leftover after parsing attributes in process `syz.1.3400'.
[  586.948103][T18065] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3400'.
[  586.950853][T18065] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3400'.
[  586.953987][T18065] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3400'.
[  586.957082][T18065] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3400'.
[  586.961419][T18063] input: syz1 as /devices/virtual/input/input66
[  586.964834][T18065] netlink: 27 bytes leftover after parsing attributes in process `syz.1.3400'.
[  587.178606][T18071] FAULT_INJECTION: forcing a failure.
[  587.178606][T18071] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  587.184403][T18071] CPU: 2 UID: 0 PID: 18071 Comm: syz.1.3402 Not tainted syzkaller #0 PREEMPT(full) 
[  587.184436][T18071] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  587.184444][T18071] Call Trace:
[  587.184449][T18071]  <TASK>
[  587.184455][T18071]  dump_stack_lvl+0x16c/0x1f0
[  587.184476][T18071]  should_fail_ex+0x512/0x640
[  587.184499][T18071]  _copy_to_iter+0x29f/0x1710
[  587.184513][T18071]  ? __pfx___up_read+0x10/0x10
[  587.184534][T18071]  ? traverse.part.0.constprop.0+0x2c0/0x650
[  587.184557][T18071]  ? __pfx__copy_to_iter+0x10/0x10
[  587.184571][T18071]  ? traverse.part.0.constprop.0+0x2c5/0x650
[  587.184597][T18071]  seq_read_iter+0x71e/0x12d0
[  587.184625][T18071]  vfs_read+0x8bf/0xcf0
[  587.184643][T18071]  ? __pfx_vfs_read+0x10/0x10
[  587.184655][T18071]  ? find_held_lock+0x2b/0x80
[  587.184681][T18071]  ksys_pread64+0x161/0x1a0
[  587.184696][T18071]  ? __pfx_ksys_pread64+0x10/0x10
[  587.184712][T18071]  ? rcu_is_watching+0x12/0xc0
[  587.184729][T18071]  __do_fast_syscall_32+0x7c/0x300
[  587.184748][T18071]  do_fast_syscall_32+0x32/0x80
[  587.184765][T18071]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  587.184781][T18071] RIP: 0023:0xf701d579
[  587.184791][T18071] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  587.184805][T18071] RSP: 002b:00000000f53ec55c EFLAGS: 00000296 ORIG_RAX: 00000000000000b4
[  587.184818][T18071] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080002380
[  587.184827][T18071] RDX: 00000000000000fd RSI: 00000000000004eb RDI: 0000000000000000
[  587.184834][T18071] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  587.184842][T18071] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  587.184850][T18071] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  587.184869][T18071]  </TASK>
[  587.969904][T18083] binder: 18074:18083 ioctl 0 80000040 returned -22
[  587.972731][T18083] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3404'.
[  587.975644][T18083] netlink: 'syz.6.3404': attribute type 6 has an invalid length.
[  587.978213][T18083] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3404'.
[  588.218239][T18087] macvlan2: entered allmulticast mode
[  588.219925][T18087] veth1_vlan: entered allmulticast mode
[  588.222931][T18087] veth1_vlan: left allmulticast mode
[  588.361349][T18101] input: syz1 as /devices/virtual/input/input67
[  588.513803][ T9493] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  588.696487][ T9493] usb 9-1: config 0 interface 0 altsetting 251 has an endpoint descriptor with address 0xBE, changing to 0x8E
[  588.722009][ T9493] usb 9-1: config 0 interface 0 altsetting 251 endpoint 0x8E has an invalid bInterval 166, changing to 11
[  588.726790][ T9493] usb 9-1: config 0 interface 0 altsetting 251 endpoint 0x8E has invalid maxpacket 58699, setting to 1024
[  588.731388][ T9493] usb 9-1: config 0 interface 0 has no altsetting 0
[  588.736458][ T9493] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  588.740288][ T9493] usb 9-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  588.743626][ T9493] usb 9-1: Product: syz
[  588.745556][ T9493] usb 9-1: Manufacturer: syz
[  588.747445][ T9493] usb 9-1: SerialNumber: syz
[  588.751573][ T9493] usb 9-1: config 0 descriptor??
[  588.754416][T18082] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  588.761415][ T9493] usb 9-1: selecting invalid altsetting 0
[  588.876253][T18112] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3415'.
[  588.878980][T18112] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3415'.
[  588.879980][T18111] hub 8-0:1.0: USB hub found
[  588.883978][T18111] hub 8-0:1.0: 1 port detected
[  588.892676][T18111] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3416'.
[  588.896505][T18111] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3416'.
[  589.143401][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.153741][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.163308][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.169654][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.172176][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.175418][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.178000][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.180615][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.188487][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.191897][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.195899][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.199282][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.206504][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.209103][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.211587][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.216254][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.237103][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.239885][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.242604][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.246069][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.251450][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.257228][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.260778][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.267101][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.270645][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.273916][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.278475][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.281504][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.284945][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.287603][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.290940][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.293582][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.297023][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.299830][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.304993][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.309091][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.310764][T18132] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3424'.
[  589.312558][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.316141][T18132] openvswitch: netlink: Flow actions attr not present in new flow.
[  589.318804][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.322386][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.325756][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.328961][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.332400][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.335483][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.339834][T18078] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.370092][T18138] netlink: 20 bytes leftover after parsing attributes in process `syz.6.3425'.
[  589.377831][T18138] vlan2: entered promiscuous mode
[  589.378403][T18077] usb 9-1: cannot submit urb 0, error -2: endpoint not enabled
[  589.379816][T18138] gretap0: entered promiscuous mode
[  590.165939][   T10] usb 46-1: device descriptor read/8, error -110
[  590.299429][T18153] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3430'.
[  590.314726][ T7588] usb 9-1: USB disconnect, device number 11
[  590.319434][T18153] vlan0: entered promiscuous mode
[  590.477550][T18161] FAULT_INJECTION: forcing a failure.
[  590.477550][T18161] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  590.483198][T18161] CPU: 2 UID: 0 PID: 18161 Comm: syz.1.3433 Not tainted syzkaller #0 PREEMPT(full) 
[  590.483226][T18161] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  590.483233][T18161] Call Trace:
[  590.483238][T18161]  <TASK>
[  590.483242][T18161]  dump_stack_lvl+0x16c/0x1f0
[  590.483259][T18161]  should_fail_ex+0x512/0x640
[  590.483278][T18161]  _copy_to_iter+0x29f/0x1710
[  590.483292][T18161]  ? __pfx__copy_to_iter+0x10/0x10
[  590.483301][T18161]  ? __up_read+0x1f8/0x750
[  590.483317][T18161]  ? show_vfsstat+0x1b5/0x3b0
[  590.483328][T18161]  ? __pfx___up_read+0x10/0x10
[  590.483347][T18161]  ? seq_read_iter+0xc8a/0x12d0
[  590.483366][T18161]  seq_read_iter+0xd02/0x12d0
[  590.483391][T18161]  vfs_read+0x8bf/0xcf0
[  590.483406][T18161]  ? __pfx_vfs_read+0x10/0x10
[  590.483416][T18161]  ? find_held_lock+0x2b/0x80
[  590.483436][T18161]  ksys_pread64+0x161/0x1a0
[  590.483448][T18161]  ? __pfx_ksys_pread64+0x10/0x10
[  590.483460][T18161]  ? rcu_is_watching+0x12/0xc0
[  590.483474][T18161]  __do_fast_syscall_32+0x7c/0x300
[  590.483489][T18161]  do_fast_syscall_32+0x32/0x80
[  590.483503][T18161]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  590.483516][T18161] RIP: 0023:0xf701d579
[  590.483524][T18161] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  590.483534][T18161] RSP: 002b:00000000f53ec55c EFLAGS: 00000296 ORIG_RAX: 00000000000000b4
[  590.483545][T18161] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080002380
[  590.483551][T18161] RDX: 00000000000000fd RSI: 00000000000004eb RDI: 0000000000000000
[  590.483557][T18161] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  590.483563][T18161] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  590.483569][T18161] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  590.483583][T18161]  </TASK>
[  590.493058][T18165] input: syz1 as /devices/virtual/input/input68
[  590.550277][ T7549] usb 40-1: device descriptor read/8, error -110
[  590.567320][   T10] usb usb46-port1: attempt power cycle
[  591.035347][ T7549] usb usb40-port1: attempt power cycle
[  591.155233][   T10] usb usb46-port1: unable to enumerate USB device
[  592.407944][T18204] input: syz1 as /devices/virtual/input/input69
[  592.425430][ T7549] usb usb40-port1: unable to enumerate USB device
[  592.493073][T18208] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3449'.
[  592.666637][T18220] FAULT_INJECTION: forcing a failure.
[  592.666637][T18220] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  592.671240][T18220] CPU: 2 UID: 0 PID: 18220 Comm: syz.1.3451 Not tainted syzkaller #0 PREEMPT(full) 
[  592.671258][T18220] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  592.671265][T18220] Call Trace:
[  592.671269][T18220]  <TASK>
[  592.671274][T18220]  dump_stack_lvl+0x16c/0x1f0
[  592.671292][T18220]  should_fail_ex+0x512/0x640
[  592.671311][T18220]  _copy_to_user+0x32/0xd0
[  592.671322][T18220]  simple_read_from_buffer+0xcb/0x170
[  592.671340][T18220]  proc_fail_nth_read+0x197/0x240
[  592.671353][T18220]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  592.671366][T18220]  ? rw_verify_area+0xcf/0x6c0
[  592.671376][T18220]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  592.671388][T18220]  vfs_read+0x1e4/0xcf0
[  592.671402][T18220]  ? __pfx_vfs_read+0x10/0x10
[  592.671412][T18220]  ? find_held_lock+0x2b/0x80
[  592.671427][T18220]  ? __fget_files+0x20e/0x3c0
[  592.671441][T18220]  ksys_read+0x12a/0x250
[  592.671452][T18220]  ? __pfx_ksys_read+0x10/0x10
[  592.671464][T18220]  ? rcu_is_watching+0x12/0xc0
[  592.671478][T18220]  __do_fast_syscall_32+0x7c/0x300
[  592.671493][T18220]  do_fast_syscall_32+0x32/0x80
[  592.671507][T18220]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  592.671520][T18220] RIP: 0023:0xf701d579
[  592.671529][T18220] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  592.671539][T18220] RSP: 002b:00000000f53ec590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[  592.671550][T18220] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 00000000f53ec620
[  592.671557][T18220] RDX: 000000000000000f RSI: 00000000f73b6ff4 RDI: 0000000000000000
[  592.671563][T18220] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  592.671569][T18220] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000
[  592.671574][T18220] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  592.671588][T18220]  </TASK>
[  592.978833][T18236] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3453'.
[  592.982645][T18236] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3453'.
[  593.049451][T18243] fuse: Bad value for 'group_id'
[  593.051133][T18243] fuse: Bad value for 'group_id'
[  593.126741][T18246] hub 9-0:1.0: USB hub found
[  593.132155][T18246] hub 9-0:1.0: 1 port detected
[  593.493544][T18248] bridge0: port 3(erspan0) entered blocking state
[  593.495747][T18248] bridge0: port 3(erspan0) entered disabled state
[  593.497702][T18248] erspan0: entered allmulticast mode
[  593.500023][T18248] erspan0: entered promiscuous mode
[  593.501843][T18248] bridge0: port 3(erspan0) entered blocking state
[  593.503792][T18248] bridge0: port 3(erspan0) entered forwarding state
[  593.702761][T18251] vlan0: entered promiscuous mode
[  593.895805][T18255] MTD: Attempt to mount non-MTD device "/dev/loop6"
[  594.074499][T18268] __nla_validate_parse: 5 callbacks suppressed
[  594.074510][T18268] netlink: 56 bytes leftover after parsing attributes in process `syz.5.3469'.
[  594.163029][T18270] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  594.167689][T18270] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  594.253992][T18270] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  594.259569][T18270] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  594.377657][T18270] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  594.382058][T18270] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  594.468740][T18270] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  594.473038][T18270] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  594.481025][T18279] syzkaller0: refused to change device tx_queue_len
[  594.573940][ T1143] netdevsim netdevsim4 eth0: set [0, 0] type 1 family 0 port 8472 - 0
[  594.577882][ T1143] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  594.587187][ T1141] netdevsim netdevsim4 eth1: set [0, 0] type 1 family 0 port 8472 - 0
[  594.590790][ T1141] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  594.608627][ T1141] netdevsim netdevsim4 eth2: set [0, 0] type 1 family 0 port 8472 - 0
[  594.611711][ T1141] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  594.623946][ T1143] netdevsim netdevsim4 eth3: set [0, 0] type 1 family 0 port 8472 - 0
[  594.627822][ T1143] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  594.901967][T18283] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3471'.
[  594.905913][T18283] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3471'.
[  594.967361][T18286] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3472'.
[  594.980546][T18283] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3471'.
[  594.984546][T18283] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3471'.
[  595.162437][T18283] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3471'.
[  595.166350][T18283] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3471'.
[  595.479150][T18302] input: syz1 as /devices/virtual/input/input70
[  595.664541][T18315] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3480'.
[  596.546128][T18336] No control pipe specified
[  596.837898][T18342] ubi31: detaching mtd0
[  596.858812][T18342] ubi31: mtd0 is detached
[  597.231893][T18345] input: syz1 as /devices/virtual/input/input71
[  597.459432][   T40] kauditd_printk_skb: 4 callbacks suppressed
[  597.459449][   T40] audit: type=1326 audit(1764434009.601:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18348 comm="syz.4.3490" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7ffc0000
[  597.475464][   T40] audit: type=1326 audit(1764434009.601:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18348 comm="syz.4.3490" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7ffc0000
[  597.482682][   T40] audit: type=1326 audit(1764434009.601:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18348 comm="syz.4.3490" exe="/syz-executor" sig=0 arch=40000003 syscall=164 compat=1 ip=0xf7f55579 code=0x7ffc0000
[  597.490875][   T40] audit: type=1326 audit(1764434009.601:793): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=unconfined pid=18348 comm="syz.4.3490" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7ffc0000
[  597.498320][   T40] audit: type=1326 audit(1764434009.601:794): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=unconfined pid=18348 comm="syz.4.3490" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7ffc0000
[  597.506373][   T40] audit: type=1326 audit(1764434009.601:795): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=unconfined pid=18348 comm="syz.4.3490" exe="/syz-executor" sig=0 arch=40000003 syscall=296 compat=1 ip=0xf7f55579 code=0x7ffc0000
[  597.513612][   T40] audit: type=1326 audit(1764434009.601:796): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=unconfined pid=18348 comm="syz.4.3490" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7ffc0000
[  597.521933][   T40] audit: type=1326 audit(1764434009.601:797): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=unconfined pid=18348 comm="syz.4.3490" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7ffc0000
[  597.535697][   T40] audit: type=1326 audit(1764434009.621:798): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=unconfined pid=18348 comm="syz.4.3490" exe="/syz-executor" sig=0 arch=40000003 syscall=38 compat=1 ip=0xf7f55579 code=0x7ffc0000
[  597.543008][   T40] audit: type=1326 audit(1764434009.621:799): auid=4294967295 uid=60928 gid=0 ses=4294967295 subj=unconfined pid=18348 comm="syz.4.3490" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7ffc0000
[  597.624125][T18352] FAULT_INJECTION: forcing a failure.
[  597.624125][T18352] name failslab, interval 1, probability 0, space 0, times 0
[  597.628278][T18352] CPU: 1 UID: 0 PID: 18352 Comm: syz.1.3491 Not tainted syzkaller #0 PREEMPT(full) 
[  597.628304][T18352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  597.628310][T18352] Call Trace:
[  597.628315][T18352]  <TASK>
[  597.628320][T18352]  dump_stack_lvl+0x16c/0x1f0
[  597.628337][T18352]  should_fail_ex+0x512/0x640
[  597.628354][T18352]  ? __kvmalloc_node_noprof+0x12e/0x9c0
[  597.628368][T18352]  should_failslab+0xc2/0x120
[  597.628383][T18352]  __kvmalloc_node_noprof+0x141/0x9c0
[  597.628396][T18352]  ? traverse.part.0.constprop.0+0x397/0x650
[  597.628416][T18352]  ? traverse.part.0.constprop.0+0x397/0x650
[  597.628432][T18352]  traverse.part.0.constprop.0+0x397/0x650
[  597.628448][T18352]  ? find_held_lock+0x2b/0x80
[  597.628463][T18352]  seq_read_iter+0x93c/0x12d0
[  597.628485][T18352]  vfs_read+0x8bf/0xcf0
[  597.628500][T18352]  ? __pfx_vfs_read+0x10/0x10
[  597.628510][T18352]  ? find_held_lock+0x2b/0x80
[  597.628530][T18352]  ksys_pread64+0x161/0x1a0
[  597.628544][T18352]  ? __pfx_ksys_pread64+0x10/0x10
[  597.628557][T18352]  ? rcu_is_watching+0x12/0xc0
[  597.628571][T18352]  __do_fast_syscall_32+0x7c/0x300
[  597.628586][T18352]  do_fast_syscall_32+0x32/0x80
[  597.628599][T18352]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  597.628612][T18352] RIP: 0023:0xf701d579
[  597.628621][T18352] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  597.628631][T18352] RSP: 002b:00000000f53ec55c EFLAGS: 00000296 ORIG_RAX: 00000000000000b4
[  597.628641][T18352] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080002380
[  597.628648][T18352] RDX: 00000000000000fd RSI: 00000000000004eb RDI: 0000000000000000
[  597.628654][T18352] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  597.628660][T18352] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  597.628666][T18352] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  597.628680][T18352]  </TASK>
[  598.502270][T18365] FAULT_INJECTION: forcing a failure.
[  598.502270][T18365] name failslab, interval 1, probability 0, space 0, times 0
[  598.507032][T18365] CPU: 3 UID: 0 PID: 18365 Comm: syz.6.3495 Not tainted syzkaller #0 PREEMPT(full) 
[  598.507049][T18365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  598.507056][T18365] Call Trace:
[  598.507060][T18365]  <TASK>
[  598.507066][T18365]  dump_stack_lvl+0x16c/0x1f0
[  598.507083][T18365]  should_fail_ex+0x512/0x640
[  598.507099][T18365]  ? __kmalloc_noprof+0xca/0x880
[  598.507112][T18365]  should_failslab+0xc2/0x120
[  598.507127][T18365]  __kmalloc_noprof+0xdd/0x880
[  598.507136][T18365]  ? io_cache_alloc_new+0x45/0xf0
[  598.507154][T18365]  ? io_cache_alloc_new+0x45/0xf0
[  598.507167][T18365]  io_cache_alloc_new+0x45/0xf0
[  598.507183][T18365]  io_msg_alloc_async+0x1c3/0x3a0
[  598.507197][T18365]  io_sendmsg_prep+0x352/0x520
[  598.507211][T18365]  io_submit_sqes+0x855/0x2710
[  598.507232][T18365]  __do_sys_io_uring_enter+0xd69/0x1630
[  598.507247][T18365]  ? __fget_files+0x20e/0x3c0
[  598.507258][T18365]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  598.507272][T18365]  ? fput+0x9b/0xd0
[  598.507286][T18365]  ? ksys_write+0x1ac/0x250
[  598.507297][T18365]  ? __pfx_ksys_write+0x10/0x10
[  598.507310][T18365]  ? rcu_is_watching+0x12/0xc0
[  598.507324][T18365]  __do_fast_syscall_32+0x7c/0x300
[  598.507339][T18365]  do_fast_syscall_32+0x32/0x80
[  598.507353][T18365]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  598.507366][T18365] RIP: 0023:0xf70bd579
[  598.507374][T18365] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  598.507385][T18365] RSP: 002b:00000000f548c55c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[  598.507396][T18365] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000000003516
[  598.507402][T18365] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  598.507408][T18365] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  598.507414][T18365] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  598.507420][T18365] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  598.507435][T18365]  </TASK>
[  598.558163][T18368] input: syz1 as /devices/virtual/input/input72
[  599.416242][T18391] FAULT_INJECTION: forcing a failure.
[  599.416242][T18391] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  599.420876][T18391] CPU: 2 UID: 0 PID: 18391 Comm: syz.1.3505 Not tainted syzkaller #0 PREEMPT(full) 
[  599.420900][T18391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  599.420926][T18391] Call Trace:
[  599.420933][T18391]  <TASK>
[  599.420940][T18391]  dump_stack_lvl+0x16c/0x1f0
[  599.420968][T18391]  should_fail_ex+0x512/0x640
[  599.420996][T18391]  _copy_to_iter+0x29f/0x1710
[  599.421013][T18391]  ? __pfx___up_read+0x10/0x10
[  599.421040][T18391]  ? traverse.part.0.constprop.0+0x2c0/0x650
[  599.421082][T18391]  ? __pfx__copy_to_iter+0x10/0x10
[  599.421101][T18391]  ? traverse.part.0.constprop.0+0x2c5/0x650
[  599.421135][T18391]  seq_read_iter+0x71e/0x12d0
[  599.421172][T18391]  vfs_read+0x8bf/0xcf0
[  599.421196][T18391]  ? __pfx_vfs_read+0x10/0x10
[  599.421212][T18391]  ? find_held_lock+0x2b/0x80
[  599.421244][T18391]  ksys_pread64+0x161/0x1a0
[  599.421271][T18391]  ? __pfx_ksys_pread64+0x10/0x10
[  599.421293][T18391]  ? rcu_is_watching+0x12/0xc0
[  599.421316][T18391]  __do_fast_syscall_32+0x7c/0x300
[  599.421340][T18391]  do_fast_syscall_32+0x32/0x80
[  599.421362][T18391]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  599.421383][T18391] RIP: 0023:0xf701d579
[  599.421397][T18391] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  599.421412][T18391] RSP: 002b:00000000f53ec55c EFLAGS: 00000296 ORIG_RAX: 00000000000000b4
[  599.421428][T18391] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080002380
[  599.421438][T18391] RDX: 00000000000000fd RSI: 00000000000004eb RDI: 0000000000000000
[  599.421448][T18391] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  599.421456][T18391] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  599.421466][T18391] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  599.421490][T18391]  </TASK>
[  599.937158][T18399] input: syz1 as /devices/virtual/input/input73
[  600.105013][T18402] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3511'.
[  600.474422][ T6028] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[  601.294400][ T6028] usb 10-1: Using ep0 maxpacket: 8
[  601.297953][ T6028] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  601.301162][ T6028] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  601.304229][ T6028] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  601.307545][ T6028] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  601.311693][ T6028] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  601.314696][ T6028] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  601.476463][T18428] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3515'.
[  601.480216][T18428] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3515'.
[  601.524232][ T6028] usb 10-1: GET_CAPABILITIES returned 0
[  601.526486][ T6028] usbtmc 10-1:16.0: can't read capabilities
[  601.651473][T18428] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3515'.
[  601.654586][T18428] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3515'.
[  601.724224][    C1] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  601.728288][    C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  601.731820][    C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  601.735319][    C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  601.738844][    C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  601.742350][    C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  601.745828][    C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  601.749338][    C0] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  601.755278][    C1] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  601.758179][    C1] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  601.761017][    C1] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  601.763880][    C1] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  601.766733][    C1] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  601.769616][    C1] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  601.772454][    C1] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  601.777150][    C1] usbtmc 10-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71
[  601.797514][T18428] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3515'.
[  601.800406][T18428] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3515'.
[  601.830886][  T840] usb 10-1: USB disconnect, device number 12
[  601.946044][T18438] input: syz1 as /devices/virtual/input/input74
[  602.506405][T18459] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3525'.
[  602.683233][T18468] FAULT_INJECTION: forcing a failure.
[  602.683233][T18468] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  602.685165][T18468] 
[  602.685172][T18468] ======================================================
[  602.685177][T18468] WARNING: possible circular locking dependency detected
[  602.685184][T18468] syzkaller #0 Not tainted
[  602.685191][T18468] ------------------------------------------------------
[  602.685197][T18468] syz.4.3529/18468 is trying to acquire lock:
[  602.685205][T18468] ffffffff8e2d1820 (console_owner){-.-.}-{0:0}, at: console_lock_spinning_enable+0x61/0x80
[  602.685243][T18468] 
[  602.685243][T18468] but task is already holding lock:
[  602.685248][T18468] ffff88802b43a4d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  602.685277][T18468] 
[  602.685277][T18468] which lock already depends on the new lock.
[  602.685277][T18468] 
[  602.685282][T18468] 
[  602.685282][T18468] the existing dependency chain (in reverse order) is:
[  602.685287][T18468] 
[  602.685287][T18468] -> #4 (&rq->__lock){-.-.}-{2:2}:
[  602.685305][T18468]        _raw_spin_lock_nested+0x31/0x40
[  602.685321][T18468]        raw_spin_rq_lock_nested+0x29/0x130
[  602.685334][T18468]        task_rq_lock+0xcf/0x490
[  602.685347][T18468]        cgroup_move_task+0x81/0x2a0
[  602.685363][T18468]        css_set_move_task+0x288/0x5f0
[  602.685383][T18468]        cgroup_post_fork+0x201/0x9d0
[  602.685397][T18468]        copy_process+0x602d/0x76a0
[  602.685414][T18468]        kernel_clone+0xfc/0x930
[  602.685431][T18468]        user_mode_thread+0xc8/0x110
[  602.685447][T18468]        rest_init+0x23/0x2b0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  602.685467][T18468]        start_kernel+0x3f6/0x4e0
[  602.685490][T18468]        x86_64_start_reservations+0x18/0x30
[  602.685504][T18468]        x86_64_start_kernel+0x130/0x190
[  602.685517][T18468]        common_startup_64+0x13e/0x148
[  602.685531][T18468] 
[  602.685531][T18468] -> #3 (&p->pi_lock){-.-.}-{2:2}:
[  602.685550][T18468]        _raw_spin_lock_irqsave+0x3a/0x60
[  602.685564][T18468]        try_to_wake_up+0xb7/0x1870
[  602.685577][T18468]        __wake_up_common+0x135/0x1f0
[  602.685595][T18468]        __wake_up+0x31/0x60
[  602.685610][T18468]        tty_port_default_wakeup+0x47/0x60
[  602.685628][T18468]        serial8250_tx_chars+0x68e/0x860
[  602.685646][T18468]        serial8250_handle_irq+0x761/0xcb0
[  602.685663][T18468]        serial8250_default_handle_irq+0x9e/0x270
[  602.685682][T18468]        serial8250_interrupt+0xf8/0x1d0
[  602.685701][T18468]        __handle_irq_event_percpu+0x236/0x920
[  602.685717][T18468]        handle_irq_event+0xab/0x1e0
[  602.685730][T18468]        handle_edge_irq+0x3ca/0x9e0
[  602.685743][T18468]        __common_interrupt+0xd0/0x2f0
[  602.685760][T18468]        common_interrupt+0x61/0xe0
[  602.685781][T18468]        asm_common_interrupt+0x26/0x40
[  602.685794][T18468]        handle_softirqs+0x1dd/0x8e0
[  602.685810][T18468]        __irq_exit_rcu+0x109/0x170
[  602.685824][T18468]        irq_exit_rcu+0x9/0x30
[  602.685839][T18468]        sysvec_apic_timer_interrupt+0xa4/0xc0
[  602.685855][T18468]        asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  602.685870][T18468]        pv_native_safe_halt+0xf/0x20
[  602.685886][T18468]        default_idle+0x13/0x20
[  602.685904][T18468]        default_idle_call+0x6c/0xb0
[  602.685923][T18468]        do_idle+0x38d/0x500
[  602.685937][T18468]        cpu_startup_entry+0x4f/0x60
[  602.685951][T18468]        start_secondary+0x21d/0x2b0
[  602.685970][T18468]        common_startup_64+0x13e/0x148
[  602.685984][T18468] 
[  602.685984][T18468] -> #2 (&tty->write_wait){-.-.}-{3:3}:
[  602.686003][T18468]        _raw_spin_lock_irqsave+0x3a/0x60
[  602.686018][T18468]        __wake_up+0x1c/0x60
[  602.686033][T18468]        tty_port_default_wakeup+0x47/0x60
[  602.686050][T18468]        serial8250_tx_chars+0x68e/0x860
[  602.686067][T18468]        __start_tx+0x3df/0x490
[  602.686082][T18468]        serial8250_start_tx+0x368/0x530
[  602.686099][T18468]        __uart_start+0x295/0x500
[  602.686111][T18468]        uart_write+0x218/0xb30
[  602.686126][T18468]        n_tty_write+0x41e/0x11e0
[  602.686149][T18468]        file_tty_write.constprop.0+0x503/0x9b0
[  602.686165][T18468]        redirected_tty_write+0xd4/0x150
[  602.686180][T18468]        vfs_write+0x7d3/0x11d0
[  602.686195][T18468]        ksys_write+0x12a/0x250
[  602.686209][T18468]        do_syscall_64+0xcd/0xfa0
[  602.686225][T18468]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  602.686239][T18468] 
[  602.686239][T18468] -> #1 (&port_lock_key){-.-.}-{3:3}:
[  602.686257][T18468]        _raw_spin_lock_irqsave+0x3a/0x60
[  602.686271][T18468]        serial8250_console_write+0x181/0x1890
[  602.686290][T18468]        console_flush_all+0x801/0xc60
[  602.686304][T18468]        console_unlock+0xd8/0x210
[  602.686316][T18468]        vprintk_emit+0x3d7/0x680
[  602.686330][T18468]        _printk+0xc7/0x100
[  602.686348][T18468]        register_console+0xc2d/0x11b0
[  602.686362][T18468]        univ8250_console_init+0x5f/0x90
[  602.686377][T18468]        console_init+0x152/0x680
[  602.686390][T18468]        start_kernel+0x29f/0x4e0
[  602.686411][T18468]        x86_64_start_reservations+0x18/0x30
[  602.686424][T18468]        x86_64_start_kernel+0x130/0x190
[  602.686436][T18468]        common_startup_64+0x13e/0x148
[  602.686450][T18468] 
[  602.686450][T18468] -> #0 (console_owner){-.-.}-{0:0}:
[  602.686468][T18468]        __lock_acquire+0x126f/0x1c90
[  602.686485][T18468]        lock_acquire+0x179/0x350
[  602.686504][T18468]        console_lock_spinning_enable+0x72/0x80
[  602.686517][T18468]        console_flush_all+0x7aa/0xc60
[  602.686531][T18468]        console_unlock+0xd8/0x210
[  602.686544][T18468]        vprintk_emit+0x3d7/0x680
[  602.686557][T18468]        _printk+0xc7/0x100
[  602.686575][T18468]        should_fail_ex+0x4e7/0x640
[  602.686596][T18468]        strncpy_from_user+0x3b/0x2e0
[  602.686615][T18468]        strncpy_from_user_nofault+0x7f/0x180
[  602.686631][T18468]        bpf_bprintf_prepare+0xe90/0x13f0
[  602.686647][T18468]        bpf_trace_printk+0xda/0x190
[  602.686666][T18468]        bpf_prog_930ede9872f2967c+0x3e/0x44
[  602.686678][T18468]        bpf_trace_run2+0x239/0x590
[  602.686689][T18468]        __bpf_trace_contention_begin+0xc9/0x110
[  602.686707][T18468]        trace_contention_begin.constprop.0+0xde/0x160
[  602.686727][T18468]        __pv_queued_spin_lock_slowpath+0x109/0xcf0
[  602.686743][T18468]        do_raw_spin_lock+0x20e/0x2b0
[  602.686763][T18468]        raw_spin_rq_lock_nested+0x7e/0x130
[  602.686776][T18468]        __schedule+0x307/0x5de0
[  602.686790][T18468]        preempt_schedule_irq+0x51/0x90
[  602.686806][T18468]        irqentry_exit+0x36/0x90
[  602.686822][T18468]        asm_sysvec_reschedule_ipi+0x1a/0x20
[  602.686835][T18468]        __asan_memcpy+0x0/0x60
[  602.686848][T18468]        seq_write+0xb1/0x150
[  602.686860][T18468]        show_vfsstat+0x215/0x3b0
[  602.686869][T18468]        traverse.part.0.constprop.0+0x107/0x650
[  602.686885][T18468]        seq_read_iter+0x93c/0x12d0
[  602.686899][T18468]        vfs_read+0x8bf/0xcf0
[  602.686908][T18468]        ksys_pread64+0x161/0x1a0
[  602.686917][T18468]        __do_fast_syscall_32+0x7c/0x300
[  602.686929][T18468]        do_fast_syscall_32+0x32/0x80
[  602.686941][T18468]        entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  602.686952][T18468] 
[  602.686952][T18468] other info that might help us debug this:
[  602.686952][T18468] 
[  602.686955][T18468] Chain exists of:
[  602.686955][T18468]   console_owner --> &p->pi_lock --> &rq->__lock
[  602.686955][T18468] 
[  602.686969][T18468]  Possible unsafe locking scenario:
[  602.686969][T18468] 
[  602.686972][T18468]        CPU0                    CPU1
[  602.686974][T18468]        ----                    ----
[  602.686977][T18468]   lock(&rq->__lock);
[  602.686983][T18468]                                lock(&p->pi_lock);
[  602.686989][T18468]                                lock(&rq->__lock);
[  602.686995][T18468]   lock(console_owner);
[  602.687001][T18468] 
[  602.687001][T18468]  *** DEADLOCK ***
[  602.687001][T18468] 
[  602.687003][T18468] 6 locks held by syz.4.3529/18468:
[  602.687009][T18468]  #0: ffff8880287a02f0 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xe1/0x12d0
[  602.687035][T18468]  #1: ffffffff8e5ddef0 (namespace_sem){++++}-{4:4}, at: m_start+0x4c/0x1c0
[  602.687059][T18468]  #2: ffff88802b43a4d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x7e/0x130
[  602.687081][T18468]  #3: ffffffff8e3c45e0 (rcu_read_lock){....}-{1:3}, at: bpf_trace_run2+0x1bc/0x590
[  602.687100][T18468]  #4: ffffffff8e3b1c60 (console_lock){+.+.}-{0:0}, at: _printk+0xc7/0x100
[  602.687125][T18468]  #5: ffffffff8e3b1cd0 (console_srcu){....}-{0:0}, at: console_flush_all+0x158/0xc60
[  602.687150][T18468] 
[  602.687150][T18468] stack backtrace:
[  602.687156][T18468] CPU: 3 UID: 0 PID: 18468 Comm: syz.4.3529 Not tainted syzkaller #0 PREEMPT(full) 
[  602.687167][T18468] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  602.687174][T18468] Call Trace:
[  602.687177][T18468]  <TASK>
[  602.687181][T18468]  dump_stack_lvl+0x116/0x1f0
[  602.687194][T18468]  print_circular_bug+0x275/0x350
[  602.687207][T18468]  check_noncircular+0x14c/0x170
[  602.687221][T18468]  __lock_acquire+0x126f/0x1c90
[  602.687236][T18468]  lock_acquire+0x179/0x350
[  602.687249][T18468]  ? console_lock_spinning_enable+0x61/0x80
[  602.687259][T18468]  ? console_lock_spinning_enable+0x4a/0x80
[  602.687270][T18468]  console_lock_spinning_enable+0x72/0x80
[  602.687279][T18468]  ? console_lock_spinning_enable+0x61/0x80
[  602.687289][T18468]  console_flush_all+0x7aa/0xc60
[  602.687300][T18468]  ? __pfx_console_flush_all+0x10/0x10
[  602.687311][T18468]  ? is_printk_cpu_sync_owner+0x32/0x40
[  602.687324][T18468]  console_unlock+0xd8/0x210
[  602.687333][T18468]  ? __pfx_console_unlock+0x10/0x10
[  602.687342][T18468]  ? do_raw_spin_unlock+0xe0/0x230
[  602.687351][T18468]  ? _printk+0xc7/0x100
[  602.687364][T18468]  ? __down_trylock_console_sem+0xb0/0x140
[  602.687380][T18468]  vprintk_emit+0x3d7/0x680
[  602.687390][T18468]  ? __pfx_vprintk_emit+0x10/0x10
[  602.687400][T18468]  ? __pfx_trace_event_raw_event_bpf_trace_printk+0x10/0x10
[  602.687418][T18468]  _printk+0xc7/0x100
[  602.687431][T18468]  ? __pfx__printk+0x10/0x10
[  602.687445][T18468]  ? rcu_is_watching+0x12/0xc0
[  602.687456][T18468]  ? __pfx____ratelimit+0x10/0x10
[  602.687466][T18468]  ? bpf_trace_printk+0x126/0x190
[  602.687482][T18468]  should_fail_ex+0x4e7/0x640
[  602.687497][T18468]  strncpy_from_user+0x3b/0x2e0
[  602.687511][T18468]  strncpy_from_user_nofault+0x7f/0x180
[  602.687522][T18468]  bpf_bprintf_prepare+0xe90/0x13f0
[  602.687536][T18468]  ? __pfx_bpf_bprintf_prepare+0x10/0x10
[  602.687550][T18468]  ? bpf_trace_run2+0x3e1/0x590
[  602.687558][T18468]  bpf_trace_printk+0xda/0x190
[  602.687572][T18468]  ? __pfx_bpf_trace_printk+0x10/0x10
[  602.687588][T18468]  ? bpf_trace_run2+0x3e1/0x590
[  602.687598][T18468]  bpf_prog_930ede9872f2967c+0x3e/0x44
[  602.687606][T18468]  bpf_trace_run2+0x239/0x590
[  602.687615][T18468]  ? __pfx_bpf_trace_run2+0x10/0x10
[  602.687623][T18468]  ? __lock_acquire+0xb8a/0x1c90
[  602.687637][T18468]  ? kvm_sched_clock_read+0x11/0x20
[  602.687649][T18468]  __bpf_trace_contention_begin+0xc9/0x110
[  602.687663][T18468]  ? __pfx___bpf_trace_contention_begin+0x10/0x10
[  602.687677][T18468]  ? __pfx_sched_clock_cpu+0x10/0x10
[  602.687691][T18468]  trace_contention_begin.constprop.0+0xde/0x160
[  602.687707][T18468]  __pv_queued_spin_lock_slowpath+0x109/0xcf0
[  602.687721][T18468]  ? __lock_acquire+0xb8a/0x1c90
[  602.687734][T18468]  ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10
[  602.687749][T18468]  do_raw_spin_lock+0x20e/0x2b0
[  602.687764][T18468]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  602.687779][T18468]  ? rcu_qs+0x2b/0xe0
[  602.687788][T18468]  ? rcu_note_context_switch+0x192/0x1e00
[  602.687800][T18468]  raw_spin_rq_lock_nested+0x7e/0x130
[  602.687810][T18468]  ? preempt_schedule_irq+0x51/0x90
[  602.687821][T18468]  __schedule+0x307/0x5de0
[  602.687831][T18468]  ? copy_from_kernel_nofault_allowed+0xf1/0x120
[  602.687848][T18468]  ? copy_from_kernel_nofault+0x133/0x2c0
[  602.687858][T18468]  ? find_held_lock+0x2b/0x80
[  602.687868][T18468]  ? prepend_path+0x8e9/0xfb0
[  602.687885][T18468]  ? __pfx___schedule+0x10/0x10
[  602.687897][T18468]  ? mark_held_locks+0x49/0x80
[  602.687940][T18468]  preempt_schedule_irq+0x51/0x90
[  602.687952][T18468]  irqentry_exit+0x36/0x90
[  602.687963][T18468]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  602.687973][T18468] RIP: 0010:__asan_memcpy+0x0/0x60
[  602.687984][T18468] Code: 5b 4c 89 e7 5d 41 5c e9 7e d5 39 09 5b 31 c0 5d 41 5c c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 41 54 49 89 fc 55 48 89 f5 53 48 89 d3 48 8b 4c 24 18
[  602.687995][T18468] RSP: 0018:ffffc90006bf7ae0 EFLAGS: 00000282
[  602.688003][T18468] RAX: dffffc0000000000 RBX: ffff8880287a0250 RCX: ffffffff82423046
[  602.688009][T18468] RDX: 000000000000000c RSI: ffffffff8ba0b4c0 RDI: ffff88805e864029
[  602.688016][T18468] RBP: 000000000000000c R08: 0000000000000006 R09: 0000000000000035
[  602.688024][T18468] R10: 0000000000001000 R11: 0000000000000001 R12: 0000000000000029
[  602.688033][T18468] R13: 0000000000000035 R14: ffff8880287a0268 R15: 0000000000001000
[  602.688045][T18468]  ? seq_write+0x76/0x150
[  602.688065][T18468]  seq_write+0xb1/0x150
[  602.688085][T18468]  show_vfsstat+0x215/0x3b0
[  602.688098][T18468]  ? __pfx_show_vfsstat+0x10/0x10
[  602.688112][T18468]  ? seq_putc+0x62/0xf0
[  602.688136][T18468]  traverse.part.0.constprop.0+0x107/0x650
[  602.688155][T18468]  seq_read_iter+0x93c/0x12d0
[  602.688172][T18468]  vfs_read+0x8bf/0xcf0
[  602.688184][T18468]  ? __pfx_vfs_read+0x10/0x10
[  602.688193][T18468]  ? find_held_lock+0x2b/0x80
[  602.688206][T18468]  ksys_pread64+0x161/0x1a0
[  602.688217][T18468]  ? __pfx_ksys_pread64+0x10/0x10
[  602.688229][T18468]  ? rcu_is_watching+0x12/0xc0
[  602.688240][T18468]  __do_fast_syscall_32+0x7c/0x300
[  602.688253][T18468]  do_fast_syscall_32+0x32/0x80
[  602.688266][T18468]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  602.688278][T18468] RIP: 0023:0xf7f55579
[  602.688285][T18468] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  602.688295][T18468] RSP: 002b:00000000f542555c EFLAGS: 00000296 ORIG_RAX: 00000000000000b4
[  602.688304][T18468] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080002380
[  602.688310][T18468] RDX: 00000000000000fd RSI: 00000000000004eb RDI: 0000000000000000
[  602.688316][T18468] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  602.688322][T18468] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  602.688328][T18468] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  602.688337][T18468]  </TASK>
[  603.150678][T18468] CPU: 3 UID: 0 PID: 18468 Comm: syz.4.3529 Not tainted syzkaller #0 PREEMPT(full) 
[  603.150693][T18468] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  603.150700][T18468] Call Trace:
[  603.150705][T18468]  <TASK>
[  603.150709][T18468]  dump_stack_lvl+0x116/0x1f0
[  603.150725][T18468]  should_fail_ex+0x512/0x640
[  603.150743][T18468]  strncpy_from_user+0x3b/0x2e0
[  603.150758][T18468]  strncpy_from_user_nofault+0x7f/0x180
[  603.150771][T18468]  bpf_bprintf_prepare+0xe90/0x13f0
[  603.150786][T18468]  ? __pfx_bpf_bprintf_prepare+0x10/0x10
[  603.150800][T18468]  ? bpf_trace_run2+0x3e1/0x590
[  603.150809][T18468]  bpf_trace_printk+0xda/0x190
[  603.150824][T18468]  ? __pfx_bpf_trace_printk+0x10/0x10
[  603.150840][T18468]  ? bpf_trace_run2+0x3e1/0x590
[  603.150851][T18468]  bpf_prog_930ede9872f2967c+0x3e/0x44
[  603.150859][T18468]  bpf_trace_run2+0x239/0x590
[  603.150873][T18468]  ? __pfx_bpf_trace_run2+0x10/0x10
[  603.150882][T18468]  ? __lock_acquire+0xb8a/0x1c90
[  603.150897][T18468]  ? kvm_sched_clock_read+0x11/0x20
[  603.150910][T18468]  __bpf_trace_contention_begin+0xc9/0x110
[  603.150925][T18468]  ? __pfx___bpf_trace_contention_begin+0x10/0x10
[  603.150939][T18468]  ? __pfx_sched_clock_cpu+0x10/0x10
[  603.150954][T18468]  trace_contention_begin.constprop.0+0xde/0x160
[  603.150970][T18468]  __pv_queued_spin_lock_slowpath+0x109/0xcf0
[  603.150985][T18468]  ? __lock_acquire+0xb8a/0x1c90
[  603.150998][T18468]  ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10
[  603.151013][T18468]  do_raw_spin_lock+0x20e/0x2b0
[  603.151029][T18468]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  603.151045][T18468]  ? rcu_qs+0x2b/0xe0
[  603.151055][T18468]  ? rcu_note_context_switch+0x192/0x1e00
[  603.151066][T18468]  raw_spin_rq_lock_nested+0x7e/0x130
[  603.151078][T18468]  ? preempt_schedule_irq+0x51/0x90
[  603.151089][T18468]  __schedule+0x307/0x5de0
[  603.151100][T18468]  ? copy_from_kernel_nofault_allowed+0xf1/0x120
[  603.151117][T18468]  ? copy_from_kernel_nofault+0x133/0x2c0
[  603.151128][T18468]  ? find_held_lock+0x2b/0x80
[  603.151138][T18468]  ? prepend_path+0x8e9/0xfb0
[  603.151153][T18468]  ? __pfx___schedule+0x10/0x10
[  603.151166][T18468]  ? mark_held_locks+0x49/0x80
[  603.151179][T18468]  preempt_schedule_irq+0x51/0x90
[  603.151191][T18468]  irqentry_exit+0x36/0x90
[  603.151203][T18468]  asm_sysvec_reschedule_ipi+0x1a/0x20
[  603.151214][T18468] RIP: 0010:__asan_memcpy+0x0/0x60
[  603.151226][T18468] Code: 5b 4c 89 e7 5d 41 5c e9 7e d5 39 09 5b 31 c0 5d 41 5c c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 <f3> 0f 1e fa 41 54 49 89 fc 55 48 89 f5 53 48 89 d3 48 8b 4c 24 18
[  603.151236][T18468] RSP: 0018:ffffc90006bf7ae0 EFLAGS: 00000282
[  603.151245][T18468] RAX: dffffc0000000000 RBX: ffff8880287a0250 RCX: ffffffff82423046
[  603.151252][T18468] RDX: 000000000000000c RSI: ffffffff8ba0b4c0 RDI: ffff88805e864029
[  603.151259][T18468] RBP: 000000000000000c R08: 0000000000000006 R09: 0000000000000035
[  603.151265][T18468] R10: 0000000000001000 R11: 0000000000000001 R12: 0000000000000029
[  603.151271][T18468] R13: 0000000000000035 R14: ffff8880287a0268 R15: 0000000000001000
[  603.151279][T18468]  ? seq_write+0x76/0x150
[  603.151294][T18468]  seq_write+0xb1/0x150
[  603.151308][T18468]  show_vfsstat+0x215/0x3b0
[  603.151318][T18468]  ? __pfx_show_vfsstat+0x10/0x10
[  603.151327][T18468]  ? seq_putc+0x62/0xf0
[  603.151341][T18468]  traverse.part.0.constprop.0+0x107/0x650
[  603.151359][T18468]  seq_read_iter+0x93c/0x12d0
[  603.151376][T18468]  vfs_read+0x8bf/0xcf0
[  603.151389][T18468]  ? __pfx_vfs_read+0x10/0x10
[  603.151398][T18468]  ? find_held_lock+0x2b/0x80
[  603.151412][T18468]  ksys_pread64+0x161/0x1a0
[  603.151423][T18468]  ? __pfx_ksys_pread64+0x10/0x10
[  603.151435][T18468]  ? rcu_is_watching+0x12/0xc0
[  603.151446][T18468]  __do_fast_syscall_32+0x7c/0x300
[  603.151460][T18468]  do_fast_syscall_32+0x32/0x80
[  603.151473][T18468]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  603.151485][T18468] RIP: 0023:0xf7f55579
[  603.151493][T18468] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  603.151502][T18468] RSP: 002b:00000000f542555c EFLAGS: 00000296 ORIG_RAX: 00000000000000b4
[  603.151511][T18468] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000080002380
[  603.151517][T18468] RDX: 00000000000000fd RSI: 00000000000004eb RDI: 0000000000000000
[  603.151523][T18468] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  603.151529][T18468] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  603.151535][T18468] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  603.151544][T18468]  </TASK>
[  603.404448][   T64] Bluetooth: hci1: command 0x0c1a tx timeout
[  603.524571][T18468] bond0: (slave syz_tun): Releasing backup interface
[  603.724914][T18460] bond0: (slave syz_tun): Releasing backup interface
[  603.736359][ T1141] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  603.743364][ T1141] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  603.828831][ T1141] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  603.833171][ T1141] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  603.938885][ T1141] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  603.943258][ T1141] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  604.017574][ T1141] netdevsim netdevsim6 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  604.021709][ T1141] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  604.106510][ T1141] bridge_slave_1: left allmulticast mode
[  604.108425][ T1141] bridge_slave_1: left promiscuous mode
[  604.110259][ T1141] bridge0: port 2(bridge_slave_1) entered disabled state
[  604.113559][ T1141] bridge_slave_0: left allmulticast mode
[  604.115857][ T1141] bridge_slave_0: left promiscuous mode
[  604.117702][ T1141] bridge0: port 1(bridge_slave_0) entered disabled state
[  604.219973][ T1141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  604.224003][ T1141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  604.228892][ T1141] bond0 (unregistering): Released all slaves
[  604.540402][ T1141] hsr_slave_0: left promiscuous mode
[  604.542482][ T1141] hsr_slave_1: left promiscuous mode
[  604.544475][ T1141] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  604.546794][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_0
[  604.549308][ T1141] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  604.551667][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_1
[  604.556028][ T1141] veth1_macvtap: left promiscuous mode
[  604.557874][ T1141] veth0_macvtap: left promiscuous mode
[  604.559658][ T1141] veth1_vlan: left promiscuous mode
[  604.561420][ T1141] veth0_vlan: left promiscuous mode
[  604.664377][ T1141] team0 (unregistering): Port device team_slave_1 removed
[  604.681797][ T1141] team0 (unregistering): Port device team_slave_0 removed
[  605.088875][ T1141] netdevsim netdevsim5 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  605.092260][ T1141] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  605.188040][ T1141] netdevsim netdevsim5 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  605.191279][ T1141] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  605.237628][ T1141] netdevsim netdevsim5 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  605.240884][ T1141] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  605.339224][ T1141] netdevsim netdevsim5 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  605.343516][ T1141] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  605.431073][ T1141] netdevsim netdevsim4 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  605.435085][ T1141] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  605.507560][ T1141] netdevsim netdevsim4 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  605.510764][ T1141] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  605.577553][ T1141] netdevsim netdevsim4 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  605.580679][ T1141] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  605.649954][ T1141] netdevsim netdevsim4 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  605.654014][ T1141] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  605.735314][ T1141] bridge_slave_1: left allmulticast mode
[  605.737646][ T1141] bridge_slave_1: left promiscuous mode
[  605.739596][ T1141] bridge0: port 2(bridge_slave_1) entered disabled state
[  605.742700][ T1141] bridge_slave_0: left allmulticast mode
[  605.744667][ T1141] bridge_slave_0: left promiscuous mode
[  605.746466][ T1141] bridge0: port 1(bridge_slave_0) entered disabled state
[  605.749876][ T1141] bridge_slave_1: left allmulticast mode
[  605.751694][ T1141] bridge_slave_1: left promiscuous mode
[  605.753567][ T1141] bridge0: port 2(bridge_slave_1) entered disabled state
[  605.757729][ T1141] bridge_slave_0: left allmulticast mode
[  605.759513][ T1141] bridge_slave_0: left promiscuous mode
[  605.761303][ T1141] bridge0: port 1(bridge_slave_0) entered disabled state
[  605.822749][ T1141] bond1 (unregistering): (slave geneve2): Releasing active interface
[  605.919779][ T1141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  605.922705][ T1141] bond_slave_0: left promiscuous mode
[  605.925562][ T1141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  605.928572][ T1141] bond_slave_1: left promiscuous mode
[  605.930955][ T1141] bond0 (unregistering): Released all slaves
[  605.936840][ T1141] bond1 (unregistering): Released all slaves
[  605.940754][ T1141] bond2 (unregistering): Released all slaves
[  606.191503][ T1141] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  606.195783][ T1141] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  606.198965][ T1141] bond0 (unregistering): Released all slaves
[  606.282684][ T1141] bond1 (unregistering): (slave bond2): Releasing active interface
[  606.286109][ T1141] bond1 (unregistering): Released all slaves
[  606.382070][ T1141] bond2 (unregistering): Released all slaves
[  606.458089][ T1141] tipc: Left network mode
[  606.797290][ T1141] hsr_slave_0: left promiscuous mode
[  606.800322][ T1141] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  606.803276][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_0
[  606.806964][ T1141] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  606.809945][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_1
[  606.815806][ T1141] hsr_slave_0: left promiscuous mode
[  606.818635][ T1141] hsr_slave_1: left promiscuous mode
[  606.821272][ T1141] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  606.826517][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_0
[  606.830086][ T1141] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  606.833067][ T1141] batman_adv: batadv0: Removing interface: batadv_slave_1
[  606.840682][ T1141] veth1_macvtap: left promiscuous mode
[  606.842926][ T1141] veth0_macvtap: left promiscuous mode
[  606.845527][ T1141] veth1_vlan: left promiscuous mode
[  606.847675][ T1141] veth0_vlan: left promiscuous mode
[  606.850628][ T1141] veth1_macvtap: left promiscuous mode
[  606.852870][ T1141] veth0_macvtap: left promiscuous mode
[  606.856933][ T1141] veth1_vlan: left promiscuous mode
[  606.859096][ T1141] veth0_vlan: left promiscuous mode
[  607.003698][ T1141] team0 (unregistering): Port device team_slave_1 removed
[  607.025065][ T1141] team0 (unregistering): Port device team_slave_0 removed
[  607.339434][ T1141] team0 (unregistering): Port device team_slave_1 removed
[  607.364097][ T1141] team0 (unregistering): Port device team_slave_0 removed