last executing test programs:

3m31.875625042s ago: executing program 3 (id=3895):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f0000000380)=ANY=[@ANYRESDEC], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCXONC(r3, 0x540a, 0x3)
ioctl$TCXONC(r3, 0x540a, 0x2)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000100))
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)="5c00000012006bab9e3fe3d86e6c1d000014a10d00000000000004b68675f8001d000a00a0e69ee517d34460bc24eab556a705251e6182949a36c23d3b48dffefffffffffffffff60a64c9f4080003fe060100000400020011b53631", 0x5c}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x44010)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
fcntl$getownex(r1, 0x10, &(0x7f0000000300))
prctl$PR_SET_MM(0x23, 0x4, &(0x7f0000ffd000/0x2000)=nil)
dup(r4)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4543(gcm(aes))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f00000009c0)="ad56b6c5820fae9d6dcd3292ea54c7be8bbdadbb1632ea5704cae881ef915d374c90c200", 0x24)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendmmsg$alg(r6, &(0x7f0000000c00)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x40040}], 0x1, 0x8040)

3m30.973069402s ago: executing program 3 (id=3899):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0xd41, 0xd5)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000240)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x202, 0x0, 0x0, 0x2}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x109081, 0x34)
fcntl$lock(r3, 0x7, &(0x7f0000000200)={0x2, 0x0, 0x9d5, 0x3})
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e21, @rand_addr=0x64010101}, 0x10)

3m27.806913465s ago: executing program 3 (id=3912):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000083667d1040206402d14e0102030109021b000100000000090400000190f19c00090584"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x203)
ioctl$I2C_RDWR(r1, 0x2007, &(0x7f0000000080)={&(0x7f00000000c0)=[{0x7fff, 0x5850, 0x0, 0x0}], 0x1})
syz_usb_control_io$lan78xx(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, &(0x7f00000003c0)={0x1c, &(0x7f0000000340)={0x40, 0x11}, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000180)={0x2c, &(0x7f0000000040)={0x20, 0xe}, 0x0, 0x0, 0x0, 0x0})

3m24.908906239s ago: executing program 3 (id=3923):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
pwritev2(r0, &(0x7f0000000980)=[{&(0x7f0000000500)="be81", 0x20000}], 0x1, 0x5, 0xa, 0x14)
r1 = socket$inet6(0xa, 0x80002, 0x0)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000001440)=ANY=[], 0xc0)
setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0)
r2 = openat$sr(0xffffff9c, &(0x7f0000000080), 0x80000, 0x0)
ioctl$BSG_SET_TIMEOUT(r2, 0x2201, &(0x7f0000000440)=0x7)
r3 = socket(0x1d, 0x3, 0x1)
getsockname$inet(r3, 0x0, &(0x7f0000000080))
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2125099, 0x0)
connect$inet6(r3, &(0x7f0000000040)={0xa, 0x4e24, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}, 0x9}, 0x1c)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
umount2(&(0x7f00000001c0)='./file0\x00', 0x3)

3m23.949024084s ago: executing program 3 (id=3931):
r0 = socket(0x2, 0x3, 0x2)
getsockopt(r0, 0xff, 0x1, 0x0, 0x0) (fail_nth: 1)

3m22.358363773s ago: executing program 3 (id=3933):
r0 = socket(0x2, 0x3, 0x2)
r1 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000100)={0x3ff8, 0x0, 0x0, 0x4}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_buf(r2, 0x6, 0xd, 0x0, 0x0)
getsockopt$inet6_mptcp_buf(r2, 0x11c, 0x2, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x61637876)
ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0185648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0xa00904, 0x0, '\x00', @p_u32=&(0x7f0000000400)}})
getsockopt(r0, 0xff, 0x1, 0x0, 0x0)

3m22.256506015s ago: executing program 32 (id=3933):
r0 = socket(0x2, 0x3, 0x2)
r1 = openat$vicodec0(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000004, 0x3b071, 0xffffffffffffffff, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000100)={0x3ff8, 0x0, 0x0, 0x4}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_tcp_buf(r2, 0x6, 0xd, 0x0, 0x0)
getsockopt$inet6_mptcp_buf(r2, 0x11c, 0x2, &(0x7f0000000100)=""/222, &(0x7f0000000000)=0x61637876)
ioctl$VIDIOC_G_EXT_CTRLS(r1, 0xc0185648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0xa00904, 0x0, '\x00', @p_u32=&(0x7f0000000400)}})
getsockopt(r0, 0xff, 0x1, 0x0, 0x0)

6.997309116s ago: executing program 0 (id=4884):
r0 = creat(&(0x7f0000000200)='./file1\x00', 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)={0x20052f9, 0xfffffff8, 0x100802, 0x2, 0x8})

6.826375706s ago: executing program 0 (id=4888):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$sndseq(0xffffff9c, 0x0, 0x400)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
fcntl$lock(r5, 0x25, &(0x7f0000000000)={0x1})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r6, 0x7, &(0x7f00000003c0)={0x1, 0x0, 0xc})
close_range(r4, 0xffffffffffffffff, 0x0)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRESOCT=r2, @ANYRES32, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

6.406864521s ago: executing program 2 (id=4892):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, 0x0)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})

6.406641652s ago: executing program 1 (id=4893):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee4, 0x1, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r6 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r6, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x4, @multicast}, 0x10)
sendmmsg(r6, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000380)={0x0, &(0x7f0000000100)})
io_uring_enter(r4, 0x4e14, 0x913a, 0x41, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r7, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x70, 0x0, 0x9, 0x305, 0x0, 0x0, {}, [@NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x4}}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @remote}}}]}, @NFCTH_PRIV_DATA_LEN={0x8}]}, 0x70}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r8=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r8, @ANYBLOB="00000000000000001c001a800800028008000200080000003e12"], 0x44}}, 0x0)
socket(0x10, 0x3, 0x0)

6.405695065s ago: executing program 2 (id=4894):
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f0000000040)={&(0x7f0000000000)=""/33, 0x233000, 0x1800, 0x80, 0x2}, 0x1c)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000080)=[{0xd4b, 0x5, 0x7f, 0x400}]}, 0x8)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r1=>r0}, './file0\x00'})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, <r2=>0x0}, &(0x7f00000001c0)=0x14)
sendmsg$nl_route_sched_retired(r1, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)=@delqdisc={0xbc, 0x25, 0x200, 0x70bd2c, 0x25dfdbff, {0x0, 0x0, 0x0, r2, {0x11, 0x4}, {0x3, 0x2}, {0x7, 0xd}}, [@q_dsmark={{0xb}, {0x24, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x1}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x22}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x80}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0xc089}]}}, @q_dsmark={{0xb}, {0x8, 0x2, [@TCA_DSMARK_SET_TC_INDEX={0x4}]}}, @q_dsmark={{0xb}, {0x30, 0x2, [@TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x8}, @TCA_DSMARK_SET_TC_INDEX={0x4}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x3}, @TCA_DSMARK_DEFAULT_INDEX={0x6}, @TCA_DSMARK_INDICES={0x6, 0x1, 0x4}, @TCA_DSMARK_DEFAULT_INDEX={0x6, 0x2, 0x401}]}}, @q_dsmark={{0xb}, {0xc, 0x2, [@TCA_DSMARK_INDICES={0x6, 0x1, 0x11}]}}]}, 0xbc}, 0x1, 0x0, 0x0, 0x20000000}, 0x8004)
ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000340)={'wg0\x00', @random="b140a1fd0e8a"})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001480)={r1, 0x0, 0x1000, 0x40, &(0x7f0000000380)="dd78d4264ab269ed062a019a118f8c1895e2e19d6d3a03916830c0d25fafa18fd8b16b9f83e7ba6e321e2dbb2198e509f7caffc1d7292b560a2e395bc22772b1afd22319a1e30c3af490b9ef58e3dde4d2ff360e9386d3934925e6b0b42c467484419aed6ccfce07c96f5c40d7fda11ace1beec4c69515dadc0e628be3d386438e37520ee22515a102191f8d8d19f606a4a3e4b76935ef9bc824d757695f8cd8de0056813fd3c1e98c72f10a234791172196e5b3281341172dee6e08dfb4a1345c69c28d96d62b31335649a8c35d055b9065a4b852ff2882ad836624ef037c7af55717bcb61a05245e2312134c34d90e275744e6dc685c156b8dc1f565c15616dbdd4c35b43540273bd3d7d012fb0370871e4d969d27cfda2cba24b6a7b9e0abf22f2b81408e8dbf7f67fce6585ab14b62dea730bbf56a8f88ed6f056e71c1e9fd81f60ca20d68e727104c564e27be9505490f9593d108b5567b01529aafe0ab87e7a4a476b1b22c3fe6cf8a7426206cc73bf76085a05f9f7f9f08aeff54c047d043c9f4036cb8e5f5924a92d104a977db97a3073c65333d48ae1b8624cc773faf34c36491aef0145755a9cd9bdba7dd7e46a63386c0fc4cf64712ed8a46fb83d702b8911d14003e8626310e6b30f2ab31145a8cc65706fbdae837e244e7bca981eede23e5de3c8e4b6e33a8c6fa7667a6219464eb5f40546acf52dc736b3c2afd5d8ec0108cf545403cce769e18848721df3caab1a7827cc0084c5a77e62b486552d9e9192e224de6fee6e2d92afef629672677c53536ce0cd6591268430ab26ddd13d24bb8abf52579b484739422028bfa908105faf8c62763105cadd4599c0eda6f5a47fdbf0ee0571512e227c8768d698512de7a431a5d00b82e3a15b6f81d32da7a483f0e91beac5b2a47e55eb711cf04a01d2ec3c2132eed0cba44b65849feb145eb489f28ce029e736a01b04a3ee64256eb65413a393e055efae2502c1e1834130255c7c5bb5287eaea2b61c99fc6c77f2632efdd4ce8b115e1f17480e284233cb2dcf80815f975c4fc3bee614c65a54758d57a05b222c59c0752d25467fda3d338ac49ccc75bd9762405825ec0e310b7d451a42234af44ad2a3f4de0f0e46cd281ddd9b5d309b10fb77c42bcad0a0a2ce842b0cfd14d23d5e656a5f34e4024dd91ca5995f11feaa6474152310ab1c4ef3ba8cd1782e66f1a45caabfde0d83045b64522349aff342357b144e0ba5c710c8116d8ebc8040ebdccc3d3bba6b9eac6a06b39c2825ae61188ec6118d6c4629570b2cf967e2db1c99b08cf5b3908dca7ae8616ead360853c3479d9bca259934417f3fdf5a3cf5539234aad3831e28ab9089e92812108c97a841a4e17671679b9b361f54665c401873eab72310d68bacaebdf18e46f967b83198b694f18868c5fa2e61a41b730809a90737a9d9510c937f549e9d25a5bf06178af30519b0e312a9335f83f13d94964bc1f895a6079742eccd58f2a4965bdb0de1dea7ef44b70332988d9b49e0aebf5f77426c3aa8c2df00b25d0fc3d04f5e9d05cbd4c15e2a50f3cd11fc46444fb5e11836b508f9972d47c30ed0e53505d0d33c952ccdd1c83e2ec39c2e23de659ac0983f9aa3394458a3ba364beeaafe7e8e7cab9fc22cc31b0fbd73a4699db6d4e55939ecef6e997ae4d1ca7f41033b2255ebd0b5b56ca89e1a2a74d3d4ee3bc33108e15e89611b3db42d602de4db9e23860ebc13ba1b7f468334bb8f081da3703903a136c494290c1f9c2f2b3f3c1ee486d9c6384011109d8f9aea22c135da336c7d0e4b24ec9cc77a8410ee84355a3ea9b41bdb883d766b59d3784221060baea43c8dc4f69cf21337f5bfbb4929bc334901ee8282028f89b60bbb2dc13fa7a9fa2539dcd03188823102190eeae14cfe730e6d572284fd486c5852a831f03a1fd3ca3b1254ab9b5ddbc869ee71f3eba1f6393e22c339f504626205321bd98fe884d80aa43b149ee05bfc6ef95ebeef611294c3fa7b43ec12ecdeb73350b0d84cd3f8cbe073d47aac37b556c2b658382b490a7c5a980bad9d3561b332adb7f4df7f009bbeb33870f4027c4dce83c830614e4556fcf44081e35f11ac2cbe25c76aefb34a667f58c7d95d36d0e3a4a68ebc0eff153ea31acd70074c85971e1a48a8a503cf89d8cddb9b85e0f99758d989ad7afa18c860be20ee36ba637b2b8998fc7354879ef9a0d906f532fb9a52bd9da3f0592e04465e389d59574a16078932301e0034ff691daf2e47a799f22738e7e942a0ba2b6548f782a092a62471f2eae5f5baa836a83f287c9d0ae5884df0f6419ac6cf44c337be34912b5c5b1c069a2773eedee43a5a8cd1c1bb64b9c877a49dda538ff9e8e227d188d987a8da0d7e3ee854f0fe933e22ecc549de8b13a00f7552afcd8d4eae257e6959a19d07061e19337fcf85442f28e56034429877b388d80c142d69807b669fc79e9a619cf962f1097deffa2648a9359d956d8ac7aca455d78b430c934263c796c0db4a716b7b640538ec049d3c85a251d1cbd6aa493cae9485c974e6716bf5b5fac4de7594accab66c4892297bfbd50b96d84846c9ad1efb2f6841aa78f76c4ba0b1f3a8062dd6a7a18ff2a86f5a582978828952167db909e438751079bb3eb931ca6b28016c546640ebef17f2006206c1813a69dc21849a119630741e9a7240154d168e599faa8e289bc5e1c54ae63a40d69574d849e329627160e6b9e432ed7cd925e97021aec30430602b716458d3a1d8628a16fbf14d45ac238390768f4517e2007b4dbfe34f8db21228da0c0136c3382390e2b8045271a282bf49338b4765765e6207ac0db016b8587e2f6bb28c2697f9207c5a7585dd785b3e025b960444c8ce3baff9784ea36bc6d11dee9b7ced939192b986b47e818374103ad9cb041504698e9f28bbaf20348cad57757e61f3b948a6b605eb100d594ce2ab5f4af6a7c3967e1e249cd24595d79a724254a32c8466aa26b22cd5ccd0330d65ef6194af1f9093aacf22ccc96e1142fc15311fb2c92334b1aee74e7f195cad38d0371c6a3cacb402c8a4e921a08fe15d258fb54bafafd42bfd8003bc2cd2141a52943d8466ee2ea70867e35e51da8e95d82bda877f005ed159744f7d3f95a912f414eb79c64a6564fcf1bbf58c4452bc0d138a3a903001619f5aba1ed28559d70e9d3c932e542a3b1a3bf33155dced3c2af546ac2f3ed616a576613000a14aa5f0f48c03cf71f6aebb32da76dc1b8960ef10dfd2cfec7e4b254c281c30aa75068c57e52e8a9aa7b0d2ca343e06c7a3491039ff46ad8c2d177734dfdc99c4f813e74d1d0c65463209a70f68fff77f858bd0fce054229b4312640c1825423929fe39d9158e6705d2159ab765b1d16d6f931841335085b9e9d04953a8864e5482aee1cb3be4814eb7d17c6543871132c8990debddf4a283666121c3c441735af8d8b97130774f57a5f1f2a52193aec5417e727c1cb00db904ac50024c2bd3725439c4915da4e29701cb25bfc53b6c4797b9850ad66ca4301686f9970342260062fd3e5d28d7412e89911c1d7345d4b44a94cd38ee1328932c741e339e74924c86d17f08722fd208aef7b5688a91a02c22aefec49664765988e290088876aa5fac0fe03438b1e34b3a3e3e64d9da3e69847107c32b2d421b8d6fb5254bd6c0c610d6c467af65a51f93c915274b982517e463d67373a4f595c29c7f2cece15b3571d111e541b9226e3b3c9ab2bf83fc23470899b6c6b91009bf68da0948f935f198495e2c5647ca0449129bf883dd02fbac082d53cee52d27f4bdcc9c62acd3f3ee27e3f483a19b20919afdf4095a290ddd4b3d5c9dc4ede98e682ed871f1c6ac3b20e0072b2c50a153d3cf2cdbba3d166e697ae44426d82758b0b2743ede88097077f0a16503196832ef2bd2c8b3d2175d888ce398d877155a87211fc9a027f8de9d390abd54f1574a24dbf191f05f10d26efd599fe12030ea087c04e5ba27594f26b3ea3e5caedbbe85d44bfe04bafd0bb9137a6ed8f1e4acc988e873ac5f8840830e445649717c46979bb85691b3be023bdc1b13cea48b26393f76675c496fbdd55852873316ec347ddf49a3b8fce49660f1e1b8019590b95088b2cee03e6139d3508ee54143c7ba82330e474fb0d93ab8735d6303d3e71bc0476bc52da20b0f93453a50343b6f219bcd359c6a1c598fcf24c458b63cde33059716195b93430c072442db04cab00f191f948a536f364f43722367a0d64a71ad3777b31a0ecfc55034a6c8d5658008c516060b501150a28e53dea617868fc954a2f0243c1ecaf01709bd5ad8302d175d3c42a378656967411945cacb0e05f3aa27282d6562a35aa6f05b0e8288220c0fc831404201bf02d4218a56e29cc562b82ce79e24152dfa3a064c41b0077b85c8e70c2e58509a2d0dcbfc578eecade054db3a2cf8de3a8f71444e3af5d75382eb91ca1817786c1eac99feb70d9cafded47657c04e08a8e486952aa3ab4ccfcee7c5528cfd49b2d241967bbc276cd1377fb77ee51815c1b00f2022b3181367a030f792f3fa35867ee606b8df55c9fdfba0c8aa26e7af9e3a91a4667d8b24680addb856aa158eda5b95cdeafbfb1e8a28d922588dc045077f9d6fc87b31b52f5d0d95cb54b615bad7e2b3f39bf60d6a3dd56188a2df540f889672d7703148181ac758ac5a5d49ec162d73977238c1be854625ae446a24a09a475844721b6c61d9c2c702e25a8bd11cc58b4471d6b9d0e2be84070fd85b82270385969d604acfb49e8af59b603b72a6772daf14c8d55202a6d8a0ac46413f375618894148d626c2cc567d2a8c09b0a98ccad43f6b26b15bfef077843f60c782d296d84b65e94b35b320746c8b4b1451f7f0f403959ff99957c0490eec858a45e085ecc52da3a368c3381e1098d6180d8c1a43e167934990efb76eef3d59f35bd7489dfbf6420e7bcafa7c5313dc45ff3c836c78131bddc883807736e876b8adac24a33c4fc2c91c6be779a84e997fbff2ead2cc4f28d0ff94795ae8f6c1255e2d1d1427c7552f060b1afdf2bf38d3dead5adb9dad0f7b1db1ed7207eda045e33a705eac4cf8c0d7a4dab001a39063e40c7acff54865ee1f113a7a1cf12a5131416c5429e756b2a5f8c48f571128fe008ad22bbe13f01424579ebf21aa3b3b89b034788754e5ecaf3ef97c2911bfa87050abd3445f5ed9c0f9e483d29d2f645799d7c966c79d22c1242040c985fe739bb46cedbad83b4bf3529abe9871a9455e683442a40b1115b27053fe916f86a29801dcdd6ba1db8408340d6506fed3558941da5539b8bb163532a9cf7667a9789fe5c5ff9b889610e2f212baba6bbcb0cc94672707c4e2eac59de61d7480ab490a4427d0da9910fa48c3dadc81be10597ee015adfaefa6d901e7276d451e7d300b64e5fc69f1c540dfcea531e5924d73757303d856b2151a58d608978786c7fbebb1257c59bad721a9fa0d587046bb1ff153c4e5f1aa77b2eba4dc8f3022abf233e535085a274194980781675ebb10b1848352426cf63c0aeb7d03e90c7b8641590d57b6b159036b22c4ed3de64db249ffd8952dfeb0c1389c97fcc6de6e7e3c29e2ee599010a87fe1452b201915082577214afa5e05a7efea8e58361ed3e45fbc7c17590b795d13cc9b210044e29ebe08a09b1e2641d89e506ea137e110af7ce2541609b0507a171535ba3e0ee72f2c4b36ce116574d3cbd413668f4605701ea8cd886acc97be8c4295d6e4f9fa0ae1398030ed0e7e4c89cd80e1eb6567d61dd", &(0x7f0000001380)=""/64, 0xfffffff7, 0x0, 0x61, 0x17, &(0x7f00000013c0)="6aaaf01c91743f2d1e2bc00311bda3af855b1d84caff8ef7bfb729fedade94d4f7ffe4f75a8105451bc1c83e38d8173a59719c66b02ec3691251a7b6747650fb585f1480a1f51096ccfaf46479fa3057426878eef6eef5effef7c7159ccd8ef0bd", &(0x7f0000001440)="97bc95bf403ba19eb100d84eee186a1a6467a988a76549", 0x5, 0x0, 0xd3c1}, 0x4c)
setsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, &(0x7f0000001500)=0x7, 0x2)
recvmsg(r0, &(0x7f00000016c0)={&(0x7f0000001540)=@generic, 0x80, &(0x7f00000015c0), 0x0, &(0x7f0000001600)=""/162, 0xa2}, 0x2243)
accept4$tipc(r1, 0x0, &(0x7f0000001700), 0x180800)
statx(r1, &(0x7f0000001740)='./file0\x00', 0x2000, 0x2, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000802, r3, &(0x7f0000001880)={0x5, 0x231, 0x1, 0x1, 0x100, 0xfffffffffffffff7, 0xe, 0x0, 0x6})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001dc0)={r1, 0xe0, &(0x7f0000001cc0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000001b00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f0000001b40)=[0x0], &(0x7f0000001b80)=[0x0], <r4=>0x0, 0x1c, &(0x7f0000001bc0)=[{}], 0x8, 0x10, &(0x7f0000001c00), &(0x7f0000001c40), 0x8, 0x94, 0x8, 0x8, &(0x7f0000001c80)}}, 0x10)
r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000001e40)=@o_path={&(0x7f0000001e00)='./file1\x00', 0x0, 0x10, r1}, 0x14)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r1, 0xc018937a, &(0x7f0000001e80)={{0x1, 0x1, 0x18, <r6=>r0, {0x9}}, './file0\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000001f00)={0x1f, 0x9, &(0x7f0000001900)=@framed={{0x18, 0x0, 0x0, 0x0, 0xc0, 0x0, 0x0, 0x0, 0x8}, [@ldst={0x3, 0x2, 0x2, 0x2, 0x8, 0x30, 0x10}, @map_idx={0x18, 0x4, 0x5, 0x0, 0xe}, @alu={0x7, 0x1, 0xc, 0x5, 0x4, 0x52}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0x4}]}, &(0x7f0000001980)='GPL\x00', 0x6, 0x87, &(0x7f00000019c0)=""/135, 0x41000, 0x44, '\x00', r2, @fallback=0x1e, r1, 0x8, &(0x7f0000001a80)={0x4, 0x5}, 0x8, 0x10, &(0x7f0000001ac0)={0x0, 0xd, 0x4, 0x9}, 0x10, r4, r1, 0x0, &(0x7f0000001ec0)=[r5, r6], 0x0, 0x10, 0x52}, 0x94)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000020c0)={@map=r5, 0x31, 0x0, 0x2, &(0x7f0000001fc0)=[0x0], 0x1, 0x0, &(0x7f0000002000)=[0x0], &(0x7f0000002040)=[0x0], &(0x7f0000002080)=[0x0, 0x0, 0x0, 0x0], <r7=>0x0}, 0x40)
r8 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000002140), 0x4)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000002100)={@map=r6, r6, 0x24, 0x10, 0x0, @void, @value=r8, @void, @void, r7}, 0x20)
keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000002180)=""/154, 0x9a)
ioctl$FUSE_DEV_IOC_CLONE(r6, 0x8004e500, &(0x7f0000002240)=r1)
io_uring_enter(r6, 0x63a2, 0x6ec6, 0x10, &(0x7f0000002280)={[0x7ff, 0x9]}, 0x8)
ioctl$BTRFS_IOC_RESIZE(r8, 0x50009403, &(0x7f00000022c0)={{r8}, {@val, @max}})
ioctl$VIDIOC_S_CTRL(r6, 0xc008561c, &(0x7f0000002300)={0x292, 0x3})
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000005e80)=@filter={'filter\x00', 0xe, 0x4, 0x2f4, 0xffffffff, 0x1ac, 0xd0, 0xd0, 0xffffffff, 0xffffffff, 0x260, 0x260, 0x260, 0xffffffff, 0x4, &(0x7f0000005e40), {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x3, [0x5, 0x0, 0x1, 0x6, 0x5, 0x5], 0x5, 0x4}, {0xffffffffffffffff, [0x4, 0x4, 0x7, 0x4, 0x0, 0x1], 0x2, 0x6}}}}, {{@ip={@broadcast, @multicast2, 0xffffff00, 0xff, 'geneve0\x00', 'rose0\x00', {0xff}, {}, 0x33, 0x1, 0x42}, 0x0, 0x70, 0xdc}, @common=@unspec=@NFLOG={0x6c, 'NFLOG\x00', 0x0, {0x9, 0x5, 0x9, 0x0, 0x0, "24a37ca4be81229748f3f7bef6affd39cdbed8cb5f23b653631c65ae6b319a5492781867a1f85211cef9e318654673096fdee72bbdef272e0dd1ff05a620b6bd"}}}, {{@ip={@loopback, @dev={0xac, 0x14, 0x14, 0x16}, 0xff, 0x0, 'vlan1\x00', 'ipvlan1\x00', {0xff}, {}, 0x5c, 0x1, 0x41}, 0x0, 0x90, 0xb4, 0x0, {}, [@common=@socket0={{0x20}}]}, @REJECT={0x24, 'REJECT\x00', 0x0, {0x3}}}], {{'\x00', 0x0, 0x70, 0x94}, {0x24}}}}, 0x350)

6.326449507s ago: executing program 2 (id=4895):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$sndseq(0xffffff9c, 0x0, 0x400)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
fcntl$lock(r5, 0x25, &(0x7f0000000000)={0x1})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r6, 0x7, &(0x7f00000003c0)={0x1, 0x0, 0xc})
close_range(r4, 0xffffffffffffffff, 0x0)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRESOCT=r2, @ANYRES32, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

5.002964037s ago: executing program 0 (id=4896):
r0 = syz_open_dev$swradio(0x0, 0x0, 0x2)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1})
mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000030c0)=@newtaction={0x10f4, 0x30, 0x1, 0x0, 0x0, {}, [{0x10e0, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9b, 0x11e41e7a, 0x20000000, 0x6, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x5}}}]}, {0x4}, {0xc}, {0xc}}}, @m_connmark={0x1050, 0x1e, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x0, 0x9, 0x7, 0x4, 0xae}, 0x10}}]}, {0x1004, 0x6, "2cae48935f36e98c3f8b2b5ad87b70205e1e8172ccabf0ff2438c0ee0f2f1fee8d60c345ccf88492f48854ebaab912d89f056390c4d22c23e52b55c5d2fe13bb3a9548d8f327f1e9f3668cc800bb88cda018eb053376279ef1d9883f9a3582d3b4a20539be37096925722627af25822cf6515e2910882370a6e436ea617f010c534f1df9967392701585368f02c57296521267ac9e99505ee693dad79426ee19568ef99f7a8523b0bf5b80aee21ab7963fb70f0f96eaa1b9e5b51b1c3e4b8fea0cebd94361be52fae96deed73245974e628a7b47fb1a848e8addeee0ea8757c1457ad0c0dfedbe13ae0d8a4d6a152f9ffc7caffdb5c57e63a34886e26532eb11c648a6747a684aaacac00a89daa6fd5ff4ecf0cbcca119182783e068f3d38c505e0abb3e87106f49fe9499651981da5f3b85d2b0a3febf0b0f57bb232f604a0e9c252520bf46fb742ba536cd387ffb92a8c7b34fe7d531723fedd1c57a5d432a813b9873857abcf8b5841938459e1d3272ad21a25b6e91c280ee435683c830616a3ddc2fb983243d9a32cfc666c7e468cfa78e53fb8375250e6136992688c74468dba2c7f61c2c51cfbf0a35f528d71e54365b9cfc4a4cc2e46b464d2b2571724c4341c3f236f9450da94325700e71cd6fa8d604cc52d6da54fc7e6053c2e213f997c00676f2a3d442aba49b2c1c2e265410d0e4b24be0477f9b99166a608d4d1e35965054061ddd650425b0f2e5cdce0138e464843b48767c64b890fc5eb83c85908fb03f69e07cdc0f677ecd0a0fc1e2b10c6d77738a15cf3df2bcd2cab623b7cedd73b03236c92ac86c76f65e9863920e6db6a3a9ad84e73e94ab3074a62741f15b1285d06170fd6a47a941eb7da24902ad651e7679e03176732868658daa9236f2ed9bdf01864bd5daee1096a1cf67cdcea001e6a60969eff7a2c479821efe1780827bec6d698b9b2a3654ae55685d54e1d53e1eba1e2b57fea46a78fb8bc1596f1ad405b471340b92f673ad5268c3ab6c524b15a69f294394a5a4721bc51c8da26c785ec2ec5f8a8c8125c658342660445f9fc7518a671c8239c21b3584b44daf4a69d6fc9fa2ff4a7c3121f7cc052d452d3af5bf0393802063fc82cfd9badb7c4523d73631e36b3cead694ad1bc701d88bcac4f86a5acbf0520625cb553bb372eb5a368739225a8a5dd1026ab3a066cb92382e96d912b1abd2a8e1705eac3983e81fee537744f1c76e512dd39b1331bc28b49fe888f3ded23b7dcd3cdcac044035768ebf7875cadc8ca942c5c83064e696ec5aea10dd07f9094f5aa53ef58ced8de7fd5bd1afa0bd2f22bf0c2be6b1666757ac5fac565d60a59398d8d6a3f6c76650fa166fa3448f444388aa6e39e2fcca8966c83460776116bfa30fbca6a0da26d56f5341d1f909fa6c89daea6dabe09df0ed83d14d9524b209ed0bc110c8283b7bcc182049715278619a398abb10eaac95b598e10be84c76a2a394441047f13763343accadd6a591726e503f8291e04998f9b28a2d61cb8facb8a7a6b388074e7e6d983a15ff661c6e344b20650b9724373b7d06d5bc70f5be5f4f89e837b71f98560cfcde37629db776b07297909e07236764d0dcfd82c4cc0a6a582ba3e1fc91941cc5985a5d9f458d8e1e8db971b8a800a38fb66887ae5760667c960dd896c9222415d94a7def68e7be374c634291379581420f444beea4c8e74e1c42c4ec37b81c5d169e06a291113b21d9515be6ddc9db47e5166cf7a9d0323da42cd097a98aec140a3a6671ac6173768a7541dc0d7c79bd31c89cce74efa7d902ed2d5b8a5d560f6c78cc79615f556815f29e665935eb43774715bcf15c26fae32a2bbfb14927ccec9ddfbf24f40b58ef7d993c4d0ad3640f417b4a038d336ccc24fe58a75be61214bae3f15605edce06f7e7a716cff7005798382937a4b9006e155600fb33da1f051f39a217b52b54b72e64f11458599f7dff9b5f20874f6b4d13d6c1df5a98473b18e858587a26315a032eacc18afe779088ad63c511e2cad2ffa4ccee2f3ac6e940c659b1c21307e362a011c55ffc37c6841c26d1d8466a71d04b617f8b0cc634d7b39d1c7763fb7fd96a798c2041103be9d9846fcdede8261a86d1749c425012c1a3163a6e9863a18ac2bcf2949bca1b0344b5cc529f6903780328d9684e295deff8be8e811a8e8a68548408ea0aad6ccd1d60113a36f85edd58ef6070a58f88078b58459bcb5fdde0f4b4257a7e87444eb39e6333b0b2f8caa36faca14ba45e193ce7d3de77a018adc2ee462b2c33a8396cecde61c6fe972f3262742ef04071a91199c3712e751159c1ebb69314e6085296db45abfa3c9ba865c7254f24077623900dcd70c7d2fc2e5c6fbb92e4c6a807a794100020dab96152ac1a5ac41476f7a51c98103148d66924db076b360f835a3684b8004bfc3e9a813967d25cda6f2922d49c824addfa0fd86fc9e35ce8c3b79b80a887d08f9e61d6fc0ea8e5da6b99891e11feec7ba198d22fd2182cf8b99a70fb76a1eb2f7079218bdf16aa741499f3ac9d8a8aeccc45093abe5aab5e6ea9de9d8676cf37d04f558c3d2447214b736fae724c5c0f4abac436b83cb88aa6f5ff352977d96f8bad789e3e128e88c2abc060ffd6aa3b2739a6b1ec265e7d6dfae7b0d77bb7798e45084c4c9c3b98ac74b2cd4c33cadbf035958c9760726888876602f6e96b129f3c187334de600183e712bacf5003e9b935e5b3d2f9b43348f16d949a01dd93f6fb8704caa1a4f9808cf8fe99fdce27d1a109687c115a1badae21ddc052119f5d2c6a1f0fe28b3c2fbcfc4d3ae455022aa38c9691c171d9d90a88425cebed98f0d1d1b7c9612b9701ab0ff4facfb92a93cd0e97860d1f766318fc4e2ff3c8be7b4664c15f0cde16397ff321be8aa9cf91118ae7ebdb4d71f831bfc585e3f4fbbc18a789c5ca20e0352146fa15ea714f113ac8e1ac7f34830a24f7de7c5f35822ad18b38d3fb8dca4c4a0b3aa4c1da7afa4d6a6a33d9dcaa8c06618db39e40adb32a627f193a50bc6c66b87632f10a42e2e2ca11375749a766c9d5c308822c28b94924f6fc3ceffb6f13e0ab9dc14949f394f03eedb265a550378675ee8002fbb35da592551d9e124d84d9417212a2f540b8e9cd30f6d54c32ec79d65f60fb655604037e976d52cbc5be48e44eefc722f81f1720b324c8938ec59841f83420f1aa906bb2e6b6c8e7fc6a1755b323beeac64d408c49ae27d49ea9401ff41aa9728ce67a28f24a21966d0834955e603b9e289f226c2d951c62706f03ac220986e869134af2b947b6bc9a1b055b47cfc0ef0b9487706d21b3e497d1a1ee82e67910b0e737d68a9259a01c934208dc69dbd61afd005d51fff34664bd4582db8ff04bf41bd94980de4ef14380b3fe173d8a0cf3bd6520dac599be654a033fec0129da92386e08357e78951bd5784710649276e37d7fdd32b4c795f06f4809237631d4f66b332e517b3b28501198864c98bb2a35590e92b8b49b0c0c3535b0bd2a8c303b4905366a6b8f81c1e4bac509293ceb9bec909ade0ad5da532bc03fceba01675e10924cff13254c7ba0806792fc1eda2790433dab9ae910d96afeb25790b7b4e54d520a2deea8a76096a7da1dc3427a14964ff7394c66ce448ee5f5e870ff99cb92bf314eb8d14c1f6dbd3e90780cb18bf6a9dcb32b2190c7225e62473568b1c0dd4b51d298b9b490a6c59bbd3b100ddebe7fbde3aa08bcb819e171fca528561c7ebe606a30152dc558df030d855e825c7f02c425ce4f4722024638e20c3946249b462aebfaa5cee0ac4518295d513a155a1a1b876a0283b912b4f5a745e6bd476eb652d9c07f14dffca9eccbfdf12b2260d566082d26c82fb19e4b248c466f5497d928cc09700772c5ab67a2c76c6e13055a3d8eb413f64b97a8c2483552f535c0e28cd7cd0545ee34d75e011703f5fb4e4f7fff64b8768402166ee895f7d137cc22995a4aad3795b2ac71c4f986f76dcf1b8201033ada94d96d063a1928997e1714e6648c182b8c8d7334e4b092f8b9e2b37355174c6011b7aeb572b169b741f6a890927c121dfbde781185051f2ffe016995fff96c585dd0c6b9b667ad9df358e77108054076c5edae40d2384350f63eeaebf68692869cc904020d946dc895a772bb0cdc8bea62285d8d08a3fb44dbac0bb44c9edf3d9f819bc7fea36e01214c31a5ade10a1e17fb1b915e821c00ba48cc0752cd06e4d2257e857cbc49e646fbaa5644571f6948e2b0b589af993a2cbab7b3ee66c8d65276049769cba2fea7810d90bb07492ecbc4deb926dbac3572b49d15419f63f6b5363dfad532ecfa602e7da0fb3a8d09871d886307a4bf2c2b465eda4df656ba6cca62699b502ac141730685ee9184fcbf4f9e76307605c4850eb2f2f13a666b574dcc42eee617f0094b2fb2877b64c700921f41b2908c90478533542b7c8cec87f991d0a23cba047d500c9783a7a1ccef04aae37cf8e1c134424f20bd6fd48504abe296b0d2d20ee2b66f39a3c8d2b1f35907957a1945f8be3f8326e62d6c520cc08ba5c27054bc2127fddd4c06536fe4641d59020fb04cc0a10a1550b69ec337f96d173687d9387f79a8363767facc3cb1298c0adb3ea56649c0cf25949e426c8e1b92c1c2f6bed573e5a2ae9434a883988f2ef5ba05b759c19d95fbbd8a024180b985fe0d99f3a4290777d5c0b343f25e2309f8c65d0e5a359586ce2102bcba2569adef4d1314c4056f2be4bdfdc97f1732053108bf3dc69cb094390187cf936811e7ac826c3a84689b89c0f780549f2eabce5af2db133f58cb2e1740f1e8c9170007d6a962c35d691e8e9ed8b3219e336b56ca283427d498d30e9abe8236a55c0be5fda59160d94829b4add69a611378dfc64643ca8bf19529c551ef28e468a20f7a46e4d087ee67cf15a2f94a673185d210aae2a053bd8bbcfdd7b95fb140aa1ed4c0b0ada3a4a712121b912c64b0e63a404f7ad7d0776a659fbccaee969541b4362077a3d34dd805ccacb07e016bca1c2335bd07d16ae12731418ed1d42a1e5f8ed163bc27048b664b7705dca2fe5c1118081a0d533c70305944dca5856871e4a0c541ada409058cdadded8b4b9f6adbf25c898840ce7bb95d91ac94503f83af9cd0d30766bfd42c6c9b82305393722138c258b8deee227ddc2823ed368bdd28800046ec3b42bcf8c769a4497906527a07ac95d68e0abc446b84f5921fec019d06a6f4e9769bda1dc19f1fbb428544d33b5c0269176f8b3b1aef1442f2aee0bacead5e33d3d62047b040b5b7297687e3c10ad274170c22bbfa922fe5d261c256744d65e71da4ca2240a579854eb6eb8e9bcda272e1e5f4c8d081ef16310f937ceb122189b986e7a409678f7be1f09dd62e4f65706212d0ffebf919028bc2f66fdf948a7929f968bf743895fdb5394877629d81b07dc80ea0b60116c9139b6b73489fe2538dcde4a668c13ea8e23791fdef7b03e714edc9d5b16f7c2ff7dabbfc9cb453475eb3b31e67f1c65417e8ceb2a457d58a61285c6a272a268472d44df820455b4b5c08f599539ddc66e095afe620475d544771d743c6e96c61039e6fff6955bfaa9b9379e7282982be11361e06ce0f6631b0124b6e57c327ef4faa972c7fbec83ced7f0a15fb127068e12159ae15c18871732ca24f5ff0329e8140768fb96b6d96d1812bb05ad345508406cc18209d828cbbb577d8bdff27af2babc1d08b405f024b2a0ea975a71c502aaaef5ac32eddac7a4fb0acf5f89074e48300171d1320ec5e"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x10f4}, 0x1, 0x0, 0x0, 0x844}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000a80)=ANY=[@ANYRESHEX=r0], &(0x7f0000000100)='GPL\x00'}, 0x94)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0f030000040000f0e638e7389ed08c92ee000800", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000001c00)=ANY=[@ANYBLOB="1800004a88d459afaae2a20ddca0d7d52a269b00000014000000060000004567afb165da5992c123f5bb4408b3c5142e1a71f572d0facfb2f1a8e7d07b97f6f92437ef08ec7ee8ba87192f7bf6a55a3c23b8dd2a536bb4bebbf41e40d535bb11e363cbadfeb642cfacc50fbcb54befa4a8038915e298b34f0bff65fdbb621bdb8cc6ada8ffcaf4c0f97667c6659a04703af4d2cd93e26b377a25c17159919fbd4d58f0e4e5ebcacd1e6c644eb3165d4952a963c78e83a544e3be8151b54d400b3c311f3ee9292a8ca26a1408ff67e31e7e845e3adbfd545b34a40c013e5c0cfce80fab10f9d1cfa045ca7be0750ac30fa9cf97bc8ce509795992449cbbd86f5dc2eb386e6b86a782d1b6a73cc9042cc9cbe3c200010523beccd1e447aa52d92077a48aca259588cc795d166b66536b329fabede4bcf299d98084eafb590b7bb067da96efc7794fe9504b0b962d37347542062fbe4234ba88da104000800c7ac6038c653e8b1c41f8bb062fa240e6efcaaba68ed2310b7aa701164e1a5d5c30d4ec30a2b3bf8d1967251596d5cbdd3cb8344e30eb828d68a90fe64df420a61bc9c1a6749f9c48912fe4996114bec0606b6af495dac29caf9de87a03af", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
r7 = bpf$ITER_CREATE(0xb, &(0x7f0000000100), 0x0)
close(r7)
r8 = socket$kcm(0xa, 0x5, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="000000000000000000e8ffffffffffff05000000", @ANYRES32=0x1], 0x48)
ioctl$sock_kcm_SIOCKCMCLONE(r8, 0x8916, &(0x7f0000000000)={r8})

4.867366906s ago: executing program 4 (id=4897):
r0 = creat(&(0x7f0000000200)='./file1\x00', 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)={0x20052f9, 0xfffffff8, 0x100802, 0x2, 0x8})

4.866819598s ago: executing program 1 (id=4898):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
socket$rds(0x15, 0x5, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$IOMMU_IOAS_IOVA_RANGES(0xffffffffffffffff, 0x3b84, &(0x7f0000000000)={0x20, 0x0, 0x0, 0x0, &(0x7f00000022c0)})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r2 = open(&(0x7f0000000580)='./bus\x00', 0x80242, 0x100)
write$FUSE_CREATE_OPEN(r2, 0x0, 0x0)
sendfile(r2, r2, &(0x7f0000000080), 0x7f03)
r3 = open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113)
r4 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r4, &(0x7f00000003c0)=ANY=[@ANYBLOB="0007000042009103"], 0xfe33)
recvmsg(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{0x0}, {0x0}], 0x2}, 0x120)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0)
pwritev2(r5, &(0x7f0000000680)=[{&(0x7f0000000200)="05", 0x6a000}], 0x1, 0x6000000, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x37fffee, 0x4002011, r3, 0x40000000)

4.60696576s ago: executing program 4 (id=4899):
r0 = syz_open_dev$swradio(0x0, 0x1, 0x2)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)=@deltclass={0xec, 0x29, 0x400, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x8, 0x9}, {0xffe0, 0x7}, {0x5, 0xffff}}, [@tclass_kind_options=@c_clsact={0xb}, @tclass_kind_options=@c_mqprio={0xb}, @tclass_kind_options=@c_qfq={{0x8}, {0x14, 0x2, [@TCA_QFQ_LMAX={0x8, 0x2, 0xc5}, @TCA_QFQ_WEIGHT={0x8, 0x1, 0x4}]}}, @TCA_RATE={0x6, 0x5, {0xff, 0x2}}, @tclass_kind_options=@c_hfsc={{0x9}, {0x74, 0x2, [@TCA_HFSC_USC={0x10, 0x3, {0x0, 0xac, 0x9}}, @TCA_HFSC_USC={0x10, 0x3, {0x1, 0x2, 0x7}}, @TCA_HFSC_FSC={0x10, 0x2, {0x6, 0x400, 0xfcac}}, @TCA_HFSC_RSC={0x10, 0x1, {0x0, 0x3, 0xff}}, @TCA_HFSC_USC={0x10, 0x3, {0x0, 0x9, 0x34291956}}, @TCA_HFSC_USC={0x10, 0x3, {0x26e, 0x880, 0x200}}, @TCA_HFSC_USC={0x10, 0x3, {0x7f, 0xfffffffa, 0x3}}]}}, @tclass_kind_options=@c_multiq={0xb}]}, 0xec}, 0x1, 0x0, 0x0, 0x844}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000300)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x4000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x1a, 0x8, &(0x7f0000000340)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, @fallback=0x26}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[@ANYRES32, @ANYBLOB="8bbf30286fc0df6a22a3de88a4b505f4e4dbb89a2a51aeb31eb8a11c313ae5aac27c56d8a17bfa1f9e99ea7d92c96471c72527e1c3b7160cb039c69c6280325707ce0326f8fd847756b41435a45ff81680171e", @ANYRES64=r2, @ANYRES64, @ANYRES8, @ANYRES16=r3, @ANYRES8=r0, @ANYRES32=0x0], 0x48)
pipe(&(0x7f0000000040)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x0, 0xc, &(0x7f0000000a40)=ANY=[@ANYBLOB="1800004a88d459afaae2a20ddca0d7d52a269b00000014000000060000004567afb165da5992c123f5bb4408b3c5142e1a71f572d0facfb2f1a8e7d07b97f6f92437ef08ec7ee8ba87192f7bf6a55a3c23b8dd2a536bb4bebbf41e40d535bb11e363cbadfeb642cfacc50fbcb54befa4a8038915e298b34f0bff65fdbb621bdb8cc6ada8ffcaf4c0f97667c6659a04703af4d2cd93e26b377a25c17159919fbd4d58f0e4e5ebcacd1e6c644eb3165d4952a963c78e83a544e3be8151b54d400b3c311f3ee9292a8ca26a1408ff67e31e7e845e3adbfd545b34a40c013e5c0cfce80fab10f9d1cfa045ca7be0750ac30fa9cf97bc8ce509795992449cbbd86f5dc2eb386e6b86a782d1b6a73cc9042cc9cbe3c200010523beccd1e447aa52d92077a48aca259588cc795d166b66536b329fabede4bcf299d98084eafb590b7bb067da96efc7794fe9504b0b962d37347542062fbe4234ba88da104000800c7ac6038c653e8b1c41f8bb062fa240e6efcaaba68ed2310b7aa701164e1a5d5c30d4ec30a2b3bf8d1967251596d5cbdd3cb8344e30eb828d68a90fe64df420a61bc9c1a6749f9c48912fe4996114bec0606b6af495dac29caf9de87a03af", @ANYRES64, @ANYRES8=r5], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x64, '\x00', 0x0, @fallback, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={0xffffffffffffffff, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x3800, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x141091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x19c000, &(0x7f0000000480)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@xino_on}, {@redirect_dir_follow}]})
rmdir(&(0x7f0000000380)='./file0/../file0\x00')
kexec_load(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x7ffdd000, 0x8000}], 0x320000)
mkdirat(r5, &(0x7f0000000280)='./file0/../file0\x00', 0xb3)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000040), 0x6)
ioctl$sock_bt_hci(r6, 0x400448e7, &(0x7f00000001c0))

4.47494864s ago: executing program 2 (id=4900):
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x8, 0x2, 0x0, 0x4002004c4, 0x1004, 0x8000000000000000, 0x1ff, 0x0, 0x1, 0x7, 0x2000000000000000, 0xb3, 0x8d], 0xeeee8000, 0x2010d3})
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x312000, 0x800, 0x0, 0x5}, 0x20)
ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x40000000})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

4.187016884s ago: executing program 2 (id=4901):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x45})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@getnexthop={0x20, 0x76, 0x401, 0x0, 0x0, {}, [@NHA_ID={0x8}]}, 0x20}}, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000180)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0c66ed0f072e0f01c248b820450000000000000f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x68}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_IRQCHIP(r3, 0x8208ae63, &(0x7f0000000880)={0x1, 0x0, @pic={0x8, 0x7, 0x8, 0x14, 0x2, 0x1, 0xc5, 0x9, 0x28, 0x2, 0x1, 0x95, 0xb, 0x8, 0x8e, 0x7}})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000200)={0x1, 0x0, [{0x4b564d01, 0x0, 0x1}]})
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000480), 0x40, 0x0)
r7 = socket$kcm(0x10, 0x400000002, 0x0)
getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, <r8=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
r9 = openat$vicodec0(0xffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r9, 0x400c6615, &(0x7f0000000240)={0x0, @aes256, 0x0, @desc4})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0f32cb1e79a5fba5ca1e4867e27d6b5494fc44d389b4ab0f81abf72a0b1301adaee12a3b32ff4adf259c7dcfde69992c2d2083b98b33951c27b7ff9860abd37548d65c690f7982208cb4bee2a138d5390294bc3799d1b5df1967727629aa31e58a1b0de31dbe525b52b1db12f501dbe5a363ccb6613eef64e6b6997ef11fc0f3c2b5b2dc2b887ddba0e940d282068ca610e9fa18f2fc1d4b4d3d8f64523755589c2fa2f988723c8e7a07cbdd7b22b58a6eebf150883c02c470203eaed2f27b357b4bd121d246cf2045e905f5d6db00899147a3fbb332a3cd9a724e447bbc540c8419aa03cca2c84b03452b3c9697efc8db502e2dd635ba8719af475e6515b0d78eb9f973ac8cfaba3027ace6d93d07e398e3da92e1bcb96365fe1504a9e093c36f514776825f91271875931b62aa93a7166cb5c54f0fddf6580f63eac2290b2b1e12444909546511d681abd461d2268151fc84065f73786715db74c7c9f6039ec523d5051e3cb6f13bc253445597b56deff082b08b0666914b3142da0e9dd10e44006473a63bb9a8ef71e2e8e78612b93d5514c0448dd4be76eea26a4372b5cb6b08970b6f748599dd2234dce4293a8351940e11435e48e78eaf420fa9369858705b62698baf6a744e7f1e40314dafe92c17147777559bde27167168d342d6d369c5d066a056c16a67ab1beec5ec02e9b34a433a301d66babd16cc4b96f1406494c6a3241ee8858bd9c1f20fb888efac9a6bcfd3c6fa95d85e85da5dbabb11acab67b6607a887360f153521d2df038018d41251ca8e72ab345148e02def9e4a079d4db8567a74adda89ee4fadd3c5a754b6a5fd905813c03eb7d2b7430051935b31d1afdac5a1843855d435644354b979a09f65ebac94b389c33ec5e575645634f1a2bb4b0d5e68c2ec9012144a8caff2fc8b9efa73b57e15fef094294bbfc5b909abf2439c7ad607234d043a319abb860274030dc24539e0050985e86150ec49f5e782cd096ba9a986ac13710841b3bbb3c12c4a77a14502be8fd0f5ff241729edef440fff5303cc768e8f36e5fe8e7bc63ddc262bea20fa8f60f6d261b449f185543ccad6dabe0c288f4486e4b7cae5085172b6120adf5ab1770c40134bd6bf86b8da21a961bdbc2647ab139bb44a2f44e6269921d560dd23f98ced982fdbc1a3845f2be70322df871512499cec1c0f0a801b2bb212f638cf0fc490f8e13e82e44dd0b66ff3c6d2a976404b138e8b1198db0fcba65be7d419b62ed37d7f8bae9e28079be4bf163ae304f4f09eafe5bcf05e07bc48dcc3e9b92b4c34a4fd3e9127311c2440c4d2d620ac46b15bb3c4e5714a01e97b22fc23ce7fb9a3aa7b870dc352d5e6c93158f605494edf63b83feb4210f0333362805cbdb45d0d5e1935f3b20b0b8ff612204c20dd1e49672ab7ec8b39f38cdd4b4a62a69d32b65242b54ef536e4c37e7578031dcd2f397609f96342767872af5543a8f04979d7f06a3ec0ab3eea2dbcb95fb74ca58a112b11de9830ce204f7b57442f133cc4ef30f8ead67c4b503c05488bdb9ee2e5ebadc6bb0075e72750f242af044c5bce815d932568794cc209a40ad08257e00b5d1ff3bae54fe18a405fcd89bf204f41fbfc3e59319cfed2a842dc6b0d194b88fde6fd986fb0efe2860e8fe36783c322d48ee8a7830ab8a47220e6a75dd7f8c9200a5c51f53714d1644810f38ab8d7ef5702ff1ef6c72124d78aff5b5207f3e40d0863e537ad293e828b7cbb2c34db3ec443b9fd218e0d6bfd919c257ceccfc89789fe1c228f51058f4564281f4cb50669f93ce3b1887d8d8007a3526dbfbad764511dd8b7c2f834b718b8657d1ca3b5909a5253ff4ac53371de48feda4513ba7229b415f291c77961cf01cc1e471d9b7935323bcc8774de2fa28f23babd9273baedcf74b11458717c1626330b3c85c547aff7c83064a2a1fe3bb05ec78380e2a33918882db9ebf2d4047355820954302ea8e6b3319e1a1323a21d79aff6db62eda0465d9e27c398048da3b99ef6a629111db2cf3be4001bd999316f6a8ca60ccfc09ae7b20315d46695172f765dac99c20138df463317db41680ee39cf0f92302e59e00b7c1c6eccb2372d3750826c7518c8402835fb4b5133191b79e2129cbcd643976ed7f85b9a4da6585de9828f47d94c88f43639b854644184a58cb8376621dce12550b9a56f8b2f3d710ed795e81dfd82b9c1aa8df0de861ae7ab66b831948ca3da6103b0876e46ea5ac8e9221189b5fb7d80d9d576f83ff4decfb556702a3fd2eb7067b01ab6aecf1ca57e058d5fda30e69e8092beff18e3950d85bcf3b41a95b0aa6ed1551438f595f010d58d30d77e9235ca419bf9d643aa22783755b30878ee40fbe698e8af63c8ceccbba93d69b2cd9e977ff9d4d098f4871dc91d6e7c8c335230b610e2c3835bbc64b276a52e5f350fed51f886165a977665909b9b5cc2e2f27bd683b0ee1be03ec42e52f313edfada6a46f3fa79e7ffcb08124ae4f14e3c373324ac3a315094b51540e5aa61bbc71a62407ea9b81b35dd75148fec9e6bdc65834ffdd5737a2f330aaea89513cc4e9863061e1f81e45ef14d17666e5c50fc8c5492b6a8a939dd345e52fd6c345fbcba37c38aa0309db927c4739bb06b7723739031c9cd3bc0e9aa1f1bf604f87bea724840b095ebd5ab1752f44a9e3d66ad1622cb0349856fb45f48dfc698d9598a5dfea5ef3aa42599e72cb8f7287236a7aead615e8b1597271cfc30cba9d6c441668ddde1c1daea0fa2f5076a8634b4c41225af405c38014bbde371431dea00937d7d509acbe7b0fb93ca8fe5082db13bd4cf1b9240bc6e7a2db9687a2a068fdbc494ae11a488881b4df4f2095659edd07614ea8ece3512d7692e9a242611e40c7d38f0bd3f5128f85e16e13cee59dcdcf977a8a9d01baf8110a71135a37a92cf0ee337657dc3ac493fc53bdc02751e486a062fb8564db834e15dc2302eaf8485f8d8a6c6cfc4231cf0d11b294004a237b416d21030f98e873cb60b4ce7395fad5c2be4960b52e04da2e1853dd2e61ecba318b8cbe0d35de483ad3b114820f62757a313a98a646c1b1a187a73533cb3bb8e0e85143525ffee83093d41ad23efb7818323599d7ff366dc726d5a0a7bc235a816a8949091f7908da7826744b61b5244a4e4ae583fcd0ed179d6265db39aaa014fd365d2c17ca10c6958bfbd86c0e605156a1468836791f3640f1b82a2f5d0d6ab2d96c0085157e7099e307209268b68f50dbf5f662a9af5324b08a1b244373d3449d281c2ace55c108c876a4e8fecc94a702fbf2ab326e7a042ad91655c854be466e85499a4eb0d6d172ef0ef70f8b3b0fa2a323e4c843df4a8a7217decbbb91c84e1f71f58d93130b6c58afbcbbd99f5947cc94c2e6cfc5146f7ea5316c531ac28ba0985821458508a1a509e34b62ea936d84dc4314e319b14a96e981d837cea5abb53c342a17a6c15e7a8b2f86ef252982645d3de26b3f6a4eead24466247b34df1945e699e86f86871538565357ee9c73d7f653d0fe382f221a4aa6431750fa82e34c8f32d57b03f6f00b73ef8a9a73f0d09f75b64cec4618031f42e6e936673f52900ab838e2330b8f247e45c5eb48cee70aa17f34cef74246426cd38b1173669f760b2e77d677668f3a145c1b48ece15ba31be3fafecf694b51b8a63bbe4ddb0ec2ea5e0e04f1a6cb421412019f9f50b71ddb5f2df00766e88debfe60d9d3fc85f4415b5b2d718cfb8068a69f4aad9c4322018b6ef136da51e67d7c434429e659779cd3e130e87ea727c2324a96912a67eb6cfc1d9932d8c906ee79ebd5e628c2505f913abf4cb4258f21e155b22b0297f76e03273959555eb4be9ad84c563c91fd35a1bddbe428c280dd2a38e2c49594475ab0b7f0c353a577251094d36b4a710dd4ac0bd1e933a419bd2bbd588b93292a0e40e46d22492abb372cc062ebb753308e6de6d0c060ea421abaff2b7c010751d6788f6fb7e3a34b57d8c7306491c80683ba49bcf56b8db807911dd95c68fa9c56f8360548dd41c8e4c461187f3a0d637d3caa907abb31b75028f7925f8463454c09845ef6a9d0faaf218cc4690b513c2349dfb7d30e877ae6a27dc1a5d9e2e8ade0ae8fee0ba81fd3dc79e3d7d5b86de0575c77b9bd7f4ae54a10fa5725e904b9fb4df56bc1850ce026e080f52664023a1dc2ef1c21e7b00679a4eb78894ca718a3607549cecc045aed731e004a849d84f11632a5b2051b60883a219422c154e40576c23b62de03ed2034fb7e653dec689035b0a2785d98b2880b3840e026c422b7b5bd1c802d25f1e4ea62f440cf6d5425e7b5bb9cc45a321651f9f550048112f99d512fab333eb84f26240a9556fdebbed805e6cd2c09aeafb753b43c882bd771e268df0fb633fb1ef2185c3fa579cf3c734a0c48d8b5a86f5ee5095fd98319ba18f0b88dda749e396f6ed1a2247dfd74ebc75a85de5f30650cc583501602bb5808c6fa1950f45e71b3f128455fee1715c725e67d45bc7bef2556d52378c451eb561bd1050f37e110f85ec555f8d352b7f03fac2703a91ef1b68fd1bc343f51581dda55f4afd3be774388d7fe8d9e0273c0e1f2354f34aafa3810ba436c8618f3e25d0cf7a88297b3cc5417edaa5e38d5466f30e28aa03627b6d615d650aad8763968996b7f3c029e6de151133076555d76f271320f4f1747a715659c382d608b5f411b1a4172e51a62b826874d4a32d0c58179f23c0068f121eac99edcb1ae93bf9b599c34411a338312ae254a6cc7d343cbac8329636fb8777dab8569b3caa399959337041fe278d24a9c6c8067f1009ad951a2dff52f9d64db7fe8f40ae67cd493ab0dd1263807a561575b5699bd05150e3287c158857c4b105a12e1a6e64d2b100338362a80dd079490e296f6010c7bd0d712cc5f60e8a357e338ab34dce716f6e97d21a2ca9bb62f8b32e85779311fe0d8ed7f86763c38f952cae73b7eb103beed9a55130124de0fe662b15ced756bac0a8c428dcca8ae238a00f2544976caa220c5ef7ac726b8bbfc89d88ab8ab55459a712b85b5b789d67aadca5929c5d2b0b14d466a3c8a65b75fea29cd2e86cdf4f31035b1fb2f3bf6dae7ec214fb99300f457f629309dec905ff78b3541d4545213b724f6d9256bc402c4f97d148d90504bc9b91b484a1b6bbe6af2cdd9b2695532578136363462c79a90fda3518e51ba8484d1984445b16f60d6d6efc9be82cb60d7077fd5ef6b59adef873e0baf7df41de8cbcc777784a7500f9ca0e369972758dbedde99dfb210f46a65a0a019fd346eb1875a98c057750a17a698a9b8ae618cb7dc5217c761498fa14593bf81f81a0a29d1ce082a3d514ea2a8fe4145d6fa2c3356c102268ba3336f37133843814cb119c4339eb507737972d4450c49b666c9246f0e7c8da69a6820c939e2c685bb3a3a44ea0cf94061d5083bccdceaa7c4f60071e15464ab200acc7042b110e3cafc9b92cd65c78353e4754614f68618d3e38ef82c40f7640276a09263ab7b3cedcd92f337953716cce7434b5eda8b7001925b18c062ff5f80f7f698535938f3747f83da765098ec995ed7db2074171fdbacb0953a8966308b0e4d8875738959ec57a51821a35902198ee84c5f114f6b1a77374c2b74eef5303cc9b357547d0f2a5e5cfbc0576c1a5e7d74c266a13ae34ed73ea6a6e80dabd75e0e228d158e5c597f5dee0459bd38b8a4d63af298c4902a91cb82673a434a877420599f4b6c65da22525dd7ae19cb1c85ca55381fb414585f7d69252c420"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r8, @cgroup_sock, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r10 = socket(0x1d, 0x2, 0x7)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r10, 0x84, 0x7b, 0x0, 0x0)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001900)=@newtaction={0x78, 0x30, 0xb, 0x0, 0x0, {}, [{0x64, 0x1, [@m_gact={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}, @m_pedit={0x30, 0x2, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x78}}, 0x4000)
write$cgroup_subtree(r7, &(0x7f00000004c0)=ANY=[@ANYBLOB="33fe0000660091"], 0xfe33)

3.660572755s ago: executing program 4 (id=4902):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x11, 0x3, &(0x7f0000000380)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x6, 0xba, &(0x7f0000000140)=""/186, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee4, 0x1, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000280))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
connect$llc(0xffffffffffffffff, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x8, 0x0, 0x4, @multicast}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000001380), 0x3fffffffffffeed, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000380)={0x0, &(0x7f0000000100)})
io_uring_enter(r4, 0x4e14, 0x913a, 0x41, 0x0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_CTHELPER_NEW(r6, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000540)={0x70, 0x0, 0x9, 0x305, 0x0, 0x0, {}, [@NFCTH_NAME={0x9, 0x1, 'syz1\x00'}, @NFCTH_POLICY={0xc, 0x4, 0x0, 0x1, {0x4}}, @NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @remote}}}]}, @NFCTH_PRIV_DATA_LEN={0x8}]}, 0x70}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r7=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r7, @ANYBLOB="00000000000000001c001a800800028008000200080000003e12"], 0x44}}, 0x0)
socket(0x10, 0x3, 0x0)

3.61260803s ago: executing program 1 (id=4903):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})

3.502536001s ago: executing program 1 (id=4904):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = signalfd(0xffffffffffffffff, &(0x7f00000003c0), 0x8)
close(r1)
readv(r1, &(0x7f0000000080)=[{&(0x7f0000000280)=""/242, 0xf2}], 0x1)
ioctl$SNDCTL_DSP_GETOSPACE(r1, 0x8010500c, &(0x7f0000000000))
r2 = syz_io_uring_setup(0x83b, &(0x7f0000000140)={0x0, 0x11e, 0x0, 0x1, 0x315}, &(0x7f0000000500)=<r3=>0x0, &(0x7f0000000400)=<r4=>0x0)
r5 = socket(0x1d, 0x2, 0x6)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000540)=@IORING_OP_ACCEPT={0xd, 0x40, 0x4, r5, 0x0, 0x0, 0x0, 0x80800})
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000080)='.\x00', &(0x7f0000000000), 0x4, &(0x7f0000000140)={'trans=virtio,', {[{@directio}]}})
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x44004000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000006c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWTABLE={0x184, 0x0, 0xa, 0x3, 0x0, 0x0, {0xa, 0x0, 0x8}, [@NFTA_TABLE_USERDATA={0x103, 0x6, "f211a7aaefb0088178b7d7dd782c46ab121b24ad27d53054ffe955703373e72b812cc239a5f290bd174988bafed5e8c9dbb7b43fc8bf9b1344d5346c3e223c5f10c9f4ece896ea3d9d87292d4a74e1ee0ac714289321ddecc40adcdf45ef6eeb3cb21b7c6fb977fcf2fe3336b08751de040b19ccf086f222a6d3e384b417a6d1b2b975390ff840efc86d358c4245aa6f85f174bf2d67ffc271efb84d595848e789a923823494267768d8e7014d930ccb125cbed53634e0a012f7749f6b5d9e559ff1aa458d5d8d9d45ea67f0a4026616304b843c0853c25339f50078fcbd543bd17b068c2a3f2cbbc2d9d1e1c2ad23a78c986fd70c14d4c9fc437d43c2a7df"}, @NFTA_TABLE_USERDATA={0x69, 0x6, "11d2b0ff1d2188f75887dca7937a2153439cb4c882de62ac3ab9010399805f8d77d49d0f5da658a798d2f7c937e4b5f6f306463a865d71d8d8d92ffbe05155a3cadd8857e0324de9f59d8f7d96e2f0b47402f1c3687c3ebc32fe18c4d0b6bd2732cd7194ce"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x1ac}, 0x1, 0x0, 0x0, 0x4000850}, 0x779d4ccf0b5668f5)

2.859216922s ago: executing program 1 (id=4905):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$sndseq(0xffffff9c, 0x0, 0x400)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x100, &(0x7f0000000280)=0xfffffffc, 0x0, 0x4)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
fcntl$lock(r5, 0x25, &(0x7f0000000000)={0x1})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r6, 0x7, &(0x7f00000003c0)={0x1, 0x0, 0xc})
close_range(r4, 0xffffffffffffffff, 0x0)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRESOCT=r2, @ANYRES32, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

1.840681749s ago: executing program 4 (id=4906):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$sndseq(0xffffff9c, 0x0, 0x400)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, 0x0)
chdir(&(0x7f0000000100)='./file0\x00')
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
fcntl$lock(r5, 0x25, &(0x7f0000000000)={0x1})
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r6, 0x7, &(0x7f00000003c0)={0x1, 0x0, 0xc})
close_range(r4, 0xffffffffffffffff, 0x0)
sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRESOCT=r2, @ANYRES32, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)

1.636507039s ago: executing program 0 (id=4907):
r0 = creat(&(0x7f0000000200)='./file1\x00', 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)={0x20052f9, 0xfffffff8, 0x100802, 0x2, 0x8})

1.13638347s ago: executing program 0 (id=4908):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=@can_delroute={0x1c, 0x19, 0x1, 0x70bd2d, 0x25dfdbfc, {0x1d, 0x1, 0x6}, [@CGW_CS_XOR={0x8, 0x5, {0x5, 0x6, 0xfb, 0xfc}}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2404c080}, 0x24008080)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @remote}, 0x6}, 0x1c)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x12, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe49, 0x11e41e7a, 0x20000000, 0xfffffffd, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x8, 0x0, 0x2}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x0, 0x80, 0x0, 0x4000}, &(0x7f0000000340), 0x0)
r5 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
r6 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = fsmount(r6, 0x0, 0x0)
fchdir(r7)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x40, 0x0)
r8 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0)
writev(r8, &(0x7f0000000280)=[{&(0x7f00000049c0)="a1", 0x1001}], 0x1)
ioctl$BLKTRACESETUP(r5, 0xc0481273, &(0x7f00000000c0)={'\x00', 0x8, 0x9e7a, 0xc, 0x1, 0x59c})
ioctl$SG_BLKTRACETEARDOWN(r5, 0x1276, 0x20000000)

1.066824641s ago: executing program 1 (id=4909):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
socket$rds(0x15, 0x5, 0x0)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$IOMMU_IOAS_IOVA_RANGES(0xffffffffffffffff, 0x3b84, &(0x7f0000000000)={0x20, 0x0, 0x0, 0x0, &(0x7f00000022c0)})
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x85, &(0x7f0000000000)={0x0, @in={{0x2, 0x4e20, @empty}}, 0x27c0}, 0x90)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r3 = open(&(0x7f0000000580)='./bus\x00', 0x80242, 0x100)
write$FUSE_CREATE_OPEN(r3, 0x0, 0x0)
sendfile(r3, r3, &(0x7f0000000080), 0x7f03)
r4 = open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113)
r5 = socket$kcm(0x10, 0x400000002, 0x0)
recvmsg(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)=[{0x0}, {0x0}], 0x2}, 0x120)
r6 = open(&(0x7f0000000040)='./bus\x00', 0x4e142, 0x0)
pwritev2(r6, &(0x7f0000000680)=[{&(0x7f0000000200)="05", 0x6a000}], 0x1, 0x6000000, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x37fffee, 0x4002011, r4, 0x40000000)

95.775234ms ago: executing program 2 (id=4910):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4000000024583, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
madvise(&(0x7f0000258000/0x1000)=nil, 0x1000, 0xa)
socket$nl_route(0x10, 0x3, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002a40)=@newtaction={0x112c, 0x30, 0x1, 0x0, 0x200000, {}, [{0x1118, 0x1, [@m_ctinfo={0x10cc, 0x7, 0x0, 0x0, {{0xb}, {0x54, 0x2, 0x0, 0x1, [@TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x6}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x2}, @TCA_CTINFO_ZONE={0x6, 0x4, 0xfff}, @TCA_CTINFO_PARMS_DSCP_STATEMASK={0x8, 0x6, 0x15}, @TCA_CTINFO_PARMS_DSCP_MASK={0x8, 0x5, 0x3}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x2}, @TCA_CTINFO_ZONE={0x6, 0x4, 0x5}, @TCA_CTINFO_ACT={0x18, 0x3, {0x2, 0x3, 0x8, 0x1, 0x575e}}]}, {0x1050, 0x6, "644bf490dc3fda56330ca20fa53cd633134cfab6a28b1d9412e1d844fff9f07160151e9b54165cb3accb12ed3ba26b8f0b41c20361f9c0390b6b55908cdbfe8ba78bb7d8508730ccd2281851deab509a95a84071e3b446e7394dcaace0d629d663a44e6aa65c6f7084995d08d728dfccfdd7e82c288b318a3ec60b9f5c847daf0876b7293faa2129f3bd1e46cf959b988778a37ccf674d3d8bf91bf277744fa1635ea30c97d36e26e8a34cae96a45c9831bc695cbe9c5fe03b210469b7e32a4bdcb248b0716757fe65a06bf244aca431b65186c25ce8eba48ee58d166688df4915a4158a35b83d07dc8d17145eb6c9643631458718d14ee1f5c5b47a3994f3c8af949312e8c2a5b68d2ec829280bdfaf23bdf30cbe2ae3ddbba3456ae1590da4a44ea0938b7b0230b2b926b6022213ff919740c4088f0d127761250888b08a54984ada3b3b341589dcb9f84537aa0979b56b333f68aeb4fa43065d41ff876106e6a32de4c42947ec673aecf7fbca267cbb725682dd50e7712ec88bc51ad3ca6c3dc00ed0562cb2f53ce27aa5b2728c51f181d6747dbcdc59020d10793817c1d642f4971465894541c4f449b038db568636c13f129263c0c15dbd0686ff81023ecce71420989e61868f09720215a5c68a54c4f84427b2e699b2a92a203a53ad4535e695be664aa9cb5fd9dbbd5c8231b0738e315a69fbae7f49d97270036d4346997c8898a3118b9e28aafd7cc198739d74369b2e3d34605013a17ad197097b39d9d1c8f45908a6da596030772207c66a29df09c5d22efd30082728e4ea8321552bbedc33e387a8eebd8206d1bb0b8e7810a9b36a774c3cf4011bf0dea026416dc5a9fc0f7e4304e807e516037dd6bb7452e159cf6fe2bd59ce407eecf0ec3b8691d90daa983904943d41b5c6688663d6adffc370c91766bd6192720680b0fe33dca95a26fcae88af821a5fee2489b1577e82657ac8ac717e8e8ea1298761b2ba2b842be56e02d4455abbc5deafdf4dff16b4143dacc9299f4d9aa8ce869255cf000bed38ef48dcda56d0eff9b5d6eb35bed9636425b48735c47bcb5331ac23950e179ac92dd7229623958708145f06750303d8473403f2c6c02d14b55fece45050bde70c959533c5f17e93bf7d3c3a328a5f9324dd44ac35bfe77796ff0151dc0f3e6a3f7e0f36d9be203b869bb4e758867146f50531699db471fd4065afd33d0ca3bc9b2c1c02ca22c94419ea7fd6652bb8b5ba3a6121c08b4c50f75c8b7b60c3f374e54b72136f13f5f6800e04eccc1ed19e153aa64c7bf563493d77f3dafb20873affa4dfa043765ad7a9b1892ab49f0fe8c3d5b1a8ccb6df5b5f76869098faac662aa31099d8b87a869cf3addd6d2c810608365673020de681dfb17a4b8bc024846b695ebf6582c73f5a4113e44650d7806bf4cba2dee7664a281077ac2d2955eec8ee6af54c2a0d2c032e883359564e292d2cee9980532a1c8789179ed25d172371e6968981cf3230295b2576391448010ebf7c2ee56e1b9fce122b827019201efa6f870f0c0e9ba4d31831b2c56a4098d33b2c8f7fb230903ef3defa80d40f09ea0690d09248b1edbfd9d94c4874a8d1fad08c6c156c9d9adc2366b8af36f3ad0fc3e03b7b20bbc373ff23f6a440ccb8461448a31b973bdae003305918670405819de29509fdfc340549056beba5d4f1b24be1d3a15e673878d0f3f7ef5d9b1f6706d999afb2cce2d9881e77f279547bd60d616a6719366777892f346e463a2c9f423aebb143c3ade9661450f98a84954e82cf1b20f7f4cebf0b3f46c0f0aafd7d197d7a24f846546eb2c1ce2bb08fcfb6745fe983dacb37b364e0425ede8233982f0033f43b1908cc66d717b4877154d03a0f35d61b7801b7bcb0f577440281f1579b5684b65e1454a4fd60404a7c8543aef6bcd487d9eed5803cc6c1dc0509c6ab5dc3b3153a39a59ef953fd84ad573eedf95790bf5c664cabbe299d055cb5678f04525e94005c17185d98430fca188a546f16fb629752c37551ff05e3aa0c37564a21613cd2c27595ea88e089d1f00bb30680497bfb3d9ab41d43788e62701ece4dacf66aa38122f7a65822a8135559c8289925fb02c43f65b192bed6ed3ac64920d07d5d0fb6757b75fc5240e55066468fb5e0148d0124dc40107180c4833a2d2212917acf9d7f4935f4e6d0d86ed32ec249310454a5caf54259c8d717ba72c60e38a2fe61682a60424d6ee0e48a69eea30341dbbdf9ba46b162d7d90cdcbe2efa75b79d5bd242caa0f6464ec56e75bcf97a3dea008724cb512b8a95384574aea343e6e2b3dd1d5db3951d0f063236b445de17dd32c1c3bd3dccb015a81e3dd4767a26c3ef86c17221f73ee6076b74e3bdeac17933ce6e439aceb2642dc58711647c2496066b6bf4271669467c7e4763e6cad492cd10b6538f6b5df093bbf79b8398c8fb69ba17730165b720605c40ab3b631893057fa488b0568f165623193904a3bae0bf75c3625b56d28b8f344e0eec3c68b937f0baa6d58d884d4666ed49db99b3dd48924a2a482cb6457277cf1b01c371f9b3486e7240245282f03f74acc771fbfde62edbfcf025d31d53edc7d4307551d866d8f15a95b194a90c84cda3d954460588a65fcf97aaed5c6e5b5e8e4a1a6dac6b1bdd821161e7f14c4288f3371e72843f6f39e5997ddb1964eebad498271db21a6642fea012739f429e6136e83a1a30e5fe279bd5f253226a78594d0a4d969fc4a7427268993b4067f8c2103a41a01f8d88736ca3da182fea71747ece3904fe85dceba7bbe8f36f4f4229a42799e00ecb73afb0a78def0b47d1a8f0f214582562b665d59c9e6b13d5c8eb45fd99f818ef1d970121f465592ee1778850ff05513383eb156161397d97c68b982f4e783a7bac85a42fb517593d5119f4ca2514ae1be347676ec0bb18b591451dc8f72e147ad63f14cb63cd65d849089d46ed6dfec126948d8faefcc1571a37e7a5aed2618fdc546657e7f279f973cb5c59ba68d406ad839fe0082bb2dfa88980a1dc953d4aeb641376f731bf5f1f704a3c6822c72a09647c3f6255f2d3d7b5c80d3a267f1a44c7844c0ff3582aab8d04392a15d729a044d9feadcb60fe28a653c3c2ebf1710671e269aee701afdcb5bc8a772ca1a7b154c4972d6f50745f1f18c1b51bb7dca23a9f3dd8f8faa185f76f833e7712cf8e30ec7c58a3972985a61f6a19d70000000000000000727e4aaba92fbe132be75e6031cfd358921fb6f3db0574950cbc9e77122ccba7b5fbde2a716304e0464b3200150f8ca6aa1534ed9d8c92207e68325649cd25e11b75f63c8180e18a33931e5ff06b5a792389f1830c4000cd2c748588f0e361398bf5a62823230d680a52498229f4df3539e0e7bda6f50c98b16751d8cccc964d9e29aec48a4412d54885b85ea538c87922ffd4cc38bb386609f6050655a11280a8e09babe63e5f138c570b9f5c36e1b8ffddf74f6759802f9e7e896fdc84eb093abb5db7f16e316e570d4f898243509f344337d0eddafdfc6b11e097ed417347d43f2f33b83fdf67351e1ea0dab2b0773a9803bce0a99d6f5d10f72905ded07a0d1082d3b16d00b89befed969120081bec6b415be5ead0dea0b35aca030ce80243049334c11409731ae9a84533fb1f3bf7f82583510b4312acb9fae2a8a3ff97ed7cbe25e0b1e4b78334ce07f3e83839b7e3613b3a1b79fa7a502a2080e4d0b4a804007ad30c465101b05f9bea511dded052813e58719c47e4b6d8eeb1df0b38738afadb87cc0abab394afb8468d87af03306fcb8d8172274f1fc5cd2908052e516b087112252936282f8a9395039dd4d8c21782519411c1a368ab72f644285bb273a854a822c155364c01294fe4b09de8e344de59cd036eb8427263ff7a7510fe53b4810c56fcc52674765cd75096661bacf5f841f2665e827ae6a3edeaa509a2e62608f60bbf7499fd55d027b2aa307936b7d6967358f22aa260cfff3f0809cbc821fde65d16718552071f62317c3877a224abf57730c14fbd2347820bf319dd7cf09406908255e23aeae75f004696c17322de8ffa892c62a75d55d4ce6dabb8018f0a6af92ea4e1d8b15cef543c63d35ef7db7f48a2530e9f2772c7b6f9d3daaf7cf2a25c52e29316b7eefd3e85b64ea87898681aed8823e6ebf8866c6ea324f96df04c6e0ba6ba6e7eb538838229b742ee14b213f356abaeb87b77f73d29c97eeb3ba55efd1b13edebd567d579613b9a314f49b4ba73bd8724cef5e6324ec697a7ce226ca24cf471a1179bc8f3970fd220ec3d45bc06bb2c7bcbfee9d03f46b658db37a006f3b58d1a43d9cea2a5e799368e61773b5df2226c325513bbe4ebd6eda844c7e2af007a2be3134fdf3c4d02990ed7e35a818366e9f561d5795078a7d5dcebd4df66e06e5efef933832eb2e039d13ea3ffdf66d964f0c52f7b53a64446d34b90b3241c503eef76dcea5917fa5d75f53ad7cf583ca3b568d7577f676693b9f089bbbd3cb6e45b6de6f1f0ccff32cefee56ffe9b8df85f91fdd673320ccd584a4dd170bcf1eddee1bea625868535a70cc56886f7e58eff9908372a2db7bcc121f865f4060a49a2cc94d60d7b4abd44ad41a5e1d2ecdb9cb4720eecec3676b91c546f6e086c406b5b7c95367f3563354f9593f26bba3eca1fa0f6450317433212677be53546bf11cf9cbda9025e38a9704861a95b610011870229551890eddeb023cc71a9f44bbc1605b0a4c730b4477548369bf272dd2a5d8960de900184a564d4a880f6f9c3c046f83b95fd6d9f16ce513361e1c6124be99e3d2515d9e92fddfd1899ddbcaa8ca36f60f5895d1adc47a383ddc77c203d2e7ee5b52238f743d20cac5d21605c06e7e410cf228b128830214a0b7a60fe67666100ce6dbd94395e803b513986745760d79397e654ea5c52d37a34181a46c2ad4e695f2716909fa03b6a4a5ea8427e53d66c0b8925933c0ac34b73932e7c1058c668b0bdf73d5fa0ff2438f78adad9da39295d9464cedfd309dc9355f365c6d7c91fba30ec26afa35b3b4e60ea6f764ea1c9ae88f12cf64606bd2793edc236080cc58727ed9ade076d647596473667e7016465ef4adf37936b9789f8cec240a24954773c6ffed7b317942b0c938979f351206fb0b0eec2ea21da64ac72c4c2aa1738824b5549d6b7d445e9effc0aeb1a8b4324bf4b674aa6185b0abb4aeeff9f5f544ccc77055fa42a528358f260338d0ebb33b8bb47cf272c8e30c30a56bddb60358876f867fd5d0f872b7ad95ff79aea8fb2afa68ed2dc5e60a22a9e763a87dc2b3adb2d2836ed05f896845609bd9e97a78159848b85da780ac386025dab55ab56d4711cde84c5c580882a7889eaf649b634b0efc53b450ffebfc6f0e96cd6b0ad5b6a62bd192ca57a998443d246847eefa64065930600000000000000097f86ccf76645b34deeabfac332dc908fcbde1a40d2e4314720ad4f376171e3ebdaf6ee509c6503fc8b03da9ff539391ebd387fd3ac9fa44e6c460900e50100a919e9962387f4e30029660610ab6c83935e68c03ae184feba1f187ea14aef0d92ee44e15cb4ad2a176e738a05fe0606050550031b7c81bf7aa7dbc644f5361dbdbcedec4c343c60aca3d0ad852987cb9cb617f532f6150f364f917169f28c254896d810a48c98d66bd0f4f73d5ed52a19aae7d1b598f60a70d971e3bf13a494383b844dc9b951c85e9287d52c23e308458f667a785f83a50ea510d1fbe828e0ef4bf71824f1442824bc806137453b484a446a489411e7dcf3afbfd34f47aaa7956aea54c1ac4be3971e15b4ea2907e68d99fe6da38ca024f0e7277b630628848d14e88157f49352aad0a694e4bd8205fc82d3c147a94e59c73f8a7b5872923c06"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x112c}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000440)={{{@in=@multicast2, @in=@remote}}, {{@in=@local}, 0x0, @in=@initdev}}, &(0x7f0000000400)=0xe4)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
shutdown(0xffffffffffffffff, 0x1)
r6 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
gettid()
syz_emit_ethernet(0xe, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
tkill(r3, 0xb)
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000041}, 0x55fdb4595c3d8036)
ioctl$TIOCL_SETSEL(r2, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0x101, 0x200}})

82.924627ms ago: executing program 0 (id=4911):
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
epoll_create1(0xa1b80e0ec192df95)
syz_open_dev$tty20(0xc, 0x4, 0x1)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x4db75f67208c7ddc, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f0000000280)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x102, 0x0)
r0 = socket$inet(0x2, 0x4, 0x6)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @broadcast}, 0x10)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = openat$audio(0xffffff9c, &(0x7f0000000000), 0x0, 0x0)
unshare(0x400)
fstat64(r2, &(0x7f0000000040))
r3 = dup(r1)
write$UHID_INPUT(r3, &(0x7f0000002080)={0xf, {"a2e3ad21ed0d09f91b3d090987f70e06d038e7ff7fc6e5539b0d650e8b089b3f36006e090890e0878f0e1ac6e7049b3341959b669a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07480936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae279cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810edf08fedc3dbd184e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c59189d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006)
preadv(0xffffffffffffffff, &(0x7f0000001b00)=[{0x0}], 0x1, 0x2, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
r4 = gettid()
r5 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x40e02, 0x0)
write$rfkill(r5, &(0x7f0000000300)={0xf2, 0x2, 0x3, 0x1, 0x1}, 0x8)
write$rfkill(r5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x4, &(0x7f0000000340)=ANY=[@ANYBLOB="18000000aa000000000000000000000063014000000000009500000000000000b5d789a0561d7d044c74eaebcfb6e040cb36f7c723736e20657010701310e25c6053d00840280b7fdb4cdf39ff32a25c47b6dd0537c49353ad8e041cc5748bbddf11ec7b9a9aa530abd1e9f75a94ed51f6b50ced3fab4328af0f156102013cea2093d680f5007ffd6f4d8994a2dbfa84949a15aa1d301b23229fd880f95a55a0ffb6e6d8debbaa064bc092944ffda1"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)=<r6=>0x0)
timer_settime(r6, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
mkdir(&(0x7f0000000100)='\x00', 0x4)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, 0x0, 0x4008081)

48.717599ms ago: executing program 4 (id=4912):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100))
r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r2, 0x0)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})

0s ago: executing program 4 (id=4913):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x70bd29, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x0, 0x1}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
socket$netlink(0x10, 0x3, 0x15)
r3 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000140), 0x62981)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r3, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x800000, 0x0, 'queue1\x00', 0x2})
writev(r3, &(0x7f0000000580)=[{&(0x7f0000000000)="238292", 0xfff6}], 0x2)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r4, 0x0, 0x29, &(0x7f0000001e00)=""/218, &(0x7f0000001f00)=0xda)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94)
r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r5, 0x8008330e, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
unshare(0x400)
syz_80211_inject_frame(0x0, &(0x7f00000003c0)=ANY=[], 0x2e)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000400)={&(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8, 0x80000})
socket(0x29, 0x2, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00')
preadv(r6, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/168, 0xa8}], 0x1, 0x2004, 0x80)

kernel console output (not intermixed with test programs):

4518" name="/newroot/482/bus/bus" dev="overlay" ino=2567 res=1 errno=0
[  897.740229][   T40] audit: type=1804 audit(2000000557.589:766): pid=24096 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.4518" name="/newroot/482/bus/bus" dev="overlay" ino=2567 res=1 errno=0
[  898.049545][T24098] input: syz1 as /devices/virtual/input/input98
[  898.145121][T24100] netlink: 1004 bytes leftover after parsing attributes in process `syz.1.4520'.
[  898.722390][   T40] audit: type=1804 audit(2000000558.569:767): pid=24113 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.4524" name="/newroot/483/bus/bus" dev="overlay" ino=2581 res=1 errno=0
[  898.731522][   T40] audit: type=1804 audit(2000000558.579:768): pid=24113 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.4524" name="/newroot/483/bus/bus" dev="overlay" ino=2581 res=1 errno=0
[  898.795677][T24107] xfrm0: entered promiscuous mode
[  898.797888][T24107] xfrm0: entered allmulticast mode
[  899.341590][   T40] audit: type=1326 audit(2000000559.189:769): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24116 comm="syz.2.4527" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf709ef6c code=0x0
[  899.514102][T24123] netlink: 'syz.2.4527': attribute type 2 has an invalid length.
[  899.516640][T24123] netlink: 'syz.2.4527': attribute type 1 has an invalid length.
[  899.519179][T24123] netlink: 'syz.2.4527': attribute type 1 has an invalid length.
[  899.581533][T24127] netlink: 1004 bytes leftover after parsing attributes in process `syz.4.4529'.
[  899.602376][T24125] ref_ctr_offset mismatch. inode: 0xb0d offset: 0x0 ref_ctr_offset(old): 0x0 ref_ctr_offset(new): 0x300000018
[  900.147754][T24137] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  900.149856][T24137] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  900.152468][T24137] vhci_hcd vhci_hcd.0: Device attached
[  900.229145][T24138] vhci_hcd: connection closed
[  900.289215][   T46] vhci_hcd vhci_hcd.1: stop threads
[  900.293785][   T46] vhci_hcd vhci_hcd.1: release socket
[  900.296214][   T46] vhci_hcd vhci_hcd.1: disconnect device
[  900.628003][T24150] binder: BINDER_SET_CONTEXT_MGR already set
[  900.630493][T24150] binder: 24149:24150 ioctl 4018620d 80000100 returned -16
[  900.642352][T24150] binder: BINDER_SET_CONTEXT_MGR already set
[  900.645857][T24150] binder: 24149:24150 ioctl 4018620d 80004a80 returned -16
[  900.819375][   T40] audit: type=1804 audit(2000000560.669:770): pid=24156 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.4536" name="/newroot/485/bus/bus" dev="overlay" ino=2600 res=1 errno=0
[  900.912255][   T40] audit: type=1804 audit(2000000560.759:771): pid=24158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.4536" name="/newroot/485/bus/bus" dev="overlay" ino=2600 res=1 errno=0
[  900.983034][T24160] isofs_fill_super: bread failed, dev=sr0, iso_blknum=32, block=32
[  901.050097][T24164] netlink: 1004 bytes leftover after parsing attributes in process `syz.1.4538'.
[  902.081625][T24172] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4540'.
[  902.772762][T24192] netlink: 'syz.1.4546': attribute type 21 has an invalid length.
[  902.793842][   T40] audit: type=1326 audit(2000000562.479:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24178 comm="syz.4.4543" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff6f6c code=0x0
[  902.816196][T24188] netlink: 'syz.4.4543': attribute type 2 has an invalid length.
[  902.818749][T24188] netlink: 'syz.4.4543': attribute type 1 has an invalid length.
[  902.821237][T24188] netlink: 'syz.4.4543': attribute type 1 has an invalid length.
[  903.523598][T24199] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(12)
[  903.525749][T24199] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  903.528871][T24199] vhci_hcd vhci_hcd.0: Device attached
[  903.529841][T24198] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  903.533287][T24198] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  903.534075][T24199] random: crng reseeded on system resumption
[  903.536163][T24198] vhci_hcd vhci_hcd.0: Device attached
[  903.577623][T24199] EXT4-fs (sr0): VFS: Can't find ext4 filesystem
[  903.661957][T24202] vhci_hcd: connection closed
[  903.662182][ T1159] vhci_hcd vhci_hcd.0: stop threads
[  903.665559][ T1159] vhci_hcd vhci_hcd.0: release socket
[  903.667366][ T1159] vhci_hcd vhci_hcd.0: disconnect device
[  903.793266][ T6000] usb 40-1: SetAddress Request (63) to port 0
[  903.795277][ T6000] usb 40-1: new SuperSpeed USB device number 63 using vhci_hcd
[  903.879058][T24200] vhci_hcd: connection reset by peer
[  903.881542][   T46] vhci_hcd vhci_hcd.1: stop threads
[  903.893303][   T46] vhci_hcd vhci_hcd.1: release socket
[  903.895256][   T46] vhci_hcd vhci_hcd.1: disconnect device
[  905.898011][T24259] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  905.900908][T24259] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  905.957160][T24259] vhci_hcd vhci_hcd.0: Device attached
[  906.243609][T17161] usb 42-1: SetAddress Request (66) to port 0
[  906.245635][T17161] usb 42-1: new SuperSpeed USB device number 66 using vhci_hcd
[  906.564070][T24260] vhci_hcd: connection reset by peer
[  906.573511][   T83] vhci_hcd vhci_hcd.2: stop threads
[  906.575966][   T83] vhci_hcd vhci_hcd.2: release socket
[  906.578743][   T83] vhci_hcd vhci_hcd.2: disconnect device
[  906.742501][T24282] netlink: 'syz.0.4566': attribute type 2 has an invalid length.
[  906.745964][T24278] 9pnet_virtio: no channels available for device syz
[  907.157435][T24285] "syz.2.4569" (24285) uses obsolete ecb(arc4) skcipher
[  907.160166][T24285] FAULT_INJECTION: forcing a failure.
[  907.160166][T24285] name failslab, interval 1, probability 0, space 0, times 0
[  907.165116][T24285] CPU: 3 UID: 0 PID: 24285 Comm: syz.2.4569 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  907.165133][T24285] Tainted: [L]=SOFTLOCKUP
[  907.165137][T24285] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  907.165144][T24285] Call Trace:
[  907.165148][T24285]  <TASK>
[  907.165152][T24285]  dump_stack_lvl+0x100/0x190
[  907.165173][T24285]  should_fail_ex.cold+0x5/0xa
[  907.165186][T24285]  ? sock_kmalloc+0x111/0x170
[  907.165202][T24285]  should_failslab+0xc2/0x120
[  907.165219][T24285]  __kmalloc_noprof+0xe0/0x850
[  907.165236][T24285]  sock_kmalloc+0x111/0x170
[  907.165253][T24285]  alg_setsockopt+0x390/0xe90
[  907.165266][T24285]  ? __pfx_alg_setsockopt+0x10/0x10
[  907.165276][T24285]  ? aa_sock_opt_perm+0xfe/0x1b0
[  907.165293][T24285]  ? __pfx_alg_setsockopt+0x10/0x10
[  907.165304][T24285]  do_sock_setsockopt+0xf3/0x1d0
[  907.165402][T24285]  __sys_setsockopt+0x119/0x190
[  907.165419][T24285]  __ia32_sys_setsockopt+0xbc/0x160
[  907.165432][T24285]  ? __do_fast_syscall_32+0x94/0x8c0
[  907.165447][T24285]  ? lockdep_hardirqs_on+0x78/0x100
[  907.165461][T24285]  __do_fast_syscall_32+0xe3/0x8c0
[  907.165477][T24285]  do_fast_syscall_32+0x32/0x70
[  907.165492][T24285]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  907.165506][T24285] RIP: 0023:0xf709ef6c
[  907.165516][T24285] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  907.165527][T24285] RSP: 002b:00000000f548d50c EFLAGS: 00000292 ORIG_RAX: 000000000000016e
[  907.165537][T24285] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000000117
[  907.165544][T24285] RDX: 0000000000000001 RSI: 0000000080000240 RDI: 0000000000000101
[  907.165550][T24285] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  907.165557][T24285] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  907.165563][T24285] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  907.165577][T24285]  </TASK>
[  907.274525][T24288] "syz.2.4570" (24288) uses obsolete ecb(arc4) skcipher
[  907.312832][T24290] binder: BINDER_SET_CONTEXT_MGR already set
[  907.314833][T24290] binder: 24289:24290 ioctl 4018620d 80000100 returned -16
[  907.412151][T24294] "syz.4.4567" (24294) uses obsolete ecb(arc4) skcipher
[  907.423361][   T60] usb 5-1: new full-speed USB device number 67 using dummy_hcd
[  907.582022][   T40] audit: type=1804 audit(2000000567.429:773): pid=24300 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.4572" name="/newroot/486/bus/bus" dev="overlay" ino=2649 res=1 errno=0
[  907.594744][   T60] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  907.598595][   T60] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  907.600857][   T40] audit: type=1804 audit(2000000567.429:774): pid=24300 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.4572" name="/newroot/486/bus/bus" dev="overlay" ino=2649 res=1 errno=0
[  907.601996][   T60] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64
[  907.613380][   T60] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  907.616833][   T60] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  907.624800][T24286] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  907.630736][   T60] hub 5-1:1.0: bad descriptor, ignoring hub
[  907.638709][   T60] hub 5-1:1.0: probe with driver hub failed with error -5
[  907.642172][   T60] cdc_wdm 5-1:1.0: skipping garbage
[  907.645192][T24305] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4574'.
[  907.648757][   T60] cdc_wdm 5-1:1.0: skipping garbage
[  907.651863][T24305] netlink: 96 bytes leftover after parsing attributes in process `syz.4.4574'.
[  907.660949][   T60] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  907.664910][   T60] cdc_wdm 5-1:1.0: Unknown control protocol
[  907.723272][T24306] xfrm0: entered promiscuous mode
[  907.727052][T24306] xfrm0: entered allmulticast mode
[  907.932656][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  907.935174][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  907.937277][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  907.939367][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  907.941454][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  907.943551][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  907.946097][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  907.948194][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  907.951319][    C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  907.953447][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  907.955445][    C3] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1
[  908.045865][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  908.048038][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  908.050426][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  908.052518][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  908.054686][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  908.056757][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  908.058876][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  908.060954][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  908.063084][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  908.065173][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  908.174698][T18063] usb 5-1: USB disconnect, device number 67
[  908.301878][T24310] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4575'.
[  908.305810][T24310] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4575'.
[  908.557696][T24324] binder: BINDER_SET_CONTEXT_MGR already set
[  908.559648][T24324] binder: 24323:24324 ioctl 4018620d 80000100 returned -16
[  908.739670][T24339] netlink: 148 bytes leftover after parsing attributes in process `syz.4.4585'.
[  908.743349][T24339] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check.
[  908.823734][ T6000] usb 40-1: device descriptor read/8, error -110
[  908.942700][ T5949] Bluetooth: hci0: unexpected event for opcode 0x040e
[  909.214785][ T6000] usb usb40-port1: attempt power cycle
[  909.276788][T24351] FAULT_INJECTION: forcing a failure.
[  909.276788][T24351] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  909.285665][T24351] CPU: 0 UID: 0 PID: 24351 Comm: syz.2.4588 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  909.285706][T24351] Tainted: [L]=SOFTLOCKUP
[  909.285712][T24351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  909.285722][T24351] Call Trace:
[  909.285728][T24351]  <TASK>
[  909.285735][T24351]  dump_stack_lvl+0x100/0x190
[  909.285763][T24351]  should_fail_ex.cold+0x5/0xa
[  909.285782][T24351]  _copy_from_user+0x2e/0xd0
[  909.285802][T24351]  kstrtouint_from_user+0xd6/0x1d0
[  909.285826][T24351]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  909.285852][T24351]  ? __lock_acquire+0x4a5/0x2630
[  909.285875][T24351]  ? lock_acquire+0x1cf/0x380
[  909.285898][T24351]  proc_fail_nth_write+0x83/0x220
[  909.285921][T24351]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  909.285952][T24351]  vfs_write+0x2aa/0x1070
[  909.285974][T24351]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  909.285999][T24351]  ? __pfx_vfs_write+0x10/0x10
[  909.286018][T24351]  ? find_held_lock+0x2b/0x80
[  909.286042][T24351]  ? __fget_files+0x215/0x3d0
[  909.286068][T24351]  ? __fget_files+0x21f/0x3d0
[  909.286095][T24351]  ksys_write+0x12a/0x250
[  909.286115][T24351]  ? __pfx_ksys_write+0x10/0x10
[  909.286142][T24351]  do_int80_emulation+0x141/0x6b0
[  909.286168][T24351]  asm_int80_emulation+0x1a/0x20
[  909.286185][T24351] RIP: 0023:0xf71d572b
[  909.286199][T24351] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  909.286214][T24351] RSP: 002b:00000000f548d4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[  909.286230][T24351] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f548d5d0
[  909.286241][T24351] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  909.286250][T24351] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  909.286260][T24351] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  909.286269][T24351] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  909.286291][T24351]  </TASK>
[  909.579492][T24356] binder: BINDER_SET_CONTEXT_MGR already set
[  909.581858][T24356] binder: 24355:24356 ioctl 4018620d 80000100 returned -16
[  909.773671][ T6000] usb usb40-port1: unable to enumerate USB device
[  909.788504][T24359] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4591'.
[  910.203234][   T34] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  910.333258][   T34] usb 5-1: device descriptor read/64, error -71
[  910.510368][T24374] netlink: 148 bytes leftover after parsing attributes in process `syz.1.4595'.
[  910.513399][T24374] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check.
[  910.583823][   T34] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  910.723486][   T34] usb 5-1: device descriptor read/64, error -71
[  910.833383][   T34] usb usb5-port1: attempt power cycle
[  911.173417][   T34] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[  911.194432][   T34] usb 5-1: device descriptor read/8, error -71
[  911.226212][T24386] binder: BINDER_SET_CONTEXT_MGR already set
[  911.228383][T24386] binder: 24385:24386 ioctl 4018620d 80000100 returned -16
[  911.277958][T24388] FAULT_INJECTION: forcing a failure.
[  911.277958][T24388] name failslab, interval 1, probability 0, space 0, times 0
[  911.282404][T24388] CPU: 1 UID: 0 PID: 24388 Comm: syz.1.4600 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  911.282422][T24388] Tainted: [L]=SOFTLOCKUP
[  911.282427][T24388] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  911.282434][T24388] Call Trace:
[  911.282441][T24388]  <TASK>
[  911.282447][T24388]  dump_stack_lvl+0x100/0x190
[  911.282472][T24388]  should_fail_ex.cold+0x5/0xa
[  911.282491][T24388]  ? genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290
[  911.282513][T24388]  should_failslab+0xc2/0x120
[  911.282553][T24388]  __kmalloc_noprof+0xe0/0x850
[  911.282574][T24388]  ? rcu_is_watching+0x12/0xc0
[  911.282593][T24388]  genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290
[  911.282613][T24388]  genl_family_rcv_msg_doit+0xc7/0x300
[  911.282636][T24388]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  911.282653][T24388]  ? genl_get_cmd+0x3ef/0x720
[  911.282672][T24388]  ? bpf_lsm_capable+0x9/0x10
[  911.282692][T24388]  ? security_capable+0x80/0x260
[  911.282710][T24388]  ? ns_capable+0xd2/0xf0
[  911.282728][T24388]  genl_rcv_msg+0x560/0x800
[  911.282747][T24388]  ? __pfx_genl_rcv_msg+0x10/0x10
[  911.282764][T24388]  ? __pfx_mptcp_pm_nl_flush_addrs_doit+0x10/0x10
[  911.282780][T24388]  ? __lock_acquire+0x4a5/0x2630
[  911.282796][T24388]  netlink_rcv_skb+0x159/0x420
[  911.282811][T24388]  ? __pfx_genl_rcv_msg+0x10/0x10
[  911.282829][T24388]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  911.282850][T24388]  ? netlink_deliver_tap+0x1ae/0xcc0
[  911.282871][T24388]  genl_rcv+0x28/0x40
[  911.282886][T24388]  netlink_unicast+0x5aa/0x870
[  911.282903][T24388]  ? __pfx_netlink_unicast+0x10/0x10
[  911.282924][T24388]  netlink_sendmsg+0x8b0/0xda0
[  911.282941][T24388]  ? __pfx_netlink_sendmsg+0x10/0x10
[  911.282958][T24388]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  911.282978][T24388]  ____sys_sendmsg+0xa54/0xc30
[  911.282997][T24388]  ? __pfx_____sys_sendmsg+0x10/0x10
[  911.283021][T24388]  ___sys_sendmsg+0x190/0x1e0
[  911.283033][T24388]  ? __pfx____sys_sendmsg+0x10/0x10
[  911.283060][T24388]  __sys_sendmsg+0x170/0x220
[  911.283074][T24388]  ? __pfx___sys_sendmsg+0x10/0x10
[  911.283092][T24388]  ? __pfx_ksys_write+0x10/0x10
[  911.283111][T24388]  __do_fast_syscall_32+0xe3/0x8c0
[  911.283144][T24388]  do_fast_syscall_32+0x32/0x70
[  911.283161][T24388]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  911.283175][T24388] RIP: 0023:0xf7fe3f6c
[  911.283185][T24388] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  911.283195][T24388] RSP: 002b:00000000f54a650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  911.283206][T24388] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000200
[  911.283213][T24388] RDX: 0000000000000800 RSI: 0000000000000000 RDI: 0000000000000000
[  911.283220][T24388] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  911.283226][T24388] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  911.283232][T24388] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  911.283246][T24388]  </TASK>
[  911.313357][T17161] usb 42-1: device descriptor read/8, error -110
[  911.433264][   T34] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[  911.453784][   T34] usb 5-1: device descriptor read/8, error -71
[  911.573586][   T34] usb usb5-port1: unable to enumerate USB device
[  912.885397][T17161] usb usb42-port1: attempt power cycle
[  913.096230][T24413] netlink: 148 bytes leftover after parsing attributes in process `syz.0.4605'.
[  913.099098][T24413] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check.
[  913.213909][   T40] audit: type=1326 audit(2000000573.069:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24389 comm="syz.2.4601" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf709ef6c code=0x0
[  913.549247][   T40] audit: type=1326 audit(2000000573.069:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24391 comm="syz.1.4602" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fe3f6c code=0x0
[  913.627089][T24394] netlink: 'syz.1.4602': attribute type 2 has an invalid length.
[  913.629564][T24394] netlink: 'syz.1.4602': attribute type 1 has an invalid length.
[  913.632112][T24394] netlink: 'syz.1.4602': attribute type 1 has an invalid length.
[  913.634747][T24401] netlink: 'syz.2.4601': attribute type 2 has an invalid length.
[  913.637311][T24401] netlink: 'syz.2.4601': attribute type 1 has an invalid length.
[  913.639868][T24401] netlink: 'syz.2.4601': attribute type 1 has an invalid length.
[  913.903840][T17161] usb usb42-port1: unable to enumerate USB device
[  914.011113][   T40] audit: type=1326 audit(2000000573.859:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24418 comm="syz.1.4607" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe3f6c code=0x7ffc0000
[  914.013047][T24424] bridge3: entered allmulticast mode
[  914.020239][   T40] audit: type=1326 audit(2000000573.869:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24418 comm="syz.1.4607" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fe3f6c code=0x7ffc0000
[  914.020269][   T40] audit: type=1326 audit(2000000573.869:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24418 comm="syz.1.4607" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe3f6c code=0x7ffc0000
[  914.020290][   T40] audit: type=1326 audit(2000000573.869:780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24418 comm="syz.1.4607" exe="/syz-executor" sig=0 arch=40000003 syscall=369 compat=1 ip=0xf7fe3f6c code=0x7ffc0000
[  914.020313][   T40] audit: type=1326 audit(2000000573.869:781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24418 comm="syz.1.4607" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe3f6c code=0x7ffc0000
[  914.020333][   T40] audit: type=1326 audit(2000000573.869:782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24418 comm="syz.1.4607" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf7fe3f6c code=0x7ffc0000
[  914.020355][   T40] audit: type=1326 audit(2000000573.869:783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24418 comm="syz.1.4607" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe3f6c code=0x7ffc0000
[  914.020377][   T40] audit: type=1326 audit(2000000573.869:784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24418 comm="syz.1.4607" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7fe3f6c code=0x7ffc0000
[  914.084654][T24424] team0: Port device bridge3 added
[  914.096796][T24424] bridge0: port 3(team0) entered blocking state
[  914.099207][T24424] bridge0: port 3(team0) entered disabled state
[  914.112008][T24424] team0: entered allmulticast mode
[  914.115047][T24424] team_slave_0: entered allmulticast mode
[  914.122126][T24424] team_slave_1: entered allmulticast mode
[  914.124287][T24433] binder: BINDER_SET_CONTEXT_MGR already set
[  914.125963][T24424] team0: entered promiscuous mode
[  914.126710][T24433] binder: 24432:24433 ioctl 4018620d 80000100 returned -16
[  914.128555][T24424] team_slave_0: entered promiscuous mode
[  914.143504][T24424] team_slave_1: entered promiscuous mode
[  914.145976][T24424] bridge3: entered promiscuous mode
[  914.328136][T24426] pim6reg: entered allmulticast mode
[  914.516800][T24440] syzkaller0: entered promiscuous mode
[  914.518552][T24440] syzkaller0: entered allmulticast mode
[  914.524701][T24440] FAULT_INJECTION: forcing a failure.
[  914.524701][T24440] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  914.528756][T24440] CPU: 3 UID: 0 PID: 24440 Comm: syz.2.4612 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  914.528773][T24440] Tainted: [L]=SOFTLOCKUP
[  914.528777][T24440] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  914.528784][T24440] Call Trace:
[  914.528788][T24440]  <TASK>
[  914.528792][T24440]  dump_stack_lvl+0x100/0x190
[  914.528812][T24440]  should_fail_ex.cold+0x5/0xa
[  914.528825][T24440]  _copy_from_iter+0x1f4/0x1690
[  914.528842][T24440]  ? __pfx__copy_from_iter+0x10/0x10
[  914.528855][T24440]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  914.528873][T24440]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  914.528887][T24440]  skb_copy_datagram_from_iter+0x11f/0x720
[  914.528904][T24440]  packet_sendmsg+0x2476/0x53c0
[  914.528922][T24440]  ? __pfx___might_resched+0x10/0x10
[  914.528937][T24440]  ? __pfx_print_irqtrace_events+0x7/0x10
[  914.528953][T24440]  ? aa_sk_perm+0x2de/0xb40
[  914.528967][T24440]  ? __pfx_packet_sendmsg+0x10/0x10
[  914.528977][T24440]  ? __pfx_aa_sk_perm+0x10/0x10
[  914.528994][T24440]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  914.529013][T24440]  ____sys_sendmsg+0xa54/0xc30
[  914.529031][T24440]  ? __pfx_____sys_sendmsg+0x10/0x10
[  914.529054][T24440]  ___sys_sendmsg+0x190/0x1e0
[  914.529066][T24440]  ? __pfx____sys_sendmsg+0x10/0x10
[  914.529092][T24440]  __sys_sendmsg+0x170/0x220
[  914.529106][T24440]  ? __pfx___sys_sendmsg+0x10/0x10
[  914.529125][T24440]  ? __pfx_ksys_write+0x10/0x10
[  914.529143][T24440]  __do_fast_syscall_32+0xe3/0x8c0
[  914.529159][T24440]  do_fast_syscall_32+0x32/0x70
[  914.529174][T24440]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  914.529188][T24440] RIP: 0023:0xf709ef6c
[  914.529197][T24440] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  914.529208][T24440] RSP: 002b:00000000f548d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  914.529218][T24440] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000800000c0
[  914.529225][T24440] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000
[  914.529231][T24440] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  914.529237][T24440] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  914.529243][T24440] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  914.529256][T24440]  </TASK>
[  914.736019][T24418] pim6reg: left allmulticast mode
[  915.437110][T24456] netlink: 'syz.2.4615': attribute type 2 has an invalid length.
[  915.439649][T24456] netlink: 'syz.2.4615': attribute type 1 has an invalid length.
[  915.442108][T24456] netlink: 'syz.2.4615': attribute type 1 has an invalid length.
[  917.397864][T24477] FAULT_INJECTION: forcing a failure.
[  917.397864][T24477] name failslab, interval 1, probability 0, space 0, times 0
[  917.402611][T24477] CPU: 2 UID: 0 PID: 24477 Comm: syz.0.4624 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  917.402631][T24477] Tainted: [L]=SOFTLOCKUP
[  917.402635][T24477] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  917.402642][T24477] Call Trace:
[  917.402649][T24477]  <TASK>
[  917.402654][T24477]  dump_stack_lvl+0x100/0x190
[  917.402675][T24477]  should_fail_ex.cold+0x5/0xa
[  917.402689][T24477]  should_failslab+0xc2/0x120
[  917.402707][T24477]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  917.402722][T24477]  ? skb_clone+0x190/0x400
[  917.402740][T24477]  skb_clone+0x190/0x400
[  917.402755][T24477]  nfnetlink_rcv_batch+0x1cc/0x2880
[  917.402769][T24477]  ? kmem_cache_free+0x124/0x6a0
[  917.402785][T24477]  ? kfree_skbmem+0x19f/0x210
[  917.402808][T24477]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[  917.402821][T24477]  ? find_held_lock+0x2b/0x80
[  917.402838][T24477]  ? __dev_queue_xmit+0x7dc/0x4750
[  917.402851][T24477]  ? __local_bh_enable_ip+0x9e/0x120
[  917.402874][T24477]  ? lockdep_hardirqs_on+0x78/0x100
[  917.402892][T24477]  ? __dev_queue_xmit+0x7dc/0x4750
[  917.402911][T24477]  ? __asan_memset+0x23/0x50
[  917.402924][T24477]  ? __nla_validate_parse+0x1e7/0x28b0
[  917.402954][T24477]  ? __pfx___nla_validate_parse+0x10/0x10
[  917.402982][T24477]  ? rcu_is_watching+0x12/0xc0
[  917.403010][T24477]  ? apparmor_capable+0x1d7/0x4e0
[  917.403037][T24477]  ? __nla_parse+0x40/0x60
[  917.403057][T24477]  nfnetlink_rcv+0x3bd/0x440
[  917.403069][T24477]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  917.403085][T24477]  netlink_unicast+0x5aa/0x870
[  917.403104][T24477]  ? __pfx_netlink_unicast+0x10/0x10
[  917.403126][T24477]  netlink_sendmsg+0x8b0/0xda0
[  917.403145][T24477]  ? __pfx_netlink_sendmsg+0x10/0x10
[  917.403163][T24477]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  917.403183][T24477]  ____sys_sendmsg+0xa54/0xc30
[  917.403203][T24477]  ? __pfx_____sys_sendmsg+0x10/0x10
[  917.403227][T24477]  ___sys_sendmsg+0x190/0x1e0
[  917.403240][T24477]  ? __pfx____sys_sendmsg+0x10/0x10
[  917.403269][T24477]  __sys_sendmsg+0x170/0x220
[  917.403284][T24477]  ? __pfx___sys_sendmsg+0x10/0x10
[  917.403303][T24477]  ? __pfx_ksys_write+0x10/0x10
[  917.403323][T24477]  __do_fast_syscall_32+0xe3/0x8c0
[  917.403340][T24477]  do_fast_syscall_32+0x32/0x70
[  917.403371][T24477]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  917.403386][T24477] RIP: 0023:0xf6feef6c
[  917.403395][T24477] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  917.403406][T24477] RSP: 002b:00000000f53dd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  917.403418][T24477] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[  917.403425][T24477] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  917.403432][T24477] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  917.403438][T24477] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  917.403445][T24477] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  917.403459][T24477]  </TASK>
[  917.763268][ T6000] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[  917.913712][ T6000] usb 5-1: Using ep0 maxpacket: 16
[  917.917831][ T6000] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  917.924503][ T6000] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  917.933382][ T6000] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  917.935967][ T6000] usb 5-1: Product: syz
[  917.937334][ T6000] usb 5-1: Manufacturer: syz
[  917.939111][ T6000] usb 5-1: SerialNumber: syz
[  917.944320][ T6000] usb 5-1: config 0 descriptor??
[  917.947971][ T6000] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  917.951194][ T6000] em28xx 5-1:0.0: DVB interface 0 found: bulk
[  918.539810][T24486] binder: BINDER_SET_CONTEXT_MGR already set
[  918.542426][T24486] binder: 24485:24486 ioctl 4018620d 80000100 returned -16
[  918.555882][ T6000] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  918.968288][ T6000] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  918.971518][ T6000] em28xx 5-1:0.0: board has no eeprom
[  919.177610][T24479] FAULT_INJECTION: forcing a failure.
[  919.177610][T24479] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  919.181972][T24479] CPU: 2 UID: 0 PID: 24479 Comm: syz.0.4625 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  919.181991][T24479] Tainted: [L]=SOFTLOCKUP
[  919.181995][T24479] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  919.182001][T24479] Call Trace:
[  919.182006][T24479]  <TASK>
[  919.182011][T24479]  dump_stack_lvl+0x100/0x190
[  919.182030][T24479]  should_fail_ex.cold+0x5/0xa
[  919.182044][T24479]  _copy_from_user+0x2e/0xd0
[  919.182072][T24479]  compat_i2cdev_ioctl+0x3cd/0x540
[  919.182095][T24479]  ? __pfx_compat_i2cdev_ioctl+0x10/0x10
[  919.182118][T24479]  ? __fget_files+0x21f/0x3d0
[  919.182136][T24479]  ? __pfx_compat_i2cdev_ioctl+0x10/0x10
[  919.182154][T24479]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  919.182169][T24479]  __do_fast_syscall_32+0xe3/0x8c0
[  919.182187][T24479]  do_fast_syscall_32+0x32/0x70
[  919.182202][T24479]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  919.182216][T24479] RIP: 0023:0xf6feef6c
[  919.182226][T24479] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  919.182240][T24479] RSP: 002b:00000000f53dd50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  919.182253][T24479] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000707
[  919.182260][T24479] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000
[  919.182266][T24479] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  919.182272][T24479] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  919.182278][T24479] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  919.182292][T24479]  </TASK>
[  919.293228][ T6000] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  919.295866][ T6000] em28xx 5-1:0.0: dvb set to bulk mode.
[  919.299748][T17161] em28xx 5-1:0.0: Binding DVB extension
[  919.787836][ T6000] usb 5-1: USB disconnect, device number 72
[  919.795333][ T6000] em28xx 5-1:0.0: Disconnecting em28xx
[  919.809928][T17161] em28xx 5-1:0.0: Registering input extension
[  919.813438][ T6000] em28xx 5-1:0.0: Closing input extension
[  919.822027][ T6000] em28xx 5-1:0.0: Freeing device
[  920.185399][   T40] kauditd_printk_skb: 34 callbacks suppressed
[  920.185411][   T40] audit: type=1804 audit(2000000580.039:819): pid=24505 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.4634" name="/newroot/505/bus/bus" dev="overlay" ino=2763 res=1 errno=0
[  920.195763][   T40] audit: type=1804 audit(2000000580.049:820): pid=24505 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.4634" name="/newroot/505/bus/bus" dev="overlay" ino=2763 res=1 errno=0
[  920.520738][   T40] audit: type=1326 audit(2000000580.369:821): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24509 comm="syz.0.4635" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf6feef6c code=0x0
[  920.587293][T24513] netlink: 'syz.0.4635': attribute type 2 has an invalid length.
[  920.589814][T24513] netlink: 'syz.0.4635': attribute type 1 has an invalid length.
[  920.592357][T24513] netlink: 'syz.0.4635': attribute type 1 has an invalid length.
[  920.876909][T24515] binder: BINDER_SET_CONTEXT_MGR already set
[  920.884213][T24515] binder: 24514:24515 ioctl 4018620d 80000100 returned -16
[  921.977970][T24536] 9p: Bad value for 'wfdno'
[  922.049213][T24540] binder: BINDER_SET_CONTEXT_MGR already set
[  922.051696][T24540] binder: 24539:24540 ioctl 4018620d 80000100 returned -16
[  922.959818][T24552] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4649'.
[  922.962867][T24552] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4649'.
[  923.002591][T24554] bridge4: entered allmulticast mode
[  923.005589][T24554] bridge4: entered promiscuous mode
[  923.007895][T24554] team0: Port device bridge4 added
[  923.079955][T24558] can0: slcan on ptm0.
[  923.143488][   T29] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[  923.227670][T24563] sock: sock_timestamping_bind_phc: sock not bind to device
[  923.315146][   T29] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  923.317963][   T29] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  923.321141][   T29] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  923.333510][   T29] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  923.337900][   T29] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  923.354917][   T29] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  923.355854][T24580] FAULT_INJECTION: forcing a failure.
[  923.355854][T24580] name failslab, interval 1, probability 0, space 0, times 0
[  923.358155][   T29] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  923.368672][   T29] usb 5-1: Product: syz
[  923.368975][T24580] CPU: 2 UID: 0 PID: 24580 Comm: syz.4.4657 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  923.368993][T24580] Tainted: [L]=SOFTLOCKUP
[  923.368997][T24580] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  923.369004][T24580] Call Trace:
[  923.369008][T24580]  <TASK>
[  923.369012][T24580]  dump_stack_lvl+0x100/0x190
[  923.369032][T24580]  should_fail_ex.cold+0x5/0xa
[  923.369046][T24580]  ? tomoyo_encode2+0xfb/0x3c0
[  923.369060][T24580]  should_failslab+0xc2/0x120
[  923.369076][T24580]  __kmalloc_noprof+0xe0/0x850
[  923.369091][T24580]  ? rcu_is_watching+0x12/0xc0
[  923.369109][T24580]  tomoyo_encode2+0xfb/0x3c0
[  923.369123][T24580]  ? prepend_copy+0x3f/0x80
[  923.369136][T24580]  tomoyo_encode+0x29/0x50
[  923.369149][T24580]  tomoyo_realpath_from_path+0x18c/0x690
[  923.369168][T24580]  tomoyo_path_number_perm+0x23c/0x580
[  923.369180][T24580]  ? tomoyo_path_number_perm+0x22e/0x580
[  923.369193][T24580]  ? __pte_offset_map+0x104/0x310
[  923.369208][T24580]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  923.369235][T24580]  ? find_held_lock+0x2b/0x80
[  923.369251][T24580]  ? hook_file_ioctl_common+0x146/0x410
[  923.369264][T24580]  ? __fget_files+0x215/0x3d0
[  923.369282][T24580]  ? __fget_files+0x21f/0x3d0
[  923.369299][T24580]  security_file_ioctl_compat+0xd3/0x230
[  923.369314][T24580]  __ia32_compat_sys_ioctl+0xc2/0x360
[  923.369329][T24580]  __do_fast_syscall_32+0xe3/0x8c0
[  923.369347][T24580]  do_fast_syscall_32+0x32/0x70
[  923.369362][T24580]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  923.369376][T24580] RIP: 0023:0xf7ff6f6c
[  923.369385][T24580] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  923.369396][T24580] RSP: 002b:00000000f54b650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  923.369407][T24580] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000402c5828
[  923.369413][T24580] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000
[  923.369420][T24580] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  923.369426][T24580] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  923.369432][T24580] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  923.369446][T24580]  </TASK>
[  923.369456][T24580] ERROR: Out of memory at tomoyo_realpath_from_path.
[  923.370484][   T29] usb 5-1: Manufacturer: syz
[  923.423926][   T29] cdc_wdm 5-1:1.0: skipping garbage
[  923.559808][   T29] cdc_wdm 5-1:1.0: skipping garbage
[  923.562619][   T29] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  923.573230][   T29] cdc_wdm 5-1:1.0: Unknown control protocol
[  923.682735][T24590] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(6)
[  923.684853][T24590] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  923.687646][T24590] vhci_hcd vhci_hcd.0: Device attached
[  923.697968][    C0] wdm_int_callback: 12 callbacks suppressed
[  923.697985][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  923.697996][    C0] wdm_int_callback: 12 callbacks suppressed
[  923.698003][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  923.698128][   T60] usb 5-1: USB disconnect, device number 73
[  923.698219][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  923.698230][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  923.698238][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  923.955319][ T6000] usb 46-1: SetAddress Request (10) to port 0
[  923.955378][ T6000] usb 46-1: new SuperSpeed USB device number 10 using vhci_hcd
[  924.015413][T24557] can0 (unregistered): slcan off ptm0.
[  925.184646][T24614] FAULT_INJECTION: forcing a failure.
[  925.184646][T24614] name failslab, interval 1, probability 0, space 0, times 0
[  925.191310][T24614] CPU: 2 UID: 0 PID: 24614 Comm: syz.0.4663 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  925.191331][T24614] Tainted: [L]=SOFTLOCKUP
[  925.191335][T24614] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  925.191342][T24614] Call Trace:
[  925.191347][T24614]  <TASK>
[  925.191352][T24614]  dump_stack_lvl+0x100/0x190
[  925.191371][T24614]  should_fail_ex.cold+0x5/0xa
[  925.191385][T24614]  should_failslab+0xc2/0x120
[  925.191401][T24614]  kmem_cache_alloc_lru_noprof+0x80/0x6e0
[  925.191415][T24614]  ? alloc_inode+0x68/0x250
[  925.191428][T24614]  ? simple_start_creating+0xb0/0x110
[  925.191443][T24614]  ? __pfx_debugfs_alloc_inode+0x10/0x10
[  925.191456][T24614]  alloc_inode+0x68/0x250
[  925.191467][T24614]  new_inode+0x22/0x1c0
[  925.191480][T24614]  __debugfs_create_file+0x105/0x4f0
[  925.191495][T24614]  debugfs_create_file_full+0x41/0x60
[  925.191514][T24614]  ref_tracker_dir_debugfs+0x19e/0x2e0
[  925.191529][T24614]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[  925.191554][T24614]  ? __kvmalloc_node_noprof+0x6af/0xa00
[  925.191568][T24614]  ? alloc_netdev_mqs+0xd7/0x14f0
[  925.191583][T24614]  ? lockdep_init_map_type+0x5c/0x250
[  925.191599][T24614]  ? __pfx_can_setup+0x10/0x10
[  925.191613][T24614]  alloc_netdev_mqs+0x314/0x14f0
[  925.191631][T24614]  alloc_candev_mqs+0x6b/0x4d0
[  925.191647][T24614]  ? __pfx_slcan_open+0x10/0x10
[  925.191660][T24614]  slcan_open+0x93/0x4c0
[  925.191673][T24614]  ? __pfx_slcan_open+0x10/0x10
[  925.191685][T24614]  tty_ldisc_open+0xa2/0x120
[  925.191700][T24614]  tty_set_ldisc+0x325/0x740
[  925.191717][T24614]  tty_ioctl+0x695/0x1690
[  925.191734][T24614]  ? __pfx_tty_ioctl+0x10/0x10
[  925.191749][T24614]  ? do_vfs_ioctl+0x226/0x13e0
[  925.191763][T24614]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  925.191780][T24614]  ? find_held_lock+0x2b/0x80
[  925.191796][T24614]  ? hook_file_ioctl_common+0x146/0x410
[  925.191813][T24614]  ? __fget_files+0x21f/0x3d0
[  925.191829][T24614]  tty_compat_ioctl+0x2b3/0x420
[  925.191845][T24614]  ? __pfx_tty_compat_ioctl+0x10/0x10
[  925.191862][T24614]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  925.191877][T24614]  __do_fast_syscall_32+0xe3/0x8c0
[  925.191895][T24614]  do_fast_syscall_32+0x32/0x70
[  925.191911][T24614]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  925.191937][T24614] RIP: 0023:0xf6feef6c
[  925.191947][T24614] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  925.191958][T24614] RSP: 002b:00000000f53bc50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  925.191969][T24614] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005423
[  925.191976][T24614] RDX: 0000000080000300 RSI: 0000000000000000 RDI: 0000000000000000
[  925.191982][T24614] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  925.191988][T24614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  925.191995][T24614] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  925.192009][T24614]  </TASK>
[  925.192051][T24614] debugfs: out of free dentries, can not create file 'netdev@ffff8880554a8620'
[  925.254770][   T40] audit: type=1326 audit(2000000585.109:822): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24612 comm="syz.2.4662" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf709ef6c code=0x0
[  925.261165][T24614] can0: slcan on pty20.
[  925.394720][T24622] netlink: 'syz.2.4662': attribute type 2 has an invalid length.
[  925.394742][T24622] netlink: 'syz.2.4662': attribute type 1 has an invalid length.
[  925.394766][T24622] netlink: 'syz.2.4662': attribute type 1 has an invalid length.
[  925.406603][T24591] vhci_hcd: connection reset by peer
[  925.409486][  T757] vhci_hcd vhci_hcd.4: stop threads
[  925.411844][  T757] vhci_hcd vhci_hcd.4: release socket
[  925.416301][T24610] can0 (unregistered): slcan off pty20.
[  925.419346][  T757] vhci_hcd vhci_hcd.4: disconnect device
[  925.596151][T24638] FAULT_INJECTION: forcing a failure.
[  925.596151][T24638] name failslab, interval 1, probability 0, space 0, times 0
[  925.600186][T24638] CPU: 2 UID: 0 PID: 24638 Comm: syz.1.4666 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  925.600205][T24638] Tainted: [L]=SOFTLOCKUP
[  925.600209][T24638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  925.600215][T24638] Call Trace:
[  925.600220][T24638]  <TASK>
[  925.600224][T24638]  dump_stack_lvl+0x100/0x190
[  925.600243][T24638]  should_fail_ex.cold+0x5/0xa
[  925.600257][T24638]  should_failslab+0xc2/0x120
[  925.600274][T24638]  __kmalloc_cache_noprof+0x7a/0x6f0
[  925.600286][T24638]  ? binder_transaction+0x748/0x9ee0
[  925.600305][T24638]  binder_transaction+0x748/0x9ee0
[  925.600322][T24638]  ? look_up_lock_class+0x55/0x120
[  925.600339][T24638]  ? find_held_lock+0x2b/0x80
[  925.600362][T24638]  ? __lock_acquire+0x4a5/0x2630
[  925.600375][T24638]  ? __pfx_binder_transaction+0x10/0x10
[  925.600392][T24638]  ? __lock_acquire+0x4a5/0x2630
[  925.600407][T24638]  ? __lock_acquire+0x4a5/0x2630
[  925.600422][T24638]  ? __lock_acquire+0x4a5/0x2630
[  925.600443][T24638]  ? __lock_acquire+0x4a5/0x2630
[  925.600455][T24638]  ? __lock_acquire+0x4a5/0x2630
[  925.600468][T24638]  ? is_bpf_text_address+0x94/0x1a0
[  925.600483][T24638]  ? kernel_text_address+0x8d/0x100
[  925.600497][T24638]  ? __pfx_widen_string+0x10/0x10
[  925.600511][T24638]  ? find_held_lock+0x2b/0x80
[  925.600526][T24638]  ? __might_fault+0xc5/0x140
[  925.600540][T24638]  ? __might_fault+0xc5/0x140
[  925.600557][T24638]  binder_thread_write+0x131f/0x4dd0
[  925.600575][T24638]  ? kasan_save_track+0x14/0x30
[  925.600589][T24638]  ? kasan_save_free_info+0x3b/0x70
[  925.600602][T24638]  ? __lock_acquire+0x4a5/0x2630
[  925.600614][T24638]  ? __pfx_binder_thread_write+0x10/0x10
[  925.600632][T24638]  ? binder_debug+0xe0/0x190
[  925.600645][T24638]  ? __pfx_binder_debug+0x10/0x10
[  925.600659][T24638]  ? binder_debug+0xe0/0x190
[  925.600672][T24638]  ? __pfx_binder_debug+0x10/0x10
[  925.600693][T24638]  ? __pfx_binder_ioctl+0x10/0x10
[  925.600708][T24638]  binder_ioctl+0x2964/0x7710
[  925.600726][T24638]  ? tomoyo_path_number_perm+0x28f/0x580
[  925.600744][T24638]  ? tomoyo_path_number_perm+0x28f/0x580
[  925.600759][T24638]  ? tomoyo_path_number_perm+0x188/0x580
[  925.600772][T24638]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  925.600785][T24638]  ? __pfx_binder_ioctl+0x10/0x10
[  925.600803][T24638]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  925.600821][T24638]  ? do_vfs_ioctl+0x226/0x13e0
[  925.600834][T24638]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  925.600851][T24638]  ? find_held_lock+0x2b/0x80
[  925.600866][T24638]  ? hook_file_ioctl_common+0x146/0x410
[  925.600882][T24638]  ? __fget_files+0x21f/0x3d0
[  925.600898][T24638]  ? __pfx_binder_ioctl+0x10/0x10
[  925.600914][T24638]  compat_ptr_ioctl+0x6e/0xa0
[  925.600926][T24638]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[  925.600938][T24638]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  925.600953][T24638]  __do_fast_syscall_32+0xe3/0x8c0
[  925.600970][T24638]  do_fast_syscall_32+0x32/0x70
[  925.600985][T24638]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  925.600999][T24638] RIP: 0023:0xf7fe3f6c
[  925.601009][T24638] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  925.601020][T24638] RSP: 002b:00000000f54a650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  925.601031][T24638] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201
[  925.601038][T24638] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000
[  925.601044][T24638] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  925.601050][T24638] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  925.601057][T24638] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  925.601070][T24638]  </TASK>
[  925.893477][T24648] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[  925.895637][T24648] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  925.898084][T24648] vhci_hcd vhci_hcd.0: Device attached
[  926.083402][   T10] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  926.163225][   T10] usb 39-1: new low-speed USB device number 2 using vhci_hcd
[  926.273240][   T29] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  926.433281][   T29] usb 9-1: Using ep0 maxpacket: 16
[  926.436853][   T29] usb 9-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[  926.440203][   T29] usb 9-1: config 0 interface 0 altsetting 1 endpoint 0x89 has an invalid bInterval 0, changing to 7
[  926.443882][   T29] usb 9-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0
[  926.447126][   T29] usb 9-1: config 0 interface 0 has no altsetting 0
[  926.451553][   T29] usb 9-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  926.454601][   T29] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  926.457227][   T29] usb 9-1: Product: syz
[  926.458666][   T29] usb 9-1: Manufacturer: syz
[  926.460222][   T29] usb 9-1: SerialNumber: syz
[  926.463208][   T29] usb 9-1: config 0 descriptor??
[  926.664170][T24649] vhci_hcd: connection reset by peer
[  926.667058][   T46] vhci_hcd vhci_hcd.1: stop threads
[  926.668869][   T46] vhci_hcd vhci_hcd.1: release socket
[  926.673372][   T46] vhci_hcd vhci_hcd.1: disconnect device
[  926.675072][   T29] input: syz syz as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.0/input/input101
[  926.735480][ T5327] synaptics_usb 9-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  926.742379][ T5327] synaptics_usb 9-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  926.747227][ T5327] synaptics_usb 9-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  926.755219][ T5327] synaptics_usb 9-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  926.799711][ T5327] synaptics_usb 9-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  926.809651][T24044] synaptics_usb 9-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  926.814011][ T5327] synaptics_usb 9-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  926.829954][ T5327] synaptics_usb 9-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  926.872228][T24655] synaptics_usb 9-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  926.943470][ T5327] synaptics_usb 9-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  927.079739][T24666] 9pnet_virtio: no channels available for device syz
[  927.212284][ T5327] synaptics_usb 9-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  927.862157][T24675] x_tables: duplicate underflow at hook 1
[  927.865503][T24675] hub 8-0:1.0: USB hub found
[  927.867795][T24675] hub 8-0:1.0: 1 port detected
[  928.304547][   T40] audit: type=1326 audit(2000000588.129:823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24682 comm="syz.1.4678" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7fe3f6c code=0x0
[  928.359582][T24692] netlink: 'syz.1.4678': attribute type 2 has an invalid length.
[  928.362957][T24692] netlink: 'syz.1.4678': attribute type 1 has an invalid length.
[  928.366415][T24692] netlink: 'syz.1.4678': attribute type 1 has an invalid length.
[  929.307105][ T6000] usb 46-1: device descriptor read/8, error -110
[  929.465408][   T29] usb 9-1: USB disconnect, device number 4
[  930.113234][   T39] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  930.123752][ T6000] usb usb46-port1: attempt power cycle
[  930.173513][T24713] FAULT_INJECTION: forcing a failure.
[  930.173513][T24713] name failslab, interval 1, probability 0, space 0, times 0
[  930.178888][T24713] CPU: 3 UID: 0 PID: 24713 Comm: syz.2.4687 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  930.178917][T24713] Tainted: [L]=SOFTLOCKUP
[  930.178924][T24713] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  930.178934][T24713] Call Trace:
[  930.178941][T24713]  <TASK>
[  930.178948][T24713]  dump_stack_lvl+0x100/0x190
[  930.178979][T24713]  should_fail_ex.cold+0x5/0xa
[  930.179001][T24713]  should_failslab+0xc2/0x120
[  930.179027][T24713]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  930.179052][T24713]  ? __alloc_skb+0x140/0x710
[  930.179079][T24713]  __alloc_skb+0x140/0x710
[  930.179098][T24713]  ? __alloc_skb+0x5b7/0x710
[  930.179118][T24713]  ? __pfx___alloc_skb+0x10/0x10
[  930.179147][T24713]  netlink_ack+0x117/0xb80
[  930.179179][T24713]  netlink_rcv_skb+0x333/0x420
[  930.179205][T24713]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[  930.179226][T24713]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  930.179262][T24713]  ? ns_capable+0xd2/0xf0
[  930.179293][T24713]  nfnetlink_rcv+0x1b3/0x440
[  930.179313][T24713]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  930.179332][T24713]  ? netlink_deliver_tap+0x1ae/0xcc0
[  930.179360][T24713]  netlink_unicast+0x5aa/0x870
[  930.179389][T24713]  ? __pfx_netlink_unicast+0x10/0x10
[  930.179424][T24713]  netlink_sendmsg+0x8b0/0xda0
[  930.179453][T24713]  ? __pfx_netlink_sendmsg+0x10/0x10
[  930.179481][T24713]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  930.179513][T24713]  ____sys_sendmsg+0xa54/0xc30
[  930.179544][T24713]  ? __pfx_____sys_sendmsg+0x10/0x10
[  930.179583][T24713]  ___sys_sendmsg+0x190/0x1e0
[  930.179602][T24713]  ? __pfx____sys_sendmsg+0x10/0x10
[  930.179655][T24713]  __sys_sendmsg+0x170/0x220
[  930.179678][T24713]  ? __pfx___sys_sendmsg+0x10/0x10
[  930.179710][T24713]  ? __pfx_ksys_write+0x10/0x10
[  930.179738][T24713]  __do_fast_syscall_32+0xe3/0x8c0
[  930.179766][T24713]  do_fast_syscall_32+0x32/0x70
[  930.179791][T24713]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  930.179814][T24713] RIP: 0023:0xf709ef6c
[  930.179830][T24713] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  930.179847][T24713] RSP: 002b:00000000f548d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  930.179866][T24713] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800000c0
[  930.179878][T24713] RDX: 0000000004000080 RSI: 0000000000000000 RDI: 0000000000000000
[  930.179889][T24713] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  930.179899][T24713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  930.179910][T24713] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  930.179934][T24713]  </TASK>
[  930.314677][   T39] usb 9-1: config 0 has no interfaces?
[  930.316500][   T39] usb 9-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  930.319378][   T39] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  930.326812][T24715] FAULT_INJECTION: forcing a failure.
[  930.326812][T24715] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  930.330945][T24715] CPU: 2 UID: 0 PID: 24715 Comm: syz.2.4688 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  930.330962][T24715] Tainted: [L]=SOFTLOCKUP
[  930.330966][T24715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  930.330973][T24715] Call Trace:
[  930.330977][T24715]  <TASK>
[  930.330982][T24715]  dump_stack_lvl+0x100/0x190
[  930.331001][T24715]  should_fail_ex.cold+0x5/0xa
[  930.331015][T24715]  _copy_from_user+0x2e/0xd0
[  930.331029][T24715]  vmemdup_user+0x6b/0xe0
[  930.331045][T24715]  kvm_vm_ioctl+0x133c/0x4080
[  930.331057][T24715]  ? tomoyo_path_number_perm+0x46d/0x580
[  930.331071][T24715]  ? stack_trace_save+0x8e/0xc0
[  930.331091][T24715]  ? __pfx_stack_trace_save+0x10/0x10
[  930.331115][T24715]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  930.331128][T24715]  ? __lock_acquire+0x4a5/0x2630
[  930.331148][T24715]  ? tomoyo_path_number_perm+0x46d/0x580
[  930.331163][T24715]  ? kasan_save_stack+0x3f/0x50
[  930.331177][T24715]  ? kasan_save_stack+0x30/0x50
[  930.331190][T24715]  ? kasan_save_track+0x14/0x30
[  930.331204][T24715]  ? kasan_save_free_info+0x3b/0x70
[  930.331215][T24715]  ? __kasan_slab_free+0x5f/0x80
[  930.331229][T24715]  ? kfree+0x1f6/0x6b0
[  930.331239][T24715]  ? tomoyo_path_number_perm+0x46d/0x580
[  930.331251][T24715]  ? security_file_ioctl_compat+0xd3/0x230
[  930.331263][T24715]  ? __ia32_compat_sys_ioctl+0xc2/0x360
[  930.331276][T24715]  ? __do_fast_syscall_32+0xe3/0x8c0
[  930.331291][T24715]  ? do_fast_syscall_32+0x32/0x70
[  930.331305][T24715]  ? kvm_arch_vm_compat_ioctl+0x2d0/0x470
[  930.331319][T24715]  ? __pfx_kvm_arch_vm_compat_ioctl+0x10/0x10
[  930.331342][T24715]  ? tomoyo_path_number_perm+0x46d/0x580
[  930.331356][T24715]  ? kasan_quarantine_put+0x104/0x240
[  930.331369][T24715]  ? lockdep_hardirqs_on+0x78/0x100
[  930.331384][T24715]  ? find_held_lock+0x2b/0x80
[  930.331400][T24715]  ? tomoyo_path_number_perm+0x28f/0x580
[  930.331412][T24715]  ? tomoyo_path_number_perm+0x28f/0x580
[  930.331429][T24715]  ? tomoyo_path_number_perm+0x188/0x580
[  930.331442][T24715]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  930.331460][T24715]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  930.331477][T24715]  ? do_vfs_ioctl+0x226/0x13e0
[  930.331490][T24715]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  930.331504][T24715]  kvm_vm_compat_ioctl+0x2f7/0x3f0
[  930.331516][T24715]  ? __pfx_kvm_vm_compat_ioctl+0x10/0x10
[  930.331528][T24715]  ? find_held_lock+0x2b/0x80
[  930.331544][T24715]  ? hook_file_ioctl_common+0x146/0x410
[  930.331560][T24715]  ? __fget_files+0x21f/0x3d0
[  930.331577][T24715]  ? __pfx_kvm_vm_compat_ioctl+0x10/0x10
[  930.331589][T24715]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  930.331604][T24715]  __do_fast_syscall_32+0xe3/0x8c0
[  930.331621][T24715]  do_fast_syscall_32+0x32/0x70
[  930.331636][T24715]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  930.331650][T24715] RIP: 0023:0xf709ef6c
[  930.331660][T24715] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  930.331675][T24715] RSP: 002b:00000000f548d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  930.331686][T24715] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 000000004008ae6a
[  930.331693][T24715] RDX: 0000000080000280 RSI: 0000000000000000 RDI: 0000000000000000
[  930.331699][T24715] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  930.331706][T24715] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  930.331712][T24715] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  930.331728][T24715]  </TASK>
[  930.445494][   T39] usb 9-1: config 0 descriptor??
[  930.449817][   T24] usb 6-1: new high-speed USB device number 91 using dummy_hcd
[  930.604593][   T24] usb 6-1: config 0 has no interfaces?
[  930.606501][   T24] usb 6-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[  930.609393][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  930.617705][   T24] usb 6-1: config 0 descriptor??
[  930.727063][T24717] syzkaller1: entered promiscuous mode
[  930.728948][T24717] syzkaller1: entered allmulticast mode
[  930.764605][ T6000] usb usb46-port1: unable to enumerate USB device
[  930.843239][T24722] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(6)
[  930.845601][T24722] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  930.855647][T24722] vhci_hcd vhci_hcd.0: Device attached
[  930.983036][T24722] binder: Binderfs stats mode cannot be changed during a remount
[  931.034280][   T60] vhci_hcd vhci_hcd.2: vhci_device speed not set
[  931.093324][   T60] usb 41-1: new full-speed USB device number 2 using vhci_hcd
[  931.304551][   T10] vhci_hcd vhci_hcd.1: vhci_device speed not set
[  931.570544][T24723] vhci_hcd: connection reset by peer
[  931.573630][ T6227] vhci_hcd vhci_hcd.2: stop threads
[  931.575950][ T6227] vhci_hcd vhci_hcd.2: release socket
[  931.578199][ T6227] vhci_hcd vhci_hcd.2: disconnect device
[  932.173309][T24736] FAULT_INJECTION: forcing a failure.
[  932.173309][T24736] name failslab, interval 1, probability 0, space 0, times 0
[  932.178648][T24736] CPU: 2 UID: 0 PID: 24736 Comm: syz.2.4695 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  932.178676][T24736] Tainted: [L]=SOFTLOCKUP
[  932.178682][T24736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  932.178706][T24736] Call Trace:
[  932.178714][T24736]  <TASK>
[  932.178721][T24736]  dump_stack_lvl+0x100/0x190
[  932.178752][T24736]  should_fail_ex.cold+0x5/0xa
[  932.178775][T24736]  should_failslab+0xc2/0x120
[  932.178802][T24736]  __kmalloc_cache_node_noprof+0x7d/0x770
[  932.178828][T24736]  ? __get_vm_area_node+0x101/0x330
[  932.178861][T24736]  __get_vm_area_node+0x101/0x330
[  932.178891][T24736]  __vmalloc_node_range_noprof+0x213/0x1530
[  932.178911][T24736]  ? vhost_task_create+0x1db/0x370
[  932.178944][T24736]  ? vhost_task_create+0x1db/0x370
[  932.178969][T24736]  ? find_held_lock+0x2b/0x80
[  932.178995][T24736]  ? rcu_read_unlock+0x17/0x60
[  932.179021][T24736]  ? rcu_read_unlock+0x17/0x60
[  932.179048][T24736]  ? obj_cgroup_charge_account+0x46d/0x640
[  932.179076][T24736]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  932.179098][T24736]  ? __memcg_slab_post_alloc_hook+0x51e/0x9a0
[  932.179129][T24736]  ? rcu_is_watching+0x12/0xc0
[  932.179156][T24736]  ? trace_kmem_cache_alloc+0xf3/0x120
[  932.179184][T24736]  ? vhost_task_create+0x1db/0x370
[  932.179207][T24736]  __vmalloc_node_noprof+0xad/0xf0
[  932.179227][T24736]  ? vhost_task_create+0x1db/0x370
[  932.179253][T24736]  copy_process+0x5ec/0x7a10
[  932.179288][T24736]  ? __pfx_copy_process+0x10/0x10
[  932.179312][T24736]  ? lockdep_init_map_type+0x5c/0x250
[  932.179336][T24736]  ? lockdep_init_map_type+0x5c/0x250
[  932.179359][T24736]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  932.179385][T24736]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  932.179407][T24736]  vhost_task_create+0x1db/0x370
[  932.179432][T24736]  ? __pfx_vhost_task_create+0x10/0x10
[  932.179456][T24736]  ? register_lock_class+0x40/0x560
[  932.179482][T24736]  ? __pfx_vhost_task_fn+0x10/0x10
[  932.179510][T24736]  ? __pfx___mutex_lock+0x10/0x10
[  932.179543][T24736]  kvm_mmu_post_init_vm+0x1b3/0x370
[  932.179564][T24736]  kvm_arch_vcpu_ioctl_run+0x66/0x1830
[  932.179584][T24736]  ? kvm_vcpu_ioctl+0x155c/0x1730
[  932.179617][T24736]  kvm_vcpu_ioctl+0x730/0x1730
[  932.179643][T24736]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  932.179667][T24736]  ? tomoyo_path_number_perm+0x188/0x580
[  932.179692][T24736]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  932.179722][T24736]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  932.179751][T24736]  ? do_vfs_ioctl+0x226/0x13e0
[  932.179775][T24736]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  932.179808][T24736]  kvm_vcpu_compat_ioctl+0x20f/0x3c0
[  932.179830][T24736]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  932.179855][T24736]  ? __fget_files+0x21f/0x3d0
[  932.179884][T24736]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  932.179909][T24736]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  932.179935][T24736]  __do_fast_syscall_32+0xe3/0x8c0
[  932.179964][T24736]  do_fast_syscall_32+0x32/0x70
[  932.179990][T24736]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  932.180012][T24736] RIP: 0023:0xf709ef6c
[  932.180027][T24736] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  932.180044][T24736] RSP: 002b:00000000f548d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  932.180064][T24736] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[  932.180075][T24736] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  932.180086][T24736] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  932.180096][T24736] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  932.180107][T24736] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  932.180132][T24736]  </TASK>
[  932.180159][T24736] warn_alloc: 1 callbacks suppressed
[  932.180169][T24736] syz.2.4695: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  932.319498][T24736] CPU: 2 UID: 0 PID: 24736 Comm: syz.2.4695 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  932.319515][T24736] Tainted: [L]=SOFTLOCKUP
[  932.319519][T24736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  932.319526][T24736] Call Trace:
[  932.319530][T24736]  <TASK>
[  932.319535][T24736]  dump_stack_lvl+0x100/0x190
[  932.319554][T24736]  warn_alloc.cold+0x95/0x1c1
[  932.319573][T24736]  ? __pfx_warn_alloc+0x10/0x10
[  932.319586][T24736]  ? trace_kmalloc+0x101/0x130
[  932.319603][T24736]  ? __kmalloc_cache_node_noprof+0x2d9/0x770
[  932.319620][T24736]  ? __kasan_kmalloc+0x8a/0xb0
[  932.319636][T24736]  ? __get_vm_area_node+0x208/0x330
[  932.319655][T24736]  __vmalloc_node_range_noprof+0xbf4/0x1530
[  932.319671][T24736]  ? vhost_task_create+0x1db/0x370
[  932.319686][T24736]  ? find_held_lock+0x2b/0x80
[  932.319706][T24736]  ? rcu_read_unlock+0x17/0x60
[  932.319722][T24736]  ? rcu_read_unlock+0x17/0x60
[  932.319739][T24736]  ? obj_cgroup_charge_account+0x46d/0x640
[  932.319756][T24736]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  932.319769][T24736]  ? __memcg_slab_post_alloc_hook+0x51e/0x9a0
[  932.319788][T24736]  ? rcu_is_watching+0x12/0xc0
[  932.319804][T24736]  ? trace_kmem_cache_alloc+0xf3/0x120
[  932.319821][T24736]  ? vhost_task_create+0x1db/0x370
[  932.319835][T24736]  __vmalloc_node_noprof+0xad/0xf0
[  932.319846][T24736]  ? vhost_task_create+0x1db/0x370
[  932.319862][T24736]  copy_process+0x5ec/0x7a10
[  932.319881][T24736]  ? __pfx_copy_process+0x10/0x10
[  932.319895][T24736]  ? lockdep_init_map_type+0x5c/0x250
[  932.319909][T24736]  ? lockdep_init_map_type+0x5c/0x250
[  932.319923][T24736]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  932.319939][T24736]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  932.319952][T24736]  vhost_task_create+0x1db/0x370
[  932.319967][T24736]  ? __pfx_vhost_task_create+0x10/0x10
[  932.319981][T24736]  ? register_lock_class+0x40/0x560
[  932.319998][T24736]  ? __pfx_vhost_task_fn+0x10/0x10
[  932.320014][T24736]  ? __pfx___mutex_lock+0x10/0x10
[  932.320033][T24736]  kvm_mmu_post_init_vm+0x1b3/0x370
[  932.320045][T24736]  kvm_arch_vcpu_ioctl_run+0x66/0x1830
[  932.320057][T24736]  ? kvm_vcpu_ioctl+0x155c/0x1730
[  932.320073][T24736]  kvm_vcpu_ioctl+0x730/0x1730
[  932.320089][T24736]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  932.320103][T24736]  ? tomoyo_path_number_perm+0x188/0x580
[  932.320118][T24736]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  932.320135][T24736]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  932.320152][T24736]  ? do_vfs_ioctl+0x226/0x13e0
[  932.320166][T24736]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  932.320184][T24736]  kvm_vcpu_compat_ioctl+0x20f/0x3c0
[  932.320199][T24736]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  932.320214][T24736]  ? __fget_files+0x21f/0x3d0
[  932.320231][T24736]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  932.320246][T24736]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  932.320261][T24736]  __do_fast_syscall_32+0xe3/0x8c0
[  932.320277][T24736]  do_fast_syscall_32+0x32/0x70
[  932.320293][T24736]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  932.320307][T24736] RIP: 0023:0xf709ef6c
[  932.320317][T24736] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  932.320327][T24736] RSP: 002b:00000000f548d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  932.320337][T24736] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000000ae80
[  932.320344][T24736] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  932.320350][T24736] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  932.320356][T24736] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  932.320363][T24736] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  932.320376][T24736]  </TASK>
[  932.320445][T24736] Mem-Info:
[  932.440215][T24736] active_anon:8946 inactive_anon:1113 isolated_anon:0
[  932.440215][T24736]  active_file:2441 inactive_file:7301 isolated_file:0
[  932.440215][T24736]  unevictable:1768 dirty:274 writeback:0
[  932.440215][T24736]  slab_reclaimable:7481 slab_unreclaimable:61462
[  932.440215][T24736]  mapped:25554 shmem:9965 pagetables:1489
[  932.440215][T24736]  sec_pagetables:338 bounce:0
[  932.440215][T24736]  kernel_misc_reclaimable:0
[  932.440215][T24736]  free:65007 free_pcp:8246 free_cma:0
[  932.456414][T24736] Node 0 active_anon:0kB inactive_anon:8kB active_file:0kB inactive_file:8kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:16kB dirty:0kB writeback:0kB shmem:3536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:7392kB pagetables:1096kB sec_pagetables:1156kB all_unreclaimable? yes Balloon:0kB
[  932.467137][T24736] Node 1 active_anon:35784kB inactive_anon:4444kB active_file:9764kB inactive_file:29196kB unevictable:3536kB isolated(anon):0kB isolated(file):0kB mapped:102200kB dirty:1096kB writeback:0kB shmem:36324kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:6196kB pagetables:4860kB sec_pagetables:196kB all_unreclaimable? no Balloon:0kB
[  932.478636][T24736] Node 0 DMA free:2572kB boost:2048kB min:2808kB low:2996kB high:3184kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  932.490268][T24736] lowmem_reserve[]: 0 285 285 285 285
[  932.492227][T24736] Node 0 DMA32 free:38848kB boost:24576kB min:37652kB low:40920kB high:44188kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:8kB active_file:0kB inactive_file:8kB unevictable:3536kB writepending:0kB zspages:1224kB present:1032196kB managed:292800kB mlocked:0kB bounce:0kB free_pcp:2048kB local_pcp:2048kB free_cma:0kB
[  932.504719][T24736] lowmem_reserve[]: 0 0 0 0 0
[  932.507012][T24736] Node 1 DMA32 free:218608kB boost:4096kB min:51236kB low:63020kB high:74804kB reserved_highatomic:2048KB free_highatomic:492KB active_anon:35784kB inactive_anon:4444kB active_file:9764kB inactive_file:29196kB unevictable:3536kB writepending:1104kB zspages:5024kB present:1048432kB managed:948212kB mlocked:0kB bounce:0kB free_pcp:30728kB local_pcp:22028kB free_cma:0kB
[  932.520226][T24736] lowmem_reserve[]: 0 0 0 0 0
[  932.522222][T24736] Node 0 DMA: 19*4kB (U) 14*8kB (U) 1*16kB (U) 16*32kB (UM) 1*64kB (U) 0*128kB 1*256kB (M) 1*512kB (M) 1*1024kB (M) 0*2048kB 0*4096kB = 2572kB
[  932.528535][T24736] Node 0 DMA32: 1358*4kB (UME) 367*8kB (UME) 133*16kB (UME) 352*32kB (UME) 77*64kB (UME) 27*128kB (UME) 8*256kB (UM) 7*512kB (UME) 3*1024kB (U) 0*2048kB 0*4096kB = 38848kB
[  932.535363][T24736] Node 1 DMA32: 1104*4kB (UMEH) 3228*8kB (UMEH) 4465*16kB (UMEH) 485*32kB (UMEH) 295*64kB (UME) 141*128kB (UME) 52*256kB (UM) 76*512kB (UM) 12*1024kB (M) 0*2048kB 0*4096kB = 218640kB
[  932.542713][T24736] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  932.546825][T24736] Node 0 hugepages_total=2 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB
[  932.550677][T24736] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  932.554724][T24736] Node 1 hugepages_total=5 hugepages_free=1 hugepages_surp=3 hugepages_size=2048kB
[  932.558492][T24736] 21179 total pagecache pages
[  932.560508][T24736] 1476 pages in swap cache
[  932.562457][T24736] Free swap  = 92300kB
[  932.563960][T24736] Total swap = 124996kB
[  932.565581][T24736] 524155 pages RAM
[  932.567003][T24736] 0 pages HighMem/MovableOnly
[  932.568521][T24736] 210062 pages reserved
[  932.569918][T24736] 0 pages cma reserved
[  932.616739][T13184] usb 9-1: USB disconnect, device number 5
[  932.874821][T21197] usb 6-1: USB disconnect, device number 91
[  933.710814][T24746] 9pnet_virtio: no channels available for device syz
[  934.581350][T24752] 9pnet_virtio: no channels available for device syz
[  934.992491][   T40] audit: type=1804 audit(2000000594.839:824): pid=24756 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4699" name="/newroot/580/bus/bus" dev="overlay" ino=3098 res=1 errno=0
[  935.309585][   T40] audit: type=1804 audit(2000000595.159:825): pid=24755 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.4699" name="/newroot/580/bus/bus" dev="overlay" ino=3098 res=1 errno=0
[  935.559478][T24763] fuse: Unknown parameter '	'
[  935.685532][   T29] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[  935.897702][T24770] sp0: Synchronizing with TNC
[  935.955005][T24769] [U] �
[  936.075143][T24774] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4704'.
[  936.078722][T24774] netlink: 44 bytes leftover after parsing attributes in process `syz.1.4704'.
[  936.083023][T24774] netlink: 'syz.1.4704': attribute type 1 has an invalid length.
[  936.106273][ T1414] ieee802154 phy1 wpan1: encryption failed: -22
[  936.220428][T24780] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  936.253358][   T60] vhci_hcd vhci_hcd.2: vhci_device speed not set
[  936.427637][T24791] FAULT_INJECTION: forcing a failure.
[  936.427637][T24791] name failslab, interval 1, probability 0, space 0, times 0
[  936.433364][   T29] usb 5-1: Using ep0 maxpacket: 32
[  936.436795][   T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  936.440943][   T29] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  936.444059][T24791] CPU: 0 UID: 0 PID: 24791 Comm: syz.4.4709 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  936.444077][T24791] Tainted: [L]=SOFTLOCKUP
[  936.444081][T24791] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  936.444089][T24791] Call Trace:
[  936.444093][T24791]  <TASK>
[  936.444098][T24791]  dump_stack_lvl+0x100/0x190
[  936.444118][T24791]  should_fail_ex.cold+0x5/0xa
[  936.444131][T24791]  ? tomoyo_encode2+0xfb/0x3c0
[  936.444146][T24791]  should_failslab+0xc2/0x120
[  936.444163][T24791]  __kmalloc_noprof+0xe0/0x850
[  936.444177][T24791]  ? d_absolute_path+0x136/0x1b0
[  936.444192][T24791]  tomoyo_encode2+0xfb/0x3c0
[  936.444208][T24791]  tomoyo_encode+0x29/0x50
[  936.444222][T24791]  tomoyo_realpath_from_path+0x18c/0x690
[  936.444240][T24791]  tomoyo_path_number_perm+0x23c/0x580
[  936.444252][T24791]  ? tomoyo_path_number_perm+0x22e/0x580
[  936.444265][T24791]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  936.444291][T24791]  ? find_held_lock+0x2b/0x80
[  936.444307][T24791]  ? hook_file_ioctl_common+0x146/0x410
[  936.444320][T24791]  ? __fget_files+0x215/0x3d0
[  936.444337][T24791]  ? __fget_files+0x21f/0x3d0
[  936.444354][T24791]  security_file_ioctl_compat+0xd3/0x230
[  936.444369][T24791]  __ia32_compat_sys_ioctl+0xc2/0x360
[  936.444384][T24791]  __do_fast_syscall_32+0xe3/0x8c0
[  936.444402][T24791]  do_fast_syscall_32+0x32/0x70
[  936.444423][T24791]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  936.444437][T24791] RIP: 0023:0xf7ff6f6c
[  936.444447][T24791] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  936.444457][T24791] RSP: 002b:00000000f54b650c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  936.444468][T24791] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0cc5615
[  936.444475][T24791] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000
[  936.444481][T24791] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  936.444488][T24791] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  936.444494][T24791] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  936.444507][T24791]  </TASK>
[  936.444518][T24791] ERROR: Out of memory at tomoyo_realpath_from_path.
[  936.445146][   T29] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  936.525056][   T29] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  936.531142][   T29] usb 5-1: config 0 descriptor??
[  936.954265][   T29] savu 0003:1E7D:2D5A.000C: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.0-1/input0
[  937.132981][T24809] FAULT_INJECTION: forcing a failure.
[  937.132981][T24809] name failslab, interval 1, probability 0, space 0, times 0
[  937.137868][T24809] CPU: 1 UID: 0 PID: 24809 Comm: syz.4.4712 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  937.137887][T24809] Tainted: [L]=SOFTLOCKUP
[  937.137891][T24809] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  937.137897][T24809] Call Trace:
[  937.137901][T24809]  <TASK>
[  937.137906][T24809]  dump_stack_lvl+0x100/0x190
[  937.137926][T24809]  should_fail_ex.cold+0x5/0xa
[  937.137939][T24809]  should_failslab+0xc2/0x120
[  937.137956][T24809]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  937.137970][T24809]  ? skb_clone+0x190/0x400
[  937.138000][T24809]  skb_clone+0x190/0x400
[  937.138016][T24809]  netlink_deliver_tap+0xaed/0xcc0
[  937.138034][T24809]  netlink_unicast+0x650/0x870
[  937.138051][T24809]  ? __pfx_netlink_unicast+0x10/0x10
[  937.138071][T24809]  netlink_sendmsg+0x8b0/0xda0
[  937.138089][T24809]  ? __pfx_netlink_sendmsg+0x10/0x10
[  937.138106][T24809]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  937.138126][T24809]  ____sys_sendmsg+0xa54/0xc30
[  937.138145][T24809]  ? __pfx_____sys_sendmsg+0x10/0x10
[  937.138168][T24809]  ___sys_sendmsg+0x190/0x1e0
[  937.138180][T24809]  ? __pfx____sys_sendmsg+0x10/0x10
[  937.138207][T24809]  __sys_sendmsg+0x170/0x220
[  937.138221][T24809]  ? __pfx___sys_sendmsg+0x10/0x10
[  937.138240][T24809]  ? __pfx_ksys_write+0x10/0x10
[  937.138258][T24809]  __do_fast_syscall_32+0xe3/0x8c0
[  937.138275][T24809]  do_fast_syscall_32+0x32/0x70
[  937.138290][T24809]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  937.138327][T24809] RIP: 0023:0xf7ff6f6c
[  937.138340][T24809] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  937.138354][T24809] RSP: 002b:00000000f54b650c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  937.138369][T24809] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800001c0
[  937.138375][T24809] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  937.138382][T24809] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  937.138388][T24809] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  937.138394][T24809] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  937.138412][T24809]  </TASK>
[  937.285897][T24813] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4714'.
[  937.332646][T24811] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  937.334753][T24811] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  937.337700][T24811] vhci_hcd vhci_hcd.0: Device attached
[  937.340336][T24815] vhci_hcd: connection closed
[  937.340510][  T757] vhci_hcd vhci_hcd.4: stop threads
[  937.348865][  T757] vhci_hcd vhci_hcd.4: release socket
[  937.351115][  T757] vhci_hcd vhci_hcd.4: disconnect device
[  937.381212][T24818] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  937.488990][T24817] tipc: Disabling bearer <eth:syzkaller0>
[  937.719523][T24823] team0 (unregistering): left allmulticast mode
[  937.722249][T24823] team_slave_0: left allmulticast mode
[  937.724692][T24823] team_slave_1: left allmulticast mode
[  937.726992][T24823] team0 (unregistering): left promiscuous mode
[  937.729529][T24823] team_slave_0: left promiscuous mode
[  937.732166][T24823] team_slave_1: left promiscuous mode
[  937.734703][T24823] bridge3: left promiscuous mode
[  937.736890][T24823] bridge4: left promiscuous mode
[  937.739157][T24823] bridge0: port 3(team0) entered disabled state
[  937.746265][T24823] team0 (unregistering): Port device team_slave_0 removed
[  937.750737][T24823] team0 (unregistering): Port device team_slave_1 removed
[  937.758622][T24823] team0 (unregistering): Port device bridge3 removed
[  937.765182][T24823] team0 (unregistering): Port device bridge4 removed
[  938.124463][T24843] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4720'.
[  938.127741][T24843] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4720'.
[  938.149932][T24843] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4720'.
[  938.153120][T24843] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4720'.
[  938.218242][T24843] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4720'.
[  938.221418][T24843] netlink: 32 bytes leftover after parsing attributes in process `syz.1.4720'.
[  938.368275][   T10] usb 5-1: USB disconnect, device number 74
[  938.510489][T24850] fuse: Bad value for 'fd'
[  938.514391][T24850] netlink: 'syz.0.4723': attribute type 13 has an invalid length.
[  938.901413][T24850] bridge0: port 2(bridge_slave_1) entered disabled state
[  938.903885][T24850] bridge0: port 1(bridge_slave_0) entered disabled state
[  938.974166][T24850] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  938.982919][T24850] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  939.228215][T24853] netlink: 1004 bytes leftover after parsing attributes in process `syz.2.4724'.
[  939.428718][  T757] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  939.431454][  T757] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  939.437621][  T757] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  939.444017][  T757] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  939.510122][T24843] Process accounting resumed
[  939.586204][T24868] FAULT_INJECTION: forcing a failure.
[  939.586204][T24868] name failslab, interval 1, probability 0, space 0, times 0
[  939.592022][T24868] CPU: 0 UID: 0 PID: 24868 Comm: syz.2.4730 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  939.592048][T24868] Tainted: [L]=SOFTLOCKUP
[  939.592054][T24868] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  939.592064][T24868] Call Trace:
[  939.592070][T24868]  <TASK>
[  939.592077][T24868]  dump_stack_lvl+0x100/0x190
[  939.592106][T24868]  should_fail_ex.cold+0x5/0xa
[  939.592127][T24868]  ? genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290
[  939.592153][T24868]  should_failslab+0xc2/0x120
[  939.592177][T24868]  __kmalloc_noprof+0xe0/0x850
[  939.592198][T24868]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  939.592224][T24868]  ? __kernel_text_address+0xd/0x30
[  939.592250][T24868]  genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290
[  939.592289][T24868]  genl_family_rcv_msg_doit+0xc7/0x300
[  939.592316][T24868]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  939.592341][T24868]  ? genl_get_cmd+0x3ef/0x720
[  939.592370][T24868]  ? bpf_lsm_capable+0x9/0x10
[  939.592394][T24868]  ? security_capable+0x80/0x260
[  939.592420][T24868]  ? ns_capable+0xd2/0xf0
[  939.592447][T24868]  genl_rcv_msg+0x560/0x800
[  939.592475][T24868]  ? __pfx_genl_rcv_msg+0x10/0x10
[  939.592499][T24868]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  939.592518][T24868]  ? __pfx_nl80211_connect+0x10/0x10
[  939.592536][T24868]  ? __pfx_nl80211_post_doit+0x10/0x10
[  939.592558][T24868]  ? __lock_acquire+0x4a5/0x2630
[  939.592582][T24868]  netlink_rcv_skb+0x159/0x420
[  939.592604][T24868]  ? __pfx_genl_rcv_msg+0x10/0x10
[  939.592630][T24868]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  939.592662][T24868]  ? netlink_deliver_tap+0x1ae/0xcc0
[  939.592687][T24868]  genl_rcv+0x28/0x40
[  939.592709][T24868]  netlink_unicast+0x5aa/0x870
[  939.592736][T24868]  ? __pfx_netlink_unicast+0x10/0x10
[  939.592768][T24868]  netlink_sendmsg+0x8b0/0xda0
[  939.592794][T24868]  ? __pfx_netlink_sendmsg+0x10/0x10
[  939.592819][T24868]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  939.592849][T24868]  ____sys_sendmsg+0xa54/0xc30
[  939.592877][T24868]  ? __pfx_____sys_sendmsg+0x10/0x10
[  939.592913][T24868]  ___sys_sendmsg+0x190/0x1e0
[  939.592931][T24868]  ? __pfx____sys_sendmsg+0x10/0x10
[  939.592978][T24868]  __sys_sendmsg+0x170/0x220
[  939.593000][T24868]  ? __pfx___sys_sendmsg+0x10/0x10
[  939.593028][T24868]  ? __pfx_ksys_write+0x10/0x10
[  939.593056][T24868]  __do_fast_syscall_32+0xe3/0x8c0
[  939.593083][T24868]  do_fast_syscall_32+0x32/0x70
[  939.593106][T24868]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  939.593144][T24868] RIP: 0023:0xf709ef6c
[  939.593160][T24868] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  939.593175][T24868] RSP: 002b:00000000f548d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  939.593192][T24868] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0
[  939.593203][T24868] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  939.593213][T24868] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  939.593221][T24868] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  939.593232][T24868] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  939.593255][T24868]  </TASK>
[  939.843325][ T6000] usb 5-1: new low-speed USB device number 75 using dummy_hcd
[  939.921571][T24874] netlink: 'syz.1.4732': attribute type 11 has an invalid length.
[  939.994414][ T6000] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  939.997643][ T6000] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  940.000296][ T6000] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  940.013419][ T6000] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  940.016546][ T6000] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  940.016562][ T6000] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  940.025380][ T6000] hub 5-1:1.0: bad descriptor, ignoring hub
[  940.027397][ T6000] hub 5-1:1.0: probe with driver hub failed with error -5
[  940.029885][ T6000] cdc_wdm 5-1:1.0: skipping garbage
[  940.031569][ T6000] cdc_wdm 5-1:1.0: skipping garbage
[  940.054017][ T6000] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  940.055988][ T6000] cdc_wdm 5-1:1.0: Unknown control protocol
[  940.245921][T24864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  940.249132][T24864] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  940.365352][T13184] usb 5-1: USB disconnect, device number 75
[  940.646673][T24879] FAULT_INJECTION: forcing a failure.
[  940.646673][T24879] name failslab, interval 1, probability 0, space 0, times 0
[  940.651703][T24879] CPU: 3 UID: 0 PID: 24879 Comm: syz.2.4734 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  940.651721][T24879] Tainted: [L]=SOFTLOCKUP
[  940.651725][T24879] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  940.651732][T24879] Call Trace:
[  940.651737][T24879]  <TASK>
[  940.651741][T24879]  dump_stack_lvl+0x100/0x190
[  940.651762][T24879]  should_fail_ex.cold+0x5/0xa
[  940.651775][T24879]  should_failslab+0xc2/0x120
[  940.651792][T24879]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  940.651807][T24879]  ? __alloc_skb+0x140/0x710
[  940.651822][T24879]  __alloc_skb+0x140/0x710
[  940.651834][T24879]  ? __alloc_skb+0x5b7/0x710
[  940.651846][T24879]  ? __pfx___alloc_skb+0x10/0x10
[  940.651862][T24879]  netlink_ack+0x117/0xb80
[  940.651884][T24879]  ? __lock_acquire+0x4a5/0x2630
[  940.651905][T24879]  netlink_rcv_skb+0x333/0x420
[  940.651927][T24879]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  940.651944][T24879]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  940.651964][T24879]  ? netlink_deliver_tap+0x1ae/0xcc0
[  940.651980][T24879]  netlink_unicast+0x5aa/0x870
[  940.651997][T24879]  ? __pfx_netlink_unicast+0x10/0x10
[  940.652017][T24879]  netlink_sendmsg+0x8b0/0xda0
[  940.652034][T24879]  ? __pfx_netlink_sendmsg+0x10/0x10
[  940.652051][T24879]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  940.652070][T24879]  ____sys_sendmsg+0xa54/0xc30
[  940.652088][T24879]  ? __pfx_____sys_sendmsg+0x10/0x10
[  940.652104][T24879]  ? _parse_integer_limit+0x17f/0x1d0
[  940.652122][T24879]  ? _kstrtoull+0x13c/0x1f0
[  940.652137][T24879]  ? __pfx__kstrtoull+0x10/0x10
[  940.652154][T24879]  ___sys_sendmsg+0x190/0x1e0
[  940.652166][T24879]  ? __pfx____sys_sendmsg+0x10/0x10
[  940.652176][T24879]  ? __lock_acquire+0x4a5/0x2630
[  940.652194][T24879]  ? find_held_lock+0x2b/0x80
[  940.652218][T24879]  __sys_sendmmsg+0x2ff/0x430
[  940.652233][T24879]  ? __pfx___sys_sendmmsg+0x10/0x10
[  940.652251][T24879]  ? __fget_files+0x215/0x3d0
[  940.652272][T24879]  ? fput+0x79/0x100
[  940.652282][T24879]  ? ksys_write+0x1ac/0x250
[  940.652302][T24879]  ? __pfx_ksys_write+0x10/0x10
[  940.652318][T24879]  __ia32_compat_sys_sendmmsg+0x9d/0x100
[  940.652332][T24879]  ? lockdep_hardirqs_on+0x78/0x100
[  940.652347][T24879]  __do_fast_syscall_32+0xe3/0x8c0
[  940.652364][T24879]  do_fast_syscall_32+0x32/0x70
[  940.652379][T24879]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  940.652393][T24879] RIP: 0023:0xf709ef6c
[  940.652402][T24879] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  940.652413][T24879] RSP: 002b:00000000f548d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000159
[  940.652424][T24879] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0
[  940.652431][T24879] RDX: 000000000000009f RSI: 0000000000000000 RDI: 0000000000000000
[  940.652437][T24879] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  940.652443][T24879] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  940.652450][T24879] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  940.652463][T24879]  </TASK>
[  940.693302][ T6000] usb 5-1: new low-speed USB device number 76 using dummy_hcd
[  940.905659][ T6000] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config
[  940.909689][ T6000] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  940.912566][ T6000] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  940.917281][ T6000] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[  940.920461][ T6000] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  940.938071][ T6000] hub 5-1:1.0: bad descriptor, ignoring hub
[  940.940691][ T6000] hub 5-1:1.0: probe with driver hub failed with error -5
[  940.947498][ T6000] cdc_wdm 5-1:1.0: skipping garbage
[  940.949787][ T6000] cdc_wdm 5-1:1.0: skipping garbage
[  940.952204][ T6000] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22
[  941.213328][   T40] audit: type=1804 audit(2000000601.059:826): pid=24903 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4741" name="/newroot/596/bus/bus" dev="overlay" ino=3194 res=1 errno=0
[  941.221148][   T40] audit: type=1804 audit(2000000601.059:827): pid=24903 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.4741" name="/newroot/596/bus/bus" dev="overlay" ino=3194 res=1 errno=0
[  941.243469][   T34] usb 5-1: USB disconnect, device number 76
[  941.990056][T24914] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  941.998020][T24914] tipc: Resetting bearer <eth:syzkaller0>
[  942.016515][T24913] tipc: Disabling bearer <eth:syzkaller0>
[  942.106305][T24916] Invalid logical block size (63)
[  942.273881][T17551] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  942.279626][T17551] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  942.283254][T17551] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  942.288887][T17551] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  942.291667][T17551] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  942.721800][T24910] serio: Serial port ptm0
[  942.745092][T24920] chnl_net:caif_netlink_parms(): no params data found
[  942.803650][T24928] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  942.809178][T24920] bridge0: port 1(bridge_slave_0) entered blocking state
[  942.812072][T24920] bridge0: port 1(bridge_slave_0) entered disabled state
[  942.813638][T24928] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  942.814997][T24920] bridge_slave_0: entered allmulticast mode
[  942.820616][T24920] bridge_slave_0: entered promiscuous mode
[  942.829312][T24920] bridge0: port 2(bridge_slave_1) entered blocking state
[  942.832100][T24920] bridge0: port 2(bridge_slave_1) entered disabled state
[  942.835151][T24920] bridge_slave_1: entered allmulticast mode
[  942.838274][T24920] bridge_slave_1: entered promiscuous mode
[  942.853525][T24920] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  942.858652][T24920] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  942.882564][T24920] team0: Port device team_slave_0 added
[  942.886038][T24920] team0: Port device team_slave_1 added
[  942.900226][T24920] batman_adv: batadv0: Adding interface: batadv_slave_0
[  942.902671][T24920] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  942.911384][T24920] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  942.917116][T24920] batman_adv: batadv0: Adding interface: batadv_slave_1
[  942.919421][T24920] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  942.929284][T24920] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  942.952445][T24920] hsr_slave_0: entered promiscuous mode
[  942.954940][T24920] hsr_slave_1: entered promiscuous mode
[  943.303700][T24936] binder: 24934:24936 ioctl 0 80000040 returned -22
[  943.374420][  T757] netdevsim netdevsim1 netdevsim1 (unregistering): left allmulticast mode
[  943.609489][  T757] bridge_slave_1: left allmulticast mode
[  943.612318][  T757] bridge_slave_1: left promiscuous mode
[  943.615367][  T757] bridge0: port 2(bridge_slave_1) entered disabled state
[  943.675981][  T757] bridge_slave_0: left allmulticast mode
[  943.678446][  T757] bridge_slave_0: left promiscuous mode
[  943.680994][  T757] bridge0: port 1(bridge_slave_0) entered disabled state
[  943.770285][   T40] audit: type=1326 audit(2000000603.619:828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24947 comm="syz.2.4753" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf709ef6c code=0x0
[  943.853635][T24950] netlink: 'syz.2.4753': attribute type 2 has an invalid length.
[  943.856114][T24950] netlink: 'syz.2.4753': attribute type 1 has an invalid length.
[  943.858554][T24950] netlink: 'syz.2.4753': attribute type 1 has an invalid length.
[  944.102208][T24952] loop5: detected capacity change from 0 to 7
[  944.108389][    C3] blk_print_req_error: 10 callbacks suppressed
[  944.108402][    C3] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  944.113600][    C3] buffer_io_error: 10 callbacks suppressed
[  944.113612][    C3] Buffer I/O error on dev loop5, logical block 0, async page read
[  944.118207][    C1] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  944.121479][    C1] Buffer I/O error on dev loop5, logical block 0, async page read
[  944.127615][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  944.132239][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[  944.138125][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  944.142503][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[  944.148715][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  944.152417][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[  944.156757][  T757] bond1 (unregistering): Released all slaves
[  944.158606][    C0] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  944.162504][    C0] Buffer I/O error on dev loop5, logical block 0, async page read
[  944.167259][  T757] bond2 (unregistering): Released all slaves
[  944.176022][  T757] bond0 (unregistering): Released all slaves
[  944.203370][T24955] loop5: detected capacity change from 7 to 0
[  944.204020][    C2] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  944.209758][    C2] Buffer I/O error on dev loop5, logical block 0, async page read
[  944.213004][T24952] ldm_validate_partition_table(): Disk read failed.
[  944.216026][T24952] Dev loop5: unable to read RDB block 0
[  944.218379][T24952]  loop5: unable to read partition table
[  944.220709][T24952] loop5: partition table beyond EOD, truncated
[  944.222813][T24952] loop_reread_partitions: partition scan of loop5 (��ɍ�n/C>|��n���˨��,l�-"@Iy}��c�9��s�GQ��a��G%x�?) failed (rc=-5)
[  944.308434][  T757] tipc: Disabling bearer <udp:syz0>
[  944.320104][  T757] tipc: Left network mode
[  944.343381][T17551] Bluetooth: hci3: command tx timeout
[  944.402278][  T757] IPVS: stopping master sync thread 21224 ...
[  944.944141][  T757] hsr_slave_0: left promiscuous mode
[  944.954224][  T757] hsr_slave_1: left promiscuous mode
[  945.157105][  T757] team0 (unregistering): Port device team_slave_1 removed
[  945.172635][   T40] audit: type=1804 audit(2000000605.019:829): pid=24977 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.4757" name="file0" dev="ramfs" ino=96221 res=1 errno=0
[  945.183764][  T757] team0 (unregistering): Port device team_slave_0 removed
[  945.475149][T24920] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  945.553500][T24920] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  945.559688][T24920] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  945.565980][T24920] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  945.668530][T24920] 8021q: adding VLAN 0 to HW filter on device bond0
[  945.682520][T24920] 8021q: adding VLAN 0 to HW filter on device team0
[  945.696562][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  945.699558][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  945.715962][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  945.718558][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  945.762395][T24920] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  945.768721][T24920] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  945.899811][T24920] 8021q: adding VLAN 0 to HW filter on device batadv0
[  945.926310][T24920] veth0_vlan: entered promiscuous mode
[  945.938677][T24920] veth1_vlan: entered promiscuous mode
[  945.958955][T24920] veth0_macvtap: entered promiscuous mode
[  945.964572][T24920] veth1_macvtap: entered promiscuous mode
[  945.976759][T24920] batman_adv: batadv0: Interface activated: batadv_slave_0
[  945.984027][T24920] batman_adv: batadv0: Interface activated: batadv_slave_1
[  945.991940][   T83] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  945.996282][   T83] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  946.000807][   T83] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  946.005145][   T83] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  946.049976][ T1159] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  946.053449][ T1159] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  946.067667][   T83] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  946.070349][   T83] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  946.423361][T17551] Bluetooth: hci3: command tx timeout
[  946.463908][   T40] audit: type=1804 audit(2000000606.309:830): pid=25007 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.4761" name="/newroot/540/bus/bus" dev="overlay" ino=2904 res=1 errno=0
[  946.472714][   T40] audit: type=1804 audit(2000000606.319:831): pid=25007 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.4761" name="/newroot/540/bus/bus" dev="overlay" ino=2904 res=1 errno=0
[  946.672187][T25013] bridge4: entered allmulticast mode
[  947.512557][T25026] x_tables: duplicate underflow at hook 1
[  947.607195][T25031] FAULT_INJECTION: forcing a failure.
[  947.607195][T25031] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  947.611332][T25031] CPU: 3 UID: 0 PID: 25031 Comm: syz.1.4767 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  947.611350][T25031] Tainted: [L]=SOFTLOCKUP
[  947.611353][T25031] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  947.611360][T25031] Call Trace:
[  947.611365][T25031]  <TASK>
[  947.611369][T25031]  dump_stack_lvl+0x100/0x190
[  947.611390][T25031]  should_fail_ex.cold+0x5/0xa
[  947.611403][T25031]  _copy_to_user+0x32/0xd0
[  947.611418][T25031]  simple_read_from_buffer+0xcb/0x170
[  947.611434][T25031]  proc_fail_nth_read+0x1af/0x230
[  947.611451][T25031]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  947.611468][T25031]  ? rw_verify_area+0xce/0x6d0
[  947.611485][T25031]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  947.611501][T25031]  vfs_read+0x1e4/0xb30
[  947.611517][T25031]  ? __pfx_vfs_read+0x10/0x10
[  947.611530][T25031]  ? find_held_lock+0x2b/0x80
[  947.611547][T25031]  ? __fget_files+0x215/0x3d0
[  947.611564][T25031]  ? __fget_files+0x21f/0x3d0
[  947.611582][T25031]  ksys_read+0x12a/0x250
[  947.611597][T25031]  ? __pfx_ksys_read+0x10/0x10
[  947.611615][T25031]  do_int80_emulation+0x141/0x6b0
[  947.611632][T25031]  asm_int80_emulation+0x1a/0x20
[  947.611643][T25031] RIP: 0023:0xf714572b
[  947.611653][T25031] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  947.611663][T25031] RSP: 002b:00000000f53fd4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[  947.611674][T25031] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f53fd5d0
[  947.611681][T25031] RDX: 000000000000000f RSI: 0000000000000000 RDI: 0000000000000000
[  947.611687][T25031] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  947.611693][T25031] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  947.611700][T25031] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  947.611719][T25031]  </TASK>
[  947.716627][T25034] 8021q: adding VLAN 0 to HW filter on device bond1
[  947.724947][T25034] bond0: (slave bond1): Enslaving as an active interface with an up link
[  947.739568][   T40] audit: type=1326 audit(2000000607.589:832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25027 comm="syz.0.4764" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf6feef6c code=0x0
[  947.930446][T25038] netlink: 'syz.0.4764': attribute type 2 has an invalid length.
[  947.933072][T25038] netlink: 'syz.0.4764': attribute type 1 has an invalid length.
[  947.936266][T25038] netlink: 'syz.0.4764': attribute type 1 has an invalid length.
[  948.503281][T17551] Bluetooth: hci3: command tx timeout
[  950.583250][T17551] Bluetooth: hci3: command tx timeout
[  950.838753][   T40] audit: type=1804 audit(2000000610.689:833): pid=25064 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.4782" name="/newroot/5/bus/bus" dev="overlay" ino=53 res=1 errno=0
[  950.855398][   T40] audit: type=1804 audit(2000000610.699:834): pid=25064 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4782" name="/newroot/5/bus/bus" dev="overlay" ino=53 res=1 errno=0
[  950.917073][T25060] __nla_validate_parse: 2 callbacks suppressed
[  950.917092][T25060] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4774'.
[  950.933375][T25060] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4774'.
[  950.986881][T25060] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4774'.
[  950.994705][T25060] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4774'.
[  951.085292][T25060] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4774'.
[  951.088683][T25060] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4774'.
[  951.350913][T25074] binder: 25071:25074 ioctl 0 80000040 returned -22
[  951.389650][T25056] Process accounting resumed
[  951.541324][T25079] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4777'.
[  951.640427][T25082] netlink: 'syz.4.4778': attribute type 10 has an invalid length.
[  951.650309][T25082] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  951.656749][T25082] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4778'.
[  952.394732][T25091] bridge1: entered allmulticast mode
[  952.448023][T25091] ������: renamed from hsr0 (while UP)
[  952.887146][   T40] audit: type=1326 audit(2000000612.739:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25083 comm="syz.0.4780" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf6feef6c code=0x0
[  952.895164][T25087] overlay: Unknown parameter 'measure'
[  952.914249][T25087] overlayfs: overlapping lowerdir path
[  952.960665][T25085] netlink: 'syz.0.4780': attribute type 2 has an invalid length.
[  952.963252][T25085] netlink: 'syz.0.4780': attribute type 1 has an invalid length.
[  952.965663][T25085] netlink: 'syz.0.4780': attribute type 1 has an invalid length.
[  953.677694][   T40] audit: type=1804 audit(2000000613.529:836): pid=25112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.4787" name="file0" dev="ramfs" ino=99468 res=1 errno=0
[  953.882988][T25113] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4786'.
[  953.905676][T25113] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4786'.
[  954.067300][   T40] audit: type=1326 audit(2000000613.919:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25120 comm="syz.2.4789" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf709ef6c code=0x0
[  955.248265][T25130] netlink: 'syz.2.4790': attribute type 1 has an invalid length.
[  955.250877][T25130] netlink: 'syz.2.4790': attribute type 3 has an invalid length.
[  955.408718][   T40] audit: type=1804 audit(2000000615.259:838): pid=25139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.4791" name="/newroot/553/bus/bus" dev="overlay" ino=3033 res=1 errno=0
[  955.423656][   T40] audit: type=1804 audit(2000000615.279:839): pid=25139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.4791" name="/newroot/553/bus/bus" dev="overlay" ino=3033 res=1 errno=0
[  955.893106][T25146] binder: BINDER_SET_CONTEXT_MGR already set
[  955.897709][T25146] binder: 25145:25146 ioctl 4018620d 80004a80 returned -16
[  956.049755][T25151] __nla_validate_parse: 5 callbacks suppressed
[  956.049770][T25151] netlink: 1004 bytes leftover after parsing attributes in process `syz.1.4795'.
[  956.275575][T25111] Process accounting resumed
[  958.136549][T25179] netlink: 1004 bytes leftover after parsing attributes in process `syz.4.4804'.
[  958.884001][T25195] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4809'.
[  959.303270][ T5949] Bluetooth: hci0: command 0x0c1a tx timeout
[  959.303303][T17551] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  959.555335][   T40] audit: type=1804 audit(2000000619.409:840): pid=25207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.4811" name="/newroot/215/bus/bus" dev="tmpfs" ino=1203 res=1 errno=0
[  960.679940][T25224] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4818'.
[  961.975700][T25242] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  962.145606][T25248] mac80211_hwsim hwsim26 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  962.223332][   T60] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  962.260077][T25250] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4825'.
[  962.375262][   T60] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  962.380066][   T60] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  962.386461][   T60] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  962.390587][   T60] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  962.396248][   T60] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  962.400246][   T60] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  962.411100][   T60] usb 9-1: config 0 descriptor??
[  962.474378][T25252] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4826'.
[  962.505664][T25252] 9p: Bad value for 'wfdno'
[  962.839023][   T60] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  963.731107][   T40] audit: type=1326 audit(2000000623.579:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25263 comm="syz.2.4830" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf709ef6c code=0x0
[  963.741554][T18063] usb 9-1: USB disconnect, device number 6
[  963.979638][T25269] netlink: 'syz.2.4830': attribute type 2 has an invalid length.
[  963.982192][T25269] netlink: 'syz.2.4830': attribute type 1 has an invalid length.
[  963.984757][T25269] netlink: 'syz.2.4830': attribute type 1 has an invalid length.
[  965.593212][   T40] audit: type=1326 audit(2000000625.439:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25272 comm="syz.4.4832" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff6f6c code=0x0
[  965.756227][T25274] netlink: 'syz.4.4832': attribute type 2 has an invalid length.
[  965.759518][T25274] netlink: 'syz.4.4832': attribute type 1 has an invalid length.
[  965.762802][T25274] netlink: 'syz.4.4832': attribute type 1 has an invalid length.
[  965.840109][T17551] Bluetooth: hci2: unexpected event for opcode 0x1005
[  966.297489][T25288] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  969.539371][   T40] audit: type=1326 audit(2000000629.389:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25321 comm="syz.2.4844" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf709ef6c code=0x0
[  969.635719][T25323] netlink: 'syz.2.4844': attribute type 2 has an invalid length.
[  969.638161][T25323] netlink: 'syz.2.4844': attribute type 1 has an invalid length.
[  969.640618][T25323] netlink: 'syz.2.4844': attribute type 1 has an invalid length.
[  970.638366][T25345] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3)
[  970.640831][T25345] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  970.643793][T25345] vhci_hcd vhci_hcd.0: Device attached
[  970.648987][T25350] vhci_hcd: connection closed
[  970.649265][  T757] vhci_hcd vhci_hcd.4: stop threads
[  970.653721][  T757] vhci_hcd vhci_hcd.4: release socket
[  970.655900][  T757] vhci_hcd vhci_hcd.4: disconnect device
[  972.732889][T25376] 9pnet_virtio: no channels available for device syz
[  973.573280][   T10] usb 5-1: new high-speed USB device number 77 using dummy_hcd
[  973.733231][   T10] usb 5-1: Using ep0 maxpacket: 16
[  973.736279][   T10] usb 5-1: config 1 interface 0 altsetting 255 endpoint 0x1 has invalid wMaxPacketSize 0
[  973.739256][   T10] usb 5-1: config 1 interface 0 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 0
[  973.742210][   T10] usb 5-1: config 1 interface 0 altsetting 255 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  973.750905][   T10] usb 5-1: config 1 interface 0 has no altsetting 0
[  973.757132][   T10] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  973.760500][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  973.763078][   T10] usb 5-1: Product: syz
[  973.764720][   T10] usb 5-1: Manufacturer: syz
[  973.766195][   T10] usb 5-1: SerialNumber: syz
[  973.980290][   T10] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 77 if 0 alt 255 proto 1 vid 0x0525 pid 0xA4A8
[  974.188927][T25378] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  974.195995][T25378] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  974.371454][T25400] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  974.375256][T25400] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  974.380655][T25378] usblp0:failed reading printer status (-71)
[  974.380765][   T60] usb 5-1: USB disconnect, device number 77
[  974.885926][T21197] usb 5-1: new high-speed USB device number 78 using dummy_hcd
[  974.905248][   T40] audit: type=1326 audit(2000000634.749:844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25403 comm="syz.4.4867" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff6f6c code=0x0
[  975.234993][T25405] netlink: 'syz.4.4867': attribute type 2 has an invalid length.
[  975.237908][T25405] netlink: 'syz.4.4867': attribute type 1 has an invalid length.
[  975.240871][T25405] netlink: 'syz.4.4867': attribute type 1 has an invalid length.
[  975.252385][   T40] audit: type=1804 audit(2000000635.099:845): pid=25412 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.4868" name="file0" dev="ramfs" ino=99746 res=1 errno=0
[  975.263244][T21197] usb 5-1: Using ep0 maxpacket: 32
[  975.286669][T21197] usb 5-1: config 0 interface 0 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  975.302999][T21197] usb 5-1: config 0 interface 0 has no altsetting 0
[  975.336009][T21197] usb 5-1: New USB device found, idVendor=0cde, idProduct=001a, bcdDevice=21.32
[  975.360116][T21197] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  975.393534][T21197] usb 5-1: Product: syz
[  975.404274][T21197] usb 5-1: Manufacturer: syz
[  975.425492][T21197] usb 5-1: SerialNumber: syz
[  975.431274][T25413] FAULT_INJECTION: forcing a failure.
[  975.431274][T25413] name failslab, interval 1, probability 0, space 0, times 0
[  975.441449][T21197] usb 5-1: config 0 descriptor??
[  975.444102][T25413] CPU: 1 UID: 0 PID: 25413 Comm: syz.2.4869 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  975.444119][T25413] Tainted: [L]=SOFTLOCKUP
[  975.444134][T25413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  975.444142][T25413] Call Trace:
[  975.444147][T25413]  <TASK>
[  975.444151][T25413]  dump_stack_lvl+0x100/0x190
[  975.444182][T25413]  should_fail_ex.cold+0x5/0xa
[  975.444197][T25413]  should_failslab+0xc2/0x120
[  975.444214][T25413]  kmem_cache_alloc_lru_noprof+0x80/0x6e0
[  975.444229][T25413]  ? __d_alloc+0x34/0xa80
[  975.444257][T25413]  ? __schedule+0x1000/0x60e0
[  975.444270][T25413]  ? lock_acquire+0x1cf/0x380
[  975.444284][T25413]  __d_alloc+0x34/0xa80
[  975.444302][T25413]  d_alloc_parallel+0x111/0x14e0
[  975.444322][T25413]  ? __lock_acquire+0x4a5/0x2630
[  975.444343][T25413]  ? __pfx_d_alloc_parallel+0x10/0x10
[  975.444364][T25413]  ? lockdep_init_map_type+0x5c/0x250
[  975.444386][T25413]  ? lockdep_init_map_type+0x5c/0x250
[  975.444405][T25413]  __lookup_slow+0x193/0x460
[  975.444417][T25413]  ? __pfx___lookup_slow+0x10/0x10
[  975.444431][T25413]  ? irq_entries_start+0xd0/0xcb0
[  975.444445][T25413]  ? irq_entries_start+0xd0/0xcb0
[  975.444460][T25413]  lookup_slow+0x50/0x70
[  975.444472][T25413]  lookup_one_unlocked+0xb8/0xd0
[  975.444490][T25413]  ovl_lookup_single+0x3df/0x1280
[  975.444516][T25413]  ? __css_rstat_lock.isra.0+0x450/0x500
[  975.444533][T25413]  ? __pfx_ovl_lookup_single+0x10/0x10
[  975.444551][T25413]  ovl_lookup_layer+0x3f1/0x4b0
[  975.444565][T25413]  ? update_se+0x406/0x760
[  975.444579][T25413]  ? __pfx_ovl_lookup_layer+0x10/0x10
[  975.444592][T25413]  ? find_held_lock+0x2b/0x80
[  975.444612][T25413]  ovl_lookup_layers+0x355/0x2ac0
[  975.444635][T25413]  ? __pfx_ovl_lookup_layers+0x10/0x10
[  975.444650][T25413]  ? __pfx___schedule+0x10/0x10
[  975.444666][T25413]  ? preempt_schedule_thunk+0x16/0x30
[  975.444680][T25413]  ? preempt_schedule_common+0x42/0xc0
[  975.444696][T25413]  ovl_lookup+0x4a8/0x6b0
[  975.444710][T25413]  ? d_alloc_parallel+0xd3e/0x14e0
[  975.444723][T25413]  ? d_alloc_parallel+0x864/0x14e0
[  975.444736][T25413]  ? __pfx_ovl_lookup+0x10/0x10
[  975.444750][T25413]  ? __lock_acquire+0x4a5/0x2630
[  975.444771][T25413]  ? lockdep_init_map_type+0x5c/0x250
[  975.444787][T25413]  __lookup_slow+0x251/0x460
[  975.444798][T25413]  ? __pfx___lookup_slow+0x10/0x10
[  975.444812][T25413]  ? irq_entries_start+0xd0/0xcb0
[  975.444826][T25413]  ? irq_entries_start+0xd0/0xcb0
[  975.444841][T25413]  lookup_slow+0x50/0x70
[  975.444853][T25413]  link_path_walk+0x1377/0x1cc0
[  975.444872][T25413]  __filename_parentat+0x213/0x740
[  975.444888][T25413]  ? __pfx___filename_parentat+0x10/0x10
[  975.444918][T25413]  filename_rmdir+0xed/0x5c0
[  975.444934][T25413]  ? __might_fault+0xc5/0x140
[  975.444947][T25413]  ? __pfx_filename_rmdir+0x10/0x10
[  975.444970][T25413]  ? do_getname+0x191/0x390
[  975.444982][T25413]  __ia32_sys_rmdir+0x45/0x60
[  975.445003][T25413]  __do_fast_syscall_32+0xe3/0x8c0
[  975.445020][T25413]  do_fast_syscall_32+0x32/0x70
[  975.445034][T25413]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  975.445048][T25413] RIP: 0023:0xf709ef6c
[  975.445059][T25413] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  975.445069][T25413] RSP: 002b:00000000f544b50c EFLAGS: 00000292 ORIG_RAX: 0000000000000028
[  975.445079][T25413] RAX: ffffffffffffffda RBX: 0000000080000380 RCX: 0000000000000000
[  975.445086][T25413] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  975.445092][T25413] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  975.445098][T25413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  975.445104][T25413] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  975.445118][T25413]  </TASK>
[  975.669150][T21197] usb 5-1: USB disconnect, device number 78
[  975.797428][T25418] binder: 25417:25418 ioctl 4018620d 0 returned -22
[  976.113649][ T5999] usb 5-1: new high-speed USB device number 79 using dummy_hcd
[  976.230705][T25438] random: crng reseeded on system resumption
[  976.303236][ T5999] usb 5-1: Using ep0 maxpacket: 32
[  976.307344][ T5999] usb 5-1: config 0 interface 0 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  976.315924][ T5999] usb 5-1: config 0 interface 0 has no altsetting 0
[  976.324086][ T5999] usb 5-1: New USB device found, idVendor=0cde, idProduct=001a, bcdDevice=21.32
[  976.327778][ T5999] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  976.331047][ T5999] usb 5-1: Product: syz
[  976.338466][ T5999] usb 5-1: Manufacturer: syz
[  976.342495][ T5999] usb 5-1: SerialNumber: syz
[  976.353043][ T5999] usb 5-1: config 0 descriptor??
[  976.567496][ T5999] usb 5-1: USB disconnect, device number 79
[  977.138034][T21197] usb 5-1: new high-speed USB device number 80 using dummy_hcd
[  977.183480][   T40] audit: type=1804 audit(2000000637.029:846): pid=25444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.4886" name="/newroot/571/bus/bus" dev="overlay" ino=3152 res=1 errno=0
[  977.193282][   T40] audit: type=1804 audit(2000000637.039:847): pid=25444 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.4886" name="/newroot/571/bus/bus" dev="overlay" ino=3152 res=1 errno=0
[  977.293786][T25446] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4877'.
[  977.365290][T21197] usb 5-1: Using ep0 maxpacket: 32
[  977.384772][T21197] usb 5-1: config 0 interface 0 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  977.389393][T21197] usb 5-1: config 0 interface 0 has no altsetting 0
[  977.396258][T21197] usb 5-1: New USB device found, idVendor=0cde, idProduct=001a, bcdDevice=21.32
[  977.399537][T21197] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  977.403751][T21197] usb 5-1: Product: syz
[  977.405264][T21197] usb 5-1: Manufacturer: syz
[  977.406889][T21197] usb 5-1: SerialNumber: syz
[  977.736968][T21197] usb 5-1: config 0 descriptor??
[  978.232296][T25377] usblp0: removed
[  978.251297][T21197] usb 5-1: USB disconnect, device number 80
[  978.288156][   T40] audit: type=1326 audit(2000000638.139:848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25447 comm="syz.0.4878" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf6feef6c code=0x0
[  978.369619][T25449] netlink: 'syz.0.4878': attribute type 2 has an invalid length.
[  978.372810][T25449] netlink: 'syz.0.4878': attribute type 1 has an invalid length.
[  978.375996][T25449] netlink: 'syz.0.4878': attribute type 1 has an invalid length.
[  978.708552][T25455] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4880'.
[  978.716249][T25457] binder: 25456:25457 ioctl 4018620d 0 returned -22
[  979.016119][   T40] audit: type=1804 audit(2000000638.869:849): pid=25461 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.4882" name="file0" dev="ramfs" ino=99790 res=1 errno=0
[  979.387899][T25475] netlink: 9 bytes leftover after parsing attributes in process `syz.4.4889'.
[  979.434770][T25475] netlink: 9 bytes leftover after parsing attributes in process `syz.4.4889'.
[  979.612230][T25479] 9pnet_virtio: no channels available for device syz
[  979.666321][T25482] input: syz1 as /devices/virtual/input/input103
[  979.735316][T25486] binder: 25485:25486 ioctl 4018620d 0 returned -22
[  979.766287][   T40] audit: type=1326 audit(2000000639.619:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25487 comm="syz.1.4893" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf700ef6c code=0x0
[  979.947867][T25493] netlink: 'syz.1.4893': attribute type 2 has an invalid length.
[  979.950354][T25493] netlink: 'syz.1.4893': attribute type 1 has an invalid length.
[  979.952723][T25493] netlink: 'syz.1.4893': attribute type 1 has an invalid length.
[  980.064306][T25495] 9pnet_virtio: no channels available for device syz
[  981.435367][   T40] audit: type=1804 audit(2000000641.289:851): pid=25502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4898" name="/newroot/34/bus/bus" dev="overlay" ino=218 res=1 errno=0
[  981.453330][   T40] audit: type=1804 audit(2000000641.299:852): pid=25502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.4898" name="/newroot/34/bus/bus" dev="overlay" ino=218 res=1 errno=0
[  982.015644][T25510] kvm: pic: single mode not supported
[  982.015658][T25510] kvm: pic: level sensitive irq not supported
[  982.017695][T25510] kvm: pic: single mode not supported
[  982.019916][T25510] kvm: pic: level sensitive irq not supported
[  982.021851][T25510] kvm: pic: single mode not supported
[  982.023920][T25510] kvm: pic: level sensitive irq not supported
[  982.045840][T25510] kvm: pic: single mode not supported
[  982.047805][T25510] kvm: pic: level sensitive irq not supported
[  982.049740][T25510] kvm: pic: single mode not supported
[  982.051750][T25510] kvm: pic: level sensitive irq not supported
[  982.063034][T25510] kvm: pic: single mode not supported
[  982.065078][T25510] kvm: pic: level sensitive irq not supported
[  982.081234][T25510] kvm: pic: single mode not supported
[  982.083500][T25510] kvm: pic: level sensitive irq not supported
[  982.093601][T25510] kvm: pic: single mode not supported
[  982.095653][T25510] kvm: pic: level sensitive irq not supported
[  982.104123][T25510] kvm: pic: single mode not supported
[  982.106213][T25510] kvm: pic: level sensitive irq not supported
[  982.118686][T25510] kvm: pic: single mode not supported
[  982.120683][T25510] kvm: pic: level sensitive irq not supported
[  982.160954][T25510] kvm: pic: non byte write
[  982.238625][T25510] netlink: 65039 bytes leftover after parsing attributes in process `syz.2.4901'.
[  982.968444][T25527] netlink: 'syz.4.4902': attribute type 2 has an invalid length.
[  982.970960][T25527] netlink: 'syz.4.4902': attribute type 1 has an invalid length.
[  982.973458][T25527] netlink: 'syz.4.4902': attribute type 1 has an invalid length.
[  983.293380][   T40] audit: type=1326 audit(2000000642.619:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25519 comm="syz.4.4902" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7ff6f6c code=0x0
[  984.193297][T25515] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  984.195416][T17551] Bluetooth: hci2: command 0x0406 tx timeout
[  984.613195][T25538] 9pnet_virtio: no channels available for device syz
[  984.930936][T25515] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  984.952918][T25515] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  984.955634][T25515] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  984.959851][T25515] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  985.543926][   T40] audit: type=1804 audit(2000000645.399:854): pid=25543 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.4908" name="file0" dev="ramfs" ino=99886 res=1 errno=0
[  986.165079][T25547] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  986.168051][T25547] Bluetooth: hci2: Error when powering off device on rfkill (-4)
[  986.180528][T25547] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  986.188957][T25547] Bluetooth: hci0: Error when powering off device on rfkill (-4)
[  986.273199][    C1] ------------[ cut here ]------------
[  986.275968][    C1] workqueue: cannot queue hci_cmd_timeout on wq hci0
[  986.278690][    C1] WARNING: kernel/workqueue.c:2270 at __queue_work+0xd08/0x1150, CPU#1: syz.4.4913/25556
[  986.282650][    C1] Modules linked in:
[  986.284862][    C1] CPU: 1 UID: 0 PID: 25556 Comm: syz.4.4913 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  986.289324][    C1] Tainted: [L]=SOFTLOCKUP
[  986.291102][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  986.295204][    C1] RIP: 0010:__queue_work+0xd0c/0x1150
[  986.297419][    C1] Code: 00 00 00 fc ff df 49 8d 94 24 78 01 00 00 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 04 04 00 00 48 8d 3d e8 09 0d 0f 48 8b 75 18 <67> 48 0f b9 3a e9 2a f7 ff ff e8 a5 ad 38 00 90 0f 0b 90 e9 b2 f5
[  986.305123][    C1] RSP: 0018:ffffc90000590be8 EFLAGS: 00010046
[  986.307641][    C1] RAX: dffffc0000000000 RBX: 0000000000000100 RCX: 1ffff11009e08151
[  986.310910][    C1] RDX: ffff888024805178 RSI: ffffffff8a7f79f0 RDI: ffffffff90dc5410
[  986.314311][    C1] RBP: ffff88804f040a70 R08: 0000000000000005 R09: 0000000000000000
[  986.317512][    C1] R10: 0000000000000100 R11: 0000000000000000 R12: ffff888024805000
[  986.320769][    C1] R13: 1ffff920000b218f R14: ffffffff81cf5b40 R15: 0000000000000001
[  986.323991][    C1] FS:  0000000000000000(0000) GS:ffff88809725a000(0063) knlGS:00000000f54b6b40
[  986.327173][    C1] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  986.329846][    C1] CR2: 00000000f73fcadc CR3: 0000000053464000 CR4: 0000000000352ef0
[  986.333072][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  986.336216][    C1] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
[  986.339178][    C1] Call Trace:
[  986.340550][    C1]  <IRQ>
[  986.341750][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  986.344102][    C1]  call_timer_fn+0x19a/0x670
[  986.345654][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  986.347786][    C1]  ? debug_object_activate+0x331/0x490
[  986.350024][    C1]  ? __run_timers+0x560/0xb30
[  986.351954][    C1]  ? __run_timers+0x560/0xb30
[  986.353909][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  986.355906][    C1]  __run_timers+0x570/0xb30
[  986.357780][    C1]  ? __pfx___run_timers+0x10/0x10
[  986.359853][    C1]  ? _raw_spin_lock_irq+0x45/0x50
[  986.361934][    C1]  run_timer_base+0x114/0x190
[  986.363724][    C1]  ? __pfx_run_timer_base+0x10/0x10
[  986.365623][    C1]  run_timer_softirq+0x1a/0x50
[  986.367614][    C1]  handle_softirqs+0x1eb/0x9e0
[  986.369581][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  986.371755][    C1]  __irq_exit_rcu+0xef/0x150
[  986.373708][    C1]  irq_exit_rcu+0x9/0x30
[  986.375468][    C1]  sysvec_apic_timer_interrupt+0xa3/0xc0
[  986.377755][    C1]  </IRQ>
[  986.379007][    C1]  <TASK>
[  986.380232][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  986.382708][    C1] RIP: 0010:__get_user_pages+0x2ae/0x34d0
[  986.385037][    C1] Code: 00 00 00 00 00 fc ff df 48 89 54 24 58 48 c1 e8 03 48 01 c8 48 89 44 24 38 48 89 d0 48 c1 e8 03 48 89 44 24 40 e8 12 70 b3 ff <65> 48 8b 3d 42 d8 b7 11 be 08 00 00 00 e8 50 ca 1e 00 48 8b 44 24
[  986.392988][    C1] RSP: 0018:ffffc900034afb20 EFLAGS: 00000246
[  986.395506][    C1] RAX: 0000000000080000 RBX: 0000000000000000 RCX: ffffc90025821000
[  986.398727][    C1] RDX: 0000000000080000 RSI: ffffffff825487ce RDI: ffff888022012480
[  986.402032][    C1] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
[  986.405259][    C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000014
[  986.408511][    C1] R13: 0000000000000000 R14: 0000000000210008 R15: ffff888064a23900
[  986.411736][    C1]  ? __get_user_pages+0x2ae/0x34d0
[  986.413606][    C1]  ? __pfx___get_user_pages+0x10/0x10
[  986.415648][    C1]  populate_vma_page_range+0x267/0x3f0
[  986.417898][    C1]  ? __pfx_populate_vma_page_range+0x10/0x10
[  986.420313][    C1]  ? __pfx_find_vma_intersection+0x10/0x10
[  986.422658][    C1]  ? do_mmap+0x93f/0x12f0
[  986.424216][    C1]  __mm_populate+0x107/0x3a0
[  986.425752][    C1]  ? __pfx___mm_populate+0x10/0x10
[  986.427779][    C1]  ? up_write+0x290/0x4f0
[  986.429558][    C1]  vm_mmap_pgoff+0x37f/0x470
[  986.431480][    C1]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  986.433422][    C1]  ? xfd_validate_state+0x129/0x190
[  986.435356][    C1]  ksys_mmap_pgoff+0x7d/0x5b0
[  986.437332][    C1]  ? __ia32_sys_mmap_pgoff+0x11/0x1b0
[  986.439580][    C1]  __do_fast_syscall_32+0xe3/0x8c0
[  986.441666][    C1]  do_fast_syscall_32+0x32/0x70
[  986.443668][    C1]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  986.445998][    C1] RIP: 0023:0xf7ff6f6c
[  986.447538][    C1] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  986.455188][    C1] RSP: 002b:00000000f54b650c EFLAGS: 00000292 ORIG_RAX: 00000000000000c0
[  986.458220][    C1] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000b36000
[  986.461407][    C1] RDX: 0000000006ebbeef RSI: 0000000000008031 RDI: 00000000ffffffff
[  986.464491][    C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  986.467524][    C1] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  986.470718][    C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  986.473949][    C1]  </TASK>
[  986.475087][    C1] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  986.477680][    C1] CPU: 1 UID: 0 PID: 25556 Comm: syz.4.4913 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  986.481962][    C1] Tainted: [L]=SOFTLOCKUP
[  986.483691][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  986.487727][    C1] Call Trace:
[  986.489074][    C1]  <IRQ>
[  986.490232][    C1]  dump_stack_lvl+0x100/0x190
[  986.492169][    C1]  vpanic+0x552/0x970
[  986.493816][    C1]  ? __pfx_vpanic+0x10/0x10
[  986.495697][    C1]  panic+0xd1/0xe0
[  986.497212][    C1]  ? __pfx_panic+0x10/0x10
[  986.499041][    C1]  ? check_panic_on_warn+0x1f/0x90
[  986.501139][    C1]  check_panic_on_warn.cold+0x19/0x34
[  986.503339][    C1]  ? __queue_work+0xd08/0x1150
[  986.505295][    C1]  __warn.cold+0x191/0x348
[  986.507160][    C1]  __report_bug+0x296/0x3d0
[  986.509023][    C1]  ? __queue_work+0xd08/0x1150
[  986.510993][    C1]  ? __pfx___report_bug+0x10/0x10
[  986.513083][    C1]  ? __pfx_hci_cmd_timeout+0x10/0x10
[  986.515248][    C1]  ? __lock_acquire+0x4a5/0x2630
[  986.517271][    C1]  ? look_up_lock_class+0x64/0x120
[  986.519370][    C1]  report_bug_entry+0xe1/0x290
[  986.521246][    C1]  ? __queue_work+0xd0c/0x1150
[  986.523005][    C1]  handle_bug+0x1c9/0x2a0
[  986.524521][    C1]  exc_invalid_op+0x17/0x50
[  986.526413][    C1]  asm_exc_invalid_op+0x1a/0x20
[  986.528384][    C1] RIP: 0010:__queue_work+0xd0c/0x1150
[  986.530590][    C1] Code: 00 00 00 fc ff df 49 8d 94 24 78 01 00 00 48 89 f9 48 c1 e9 03 80 3c 01 00 0f 85 04 04 00 00 48 8d 3d e8 09 0d 0f 48 8b 75 18 <67> 48 0f b9 3a e9 2a f7 ff ff e8 a5 ad 38 00 90 0f 0b 90 e9 b2 f5
[  986.537880][    C1] RSP: 0018:ffffc90000590be8 EFLAGS: 00010046
[  986.540293][    C1] RAX: dffffc0000000000 RBX: 0000000000000100 RCX: 1ffff11009e08151
[  986.543451][    C1] RDX: ffff888024805178 RSI: ffffffff8a7f79f0 RDI: ffffffff90dc5410
[  986.546612][    C1] RBP: ffff88804f040a70 R08: 0000000000000005 R09: 0000000000000000
[  986.549728][    C1] R10: 0000000000000100 R11: 0000000000000000 R12: ffff888024805000
[  986.552556][    C1] R13: 1ffff920000b218f R14: ffffffff81cf5b40 R15: 0000000000000001
[  986.555547][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  986.557875][    C1]  ? __pfx_hci_cmd_timeout+0x10/0x10
[  986.559846][    C1]  ? __queue_work+0xcda/0x1150
[  986.561375][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  986.563737][    C1]  call_timer_fn+0x19a/0x670
[  986.565577][    C1]  ? __pfx_call_timer_fn+0x10/0x10
[  986.567635][    C1]  ? debug_object_activate+0x331/0x490
[  986.569319][    C1]  ? __run_timers+0x560/0xb30
[  986.571028][    C1]  ? __run_timers+0x560/0xb30
[  986.572898][    C1]  ? __pfx_delayed_work_timer_fn+0x10/0x10
[  986.575219][    C1]  __run_timers+0x570/0xb30
[  986.577065][    C1]  ? __pfx___run_timers+0x10/0x10
[  986.579080][    C1]  ? _raw_spin_lock_irq+0x45/0x50
[  986.581049][    C1]  run_timer_base+0x114/0x190
[  986.582946][    C1]  ? __pfx_run_timer_base+0x10/0x10
[  986.585026][    C1]  run_timer_softirq+0x1a/0x50
[  986.586968][    C1]  handle_softirqs+0x1eb/0x9e0
[  986.588878][    C1]  ? __pfx_handle_softirqs+0x10/0x10
[  986.590985][    C1]  __irq_exit_rcu+0xef/0x150
[  986.592871][    C1]  irq_exit_rcu+0x9/0x30
[  986.594642][    C1]  sysvec_apic_timer_interrupt+0xa3/0xc0
[  986.596852][    C1]  </IRQ>
[  986.598046][    C1]  <TASK>
[  986.599247][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  986.601606][    C1] RIP: 0010:__get_user_pages+0x2ae/0x34d0
[  986.603881][    C1] Code: 00 00 00 00 00 fc ff df 48 89 54 24 58 48 c1 e8 03 48 01 c8 48 89 44 24 38 48 89 d0 48 c1 e8 03 48 89 44 24 40 e8 12 70 b3 ff <65> 48 8b 3d 42 d8 b7 11 be 08 00 00 00 e8 50 ca 1e 00 48 8b 44 24
[  986.611445][    C1] RSP: 0018:ffffc900034afb20 EFLAGS: 00000246
[  986.613923][    C1] RAX: 0000000000080000 RBX: 0000000000000000 RCX: ffffc90025821000
[  986.617098][    C1] RDX: 0000000000080000 RSI: ffffffff825487ce RDI: ffff888022012480
[  986.619907][    C1] RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000
[  986.623116][    C1] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000014
[  986.626361][    C1] R13: 0000000000000000 R14: 0000000000210008 R15: ffff888064a23900
[  986.629138][    C1]  ? __get_user_pages+0x2ae/0x34d0
[  986.631253][    C1]  ? __pfx___get_user_pages+0x10/0x10
[  986.633449][    C1]  populate_vma_page_range+0x267/0x3f0
[  986.635671][    C1]  ? __pfx_populate_vma_page_range+0x10/0x10
[  986.637674][    C1]  ? __pfx_find_vma_intersection+0x10/0x10
[  986.640074][    C1]  ? do_mmap+0x93f/0x12f0
[  986.641881][    C1]  __mm_populate+0x107/0x3a0
[  986.643760][    C1]  ? __pfx___mm_populate+0x10/0x10
[  986.645486][    C1]  ? up_write+0x290/0x4f0
[  986.647294][    C1]  vm_mmap_pgoff+0x37f/0x470
[  986.649193][    C1]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  986.651297][    C1]  ? xfd_validate_state+0x129/0x190
[  986.653258][    C1]  ksys_mmap_pgoff+0x7d/0x5b0
[  986.655038][    C1]  ? __ia32_sys_mmap_pgoff+0x11/0x1b0
[  986.657281][    C1]  __do_fast_syscall_32+0xe3/0x8c0
[  986.659401][    C1]  do_fast_syscall_32+0x32/0x70
[  986.661399][    C1]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  986.664002][    C1] RIP: 0023:0xf7ff6f6c
[  986.665673][    C1] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 58 b8 77 00 00 00 cd 80 0f 0b 8d b6 00 00 00 00 b8 ad
[  986.673361][    C1] RSP: 002b:00000000f54b650c EFLAGS: 00000292 ORIG_RAX: 00000000000000c0
[  986.676722][    C1] RAX: ffffffffffffffda RBX: 0000000080000000 RCX: 0000000000b36000
[  986.679920][    C1] RDX: 0000000006ebbeef RSI: 0000000000008031 RDI: 00000000ffffffff
[  986.683188][    C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  986.686389][    C1] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  986.689569][    C1] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  986.692776][    C1]  </TASK>
[  986.694751][    C1] Kernel Offset: disabled
[  986.696519][    C1] Rebooting in 86400 seconds..