last executing test programs:

1m41.072795513s ago: executing program 2 (id=2747):
syz_80211_inject_frame(0x0, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x48001)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x4040001)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb0100", 0x25}, {&(0x7f0000000040)="aa1d484ea0a00000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfb", 0x26}], 0x2)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan1\x00'})
r4 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r4, &(0x7f0000000100)={0x0, 0x700, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b72ab25399cd956c07dead6a93690", 0x1c}], 0x1}, 0x0)
recvmsg(r4, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x2062)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00f7ffffff1e00ff130012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000180)=""/39, 0x27}, {&(0x7f00000005c0)=""/97, 0x61}, {&(0x7f0000000640)=""/148, 0x94}, {&(0x7f0000000700)=""/246, 0xf6}, {&(0x7f00000001c0)=""/64, 0x40}, {&(0x7f0000000880)=""/242, 0xf2}, {&(0x7f0000000980)=""/84, 0x54}], 0x7, &(0x7f0000000d00)=[@rdma_args={0x48, 0x114, 0x1, {{0x2a, 0x3fffff}, {&(0x7f0000000a00)=""/197, 0xc5}, &(0x7f0000000440)=[{&(0x7f0000000b00)=""/224, 0xe0}, {&(0x7f0000000c00)=""/183, 0xb7}], 0x2, 0x44, 0x4}}, @rdma_dest={0x18, 0x114, 0x2, {0x400, 0x81}}, @mask_cswp={0x58, 0x114, 0x9, {{0x8, 0xc}, &(0x7f0000000800)=0x3, &(0x7f0000000cc0)=0x5, 0x7, 0x578d, 0x8, 0x5, 0x58, 0x8001}}], 0xb8, 0x40008080}, 0x20040080)

1m39.176309646s ago: executing program 2 (id=2765):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001ac0)=[{&(0x7f0000000200)={0x118, 0x1e, 0x1, 0x0, 0x0, "", [@nested={0x105, 0xe7, 0x0, 0x1, [@typed={0xd, 0x1, 0x0, 0x0, @binary="72dcce07c1ab4805e8"}, @typed={0x14, 0x0, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00'}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe8101000000010000008b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82fd"]}]}, 0x118}], 0x1}, 0x0)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x3000009, 0x46031, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x58000)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000340)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x1}, 0x50)
r3 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000540)={0x0, 0x9, 0x8}, 0xc)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
r5 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0x7, 0x4, 0x100, 0x401, 0x28}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r6}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000400)='sys_enter\x00', r7}, 0x18)
close(r5)
read$FUSE(r4, &(0x7f0000000300)={0x2020, 0x0, 0x0, <r8=>0x0}, 0x2020)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
fsetxattr(r9, &(0x7f0000000080)=@known='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)
fgetxattr(r9, &(0x7f0000000000)=@known='trusted.overlay.upper\x00', 0x0, 0x80000)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000080)=@raw=[@map_fd={0x18, 0x1, 0x1, 0x0, r2}, @ldst={0x2, 0x1, 0x3, 0x2, 0x3, 0x4, 0x8}], &(0x7f0000002400)='syzkaller\x00', 0x6, 0xaf, &(0x7f0000000400)=""/175, 0x40f00, 0x71, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000004c0)={0x8, 0x4}, 0x8, 0x10, &(0x7f0000000500)={0x4, 0x7, 0x9, 0x2}, 0x10, 0x0, 0x0, 0xa, &(0x7f0000000580)=[0xffffffffffffffff, r3, r1, r4, r9], &(0x7f00000005c0)=[{0x0, 0x4, 0x5, 0xb}, {0x0, 0x5, 0x10, 0x2}, {0x5, 0x3, 0x4, 0x9}, {0x2, 0x1, 0x8, 0x2}, {0x2, 0x2, 0x4, 0x7}, {0x4, 0x2, 0xe, 0x6}, {0x5, 0x4, 0x6, 0x5}, {0x1, 0x5, 0x4, 0x5}, {0x0, 0x3, 0x8, 0xb}, {0x2, 0x3, 0x8, 0x8}], 0x10, 0xf}, 0x94)
setsockopt$inet6_IPV6_RTHDR(r4, 0x29, 0x39, &(0x7f0000002340)={0x1d, 0xa, 0x1, 0x9, 0x0, [@private2, @dev={0xfe, 0x80, '\x00', 0x17}, @mcast2, @private0={0xfc, 0x0, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}]}, 0x58)
openat$vmci(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
r10 = socket$netlink(0x10, 0x3, 0x8000000004)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r12, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001b40)={&(0x7f0000000080)={0x24, r11, 0x62c21a4ade68aba1, 0x70bd23, 0xfffffffd, {{0x32}, {@val={0x8, 0x117, 0x59}, @val={0x8}, @void}}}, 0x24}, 0x1, 0x0, 0x0, 0x50}, 0x0)
writev(r10, &(0x7f0000000140)=[{&(0x7f00000000c0)="580000001500add427323b472545b4560a117fff0b0082001b59000d00ff0028925aa80020007b00090080000efffeffe809000000ff0000f03ac7100003ffffffffffffffbfffffffe7ee000000000000000002", 0x54}, {&(0x7f0000000180)="abd9296f", 0x4}], 0x2)
r13 = socket$packet(0x11, 0x2, 0x300)
r14 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r14, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r15=>0x0})
sendto$packet(r13, 0x0, 0x0, 0x4000002, &(0x7f0000000200)={0x11, 0x80f3, r15, 0x1, 0x1, 0x6, @link_local}, 0x14)
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x9)
ioctl$SIOCAX25DELUID(r4, 0x89e2, &(0x7f00000023c0)={0x3, @null, r8})

1m39.08539419s ago: executing program 2 (id=2768):
socket$kcm(0x21, 0x5, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$DEVLINK_CMD_PORT_SPLIT(r0, 0x0, 0x4004101)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = mmap$IORING_OFF_SQES(&(0x7f0000872000/0x3000)=nil, 0x3000, 0x2000006, 0x20010, 0xffffffffffffffff, 0x10000000)
syz_io_uring_submit(0x0, r1, 0x0)
r2 = getpid()
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x94)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
kexec_load(0x0, 0x0, &(0x7f0000000000), 0x320000)
syz_emit_vhci(&(0x7f00000000c0)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_ext_features={{0x23, 0xd}, {0x0, 0xc8, 0x1, 0x2, "fcd1ca9a0967216a"}}}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_procs(r5, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r6, &(0x7f00000001c0), 0x12)
sync()

1m38.834387509s ago: executing program 2 (id=2772):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000100)='mountinfo\x00')
pipe(&(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f0000000240)={<r3=>0xffffffffffffffff})
splice(r3, 0x0, r2, 0x0, 0x1c, 0xe)
recvmmsg(r2, &(0x7f0000001700)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000340)=""/69, 0x45}, {&(0x7f0000000600)=""/4096, 0x1000}], 0x2, &(0x7f0000000440)=""/193, 0xc1}, 0x800}, {{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000001600)=""/181, 0xb5}], 0x1, &(0x7f00000016c0)=""/46, 0x2e}, 0xfffff915}], 0x2, 0x10100, &(0x7f0000001740)={0x0, 0x989680})
r4 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r4, 0xc0d05605, &(0x7f0000000080)={0x1, @vbi={0x0, 0x0, 0x0, 0x3132564e}})
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.time\x00', 0x26e1, 0x0)
close(r5)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000e000020850000007000000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r6 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'syz_tun\x00', <r7=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r5, r7}, 0x3c)
syz_emit_ethernet(0x1042, &(0x7f0000001300)=ANY=[], 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
pread64(r1, &(0x7f0000002280)=""/4096, 0x1000, 0xd33)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000300), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000400)={'wlan1\x00'})
sendmsg$NL80211_CMD_SET_KEY(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x2000}, 0xc010)

1m38.724922553s ago: executing program 2 (id=2773):
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000300)={0x18, 0x0, {0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}, 'lo\x00'}}, 0x1e)
ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000001f00))
connect$pppoe(r0, &(0x7f0000000040)={0x18, 0x0, {0x1, @remote, 'pimreg\x00'}}, 0x1e)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000000)={0x0, r0}, 0x8)
sendmmsg(r0, &(0x7f0000009140)=[{{0x0, 0x0, &(0x7f0000001480)=[{&(0x7f0000005280)="b8", 0x1}], 0x1}}], 0x34000, 0x0)

1m38.28924237s ago: executing program 2 (id=2776):
socket$packet(0x11, 0x2, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/snmp\x00')
pread64(r0, &(0x7f0000033240)=""/102400, 0x19000, 0x100008)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet_sctp(0x2, 0x5, 0x84)
readv(0xffffffffffffffff, 0x0, 0x0)
r2 = epoll_create1(0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40088a01, &(0x7f0000000000)=0x100)
r3 = socket(0x10, 0x803, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000240)={0xe0000002})
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0)
recvmmsg(r4, &(0x7f0000000240)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x45833af92e4b39ff, 0x0)
socket$key(0xf, 0x3, 0x2)
ioctl$BLKTRACESTART(r0, 0x1274, 0x0)

1m38.183418524s ago: executing program 32 (id=2776):
socket$packet(0x11, 0x2, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/snmp\x00')
pread64(r0, &(0x7f0000033240)=""/102400, 0x19000, 0x100008)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet_sctp(0x2, 0x5, 0x84)
readv(0xffffffffffffffff, 0x0, 0x0)
r2 = epoll_create1(0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40088a01, &(0x7f0000000000)=0x100)
r3 = socket(0x10, 0x803, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000240)={0xe0000002})
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0)
recvmmsg(r4, &(0x7f0000000240)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x45833af92e4b39ff, 0x0)
socket$key(0xf, 0x3, 0x2)
ioctl$BLKTRACESTART(r0, 0x1274, 0x0)

1m7.514653147s ago: executing program 4 (id=2968):
socket$pppoe(0x18, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x0, 0x0, 0x0, {}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_INTERVAL={0x8, 0x3, 0x6}]}}]}, 0x3c}}, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
close(r4)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000040)={0x0, 0x0, 0x100, {0x0, 0xa}, {0x3}, @const={0x0, {0x1, 0x8, 0x4, 0x881}}})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4808000010001fff3a4ee9bfd5c3a3696c40af0b", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800a00010076786c616e"], 0x3}}, 0x0)
write$binfmt_misc(r3, &(0x7f0000000000), 0xfffffecc)
splice(r2, 0x0, r4, 0x0, 0x4ffe6, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r5, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f00000000c0)={<r6=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
r7 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r8=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'lo\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r9, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x0, 0x0, 0x1, 0x1009, 0x7f}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0x0, 0x5, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=@newqdisc={0x44, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r9, {}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_FLOW_MODE={0x8, 0x5, 0x4}, @TCA_CAKE_DIFFSERV_MODE={0x8, 0x3, 0x3}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000051}, 0x4000)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r5, 0x84, 0x9, &(0x7f0000000840)={r6, @in6={{0xa, 0x4e22, 0x80, @empty, 0x5d4e}}, 0x2, 0x2, 0x614, 0x4, 0xd, 0x7, 0x4}, 0x9c)

1m6.627065976s ago: executing program 4 (id=2982):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_connect(0x5, 0x24, &(0x7f0000000140)={{0x12, 0x1, 0x110, 0x9, 0x28, 0xfc, 0x10, 0x5ac, 0x291, 0x4325, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x40, 0x0, [{{0x9, 0x4, 0x84, 0x0, 0x0, 0x3, 0xe1, 0x2}}]}}]}}, 0x0)
openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x89f0, &(0x7f0000001440)={'bridge0\x00', &(0x7f0000000100)=@ethtool_ringparam={0x12, 0x0, 0x2, 0x0, 0xfffffff8, 0x900}})

1m4.843623959s ago: executing program 4 (id=2991):
socket$packet(0x11, 0x2, 0x300)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/snmp\x00')
pread64(r0, &(0x7f0000033240)=""/102400, 0x19000, 0x100008)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x48c00, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet_sctp(0x2, 0x5, 0x84)
readv(0xffffffffffffffff, 0x0, 0x0)
r2 = epoll_create1(0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40088a01, &(0x7f0000000000)=0x100)
r3 = socket(0x10, 0x803, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000240)={0xe0000002})
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r4, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r4, 0x0, 0xc, &(0x7f0000000040)=0xfffffffc, 0x4)
recvmmsg(r4, &(0x7f0000000240)=[{{0x0, 0x0, 0x0}, 0x3}], 0x1, 0x45833af92e4b39ff, 0x0)
socket$key(0xf, 0x3, 0x2)
ioctl$BLKTRACESTART(r0, 0x1274, 0x0)

1m2.893436386s ago: executing program 4 (id=2996):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x104000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x1c0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x1805406, 0x0)
mount$fuse(0x0, &(0x7f00000005c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$9p_unix(&(0x7f0000000340)='./file0\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x5257418, 0x0)
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
futex(&(0x7f0000000180), 0x5, 0x0, 0x0, &(0x7f0000000000), 0xaffffffa)
setns(r1, 0x24020000)
syz_clone(0xb21e0000, 0x0, 0x0, 0x0, 0x0, 0x0)

1m2.859652717s ago: executing program 4 (id=2998):
r0 = socket$pppoe(0x18, 0x1, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000001a80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001240)={0x110, 0xffffffffffffffda, 0x6, [{{0x0, 0x0, 0x4, 0x8, 0x3, 0x523, {0x4, 0xe, 0x1f9, 0x7, 0x0, 0x3, 0x6, 0x2, 0x5, 0xc000, 0x81a, 0x0, 0x0, 0x6, 0xd}}, {0x1, 0x9, 0x65, 0x3, '\x1c\\&\x0e\x00\x87\x98\x1d\r\x14\xcc\x90\xa3\x02\x99,\x1b\xd3\x8f\x1ax\xbdA\x15\xb3\b\xef\x8a\t\xc2\xb5=\xe9\xa99y\xd0\xe7\r_\x89\r\xd8K\xce4\x16\xa1\xe8\xcf\xd2k%A\x82Y!\xf1\xe2\xf2\x1d\vFm\x92\xca9\xe2\xe0\xa0\xef\xf2\x18\x95\xce`]~\xda\xa9\x1a\xa1\x15\xba\x90\x13\nT\xb4;r\xc5$Ps\x11\xaa\x04\x84\xecO'}}]}, 0x0, 0x0, 0x0})
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000002100), 0x280449c, &(0x7f0000000440)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f00000093c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000004200)={0x50, 0x0, r2, {0x7, 0x1f, 0x0, 0x2026012, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f4000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff00", 0x2000, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x40000, 0x2)
getdents64(r3, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)={0x100, r5, 0x30d, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x80, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x53}, @TIPC_NLA_BEARER_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e24, @empty}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x9, @private2={0xfc, 0x2, '\x00', 0x1}, 0x9}}}}]}, @TIPC_NLA_NODE={0x44, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "49185c4e68c7c1147f69c8d77855fb094cd956a3"}}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x6}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x6}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3ff}]}]}, 0x100}, 0x1, 0x0, 0x0, 0x20048005}, 0x0)
syz_fuse_handle_req(r1, &(0x7f0000006380)="52ab4071b01d98cd768757f6fc37906910a2d2be860f5a573cd4bc49e712dbe1ba6c7694fe5e9373009fa05870d8ec3b24443902e52ff513921a15cb229a68d54710a429510190987eb58cb21232a334165e4695dbf687c92eec05c0e8f4375515c71578363735bf417968e1f72f8607bf32de6207b62cd9f6cced7fad4dd0587279590b0e55b2c411e5d02527936399c69e1ce6c95f62037b32d04fe4ecd86b292b4832a5794a25ea167de5a03b4bb7ad29a653ecc141202c6825b740c046dc21b6928146daa0351ccb02bcec7574433b4e65df87378f1106892d7a193db2857200ac1cb4ef0ed82fff7676e024b178378e4fd0b5d00e7816cb7e1455dce3d44f88e18b979de4c266b5657db947d66ecde7a08170e0f8852c7bc354345c0fd9c49fdfad8b3be1d51aec3c7c0f644e14f25cb3a3f96d27a18f05c3672fc112e47a2455fc0c4d9c72f8c80582cc1dd7a6828e2b6a3a5ec8305a3465c11703ff69f29f85c5e1076556d4bf0c772f482803a388623744361157b7556ad5c5d63734e18910ca71b4625d9ad56006c5b42b3749c3b7765bef733de99e4ddfe4ccd7b0170394d61d0663451977a2fd86030c5bcdde6d3c19ddfebf8082a26b5436846a1d0915d1a5715dac976398ba36e001583ac1424d450ae5ed95d77a307b18c2d3de942568123f6835a5b9899dd38b7b223c9c6dba1a176b6b89dd3a49941d721c07c59e49940c29245aa2ce06bddbe18597707bb5566cc6323ef9e91f6b0fe9515f1545ca4945bc136ad30d36291cc25284303c5696c5e51368ea59b11eb7243deca104d15635b7799bd51730d748bf9229fcc15dd1399bfaf295b8e341a0b42951c300db87d32c3fb8b22a61f9a86d100bc45d0bd43c5ea12a9009f3890a29e270191d6095d8aa11f657aedaadb2125b781a8bf5f966c7f478b0a082a02e8a7347edec0977eb88f1f276515f128700ee0f5e9970cca4d092311e378bf1be592122e256a3734e9c4038e8649a9ada3d449dfb6c1c88d14a547985e34507063974d294cc50a2f8cff7d366fca1c4deb28971fb7aefc87443e46776086d8aacf7a54d85cf1233643d558206c3da85dfd52045ad188a0bd52c558c805a0ec603b8023c29f1c18ff7a2e2fd41b6d694e05224a0c5f5cd01d957c39d984d2774dba13552314cf146a49e1412df613ad6cf305ccc3c72b9a165adcd4419ea6c0cba1d0e1a0a8759fab6fb02af5713722a170f8210f24570bb7f5858ba7b075fbe088231b0ea72e947b611798e670d1858d81f1c3f23bd16cebd793916babfde9bc0978c7fce17974296d9c0bd7e326d9f77d40d0172582768401ce3255838696312f1f38d95237b7731fba4513d9566d31ac1fcaa841a9bda84a65495a2bd2a70d10e1fcdadc5ddd0ea2fe529d98ba9fa323d82378a0a283f1535b9962046e06d9c8fc98d06d198f52cb95c5b0a738f719607c484bac1e8f03123bdd824711710094af2295a7fbdfc6982c4b9243b90efc75bf3c37e7637cc75e537b9787231ef57b331b8c52d070d6a0efd7c263521b2effdded2c0eb6709b21027f24c28f65848ec37216a8507c6ca890870131fa748ed40b47f95c0dec6c1e83afb99767e8213696e9756bc8fb67893c32bc8b2307b815b0662ec4108af2dc97964e7182ccf7c150bbd43f4144c8537140e2deb96265a52c088412be9d1de90cb557661740e54a126d0024edffa947fd49550ba3111d022fcb8eba0f8b8d5d326355a301f71fcfd3116c7e5af7384969cac447c6adc832c873a58a2bf4398dea796ca5b2bd784a6857024948214c7072830e78058686d8a9e2827769e3cc5beeb7b9395644dcab82aa7da5e35378d715ba53dbe0cf14e4de8ee9577078e47bdfb499c6a4296283b2e8790cf182f9c6db89db519360fa1e0252c33b5f67c514f76738593bfcdaa954b64a1d31ecb4608932eb527add52d6831e53af591ddf2201689ca22e5aa00f07dde705750d568a4e67bb2700a5ed53709348d24be680e3b305b79ef260b1db6ae38aede88ad4d41db59c522eefc00d9e24730fd967afa537c2ef89af75044696cca109a26a0cce0402369e98c8c1dd7b21915730a5f53ed394f9daf793a9302d3e72ad4e8aeca4e618d437388f791193c55d4deb46dedbead576b22182a730fac5551f0e5561c589b26c937fba3ac92a7f8c84cfcc230aa2d806850e36a596018334ca3edd0386a102811fa687f0fc762afc17639b9dde107fe63672fdd006d1b95b47348f1bd2ce7d4d5466575d4aa73b992b90e2e645503d9e39686d29e6b6e2cfecbaa2236adab80e7150456d56e1905268ac350ef04e0b7a0cc38b72020918b64f7f1fa5fb7da3ac45b11ad06f3b4fb55a824c5ba9f5d5eede35f611207f0cf62953229770bb857919aa21609fb886e2316e73abd74342881bb7a37e838fb4ccd37c3610402c38f4da0e2e591f9e8028aee60e88806dcda99e76b9ff58c6e08d5a42982f216180202cd2bfa959a64c0293283157744b249a66f43050d9dd6804ae92a39a402cddb420249727c3398ed813bc1c3e7e8ae12873d455044d362a946a747914104407d3a9962b48d561903d4445bc3a35e9f6b59306b657c41dd2a9471eabd4f7a8d4b7acd43b20a87a7733874b7e0d065c3b230011dea1b5a1b984d14cdd6358c85eb593cfef45d3d9396a29c0870e121283e164c63ce0eff15f4645bc151c24ba91d75acbe8605080f27026c8638b75b0177a507f23ae9357b45ca6ed7c032733d137724f300423734238458118378ed7f3dea50684cab54602a4141e12e4250a2e94f2f91a89f191d35425e15b6821a8c8eb1334ae3d50ed7595adbc4c88c6f828e4ba44641d7ffc0fc2d940d38be237192f128d948b143d2139eb1e0d057539d786b946b43dfefe4077ee163248d2030c6753a538ddce9fea888a7db8ea4270b17fb13c96327f6ec771c50069a7e7b54de2db3d3f6b7603e43d8bcf3261204ebe2dee127fd7eb996b20848ded77cfdd2f96e93f8b7c1b7ddf9641dcad3386b8b8cea2ba4ca7cc352e3e449d6fd81620ded3b3da658557571df39906c40daf14a3a387fcb739570afd76a9d159f32c9490d85a58abff4209ec49a4b5d44659f30d6bd0a7cc7e55cee0dfed99c3c16364c21aafef6926bb16432ef2f7b4830246e6653eea63dbac45a86b40592d032230842b588e6b2c831a5822d3458756d5d5550eac3e050d7890a2d017ea07e68eacd6f72ab065848c7cf22915fbd8443777b032c933ee34439b2f62986ec9d458b7c1f34e6cb547cda3cb23e4243672751b07d66581fe487c4ec8997e98f64948102a5fe67b3bfef96ffc21c46d3f9b0977e56ab58ae69901b2067765bd16b6ac54e925221e7349a553ae19b328282d949d814fbb70575eb5aa55e3525e1b1bce77e13c9307be99dde6d998a2bda1802c2e048879ef233af6e78452495540f9f795da36aa4e548b4739b4448555b6519c015c4dbc85795469c94d638512b2daa285160d7dbf4982100f53b21cbb0d2c89b21a65da9f353cfff4707cff79f5c6a596284b2b6bdb53dd0b9bee27556541cdc417eef740fecbbd858a8eeb46c10d06ed4fa57dcfdca8553ced59bd83fd3f2a6fd459365ab49907deb537ba3e23672c3b4655494dfea37a463f3370bb42feee874cc4ec68e6b6e9a107e1154f8c582b3e061b1b03bf5f25f1d46645bb11cd316104e4944a88abeb0922c56297e921d22296f7f84a05fac632fbe19562c29be073eb926be65c6247f5cb8c2ff5710a3090f4d4f4e45e15fe9022d0610b386d9c7fe79269393a3df89568ae991c5599456a00dfb5b94a993edb2500217bb67148b5c3c8592a163014b26a38c262cd762ebba8357d380194c2396f8f40225649935b43b8c7ca5705c73e3d985f8c93134d5895de4030148c841de80983c38794eb4939b047e295225eca7245bf714891d65e9c6237933040c599cf3f34cf8d2b001459104d4a4e2277460cdae3815550a3ec7a7448af817faf4afda83f6ec135ae1290854fad29aaf922b18f9c9dce652f62a2a543578579c131c3eb26ac96622d703ca259201137ffc8c1ec505da1a06a18683f9509df0528dd3238b13aec20998255503bd67e4995f59594405f472b43b2672a0f212e1a160319bfa05677e61538775a56f33cca64c739a1695744808dc6dfde0da538239df4b73d1bd8a76f012ad4b65aac424c5b45428acd482252c621dae5d6cc73bb93b2cc1d60fa906203a00b53b5d496b73f182cb1ed5b4e24b17497e6b0865434fc90c6e055f11ccf3141d10fbd637b0b741860316ec4cd7f3ab57fe40e9c6dec6c131f079b65c2e493329c48f7b0e7aa0a030d4451f79a2fa01621c6df96cc5e21caf82995e0addf12be4255137ddc71741fb7fd12352566cbd65dcbe11af106b68500d8e4f1ef8c29474199e6321332ff4bc0bf21f7a9ad4f7d15aa7225c87664ed128f705d8ccc003e719e8a5992d6d3de14ec76e4a2086befe79eae2a89f89fd529164f935e25a280775382e5e807bb2df42eff3cbe93141b53826e164252cc393d7f5c8b2485e182ab74288651133cb0ba29d5050a89919812cd006097088f4736e7ed8fd412d6a1c446cc333ebbb16f4efc02d1f4d1030874f04813fa955761f88dcd15c8da94a907012ffab44cca654f6ffcbb8a5239422196b8f7fcb9e6991881ad15360624fe7dc90e14dc72aec65be17a68ebf1a03b781970f945a9e379824d76a8312d8af3def98126ac838c6f6347b62903fb37a89c8285380a608f6c293bb099da10a00586a5ae864d5fd138cac05a3d83c5eab5a9893d2672e8ccbe8b057ebf22b9c1a89d62f4b0583fcc61b80610c5ae20a88ab2ba4e1bd93221d186545b381a401b0c65274bc7d5731b4154c5b41df87d984535caab185fa9498f092adb959edc0350bdaca28f4e422b8e258ddd0e3b8e9e59b2307e079b89f06ef97b64b135940bf6e85ea37eaa2cfe24eb774724ab17c54ddbc367fa4d54becb1eff428ab80a097a52dbe374ee5f5c811351e511a64691747714a6582e423181925b48942a9b8d0e087c430b4457ff2913d5d9cf780c37ffe4549571d060357ae3bcdc0acaef91ab9f3dee17a084c2003b7fa8b4ccf2a212ea9f7fd55ba924534fb948c2f8454d18b859f600338e78ff9d88007e1904c62fe985320c72a972e03056362d1226f8870ea13a14c08cebca02dcfd18eed2cfe36f6d09b10e89fab49b4df6bea4c0eefadfd6382a9d4d51e9de9889709ed61678c856324cde8bf82c2a39b7a3aa21c4e9ef1bfcce4b5ef50a3e3b128542ee5928fb3fd26b05a32f3e1d95db59ca4bbd1ff84c9a10de7f58154b705006c99173e38596792d7749f2274b3b0a955a4da84c915eb94ff20872a2fa1e3bf11ddc261d0cc0f235c7aa988a006fed099797d94ce8af9af77b5b02fbab6750431dbc23afdb08dcda13d3af26110165ade25eae0c36b087d42d81cf8466f69ed0dbddf8169be741d8ad07f6ba8df885618f619bb9240a8a3422260e63c33c74d32521876ebf7151f2ba1a1791813aad46843e0343f8f7aa0e8f217fcec1aabf121eb26270908f9a8fcea4067e1779853e4679c6aedcf083a6449ae95e0c5176fab9ec798b8d650e428b2ca97b258f3253814eebad1e66ec7facafc4b2fc74674b6984e76e631c427fa7180d701fbcfa353f0486e68bffe02a9ac214d7442e6b898a72c67fda365863530050ee6996a86a56e49de90ad16e5e90928b56ed0f490312e292de173c6708f93b878bcdc5b3cadd112cd319af503077f338be17dd6e188835e18b8d56a736716bb9fc67101885e729a30bfe7e87870701f88aad583610b5b79c89dfaeaad528ec5cee83b97156eae5585af28f5c3037f9890a1c631a3ba820d612cdca52a88663b790cf0bd09f6ea22f8fdaf27c964ab9433b775b0a1542cc3df7a88e797a7eb49c537b9db58a01b06df1ae8e974b1480a431edb03e4220e89cb14e5cd5ef5f68fe391745146f4ff70531d5737531d1041c3703260d4b68576ec53250736f291f8ff51922918962620be60f9d31130c82e2104d0cc5d9080ee7f64395a0fea49576b0253aed104a797da6460250f5b0a4ea2f76f31747407d6d564f4d2e3cea88bea580a4a2e334d7cc81fa13fab267ee45c5c6e04af6b9263a2802ec1a55e397214653f33738544545d9d8176785a5d970f56cc716e2276b1d38a2779bfec1093943b5b7fd806e6e042dd898fe9cedab9f570cbfba8f230052551be4b523dac0738979f96ca1c3716dcec268c1ce03996f63082f5efe5b82520a98b7dc8079e9ef644ced08fc63f0d864a82062970c4e49034a1a7e9167f9d6f9d8f06744430b3b323a7311cdb3bc91b0cbc890f8155ddcb1659c284990c765c4a327762f5bf8a5ad71a07c91897bab67ccdc5ef28098de41afd844b04bd4d2ac65aa2cffb70300f999c23b0c42deadc4e6d74bf5899df38301ac35a70cc3f4fb0b4454dc125a201fbeb946a8962c1a7bcd2bcccadcaf4bbb29f7f00c681c463fae3c83a1ca656e5572b1258a0b300cc617f306b528087e7574bf7cc1ab2ab51000308aba9606c7ea9c15316dc6b544181a00c62c915c5026430ecb1063013c1b6a4f91e7d875376d2cc08a87a04fd36c046c252d17137e8b66e801e4d7a50ceb15699f4339bd95d67310a536280e9e4079104ee39272748ccc72fdcea3f07ab81343058b83692cccbcbb615976b044c98935209f3ddc15479544aec9ee99df6f7b2e71276bccfeabcd463b86fbc05740c72fcdb0e8af241d087bb5bf6db76343e63656cdb72cec59ef55625660a9d6712b0ce531706b34fea9c8145be4ef9fec11bcc69b6e87c71ac8260b759e01f5ca7e708635e02e912335bc04bf0004f14cdc309ae5ea6ca454edcb81526e740255ccdf4f8034ac85bb52488a3d88e326506bc8e1bb5a9eb893a051dfc73b18c10b2261263b6f70263edda36c81db241b9365384db0b54ff1e0daf5f1ffe83f83262f64f209d61e4afe5d77c733bdea77e6481ec218c44869c27e9e10662a2d8ee5028cff452cbab3029d8a02dc91354730b8051f0fecdbb63a44b9f35c2ca82e534101dff33722b0398c773a8459d91560be3e590b6fb1659f4101f6724b5c5891d84cec74b0cb2ff6cb1c3497194dcafff893b037aac81360fa017829a0362c0b7458dd630bf02026646de6ca5047a3bf718241384cbbad7f61cb85d81886905bb4b2b4dbe93b393ca6e06f9c3d03c698f1f4afe22e85cc02d3a25d8e2aab6cbe292b331b7ec8be443d227bcd374110680ff9df069335a61f8d9d44dd1c26b81d27a7be7b494e21ca3fd608dc8b2013cc5f874d38859f8fd4f8245bf2bdf5afe8cf22031a50010b2be8cb026a0c3e6f3152b306cc6f3463cdaf72f1c273baa08fd95ed3ea1132bdde81fb5fcb80ef3d9f158d47854be4a54f17def7c991e55d61418e31a05c4d0209490fca566d58c38892e2f9a8686e8fdd0a06fedad43d3529dce36b701ede4ccc7742e6ce1758477dfb778026324691931770425c95a78e3400378752aa2f54dfe3f7c01c2a2afe3f4e79d450cc38ccecd1c5b76d8a95012ce492218f04620332b410957471e7f60b7a35da10a8d7d70672e2775b5c94448dc8bfb5889152a2d48e9961bb458def52e47ff8ea386b22ad999f88ec770dc23b74f53b4f71d8245fd791e939bcac12d9c9ee331cf31058e9e04b4ba6de70fa924ce5bd2d6726b2c590fce35bf7af327c295a07fd86f465e8e77a2d70de0e843c00a2333b78f4ffc60629b07ab5aa0b0c48cb0a2e88d9d65e3051c29ae441fa5ff04bb8b705722372f27450c2fdad78b2a98f3ef6f05e3ded0f3affb295e07ee2ed94ecdfc6a35cdd44c13aacb54c237d489efc3fb878a0cb6a97b910eba63d5a0afabcace0e5493f2d1a4ce381ece836492f47743e50699999d753ecc4487e3f412e6d1b737c7249541c5a1136a005cf6b4dad813069f14434aa82d0d0da79ce5866ba8aebd8cea212a779809927844d2188e75050b4c39cd5f6b311f1618953abb1e304ea6881870b8069d9241abd33cdb62d780b1f47961b6d7a01c04cf7d78c8eca1c583c4d0fda5fe788aaa519fc86fcd7dbb333298677fe7b0df7546d6ba75c6586b63538931b534754b1fe768425dfa8d6711f047d535b06cca16db732b40736536caa941634392e4dbaf81e59e73d844e4695471ba74e770eb89d9637d4bca98ef7f09006a801a4fbe0f511d195f4515c142a60fc503683be6765dc0cdc1c891d72664732b6ba533a00293552d7427008918634610e14e3dec8ef4e39c48acfa3c13069a299643db14587d101124ad6d57a03597c5052f73e5e6bc9d2a2d6bdbc6f8d3668972b78aa2928487535d88cecc18d6bd61265041f38275b9474b8db818fa584a794a612ed3cefa0d7dd8012af4db745635cc2ede47e3547a1d5ef3531da0e420bb6b0e1ebe9c658621d569f62f43f32cfe241ab442cef22e2ac3c75792e5607b81fe9a9c09be6b751eb90469df1d8e2d222944fbe627439eb79512f1aae956eec1f4c84b368b4377110e7143973c59484618fd00cceb58a5b3f945aeb64f96ae8088aaa6ebdfb19bf81ecaa20835dd46180d572730a75212283d92fca4103e0672600a13958727224c7d63b11e748c487948945477c0a89259e9ff9857ab50926d55ee7d18c3191e7b8f371cff1ff1d68ed8926c3a1c46ace960f1a9d78d6d09e3d9affbc8a81e902719f06763510489100404c64506672436ff2856dd21abc98f05f4895fc206da4b3cc2d09e1e94f2e7ee882d725ab2ef1f64a9b962bb000a98fa6e4148473f4a2ef7370759bdb5286a64981b2c66384a0d8c7e18b3bc2d145676bd2446bb12c546b939cd62de1f2ddbed2fbab22254a5313ce9530f6836ffe529c6d63d91fb7f7a1a6d93a39e63b8a59894e5500609bb3ffdb037c65b0d56ed449187aa1e8a2114817600e1e9e8fd2d68398a1c32b66b11be7736065cbf0efb4d83a3461810947023caf90e9557143c22cdd52a70fa5262c0e39a7bc8b6f08b0c2d7003f8a54605312ee301ac1c0a0755c6da07f12697694528279bb7c15c56a828517b8c3a600b2f75b3eb7e9d330c4c1496722569eb51f0aac88ec8c430f5b537a5c8d85b94995e00b16f4067bcabdd43e01753a5a222f836fee4a4b9be882aca9d86ef6bc413ccd101599753c50fc86e542804e569779ad2fdff2d243e9b22ef3badb0ed8ca8955b4b308a798e3ba7b7b0a7bc745a10d37251c8ba2898773c1b0289ad2fd17d3367dd2f84bf6bcc14080db9910c18de6e6d8b3487be1f23b3b75381b58d2a91a9f3df7aba870c7b08f9d3569d4cb5e4dcd809e642656afcc804424887a7d425162856549589e1383f4869cb89b7c82a831574e364841808046e04606de80c61d4047ad7d511fc09890cf95c5c9e593f4be0e433975b9d93b1fbb2b9b88d1eb634e8305d79fdda69aed059f8cd9e629d9e2b1ac32a8510941760a91d9948b669b5a1c93d1b103d788909af65716ab47e99f7585cbfd2d511995a5ba3317220315a14361ed67b48961a9704b9cd9c55240575a88fc7a0379fbfc336fd47940d836801364f04b63443a0e8344114d5248bd0ec396cdc5308932f311672ad96c096d3a410705cad1087006a8e5d3b9c4e3527ecc9992f8e57663a555055f9db3b0f1575c748e9b02983bccfe3b9ba009ab70fc2a79ca7cfde82382c3f8e6863926e1daa3ae7056f40582b82b7649c2dd9100f6938be8b946f0bff1685fbc60931e39716b813471d29b19deabe0a6a292809110bcad6e52cfe419a10b718e77db3dab64cc1ce1c958806cc3b18e470249edd2d6aef8c1c88f927ed52177209620f85689839af1a3ec13361ec8a1917ecaa764c501d92f30b9c49a6fa0da80bb770e6ac7cf80479cada2ad873614dc9c8db665a81b0eedf33d2f0bf6b1291f32da78499b861272cfbad83b355355c6633e6fd2d308ffe1334abea7a45b10c9ca96e838b815b79d398fee6d60f486a184fb8b8ccd289b52a1a353b529ef17ec8ffaf1b06294660ecf59e20d48f7e553b6253d5e21375f46c284c4b72f87c94a746a82f135af33116360a863ae9d3fb03c37365e06f72f5109de77d732e0c64936dab0c77ed99bd7df76083130dd01607dee7a051234b40d26641dc68f16b749794bad2fdf185855ef2a7063a6e6654649c6190b3bf3203338792510a0f83a08b4449b50684bf8416fec1396f561da029d28d929adc7c9e333347c6a1654df702234d7e7ac727f2a3f01425569f566a4664f7bbc691b09060165e8b268a2d1adae87e0f4f8ade2aecb99d80c01964e02f56cb46afb37b8bac3c8fc5e35d73cfa41c9d9b9ef76daa0e51ad35f32aaa22775128077ae3de1b4ca8aa984032b379dc398112cd03f05f3172b150d25657be1a1d23b491afb80e0123945de30b8cc6ea48e5bcd7186279aba06bec34a6399169ccd1781c4cc6cf851eca3ab7505c8191c359470af1dfcfa22025e8e8018c4701e2a3d3f84186c94cd55e9bd96462c9f242eefd15186b35f1fbeafeac4cab2575314cca94a48d2d543c75e03379fccfb7f60a7f3aeda7377374dfbdd4c27320cd6455591f3e434a198509c04ff551e3aa5bb525a953f0c3bc5ce4e5b06070b8202a2d5e89459d0d1ea231af350db73de8fa3fae088860cd26e81d2ac63e6e9d3e79c5ac7a3f17fab2e5e18ad3d78b6e433fdb33dee96396ca6e6ff1b26e768bbb4e92eaecbb8a61b6ab9b532f01d2b5dae738d58473e857e526d3820ba27f7d42b8a0db947df1d092036271bce5e74bebc2a2bd6df2d7e409afa748b31967f2fad14513ec671776ae568ae631e6b3d63bd84f5dfa78c69a688305a14900bb74d14a7b261993a60aead75b7786d97f5447b0feaafc3fa173bfeaf5332b58ba9d2c4518d1118b0dd85d3d475cf628e0526c1d615f2487d6a3635ec3afca0775ff922b5cebeeade2b7d55bf252ece027078e7970cd46b8fcc0417a091ccd200c59c292fb0648f493c22afd394dd61cd5074ddbfc2b500fcbfbffc5a96b1d9c621cda498af26d3a8c9354b939283a4adffae2882fcb3039c42ef9731f51e0f078b541d1d176105a8896c912341156006579af09cd0db113ae2d51cbd0f2f3866b191ad2a3fe663504486e43b2f90d39bd5a65c0c8ef6672a8dd8a3084238b21c617a1b7085171e87e832198748ba526e90b0e976de40b5a1226c85c8b7e10dc092a2763dfca41d8931243121c46d3fd7a97ad525d492909f2d77c9c282dcede989a726b658f59b44da3975448d93eb71ea4e51202f0e97405b879c92a7c0330ba4a1f3d967eabeb575bc22e997a00268907c3ec7267dcce7c84d7fa43db54782828ea314c690ecd8148969f15e2802fe9fe9cb090111fb42984be14fce59981424a3999a591cfdd3c1f3874a6dde51a6c1a12e4c9c4e01572000833760deaae6aad5e37e14e0a7384ddb402336f4632d32210f7f67bc9001e44f3aef7e571c6b886a3dc6756534f21ccd0837a06ffabc453135980ab87c6022b318b6e78", 0x2000, &(0x7f0000001140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001200)=ANY=[@ANYBLOB="b8"], 0x0, 0x0, 0x0})
connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x807, @empty, 'vlan1\x00'}}, 0x1e)
r6 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r6, &(0x7f0000000080)={{0x3, @default, 0x1}, [@null, @null, @default, @null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]}, 0x48)
r7 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
bind$ax25(r7, &(0x7f0000000100)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x1}, [@null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null]}, 0x48)
close(r7)
sendmmsg(r0, &(0x7f0000001340)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000500)="ab", 0x5ea}], 0x1}}], 0x484, 0x24048084)

1m2.064901657s ago: executing program 4 (id=3001):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0xb9eb0eb005d40dc0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x1800, &(0x7f0000000100)=@base={0x5, 0x6, 0x8, 0x3, 0x0, 0xffffffffffffffff, 0x3}, 0x50)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x15, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r3}, 0xc)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000001c0000000a"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r5, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf27, 0x500}, 0x48)
mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x3, 0x13, r7, 0x0)
mremap(&(0x7f0000fa4000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000fa2000/0x1000)=nil)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r8=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000240)={'ip6gre0\x00', r8, 0x0, 0x1, 0x0, 0x8, 0x22, @private0={0xfc, 0x0, '\x00', 0x1}, @empty, 0x700, 0x80, 0x5, 0x8}})
setsockopt$XDP_UMEM_FILL_RING(r5, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4)
readv(r4, &(0x7f0000000040)=[{&(0x7f0000002900)=""/4103, 0x1007}], 0x1)

1m1.945905191s ago: executing program 33 (id=3001):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/custom1\x00', 0xb9eb0eb005d40dc0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x1800, &(0x7f0000000100)=@base={0x5, 0x6, 0x8, 0x3, 0x0, 0xffffffffffffffff, 0x3}, 0x50)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x15, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x20}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xffffffff}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x3}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000000)={r3}, 0xc)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000001c0000000a"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r5 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
setsockopt$XDP_UMEM_COMPLETION_RING(r5, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
r6 = socket$inet6_udplite(0xa, 0x2, 0x88)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf27, 0x500}, 0x48)
mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x3, 0x13, r7, 0x0)
mremap(&(0x7f0000fa4000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000fa2000/0x1000)=nil)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r8=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000240)={'ip6gre0\x00', r8, 0x0, 0x1, 0x0, 0x8, 0x22, @private0={0xfc, 0x0, '\x00', 0x1}, @empty, 0x700, 0x80, 0x5, 0x8}})
setsockopt$XDP_UMEM_FILL_RING(r5, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4)
readv(r4, &(0x7f0000000040)=[{&(0x7f0000002900)=""/4103, 0x1007}], 0x1)

6.095878675s ago: executing program 3 (id=3330):
syz_usb_connect$hid(0x5, 0x36, &(0x7f00000008c0)=ANY=[@ANYBLOB="12010000000000108117980800000000000109024100010000000009040000020308000009210000010122290a09058103"], 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, 0x0, &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0, 0x0, 0xd}, 0x18)
syz_open_dev$evdev(&(0x7f0000000080), 0xfefffffa, 0x0)
ioctl$BLKCRYPTOIMPORTKEY(r0, 0xc0401289, &(0x7f00000000c0)={&(0x7f0000000000)="958f83d0531f69eba27b2ac41a29e5433fd064", 0x13, &(0x7f0000000040)=""/33, 0x21})
r1 = socket$isdn(0x22, 0x2, 0x26)
bind$isdn(r1, &(0x7f0000000080), 0x6)
syz_usb_connect$hid(0x6, 0x3f, &(0x7f0000000240)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x56a, 0x307, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x10, 0xf0, 0x7, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x1, 0x2, 0x6c, {0x9, 0x21, 0xac2, 0x6, 0x1, {0x22, 0xe01}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x9, 0xab, 0x6}}, [{{0x9, 0x5, 0x2, 0x3, 0x450, 0x0, 0x2, 0x9}}]}}}]}}]}}, &(0x7f0000000540)={0xa, &(0x7f0000000280)={0xa, 0x6, 0x201, 0x2, 0xff, 0x1, 0x20, 0x7}, 0x9e, &(0x7f00000003c0)={0x5, 0xf, 0x9e, 0x6, [@ptm_cap={0x3}, @wireless={0xb, 0x10, 0x1, 0x8, 0x0, 0x0, 0x1, 0x8000, 0x10}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x4, 0x3, 0x3, 0x1}, @wireless={0xb, 0x10, 0x1, 0x2, 0x40, 0x5, 0x81, 0x1, 0x4}, @ssp_cap={0x14, 0x10, 0xa, 0x10, 0x2, 0x89, 0xf000, 0x1, [0xff0000, 0xc00f]}, @generic={0x62, 0x10, 0x2, "19c6095d9b5411c4e85bab76b792a7455ad21d50422b4eb7606279e19d10e330ac690fffba356340321cde68e3db9f6922ff0d3fbcba91f26af2d99de390dee20bc3b1ea4749982d40a2d491c65d2fd774d324e8803d6b77ef348b5f4930cd"}]}, 0x3, [{0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x459}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x2003}}, {0x4, &(0x7f0000000500)=@lang_id={0x4, 0x3, 0x203d}}]})
r2 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x21041, 0x0)
syz_clone(0x10000, &(0x7f0000000640)="be15385b897b1090770820f17b055f883608ce2c11590946d18ffe994ed9f4cc1e6011656158b7750cd57707b32544d3a7df42d7a8fa458af3d9103bc5a801f6c9b83f8ff4a3944d96798d1459983ed315eb", 0x52, &(0x7f0000000780), &(0x7f00000007c0), &(0x7f0000000800)="7bdb92687fe865171adb8ddb97959b3644d1130d13f821d99b00921b58e68cdcce5b86f91421991f5e5b80f04421f8fe0af88a9c662170a5529b0817")
syz_usb_connect$hid(0x1, 0x3f, &(0x7f0000000840)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x5ac, 0x214, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x3, 0x20, 0x9, [{{0x9, 0x4, 0x0, 0x6, 0x2, 0x3, 0x1, 0x3, 0x4, {0x9, 0x21, 0xe86a, 0x3, 0x1, {0x22, 0x3ee}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x0, 0x5, 0xc0}}, [{{0x9, 0x5, 0x2, 0x3, 0x10, 0x4, 0xe, 0xe}}]}}}]}}]}}, &(0x7f0000000bc0)={0xa, &(0x7f0000000880)={0xa, 0x6, 0x110, 0xea, 0x8, 0x1a, 0x8, 0x9}, 0x5b, &(0x7f0000000900)={0x5, 0xf, 0x5b, 0x5, [@ssp_cap={0x14, 0x10, 0xa, 0x5, 0x2, 0x5, 0x0, 0xf, [0xf, 0xc000]}, @generic={0x26, 0x10, 0x1, "5a30676605985e7de4094759f531a26f7e0c2cbf2a373755a4e04142385285ed2d3f6e"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0x5, 0x3, 0x8, 0x40}, @wireless={0xb, 0x10, 0x1, 0x2, 0xe0, 0x48, 0x7, 0x2, 0x6}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0x3, 0x6, 0x81}]}, 0x4, [{0xf8, &(0x7f0000000980)=@string={0xf8, 0x3, "5bba8e044a16069597f262330b755f33a35a0d811c9911cfb8109f1eb1f6ddd372da5690a8678bb2a3bfe5f5cf3dca1140194ae95b992814659675a1b35935ad4db026ccfa0f79ccf7574dad86dc4da202a72d35d06c46b67ca620d268b8cbbb544cefa8a4fe25ca59bbd2b5489a74f3d63be1334dd178b9144d96a19dc1573c86a80a5c3323f970e24661ffce02061a7731327193d2167a2d4dda86cc2b2b9528f3e76feb8028e016c34c39d1085a351dc765515e95908683d808cdd6e4e2a204de25b38f440e8724f4c15d74d9f82301042d7550d21f4a7197e48e567d2294ac5dd0559a959456a071085d3386c36268a7fbd25b85"}}, {0x4, &(0x7f0000000a80)=@lang_id={0x4, 0x3, 0x100a}}, {0x4, &(0x7f0000000ac0)=@lang_id={0x4, 0x3, 0x44d}}, {0x8d, &(0x7f0000000b00)=@string={0x8d, 0x3, "ba27a99e6e88c461f49c4dd930eb192d30077c406c084682bff40b6e39663a7ea93dad13799a82ae9f47c33867cc1d525c83a57bfd310ad0741a8dcfd5f433154fa1d684932d7ac22e13fb36b6597a8c8c840d9511ba88649c8ec83435cf18ecc47b0a093df1cae81d5fb9f9acf525a3f5d07e9f827410a0c7e7df25bb0793d616017f23b6d691ff338ebc"}}]})
ioctl$TCFLSH(r2, 0x540b, 0x2)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c0000004300090000000000004cdbc9c000000008000200", @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x24000044)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r6=>0x0})
remap_file_pages(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000005, 0x7, 0x10000)
r7 = openat$vnet(0xffffff9c, &(0x7f0000000580), 0x2, 0x0)
ioctl$VHOST_SET_LOG_BASE(r7, 0x4008af04, &(0x7f0000000600)=&(0x7f00000005c0))
sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x44, r5, 0x1, 0x70bd28, 0x25dfdbfe, {{}, {@void, @val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x7ff, 0x170}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
sendmsg$NL80211_CMD_SET_MCAST_RATE(r3, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r5, 0x200, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x168}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x3c}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x37}]}, 0x2c}, 0x1, 0x0, 0x0, 0x80}, 0x20000000)

5.583439096s ago: executing program 1 (id=3332):
socket$inet_tcp(0x2, 0x1, 0x0)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x2132, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x100000f)
syz_open_dev$evdev(0x0, 0x0, 0x3f)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000400)={0x53, 0xfffffffffffffffe, 0x1, 0x0, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000240)="a8", 0x0, 0x8, 0x0, 0x1, 0x0})
r1 = syz_io_uring_setup(0x111, &(0x7f0000000140)={0x0, 0x334e, 0x10, 0x4, 0x312}, &(0x7f00000029c0)=<r2=>0x0, &(0x7f0000000300)=<r3=>0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x4})
write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x20, 0x0, @fd, 0x5, 0x0, 0xb, 0x7})
io_uring_enter(r1, 0x7277, 0x0, 0x28, 0x0, 0x0)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0xd3283d0368e269b3, 0x8031, 0xffffffffffffffff, 0x0)
preadv(r0, &(0x7f0000000300)=[{0x0}, {&(0x7f0000000500)=""/94, 0x5e}], 0x2, 0x0, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000080)={0x4000000, 0x0, 0x3})
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0xf8e14000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000740)=@file={0x0, './file0\x00'}, 0x6e)
syz_emit_ethernet(0x7e, &(0x7f0000000300)=ANY=[@ANYBLOB="a5050f0000b1aaaaaaaaaa3e08004500007000680000699e08000190780a010102ac1414aa0c0090780123000045220003006600060532006e00000000ac1414bb4424c671ac1414aa00000000ac1414aa000000170a010100000002441c9401ac1414bb00000002000000003074167dac1e0101000004013dca5bf24b822e3c1c89f408cf7258a18e53e082528783fe4977560aacc07a66ce69430221bbc8e25122fe1627ba587da5680a29b8d63c01bed89d24107616e9c9f7eeed9b5ae72d53c7a0dde9695feaf8e6fe78d11d064f0177caade8a3ac9b3caf9f8de97d8f17891906c8324b8a916d58823d"], 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000002400000024000000020000000000000001000084000000000000000002000002000000820000000000000006040000000000"], 0x0, 0x3e, 0x0, 0x1}, 0x28)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
r7 = syz_io_uring_setup(0x487, &(0x7f00000000c0)={0x0, 0x9010, 0x100, 0x4, 0x165}, &(0x7f0000000000), &(0x7f0000000280))
io_uring_register$IORING_REGISTER_PBUF_RING(r7, 0x16, &(0x7f0000000140)={&(0x7f0000001000)={[{0x0, 0x5, 0x3, 0x700}]}, 0x1, 0x1}, 0x1)

4.860913392s ago: executing program 3 (id=3339):
creat(&(0x7f0000000400)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000080)='./file0/file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="66643dab93fdadbc547b5462287e95e09eac4c0b4045a2f0ef177674565010696f456419d3dbc03e87be09ddd4011bc2c41c3bd546c034dd67d660bb046f36eff0003671b84b7ba4a3ad0ea529a2b8eed5f20baa78c3a171d9e2b617f987207f4f45021075d900a991e3a67c481268e656de1969af787208621d2d1de53fc0bc81d6330dcb117e71a20c5b7dc398c3e13a7de107c154342377d53e20cf765233972ac4f6d33b01824340945aa9bbdcf0105f4637fae6f216c498f34b1c4c22a92d89842bcb1400e21ef24e6b55a8f56550252b40d8226390d19b794c88786ee0c150f4371e4b5611ef3835ef5268536d476e9a8c56b676517859bd3516e0", @ANYRESOCT=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f00000061c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, r1, {0x7, 0x1f, 0x3000, 0x0, 0x0, 0x80, 0x9}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0608ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf08003d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0xfffffffffffffff5, 0x0, {0x0, 0xb}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_NOTIFY_INVAL_INODE(r0, &(0x7f0000000040)={0x28, 0x2, 0x0, {0x6, 0x9, 0x1000}}, 0x28)
mbind(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4003, &(0x7f0000000200)=0x40000000007d, 0x5, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x0, &(0x7f00000001c0)})
socket$nl_xfrm(0x10, 0x3, 0x6)
openat$vimc0(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_clone3(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f00000001c0)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r3 = syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x3010, 0x0, 0x39d}, &(0x7f0000000040)=<r4=>0x0, &(0x7f0000000280)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x1, 0x4007, @fd_index=0x7, 0x0, 0x0, 0x0, 0x1, 0x1, {0x1, r6}})
io_uring_enter(r3, 0x5dac, 0x3e80, 0x0, 0x0, 0x0)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x1a3)
ioctl$sock_inet_SIOCSARP(r7, 0xc0046686, &(0x7f00000002c0)={{0x2, 0x4e21, @multicast2}, {0x1, @random="6600048eee53"}, 0x8, {0x2, 0x4e20, @private=0xa010101}, 'rose0\x00'})
syz_open_dev$usbmon(&(0x7f0000000e80), 0xe253, 0x0)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000000)=0x200000000)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000400)={0x2, 0x0, {&(0x7f0000002440)=""/178, 0xb2, 0x0, 0x2, 0x2}}, 0x2c)

4.354883652s ago: executing program 1 (id=3340):
creat(&(0x7f0000000040)='./bus\x00', 0x0)
rt_sigaction(0x19, &(0x7f00000000c0)={&(0x7f0000000080)="366465f029144d00000081f30fc27f5e06ae0d0fd82e2e460f01d626f00994aff7000000c4c1796f960600000040cd00c4e2f1453c99f340a56544ca0c00", 0x84000004, 0x0}, 0x0, 0x8, &(0x7f0000000000))
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x10, &(0x7f0000000080)=0x10f3e, 0x4)
mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x100000a, 0x4082172, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610448000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x1, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd8b, 0xffffffffffffffff}, 0x48)
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
ppoll(&(0x7f0000000500)=[{r0}], 0x1, 0x0, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000003, 0x13, 0xffffffffffffffff, 0x0)
ioperm(0x284, 0x7f, 0xe3)
ioperm(0x7fffffff, 0x1, 0x8)
socket$netlink(0x10, 0x3, 0x0)
gettid()
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x7aad, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r3}, &(0x7f0000000180)=<r5=>0x0, &(0x7f00000001c0)=<r6=>0x0)
r7 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff)
r8 = add_key$keyring(&(0x7f0000002900), &(0x7f0000002940)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r7, &(0x7f00000028c0)='asymmetric\x00', &(0x7f0000002980)=@keyring={'key_or_keyring:', r8})
keyctl$get_persistent(0x16, 0x0, r7)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r4, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
r9 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
connect$llc(r9, &(0x7f0000000180)={0x1a, 0x0, 0xf9, 0x8, 0x0, 0x0, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3e}}, 0x10)
readv(r9, &(0x7f0000000100)=[{&(0x7f0000001180)=""/4085, 0xff5}], 0x1)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000340), 0xffffffffffffffff)

3.833893268s ago: executing program 3 (id=3342):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000012c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48)
signalfd(0xffffffffffffffff, &(0x7f0000000240)={[0x1, 0x7ff]}, 0x8)
pselect6(0x40, &(0x7f0000000040)={0xc, 0xf, 0x1, 0x4, 0xfffffffffffffff1, 0x2, 0x658}, 0x0, 0x0, &(0x7f0000000140), 0x0)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@cgroup=r0, r0, 0x2f}, 0x20)

3.771251373s ago: executing program 3 (id=3344):
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
creat(0x0, 0x90)
socket$inet_sctp(0x2, 0x800000000000001, 0x84)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf27, 0x500}, 0x48)
mmap(&(0x7f0000fa2000/0x3000)=nil, 0x3000, 0x3, 0x13, r0, 0x0)
mremap(&(0x7f0000fa4000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000fa2000/0x1000)=nil)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
ioctl$RTC_UIE_ON(0xffffffffffffffff, 0x7003)
r3 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100}, &(0x7f0000000200)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r1, 0x0, 0x0, 0x0, {}, 0x1})
syz_io_uring_setup(0x10d, &(0x7f0000000140), 0x0, 0x0)
prctl$PR_SET_IO_FLUSHER(0x43, 0x1)
io_uring_enter(r3, 0x2ded, 0xef92, 0x0, 0x0, 0x0)
msgsnd(0x0, &(0x7f0000000340)={0x3}, 0x2000, 0x0)

3.770937755s ago: executing program 0 (id=3345):
r0 = io_uring_setup(0xd71, &(0x7f0000000080)={0x0, 0x0, 0x2, 0x2})
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a)
openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$tipc(0x1e, 0x2, 0x0)
connect$tipc(r3, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x5}}, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000001100000000000000000a3c000000120a01020000000000000000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000114000000110001"], 0x64}, 0x1, 0x0, 0x0, 0x890}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="34000000130a0300002f0ff807000000020000040900020073797a270000000008000200000000000000010073797a30000000009fe3c6d47bea38c7d10975fe5a5ce9307acf49f6e05b30da2046361ff1a7fbff0313e0977caca40ae142613d843c860656613b7083629f3c350b2ab5dbcd9c070a6a8a69985519ec67a2dcf3d520cd31649ed5a959292f1ae4773136c79772792fd0511158fe29ba1c7747dd6f0475f0dd86ed2015f1b4b93794f91e1a806856597fdc8ae204ccf90a203538e5c2e6a83e26763b3840af6ee9fe1aef"], 0x34}}, 0x4000040)
sendmmsg$inet(r3, &(0x7f0000006740)=[{{0x0, 0x0, &(0x7f00000056c0)=[{&(0x7f0000001240)="80349c0d9e8fcc9f44658138dc4a3c4ad42f918348474a5bc38ff0e0571fc22c8eb5cb22fdf30ced1a4c1ccb5e5b35fed7db48c1a8a7132adc5623d146ddfe2254dd2579b4284b53d1cea6206864473d31bdb00c9d1462458b678827e80c94d88099e7471a58b1463086f9cdd1ccc19fa2fc4a9dd5a56fe782d15e66648c7630f1aaa7e9820460c46e292dbb8fa6f6701048ff17f46097b1ee0750ed038f18b81b2ba014bf866062c9a6f88b5d07e13b7eddd968ba9c7a53609c7b61471a51fd85bceebc0a92b2cd7c45a7f4571e693abebc3c5ff16c8128d92476", 0xdb}, {&(0x7f0000000280)="5b4ea50f20d7212327afde5e7a457cde2dff791c69fbc3", 0x17}, {&(0x7f00000002c0)="851d8a90d516f218f839a7c48edfe734b2490c90a2fbf5be3383f1c9f5be8e55148723ac0258ef4f8af1f5e0b0a86885f018523d60072c7d9c1568700b3abe208fbd5dad2daf18b5150a530d816bf4cc6e43da4f2793611b38009e8c0970268cf5836926fd1223f4f8bec6a4a68b2aaff7af151a661793a04cd9b936da8f53eae22356781c580df817f3168269eaeeae014fa9b1878bd89e2acb4853ffd7b9a06d7f5ff090c605f5d343e6d93c80d747365d21acea325c44fbb87f6271a2d9333e9b9dd1d36dfea61641d34fd54cd2970ac14acdadd04357bdd44bc926d0adef887b2e25c2f435ce79bac1d1f473c3a49a12aa5c5cfa4bfa4fd2470308ed259e62c218aee67006a3ca187c9aa13a806d99b2275341fd6022940537b1cb1fd2389f417ea92c6e77a09a9d09a98c4e2f0912d36b47588ff991aa98c3c650055bacb669aaf68dd4f8a7b43569c9af62e7cee6ba05278fe8642feafa5c436cb13fa45b3cdf750f8956c493acf7c561b12259331a363c74fb5f2947652ced415b0986b673680e8ad7bad823ff84c30681cbe45114510d9aa6f423f212bcdf1c244178ae31474d9f176707e9c481057f72d489372f7daeba51e3ea86895c8eed109566ad19f3957d0df21a671fce2d674c207d8643c85a018834f4e8e3992e6991d815", 0x1e0}, {0x0}, {&(0x7f0000002440)="253c10cd0a56ebbb9e8b465670109c340c95f1d27d36cbeb7fa948545e9b18da346b70b5dc6ea12ad1a30e4f7038336f1af1d61b04de988f1755e9b3ba9919b2a4952ceda920a7f0e22dd239d4a74f2d1c854bc64f09f979aa3e9f5c25ff8ec189e5d809483583f648cd8870291200e428", 0x71}, {&(0x7f00000024c0)="2ba671ae8107530b978dd82841597ed8f4275ed9e6b9f7b73ee6324ddf688ad9d88125b82afd2e28aef7183086ce0dd4ee880fc56a2ca8b52ef8f5b5f3e475f49b0bcd201fe612703d680fdd1151dd32535b04d4697d472c7750d6c4c197162e9f872253b611b1ca20e79dcf40d1faf58a453f8db9a03fdd351b54ad4e77fa0fda7990bb281079ae7ba3994aef7380e1d6342305e2d12c57379fd12e784f48e4e832171df4576c8724e3bfd70ebc92fc11914cd4", 0xb4}, {&(0x7f00000025c0)="96cb9dfd0c61d5ed863c5a35109d427201da53416c37631f95451a170fdb734214157996b04630903a7ad20aca669b5120871c47c6ef4e5975222b9676223895144ae5c2898ba0e94642e43e374bf9515c7e840e62021f25181401bda4c4d2d77867390c0a05af019adabfe896d7824f0dcb1724c64da40478808059ea83fa60145e108809ca25edf6ab820f23a5ce2b1779aa8c037a26d99df56f39ff5beca1c1e0cbfd69e415971a02f5115f6da0ba6da9be9772efa870aa6b62774ce009e7bcca4b4a7a910aab97e7f3da899eaaf573ac8a926a7be9b5875b3bb707ae9124ead39e70948bcf654b6b4342043f756323494e4ec559866c5a480c3b156c0427f1cc1d373b77424ea38e3697e36dcefd261575e5516bfcedc7baa8cbebed0ce49dd27e6291dd6f968eaf37f13313ba0bd22b6a63496be04a42df10fef87386434103b5ef819a969e8792a7765dc52c310fbe89851eaf8b2eabcf27bd487f817d48a54b0c7e8b151f0941a6f4adcf6a4486f96f8d18a2928829db333ec08bffe029f4840fdc0433d75157e80b33c3041f193e5c3fb1b7c13d1d7d7a8fe3122ddef181a6534232731c8f91dae42d9a66b9c2e0c6de6da74c24752b53d344b3c9a48ed62705c3e93f7e346c0379a6ec672b3a73dcfc159a79a77bd7b9edd013e3e9832d4dca6f9f973d63d5d235c7e22822e012e4181e102e68b03bdec323db739968061a7ba6fcf9589bd2975520fe9f1b44e52489bf5f5b0125b14bc894f4ff1ad2ba817dad6ab1654a2cacce1cc5160ea4bf3d7011cbf16ad0389b6511448c4186da0a7a55be54031a6d2773ac33aab5d533e7bb213309193f2ca3970e8fffc2fdacbc96e6f49c116b0505385a8bf282589be6b844e2aaaa652459b5d021127f59009020d34932cd03fbe5fea45bdc1f68463c4afe2b5ea8f97dee5e2e6b58196aff00e5ca51a0087f02bcb1dbdd638a5c7590095561578c30904f7ea80072de21fcedd0e41da8e7fe3514eaabc603d770a6fbed5367edb7feb5c5edfda04c7b8a4bfce5c73b876f52fde7dc929f3ffa632eb9514596793533d20fd191b484e902ab104dfc34a8486ba64d3e31c495e043279d8d6b4e6ca3c3fd4ae43529e55be690309e1bc90af2e9188cd5673eea73c75d4decf8972039c086e4b47caee900e1422fd2fbe0303dd5147a9fa487a7b08ad529d0d3db2bae4b26a83de0b15b9b82f26b23336481aca875c48605dc8d25d872920d01e2e163cc13d1f026666f8f54d6fe7895b47939599d168dc98a2de4aac463d98cb39375ac13fadd722b9f1e221d35bde594c9e53aa0f34b235a9d68d8f4841f9455804cd8a7bf05315c5bab2fa8820e956a8161cdd685fc4e1344f9d89189057376a5d1c23273d475aaa72ccbf4b5d8f2863f3f0fe7c0f8b001c065bae68aad9d8878a5edcd8dcbeec07d317c0a81fc84b8b208c60db73c6cf86d46cac98a7df449581d74be7991f1fa6924b76a2d6077aacca10fc777f0d09c5420cfc38c4638957086c9a2065ce94a286da01527bd8b8fd5830f93bcab97a4d0ca13c55b4ee32a49e078b4d79e7b17200fb6a550cfcccd33c681e37bc83c7fcda081a67c2a828e65a75df33e587a05f75fe05aef4078b3482c9078e2edb63c74134f92461044871e4a71f40228d156cbb3beb53eb898e0b6ade2d486a7111ce074510ad957f0eeae0812dd3802db231d9a15948a6b133167eb51dde0199023dfb3471661c7f13f14e786278c551d60929ef969b15d4ea544a9cda830183052ca1072083fb304502f38bcfd46ef64091a2a64bacc55ff3e91f8a7a97f69a9524bdaa60c14d75ddb44e399158c603cded78f42b79a6e9b9c30575289a92558f4d1d9cbb35780c86462cb56d5b474901c17df6ccba95481c004c384b17f99fb29458c9c59666c5305c508561e654d5f1b8ed375231358828b73b487c5f3096211f863375333bb1d3970f7c4cbc7b0f122dbb330b24498f38d804ec0e9c8a5976578bfbc2e46e8d898ec08b3742d5f9ba03d56567f6541f075c4f45eec94a6af78065689e8851294c48f02d48b1266586db86266bd2d0cbb729b567ed7643edf6849f50ca7a28b4ef59433ff22ce0680ffb3348a458ff77b6a796e849cb456df4b443d625d423d10e21bf0bcc785a243cf70ed2ea7c52548cd366ad9af486a4a0171f21ee9d961aa808a69a066aeb0c605fe7a83291ba942df3d11ba1e12da7381d7af20ccbd0de5416ef389c65d1fd0ff209dce808c490707a371b317ce65765082d1c5f67846ddfa65f291117d6e5a795ac2961d56eb24060d8b160d5bd146cd61589c00a108a1dba9e8730157e403cc35b0cd64b3aa66eada80be3bbb974d4642aa76bdf87c2d63134af1c646b1f0bfd218d4e4ebd277ad1cfc9b6f20c4036c6a511cb1ce486c3a563ca9368b10bed088bcfcdab752e0c78a10e550544ee6250d3908e3e7b09b2119f94abc2fdf43d7c82a4ffce81a3f962124ace1108443f41202c6d055d37e99b4eb6287c485acabff03f3a115db1ec790fdc5436e97bf2443c2f707ffb513f6d6494812b2238d679c8787a854ec92126bdc4681803ed4a5b84590e4f00ce956c6c3394773303b0620d118d2290cb229ea3b9bb9de8d719a0f92a50d34909a363f5f6ff906326f917be78c914c78846ef30c9b107b26c0a55401ceabf5b3c669eaa7a1a36d97b01d5da410366e3da5d232fb711d26afd9d4a5016425e47c0ec9b6305673af4cb46526af752011793c322797fb706042da364b6e723b513fd73db6721b00bd80e0923fe075300951d4dfefdd029c3fed21b734bf102f96d58b50bf4edcad014670c2d93eeb4d7bda3d1b70d9e21262c644bb96855895e4c0b32c9ed599d940ac24814b69812c124648428e13d7f72d74feb30288eb78b4a99fadc96589d8a9c7047787aa802514ba28af4d5520ac50928cd75ca92e2934a2e126456bfe1587003e87d9428b1fdb6b7662c44a5fee9d537b7f43822e5b103aeece1aa603215c215de2873e3a6b327c5ed0a0190fb7645034e1839ad165f3f7f80fd793734ac1412bbe20d82aea543792047ba5c5b37ee11988cd7e71cd43547e13c6bbc1ce3cf6aff9727381f06feb83b23b694724d9259d3736eba6ee66ee73a224b8a978debbbc35f8e28cc8267646e5c8cd8076d2044d41eadce01738ab2c7dc763de5a8042b957680223c4d9fdbf65d17e8998444e8db36c50fbe3c9a83e506661a029c4538617d46b6a43675c6dcf283a45b99e44188fd2681a50747e819e7f37496207ec448670fe62a3cb94712abeafb5dd2690ec12b18f8d67d5b0db41a897124f8b94695501aba517447338034bf14d0f99cbf5518aa013e1f35a052b4d27d1247349ff7a83362444372f017fcbdfe972b91c46a0a57f4639204673341ae92bc2dbf2b8d1680b432552850964eb1e14f38995e7e404b1bd1bf63d8d58c7b4ec38e3b9e73959e6509ad9f67d684f62759f5cae90bf8c1781b5800922c312aa634e5748b6181fc37df267eb5c66afc0c9249f9f601136c78d817beddf308c6970ee0e8221abe6fa124f55de7e5e78398004095a175f58cc270840e8c6759627f139e4f9b3b362e2700c5d06da66e862d1016c9f89d18646a6bb823f992342433b03397ed7586f489824a1495d707c81d3885029a47845802ef97856e530789a5cb7239752c6509cdd094212cb4b1b8baa7416cf5000db59418ad7f7a0d7d8e4cb8ebbbe4c40ba0ccc25283b9c933e251fff9871fc01026fafd8eed7ddcbe454b79339be93cd4b25a55af449f5c0893a957c5468c9147a973478c834ac4ecfea339cf3", 0xa9b}], 0x7}}], 0x1, 0x0)
r5 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$KDFONTOP_GET(r5, 0x4b72, &(0x7f0000000040)={0x1, 0x1, 0x6, 0x11, 0x1bc, 0x0})
socket$inet6_mptcp(0xa, 0x1, 0x106)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000080)={'bond0\x00', <r7=>0x0})
r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r9=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=@newlink={0x4c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x215, 0x100000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6}]}}}, @IFLA_LINK={0x8, 0x5, r7}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x4c}, 0x1, 0xba01}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCETHTOOL(r10, 0x8946, &(0x7f0000001d00)={'geneve1\x00', &(0x7f00000007c0)=@ethtool_dump={0x3e, 0x6, 0x8001, 0xb8, "1103b4a047e24dc884242edccc5204d95cbb49137424b23eb2ab553cdef98c97c3694981a8630b6cb436f67178d6f6d9d0a8019a11cecb3c04a9ece84df3cbcf65319c121cda6711a696af8b50cde07887f1362e8a632baa2401c558f2686a28acff53f0ca02a020a183240c64642434d24f21bcb24c96ce73b87bfb74bae4b8c7b8e01174b0cbaf9017aca0fee17dfe6efacc33c3897984655d24cd7b8e0d24f057192586832fa32ca5094caec369bb4689c7c9a1a4a43f"}})
io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000002700)=""/4096, 0x1000}], 0x0, 0xa}, 0x20)
r11 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r11, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000500)=@RTM_NEWMDB={0x17, 0x54, 0x1, 0x0, 0x0, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x0, 0x0, 0x0, {@in6_addr=@dev}}}]}, 0x38}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)

3.314254076s ago: executing program 1 (id=3348):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18090000002300810000000000000000850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0x3}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
statx(0xffffffffffffffff, &(0x7f0000000680)='.\x00', 0x0, 0x0, &(0x7f0000000080))
socket$qrtr(0x2a, 0x2, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc04c565d, &(0x7f0000000140)=@fd={0xfffffffe, 0xc, 0x4, 0x8, 0x401, {0x0, 0x2710}, {0x5, 0xc, 0x3, 0x1, 0x10, 0x65, "f846dd2f"}, 0x64e, 0x4, {}, 0x5})
r1 = socket(0x200000100000011, 0x3, 0x0)
r2 = syz_io_uring_setup(0x497, &(0x7f00000003c0)={0x0, 0x727b, 0x0, 0x800000, 0x15b}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000100)=<r4=>0x0)
mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x80010, 0xffffffffffffffff, 0x23a78000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r5=>0xffffffffffffffff})
recvmmsg(r5, &(0x7f0000000400)=[{{0x0, 0xf5ffffff, 0x0, 0x0, 0x0, 0x4000000}}], 0xf00, 0x0, 0x0)
shutdown(r5, 0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_FALLOCATE={0x11, 0x0, 0x0, @fd=r2, 0x8000000006, 0x0, 0xe448})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r1)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r6 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r6, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
io_uring_enter(r2, 0x26c8, 0x0, 0x1, 0x0, 0x10)
syz_80211_inject_frame(0x0, 0x0, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000c80)=@newlink={0x4c, 0x10, 0x1, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2180}, [@IFLA_IFNAME={0x14, 0x3, 'wlan0\x00'}, @IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN={0x10, 0x2, {0xa482, 0xec5, 0x1}}]}]}]}, 0x4c}}, 0x0)
r8 = socket$inet6(0xa, 0x3, 0x75)
setsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f0000000180)={{{@in6=@remote, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, {0xfffffffffffffffd, 0xeca, 0x0, 0x9, 0x0, 0x0, 0x0, 0xffff}, {0x0, 0x0, 0xc0f}}, {{@in6=@mcast2, 0x4d6, 0x6c}, 0x0, @in=@multicast1}}, 0xe4)

2.764274654s ago: executing program 3 (id=3350):
syz_80211_inject_frame(0x0, 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x48001)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x5c, 0x30, 0x1, 0x0, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x3, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x804}, 0x4040001)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f0000000080)="aefdda9d240300005a90f57f07703aeff0f64ebbee07962c22772e11b44e65d76641cb0100", 0x25}, {&(0x7f0000000040)="aa1d484ea0a00000f7fc08fcd111fbdf23ea32db0e8f21d5bc27bd49eb067a0689fff2a41cfb", 0x26}], 0x2)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000700)={'wlan1\x00'})
r4 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$inet(r4, &(0x7f0000000100)={0x0, 0x700, &(0x7f0000000080)=[{&(0x7f0000000140)="1c0000005e007f029e3b470d649b72ab25399cd956c07dead6a93690", 0x1c}], 0x1}, 0x0)
recvmsg(r4, 0x0, 0x2062)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="00f7ffffff1e00ff130012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}}, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$rds(0xffffffffffffffff, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f00000004c0)=""/234, 0xea}, {&(0x7f0000000180)=""/39, 0x27}, {&(0x7f00000005c0)=""/97, 0x61}, {&(0x7f0000000640)=""/148, 0x94}, {&(0x7f0000000700)=""/246, 0xf6}, {&(0x7f00000001c0)=""/64, 0x40}, {&(0x7f0000000880)=""/242, 0xf2}, {&(0x7f0000000980)=""/84, 0x54}], 0x8, &(0x7f0000000d00)=[@rdma_args={0x48, 0x114, 0x1, {{0x2a, 0x3fffff}, {&(0x7f0000000a00)=""/197, 0xc5}, &(0x7f0000000440)=[{&(0x7f0000000b00)=""/224, 0xe0}, {&(0x7f0000000c00)=""/183, 0xb7}], 0x2, 0x44, 0x4}}, @rdma_dest={0x18, 0x114, 0x2, {0x400, 0x81}}, @mask_cswp={0x58, 0x114, 0x9, {{0x8, 0xc}, &(0x7f0000000800)=0x3, &(0x7f0000000cc0)=0x5, 0x7, 0x578d, 0x8, 0x5, 0x58, 0x8001}}], 0xb8, 0x40008080}, 0x20040080)

2.139275787s ago: executing program 5 (id=3351):
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000340)={0x1, 0x58, &(0x7f0000000400)}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000180)='GPL\x00', 0xe011, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x2}, 0x94)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x48161)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
io_uring_setup(0xfb5, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c)
listen(r1, 0xfffffffc)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x4e22, @local}, 0x10)
sendto$inet(r4, &(0x7f00000000c0)="1c", 0x10002, 0x0, 0x0, 0x0)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYRESHEX=r3, @ANYRES32=r0], 0x28}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0xffffffffffffffff, 0x0, &(0x7f0000000240)=0xf3)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$fou(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$FOU_CMD_ADD(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="0100020000eb3f6129000000000000004620603e000003a42a70cb9c1fe18570e120d275057483905d7bf30f767e55e9604c06efab6c1bda1a48ed30380c5350a347c0c3b6f46aa4cd49b27763a689ae1c9bc99a26b7bb9d975fa5fa6e59a6d2b0609948271b5805ecef38aa802dce0ac31160219fbbdb6c731f8ad9215597a39b37e9781f9eb3813b"], 0x1c}}, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)

1.824326192s ago: executing program 0 (id=3352):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000640), r1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="840000001000f5a400000000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="000000000000000064001280090001"], 0x84}}, 0x0)
ioctl$VIDIOC_S_INPUT(0xffffffffffffffff, 0xc0045627, &(0x7f0000000040)=0x1f)
ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000000)={'wpan0\x00', <r3=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEV(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000280)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010028bd7000fbdbdf251a00000004002e8008000300", @ANYRES32=r3, @ANYBLOB='4\x00.'], 0x6c}, 0x1, 0x0, 0x0, 0x20040040}, 0x20040)

1.809314885s ago: executing program 1 (id=3353):
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x3, 0x1}}, './file0\x00'})
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0x40a45323, &(0x7f00000002c0)={{0x5, 0x7}, 'port0\x00', 0xcc, 0x10, 0x0, 0x1ff, 0x7, 0x1, 0x5, 0x0, 0x0, 0x1d})
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x200000000000008, 0x0, 0x3}, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
syz_emit_ethernet(0x6e, &(0x7f0000000080)=ANY=[@ANYBLOB="0180c200000e86082b9827c186dd60cb3e020038ba001c030000000000000000000000000000ff02a4e60000000000000000000000010400907800000000609703093cb91100fe880000000000000000000000000001fe8000000000000000000000000000aa0000000000000000"], 0x0)
mkdir(&(0x7f0000000100)='./file1\x00', 0x13b)
socket$packet(0x11, 0x3, 0x300)
bind$unix(r2, &(0x7f00000003c0)=@file={0x0, './file0/file0\x00'}, 0x6e)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r3 = open(&(0x7f0000000180)='./bus\x00', 0x189a7c, 0x113)
r4 = open(&(0x7f0000000240)='./bus\x00', 0x64c1c2, 0x0)
pwritev2(r4, &(0x7f0000000680)=[{&(0x7f0000000200)="05", 0x1}], 0x1, 0x6000000, 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x37fffee, 0x4002011, r3, 0x0)
getsockname$packet(r0, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f00000000c0)=0x14)
r5 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r5, 0x5386, &(0x7f0000000000))
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
r6 = io_uring_setup(0x194e, &(0x7f0000000a80)={0x0, 0xd3d5, 0x80, 0x5, 0x2b0})
openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x62182, 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)

1.483940503s ago: executing program 0 (id=3354):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
r0 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10)
r1 = socket$inet(0x2, 0x2, 0x1)
setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000380)=0xfffffffe, 0x4)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10)
ioctl$FBIOPUT_CON2FBMAP(0xffffffffffffffff, 0x4610, &(0x7f0000000040)={0x25, 0x1})
setgid(0x0)

1.19395424s ago: executing program 5 (id=3355):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000180)={0x60, 0x0, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x4c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0xa, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @mcast1}}}}]}]}, 0x60}}, 0x0)

1.193383236s ago: executing program 5 (id=3356):
bind$llc(0xffffffffffffffff, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
ioctl$DRM_IOCTL_MAP_BUFS(r1, 0xc00c6419, 0x0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
r2 = syz_io_uring_setup(0x237, &(0x7f0000000380)={0x0, 0x262e, 0x10100, 0x0, 0x170}, &(0x7f00000002c0)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1})
io_uring_enter(r2, 0x708, 0x41e3, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000400)='./file1\x00', 0x0)
mount$9p_virtio(&(0x7f0000000040), &(0x7f0000000100)='./file1\x00', &(0x7f0000000140), 0x2, 0x0)

1.093482448s ago: executing program 0 (id=3357):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@ipv6_delrule={0x28, 0x21, 0x121, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@FIB_RULE_POLICY=@FRA_UID_RANGE={0xc, 0x18, {0x0, 0xffffffffffffffff}}]}, 0x28}}, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@ipv6_delrule={0x28, 0x21, 0x121, 0x0, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, [@FIB_RULE_POLICY=@FRA_UID_RANGE={0xc, 0x18, {0x0, 0xffffffffffffffff}}]}, 0x28}}, 0x0)
mount(&(0x7f0000000080)=@nullb, &(0x7f00000002c0)='./bus\x00', &(0x7f0000000380)='omfs\x00', 0x280d088, &(0x7f0000000040)='\x00\xe4\xff(\xff\f\xae\xac\x92?\x00\x00\x00\x00\xe0')

1.093205501s ago: executing program 0 (id=3358):
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0)
write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
r1 = gettid()
getpid()
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0)
sendfile(r2, r2, &(0x7f00000000c0)=0xffff7fffffffc059, 0x3fa7)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000440)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000040)=0xfff)

876.541474ms ago: executing program 5 (id=3359):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) (async)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x34) (async)
r0 = getpid() (async, rerun: 64)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002) (async, rerun: 64)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) (async, rerun: 32)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}) (rerun: 32)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) (async)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) (async)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6) (async)
ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000040)={0x0, 0x8, 0x0, 0x4})
ptrace$ARCH_SHSTK_STATUS(0x1e, r0, 0x0, 0x5005)
socket$netlink(0x10, 0x3, 0x15) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) (async)
ptrace$ARCH_SHSTK_UNLOCK(0x1e, r0, 0x0, 0x5004)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r3}, 0x18) (async)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000140)='syzkaller\x00', 0x6, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='rpc_buf_alloc\x00', r4, 0x0, 0x1}, 0x18) (async)
r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) (async)
r6 = shmget$private(0x0, 0x2000, 0x800, &(0x7f0000ffd000/0x2000)=nil)
shmat(r6, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffcfff) (async)
r7 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00')
lseek(r7, 0x289e0cb5, 0x0) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x2}, 0x94) (async)
sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x2f, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) (async)
sched_setaffinity(0x0, 0x0, 0x0) (async)
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x141040, 0x42)

724.150539ms ago: executing program 1 (id=3360):
r0 = fsopen(&(0x7f00000000c0)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)='c:::\x00y,\x9e\xd7\x99\xb4\xa1\xb8\x81\xaax]\xec\x13\xb4l\x96\xb2\xf9Q7{.\xd3F\xa0\x04\xb3!\xa64\xde}\xaf\xbe\xa8^He\xded\xbd\xebr\xda1A\xabt\x97v\x9d9\xe5\xa2\x99\xd8\x9a\xe7\x1f\x1d\xcc*\xff\xd8\xa33#\x99\x00}f\xc5\x90~\xad\xc0\x8b\xa4\x03:\xb0-\x19\xee\x17\xe5\xe0+\x06\x18ds9\x96:\xa8skOF%w\x87\x9a\x1c\x11\fG\xc30~?\xc5u<plsb\xe9\xda\x9cJ', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x19, 0x4, 0x4, 0xc, 0x0, 0xffffffffffffffff, 0x6}, 0x50)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r2}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r2}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
unshare(0x26020480) (async)
unshare(0x26020480)
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) (async)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000240)='./file0\x00')
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='hugetlbfs\x00', 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0xba, &(0x7f0000000140)=""/186, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0) (async)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x0, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) (async)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
syz_clone3(&(0x7f0000000680)={0x4041200, &(0x7f0000000380), &(0x7f00000003c0)=<r4=>0x0, &(0x7f0000000440), {0x3e}, &(0x7f0000000480)=""/158, 0x9e, &(0x7f0000000540)=""/228, &(0x7f0000000640)=[r3], 0x1}, 0x58)
sched_setscheduler(r4, 0x6, &(0x7f0000000200)=0x9) (async)
sched_setscheduler(r4, 0x6, &(0x7f0000000200)=0x9)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x51312000) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x51312000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) (async)
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sched_setaffinity(r3, 0x8, &(0x7f0000000100)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)

642.9978ms ago: executing program 3 (id=3361):
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
r1 = openat$dsp(0xffffff9c, &(0x7f0000000080), 0x82040, 0x0)
ioctl$SOUND_MIXER_WRITE_RECSRC(r1, 0xc0044dff, &(0x7f0000000100)=0x4) (fail_nth: 9)

563.641445ms ago: executing program 1 (id=3362):
setfsgid(0xee00)
r0 = syz_clone(0xb8086200, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(r0, &(0x7f00000004c0)='net/nfsfs\x00')
munmap(&(0x7f0000901000/0x3000)=nil, 0x3000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x800, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e77, 0x20000000, 0x94a, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x1}}}}, @m_ife={0x48, 0x3ffa, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x854}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000180)=ANY=[@ANYBLOB="2a0000800600000000000000000000020000000000000001000000000000002a00"/42], 0x2a)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="796104000000000000007e000000c94b2348dfcb03df17fc8e5c228cb3f25de83aff0ab1ebe501c8934a5c4261efc8762bb5d29ad0a1c0b52bff2eb47850b87291aa56752f12681ca03357"], 0x14}}, 0x0)
r7 = syz_open_dev$dri(&(0x7f0000000080), 0x8004, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[<r8=>0x0], 0x0, 0x0, 0x0, 0x18})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r1, 0xc05064a7, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8})
syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x381d40)
r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000500)='/proc/diskstats\x00', 0x0, 0x0)
pread64(r9, &(0x7f0000000180)=""/73, 0x49, 0xac8c)
syz_emit_ethernet(0x186, &(0x7f0000000780)={@broadcast, @local, @val={@void, {0x8100, 0x1, 0x1, 0x2}}, {@mpls_mc={0x8848, {[{0x400}, {0xffff0, 0x0, 0x1}, {0x1ff}, {0x7ff, 0x0, 0x1}], @ipv6=@dccp_packet={0x7, 0x6, "70fb7f", 0x13c, 0x21, 0x0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, {[@dstopts={0x0, 0x1, '\x00', [@enc_lim={0x4, 0x1, 0x93}, @pad1, @pad1]}, @dstopts={0x73}, @dstopts={0x11, 0x1, '\x00', [@jumbo={0xc2, 0x4, 0xff7ffffe}, @jumbo={0xc2, 0x4, 0x1c000000}]}, @hopopts={0x5c, 0x0, '\x00', [@pad1]}, @routing={0x87, 0x6, 0x1, 0xc1, 0x0, [@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @remote, @loopback]}, @dstopts={0x73, 0x6, '\x00', [@hao={0xc9, 0x10, @private0}, @padn, @calipso={0x7, 0x18, {0x0, 0x4, 0x5, 0xe775, [0x1, 0x1ca]}}, @enc_lim={0x4, 0x1, 0x5}]}, @fragment={0x21, 0x0, 0x79, 0x1, 0x0, 0x5, 0x66}], {{0x4e22, 0x4e20, 0x4, 0x1, 0x1, 0x0, 0x0, 0x0, 0x7, "ebfbde", 0x7, "ab0890"}, "a2c0e44ba768491546746036880bd2c83f00729aa9a4ec7e4ca518cc8b1e570d9e41284f350259948b32d17352fd9612d8af23f51e7fa79dc9357f5e6e62d75fdb970304237d44093831f44d3c899db6247a048197b8192f4d918e957637c29e0a31957a"}}}}}}}, 0x0)

136.216244ms ago: executing program 0 (id=3363):
r0 = open(0x0, 0x0, 0x0)
fcntl$notify(r0, 0x402, 0x8000003d)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x4000, 0x0) (fail_nth: 9)
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x12}, &(0x7f00009b1ffc))
timer_settime(0x0, 0x0, &(0x7f0000000600)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r1 = gettid()
tkill(r1, 0x13)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(0xffffffffffffffff, 0xc0c89425, &(0x7f0000000740)={"8c3ef01be86258108b331b07f91efab2", 0x0, 0x0, {0x6, 0x40}, {0x3, 0x1}, 0x6, [0x3, 0x5, 0x9, 0x7, 0x7, 0x5, 0x10, 0x953, 0x1, 0x4, 0x8, 0x9000000000000000, 0x2, 0x4, 0x2, 0x5]})
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000001c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r2}, 0x10)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
socket$inet_udplite(0x2, 0x2, 0x88)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
r3 = syz_pidfd_open(0x0, 0x0)
setns(r3, 0x20000000)
sendmsg$TIPC_NL_PEER_REMOVE(0xffffffffffffffff, 0x0, 0x0)
readv(0xffffffffffffffff, 0x0, 0x0)

538.223µs ago: executing program 5 (id=3364):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000000c0), r0)
syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x183001)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f0000000340)={r4, 0x0, 0x0, 0x0, 0x1, [], [0x0, 0x7, 0x0, 0x2], [0x0, 0x4, 0x2, 0x100000], [0x0, 0x0, 0x1, 0x1]})
sendmsg$IEEE802154_LLSEC_DEL_KEY(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x30, r1, 0x201, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0xe2}]}, 0x30}, 0x1, 0x0, 0x0, 0x4a084}, 0x20004050)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000), 0xc, &(0x7f0000000180)={&(0x7f0000000240)={0xa8, r5, 0x400, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0xcf, 0x7}}}}, [@NL80211_ATTR_KEY_DEFAULT_TYPES={0x8, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "6946280265bcf7d1fa1edbeeb5"}, @NL80211_ATTR_KEY={0x4c, 0x50, 0x0, 0x1, [@NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_DEFAULT_MGMT={0x4}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, '^y\r\t\x00'}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "ca57acf877f31518e20daf1f74"}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac05}, @NL80211_KEY_SEQ={0x4}]}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x8, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}]}, 0xa8}}, 0xf2e3582585723c2b)
r7 = openat$yama_ptrace_scope(0xffffff9c, &(0x7f0000000300), 0x2, 0x0)
write$yama_ptrace_scope(r7, &(0x7f00000003c0)='1\x00', 0x2)

0s ago: executing program 5 (id=3365):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1e, 0x4, &(0x7f0000000880)=ANY=[@ANYBLOB="189c51db385c000000000e000000001085000000070000009585f74db09065b8aff44e16f56f0b3d219e35983dcefa95147de02ac91d5e489c41dd7fb591eeea91313ca087a610b7c127ad40edd18fb9f3ed10631c7bce3cbef739e9f6e20cff7a372c05d34f6f8c6e17f394d895fc72aa1db64d8140858380159aa47565392929aae8188373f76b160f715d0900e2454656a0f55ce885a772efaed137b98512c8a5b8510e67d239e6379908d8576c206f92d416e728eefa6bf8eb44833052a5513275e7303caedd9d92e5411afb60d98b81cdd8c75cb66d9b893e20215dd27111325dadc5d4582158690e5314ac2627080912bf0f0cb10422deca7e626b70bed79b4f11c4cc2dfd450a020000005837a4307d46cfddf62175f9000b79619859e657b24555cbc23f8af156762455b6e3e6eca7db1ba31c69001be65c5130977ee6a091b575af8c6e74b485ab435c004f02e6c1330fad96e7d9c9621144038213ca233989", @ANYRES8=r1, @ANYRES64=r1, @ANYRESDEC=r0, @ANYRES64=r0], &(0x7f0000000000)='GPL\x00', 0xc95d, 0x0, 0x0, 0x100, 0x63, '\x00', 0x0, @fallback=0x30, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$inet_mptcp(0x2, 0x1, 0x106)
memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0x0, &(0x7f00000001c0)={0x8, 0x100008d}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
landlock_create_ruleset(&(0x7f0000000280)={0x405, 0x0, 0x23d38bd98f8e7a87}, 0x18, 0x3)
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-ni\x00'}, 0xffffffffffffffbd)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, 0x0, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @empty, 0x200000}, 0x1c)
listen(r4, 0x9)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(r5, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000)
connect$inet(r5, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20000800}, 0x800)
r7 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
bind$bt_hci(r7, &(0x7f0000000000)={0x27}, 0x74)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
r8 = getpid()
sched_setaffinity(r8, 0x8, &(0x7f0000000240)=0x2)

kernel console output (not intermixed with test programs):

 type=1326 audit(1758494088.216:20273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15998 comm="syz.1.2915" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67579 code=0x7ffc0000
[  411.492518][ T5986] Bluetooth: hci5: command tx timeout
[  411.494611][   T40] audit: type=1326 audit(1758494088.216:20274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15998 comm="syz.1.2915" exe="/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f67579 code=0x7ffc0000
[  411.505793][   T40] audit: type=1326 audit(1758494088.216:20275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15998 comm="syz.1.2915" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67579 code=0x7ffc0000
[  411.514676][   T40] audit: type=1326 audit(1758494088.216:20276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15998 comm="syz.1.2915" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67579 code=0x7ffc0000
[  411.523588][   T40] audit: type=1326 audit(1758494088.216:20277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15998 comm="syz.1.2915" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f67579 code=0x7ffc0000
[  411.532333][   T40] audit: type=1326 audit(1758494088.216:20278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15998 comm="syz.1.2915" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67579 code=0x7ffc0000
[  411.623034][ T6033] usb usb44-port1: attempt power cycle
[  411.693245][T14026] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  411.696252][T14026] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  411.704329][T16020] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  412.183014][ T6033] usb usb44-port1: unable to enumerate USB device
[  412.451690][T16042] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  412.453742][T16042] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  412.456654][T16042] vhci_hcd vhci_hcd.0: Device attached
[  412.732175][ T6033] usb 40-1: SetAddress Request (11) to port 0
[  412.735696][ T6033] usb 40-1: new SuperSpeed USB device number 11 using vhci_hcd
[  413.076252][T16052] FAULT_INJECTION: forcing a failure.
[  413.076252][T16052] name failslab, interval 1, probability 0, space 0, times 0
[  413.080164][T16052] CPU: 2 UID: 0 PID: 16052 Comm: syz.4.2929 Not tainted syzkaller #0 PREEMPT(full) 
[  413.080179][T16052] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  413.080186][T16052] Call Trace:
[  413.080190][T16052]  <TASK>
[  413.080195][T16052]  dump_stack_lvl+0x16c/0x1f0
[  413.080215][T16052]  should_fail_ex+0x512/0x640
[  413.080232][T16052]  ? fs_reclaim_acquire+0xae/0x150
[  413.080250][T16052]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  413.080265][T16052]  should_failslab+0xc2/0x120
[  413.080281][T16052]  __kmalloc_noprof+0xd2/0x510
[  413.080294][T16052]  ? trace_kmalloc+0x2b/0xd0
[  413.080308][T16052]  ? __kmalloc_noprof+0x242/0x510
[  413.080322][T16052]  tomoyo_realpath_from_path+0xc2/0x6e0
[  413.080339][T16052]  ? tomoyo_fill_path_info+0x233/0x420
[  413.080353][T16052]  tomoyo_mount_acl+0x1ae/0x850
[  413.080366][T16052]  ? bpf_ksym_find+0x124/0x1c0
[  413.080379][T16052]  ? is_bpf_text_address+0x94/0x1a0
[  413.080393][T16052]  ? __pfx_tomoyo_mount_acl+0x10/0x10
[  413.080406][T16052]  ? __kernel_text_address+0xd/0x40
[  413.080417][T16052]  ? unwind_get_return_address+0x59/0xa0
[  413.080429][T16052]  ? arch_stack_walk+0xa6/0x100
[  413.080453][T16052]  ? tomoyo_domain+0xbb/0x150
[  413.080463][T16052]  ? tomoyo_profile+0x47/0x60
[  413.080474][T16052]  tomoyo_mount_permission+0x16d/0x420
[  413.080492][T16052]  ? tomoyo_mount_permission+0x14f/0x420
[  413.080507][T16052]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  413.080530][T16052]  security_sb_mount+0x9b/0x260
[  413.080544][T16052]  path_mount+0x15f/0x2000
[  413.080561][T16052]  ? __pfx_path_mount+0x10/0x10
[  413.080575][T16052]  ? kmem_cache_free+0x2d1/0x4d0
[  413.080587][T16052]  ? putname+0x154/0x1a0
[  413.080602][T16052]  ? getname_flags.part.0+0x1c5/0x550
[  413.080622][T16052]  ? __ia32_sys_mount+0x28b/0x310
[  413.080635][T16052]  __ia32_sys_mount+0x28b/0x310
[  413.080650][T16052]  ? __pfx___ia32_sys_mount+0x10/0x10
[  413.080665][T16052]  ? rcu_is_watching+0x12/0xc0
[  413.080679][T16052]  __do_fast_syscall_32+0x7c/0x300
[  413.080697][T16052]  do_fast_syscall_32+0x32/0x80
[  413.080707][T16052]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  413.080720][T16052] RIP: 0023:0xf70de579
[  413.080728][T16052] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  413.080739][T16052] RSP: 002b:00000000f54ce55c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  413.080750][T16052] RAX: ffffffffffffffda RBX: 0000000080000300 RCX: 0000000080000080
[  413.080756][T16052] RDX: 0000000080000180 RSI: 0000000002200890 RDI: 0000000000000000
[  413.080763][T16052] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  413.080769][T16052] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  413.080775][T16052] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  413.080788][T16052]  </TASK>
[  413.081296][T16052] ERROR: Out of memory at tomoyo_realpath_from_path.
[  413.142143][T16043] vhci_hcd: connection reset by peer
[  413.183231][T13920] vhci_hcd: stop threads
[  413.184561][T13920] vhci_hcd: release socket
[  413.185938][T13920] vhci_hcd: disconnect device
[  413.559870][ T8493] vhci_hcd: vhci_device speed not set
[  413.692862][T16069] infiniband syz1: set down
[  413.694588][T16069] infiniband syz1: added syz_tun
[  413.711582][T16069] RDS/IB: syz1: added
[  413.713484][T16069] smc: adding ib device syz1 with port count 1
[  413.715509][T16069] smc:    ib device syz1 port 1 has pnetid SYZ2 (user defined)
[  413.979289][T16077] 9pnet_fd: Insufficient options for proto=fd
[  414.109297][T16082] kvm: kvm [16081]: vcpu226, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0x1
[  414.222723][  T841] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[  414.372274][  T841] usb 6-1: Using ep0 maxpacket: 8
[  414.380619][  T841] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  414.384547][  T841] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  414.388647][  T841] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  414.396179][  T841] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  414.400402][  T841] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  414.407406][  T841] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  414.411079][  T841] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  414.626274][  T841] usb 6-1: usb_control_msg returned -32
[  414.628099][  T841] usbtmc 6-1:16.0: can't read capabilities
[  415.048160][T16093] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[  415.556055][T16106] kvm: kvm [16105]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x11e) = 0x1
[  415.699763][T16102] kAFS: No cell specified
[  415.794929][T16102] siw: device registration error -23
[  417.401852][ T8493] usb 6-1: USB disconnect, device number 19
[  417.778352][T16171] fuse: Bad value for 'fd'
[  417.834444][   T40] kauditd_printk_skb: 16 callbacks suppressed
[  417.834455][   T40] audit: type=1326 audit(1758494094.596:20295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16174 comm="syz.4.2959" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  417.847301][   T40] audit: type=1326 audit(1758494094.606:20296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16174 comm="syz.4.2959" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  417.863689][   T40] audit: type=1326 audit(1758494094.606:20297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16174 comm="syz.4.2959" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70de579 code=0x7ffc0000
[  417.870018][   T40] audit: type=1326 audit(1758494094.606:20298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16174 comm="syz.4.2959" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  417.876698][   T40] audit: type=1326 audit(1758494094.606:20299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16174 comm="syz.4.2959" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  417.882506][T16175] loop9: detected capacity change from 0 to 7
[  417.883362][   T40] audit: type=1326 audit(1758494094.606:20300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16174 comm="syz.4.2959" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70de579 code=0x7ffc0000
[  417.891126][   T40] audit: type=1326 audit(1758494094.606:20301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16174 comm="syz.4.2959" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  417.897267][   T40] audit: type=1326 audit(1758494094.606:20302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16174 comm="syz.4.2959" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  417.903299][   T40] audit: type=1326 audit(1758494094.606:20303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16174 comm="syz.4.2959" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70de579 code=0x7ffc0000
[  417.909567][   T40] audit: type=1326 audit(1758494094.606:20304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16174 comm="syz.4.2959" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000
[  417.916550][T16175] buffer_io_error: 4 callbacks suppressed
[  417.916559][T16175] Buffer I/O error on dev loop9, logical block 0, async page read
[  417.920601][T16175] Buffer I/O error on dev loop9, logical block 0, async page read
[  417.923024][T16175] Buffer I/O error on dev loop9, logical block 0, async page read
[  417.926549][T16175] Buffer I/O error on dev loop9, logical block 0, async page read
[  417.941032][T16175] Buffer I/O error on dev loop9, logical block 0, async page read
[  417.944057][T16175] Buffer I/O error on dev loop9, logical block 0, async page read
[  417.947327][T16175] Buffer I/O error on dev loop9, logical block 0, async page read
[  417.951010][T16175] ldm_validate_partition_table(): Disk read failed.
[  417.953975][T16175] Buffer I/O error on dev loop9, logical block 0, async page read
[  417.957488][T16175] Buffer I/O error on dev loop9, logical block 0, async page read
[  417.960950][T16175] Buffer I/O error on dev loop9, logical block 0, async page read
[  417.964739][T16175] Dev loop9: unable to read RDB block 0
[  417.967414][T16175]  loop9: unable to read partition table
[  417.970096][T16175] loop9: partition table beyond EOD, truncated
[  417.972766][T16175] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  417.972766][T16175] 
) failed (rc=-5)
[  418.342279][ T6033] usb 40-1: device descriptor read/8, error -110
[  418.779621][ T6033] usb usb40-port1: attempt power cycle
[  419.013747][ T5986] Bluetooth: hci3: ISO packet for unknown connection handle 304
[  419.368854][T16211] netlink: 2028 bytes leftover after parsing attributes in process `syz.4.2968'.
[  419.377584][T16211] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2968'.
[  419.421143][ T6033] usb usb40-port1: unable to enumerate USB device
[  419.548033][T16214] loop9: detected capacity change from 0 to 7
[  419.553043][T16214] ldm_validate_partition_table(): Disk read failed.
[  419.555729][T16214] Dev loop9: unable to read RDB block 0
[  419.557514][T16216] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  419.562575][T16214]  loop9: unable to read partition table
[  419.565135][T16214] loop9: partition table beyond EOD, truncated
[  419.567840][T16214] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  419.567840][T16214] 
) failed (rc=-5)
[  419.971577][ T5986] Bluetooth: hci5: ISO packet for unknown connection handle 304
[  420.006577][T16234] openvswitch: netlink: Actions may not be safe on all matching packets
[  420.322780][ T5986] Bluetooth: hci5: ISO packet for unknown connection handle 304
[  420.471494][T16265] netlink: 'syz.1.2985': attribute type 4 has an invalid length.
[  420.478941][T16265] netlink: 17 bytes leftover after parsing attributes in process `syz.1.2985'.
[  420.482302][ T6033] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  420.524812][T16265] delete_channel: no stack
[  420.548991][T16271] lo speed is unknown, defaulting to 1000
[  420.550970][T16271] lo speed is unknown, defaulting to 1000
[  420.556101][T16271] lo speed is unknown, defaulting to 1000
[  420.567630][T16271] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  420.586732][T16271] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[  420.640046][T16271] lo speed is unknown, defaulting to 1000
[  420.645436][T16271] lo speed is unknown, defaulting to 1000
[  420.650164][T16271] lo speed is unknown, defaulting to 1000
[  420.655125][T16271] lo speed is unknown, defaulting to 1000
[  420.659607][T16271] lo speed is unknown, defaulting to 1000
[  420.666357][T16271] lo speed is unknown, defaulting to 1000
[  420.672249][T16271] lo speed is unknown, defaulting to 1000
[  420.676958][T16271] lo speed is unknown, defaulting to 1000
[  420.772095][ T6033] usb 9-1: Using ep0 maxpacket: 16
[  420.774959][ T6033] usb 9-1: config 0 has an invalid interface number: 132 but max is 0
[  420.777553][ T6033] usb 9-1: config 0 has no interface number 0
[  420.780950][ T6033] usb 9-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  420.783810][ T6033] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.786262][ T6033] usb 9-1: Product: syz
[  420.787614][ T6033] usb 9-1: Manufacturer: syz
[  420.789081][ T6033] usb 9-1: SerialNumber: syz
[  420.792888][ T6033] usb 9-1: config 0 descriptor??
[  420.795445][ T6033] hub 9-1:0.132: bad descriptor, ignoring hub
[  420.797438][ T6033] hub 9-1:0.132: probe with driver hub failed with error -5
[  420.801245][ T6033] input: bcm5974 as /devices/platform/dummy_hcd.4/usb9/9-1/9-1:0.132/input/input36
[  421.156791][   T66] usb 9-1: USB disconnect, device number 3
[  421.731104][T16287] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  423.424961][T16304] siw: device registration error -23
[  423.922233][T16308] futex_wake_op: syz.4.2996 tries to shift op by -1; fix this program
[  424.000280][T14009] smc: removing ib device syz1
[  424.920443][T16327] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2997'.
[  425.027787][   T62] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  425.033311][   T62] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  425.036982][   T62] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  425.041789][   T62] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  425.047374][   T62] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  425.085360][T16329] vxcan1 speed is unknown, defaulting to 1000
[  425.206934][   T74] bridge_slave_1: left allmulticast mode
[  425.209217][   T74] bridge_slave_1: left promiscuous mode
[  425.212299][   T74] bridge0: port 2(bridge_slave_1) entered disabled state
[  425.220406][   T74] bridge_slave_0: left allmulticast mode
[  425.222850][   T74] bridge_slave_0: left promiscuous mode
[  425.225415][   T74] bridge0: port 1(bridge_slave_0) entered disabled state
[  425.357521][T16333] IPVS: sh: UDP 224.0.0.2:0 - no destination available
[  426.196861][   T74] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  426.202513][   T74] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  426.207229][   T74] bond0 (unregistering): Released all slaves
[  426.216991][T16329] lo speed is unknown, defaulting to 1000
[  426.318060][   T74] tipc: Left network mode
[  426.363489][T16329] chnl_net:caif_netlink_parms(): no params data found
[  426.371167][T16353] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3008'.
[  426.651526][T16329] bridge0: port 1(bridge_slave_0) entered blocking state
[  426.660799][T16329] bridge0: port 1(bridge_slave_0) entered disabled state
[  426.674318][T16329] bridge_slave_0: entered allmulticast mode
[  426.681055][T16329] bridge_slave_0: entered promiscuous mode
[  426.739576][T16329] bridge0: port 2(bridge_slave_1) entered blocking state
[  426.741784][T16329] bridge0: port 2(bridge_slave_1) entered disabled state
[  426.744439][T16329] bridge_slave_1: entered allmulticast mode
[  426.760427][T16329] bridge_slave_1: entered promiscuous mode
[  426.827116][T16329] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  426.840023][T16329] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  426.963390][   T74] hsr_slave_0: left promiscuous mode
[  426.966549][   T74] hsr_slave_1: left promiscuous mode
[  426.969300][   T74] batman_adv: batadv0: Removing interface: batadv_slave_0
[  426.971911][   T74] batman_adv: batadv0: Removing interface: batadv_slave_1
[  427.001750][   T40] kauditd_printk_skb: 64 callbacks suppressed
[  427.001769][   T40] audit: type=1326 audit(1758494103.756:20369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16342 comm="syz.1.3006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67579 code=0x7fc00000
[  427.011833][   T40] audit: type=1326 audit(1758494103.756:20370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16342 comm="syz.1.3006" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f67579 code=0x7fc00000
[  427.019965][   T40] audit: type=1326 audit(1758494103.766:20371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16342 comm="syz.1.3006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67579 code=0x7fc00000
[  427.027473][   T40] audit: type=1326 audit(1758494103.766:20372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16342 comm="syz.1.3006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67579 code=0x7fc00000
[  427.045073][   T40] audit: type=1326 audit(1758494103.766:20373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16342 comm="syz.1.3006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67579 code=0x7fc00000
[  427.051935][   T40] audit: type=1326 audit(1758494103.766:20374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16342 comm="syz.1.3006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67579 code=0x7fc00000
[  427.059646][   T40] audit: type=1326 audit(1758494103.766:20375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16342 comm="syz.1.3006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67579 code=0x7fc00000
[  427.067212][   T40] audit: type=1326 audit(1758494103.766:20376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16342 comm="syz.1.3006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67579 code=0x7fc00000
[  427.074575][   T40] audit: type=1326 audit(1758494103.766:20377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16342 comm="syz.1.3006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67579 code=0x7fc00000
[  427.081804][   T40] audit: type=1326 audit(1758494103.766:20378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16342 comm="syz.1.3006" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f67579 code=0x7fc00000
[  427.092148][   T62] Bluetooth: hci0: command tx timeout
[  427.491567][T16370] could not allocate digest TFM handle sha1-generic
[  427.941248][   T74] team0 (unregistering): Port device team_slave_1 removed
[  428.055706][   T74] team0 (unregistering): Port device team_slave_0 removed
[  428.706048][T16329] team0: Port device team_slave_0 added
[  428.724800][T16379] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  428.731640][T16329] team0: Port device team_slave_1 added
[  428.800599][T16390] netlink: 'syz.0.3017': attribute type 1 has an invalid length.
[  428.811463][T16329] batman_adv: batadv0: Adding interface: batadv_slave_0
[  428.816091][T16329] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  428.826999][T16329] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  428.834370][T16329] batman_adv: batadv0: Adding interface: batadv_slave_1
[  428.836686][T16329] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  428.846320][T16329] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  428.927773][T16390] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3017'.
[  428.969914][T16393] bond3: (slave veth5): Enslaving as an active interface with a down link
[  428.977135][T16390] 8021q: adding VLAN 0 to HW filter on device bond3
[  429.032013][T16329] hsr_slave_0: entered promiscuous mode
[  429.034310][T16329] hsr_slave_1: entered promiscuous mode
[  429.038001][T16329] debugfs: 'hsr0' already exists in 'hsr'
[  429.039727][T16329] Cannot create hsr debugfs directory
[  429.172204][   T62] Bluetooth: hci0: command tx timeout
[  429.499331][T16329] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  429.506345][T16329] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  429.510947][T16329] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  429.517940][T16329] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  429.568992][T16329] 8021q: adding VLAN 0 to HW filter on device bond0
[  429.611657][T16329] 8021q: adding VLAN 0 to HW filter on device team0
[  429.651297][T14026] bridge0: port 1(bridge_slave_0) entered blocking state
[  429.653880][T14026] bridge0: port 1(bridge_slave_0) entered forwarding state
[  429.657510][T14026] bridge0: port 2(bridge_slave_1) entered blocking state
[  429.659849][T14026] bridge0: port 2(bridge_slave_1) entered forwarding state
[  430.026975][T16329] 8021q: adding VLAN 0 to HW filter on device batadv0
[  430.209227][T16329] veth0_vlan: entered promiscuous mode
[  430.218259][T16329] veth1_vlan: entered promiscuous mode
[  430.255672][T16329] veth0_macvtap: entered promiscuous mode
[  430.261608][T16329] veth1_macvtap: entered promiscuous mode
[  430.278089][T16329] batman_adv: batadv0: Interface activated: batadv_slave_0
[  430.290745][T16329] batman_adv: batadv0: Interface activated: batadv_slave_1
[  430.299947][T14009] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  430.304162][   T74] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  430.307085][   T74] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  430.312354][   T74] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  430.385075][   T74] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  430.388289][   T74] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  430.404497][T14009] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  430.407308][T14009] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  430.749621][T16441] FAULT_INJECTION: forcing a failure.
[  430.749621][T16441] name failslab, interval 1, probability 0, space 0, times 0
[  430.756491][T16441] CPU: 3 UID: 0 PID: 16441 Comm: syz.5.3025 Not tainted syzkaller #0 PREEMPT(full) 
[  430.756507][T16441] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  430.756514][T16441] Call Trace:
[  430.756518][T16441]  <TASK>
[  430.756523][T16441]  dump_stack_lvl+0x16c/0x1f0
[  430.756546][T16441]  should_fail_ex+0x512/0x640
[  430.756566][T16441]  should_failslab+0xc2/0x120
[  430.756582][T16441]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  430.756595][T16441]  ? skb_clone+0x190/0x3f0
[  430.756617][T16441]  skb_clone+0x190/0x3f0
[  430.756634][T16441]  netlink_deliver_tap+0xabd/0xd30
[  430.756653][T16441]  netlink_unicast+0x64c/0x870
[  430.756672][T16441]  ? __pfx_netlink_unicast+0x10/0x10
[  430.756694][T16441]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  430.756725][T16441]  netlink_sendmsg+0x8d1/0xdd0
[  430.756753][T16441]  ? __pfx_netlink_sendmsg+0x10/0x10
[  430.756772][T16441]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  430.756787][T16441]  ____sys_sendmsg+0xa95/0xc70
[  430.756800][T16441]  ? __pfx_____sys_sendmsg+0x10/0x10
[  430.756812][T16441]  ? get_compat_msghdr+0x11a/0x170
[  430.756833][T16441]  ___sys_sendmsg+0x134/0x1d0
[  430.756850][T16441]  ? __pfx____sys_sendmsg+0x10/0x10
[  430.756872][T16441]  ? find_held_lock+0x2b/0x80
[  430.756892][T16441]  __sys_sendmsg+0x16d/0x220
[  430.756909][T16441]  ? __pfx___sys_sendmsg+0x10/0x10
[  430.756931][T16441]  ? rcu_is_watching+0x12/0xc0
[  430.756944][T16441]  __do_fast_syscall_32+0x7c/0x300
[  430.756962][T16441]  do_fast_syscall_32+0x32/0x80
[  430.756972][T16441]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  430.756985][T16441] RIP: 0023:0xf7f35579
[  430.756994][T16441] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  430.757008][T16441] RSP: 002b:00000000f543655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  430.757024][T16441] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080
[  430.757035][T16441] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  430.757041][T16441] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  430.757047][T16441] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  430.757053][T16441] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  430.757067][T16441]  </TASK>
[  430.762347][T16387] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  431.208558][T16448] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  431.245784][   T62] Bluetooth: hci0: command 0x040f tx timeout
[  431.898070][T16455] FAULT_INJECTION: forcing a failure.
[  431.898070][T16455] name failslab, interval 1, probability 0, space 0, times 0
[  431.903068][T16455] CPU: 1 UID: 0 PID: 16455 Comm: syz.0.3028 Not tainted syzkaller #0 PREEMPT(full) 
[  431.903084][T16455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  431.903091][T16455] Call Trace:
[  431.903095][T16455]  <TASK>
[  431.903099][T16455]  dump_stack_lvl+0x16c/0x1f0
[  431.903132][T16455]  should_fail_ex+0x512/0x640
[  431.903150][T16455]  ? __kmalloc_noprof+0xbf/0x510
[  431.903164][T16455]  ? lsm_blob_alloc+0x68/0x90
[  431.903174][T16455]  should_failslab+0xc2/0x120
[  431.903190][T16455]  __kmalloc_noprof+0xd2/0x510
[  431.903202][T16455]  ? __pfx_perf_event_init_task+0x10/0x10
[  431.903213][T16455]  ? audit_alloc+0xa2/0x7b0
[  431.903223][T16455]  ? __pfx_audit_alloc+0x10/0x10
[  431.903235][T16455]  lsm_blob_alloc+0x68/0x90
[  431.903245][T16455]  security_task_alloc+0x2d/0x260
[  431.903261][T16455]  copy_process+0x2205/0x7690
[  431.903281][T16455]  ? __pfx_copy_process+0x10/0x10
[  431.903297][T16455]  ? lockdep_init_map_type+0x5c/0x280
[  431.903319][T16455]  ? lockdep_init_map_type+0x5c/0x280
[  431.903333][T16455]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  431.903349][T16455]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  431.903366][T16455]  vhost_task_create+0x1d2/0x2e0
[  431.903382][T16455]  ? __pfx_vhost_task_create+0x10/0x10
[  431.903402][T16455]  ? __pfx_vhost_task_fn+0x10/0x10
[  431.903424][T16455]  kvm_mmu_post_init_vm+0x1b7/0x380
[  431.903438][T16455]  kvm_arch_vcpu_ioctl_run+0x66/0x1980
[  431.903454][T16455]  ? kvm_vcpu_ioctl+0x14c6/0x1690
[  431.903471][T16455]  kvm_vcpu_ioctl+0x5eb/0x1690
[  431.903486][T16455]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  431.903500][T16455]  ? tomoyo_path_number_perm+0x18d/0x580
[  431.903515][T16455]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  431.903534][T16455]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  431.903550][T16455]  ? do_vfs_ioctl+0x128/0x14f0
[  431.903568][T16455]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  431.903590][T16455]  kvm_vcpu_compat_ioctl+0x20f/0x3d0
[  431.903605][T16455]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  431.903619][T16455]  ? __fget_files+0x20e/0x3c0
[  431.903634][T16455]  ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10
[  431.903648][T16455]  __ia32_compat_sys_ioctl+0x23f/0x370
[  431.903667][T16455]  __do_fast_syscall_32+0x7c/0x300
[  431.903686][T16455]  do_fast_syscall_32+0x32/0x80
[  431.903695][T16455]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  431.903709][T16455] RIP: 0023:0xf7fd5579
[  431.903717][T16455] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  431.903728][T16455] RSP: 002b:00000000f54d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  431.903738][T16455] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000ae80
[  431.903745][T16455] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  431.903751][T16455] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  431.903757][T16455] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  431.903763][T16455] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  431.903776][T16455]  </TASK>
[  432.326710][T16467] usb usb4: usbfs: process 16467 (syz.0.3031) did not claim interface 0 before use
[  432.435770][T16469] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  432.769223][T16473] netlink: 'syz.1.3033': attribute type 1 has an invalid length.
[  432.773486][T16473] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3033'.
[  432.784391][T16448] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  432.889093][T16475] dlm: non-version read from control device 8224
[  433.322313][   T62] Bluetooth: hci0: command 0x040f tx timeout
[  434.036440][T16499] veth1_virt_wifi: entered promiscuous mode
[  434.038559][T16499] A link change request failed with some changes committed already. Interface veth1_virt_wifi may have been left with an inconsistent configuration, please check.
[  434.520869][T16506] dlm: non-version read from control device 8224
[  435.402565][   T62] Bluetooth: hci0: command 0x040f tx timeout
[  435.701053][T16521] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3049'.
[  435.884246][T16531] dlm: non-version read from control device 8224
[  435.994539][T16448] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  436.242508][T16537] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  436.245269][T16537] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  436.253916][T16537] vhci_hcd vhci_hcd.0: Device attached
[  436.264703][T16537] Device name cannot be null; rc = [-22]
[  436.269615][T16537] tmpfs: Unknown parameter 'usrquota_block_har'
[  436.304326][T16448] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  436.445934][T14026] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  436.465163][T13920] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  436.482086][T14026] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  436.493502][ T8493] usb 39-1: new low-speed USB device number 8 using vhci_hcd
[  436.534392][T13920] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  436.560442][T16538] vhci_hcd: connection reset by peer
[  436.565618][ T1147] vhci_hcd: stop threads
[  436.567412][ T1147] vhci_hcd: release socket
[  436.568952][ T1147] vhci_hcd: disconnect device
[  436.587403][ T1473] kernel write not supported for file /virtual_nci (pid: 1473 comm: kworker/0:2)
[  436.698366][T16566] FAULT_INJECTION: forcing a failure.
[  436.698366][T16566] name failslab, interval 1, probability 0, space 0, times 0
[  436.705731][T16566] CPU: 1 UID: 0 PID: 16566 Comm: syz.5.3059 Not tainted syzkaller #0 PREEMPT(full) 
[  436.705756][T16566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  436.705767][T16566] Call Trace:
[  436.705775][T16566]  <TASK>
[  436.705782][T16566]  dump_stack_lvl+0x16c/0x1f0
[  436.705812][T16566]  should_fail_ex+0x512/0x640
[  436.705842][T16566]  should_failslab+0xc2/0x120
[  436.705888][T16566]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  436.705910][T16566]  ? skb_clone+0x190/0x3f0
[  436.705941][T16566]  skb_clone+0x190/0x3f0
[  436.705969][T16566]  netlink_deliver_tap+0xabd/0xd30
[  436.706001][T16566]  netlink_unicast+0x64c/0x870
[  436.706033][T16566]  ? __pfx_netlink_unicast+0x10/0x10
[  436.706060][T16566]  ? __pfx___might_resched+0x10/0x10
[  436.706088][T16566]  netlink_sendmsg+0x8d1/0xdd0
[  436.706120][T16566]  ? __pfx_netlink_sendmsg+0x10/0x10
[  436.706150][T16566]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  436.706175][T16566]  ____sys_sendmsg+0xa95/0xc70
[  436.706194][T16566]  ? btrfs_put_tree_mod_seq+0x300/0x3a0
[  436.706219][T16566]  ? __pfx_____sys_sendmsg+0x10/0x10
[  436.706239][T16566]  ? get_compat_msghdr+0x11a/0x170
[  436.706281][T16566]  ___sys_sendmsg+0x134/0x1d0
[  436.706309][T16566]  ? __pfx____sys_sendmsg+0x10/0x10
[  436.706348][T16566]  ? find_held_lock+0x2b/0x80
[  436.706384][T16566]  __sys_sendmsg+0x16d/0x220
[  436.706411][T16566]  ? __pfx___sys_sendmsg+0x10/0x10
[  436.706449][T16566]  ? rcu_is_watching+0x12/0xc0
[  436.706472][T16566]  __do_fast_syscall_32+0x7c/0x300
[  436.706502][T16566]  do_fast_syscall_32+0x32/0x80
[  436.706519][T16566]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  436.706542][T16566] RIP: 0023:0xf7f35579
[  436.706558][T16566] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  436.706576][T16566] RSP: 002b:00000000f543655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  436.706593][T16566] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200
[  436.706606][T16566] RDX: 0000000004008000 RSI: 0000000000000000 RDI: 0000000000000000
[  436.706616][T16566] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  436.706626][T16566] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  436.706637][T16566] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  436.706660][T16566]  </TASK>
[  436.725110][T16571] FAULT_INJECTION: forcing a failure.
[  436.725110][T16571] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  436.798673][T16571] CPU: 0 UID: 0 PID: 16571 Comm: syz.3.3061 Not tainted syzkaller #0 PREEMPT(full) 
[  436.798694][T16571] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  436.798701][T16571] Call Trace:
[  436.798705][T16571]  <TASK>
[  436.798709][T16571]  dump_stack_lvl+0x16c/0x1f0
[  436.798729][T16571]  should_fail_ex+0x512/0x640
[  436.798749][T16571]  _copy_from_user+0x2e/0xd0
[  436.798761][T16571]  __ia32_compat_sys_socketcall+0x187/0x770
[  436.798779][T16571]  ? __fget_files+0x20e/0x3c0
[  436.798791][T16571]  ? __pfx___ia32_compat_sys_socketcall+0x10/0x10
[  436.798809][T16571]  ? fput+0x9b/0xd0
[  436.798828][T16571]  ? rcu_is_watching+0x12/0xc0
[  436.798842][T16571]  __do_fast_syscall_32+0x7c/0x300
[  436.798860][T16571]  do_fast_syscall_32+0x32/0x80
[  436.798870][T16571]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  436.798884][T16571] RIP: 0023:0xf706e579
[  436.798892][T16571] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  436.798903][T16571] RSP: 002b:00000000f545d430 EFLAGS: 00000293 ORIG_RAX: 0000000000000066
[  436.798914][T16571] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00000000f545d444
[  436.798920][T16571] RDX: 0000000000000000 RSI: 00000000f545d560 RDI: 00000000f73f4ff4
[  436.798926][T16571] RBP: 00000000f545d560 R08: 0000000000000000 R09: 0000000000000000
[  436.798932][T16571] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000
[  436.798939][T16571] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  436.798952][T16571]  </TASK>
[  436.884254][T16577] FAULT_INJECTION: forcing a failure.
[  436.884254][T16577] name failslab, interval 1, probability 0, space 0, times 0
[  436.889292][T16577] CPU: 3 UID: 0 PID: 16577 Comm: syz.3.3064 Not tainted syzkaller #0 PREEMPT(full) 
[  436.889316][T16577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  436.889328][T16577] Call Trace:
[  436.889335][T16577]  <TASK>
[  436.889355][T16577]  dump_stack_lvl+0x16c/0x1f0
[  436.889389][T16577]  should_fail_ex+0x512/0x640
[  436.889416][T16577]  ? __kmalloc_noprof+0xbf/0x510
[  436.889439][T16577]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  436.889461][T16577]  should_failslab+0xc2/0x120
[  436.889483][T16577]  __kmalloc_noprof+0xd2/0x510
[  436.889503][T16577]  ? arch_stack_walk+0xa6/0x100
[  436.889528][T16577]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[  436.889554][T16577]  genl_family_rcv_msg_doit+0xbf/0x2f0
[  436.889576][T16577]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  436.889604][T16577]  ? bpf_lsm_capable+0x9/0x10
[  436.889620][T16577]  ? security_capable+0x7e/0x260
[  436.889640][T16577]  ? ns_capable+0xd7/0x110
[  436.889661][T16577]  genl_rcv_msg+0x55c/0x800
[  436.889684][T16577]  ? __pfx_genl_rcv_msg+0x10/0x10
[  436.889702][T16577]  ? __pfx_nl80211_pre_doit+0x10/0x10
[  436.889722][T16577]  ? __pfx_nl80211_new_key+0x10/0x10
[  436.889738][T16577]  ? __pfx_nl80211_post_doit+0x10/0x10
[  436.889758][T16577]  ? __lock_acquire+0x62e/0x1ce0
[  436.889785][T16577]  netlink_rcv_skb+0x155/0x420
[  436.889810][T16577]  ? __pfx_genl_rcv_msg+0x10/0x10
[  436.889830][T16577]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  436.889886][T16577]  ? netlink_deliver_tap+0x1ae/0xd30
[  436.889912][T16577]  ? is_vmalloc_addr+0x86/0xa0
[  436.889934][T16577]  genl_rcv+0x28/0x40
[  436.889950][T16577]  netlink_unicast+0x5aa/0x870
[  436.889980][T16577]  ? __pfx_netlink_unicast+0x10/0x10
[  436.890007][T16577]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  436.890042][T16577]  netlink_sendmsg+0x8d1/0xdd0
[  436.890070][T16577]  ? __pfx_netlink_sendmsg+0x10/0x10
[  436.890099][T16577]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  436.890122][T16577]  ____sys_sendmsg+0xa95/0xc70
[  436.890145][T16577]  ? __pfx_____sys_sendmsg+0x10/0x10
[  436.890161][T16577]  ? get_compat_msghdr+0x11a/0x170
[  436.890195][T16577]  ___sys_sendmsg+0x134/0x1d0
[  436.890222][T16577]  ? __pfx____sys_sendmsg+0x10/0x10
[  436.890270][T16577]  ? find_held_lock+0x2b/0x80
[  436.890316][T16577]  __sys_sendmsg+0x16d/0x220
[  436.890343][T16577]  ? __pfx___sys_sendmsg+0x10/0x10
[  436.890379][T16577]  ? rcu_is_watching+0x12/0xc0
[  436.890399][T16577]  __do_fast_syscall_32+0x7c/0x300
[  436.890427][T16577]  do_fast_syscall_32+0x32/0x80
[  436.890444][T16577]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  436.890465][T16577] RIP: 0023:0xf706e579
[  436.890478][T16577] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  436.890495][T16577] RSP: 002b:00000000f545e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  436.890512][T16577] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800006c0
[  436.890524][T16577] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  436.890533][T16577] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  436.890542][T16577] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  436.890554][T16577] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  436.890577][T16577]  </TASK>
[  437.262733][T16589] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  437.265753][T16589] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  437.292939][T16589] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  437.301594][T16589] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  437.312375][T16589] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  437.392420][T16589] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  437.401380][T16589] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  437.403733][T16589] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  437.417458][T16589] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  437.678949][T16597] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3070'.
[  437.973980][T16602] FAULT_INJECTION: forcing a failure.
[  437.973980][T16602] name failslab, interval 1, probability 0, space 0, times 0
[  437.978150][T16602] CPU: 2 UID: 0 PID: 16602 Comm: syz.1.3072 Not tainted syzkaller #0 PREEMPT(full) 
[  437.978164][T16602] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  437.978171][T16602] Call Trace:
[  437.978175][T16602]  <TASK>
[  437.978180][T16602]  dump_stack_lvl+0x16c/0x1f0
[  437.978200][T16602]  should_fail_ex+0x512/0x640
[  437.978217][T16602]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  437.978230][T16602]  should_failslab+0xc2/0x120
[  437.978250][T16602]  __kmalloc_cache_noprof+0x6a/0x3e0
[  437.978261][T16602]  ? __pfx_v9fs_fid_find_inode+0x10/0x10
[  437.978290][T16602]  ? p9_fid_create+0x41/0x260
[  437.978308][T16602]  p9_fid_create+0x41/0x260
[  437.978324][T16602]  p9_client_attach+0x92/0x2b0
[  437.978335][T16602]  ? __pfx_p9_client_attach+0x10/0x10
[  437.978346][T16602]  ? v9fs_fid_lookup+0x4bd/0xeb0
[  437.978363][T16602]  v9fs_fid_lookup+0x97a/0xeb0
[  437.978381][T16602]  v9fs_vfs_lookup+0x1a1/0x5b0
[  437.978393][T16602]  ? __pfx_v9fs_vfs_lookup+0x10/0x10
[  437.978405][T16602]  ? lockdep_init_map_type+0x5c/0x280
[  437.978421][T16602]  ? lockdep_init_map_type+0x5c/0x280
[  437.978438][T16602]  __lookup_slow+0x251/0x460
[  437.978456][T16602]  ? __pfx___lookup_slow+0x10/0x10
[  437.978481][T16602]  ? lookup_fast+0x156/0x610
[  437.978494][T16602]  walk_component+0x353/0x5b0
[  437.978506][T16602]  path_lookupat+0x142/0x6d0
[  437.978517][T16602]  ? __lock_acquire+0xb97/0x1ce0
[  437.978532][T16602]  filename_lookup+0x224/0x5f0
[  437.978545][T16602]  ? __pfx_filename_lookup+0x10/0x10
[  437.978569][T16602]  ? getname_flags.part.0+0x1c5/0x550
[  437.978588][T16602]  user_path_at+0x3a/0x60
[  437.978601][T16602]  __ia32_sys_mount+0x1fb/0x310
[  437.978616][T16602]  ? __pfx___ia32_sys_mount+0x10/0x10
[  437.978631][T16602]  ? rcu_is_watching+0x12/0xc0
[  437.978644][T16602]  __do_fast_syscall_32+0x7c/0x300
[  437.978662][T16602]  do_fast_syscall_32+0x32/0x80
[  437.978672][T16602]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  437.978686][T16602] RIP: 0023:0xf7f67579
[  437.978695][T16602] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  437.978705][T16602] RSP: 002b:00000000f546655c EFLAGS: 00000296 ORIG_RAX: 0000000000000015
[  437.978716][T16602] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000100
[  437.978723][T16602] RDX: 0000000000000000 RSI: 00000000e69bd119 RDI: 0000000000000000
[  437.978729][T16602] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  437.978735][T16602] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  437.978741][T16602] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  437.978754][T16602]  </TASK>
[  438.070248][    C2] vkms_vblank_simulate: vblank timer overrun
[  438.199307][T16603] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[  438.201728][T16603] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  438.343903][T16610] Device name cannot be null; rc = [-22]
[  438.592359][T16607] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6)
[  438.594219][T16607] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  438.596585][T16607] vhci_hcd vhci_hcd.0: Device attached
[  438.637128][T16610] tmpfs: Unknown parameter 'usrquota_block_har'
[  438.640738][T16603] vhci_hcd vhci_hcd.0: Device attached
[  438.712149][ T6033] usb 37-1: new low-speed USB device number 7 using vhci_hcd
[  438.866186][T16604] vhci_hcd: connection reset by peer
[  438.868878][T13920] vhci_hcd: stop threads
[  438.872764][T13920] vhci_hcd: release socket
[  438.877678][T13920] vhci_hcd: disconnect device
[  439.322238][   T62] Bluetooth: hci3: command 0x0405 tx timeout
[  439.322481][ T5986] Bluetooth: hci5: command 0x0c1a tx timeout
[  439.427859][T16628] FAULT_INJECTION: forcing a failure.
[  439.427859][T16628] name failslab, interval 1, probability 0, space 0, times 0
[  439.427925][T16628] CPU: 0 UID: 0 PID: 16628 Comm: syz.5.3080 Not tainted syzkaller #0 PREEMPT(full) 
[  439.427964][T16628] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  439.427976][T16628] Call Trace:
[  439.427982][T16628]  <TASK>
[  439.427989][T16628]  dump_stack_lvl+0x16c/0x1f0
[  439.428021][T16628]  should_fail_ex+0x512/0x640
[  439.428048][T16628]  ? __kmalloc_noprof+0xbf/0x510
[  439.428071][T16628]  ? drm_atomic_state_init+0x17b/0x320
[  439.428092][T16628]  should_failslab+0xc2/0x120
[  439.428116][T16628]  __kmalloc_noprof+0xd2/0x510
[  439.428144][T16628]  drm_atomic_state_init+0x17b/0x320
[  439.428163][T16628]  ? __kasan_kmalloc+0xaa/0xb0
[  439.428184][T16628]  drm_atomic_state_alloc+0xd3/0x120
[  439.428206][T16628]  drm_client_modeset_commit_atomic+0xcc/0x7e0
[  439.428227][T16628]  ? __pfx___might_resched+0x10/0x10
[  439.428253][T16628]  ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10
[  439.428312][T16628]  drm_client_modeset_dpms+0x17e/0x210
[  439.428336][T16628]  drm_fb_helper_blank+0x19f/0x260
[  439.428357][T16628]  fb_blank+0xbb/0x200
[  439.428383][T16628]  do_fb_ioctl+0x430/0x7e0
[  439.428403][T16628]  ? __pfx_do_fb_ioctl+0x10/0x10
[  439.428420][T16628]  ? lockdep_hardirqs_on+0x7c/0x110
[  439.428450][T16628]  ? find_held_lock+0x2b/0x80
[  439.428502][T16628]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  439.428538][T16628]  fb_compat_ioctl+0x55e/0x670
[  439.428556][T16628]  ? __pfx_fb_compat_ioctl+0x10/0x10
[  439.428573][T16628]  ? hook_file_ioctl_common+0x145/0x410
[  439.428603][T16628]  ? __fget_files+0x20e/0x3c0
[  439.428630][T16628]  ? __pfx_fb_compat_ioctl+0x10/0x10
[  439.428647][T16628]  __ia32_compat_sys_ioctl+0x23f/0x370
[  439.428680][T16628]  __do_fast_syscall_32+0x7c/0x300
[  439.428709][T16628]  do_fast_syscall_32+0x32/0x80
[  439.428726][T16628]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  439.428748][T16628] RIP: 0023:0xf7f35579
[  439.428762][T16628] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  439.428779][T16628] RSP: 002b:00000000f543655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  439.428796][T16628] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000004611
[  439.428808][T16628] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  439.428819][T16628] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  439.428829][T16628] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  439.428840][T16628] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  439.428866][T16628]  </TASK>
[  439.482174][ T5986] Bluetooth: hci0: command 0x040f tx timeout
[  439.510334][T16635] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3081'.
[  439.566943][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  439.836568][T16652] FAULT_INJECTION: forcing a failure.
[  439.836568][T16652] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  439.841399][T16652] CPU: 2 UID: 0 PID: 16652 Comm: syz.0.3086 Not tainted syzkaller #0 PREEMPT(full) 
[  439.841415][T16652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  439.841422][T16652] Call Trace:
[  439.841427][T16652]  <TASK>
[  439.841432][T16652]  dump_stack_lvl+0x16c/0x1f0
[  439.841452][T16652]  should_fail_ex+0x512/0x640
[  439.841472][T16652]  _copy_from_user+0x2e/0xd0
[  439.841484][T16652]  kstrtouint_from_user+0xd6/0x1d0
[  439.841500][T16652]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  439.841532][T16652]  ? __lock_acquire+0xb97/0x1ce0
[  439.841555][T16652]  proc_fail_nth_write+0x83/0x220
[  439.841568][T16652]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  439.841584][T16652]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  439.841595][T16652]  vfs_write+0x29d/0x11d0
[  439.841611][T16652]  ? __pfx_vfs_write+0x10/0x10
[  439.841622][T16652]  ? find_held_lock+0x2b/0x80
[  439.841637][T16652]  ? __fget_files+0x20e/0x3c0
[  439.841653][T16652]  ksys_write+0x12a/0x250
[  439.841665][T16652]  ? __pfx_ksys_write+0x10/0x10
[  439.841679][T16652]  ? rcu_is_watching+0x12/0xc0
[  439.841692][T16652]  __do_fast_syscall_32+0x7c/0x300
[  439.841723][T16652]  do_fast_syscall_32+0x32/0x80
[  439.841733][T16652]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  439.841747][T16652] RIP: 0023:0xf7fd5579
[  439.841757][T16652] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  439.841768][T16652] RSP: 002b:00000000f54d6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[  439.841778][T16652] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f54d6620
[  439.841785][T16652] RDX: 0000000000000001 RSI: 00000000f7464ff4 RDI: 0000000000000000
[  439.841791][T16652] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  439.841797][T16652] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  439.841804][T16652] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  439.841818][T16652]  </TASK>
[  439.907247][    C2] vkms_vblank_simulate: vblank timer overrun
[  440.056903][T16659] random: crng reseeded on system resumption
[  440.139724][T16659] batman_adv: batadv0: Removing interface: batadv_slave_0
[  440.195854][T16659] batman_adv: batadv0: Removing interface: batadv_slave_1
[  441.096597][   T40] audit: type=1326 audit(1758494117.856:20379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16669 comm="syz.0.3093" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5579 code=0x7ffc0000
[  441.106067][   T40] audit: type=1326 audit(1758494117.856:20380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16669 comm="syz.0.3093" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5579 code=0x7ffc0000
[  441.115481][   T40] audit: type=1326 audit(1758494117.856:20381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16669 comm="syz.0.3093" exe="/syz-executor" sig=0 arch=40000003 syscall=245 compat=1 ip=0xf7fd5579 code=0x7ffc0000
[  441.125185][   T40] audit: type=1326 audit(1758494117.856:20382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16669 comm="syz.0.3093" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5579 code=0x7ffc0000
[  441.134175][   T40] audit: type=1326 audit(1758494117.856:20383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16669 comm="syz.0.3093" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5579 code=0x7ffc0000
[  441.142563][   T40] audit: type=1326 audit(1758494117.856:20384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16669 comm="syz.0.3093" exe="/syz-executor" sig=0 arch=40000003 syscall=385 compat=1 ip=0xf7fd5579 code=0x7ffc0000
[  441.151095][   T40] audit: type=1326 audit(1758494117.856:20385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16669 comm="syz.0.3093" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5579 code=0x7ffc0000
[  441.160357][   T40] audit: type=1326 audit(1758494117.856:20386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16669 comm="syz.0.3093" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5579 code=0x7ffc0000
[  441.169675][   T40] audit: type=1326 audit(1758494117.856:20387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16669 comm="syz.0.3093" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fd5579 code=0x7ffc0000
[  441.179143][   T40] audit: type=1326 audit(1758494117.886:20388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16669 comm="syz.0.3093" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5579 code=0x7ffc0000
[  441.228849][T16671] siw: device registration error -23
[  441.402235][ T5986] Bluetooth: hci5: command 0x0c1a tx timeout
[  441.402292][   T62] Bluetooth: hci3: command 0x0405 tx timeout
[  441.412318][ T6917] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  441.563273][   T62] Bluetooth: hci0: command 0x040f tx timeout
[  441.574266][ T6917] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  441.578914][ T6917] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  441.584608][ T6917] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  441.588160][ T6917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  441.605557][T16670] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  441.610504][ T6917] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  441.632362][ T8493] vhci_hcd: vhci_device speed not set
[  441.689298][T16611] vhci_hcd: connection closed
[  441.689633][T14009] vhci_hcd: stop threads
[  441.693605][T14009] vhci_hcd: release socket
[  441.695703][T14009] vhci_hcd: disconnect device
[  441.733625][T16676] tmpfs: Unknown parameter 'q5ota'
[  441.737848][T16676] overlayfs: failed to resolve './file1': -2
[  441.821656][ T6917] usb 5-1: USB disconnect, device number 23
[  442.359986][T16688] binder: 16687:16688 ioctl d000941e 80000c80 returned -22
[  442.984987][ T6063] usb usb40-port1: attempt power cycle
[  443.331533][T16703] dlm: non-version read from control device 8224
[  443.408527][T16707] tipc: Started in network mode
[  443.410888][T16707] tipc: Node identity 926f6e7491b8, cluster identity 4711
[  443.420047][T16707] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  443.423715][T16707] syzkaller0: entered promiscuous mode
[  443.426134][T16707] syzkaller0: entered allmulticast mode
[  443.448118][T16707] syzkaller0: MTU too low for tipc bearer
[  443.450560][T16707] tipc: Disabling bearer <eth:syzkaller0>
[  443.482538][   T62] Bluetooth: hci5: command 0x0c1a tx timeout
[  443.492345][   T62] Bluetooth: hci3: command 0x0405 tx timeout
[  443.555648][ T6063] usb usb40-port1: unable to enumerate USB device
[  443.603869][T16710] loop9: detected capacity change from 0 to 7
[  443.606033][T16710] buffer_io_error: 18 callbacks suppressed
[  443.606042][T16710] Buffer I/O error on dev loop9, logical block 0, async page read
[  443.610208][T16710] Buffer I/O error on dev loop9, logical block 0, async page read
[  443.612883][T16710] Buffer I/O error on dev loop9, logical block 0, async page read
[  443.615789][T16710] Buffer I/O error on dev loop9, logical block 0, async page read
[  443.619031][T16710] Buffer I/O error on dev loop9, logical block 0, async page read
[  443.621815][T16710] Buffer I/O error on dev loop9, logical block 0, async page read
[  443.624811][T16710] Buffer I/O error on dev loop9, logical block 0, async page read
[  443.627644][T16710] ldm_validate_partition_table(): Disk read failed.
[  443.630015][T16710] Buffer I/O error on dev loop9, logical block 0, async page read
[  443.632984][T16710] Buffer I/O error on dev loop9, logical block 0, async page read
[  443.636005][T16710] Buffer I/O error on dev loop9, logical block 0, async page read
[  443.638910][T16710] Dev loop9: unable to read RDB block 0
[  443.641261][T16710]  loop9: unable to read partition table
[  443.643456][T16710] loop9: partition table beyond EOD, truncated
[  443.645567][T16710] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  443.645567][T16710] 
) failed (rc=-5)
[  443.652847][   T62] Bluetooth: hci0: command 0x040f tx timeout
[  443.986313][T16721] kAFS: No cell specified
[  444.216773][ T6033] vhci_hcd: vhci_device speed not set
[  445.493646][   T62] Bluetooth: hci0: ISO packet for unknown connection handle 304
[  445.858492][T16748] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  446.194455][T16759] fuse: Unknown parameter 'fdOڄKw���?'
[  446.203892][   T40] kauditd_printk_skb: 131 callbacks suppressed
[  446.203904][   T40] audit: type=1326 audit(1758494122.966:20520): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16758 comm="syz.0.3118" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fd5579 code=0x0
[  446.311445][T16762] input: syz1 as /devices/virtual/input/input37
[  446.643872][   T40] audit: type=1800 audit(1758494123.406:20521): pid=16773 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3121" name="nullb0" dev="devtmpfs" ino=3204 res=0 errno=0
[  446.925281][   T40] audit: type=1326 audit(1758494123.686:20522): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.5.3127" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000
[  446.932653][   T40] audit: type=1326 audit(1758494123.686:20523): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.5.3127" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000
[  446.939844][   T40] audit: type=1326 audit(1758494123.686:20524): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.5.3127" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f35579 code=0x7ffc0000
[  446.943499][T16785] loop9: detected capacity change from 0 to 7
[  446.946651][   T40] audit: type=1326 audit(1758494123.686:20525): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.5.3127" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000
[  446.950430][T16785] ldm_validate_partition_table(): Disk read failed.
[  446.957621][   T40] audit: type=1326 audit(1758494123.686:20526): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.5.3127" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f35579 code=0x7ffc0000
[  446.959887][T16785] Dev loop9: unable to read RDB block 0
[  446.968238][   T40] audit: type=1326 audit(1758494123.696:20527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.5.3127" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000
[  446.969487][T16785]  loop9: unable to read partition table
[  446.977107][   T40] audit: type=1326 audit(1758494123.696:20528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.5.3127" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f35579 code=0x7ffc0000
[  446.979228][T16785] loop9: partition table beyond EOD, truncated
[  446.988204][T16785] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  446.988204][T16785] 
) failed (rc=-5)
[  446.988617][   T40] audit: type=1326 audit(1758494123.696:20529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16784 comm="syz.5.3127" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f35579 code=0x7ffc0000
[  447.056307][T16788] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3128'.
[  447.260518][T16802] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3132'.
[  447.321733][T16805] FAULT_INJECTION: forcing a failure.
[  447.321733][T16805] name failslab, interval 1, probability 0, space 0, times 0
[  447.327282][T16805] CPU: 1 UID: 0 PID: 16805 Comm: syz.5.3133 Not tainted syzkaller #0 PREEMPT(full) 
[  447.327305][T16805] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  447.327317][T16805] Call Trace:
[  447.327324][T16805]  <TASK>
[  447.327331][T16805]  dump_stack_lvl+0x16c/0x1f0
[  447.327367][T16805]  should_fail_ex+0x512/0x640
[  447.327398][T16805]  ? fs_reclaim_acquire+0xae/0x150
[  447.327428][T16805]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  447.327453][T16805]  should_failslab+0xc2/0x120
[  447.327477][T16805]  __kmalloc_noprof+0xd2/0x510
[  447.327503][T16805]  tomoyo_realpath_from_path+0xc2/0x6e0
[  447.327531][T16805]  ? tomoyo_profile+0x47/0x60
[  447.327550][T16805]  tomoyo_path_number_perm+0x245/0x580
[  447.327571][T16805]  ? tomoyo_path_number_perm+0x237/0x580
[  447.327596][T16805]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  447.327641][T16805]  ? find_held_lock+0x2b/0x80
[  447.327658][T16805]  ? hook_file_ioctl_common+0x145/0x410
[  447.327687][T16805]  ? __fget_files+0x20e/0x3c0
[  447.327713][T16805]  security_file_ioctl_compat+0x9b/0x240
[  447.327739][T16805]  __ia32_compat_sys_ioctl+0xc3/0x370
[  447.327771][T16805]  __do_fast_syscall_32+0x7c/0x300
[  447.327802][T16805]  do_fast_syscall_32+0x32/0x80
[  447.327818][T16805]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  447.327840][T16805] RIP: 0023:0xf7f35579
[  447.327854][T16805] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  447.327872][T16805] RSP: 002b:00000000f543655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  447.327889][T16805] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080047453
[  447.327901][T16805] RDX: 0000000080000080 RSI: 0000000000000000 RDI: 0000000000000000
[  447.327911][T16805] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  447.327922][T16805] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  447.327932][T16805] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  447.327956][T16805]  </TASK>
[  447.327964][T16805] ERROR: Out of memory at tomoyo_realpath_from_path.
[  448.213957][T16831] FAULT_INJECTION: forcing a failure.
[  448.213957][T16831] name failslab, interval 1, probability 0, space 0, times 0
[  448.218122][T16831] CPU: 1 UID: 0 PID: 16831 Comm: syz.3.3142 Not tainted syzkaller #0 PREEMPT(full) 
[  448.218138][T16831] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  448.218145][T16831] Call Trace:
[  448.218149][T16831]  <TASK>
[  448.218153][T16831]  dump_stack_lvl+0x16c/0x1f0
[  448.218175][T16831]  should_fail_ex+0x512/0x640
[  448.218192][T16831]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  448.218207][T16831]  should_failslab+0xc2/0x120
[  448.218222][T16831]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  448.218235][T16831]  ? getname_flags.part.0+0x4c/0x550
[  448.218254][T16831]  getname_flags.part.0+0x4c/0x550
[  448.218272][T16831]  getname_flags+0x93/0xf0
[  448.218284][T16831]  __ia32_sys_renameat2+0xc7/0x130
[  448.218300][T16831]  __do_fast_syscall_32+0x7c/0x300
[  448.218318][T16831]  do_fast_syscall_32+0x32/0x80
[  448.218328][T16831]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  448.218342][T16831] RIP: 0023:0xf706e579
[  448.218350][T16831] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  448.218366][T16831] RSP: 002b:00000000f545e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000161
[  448.218377][T16831] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000180
[  448.218384][T16831] RDX: 00000000ffffffff RSI: 0000000080000000 RDI: 0000000000000000
[  448.218390][T16831] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  448.218396][T16831] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  448.218403][T16831] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  448.218415][T16831]  </TASK>
[  448.473528][T16842] FAULT_INJECTION: forcing a failure.
[  448.473528][T16842] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  448.477714][T16842] CPU: 1 UID: 0 PID: 16842 Comm: syz.5.3147 Not tainted syzkaller #0 PREEMPT(full) 
[  448.477729][T16842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  448.477736][T16842] Call Trace:
[  448.477741][T16842]  <TASK>
[  448.477765][T16842]  dump_stack_lvl+0x16c/0x1f0
[  448.477794][T16842]  should_fail_ex+0x512/0x640
[  448.477817][T16842]  _copy_from_user+0x2e/0xd0
[  448.477829][T16842]  get_compat_msghdr+0xa7/0x170
[  448.477845][T16842]  ? __pfx_get_compat_msghdr+0x10/0x10
[  448.477865][T16842]  ___sys_sendmsg+0x1ae/0x1d0
[  448.477883][T16842]  ? __pfx____sys_sendmsg+0x10/0x10
[  448.477905][T16842]  ? find_held_lock+0x2b/0x80
[  448.477925][T16842]  __sys_sendmsg+0x16d/0x220
[  448.477941][T16842]  ? __pfx___sys_sendmsg+0x10/0x10
[  448.477963][T16842]  ? rcu_is_watching+0x12/0xc0
[  448.477976][T16842]  __do_fast_syscall_32+0x7c/0x300
[  448.477994][T16842]  do_fast_syscall_32+0x32/0x80
[  448.478004][T16842]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  448.478018][T16842] RIP: 0023:0xf7f35579
[  448.478027][T16842] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  448.478038][T16842] RSP: 002b:00000000f543655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  448.478049][T16842] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800001c0
[  448.478055][T16842] RDX: 0000000000000800 RSI: 0000000000000000 RDI: 0000000000000000
[  448.478061][T16842] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  448.478067][T16842] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  448.478073][T16842] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  448.478086][T16842]  </TASK>
[  448.733438][T16845] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(9)
[  448.735866][T16845] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  448.742245][T16845] vhci_hcd vhci_hcd.0: Device attached
[  448.840991][T16855] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[  448.843308][T16855] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  448.849262][T16855] vhci_hcd vhci_hcd.0: Device attached
[  448.858361][T16855] Device name cannot be null; rc = [-22]
[  448.866383][T16855] tmpfs: Unknown parameter 'usrquota_block_har'
[  449.032744][ T1473] usb 44-1: SetAddress Request (10) to port 0
[  449.034971][ T1473] usb 44-1: new SuperSpeed USB device number 10 using vhci_hcd
[  449.092168][ T6033] usb 39-1: new low-speed USB device number 9 using vhci_hcd
[  449.164338][T16850] vhci_hcd: connection reset by peer
[  449.166790][T14009] vhci_hcd: stop threads
[  449.168266][T14009] vhci_hcd: release socket
[  449.169811][T14009] vhci_hcd: disconnect device
[  450.502980][T16863] can: request_module (can-proto-0) failed.
[  450.803828][T16874] netlink: 'syz.5.3153': attribute type 4 has an invalid length.
[  451.147821][T16877] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3154'.
[  451.212579][T16879] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3154'.
[  451.682886][T16856] vhci_hcd: connection reset by peer
[  451.696121][ T1147] vhci_hcd: stop threads
[  451.698065][ T1147] vhci_hcd: release socket
[  451.700109][ T1147] vhci_hcd: disconnect device
[  451.983351][T16905] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3158'.
[  452.118255][T16908] FAULT_INJECTION: forcing a failure.
[  452.118255][T16908] name failslab, interval 1, probability 0, space 0, times 0
[  452.126537][T16908] CPU: 3 UID: 0 PID: 16908 Comm: syz.1.3163 Not tainted syzkaller #0 PREEMPT(full) 
[  452.126561][T16908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  452.126573][T16908] Call Trace:
[  452.126579][T16908]  <TASK>
[  452.126587][T16908]  dump_stack_lvl+0x16c/0x1f0
[  452.126619][T16908]  should_fail_ex+0x512/0x640
[  452.126645][T16908]  ? fs_reclaim_acquire+0xae/0x150
[  452.126673][T16908]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  452.126699][T16908]  should_failslab+0xc2/0x120
[  452.126722][T16908]  __kmalloc_noprof+0xd2/0x510
[  452.126749][T16908]  tomoyo_realpath_from_path+0xc2/0x6e0
[  452.126777][T16908]  ? tomoyo_profile+0x47/0x60
[  452.126797][T16908]  tomoyo_path_number_perm+0x245/0x580
[  452.126817][T16908]  ? tomoyo_path_number_perm+0x237/0x580
[  452.126841][T16908]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  452.126890][T16908]  ? find_held_lock+0x2b/0x80
[  452.126908][T16908]  ? hook_file_ioctl_common+0x145/0x410
[  452.126938][T16908]  ? __fget_files+0x20e/0x3c0
[  452.126963][T16908]  security_file_ioctl_compat+0x9b/0x240
[  452.126987][T16908]  __ia32_compat_sys_ioctl+0xc3/0x370
[  452.127019][T16908]  __do_fast_syscall_32+0x7c/0x300
[  452.127049][T16908]  do_fast_syscall_32+0x32/0x80
[  452.127066][T16908]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  452.127087][T16908] RIP: 0023:0xf7f67579
[  452.127101][T16908] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  452.127122][T16908] RSP: 002b:00000000f546655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  452.127139][T16908] RAX: ffffffffffffffda RBX: 000000000000000d RCX: 00000000c0306201
[  452.127151][T16908] RDX: 0000000080000440 RSI: 0000000000000000 RDI: 0000000000000000
[  452.127161][T16908] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  452.127171][T16908] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  452.127181][T16908] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  452.127204][T16908]  </TASK>
[  452.127212][T16908] ERROR: Out of memory at tomoyo_realpath_from_path.
[  452.493166][T16917] loop9: detected capacity change from 0 to 7
[  452.496196][T16917] buffer_io_error: 18 callbacks suppressed
[  452.496209][T16917] Buffer I/O error on dev loop9, logical block 0, async page read
[  452.501908][T16917] Buffer I/O error on dev loop9, logical block 0, async page read
[  452.505411][   T40] kauditd_printk_skb: 32 callbacks suppressed
[  452.505427][   T40] audit: type=1326 audit(1758494129.246:20562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16914 comm="syz.3.3167" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  452.517177][T16917] Buffer I/O error on dev loop9, logical block 0, async page read
[  452.520446][T16917] Buffer I/O error on dev loop9, logical block 0, async page read
[  452.526775][T16917] Buffer I/O error on dev loop9, logical block 0, async page read
[  452.530044][T16917] Buffer I/O error on dev loop9, logical block 0, async page read
[  452.533331][   T40] audit: type=1326 audit(1758494129.246:20563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16914 comm="syz.3.3167" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  452.569077][   T40] audit: type=1326 audit(1758494129.246:20564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16914 comm="syz.3.3167" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf706e579 code=0x7ffc0000
[  452.590904][T16918] dlm: non-version read from control device 8224
[  452.622196][T16917] Buffer I/O error on dev loop9, logical block 0, async page read
[  452.625446][T16917] ldm_validate_partition_table(): Disk read failed.
[  452.629627][   T40] audit: type=1326 audit(1758494129.246:20565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16914 comm="syz.3.3167" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  452.638741][T16917] Buffer I/O error on dev loop9, logical block 0, async page read
[  452.641525][T16917] Buffer I/O error on dev loop9, logical block 0, async page read
[  452.662256][   T40] audit: type=1326 audit(1758494129.246:20566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16914 comm="syz.3.3167" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  452.669170][T16917] Buffer I/O error on dev loop9, logical block 0, async page read
[  452.671663][T16917] Dev loop9: unable to read RDB block 0
[  452.674882][   T40] audit: type=1326 audit(1758494129.246:20567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16914 comm="syz.3.3167" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf706e579 code=0x7ffc0000
[  452.684047][T16917]  loop9: unable to read partition table
[  452.686159][   T40] audit: type=1326 audit(1758494129.246:20568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16914 comm="syz.3.3167" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  452.694518][T16917] loop9: partition table beyond EOD, truncated
[  452.696933][   T40] audit: type=1326 audit(1758494129.246:20569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16914 comm="syz.3.3167" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf706e579 code=0x7ffc0000
[  452.703878][T16917] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  452.703878][T16917] 
) failed (rc=-5)
[  452.704392][   T40] audit: type=1326 audit(1758494129.246:20570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16914 comm="syz.3.3167" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  452.716617][   T40] audit: type=1326 audit(1758494129.246:20571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16914 comm="syz.3.3167" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf706e579 code=0x7ffc0000
[  453.051732][T16932] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0
[  453.495990][T16938] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3170'.
[  453.581832][T16942] mkiss: ax0: crc mode is auto.
[  454.079548][T16958] dlm: non-version read from control device 8224
[  454.132161][ T1473] usb 44-1: device descriptor read/8, error -110
[  454.212197][ T6033] vhci_hcd: vhci_device speed not set
[  454.324838][T16965] overlayfs: failed to resolve './file1': -2
[  454.522714][T16967] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3177'.
[  454.533835][ T1473] usb usb44-port1: attempt power cycle
[  454.711855][T16969] loop9: detected capacity change from 0 to 7
[  454.715631][T16969] ldm_validate_partition_table(): Disk read failed.
[  454.719512][T16969] Dev loop9: unable to read RDB block 0
[  454.726446][T16969]  loop9: unable to read partition table
[  454.729074][T16969] loop9: partition table beyond EOD, truncated
[  454.731707][T16969] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  454.731707][T16969] 
) failed (rc=-5)
[  455.015382][T16979] tmpfs: Cannot disable swap on remount
[  455.133129][ T1473] usb usb44-port1: unable to enumerate USB device
[  455.162203][  T841] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  455.339156][  T841] usb 5-1: New USB device found, idVendor=0fe9, idProduct=db55, bcdDevice=69.fb
[  455.343009][  T841] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=201
[  455.346314][  T841] usb 5-1: Product: syz
[  455.348181][  T841] usb 5-1: Manufacturer: syz
[  455.349920][  T841] usb 5-1: SerialNumber: syz
[  455.354947][  T841] usb 5-1: config 0 descriptor??
[  455.359562][  T841] dvb-usb: found a 'DigitalNow DVB-T Dual USB' in warm state.
[  455.362949][  T841] dvb-usb: bulk message failed: -22 (2/0)
[  455.367859][  T841] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  455.371574][  T841] dvbdev: DVB: registering new adapter (DigitalNow DVB-T Dual USB)
[  455.374183][  T841] usb 5-1: media controller created
[  455.383213][  T841] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  455.552171][ T6234] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  455.735547][ T6234] usb 10-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  455.739560][ T6234] usb 10-1: config 0 interface 0 has no altsetting 0
[  455.745509][ T6234] usb 10-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  455.748456][ T6234] usb 10-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  455.751040][ T6234] usb 10-1: Product: syz
[  455.762082][ T6234] usb 10-1: Manufacturer: syz
[  455.764134][ T6234] usb 10-1: SerialNumber: syz
[  455.769152][ T6234] usb 10-1: config 0 descriptor??
[  455.777801][ T6234] usb 10-1: selecting invalid altsetting 0
[  456.048314][T15614] usb 10-1: USB disconnect, device number 2
[  456.580397][T16997] dlm: non-version read from control device 8224
[  456.837259][T17009] fuse: Bad value for 'user_id'
[  456.839460][T17009] fuse: Bad value for 'user_id'
[  457.010881][T17016] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3188'.
[  457.015688][T17016] netlink: 356 bytes leftover after parsing attributes in process `syz.5.3188'.
[  457.419577][T17019] capability: warning: `syz.1.3192' uses 32-bit capabilities (legacy support in use)
[  457.756083][T17026] vxcan1 speed is unknown, defaulting to 1000
[  457.858386][T17026] lo speed is unknown, defaulting to 1000
[  457.950135][  T841] cxusb: set interface failed
[  457.952925][  T841] dvb-usb: bulk message failed: -22 (1/0)
[  457.982590][  T841] DVB: Unable to find symbol mt352_attach()
[  457.985166][  T841] dvb-usb: bulk message failed: -22 (5/0)
[  457.985203][  T841] zl10353_read_register: readreg error (reg=127, ret==-121)
[  457.985240][  T841] dvb-usb: no frontend was attached by 'DigitalNow DVB-T Dual USB'
[  458.052784][T17041] FAULT_INJECTION: forcing a failure.
[  458.052784][T17041] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  458.056760][T17041] CPU: 3 UID: 0 PID: 17041 Comm: syz.1.3200 Not tainted syzkaller #0 PREEMPT(full) 
[  458.056776][T17041] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  458.056782][T17041] Call Trace:
[  458.056786][T17041]  <TASK>
[  458.056791][T17041]  dump_stack_lvl+0x16c/0x1f0
[  458.056811][T17041]  should_fail_ex+0x512/0x640
[  458.056831][T17041]  _copy_from_user+0x2e/0xd0
[  458.056843][T17041]  do_sys_name_to_handle+0x205/0x820
[  458.056858][T17041]  ? __pfx_do_sys_name_to_handle+0x10/0x10
[  458.056869][T17041]  ? getname_flags.part.0+0x1c5/0x550
[  458.056887][T17041]  ? putname+0x154/0x1a0
[  458.056903][T17041]  __ia32_sys_name_to_handle_at+0x2ad/0x300
[  458.056917][T17041]  ? __pfx___ia32_sys_name_to_handle_at+0x10/0x10
[  458.056930][T17041]  ? rcu_is_watching+0x12/0xc0
[  458.056944][T17041]  __do_fast_syscall_32+0x7c/0x300
[  458.056962][T17041]  do_fast_syscall_32+0x32/0x80
[  458.056972][T17041]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  458.056985][T17041] RIP: 0023:0xf7f67579
[  458.056994][T17041] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  458.057005][T17041] RSP: 002b:00000000f546655c EFLAGS: 00000296 ORIG_RAX: 0000000000000155
[  458.057015][T17041] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000080
[  458.057022][T17041] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  458.057028][T17041] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  458.057034][T17041] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  458.057040][T17041] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  458.057052][T17041]  </TASK>
[  458.120511][    C3] vkms_vblank_simulate: vblank timer overrun
[  458.123989][ T6234] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  458.152280][  T841] rc_core: IR keymap rc-dvico-mce not found
[  458.154853][  T841] Registered IR keymap rc-empty
[  458.157793][  T841] rc rc0: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.0/usb5/5-1/rc/rc0
[  458.163238][  T841] input: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.0/usb5/5-1/rc/rc0/input39
[  458.168722][  T841] dvb-usb: schedule remote query interval to 100 msecs.
[  458.171576][  T841] dvb-usb: DigitalNow DVB-T Dual USB successfully initialized and connected.
[  458.176505][  T841] usb 5-1: USB disconnect, device number 24
[  458.195065][  T841] dvb-usb: DigitalNow DVB-T Dual USB successfully deinitialized and disconnected.
[  458.273420][ T6234] usb 10-1: config 170 has no interfaces?
[  458.276751][ T6234] usb 10-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  458.279656][ T6234] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  458.282591][ T6234] usb 10-1: Product: syz
[  458.283920][ T6234] usb 10-1: Manufacturer: syz
[  458.285390][ T6234] usb 10-1: SerialNumber: syz
[  458.306225][T17054] netlink: 'syz.1.3204': attribute type 4 has an invalid length.
[  458.788981][ T6234] usb 10-1: USB disconnect, device number 3
[  459.073475][T17064] overlayfs: conflicting options: nfs_export=on,index=off
[  459.150302][T17062] vxcan1 speed is unknown, defaulting to 1000
[  459.297492][T17062] lo speed is unknown, defaulting to 1000
[  459.382151][ T6234] usb 8-1: new high-speed USB device number 25 using dummy_hcd
[  459.553989][ T6234] usb 8-1: Using ep0 maxpacket: 8
[  459.565317][ T6234] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[  459.568942][ T6234] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  459.573133][ T6234] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  459.577156][ T6234] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  459.586166][ T6234] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  459.601623][ T6234] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  459.605723][ T6234] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  459.950533][ T6234] usb 8-1: usb_control_msg returned -32
[  460.352873][ T6234] usbtmc 8-1:16.0: can't read capabilities
[  460.429086][T17085] evm: overlay not supported
[  460.484287][T17086] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  460.488188][T17086] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  460.924833][T17096] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3214'.
[  461.701337][T17110] FAULT_INJECTION: forcing a failure.
[  461.701337][T17110] name failslab, interval 1, probability 0, space 0, times 0
[  461.710408][T17110] CPU: 3 UID: 0 PID: 17110 Comm: syz.1.3217 Not tainted syzkaller #0 PREEMPT(full) 
[  461.710424][T17110] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  461.710431][T17110] Call Trace:
[  461.710434][T17110]  <TASK>
[  461.710439][T17110]  dump_stack_lvl+0x16c/0x1f0
[  461.710460][T17110]  should_fail_ex+0x512/0x640
[  461.710477][T17110]  ? fs_reclaim_acquire+0xae/0x150
[  461.710494][T17110]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  461.710510][T17110]  should_failslab+0xc2/0x120
[  461.710525][T17110]  __kmalloc_noprof+0xd2/0x510
[  461.710541][T17110]  tomoyo_realpath_from_path+0xc2/0x6e0
[  461.710558][T17110]  ? tomoyo_profile+0x47/0x60
[  461.710569][T17110]  tomoyo_path_number_perm+0x245/0x580
[  461.710582][T17110]  ? tomoyo_path_number_perm+0x237/0x580
[  461.710596][T17110]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  461.710623][T17110]  ? find_held_lock+0x2b/0x80
[  461.710635][T17110]  ? hook_file_ioctl_common+0x145/0x410
[  461.710652][T17110]  ? __fget_files+0x20e/0x3c0
[  461.710667][T17110]  security_file_ioctl_compat+0x9b/0x240
[  461.710682][T17110]  __ia32_compat_sys_ioctl+0xc3/0x370
[  461.710702][T17110]  __do_fast_syscall_32+0x7c/0x300
[  461.710720][T17110]  do_fast_syscall_32+0x32/0x80
[  461.710730][T17110]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  461.710743][T17110] RIP: 0023:0xf7f67579
[  461.710752][T17110] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  461.710763][T17110] RSP: 002b:00000000f542455c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  461.710774][T17110] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080045300
[  461.710781][T17110] RDX: 0000000080000180 RSI: 0000000000000000 RDI: 0000000000000000
[  461.710787][T17110] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  461.710793][T17110] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  461.710799][T17110] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  461.710811][T17110]  </TASK>
[  461.710816][T17110] ERROR: Out of memory at tomoyo_realpath_from_path.
[  461.763986][   T62] block nbd0: Receive control failed (result -32)
[  461.784874][T17098] block nbd0: shutting down sockets
[  461.908851][T17120] Bluetooth: MGMT ver 1.23
[  462.289457][T17126] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3222'.
[  462.816636][T17132] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3224'.
[  462.998635][ T6063] usb 8-1: USB disconnect, device number 25
[  463.227046][T17146] kAFS: No cell specified
[  463.323893][T17149] siw: device registration error -23
[  463.649782][   T40] kauditd_printk_skb: 43 callbacks suppressed
[  463.649798][   T40] audit: type=1326 audit(1758494140.406:20615): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17139 comm="syz.3.3227" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  463.661707][   T40] audit: type=1326 audit(1758494140.416:20616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17139 comm="syz.3.3227" exe="/syz-executor" sig=0 arch=40000003 syscall=437 compat=1 ip=0xf706e579 code=0x7ffc0000
[  463.672965][   T40] audit: type=1326 audit(1758494140.436:20617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17139 comm="syz.3.3227" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  463.681439][   T40] audit: type=1326 audit(1758494140.436:20618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17139 comm="syz.3.3227" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf706e579 code=0x7ffc0000
[  463.691660][   T40] audit: type=1326 audit(1758494140.446:20619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17139 comm="syz.3.3227" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  463.706376][   T40] audit: type=1326 audit(1758494140.446:20620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17139 comm="syz.3.3227" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  463.785053][T17150] pim6reg: entered allmulticast mode
[  463.801287][T17150] pim6reg: left allmulticast mode
[  463.810721][   T40] audit: type=1326 audit(1758494140.546:20621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17139 comm="syz.3.3227" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf706e579 code=0x7ffc0000
[  463.832521][   T40] audit: type=1326 audit(1758494140.566:20622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17139 comm="syz.3.3227" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  463.840886][   T40] audit: type=1326 audit(1758494140.566:20623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17139 comm="syz.3.3227" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf706e579 code=0x7ffc0000
[  463.937459][T17156] can0: slcan on ttyS3.
[  464.012427][T17156] can0 (unregistered): slcan off ttyS3.
[  464.559303][T14180] Bluetooth: hci2: Frame reassembly failed (-84)
[  464.573513][T17171] Bluetooth: hci2: Frame reassembly failed (-84)
[  464.587610][T17170] xt_socket: unknown flags 0x50
[  464.599879][T17166] netlink: 'syz.3.3234': attribute type 5 has an invalid length.
[  464.603537][T17166] netlink: 'syz.3.3234': attribute type 7 has an invalid length.
[  464.616446][T17166] : entered promiscuous mode
[  465.138396][T17174] binder: 17173:17174 unknown command 0
[  465.140740][T17174] binder: 17173:17174 ioctl c0306201 800002c0 returned -22
[  465.170753][T14180] bridge_slave_1: left allmulticast mode
[  465.175741][T14180] bridge_slave_1: left promiscuous mode
[  465.179390][T14180] bridge0: port 2(bridge_slave_1) entered disabled state
[  465.184939][T14180] bridge_slave_0: left allmulticast mode
[  465.187465][T14180] bridge_slave_0: left promiscuous mode
[  465.190160][T14180] bridge0: port 1(bridge_slave_0) entered disabled state
[  465.290532][T14180] bond10 (unregistering): (slave erspan1): Releasing active interface
[  465.328695][T14180] bond2 (unregistering): (slave geneve2): Releasing active interface
[  465.372127][T17169] comedi comedi2: reset error (fatal)
[  465.546040][T14180] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  465.555405][T14180] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  465.562903][T14180] bond0 (unregistering): Released all slaves
[  465.674335][T14180] bond1 (unregistering): Released all slaves
[  465.680667][T14180] bond2 (unregistering): Released all slaves
[  465.688658][T14180] bond3 (unregistering): Released all slaves
[  465.695603][T14180] bond4 (unregistering): Released all slaves
[  465.705678][T14180] bond5 (unregistering): Released all slaves
[  465.713469][T14180] bond6 (unregistering): Released all slaves
[  465.720641][T14180] bond7 (unregistering): Released all slaves
[  465.729621][T14180] bond8 (unregistering): Released all slaves
[  465.737943][T14180] bond9 (unregistering): Released all slaves
[  465.819256][T14180] bond10 (unregistering): Released all slaves
[  465.825794][T14180] bond11 (unregistering): Released all slaves
[  465.831994][T14180] bond12 (unregistering): Released all slaves
[  465.838353][T14180] bond13 (unregistering): Released all slaves
[  466.001601][T14180] tipc: Left network mode
[  466.052330][T13984] Bluetooth: Error in BCSP hdr checksum
[  466.382267][ T5341] Bluetooth: hci0: command 0x040f tx timeout
[  466.419595][ T1147] Bluetooth: Error in BCSP hdr checksum
[  466.532096][T14180] hsr_slave_0: left promiscuous mode
[  466.534661][T14180] hsr_slave_1: left promiscuous mode
[  466.536834][T14180] batman_adv: batadv0: Removing interface: batadv_slave_0
[  466.602770][ T5986] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  466.675505][T14026] Bluetooth: Error in BCSP hdr checksum
[  466.855239][T17207] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  466.857398][T17207] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  466.860967][T17207] vhci_hcd vhci_hcd.0: Device attached
[  466.994615][   T40] audit: type=1800 audit(1758494143.736:20624): pid=17207 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3244" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  467.152344][ T6063] usb 44-1: SetAddress Request (14) to port 0
[  467.154988][ T6063] usb 44-1: new SuperSpeed USB device number 14 using vhci_hcd
[  467.294190][T17217] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3247'.
[  467.884596][T14180] team0 (unregistering): Port device team_slave_1 removed
[  467.955381][T17208] vhci_hcd: connection reset by peer
[  467.957261][ T1147] vhci_hcd: stop threads
[  467.958982][ T1147] vhci_hcd: release socket
[  467.962893][ T1147] vhci_hcd: disconnect device
[  468.004048][T14180] team0 (unregistering): Port device team_slave_0 removed
[  468.123127][ T5986] Bluetooth: hci4: command 0x1003 tx timeout
[  468.126384][ T5980] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  468.502217][ T6033] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  468.633970][T17222] PKCS8: Unsupported PKCS#8 version
[  468.672110][ T6033] usb 10-1: Using ep0 maxpacket: 16
[  468.674994][ T6033] usb 10-1: config index 0 descriptor too short (expected 65, got 36)
[  468.677653][ T6033] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  468.681072][ T6033] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  468.684290][ T6033] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  468.688381][ T6033] usb 10-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  468.691268][ T6033] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.694880][ T6033] usb 10-1: config 0 descriptor??
[  468.701815][ T6033] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/input/input40
[  468.708319][ T5375] pxrc 10-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  468.718093][ T5375] pxrc 10-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  468.724438][ T5375] pxrc 10-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  468.730173][ T5375] pxrc 10-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  468.906214][T17220] pxrc 10-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  468.925762][ T6033] usb 10-1: USB disconnect, device number 4
[  469.784271][T17246] Option '                                                                                                 ' to dns_resolver key: bad/missing value
[  470.428828][T17256] FAULT_INJECTION: forcing a failure.
[  470.428828][T17256] name failslab, interval 1, probability 0, space 0, times 0
[  470.433904][T17256] CPU: 2 UID: 0 PID: 17256 Comm: syz.3.3258 Not tainted syzkaller #0 PREEMPT(full) 
[  470.433926][T17256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  470.433936][T17256] Call Trace:
[  470.433943][T17256]  <TASK>
[  470.433950][T17256]  dump_stack_lvl+0x16c/0x1f0
[  470.433977][T17256]  should_fail_ex+0x512/0x640
[  470.434000][T17256]  ? fs_reclaim_acquire+0xae/0x150
[  470.434027][T17256]  should_failslab+0xc2/0x120
[  470.434062][T17256]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  470.434084][T17256]  ? security_inode_alloc+0x3b/0x2b0
[  470.434108][T17256]  security_inode_alloc+0x3b/0x2b0
[  470.434125][T17256]  inode_init_always_gfp+0xce4/0x1030
[  470.434146][T17256]  alloc_inode+0x86/0x240
[  470.434169][T17256]  new_inode+0x22/0x1c0
[  470.434194][T17256]  __debugfs_create_file+0x11c/0x6b0
[  470.434214][T17256]  debugfs_create_file_full+0x41/0x60
[  470.434234][T17256]  ? __pfx_vlan_setup+0x10/0x10
[  470.434255][T17256]  ref_tracker_dir_debugfs+0x19d/0x290
[  470.434272][T17256]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[  470.434301][T17256]  ? __kvmalloc_node_noprof+0x298/0x620
[  470.434318][T17256]  ? rcu_is_watching+0x12/0xc0
[  470.434337][T17256]  ? lockdep_init_map_type+0x5c/0x280
[  470.434363][T17256]  alloc_netdev_mqs+0x30f/0x1530
[  470.434388][T17256]  rtnl_create_link+0xc08/0xf90
[  470.434407][T17256]  rtnl_newlink+0xb69/0x2000
[  470.434429][T17256]  ? __pfx_rtnl_newlink+0x10/0x10
[  470.434446][T17256]  ? __kernel_text_address+0xd/0x40
[  470.434456][T17256]  ? unwind_get_return_address+0x59/0xa0
[  470.434478][T17256]  ? rcu_is_watching+0x12/0xc0
[  470.434494][T17256]  ? find_held_lock+0x2b/0x80
[  470.434504][T17256]  ? __pfx_rtnl_newlink+0x10/0x10
[  470.434519][T17256]  ? __pfx_rtnl_newlink+0x10/0x10
[  470.434535][T17256]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  470.434545][T17256]  ? __pfx_rtnl_newlink+0x10/0x10
[  470.434562][T17256]  rtnetlink_rcv_msg+0x95e/0xe90
[  470.434573][T17256]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  470.434585][T17256]  ? __lock_acquire+0x62e/0x1ce0
[  470.434602][T17256]  netlink_rcv_skb+0x155/0x420
[  470.434619][T17256]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  470.434630][T17256]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  470.434651][T17256]  ? netlink_deliver_tap+0x1ae/0xd30
[  470.434666][T17256]  ? is_vmalloc_addr+0x86/0xa0
[  470.434681][T17256]  netlink_unicast+0x5aa/0x870
[  470.434699][T17256]  ? __pfx_netlink_unicast+0x10/0x10
[  470.434716][T17256]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  470.434736][T17256]  netlink_sendmsg+0x8d1/0xdd0
[  470.434755][T17256]  ? __pfx_netlink_sendmsg+0x10/0x10
[  470.434773][T17256]  ? aa_sock_msg_perm.constprop.0+0x100/0x1d0
[  470.434787][T17256]  ____sys_sendmsg+0xa95/0xc70
[  470.434801][T17256]  ? __pfx_____sys_sendmsg+0x10/0x10
[  470.434812][T17256]  ? get_compat_msghdr+0x11a/0x170
[  470.434834][T17256]  ___sys_sendmsg+0x134/0x1d0
[  470.434851][T17256]  ? __pfx____sys_sendmsg+0x10/0x10
[  470.434874][T17256]  ? find_held_lock+0x2b/0x80
[  470.434893][T17256]  __sys_sendmsg+0x16d/0x220
[  470.434910][T17256]  ? __pfx___sys_sendmsg+0x10/0x10
[  470.434932][T17256]  ? rcu_is_watching+0x12/0xc0
[  470.434945][T17256]  __do_fast_syscall_32+0x7c/0x300
[  470.434963][T17256]  do_fast_syscall_32+0x32/0x80
[  470.434973][T17256]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  470.434986][T17256] RIP: 0023:0xf706e579
[  470.434996][T17256] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  470.435007][T17256] RSP: 002b:00000000f545e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[  470.435017][T17256] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000280
[  470.435024][T17256] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  470.435030][T17256] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  470.435036][T17256] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  470.435042][T17256] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  470.435056][T17256]  </TASK>
[  470.435107][T17256] debugfs: out of free dentries, can not create file 'netdev@ffff888066be0610'
[  470.587564][T17256] vlan2: entered allmulticast mode
[  470.589692][T17256] bridge0: entered allmulticast mode
[  470.591752][T17256] bond1: (slave vlan2): Opening slave failed
[  470.617060][T17259] netlink: 'syz.1.3259': attribute type 12 has an invalid length.
[  470.700789][T17265] 9pnet_fd: Insufficient options for proto=fd
[  471.443534][T17284] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  471.470972][T17284] netdevsim netdevsim1: Direct firmware load for @ failed with error -2
[  471.473994][T17284] netdevsim netdevsim1: Falling back to sysfs fallback for: @
[  471.528051][T17285] fuse: Unknown parameter '0x00000000000000080x000000000000000c0177777777777777777777700000000000000000000'
[  472.212168][ T6063] usb 44-1: device descriptor read/8, error -110
[  472.742555][T17284] Process accounting resumed
[  472.752587][ T6063] usb usb44-port1: attempt power cycle
[  473.230272][T17311] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3271'.
[  473.330143][T17311] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3271'.
[  473.353079][ T6063] usb usb44-port1: unable to enumerate USB device
[  473.437876][T17319] netlink: 'syz.3.3274': attribute type 1 has an invalid length.
[  473.620362][T17321] random: crng reseeded on system resumption
[  473.722227][ T6026] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  473.829277][T17329] siw: device registration error -23
[  473.882151][ T6026] usb 8-1: Using ep0 maxpacket: 32
[  473.886091][ T6026] usb 8-1: no configurations
[  473.889070][ T6026] usb 8-1: can't read configurations, error -22
[  474.032202][ T6026] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[  474.121277][   T40] audit: type=1326 audit(1758494150.876:20625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17335 comm="syz.0.3280" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5579 code=0x7ffc0000
[  474.137545][   T40] audit: type=1326 audit(1758494150.896:20626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17335 comm="syz.0.3280" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5579 code=0x7ffc0000
[  474.156281][T17336] loop9: detected capacity change from 0 to 7
[  474.159123][   T40] audit: type=1326 audit(1758494150.906:20627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17335 comm="syz.0.3280" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fd5579 code=0x7ffc0000
[  474.161559][T17336] buffer_io_error: 18 callbacks suppressed
[  474.161574][T17336] Buffer I/O error on dev loop9, logical block 0, async page read
[  474.176234][   T40] audit: type=1326 audit(1758494150.906:20628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17335 comm="syz.0.3280" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5579 code=0x7ffc0000
[  474.176363][T17336] Buffer I/O error on dev loop9, logical block 0, async page read
[  474.185228][   T40] audit: type=1326 audit(1758494150.906:20629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17335 comm="syz.0.3280" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5579 code=0x7ffc0000
[  474.188690][T17336] Buffer I/O error on dev loop9, logical block 0, async page read
[  474.192113][ T6026] usb 8-1: Using ep0 maxpacket: 32
[  474.192621][ T6026] usb 8-1: no configurations
[  474.192631][ T6026] usb 8-1: can't read configurations, error -22
[  474.192803][ T6026] usb usb8-port1: attempt power cycle
[  474.195475][   T40] audit: type=1326 audit(1758494150.906:20630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17335 comm="syz.0.3280" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fd5579 code=0x7ffc0000
[  474.195517][   T40] audit: type=1326 audit(1758494150.906:20631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17335 comm="syz.0.3280" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5579 code=0x7ffc0000
[  474.195554][   T40] audit: type=1326 audit(1758494150.906:20632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17335 comm="syz.0.3280" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fd5579 code=0x7ffc0000
[  474.195591][   T40] audit: type=1326 audit(1758494150.906:20633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17335 comm="syz.0.3280" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fd5579 code=0x7ffc0000
[  474.195630][   T40] audit: type=1326 audit(1758494150.916:20634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17335 comm="syz.0.3280" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7fd5579 code=0x7ffc0000
[  474.201592][T17336] Buffer I/O error on dev loop9, logical block 0, async page read
[  474.242673][T17336] Buffer I/O error on dev loop9, logical block 0, async page read
[  474.245119][T17336] Buffer I/O error on dev loop9, logical block 0, async page read
[  474.247599][T17336] Buffer I/O error on dev loop9, logical block 0, async page read
[  474.250070][T17336] ldm_validate_partition_table(): Disk read failed.
[  474.252719][T17336] Buffer I/O error on dev loop9, logical block 0, async page read
[  474.255810][T17336] Buffer I/O error on dev loop9, logical block 0, async page read
[  474.258888][T17336] Buffer I/O error on dev loop9, logical block 0, async page read
[  474.262840][T17336] Dev loop9: unable to read RDB block 0
[  474.264594][T17336]  loop9: unable to read partition table
[  474.266526][T17336] loop9: partition table beyond EOD, truncated
[  474.268926][T17336] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  474.268926][T17336] 
) failed (rc=-5)
[  474.532131][ T6026] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[  474.552898][ T6026] usb 8-1: Using ep0 maxpacket: 32
[  474.555879][ T6026] usb 8-1: no configurations
[  474.557850][ T6026] usb 8-1: can't read configurations, error -22
[  474.682320][ T6026] usb 8-1: new high-speed USB device number 29 using dummy_hcd
[  474.704707][ T6026] usb 8-1: Using ep0 maxpacket: 32
[  474.707292][ T6026] usb 8-1: no configurations
[  474.709403][ T6026] usb 8-1: can't read configurations, error -22
[  474.712399][ T6026] usb usb8-port1: unable to enumerate USB device
[  474.791122][T17347] netlink: 33828 bytes leftover after parsing attributes in process `syz.1.3283'.
[  474.826789][T17349] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3284'.
[  474.933798][T17354] tipc: Started in network mode
[  474.935364][T17354] tipc: Node identity , cluster identity 4711
[  474.937271][T17354] tipc: Failed to set node id, please configure manually
[  474.939456][T17354] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  475.096602][T17361] kAFS: No cell specified
[  475.168475][T17361] siw: device registration error -23
[  476.025384][T17371] vxcan1 speed is unknown, defaulting to 1000
[  476.056178][T17373] netlink: 'syz.5.3291': attribute type 2 has an invalid length.
[  476.129395][T17371] lo speed is unknown, defaulting to 1000
[  476.487842][T17393] netlink: 'syz.5.3296': attribute type 6 has an invalid length.
[  476.622277][  T841] usb 5-1: new low-speed USB device number 25 using dummy_hcd
[  476.774850][  T841] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  476.777540][  T841] usb 5-1: config 0 has no interface number 0
[  476.779953][  T841] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  476.784695][  T841] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  476.789143][  T841] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  476.792900][  T841] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  476.803869][  T841] usb 5-1: config 0 descriptor??
[  476.812186][T17384] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  476.826359][  T841] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  477.021058][T17384] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  477.035114][T17384] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  477.044266][ T6026] usb 5-1: USB disconnect, device number 25
[  477.064890][T17411] FAULT_INJECTION: forcing a failure.
[  477.064890][T17411] name failslab, interval 1, probability 0, space 0, times 0
[  477.069754][T17411] CPU: 0 UID: 0 PID: 17411 Comm: syz.3.3303 Not tainted syzkaller #0 PREEMPT(full) 
[  477.069770][T17411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  477.069777][T17411] Call Trace:
[  477.069781][T17411]  <TASK>
[  477.069786][T17411]  dump_stack_lvl+0x16c/0x1f0
[  477.069806][T17411]  should_fail_ex+0x512/0x640
[  477.069826][T17411]  ? io_cache_alloc_new+0x45/0xf0
[  477.069836][T17411]  should_failslab+0xc2/0x120
[  477.069851][T17411]  __kmalloc_noprof+0xd2/0x510
[  477.069865][T17411]  ? __pfx_io_file_supports_nowait+0x10/0x10
[  477.069882][T17411]  io_cache_alloc_new+0x45/0xf0
[  477.069892][T17411]  io_arm_apoll+0x88e/0xa60
[  477.069909][T17411]  ? __pfx_io_arm_apoll+0x10/0x10
[  477.069927][T17411]  ? io_read+0x32/0x70
[  477.069942][T17411]  io_arm_poll_handler+0x223/0x2b0
[  477.069958][T17411]  io_queue_async+0xaf/0x330
[  477.069973][T17411]  io_submit_sqes+0x1746/0x25c0
[  477.069995][T17411]  __do_sys_io_uring_enter+0xd6a/0x1630
[  477.070012][T17411]  ? __fget_files+0x20e/0x3c0
[  477.070025][T17411]  ? __pfx___do_sys_io_uring_enter+0x10/0x10
[  477.070042][T17411]  ? fput+0x9b/0xd0
[  477.070058][T17411]  ? ksys_write+0x1ac/0x250
[  477.070071][T17411]  ? __pfx_ksys_write+0x10/0x10
[  477.070085][T17411]  ? rcu_is_watching+0x12/0xc0
[  477.070099][T17411]  __do_fast_syscall_32+0x7c/0x300
[  477.070117][T17411]  do_fast_syscall_32+0x32/0x80
[  477.070128][T17411]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  477.070142][T17411] RIP: 0023:0xf706e579
[  477.070156][T17411] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  477.070166][T17411] RSP: 002b:00000000f545e55c EFLAGS: 00000296 ORIG_RAX: 00000000000001aa
[  477.070177][T17411] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000000048e9
[  477.070184][T17411] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000
[  477.070190][T17411] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  477.070197][T17411] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  477.070203][T17411] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  477.070217][T17411]  </TASK>
[  477.430120][T17421] syz_tun: entered allmulticast mode
[  477.582616][T17427] tipc: Started in network mode
[  477.584788][T17427] tipc: Node identity 5ae4dbd56da1, cluster identity 4711
[  477.587379][T17427] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  477.590111][T17427] syzkaller0: entered promiscuous mode
[  477.591961][T17427] syzkaller0: entered allmulticast mode
[  477.609134][T17426] tipc: Resetting bearer <eth:syzkaller0>
[  477.624850][T17426] tipc: Disabling bearer <eth:syzkaller0>
[  477.740309][T17437] FAULT_INJECTION: forcing a failure.
[  477.740309][T17437] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  477.748875][T17437] CPU: 2 UID: 0 PID: 17437 Comm: syz.0.3312 Not tainted syzkaller #0 PREEMPT(full) 
[  477.748907][T17437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  477.748919][T17437] Call Trace:
[  477.748926][T17437]  <TASK>
[  477.748934][T17437]  dump_stack_lvl+0x16c/0x1f0
[  477.748967][T17437]  should_fail_ex+0x512/0x640
[  477.748998][T17437]  _copy_from_user+0x2e/0xd0
[  477.749018][T17437]  get_compat_sigset+0x21/0x50
[  477.749039][T17437]  __ia32_compat_sys_rt_sigaction+0x1e3/0x420
[  477.749068][T17437]  ? __pfx___ia32_compat_sys_rt_sigaction+0x10/0x10
[  477.749099][T17437]  ? ksys_write+0x1ac/0x250
[  477.749125][T17437]  ? rcu_is_watching+0x12/0xc0
[  477.749147][T17437]  __do_fast_syscall_32+0x7c/0x300
[  477.749176][T17437]  do_fast_syscall_32+0x32/0x80
[  477.749193][T17437]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  477.749215][T17437] RIP: 0023:0xf7fd5579
[  477.749229][T17437] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  477.749246][T17437] RSP: 002b:00000000f54d655c EFLAGS: 00000296 ORIG_RAX: 00000000000000ae
[  477.749263][T17437] RAX: ffffffffffffffda RBX: 000000000000000e RCX: 00000000800000c0
[  477.749274][T17437] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000080000200
[  477.749284][T17437] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  477.749294][T17437] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  477.749304][T17437] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  477.749327][T17437]  </TASK>
[  477.844515][T17432] block nbd0: server does not support multiple connections per device.
[  477.847930][T17432] block nbd0: shutting down sockets
[  477.857995][T17441] dlm: non-version read from control device 8224
[  478.260227][T17451] netlink: 60 bytes leftover after parsing attributes in process `syz.3.3317'.
[  478.306625][T17419] syz_tun: left allmulticast mode
[  478.367725][T17456] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3318'.
[  478.597385][T17464] FAULT_INJECTION: forcing a failure.
[  478.597385][T17464] name failslab, interval 1, probability 0, space 0, times 0
[  478.601660][T17464] CPU: 2 UID: 0 PID: 17464 Comm: syz.0.3321 Not tainted syzkaller #0 PREEMPT(full) 
[  478.601676][T17464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  478.601682][T17464] Call Trace:
[  478.601688][T17464]  <TASK>
[  478.601695][T17464]  dump_stack_lvl+0x16c/0x1f0
[  478.601723][T17464]  should_fail_ex+0x512/0x640
[  478.601748][T17464]  ? fs_reclaim_acquire+0xae/0x150
[  478.601769][T17464]  ? tomoyo_encode2+0x100/0x3e0
[  478.601787][T17464]  should_failslab+0xc2/0x120
[  478.601808][T17464]  __kmalloc_noprof+0xd2/0x510
[  478.601828][T17464]  ? d_absolute_path+0x136/0x1a0
[  478.601855][T17464]  tomoyo_encode2+0x100/0x3e0
[  478.601876][T17464]  tomoyo_encode+0x29/0x50
[  478.601902][T17464]  tomoyo_realpath_from_path+0x18f/0x6e0
[  478.601931][T17464]  tomoyo_path_number_perm+0x245/0x580
[  478.601950][T17464]  ? tomoyo_path_number_perm+0x237/0x580
[  478.601971][T17464]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  478.602008][T17464]  ? find_held_lock+0x2b/0x80
[  478.602039][T17464]  ? hook_file_ioctl_common+0x145/0x410
[  478.602067][T17464]  ? __fget_files+0x20e/0x3c0
[  478.602090][T17464]  security_file_ioctl_compat+0x9b/0x240
[  478.602109][T17464]  __ia32_compat_sys_ioctl+0xc3/0x370
[  478.602138][T17464]  __do_fast_syscall_32+0x7c/0x300
[  478.602164][T17464]  do_fast_syscall_32+0x32/0x80
[  478.602178][T17464]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  478.602212][T17464] RIP: 0023:0xf7fd5579
[  478.602225][T17464] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  478.602240][T17464] RSP: 002b:00000000f54d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  478.602255][T17464] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000004004af61
[  478.602266][T17464] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  478.602275][T17464] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  478.602285][T17464] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  478.602293][T17464] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  478.602311][T17464]  </TASK>
[  478.678949][T17464] ERROR: Out of memory at tomoyo_realpath_from_path.
[  479.247889][   T40] kauditd_printk_skb: 13 callbacks suppressed
[  479.247900][   T40] audit: type=1800 audit(1758494156.006:20648): pid=17471 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3322" name="file1" dev="9p" ino=77594667 res=0 errno=0
[  479.274337][T17471] netfs: Couldn't get user pages (rc=-14)
[  479.301999][T17456] hsr_slave_1 (unregistering): left promiscuous mode
[  479.805651][T17482] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3325'.
[  480.631125][T17499] mkiss: ax0: crc mode is auto.
[  481.022294][T15614] usb 8-1: new high-speed USB device number 30 using dummy_hcd
[  481.192211][T15614] usb 8-1: Using ep0 maxpacket: 16
[  481.196075][T15614] usb 8-1: config index 0 descriptor too short (expected 65, got 36)
[  481.198804][T15614] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  481.202332][T15614] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  481.207789][T15614] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  481.212995][T15614] usb 8-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00
[  481.215933][T15614] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  481.222277][T15614] usb 8-1: config 0 descriptor??
[  481.230757][T15614] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.0/input/input41
[  481.255857][ T5375] pxrc 8-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  481.259046][ T5375] pxrc 8-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  481.266413][ T5375] pxrc 8-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  481.294495][ T5375] pxrc 8-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  481.325992][T15614] libceph: connect (1)[c::]:6789 error -101
[  481.327950][T15614] libceph: mon0 (1)[c::]:6789 connect error
[  481.370616][T17521] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add()
[  481.379043][T15614] libceph: connect (1)[c::]:6789 error -101
[  481.381151][T15614] libceph: mon0 (1)[c::]:6789 connect error
[  481.428761][T17524] syzkaller1: entered promiscuous mode
[  481.431136][T17524] syzkaller1: entered allmulticast mode
[  481.432098][T17501] pxrc 8-1:0.0: pxrc_open - usb_submit_urb failed, error: -90
[  481.443240][T17501] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  481.446024][T17501] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  481.458417][T17500] delete_channel: no stack
[  481.461232][  T841] usb 8-1: USB disconnect, device number 30
[  481.603866][T15614] libceph: connect (1)[c::]:6789 error -101
[  481.606550][T15614] libceph: mon0 (1)[c::]:6789 connect error
[  481.649588][T15614] libceph: connect (1)[c::]:6789 error -101
[  481.651693][T15614] libceph: mon0 (1)[c::]:6789 connect error
[  482.126913][T15614] libceph: connect (1)[c::]:6789 error -101
[  482.273005][T17517] ceph: No mds server is up or the cluster is laggy
[  482.273044][T17521] ceph: No mds server is up or the cluster is laggy
[  482.574968][T15614] libceph: mon0 (1)[c::]:6789 connect error
[  482.874607][T15614] libceph: connect (1)[c::]:6789 error -101
[  482.877369][T15614] libceph: mon0 (1)[c::]:6789 connect error
[  482.978883][T17551] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3341'.
[  483.010232][T17551] netlink: 208 bytes leftover after parsing attributes in process `syz.0.3341'.
[  483.015318][T17551] netlink: 208 bytes leftover after parsing attributes in process `syz.0.3341'.
[  483.247996][T17570] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3345'.
[  483.251866][T17570] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3345'.
[  483.328656][T17570] bridge0: port 3(vlan2) entered blocking state
[  483.331186][T17570] bridge0: port 3(vlan2) entered disabled state
[  483.333822][T17570] vlan2: entered allmulticast mode
[  483.335708][T17570] bond0: entered allmulticast mode
[  483.337711][T17570] bond_slave_0: entered allmulticast mode
[  483.339705][T17570] bond_slave_1: entered allmulticast mode
[  483.344199][T17570] vlan2: entered promiscuous mode
[  483.346066][T17570] bond0: entered promiscuous mode
[  483.347934][T17570] bond_slave_0: entered promiscuous mode
[  483.350329][T17570] bond_slave_1: entered promiscuous mode
[  483.492128][   T40] audit: type=1804 audit(1758494160.166:20649): pid=17573 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.3347" name="file0" dev="ramfs" ino=71971 res=1 errno=0
[  483.501158][T17573] netlink: 'syz.5.3347': attribute type 1 has an invalid length.
[  483.547395][T17574] bond1: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  483.551211][T17574] bond1: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  483.555903][T17574] bond1: (slave ipvlan2): Setting fail_over_mac to active for active-backup mode
[  483.577015][T17573] bond1: (slave ipvlan2): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  483.581131][T17573] bond1: (slave ipvlan2): The slave device specified does not support setting the MAC address
[  483.828216][T17582] mac80211_hwsim hwsim19 wlan0: entered promiscuous mode
[  484.432140][T17575] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  485.051495][T17584] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  485.129107][T17599] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3352'.
[  486.149344][ T6234] libceph: connect (1)[c::]:6789 error -101
[  486.153900][ T6234] libceph: mon0 (1)[c::]:6789 connect error
[  486.173908][T17623] ceph: No mds server is up or the cluster is laggy
[  486.453923][T17630] FAULT_INJECTION: forcing a failure.
[  486.453923][T17630] name failslab, interval 1, probability 0, space 0, times 0
[  486.458641][T17630] CPU: 0 UID: 0 PID: 17630 Comm: syz.3.3361 Not tainted syzkaller #0 PREEMPT(full) 
[  486.458664][T17630] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  486.458674][T17630] Call Trace:
[  486.458681][T17630]  <TASK>
[  486.458688][T17630]  dump_stack_lvl+0x16c/0x1f0
[  486.458716][T17630]  should_fail_ex+0x512/0x640
[  486.458738][T17630]  ? __kmalloc_cache_noprof+0x57/0x3e0
[  486.458758][T17630]  should_failslab+0xc2/0x120
[  486.458779][T17630]  __kmalloc_cache_noprof+0x6a/0x3e0
[  486.458798][T17630]  ? snd_mixer_oss_get_volume1_sw.constprop.0.isra.0+0xa4/0x580
[  486.458822][T17630]  snd_mixer_oss_get_volume1_sw.constprop.0.isra.0+0xa4/0x580
[  486.458847][T17630]  snd_mixer_oss_get_recsrc1_sw+0x104/0x1d0
[  486.458865][T17630]  ? __pfx_snd_mixer_oss_get_recsrc1_sw+0x10/0x10
[  486.458891][T17630]  snd_mixer_oss_ioctl1+0xbf0/0x1e40
[  486.458918][T17630]  ? lockdep_hardirqs_on+0x7c/0x110
[  486.458941][T17630]  ? __pfx_snd_mixer_oss_get_recsrc1_sw+0x10/0x10
[  486.458958][T17630]  ? __pfx_snd_mixer_oss_ioctl1+0x10/0x10
[  486.458980][T17630]  ? tomoyo_path_number_perm+0x295/0x580
[  486.459003][T17630]  ? tomoyo_path_number_perm+0x18d/0x580
[  486.459031][T17630]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  486.459065][T17630]  snd_mixer_oss_ioctl_card+0x102/0x170
[  486.459092][T17630]  ? __pfx_snd_mixer_oss_ioctl_card+0x10/0x10
[  486.459127][T17630]  snd_pcm_oss_ioctl+0x137c/0x37a0
[  486.459150][T17630]  ? find_held_lock+0x2b/0x80
[  486.459167][T17630]  ? hook_file_ioctl_common+0x145/0x410
[  486.459192][T17630]  ? __pfx_snd_pcm_oss_ioctl+0x10/0x10
[  486.459217][T17630]  ? __fget_files+0x20e/0x3c0
[  486.459240][T17630]  ? __pfx_snd_pcm_oss_ioctl_compat+0x10/0x10
[  486.459262][T17630]  __ia32_compat_sys_ioctl+0x23f/0x370
[  486.459293][T17630]  __do_fast_syscall_32+0x7c/0x300
[  486.459325][T17630]  do_fast_syscall_32+0x32/0x80
[  486.459341][T17630]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  486.459363][T17630] RIP: 0023:0xf706e579
[  486.459380][T17630] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  486.459396][T17630] RSP: 002b:00000000f545e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[  486.459415][T17630] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000c0044dff
[  486.459426][T17630] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000
[  486.459435][T17630] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  486.459445][T17630] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  486.459457][T17630] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  486.459480][T17630]  </TASK>
[  486.641865][    C3] vkms_vblank_simulate: vblank timer overrun
[  486.773834][T17640] FAULT_INJECTION: forcing a failure.
[  486.773834][T17640] name failslab, interval 1, probability 0, space 0, times 0
[  486.783593][T17640] CPU: 2 UID: 0 PID: 17640 Comm: syz.0.3363 Not tainted syzkaller #0 PREEMPT(full) 
[  486.783610][T17640] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  486.783617][T17640] Call Trace:
[  486.783621][T17640]  <TASK>
[  486.783625][T17640]  dump_stack_lvl+0x16c/0x1f0
[  486.783646][T17640]  should_fail_ex+0x512/0x640
[  486.783667][T17640]  should_failslab+0xc2/0x120
[  486.783682][T17640]  __kmalloc_cache_noprof+0x6a/0x3e0
[  486.783693][T17640]  ? do_raw_spin_lock+0x12c/0x2b0
[  486.783709][T17640]  ? find_held_lock+0x2b/0x80
[  486.783719][T17640]  ? async_schedule_node_domain+0x54/0x120
[  486.783734][T17640]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[  486.783751][T17640]  async_schedule_node_domain+0x54/0x120
[  486.783765][T17640]  dev_cache_fw_image+0x38e/0x490
[  486.783781][T17640]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  486.783798][T17640]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  486.783812][T17640]  dpm_for_each_dev+0x5a/0xb0
[  486.783826][T17640]  fw_pm_notify+0x81/0x150
[  486.783838][T17640]  notifier_call_chain+0xb9/0x410
[  486.783852][T17640]  ? __pfx_fw_pm_notify+0x10/0x10
[  486.783868][T17640]  blocking_notifier_call_chain_robust+0xc8/0x160
[  486.783883][T17640]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[  486.783899][T17640]  ? do_raw_spin_unlock+0x172/0x230
[  486.783918][T17640]  pm_notifier_call_chain_robust+0x27/0x60
[  486.783934][T17640]  snapshot_open+0x189/0x2b0
[  486.783946][T17640]  ? __pfx_snapshot_open+0x10/0x10
[  486.783960][T17640]  misc_open+0x35a/0x420
[  486.783974][T17640]  ? __pfx_misc_open+0x10/0x10
[  486.783986][T17640]  chrdev_open+0x231/0x6a0
[  486.784001][T17640]  ? __pfx_apparmor_file_open+0x10/0x10
[  486.784013][T17640]  ? __pfx_chrdev_open+0x10/0x10
[  486.784028][T17640]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  486.784044][T17640]  do_dentry_open+0x97f/0x1530
[  486.784058][T17640]  ? __pfx_chrdev_open+0x10/0x10
[  486.784075][T17640]  vfs_open+0x82/0x3f0
[  486.784093][T17640]  path_openat+0x1de4/0x2cb0
[  486.784111][T17640]  ? __pfx_path_openat+0x10/0x10
[  486.784129][T17640]  ? __lock_acquire+0xb97/0x1ce0
[  486.784145][T17640]  do_filp_open+0x20b/0x470
[  486.784158][T17640]  ? __pfx_do_filp_open+0x10/0x10
[  486.784181][T17640]  ? _raw_spin_unlock+0x28/0x50
[  486.784196][T17640]  ? alloc_fd+0x471/0x7d0
[  486.784212][T17640]  do_sys_openat2+0x11b/0x1d0
[  486.784229][T17640]  ? __pfx_do_sys_openat2+0x10/0x10
[  486.784247][T17640]  ? __fget_files+0x20e/0x3c0
[  486.784257][T17640]  ? handle_mm_fault+0x1b0/0xd10
[  486.784271][T17640]  __ia32_compat_sys_openat+0x16d/0x210
[  486.784282][T17640]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  486.784292][T17640]  ? ksys_write+0x1ac/0x250
[  486.784306][T17640]  ? rcu_is_watching+0x12/0xc0
[  486.784320][T17640]  __do_fast_syscall_32+0x7c/0x300
[  486.784338][T17640]  do_fast_syscall_32+0x32/0x80
[  486.784349][T17640]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  486.784362][T17640] RIP: 0023:0xf7fd5579
[  486.784372][T17640] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  486.784382][T17640] RSP: 002b:00000000f54d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  486.784393][T17640] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000800002c0
[  486.784400][T17640] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  486.784406][T17640] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  486.784412][T17640] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  486.784418][T17640] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  486.784432][T17640]  </TASK>
[  486.786068][T17640] 
[  486.921206][T17640] ============================================
[  486.923135][T17640] WARNING: possible recursive locking detected
[  486.925052][T17640] syzkaller #0 Not tainted
[  486.926581][T17640] --------------------------------------------
[  486.929824][T17640] syz.0.3363/17640 is trying to acquire lock:
[  486.932108][T17640] ffffffff8f51dc68 (fw_lock){+.+.}-{4:4}, at: assign_fw+0x4e/0x640
[  486.935074][T17640] 
[  486.935074][T17640] but task is already holding lock:
[  486.937373][T17640] ffffffff8f51dc68 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150
[  486.939984][T17640] 
[  486.939984][T17640] other info that might help us debug this:
[  486.942599][T17640]  Possible unsafe locking scenario:
[  486.942599][T17640] 
[  486.945144][T17640]        CPU0
[  486.946549][T17640]        ----
[  486.947825][T17640]   lock(fw_lock);
[  486.949060][T17640]   lock(fw_lock);
[  486.950657][T17640] 
[  486.950657][T17640]  *** DEADLOCK ***
[  486.950657][T17640] 
[  486.953977][T17640]  May be due to missing lock nesting notation
[  486.953977][T17640] 
[  486.957350][T17640] 5 locks held by syz.0.3363/17640:
[  486.959505][T17640]  #0: ffffffff8f3080e8 (misc_mtx){+.+.}-{4:4}, at: misc_open+0x63/0x420
[  486.962914][T17640]  #1: ffffffff8e484b88 (system_transition_mutex){+.+.}-{4:4}, at: lock_system_sleep+0x87/0xa0
[  486.965029][T17647] fuse: Bad value for 'fd'
[  486.967176][T17640]  #2: ffffffff8e4c4ff0 ((pm_chain_head).rwsem){++++}-{4:4}, at: blocking_notifier_call_chain_robust+0xa8/0x160
[  486.974020][T17640]  #3: ffffffff8f51dc68 (fw_lock){+.+.}-{4:4}, at: fw_pm_notify+0x69/0x150
[  486.977156][T17640]  #4: ffffffff8f518668 (dpm_list_mtx){+.+.}-{4:4}, at: dpm_for_each_dev+0x2d/0xb0
[  486.980275][T17640] 
[  486.980275][T17640] stack backtrace:
[  486.982759][T17640] CPU: 2 UID: 0 PID: 17640 Comm: syz.0.3363 Not tainted syzkaller #0 PREEMPT(full) 
[  486.982780][T17640] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  486.982791][T17640] Call Trace:
[  486.982799][T17640]  <TASK>
[  486.982806][T17640]  dump_stack_lvl+0x116/0x1f0
[  486.982834][T17640]  print_deadlock_bug+0x1e9/0x240
[  486.982856][T17640]  __lock_acquire+0x1133/0x1ce0
[  486.982880][T17640]  ? kasan_save_track+0x14/0x30
[  486.982901][T17640]  lock_acquire+0x179/0x350
[  486.982923][T17640]  ? assign_fw+0x4e/0x640
[  486.982945][T17640]  ? __pfx___might_resched+0x10/0x10
[  486.982963][T17640]  ? path_openat+0x1de4/0x2cb0
[  486.982982][T17640]  ? do_filp_open+0x20b/0x470
[  486.983000][T17640]  ? do_sys_openat2+0x11b/0x1d0
[  486.983028][T17640]  ? assign_fw+0x4e/0x640
[  486.983048][T17640]  __mutex_lock+0x193/0x1060
[  486.983074][T17640]  ? assign_fw+0x4e/0x640
[  486.983098][T17640]  ? __pfx___mutex_lock+0x10/0x10
[  486.983132][T17640]  ? kasan_quarantine_put+0x10a/0x240
[  486.983151][T17640]  ? lockdep_hardirqs_on+0x7c/0x110
[  486.983177][T17640]  ? assign_fw+0x4e/0x640
[  486.983195][T17640]  assign_fw+0x4e/0x640
[  486.983215][T17640]  ? _request_firmware+0x957/0x1470
[  486.983233][T17640]  _request_firmware+0x988/0x1470
[  486.983249][T17640]  ? __pfx__request_firmware+0x10/0x10
[  486.983263][T17640]  ? dump_stack_lvl+0x185/0x1f0
[  486.983278][T17640]  ? lockdep_hardirqs_on+0x7c/0x110
[  486.983294][T17640]  __async_dev_cache_fw_image+0xb1/0x340
[  486.983309][T17640]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[  486.983324][T17640]  ? mark_held_locks+0x49/0x80
[  486.983337][T17640]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[  486.983352][T17640]  ? __pfx___async_dev_cache_fw_image+0x10/0x10
[  486.983367][T17640]  async_schedule_node_domain+0xd4/0x120
[  486.983380][T17640]  dev_cache_fw_image+0x38e/0x490
[  486.983394][T17640]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  486.983408][T17640]  ? __pfx_dev_cache_fw_image+0x10/0x10
[  486.983421][T17640]  dpm_for_each_dev+0x5a/0xb0
[  486.983433][T17640]  fw_pm_notify+0x81/0x150
[  486.983445][T17640]  notifier_call_chain+0xb9/0x410
[  486.983459][T17640]  ? __pfx_fw_pm_notify+0x10/0x10
[  486.983472][T17640]  blocking_notifier_call_chain_robust+0xc8/0x160
[  486.983487][T17640]  ? __pfx_blocking_notifier_call_chain_robust+0x10/0x10
[  486.983502][T17640]  ? do_raw_spin_unlock+0x172/0x230
[  486.983519][T17640]  pm_notifier_call_chain_robust+0x27/0x60
[  486.983533][T17640]  snapshot_open+0x189/0x2b0
[  486.983546][T17640]  ? __pfx_snapshot_open+0x10/0x10
[  486.983559][T17640]  misc_open+0x35a/0x420
[  486.983572][T17640]  ? __pfx_misc_open+0x10/0x10
[  486.983584][T17640]  chrdev_open+0x231/0x6a0
[  486.983597][T17640]  ? __pfx_apparmor_file_open+0x10/0x10
[  486.983610][T17640]  ? __pfx_chrdev_open+0x10/0x10
[  486.983623][T17640]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  486.983636][T17640]  do_dentry_open+0x97f/0x1530
[  486.983649][T17640]  ? __pfx_chrdev_open+0x10/0x10
[  486.983663][T17640]  vfs_open+0x82/0x3f0
[  486.983680][T17640]  path_openat+0x1de4/0x2cb0
[  486.983693][T17640]  ? __pfx_path_openat+0x10/0x10
[  486.983706][T17640]  ? __lock_acquire+0xb97/0x1ce0
[  486.983720][T17640]  do_filp_open+0x20b/0x470
[  486.983732][T17640]  ? __pfx_do_filp_open+0x10/0x10
[  486.983748][T17640]  ? _raw_spin_unlock+0x28/0x50
[  486.983761][T17640]  ? alloc_fd+0x471/0x7d0
[  486.983773][T17640]  do_sys_openat2+0x11b/0x1d0
[  486.983789][T17640]  ? __pfx_do_sys_openat2+0x10/0x10
[  486.983806][T17640]  ? __fget_files+0x20e/0x3c0
[  486.983816][T17640]  ? handle_mm_fault+0x1b0/0xd10
[  486.983827][T17640]  __ia32_compat_sys_openat+0x16d/0x210
[  486.983838][T17640]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  486.983847][T17640]  ? ksys_write+0x1ac/0x250
[  486.983860][T17640]  ? rcu_is_watching+0x12/0xc0
[  486.983871][T17640]  __do_fast_syscall_32+0x7c/0x300
[  486.983889][T17640]  do_fast_syscall_32+0x32/0x80
[  486.983898][T17640]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  486.983912][T17640] RIP: 0023:0xf7fd5579
[  486.983920][T17640] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[  486.983931][T17640] RSP: 002b:00000000f54d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000127
[  486.983941][T17640] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000800002c0
[  486.983947][T17640] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000
[  486.983955][T17640] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  486.983964][T17640] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[  486.983973][T17640] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  486.983985][T17640]  </TASK>
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)

VM DIAGNOSIS:
22:36:03  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000663ba4 RBX=0000000000000000 RCX=ffffffff8b91ab29 RDX=ffffed1005646656
RSI=ffffffff8c163780 RDI=ffffffff8190ca91 RBP=fffffbfff1c52ef8 RSP=ffffffff8e207e08
R8 =0000000000000000 R9 =ffffed1005646655 R10=ffff88802b2332ab R11=0000000000000001
R12=0000000000000000 R13=ffffffff8e2977c0 R14=ffffffff90abac90 R15=0000000000000000
RIP=ffffffff8b91966f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880974ba000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f738f9a4 CR3=000000005232d000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000d218c4 RBX=0000000000000001 RCX=ffffffff8b91ab29 RDX=ffffed1005666656
RSI=ffffffff8c163780 RDI=ffffffff8190ca91 RBP=ffffed1003bd9488 RSP=ffffc9000046fdf8
R8 =0000000000000000 R9 =ffffed1005666655 R10=ffff88802b3332ab R11=0000000000000001
R12=0000000000000001 R13=ffff88801deca440 R14=ffffffff90abac90 R15=0000000000000000
RIP=ffffffff8b91966f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880975ba000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=000000002f420000 CR3=000000005640e000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 2

CPU#2
RAX=000000000000002d RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff8561e695 RDI=ffffffff9b102780 RBP=ffffffff9b102740 RSP=ffffc9000490ece8
R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d
R12=0000000000000000 R13=000000000000002d R14=ffffffff9b102740 R15=ffffffff8561e630
RIP=ffffffff8561e6bf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS   [-WA]
FS =0000 0000000000000000 ffffffff 00c00000
GS =0063 ffff8880976ba000 ffffffff 00d0f300 DPL=3 DS   [-WA]
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy
GDT=     fffffe000008f000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=00000000f54d5fac CR3=0000000024126000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
info registers vcpu 3

CPU#3
RAX=ffffffff90abac98 RBX=0000000000000003 RCX=ffffffff81c2eedf RDX=0000000000000000
RSI=0000000000000008 RDI=ffffffff90abac90 RBP=0000000000000293 RSP=ffffc900021bf8f8
R8 =0000000000000000 R9 =fffffbfff204b1d4 R10=ffffffff90258ea3 R11=ffffffff9b014ca8
R12=0000000000000000 R13=0000000000000293 R14=0000000000000000 R15=ffff88804fc08936
RIP=ffffffff82207242 RFL=00000082 [--S----] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880977ba000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe00000d6000 0000007f
IDT=     fffffe0000000000 0000ffff
CR0=80050033 CR2=0000000080001000 CR3=0000000028a36000 CR4=00352ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000
Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000
ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323
ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00
ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000
ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000