0
[ 1045.220790][T10445]  ? mutex_lock_io_nested+0x60/0x60
[ 1045.226005][T10445]  ? file_end_write+0x250/0x250
[ 1045.230890][T10445]  ? mutex_lock_nested+0x1b/0x20
[ 1045.235840][T10445]  ? __fdget_pos+0x254/0x2f0
[ 1045.240441][T10445]  ? ksys_write+0x7b/0x2c0
[ 1045.244871][T10445]  ksys_write+0x1a0/0x2c0
[ 1045.249299][T10445]  ? print_irqtrace_events+0x220/0x220
[ 1045.254783][T10445]  ? __ia32_sys_read+0x90/0x90
[ 1045.259562][T10445]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1045.265565][T10445]  ? lockdep_hardirqs_on+0x98/0x140
[ 1045.270776][T10445]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1045.276772][T10445]  do_syscall_64+0x41/0xc0
[ 1045.281207][T10445]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1045.287112][T10445] RIP: 0033:0x7f560cc3de7f
[ 1045.291541][T10445] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 fd ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 cc fd ff ff 48
[ 1045.311156][T10445] RSP: 002b:00007f560d9bb160 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1045.319602][T10445] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f560cc3de7f
[ 1045.327577][T10445] RDX: 0000000000000001 RSI: 00007f560d9bb1e0 RDI: 0000000000000004
[ 1045.335566][T10445] RBP: 00007f560d9bb1d0 R08: 0000000000000000 R09: 0000000000000000
06:26:48 executing program 3:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)

[ 1045.343557][T10445] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[ 1045.351534][T10445] R13: 00007ffc26fb40cf R14: 00007f560d9bb300 R15: 0000000000022000
[ 1045.359536][T10445]  </TASK>
[ 1045.377598][T10447] CPU: 0 PID: 10447 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1045.387741][T10447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1045.397837][T10447] Call Trace:
[ 1045.401156][T10447]  <TASK>
[ 1045.404124][T10447]  dump_stack_lvl+0x1e7/0x2d0
[ 1045.408861][T10447]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1045.414374][T10447]  ? panic+0x770/0x770
[ 1045.418496][T10447]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1045.424199][T10447]  should_fail_ex+0x3aa/0x4e0
[ 1045.428934][T10447]  strncpy_from_user+0x36/0x370
[ 1045.433833][T10447]  getname_flags+0xf9/0x4e0
[ 1045.438396][T10447]  do_sys_openat2+0xd6/0x500
[ 1045.443034][T10447]  ? mutex_unlock+0x10/0x10
[ 1045.447588][T10447]  ? do_sys_open+0x230/0x230
[ 1045.452241][T10447]  __x64_sys_openat+0x247/0x290
[ 1045.457143][T10447]  ? __ia32_sys_open+0x270/0x270
[ 1045.462136][T10447]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1045.468160][T10447]  ? lockdep_hardirqs_on+0x98/0x140
[ 1045.473406][T10447]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1045.479432][T10447]  do_syscall_64+0x41/0xc0
[ 1045.483929][T10447]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1045.489848][T10447] RIP: 0033:0x7f9b1943e284
[ 1045.494361][T10447] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1045.514073][T10447] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1045.522505][T10447] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1045.530487][T10447] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1045.538465][T10447] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
06:26:48 executing program 3:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)

06:26:48 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 3)

[ 1045.546441][T10447] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1045.554417][T10447] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1045.562414][T10447]  </TASK>
06:26:48 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:26:48 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:26:48 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (fail_nth: 1)

06:26:48 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

06:26:48 executing program 1:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)

[ 1045.725002][T10463] FAULT_INJECTION: forcing a failure.
[ 1045.725002][T10463] name failslab, interval 1, probability 0, space 0, times 0
[ 1045.750034][T10462] FAULT_INJECTION: forcing a failure.
[ 1045.750034][T10462] name failslab, interval 1, probability 0, space 0, times 0
[ 1045.767988][T10463] CPU: 1 PID: 10463 Comm: syz-executor.3 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1045.778124][T10463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1045.788218][T10463] Call Trace:
[ 1045.791543][T10463]  <TASK>
[ 1045.794516][T10463]  dump_stack_lvl+0x1e7/0x2d0
[ 1045.799251][T10463]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1045.804767][T10463]  ? panic+0x770/0x770
[ 1045.808880][T10463]  ? __might_sleep+0xc0/0xc0
[ 1045.813618][T10463]  should_fail_ex+0x3aa/0x4e0
[ 1045.818354][T10463]  should_failslab+0x9/0x20
[ 1045.822906][T10463]  slab_pre_alloc_hook+0x59/0x2b0
[ 1045.827992][T10463]  ? getname_flags+0xbc/0x4e0
[ 1045.832707][T10463]  kmem_cache_alloc+0x4e/0x280
[ 1045.837597][T10463]  getname_flags+0xbc/0x4e0
[ 1045.842136][T10463]  ? build_open_flags+0x41e/0x590
[ 1045.847210][T10463]  do_sys_openat2+0xd6/0x500
[ 1045.851844][T10463]  ? mutex_unlock+0x10/0x10
[ 1045.856384][T10463]  ? do_sys_open+0x230/0x230
[ 1045.861022][T10463]  __x64_sys_openat+0x247/0x290
[ 1045.865923][T10463]  ? __ia32_sys_open+0x270/0x270
06:26:48 executing program 1:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)

06:26:48 executing program 1:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)

[ 1045.870910][T10463]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1045.876946][T10463]  ? lockdep_hardirqs_on+0x98/0x140
[ 1045.882189][T10463]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1045.888222][T10463]  do_syscall_64+0x41/0xc0
[ 1045.892704][T10463]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1045.898713][T10463] RIP: 0033:0x7f9f18a8c0f9
[ 1045.903150][T10463] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1045.922808][T10463] RSP: 002b:00007f9f1986d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1045.931262][T10463] RAX: ffffffffffffffda RBX: 00007f9f18babf80 RCX: 00007f9f18a8c0f9
[ 1045.939269][T10463] RDX: 0000000000000002 RSI: 0000000020000040 RDI: ffffffffffffff9c
[ 1045.947282][T10463] RBP: 00007f9f1986d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1045.955292][T10463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1045.963297][T10463] R13: 00007ffc90b7547f R14: 00007f9f1986d300 R15: 0000000000022000
[ 1045.971322][T10463]  </TASK>
[ 1045.975101][T10462] CPU: 0 PID: 10462 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1045.985220][T10462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1045.995288][T10462] Call Trace:
[ 1045.998573][T10462]  <TASK>
[ 1046.001523][T10462]  dump_stack_lvl+0x1e7/0x2d0
[ 1046.006253][T10462]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1046.011746][T10462]  ? panic+0x770/0x770
[ 1046.015836][T10462]  ? validate_chain+0x119/0x58e0
[ 1046.020796][T10462]  should_fail_ex+0x3aa/0x4e0
[ 1046.025504][T10462]  should_failslab+0x9/0x20
[ 1046.030025][T10462]  slab_pre_alloc_hook+0x59/0x2b0
[ 1046.035068][T10462]  ? unwind_get_return_address+0x4d/0x90
[ 1046.040715][T10462]  ? __alloc_file+0x26/0x230
[ 1046.045336][T10462]  kmem_cache_alloc+0x4e/0x280
[ 1046.050143][T10462]  ? reacquire_held_locks+0x660/0x660
[ 1046.055544][T10462]  __alloc_file+0x26/0x230
[ 1046.059987][T10462]  alloc_empty_file+0x96/0x180
[ 1046.064772][T10462]  path_openat+0xfa/0x3170
[ 1046.069214][T10462]  ? __stack_depot_save+0x3a/0x470
[ 1046.074347][T10462]  ? getname_flags+0xbc/0x4e0
[ 1046.079053][T10462]  ? mark_lock+0x9a/0x340
[ 1046.083416][T10462]  ? do_filp_open+0x490/0x490
[ 1046.088134][T10462]  ? alloc_fd+0x59c/0x640
[ 1046.092493][T10462]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1046.098151][T10462]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1046.104161][T10462]  do_filp_open+0x234/0x490
[ 1046.108683][T10462]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1046.113312][T10462]  ? _raw_spin_unlock+0x28/0x40
[ 1046.118175][T10462]  ? alloc_fd+0x59c/0x640
[ 1046.122528][T10462]  do_sys_openat2+0x13f/0x500
[ 1046.127221][T10462]  ? mutex_unlock+0x10/0x10
[ 1046.131736][T10462]  ? do_sys_open+0x230/0x230
[ 1046.136346][T10462]  __x64_sys_openat+0x247/0x290
[ 1046.141212][T10462]  ? __ia32_sys_open+0x270/0x270
[ 1046.146166][T10462]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1046.152156][T10462]  ? lockdep_hardirqs_on+0x98/0x140
[ 1046.157364][T10462]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1046.163354][T10462]  do_syscall_64+0x41/0xc0
[ 1046.167788][T10462]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1046.173697][T10462] RIP: 0033:0x7f9b1943e284
[ 1046.178120][T10462] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1046.197751][T10462] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1046.206189][T10462] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1046.214171][T10462] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1046.222152][T10462] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1046.230128][T10462] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1046.238122][T10462] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1046.246118][T10462]  </TASK>
06:26:49 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 4)

06:26:49 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:26:49 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (fail_nth: 2)

[ 1046.317081][T10482] FAULT_INJECTION: forcing a failure.
[ 1046.317081][T10482] name failslab, interval 1, probability 0, space 0, times 0
[ 1046.330565][T10482] CPU: 1 PID: 10482 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1046.340779][T10482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1046.350872][T10482] Call Trace:
[ 1046.354185][T10482]  <TASK>
[ 1046.357172][T10482]  dump_stack_lvl+0x1e7/0x2d0
[ 1046.361914][T10482]  ? nf_tcp_handle_invalid+0x650/0x650
06:26:49 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$SG_GET_TIMEOUT(r1, 0x2202, 0x0)

[ 1046.367522][T10482]  ? panic+0x770/0x770
[ 1046.371639][T10482]  ? __might_sleep+0xc0/0xc0
[ 1046.376284][T10482]  should_fail_ex+0x3aa/0x4e0
[ 1046.381013][T10482]  should_failslab+0x9/0x20
[ 1046.385560][T10482]  slab_pre_alloc_hook+0x59/0x2b0
[ 1046.390637][T10482]  ? slab_post_alloc_hook+0x2df/0x3a0
[ 1046.396066][T10482]  ? security_file_alloc+0x28/0x120
[ 1046.401341][T10482]  kmem_cache_alloc+0x4e/0x280
[ 1046.406161][T10482]  ? trace_kmem_cache_alloc+0x3c/0xf0
[ 1046.411591][T10482]  security_file_alloc+0x28/0x120
[ 1046.416669][T10482]  __alloc_file+0xc3/0x230
[ 1046.421139][T10482]  alloc_empty_file+0x96/0x180
[ 1046.425955][T10482]  path_openat+0xfa/0x3170
[ 1046.430427][T10482]  ? __stack_depot_save+0x3a/0x470
[ 1046.435600][T10482]  ? getname_flags+0xbc/0x4e0
[ 1046.440330][T10482]  ? mark_lock+0x9a/0x340
[ 1046.444706][T10482]  ? do_filp_open+0x490/0x490
[ 1046.449431][T10482]  ? alloc_fd+0x59c/0x640
[ 1046.453803][T10482]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1046.459489][T10482]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1046.465623][T10482]  do_filp_open+0x234/0x490
[ 1046.470179][T10482]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1046.474844][T10482]  ? _raw_spin_unlock+0x28/0x40
[ 1046.479730][T10482]  ? alloc_fd+0x59c/0x640
[ 1046.484085][T10482]  do_sys_openat2+0x13f/0x500
[ 1046.488781][T10482]  ? mutex_unlock+0x10/0x10
[ 1046.493310][T10482]  ? do_sys_open+0x230/0x230
[ 1046.497923][T10482]  __x64_sys_openat+0x247/0x290
[ 1046.502789][T10482]  ? __ia32_sys_open+0x270/0x270
[ 1046.507751][T10482]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1046.513831][T10482]  ? lockdep_hardirqs_on+0x98/0x140
[ 1046.519046][T10482]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1046.525038][T10482]  do_syscall_64+0x41/0xc0
[ 1046.529475][T10482]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1046.535381][T10482] RIP: 0033:0x7f9b1943e284
[ 1046.539806][T10482] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1046.559419][T10482] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1046.567844][T10482] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1046.575822][T10482] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1046.583798][T10482] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1046.591787][T10482] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1046.599765][T10482] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1046.607771][T10482]  </TASK>
06:26:49 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:26:49 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r1=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x2, 0x4, 0x12, 0xffffffffffffffff, 0x8000, '\x00', r1, 0xffffffffffffffff, 0x2, 0x3, 0x0, 0xe}, 0x48)
write$vhost_msg(r0, 0x0, 0x0)

06:26:49 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 5)

[ 1046.670335][T10492] FAULT_INJECTION: forcing a failure.
[ 1046.670335][T10492] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1046.703120][T10492] CPU: 0 PID: 10492 Comm: syz-executor.3 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1046.713440][T10492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1046.723705][T10492] Call Trace:
[ 1046.727028][T10492]  <TASK>
[ 1046.729994][T10492]  dump_stack_lvl+0x1e7/0x2d0
[ 1046.734740][T10492]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1046.740256][T10492]  ? panic+0x770/0x770
[ 1046.744377][T10492]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1046.750075][T10492]  should_fail_ex+0x3aa/0x4e0
[ 1046.754809][T10492]  strncpy_from_user+0x36/0x370
[ 1046.759713][T10492]  getname_flags+0xf9/0x4e0
[ 1046.764275][T10492]  do_sys_openat2+0xd6/0x500
[ 1046.768896][T10492]  ? mutex_unlock+0x10/0x10
[ 1046.773416][T10492]  ? do_sys_open+0x230/0x230
[ 1046.778032][T10492]  __x64_sys_openat+0x247/0x290
[ 1046.782934][T10492]  ? __ia32_sys_open+0x270/0x270
[ 1046.787885][T10492]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1046.793879][T10492]  ? lockdep_hardirqs_on+0x98/0x140
[ 1046.799087][T10492]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1046.805081][T10492]  do_syscall_64+0x41/0xc0
[ 1046.809537][T10492]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1046.815456][T10492] RIP: 0033:0x7f9f18a8c0f9
[ 1046.819899][T10492] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1046.839522][T10492] RSP: 002b:00007f9f1986d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1046.847947][T10492] RAX: ffffffffffffffda RBX: 00007f9f18babf80 RCX: 00007f9f18a8c0f9
[ 1046.855924][T10492] RDX: 0000000000000002 RSI: 0000000020000040 RDI: ffffffffffffff9c
[ 1046.863920][T10492] RBP: 00007f9f1986d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1046.871900][T10492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1046.879874][T10492] R13: 00007ffc90b7547f R14: 00007f9f1986d300 R15: 0000000000022000
[ 1046.887866][T10492]  </TASK>
06:26:50 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4) (async)
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$SG_GET_TIMEOUT(r1, 0x2202, 0x0)

[ 1046.935982][T10501] FAULT_INJECTION: forcing a failure.
[ 1046.935982][T10501] name failslab, interval 1, probability 0, space 0, times 0
[ 1046.956078][T10501] CPU: 0 PID: 10501 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1046.966210][T10501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1046.976378][T10501] Call Trace:
[ 1046.979669][T10501]  <TASK>
[ 1046.982608][T10501]  dump_stack_lvl+0x1e7/0x2d0
[ 1046.987313][T10501]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1046.992795][T10501]  ? panic+0x770/0x770
[ 1046.996876][T10501]  ? __might_sleep+0xc0/0xc0
[ 1047.001485][T10501]  should_fail_ex+0x3aa/0x4e0
[ 1047.006181][T10501]  should_failslab+0x9/0x20
[ 1047.010692][T10501]  slab_pre_alloc_hook+0x59/0x2b0
[ 1047.015735][T10501]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[ 1047.021537][T10501]  __kmem_cache_alloc_node+0x4b/0x2a0
[ 1047.026923][T10501]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1047.032934][T10501]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[ 1047.038658][T10501]  __kmalloc+0xa2/0x1a0
[ 1047.042829][T10501]  tomoyo_realpath_from_path+0xcf/0x5e0
[ 1047.048470][T10501]  tomoyo_check_open_permission+0x254/0x4e0
[ 1047.054434][T10501]  ? tomoyo_check_path_number_acl+0x280/0x280
[ 1047.060516][T10501]  ? do_dentry_open+0x32/0x10f0
[ 1047.065377][T10501]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1047.071067][T10501]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1047.076273][T10501]  ? tomoyo_file_open+0xea/0x170
[ 1047.081221][T10501]  security_file_open+0x63/0xa0
[ 1047.086091][T10501]  do_dentry_open+0x308/0x10f0
[ 1047.090875][T10501]  ? may_open+0x39c/0x440
[ 1047.095215][T10501]  path_openat+0x27b3/0x3170
[ 1047.099836][T10501]  ? getname_flags+0xbc/0x4e0
[ 1047.104638][T10501]  ? mark_lock+0x9a/0x340
[ 1047.108992][T10501]  ? do_filp_open+0x490/0x490
[ 1047.113687][T10501]  ? alloc_fd+0x59c/0x640
[ 1047.118029][T10501]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1047.123680][T10501]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1047.129690][T10501]  do_filp_open+0x234/0x490
[ 1047.134215][T10501]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1047.138842][T10501]  ? _raw_spin_unlock+0x28/0x40
[ 1047.143717][T10501]  ? alloc_fd+0x59c/0x640
[ 1047.148074][T10501]  do_sys_openat2+0x13f/0x500
[ 1047.152766][T10501]  ? mutex_unlock+0x10/0x10
[ 1047.157283][T10501]  ? do_sys_open+0x230/0x230
[ 1047.161898][T10501]  __x64_sys_openat+0x247/0x290
[ 1047.166762][T10501]  ? __ia32_sys_open+0x270/0x270
[ 1047.171723][T10501]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1047.177714][T10501]  ? lockdep_hardirqs_on+0x98/0x140
[ 1047.182923][T10501]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1047.188916][T10501]  do_syscall_64+0x41/0xc0
[ 1047.193365][T10501]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1047.199283][T10501] RIP: 0033:0x7f9b1943e284
[ 1047.203705][T10501] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1047.223316][T10501] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1047.231757][T10501] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1047.239762][T10501] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1047.247766][T10501] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1047.255750][T10501] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1047.263733][T10501] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1047.271750][T10501]  </TASK>
06:26:50 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (fail_nth: 3)

[ 1047.298396][T10501] ERROR: Out of memory at tomoyo_realpath_from_path.
06:26:50 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (fail_nth: 1)

06:26:50 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 6)

06:26:50 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r1=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x2, 0x4, 0x12, 0xffffffffffffffff, 0x8000, '\x00', r1, 0xffffffffffffffff, 0x2, 0x3, 0x0, 0xe}, 0x48)
write$vhost_msg(r0, 0x0, 0x0)

[ 1047.379736][T10513] FAULT_INJECTION: forcing a failure.
[ 1047.379736][T10513] name failslab, interval 1, probability 0, space 0, times 0
[ 1047.454353][T10513] CPU: 1 PID: 10513 Comm: syz-executor.3 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1047.464502][T10513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1047.474593][T10513] Call Trace:
[ 1047.477900][T10513]  <TASK>
[ 1047.480879][T10513]  dump_stack_lvl+0x1e7/0x2d0
[ 1047.485623][T10513]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1047.491179][T10513]  ? panic+0x770/0x770
[ 1047.495298][T10513]  ? validate_chain+0x119/0x58e0
[ 1047.500285][T10513]  should_fail_ex+0x3aa/0x4e0
[ 1047.505009][T10513]  should_failslab+0x9/0x20
[ 1047.509544][T10513]  slab_pre_alloc_hook+0x59/0x2b0
[ 1047.514595][T10513]  ? unwind_get_return_address+0x4d/0x90
[ 1047.520251][T10513]  ? __alloc_file+0x26/0x230
[ 1047.524872][T10513]  kmem_cache_alloc+0x4e/0x280
[ 1047.529668][T10513]  ? reacquire_held_locks+0x660/0x660
[ 1047.535078][T10513]  __alloc_file+0x26/0x230
[ 1047.539520][T10513]  alloc_empty_file+0x96/0x180
[ 1047.544301][T10513]  path_openat+0xfa/0x3170
[ 1047.548734][T10513]  ? __stack_depot_save+0x3a/0x470
[ 1047.553872][T10513]  ? getname_flags+0xbc/0x4e0
[ 1047.558563][T10513]  ? mark_lock+0x9a/0x340
[ 1047.562907][T10513]  ? do_filp_open+0x490/0x490
[ 1047.567602][T10513]  ? alloc_fd+0x59c/0x640
[ 1047.571945][T10513]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1047.577597][T10513]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1047.583604][T10513]  do_filp_open+0x234/0x490
[ 1047.588141][T10513]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1047.592767][T10513]  ? _raw_spin_unlock+0x28/0x40
[ 1047.597633][T10513]  ? alloc_fd+0x59c/0x640
[ 1047.602005][T10513]  do_sys_openat2+0x13f/0x500
[ 1047.606693][T10513]  ? mutex_unlock+0x10/0x10
[ 1047.611204][T10513]  ? do_sys_open+0x230/0x230
[ 1047.615823][T10513]  __x64_sys_openat+0x247/0x290
[ 1047.620688][T10513]  ? __ia32_sys_open+0x270/0x270
[ 1047.625658][T10513]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1047.631665][T10513]  ? lockdep_hardirqs_on+0x98/0x140
[ 1047.636886][T10513]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1047.642894][T10513]  do_syscall_64+0x41/0xc0
[ 1047.647349][T10513]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1047.653362][T10513] RIP: 0033:0x7f9f18a8c0f9
[ 1047.657790][T10513] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1047.677497][T10513] RSP: 002b:00007f9f1986d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1047.686011][T10513] RAX: ffffffffffffffda RBX: 00007f9f18babf80 RCX: 00007f9f18a8c0f9
[ 1047.693990][T10513] RDX: 0000000000000002 RSI: 0000000020000040 RDI: ffffffffffffff9c
06:26:50 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$SG_GET_TIMEOUT(r1, 0x2202, 0x0)

06:26:50 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)

[ 1047.701969][T10513] RBP: 00007f9f1986d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1047.709947][T10513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1047.717921][T10513] R13: 00007ffc90b7547f R14: 00007f9f1986d300 R15: 0000000000022000
[ 1047.725918][T10513]  </TASK>
06:26:50 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (fail_nth: 4)

[ 1047.760621][T10525] FAULT_INJECTION: forcing a failure.
[ 1047.760621][T10525] name failslab, interval 1, probability 0, space 0, times 0
[ 1047.791069][T10525] CPU: 0 PID: 10525 Comm: syz-executor.1 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1047.799737][T10527] FAULT_INJECTION: forcing a failure.
[ 1047.799737][T10527] name failslab, interval 1, probability 0, space 0, times 0
[ 1047.801187][T10525] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1047.823887][T10525] Call Trace:
[ 1047.827202][T10525]  <TASK>
[ 1047.830162][T10525]  dump_stack_lvl+0x1e7/0x2d0
[ 1047.834896][T10525]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1047.840411][T10525]  ? panic+0x770/0x770
[ 1047.844529][T10525]  ? __might_sleep+0xc0/0xc0
[ 1047.849171][T10525]  should_fail_ex+0x3aa/0x4e0
[ 1047.853923][T10525]  should_failslab+0x9/0x20
[ 1047.858469][T10525]  slab_pre_alloc_hook+0x59/0x2b0
[ 1047.863556][T10525]  ? getname_flags+0xbc/0x4e0
[ 1047.868281][T10525]  kmem_cache_alloc+0x4e/0x280
[ 1047.873103][T10525]  getname_flags+0xbc/0x4e0
[ 1047.877649][T10525]  ? build_open_flags+0x41e/0x590
[ 1047.882719][T10525]  do_sys_openat2+0xd6/0x500
[ 1047.887343][T10525]  ? mutex_unlock+0x10/0x10
[ 1047.891877][T10525]  ? do_sys_open+0x230/0x230
[ 1047.896519][T10525]  __x64_sys_openat+0x247/0x290
[ 1047.901409][T10525]  ? __ia32_sys_open+0x270/0x270
06:26:50 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)

[ 1047.906401][T10525]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1047.912424][T10525]  ? lockdep_hardirqs_on+0x98/0x140
[ 1047.917669][T10525]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1047.923698][T10525]  do_syscall_64+0x41/0xc0
[ 1047.928193][T10525]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1047.934119][T10525] RIP: 0033:0x7f13b2c8c0f9
[ 1047.938556][T10525] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1047.958187][T10525] RSP: 002b:00007f13b3a27168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1047.966640][T10525] RAX: ffffffffffffffda RBX: 00007f13b2dabf80 RCX: 00007f13b2c8c0f9
[ 1047.974664][T10525] RDX: 0000000000000002 RSI: 0000000020000040 RDI: ffffffffffffff9c
[ 1047.982652][T10525] RBP: 00007f13b3a271d0 R08: 0000000000000000 R09: 0000000000000000
[ 1047.990650][T10525] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1047.998670][T10525] R13: 00007ffe3af675ef R14: 00007f13b3a27300 R15: 0000000000022000
[ 1048.006692][T10525]  </TASK>
[ 1048.009735][T10527] CPU: 1 PID: 10527 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1048.019848][T10527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1048.029938][T10527] Call Trace:
[ 1048.033252][T10527]  <TASK>
[ 1048.036218][T10527]  dump_stack_lvl+0x1e7/0x2d0
[ 1048.040943][T10527]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1048.046443][T10527]  ? panic+0x770/0x770
[ 1048.050553][T10527]  ? __might_sleep+0xc0/0xc0
[ 1048.055198][T10527]  should_fail_ex+0x3aa/0x4e0
[ 1048.059917][T10527]  should_failslab+0x9/0x20
[ 1048.064438][T10527]  slab_pre_alloc_hook+0x59/0x2b0
[ 1048.069488][T10527]  ? tomoyo_encode+0x26f/0x530
[ 1048.074261][T10527]  __kmem_cache_alloc_node+0x4b/0x2a0
[ 1048.079650][T10527]  ? d_absolute_path+0x1c6/0x300
[ 1048.084674][T10527]  ? tomoyo_encode+0x26f/0x530
[ 1048.089445][T10527]  __kmalloc+0xa2/0x1a0
[ 1048.093616][T10527]  tomoyo_encode+0x26f/0x530
[ 1048.098220][T10527]  tomoyo_realpath_from_path+0x598/0x5e0
[ 1048.103874][T10527]  tomoyo_check_open_permission+0x254/0x4e0
[ 1048.109792][T10527]  ? tomoyo_check_path_number_acl+0x280/0x280
[ 1048.115885][T10527]  ? do_dentry_open+0x32/0x10f0
[ 1048.120750][T10527]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1048.126436][T10527]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1048.131763][T10527]  ? tomoyo_file_open+0xea/0x170
[ 1048.136710][T10527]  security_file_open+0x63/0xa0
[ 1048.141589][T10527]  do_dentry_open+0x308/0x10f0
[ 1048.146381][T10527]  ? may_open+0x39c/0x440
[ 1048.150725][T10527]  path_openat+0x27b3/0x3170
[ 1048.155357][T10527]  ? getname_flags+0xbc/0x4e0
[ 1048.160049][T10527]  ? mark_lock+0x9a/0x340
[ 1048.164392][T10527]  ? do_filp_open+0x490/0x490
[ 1048.169084][T10527]  ? alloc_fd+0x59c/0x640
[ 1048.173428][T10527]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1048.179078][T10527]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1048.185088][T10527]  do_filp_open+0x234/0x490
[ 1048.189609][T10527]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1048.194240][T10527]  ? _raw_spin_unlock+0x28/0x40
[ 1048.199195][T10527]  ? alloc_fd+0x59c/0x640
[ 1048.203552][T10527]  do_sys_openat2+0x13f/0x500
[ 1048.208241][T10527]  ? mutex_unlock+0x10/0x10
[ 1048.212761][T10527]  ? do_sys_open+0x230/0x230
[ 1048.217468][T10527]  __x64_sys_openat+0x247/0x290
[ 1048.222339][T10527]  ? __ia32_sys_open+0x270/0x270
[ 1048.227294][T10527]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1048.233283][T10527]  ? lockdep_hardirqs_on+0x98/0x140
[ 1048.238492][T10527]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1048.244483][T10527]  do_syscall_64+0x41/0xc0
[ 1048.248941][T10527]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1048.254848][T10527] RIP: 0033:0x7f9b1943e284
[ 1048.259270][T10527] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1048.278882][T10527] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1048.287305][T10527] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1048.295285][T10527] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1048.303261][T10527] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
06:26:51 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
write$vhost_msg(r0, &(0x7f0000000080)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:26:51 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (fail_nth: 2)

[ 1048.311238][T10527] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1048.319215][T10527] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1048.327226][T10527]  </TASK>
[ 1048.362779][T10527] ERROR: Out of memory at tomoyo_realpath_from_path.
06:26:51 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)

06:26:51 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r1=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x2, 0x4, 0x12, 0xffffffffffffffff, 0x8000, '\x00', r1, 0xffffffffffffffff, 0x2, 0x3, 0x0, 0xe}, 0x48)
write$vhost_msg(r0, 0x0, 0x0)

[ 1048.433201][T10551] FAULT_INJECTION: forcing a failure.
[ 1048.433201][T10551] name failslab, interval 1, probability 0, space 0, times 0
[ 1048.460119][T10552] FAULT_INJECTION: forcing a failure.
[ 1048.460119][T10552] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1048.488167][T10551] CPU: 1 PID: 10551 Comm: syz-executor.3 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1048.498401][T10551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1048.508506][T10551] Call Trace:
[ 1048.511824][T10551]  <TASK>
[ 1048.514786][T10551]  dump_stack_lvl+0x1e7/0x2d0
[ 1048.519524][T10551]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1048.525031][T10551]  ? panic+0x770/0x770
[ 1048.529149][T10551]  ? __might_sleep+0xc0/0xc0
[ 1048.533817][T10551]  should_fail_ex+0x3aa/0x4e0
06:26:51 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000080)={0x1, {0x0, 0x0, 0x0}}, 0x48)

[ 1048.538545][T10551]  should_failslab+0x9/0x20
[ 1048.543077][T10551]  slab_pre_alloc_hook+0x59/0x2b0
[ 1048.548151][T10551]  ? slab_post_alloc_hook+0x2df/0x3a0
[ 1048.553582][T10551]  ? security_file_alloc+0x28/0x120
[ 1048.558829][T10551]  kmem_cache_alloc+0x4e/0x280
[ 1048.563639][T10551]  ? trace_kmem_cache_alloc+0x3c/0xf0
[ 1048.569061][T10551]  security_file_alloc+0x28/0x120
[ 1048.574137][T10551]  __alloc_file+0xc3/0x230
[ 1048.578600][T10551]  alloc_empty_file+0x96/0x180
[ 1048.583407][T10551]  path_openat+0xfa/0x3170
[ 1048.587871][T10551]  ? __stack_depot_save+0x3a/0x470
[ 1048.593034][T10551]  ? getname_flags+0xbc/0x4e0
[ 1048.597748][T10551]  ? mark_lock+0x9a/0x340
[ 1048.602111][T10551]  ? do_filp_open+0x490/0x490
[ 1048.606828][T10551]  ? alloc_fd+0x59c/0x640
[ 1048.611190][T10551]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1048.616905][T10551]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1048.622933][T10551]  do_filp_open+0x234/0x490
[ 1048.627475][T10551]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1048.632124][T10551]  ? _raw_spin_unlock+0x28/0x40
06:26:51 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 7)

[ 1048.637024][T10551]  ? alloc_fd+0x59c/0x640
[ 1048.641414][T10551]  do_sys_openat2+0x13f/0x500
[ 1048.646134][T10551]  ? mutex_unlock+0x10/0x10
[ 1048.650674][T10551]  ? do_sys_open+0x230/0x230
[ 1048.655323][T10551]  __x64_sys_openat+0x247/0x290
[ 1048.660220][T10551]  ? __ia32_sys_open+0x270/0x270
[ 1048.665213][T10551]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1048.671332][T10551]  ? lockdep_hardirqs_on+0x98/0x140
[ 1048.676581][T10551]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1048.682610][T10551]  do_syscall_64+0x41/0xc0
[ 1048.687085][T10551]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1048.693024][T10551] RIP: 0033:0x7f9f18a8c0f9
[ 1048.697486][T10551] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1048.717216][T10551] RSP: 002b:00007f9f1986d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1048.725684][T10551] RAX: ffffffffffffffda RBX: 00007f9f18babf80 RCX: 00007f9f18a8c0f9
[ 1048.733697][T10551] RDX: 0000000000000002 RSI: 0000000020000040 RDI: ffffffffffffff9c
[ 1048.737582][T10558] FAULT_INJECTION: forcing a failure.
[ 1048.737582][T10558] name failslab, interval 1, probability 0, space 0, times 0
[ 1048.741675][T10551] RBP: 00007f9f1986d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1048.741696][T10551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1048.741710][T10551] R13: 00007ffc90b7547f R14: 00007f9f1986d300 R15: 0000000000022000
[ 1048.741747][T10551]  </TASK>
06:26:51 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
write$vhost_msg(r0, &(0x7f0000000080)={0x1, {0x0, 0x0, 0x0}}, 0x48)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000080)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)

[ 1048.811987][T10552] CPU: 1 PID: 10552 Comm: syz-executor.1 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1048.822218][T10552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1048.832318][T10552] Call Trace:
[ 1048.835719][T10552]  <TASK>
[ 1048.838679][T10552]  dump_stack_lvl+0x1e7/0x2d0
[ 1048.843420][T10552]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1048.848925][T10552]  ? panic+0x770/0x770
[ 1048.853044][T10552]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1048.858747][T10552]  should_fail_ex+0x3aa/0x4e0
[ 1048.863483][T10552]  strncpy_from_user+0x36/0x370
[ 1048.868385][T10552]  getname_flags+0xf9/0x4e0
[ 1048.872949][T10552]  do_sys_openat2+0xd6/0x500
[ 1048.877573][T10552]  ? mutex_unlock+0x10/0x10
[ 1048.882112][T10552]  ? do_sys_open+0x230/0x230
[ 1048.886751][T10552]  __x64_sys_openat+0x247/0x290
[ 1048.891629][T10552]  ? __ia32_sys_open+0x270/0x270
[ 1048.896587][T10552]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1048.902669][T10552]  ? lockdep_hardirqs_on+0x98/0x140
[ 1048.907882][T10552]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1048.913875][T10552]  do_syscall_64+0x41/0xc0
[ 1048.918311][T10552]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1048.924215][T10552] RIP: 0033:0x7f13b2c8c0f9
[ 1048.928652][T10552] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1048.948269][T10552] RSP: 002b:00007f13b3a27168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
06:26:52 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
write$vhost_msg(r0, &(0x7f0000000080)={0x1, {0x0, 0x0, 0x0}}, 0x48)

[ 1048.956694][T10552] RAX: ffffffffffffffda RBX: 00007f13b2dabf80 RCX: 00007f13b2c8c0f9
[ 1048.964679][T10552] RDX: 0000000000000002 RSI: 0000000020000040 RDI: ffffffffffffff9c
[ 1048.972676][T10552] RBP: 00007f13b3a271d0 R08: 0000000000000000 R09: 0000000000000000
[ 1048.980653][T10552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1048.988627][T10552] R13: 00007ffe3af675ef R14: 00007f13b3a27300 R15: 0000000000022000
[ 1048.996625][T10552]  </TASK>
[ 1049.011801][T10558] CPU: 0 PID: 10558 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1049.021943][T10558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1049.032050][T10558] Call Trace:
[ 1049.035367][T10558]  <TASK>
[ 1049.038336][T10558]  dump_stack_lvl+0x1e7/0x2d0
[ 1049.043076][T10558]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1049.048593][T10558]  ? panic+0x770/0x770
[ 1049.052717][T10558]  ? __mutex_lock_common+0x42d/0x2530
[ 1049.058169][T10558]  should_fail_ex+0x3aa/0x4e0
[ 1049.062929][T10558]  should_failslab+0x9/0x20
[ 1049.067480][T10558]  slab_pre_alloc_hook+0x59/0x2b0
[ 1049.072651][T10558]  ? mutex_lock_io_nested+0x60/0x60
[ 1049.077910][T10558]  ? mon_bin_open+0xe0/0x500
[ 1049.082620][T10558]  __kmem_cache_alloc_node+0x4b/0x2a0
[ 1049.088051][T10558]  ? __lock_acquire+0x1f80/0x1f80
[ 1049.093125][T10558]  ? mon_bin_open+0xe0/0x500
[ 1049.097752][T10558]  kmalloc_trace+0x2a/0x60
[ 1049.102190][T10558]  mon_bin_open+0xe0/0x500
[ 1049.106630][T10558]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1049.111844][T10558]  ? __fsnotify_parent+0x4da/0x730
[ 1049.117039][T10558]  ? module_put+0x18b/0x420
[ 1049.121617][T10558]  chrdev_open+0x54e/0x630
[ 1049.126046][T10558]  ? cd_forget+0x160/0x160
[ 1049.130470][T10558]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1049.135680][T10558]  ? fsnotify_perm+0x471/0x590
[ 1049.140469][T10558]  ? cd_forget+0x160/0x160
[ 1049.144898][T10558]  do_dentry_open+0x7f9/0x10f0
[ 1049.150883][T10558]  path_openat+0x27b3/0x3170
[ 1049.155513][T10558]  ? getname_flags+0xbc/0x4e0
[ 1049.160205][T10558]  ? mark_lock+0x9a/0x340
[ 1049.164573][T10558]  ? do_filp_open+0x490/0x490
[ 1049.169290][T10558]  ? alloc_fd+0x59c/0x640
[ 1049.173670][T10558]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1049.179325][T10558]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1049.185339][T10558]  do_filp_open+0x234/0x490
[ 1049.189874][T10558]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1049.194505][T10558]  ? _raw_spin_unlock+0x28/0x40
[ 1049.199368][T10558]  ? alloc_fd+0x59c/0x640
[ 1049.203725][T10558]  do_sys_openat2+0x13f/0x500
[ 1049.208414][T10558]  ? mutex_unlock+0x10/0x10
[ 1049.212930][T10558]  ? do_sys_open+0x230/0x230
[ 1049.217542][T10558]  __x64_sys_openat+0x247/0x290
[ 1049.222408][T10558]  ? __ia32_sys_open+0x270/0x270
[ 1049.227362][T10558]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1049.233354][T10558]  ? lockdep_hardirqs_on+0x98/0x140
[ 1049.238565][T10558]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1049.244569][T10558]  do_syscall_64+0x41/0xc0
[ 1049.249017][T10558]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1049.254925][T10558] RIP: 0033:0x7f9b1943e284
[ 1049.259351][T10558] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1049.279068][T10558] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1049.287517][T10558] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1049.295511][T10558] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1049.303497][T10558] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
06:26:52 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (fail_nth: 5)

[ 1049.311474][T10558] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1049.319453][T10558] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1049.327624][T10558]  </TASK>
06:26:52 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (fail_nth: 3)

06:26:52 executing program 5:
ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x89e9, &(0x7f0000000000))
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

06:26:52 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 8)

[ 1049.417402][T10582] FAULT_INJECTION: forcing a failure.
[ 1049.417402][T10582] name failslab, interval 1, probability 0, space 0, times 0
[ 1049.463382][T10589] FAULT_INJECTION: forcing a failure.
[ 1049.463382][T10589] name failslab, interval 1, probability 0, space 0, times 0
[ 1049.477411][T10589] CPU: 0 PID: 10589 Comm: syz-executor.1 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1049.487624][T10589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1049.497808][T10589] Call Trace:
[ 1049.501137][T10589]  <TASK>
[ 1049.504110][T10589]  dump_stack_lvl+0x1e7/0x2d0
[ 1049.508852][T10589]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1049.514374][T10589]  ? panic+0x770/0x770
[ 1049.518498][T10589]  ? validate_chain+0x119/0x58e0
[ 1049.523489][T10589]  should_fail_ex+0x3aa/0x4e0
[ 1049.528226][T10589]  should_failslab+0x9/0x20
[ 1049.532774][T10589]  slab_pre_alloc_hook+0x59/0x2b0
[ 1049.537841][T10589]  ? unwind_get_return_address+0x4d/0x90
[ 1049.543521][T10589]  ? __alloc_file+0x26/0x230
[ 1049.548164][T10589]  kmem_cache_alloc+0x4e/0x280
[ 1049.552985][T10589]  ? reacquire_held_locks+0x660/0x660
[ 1049.558410][T10589]  __alloc_file+0x26/0x230
[ 1049.562882][T10589]  alloc_empty_file+0x96/0x180
[ 1049.567710][T10589]  path_openat+0xfa/0x3170
[ 1049.572184][T10589]  ? __stack_depot_save+0x3a/0x470
[ 1049.577355][T10589]  ? getname_flags+0xbc/0x4e0
[ 1049.582085][T10589]  ? mark_lock+0x9a/0x340
[ 1049.586435][T10589]  ? do_filp_open+0x490/0x490
[ 1049.591132][T10589]  ? alloc_fd+0x59c/0x640
[ 1049.595472][T10589]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1049.601123][T10589]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1049.607131][T10589]  do_filp_open+0x234/0x490
[ 1049.611654][T10589]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1049.616284][T10589]  ? _raw_spin_unlock+0x28/0x40
[ 1049.621145][T10589]  ? alloc_fd+0x59c/0x640
[ 1049.625495][T10589]  do_sys_openat2+0x13f/0x500
[ 1049.630188][T10589]  ? mutex_unlock+0x10/0x10
[ 1049.634715][T10589]  ? do_sys_open+0x230/0x230
[ 1049.639326][T10589]  __x64_sys_openat+0x247/0x290
[ 1049.644202][T10589]  ? __ia32_sys_open+0x270/0x270
[ 1049.649190][T10589]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1049.655210][T10589]  ? lockdep_hardirqs_on+0x98/0x140
[ 1049.660420][T10589]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1049.666411][T10589]  do_syscall_64+0x41/0xc0
[ 1049.670885][T10589]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1049.676796][T10589] RIP: 0033:0x7f13b2c8c0f9
[ 1049.681227][T10589] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1049.700844][T10589] RSP: 002b:00007f13b3a27168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
06:26:52 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r1=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x2, 0x4, 0x12, 0xffffffffffffffff, 0x8000, '\x00', r1, 0xffffffffffffffff, 0x2, 0x3, 0x0, 0xe}, 0x48)
write$vhost_msg(r0, 0x0, 0x0)

06:26:52 executing program 0:
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x18, 0x140b, 0x4, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x8004}, 0x34)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000080), 0x106, 0x1}}, 0x20)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r2, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x48)

[ 1049.709355][T10589] RAX: ffffffffffffffda RBX: 00007f13b2dabf80 RCX: 00007f13b2c8c0f9
[ 1049.717333][T10589] RDX: 0000000000000002 RSI: 0000000020000040 RDI: ffffffffffffff9c
[ 1049.725312][T10589] RBP: 00007f13b3a271d0 R08: 0000000000000000 R09: 0000000000000000
[ 1049.733289][T10589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1049.741275][T10589] R13: 00007ffe3af675ef R14: 00007f13b3a27300 R15: 0000000000022000
[ 1049.749282][T10589]  </TASK>
[ 1049.769556][T10582] CPU: 0 PID: 10582 Comm: syz-executor.3 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1049.779707][T10582] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1049.789802][T10582] Call Trace:
[ 1049.793119][T10582]  <TASK>
[ 1049.796087][T10582]  dump_stack_lvl+0x1e7/0x2d0
[ 1049.800836][T10582]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1049.806321][T10582]  ? panic+0x770/0x770
[ 1049.810408][T10582]  ? __might_sleep+0xc0/0xc0
[ 1049.815015][T10582]  should_fail_ex+0x3aa/0x4e0
[ 1049.819712][T10582]  should_failslab+0x9/0x20
[ 1049.824227][T10582]  slab_pre_alloc_hook+0x59/0x2b0
[ 1049.829278][T10582]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[ 1049.835008][T10582]  __kmem_cache_alloc_node+0x4b/0x2a0
[ 1049.840397][T10582]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1049.846397][T10582]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[ 1049.852127][T10582]  __kmalloc+0xa2/0x1a0
[ 1049.856295][T10582]  tomoyo_realpath_from_path+0xcf/0x5e0
[ 1049.861863][T10582]  tomoyo_check_open_permission+0x254/0x4e0
[ 1049.867778][T10582]  ? tomoyo_check_path_number_acl+0x280/0x280
[ 1049.873856][T10582]  ? do_dentry_open+0x32/0x10f0
[ 1049.878714][T10582]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1049.884402][T10582]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1049.889617][T10582]  ? tomoyo_file_open+0xea/0x170
[ 1049.894571][T10582]  security_file_open+0x63/0xa0
[ 1049.899444][T10582]  do_dentry_open+0x308/0x10f0
[ 1049.904255][T10582]  ? may_open+0x39c/0x440
[ 1049.908611][T10582]  path_openat+0x27b3/0x3170
[ 1049.913236][T10582]  ? getname_flags+0xbc/0x4e0
[ 1049.917931][T10582]  ? mark_lock+0x9a/0x340
[ 1049.922280][T10582]  ? do_filp_open+0x490/0x490
[ 1049.926974][T10582]  ? alloc_fd+0x59c/0x640
[ 1049.931317][T10582]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1049.936967][T10582]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1049.942976][T10582]  do_filp_open+0x234/0x490
[ 1049.947511][T10582]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1049.952144][T10582]  ? _raw_spin_unlock+0x28/0x40
[ 1049.957010][T10582]  ? alloc_fd+0x59c/0x640
[ 1049.961360][T10582]  do_sys_openat2+0x13f/0x500
[ 1049.966063][T10582]  ? mutex_unlock+0x10/0x10
[ 1049.970580][T10582]  ? do_sys_open+0x230/0x230
[ 1049.975194][T10582]  __x64_sys_openat+0x247/0x290
[ 1049.980059][T10582]  ? __ia32_sys_open+0x270/0x270
[ 1049.985014][T10582]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1049.991008][T10582]  ? lockdep_hardirqs_on+0x98/0x140
[ 1049.996217][T10582]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1050.002208][T10582]  do_syscall_64+0x41/0xc0
[ 1050.006647][T10582]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1050.012554][T10582] RIP: 0033:0x7f9f18a8c0f9
[ 1050.016976][T10582] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1050.036761][T10582] RSP: 002b:00007f9f1986d168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1050.045184][T10582] RAX: ffffffffffffffda RBX: 00007f9f18babf80 RCX: 00007f9f18a8c0f9
[ 1050.053164][T10582] RDX: 0000000000000002 RSI: 0000000020000040 RDI: ffffffffffffff9c
[ 1050.061227][T10582] RBP: 00007f9f1986d1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1050.069207][T10582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1050.077187][T10582] R13: 00007ffc90b7547f R14: 00007f9f1986d300 R15: 0000000000022000
[ 1050.085281][T10582]  </TASK>
[ 1050.106536][T10593] FAULT_INJECTION: forcing a failure.
[ 1050.106536][T10593] name failslab, interval 1, probability 0, space 0, times 0
[ 1050.120323][T10582] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1050.127531][T10593] CPU: 1 PID: 10593 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1050.137651][T10593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1050.147742][T10593] Call Trace:
[ 1050.151058][T10593]  <TASK>
[ 1050.154021][T10593]  dump_stack_lvl+0x1e7/0x2d0
[ 1050.158756][T10593]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1050.164266][T10593]  ? panic+0x770/0x770
[ 1050.168395][T10593]  should_fail_ex+0x3aa/0x4e0
[ 1050.173129][T10593]  should_failslab+0x9/0x20
[ 1050.177670][T10593]  slab_pre_alloc_hook+0x59/0x2b0
[ 1050.182743][T10593]  ? lockdep_softirqs_off+0x420/0x420
[ 1050.188171][T10593]  ? mon_bin_open+0x19d/0x500
[ 1050.192887][T10593]  __kmem_cache_alloc_node+0x4b/0x2a0
[ 1050.198313][T10593]  ? mon_bin_open+0x19d/0x500
[ 1050.203028][T10593]  kmalloc_trace+0x2a/0x60
[ 1050.207486][T10593]  mon_bin_open+0x19d/0x500
[ 1050.212034][T10593]  ? __fsnotify_parent+0x4da/0x730
[ 1050.217205][T10593]  ? module_put+0x18b/0x420
[ 1050.221756][T10593]  chrdev_open+0x54e/0x630
[ 1050.226223][T10593]  ? cd_forget+0x160/0x160
[ 1050.230681][T10593]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1050.235925][T10593]  ? fsnotify_perm+0x471/0x590
[ 1050.240746][T10593]  ? cd_forget+0x160/0x160
[ 1050.245202][T10593]  do_dentry_open+0x7f9/0x10f0
[ 1050.250028][T10593]  path_openat+0x27b3/0x3170
[ 1050.250125][T10602] FAULT_INJECTION: forcing a failure.
[ 1050.250125][T10602] name failslab, interval 1, probability 0, space 0, times 0
[ 1050.254670][T10593]  ? getname_flags+0xbc/0x4e0
06:26:53 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (fail_nth: 4)

[ 1050.254708][T10593]  ? mark_lock+0x9a/0x340
[ 1050.254742][T10593]  ? do_filp_open+0x490/0x490
[ 1050.254775][T10593]  ? alloc_fd+0x59c/0x640
[ 1050.285437][T10593]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1050.291132][T10593]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1050.297180][T10593]  do_filp_open+0x234/0x490
[ 1050.301746][T10593]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1050.306420][T10593]  ? _raw_spin_unlock+0x28/0x40
[ 1050.311323][T10593]  ? alloc_fd+0x59c/0x640
[ 1050.315716][T10593]  do_sys_openat2+0x13f/0x500
06:26:53 executing program 5:
ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x89e9, &(0x7f0000000000)) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

[ 1050.320450][T10593]  ? mutex_unlock+0x10/0x10
[ 1050.324999][T10593]  ? do_sys_open+0x230/0x230
[ 1050.329648][T10593]  __x64_sys_openat+0x247/0x290
[ 1050.334548][T10593]  ? __ia32_sys_open+0x270/0x270
[ 1050.339533][T10593]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1050.345568][T10593]  ? lockdep_hardirqs_on+0x98/0x140
[ 1050.350811][T10593]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1050.356840][T10593]  do_syscall_64+0x41/0xc0
[ 1050.361310][T10593]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1050.367252][T10593] RIP: 0033:0x7f9b1943e284
[ 1050.371705][T10593] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1050.391353][T10593] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1050.399818][T10593] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1050.407823][T10593] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1050.415819][T10593] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1050.423851][T10593] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1050.431866][T10593] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1050.439909][T10593]  </TASK>
[ 1050.444706][T10602] CPU: 0 PID: 10602 Comm: syz-executor.1 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1050.454828][T10602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1050.464925][T10602] Call Trace:
[ 1050.468237][T10602]  <TASK>
[ 1050.471202][T10602]  dump_stack_lvl+0x1e7/0x2d0
[ 1050.475934][T10602]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1050.481532][T10602]  ? panic+0x770/0x770
[ 1050.485644][T10602]  ? __might_sleep+0xc0/0xc0
[ 1050.490289][T10602]  should_fail_ex+0x3aa/0x4e0
[ 1050.495021][T10602]  should_failslab+0x9/0x20
[ 1050.499591][T10602]  slab_pre_alloc_hook+0x59/0x2b0
[ 1050.504659][T10602]  ? slab_post_alloc_hook+0x2df/0x3a0
[ 1050.510087][T10602]  ? security_file_alloc+0x28/0x120
[ 1050.515336][T10602]  kmem_cache_alloc+0x4e/0x280
[ 1050.520143][T10602]  ? trace_kmem_cache_alloc+0x3c/0xf0
[ 1050.525573][T10602]  security_file_alloc+0x28/0x120
[ 1050.530649][T10602]  __alloc_file+0xc3/0x230
[ 1050.535129][T10602]  alloc_empty_file+0x96/0x180
[ 1050.539960][T10602]  path_openat+0xfa/0x3170
[ 1050.544430][T10602]  ? __stack_depot_save+0x3a/0x470
[ 1050.549603][T10602]  ? getname_flags+0xbc/0x4e0
[ 1050.554329][T10602]  ? mark_lock+0x9a/0x340
[ 1050.558709][T10602]  ? do_filp_open+0x490/0x490
[ 1050.563440][T10602]  ? alloc_fd+0x59c/0x640
[ 1050.567817][T10602]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1050.573506][T10602]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1050.579559][T10602]  do_filp_open+0x234/0x490
[ 1050.584125][T10602]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1050.588798][T10602]  ? _raw_spin_unlock+0x28/0x40
[ 1050.593705][T10602]  ? alloc_fd+0x59c/0x640
[ 1050.598093][T10602]  do_sys_openat2+0x13f/0x500
[ 1050.602813][T10602]  ? mutex_unlock+0x10/0x10
[ 1050.607357][T10602]  ? do_sys_open+0x230/0x230
[ 1050.612007][T10602]  __x64_sys_openat+0x247/0x290
[ 1050.616909][T10602]  ? __ia32_sys_open+0x270/0x270
06:26:53 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

[ 1050.621890][T10602]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1050.627913][T10602]  ? lockdep_hardirqs_on+0x98/0x140
[ 1050.633165][T10602]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1050.639199][T10602]  do_syscall_64+0x41/0xc0
[ 1050.643661][T10602]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1050.649598][T10602] RIP: 0033:0x7f13b2c8c0f9
[ 1050.654061][T10602] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
06:26:53 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x3, 0x0)

[ 1050.673709][T10602] RSP: 002b:00007f13b3a27168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1050.682282][T10602] RAX: ffffffffffffffda RBX: 00007f13b2dabf80 RCX: 00007f13b2c8c0f9
[ 1050.690320][T10602] RDX: 0000000000000002 RSI: 0000000020000040 RDI: ffffffffffffff9c
[ 1050.698326][T10602] RBP: 00007f13b3a271d0 R08: 0000000000000000 R09: 0000000000000000
[ 1050.706328][T10602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1050.714344][T10602] R13: 00007ffe3af675ef R14: 00007f13b3a27300 R15: 0000000000022000
06:26:53 executing program 5:
ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x89e9, &(0x7f0000000000)) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

06:26:53 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r1=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x2, 0x4, 0x12, 0xffffffffffffffff, 0x8000, '\x00', r1, 0xffffffffffffffff, 0x2, 0x3, 0x0, 0xe}, 0x48)
write$vhost_msg(r0, 0x0, 0x0)

[ 1050.722385][T10602]  </TASK>
06:26:53 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (fail_nth: 5)

06:26:53 executing program 0:
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) (async, rerun: 64)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0) (rerun: 64)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x18, 0x140b, 0x4, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x8004}, 0x34)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async, rerun: 64)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000080), 0x106, 0x1}}, 0x20) (async, rerun: 64)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r2, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x48)

06:26:53 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 9)

06:26:53 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x9, 0x0)

[ 1050.899983][T10643] FAULT_INJECTION: forcing a failure.
[ 1050.899983][T10643] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1050.933840][T10647] FAULT_INJECTION: forcing a failure.
[ 1050.933840][T10647] name failslab, interval 1, probability 0, space 0, times 0
[ 1050.951497][T10647] CPU: 0 PID: 10647 Comm: syz-executor.1 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1050.961631][T10647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1050.971725][T10647] Call Trace:
[ 1050.975040][T10647]  <TASK>
[ 1050.978010][T10647]  dump_stack_lvl+0x1e7/0x2d0
[ 1050.982751][T10647]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1050.988257][T10647]  ? panic+0x770/0x770
[ 1050.992371][T10647]  ? __might_sleep+0xc0/0xc0
[ 1050.997017][T10647]  should_fail_ex+0x3aa/0x4e0
[ 1051.001754][T10647]  should_failslab+0x9/0x20
[ 1051.006290][T10647]  slab_pre_alloc_hook+0x59/0x2b0
[ 1051.011359][T10647]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[ 1051.017108][T10647]  __kmem_cache_alloc_node+0x4b/0x2a0
[ 1051.022515][T10647]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1051.028530][T10647]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[ 1051.034270][T10647]  __kmalloc+0xa2/0x1a0
[ 1051.038448][T10647]  tomoyo_realpath_from_path+0xcf/0x5e0
[ 1051.044038][T10647]  tomoyo_check_open_permission+0x254/0x4e0
[ 1051.049977][T10647]  ? tomoyo_check_path_number_acl+0x280/0x280
[ 1051.056068][T10647]  ? do_dentry_open+0x32/0x10f0
[ 1051.060943][T10647]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1051.066664][T10647]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1051.071895][T10647]  ? tomoyo_file_open+0xea/0x170
[ 1051.076868][T10647]  security_file_open+0x63/0xa0
[ 1051.081748][T10647]  do_dentry_open+0x308/0x10f0
[ 1051.086536][T10647]  ? may_open+0x39c/0x440
[ 1051.090888][T10647]  path_openat+0x27b3/0x3170
[ 1051.095531][T10647]  ? getname_flags+0xbc/0x4e0
[ 1051.100233][T10647]  ? mark_lock+0x9a/0x340
[ 1051.104587][T10647]  ? do_filp_open+0x490/0x490
[ 1051.109295][T10647]  ? alloc_fd+0x59c/0x640
[ 1051.113664][T10647]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1051.119340][T10647]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1051.125383][T10647]  do_filp_open+0x234/0x490
[ 1051.129929][T10647]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1051.134589][T10647]  ? _raw_spin_unlock+0x28/0x40
[ 1051.139474][T10647]  ? alloc_fd+0x59c/0x640
[ 1051.143845][T10647]  do_sys_openat2+0x13f/0x500
[ 1051.148557][T10647]  ? mutex_unlock+0x10/0x10
[ 1051.153084][T10647]  ? do_sys_open+0x230/0x230
[ 1051.157724][T10647]  __x64_sys_openat+0x247/0x290
[ 1051.162612][T10647]  ? __ia32_sys_open+0x270/0x270
[ 1051.167583][T10647]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1051.173588][T10647]  ? lockdep_hardirqs_on+0x98/0x140
[ 1051.178819][T10647]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1051.184920][T10647]  do_syscall_64+0x41/0xc0
[ 1051.189378][T10647]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1051.195297][T10647] RIP: 0033:0x7f13b2c8c0f9
[ 1051.199723][T10647] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 1051.219356][T10647] RSP: 002b:00007f13b3a27168 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 1051.227812][T10647] RAX: ffffffffffffffda RBX: 00007f13b2dabf80 RCX: 00007f13b2c8c0f9
[ 1051.235823][T10647] RDX: 0000000000000002 RSI: 0000000020000040 RDI: ffffffffffffff9c
[ 1051.243829][T10647] RBP: 00007f13b3a271d0 R08: 0000000000000000 R09: 0000000000000000
[ 1051.251833][T10647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1051.259830][T10647] R13: 00007ffe3af675ef R14: 00007f13b3a27300 R15: 0000000000022000
[ 1051.267871][T10647]  </TASK>
[ 1051.271097][T10643] CPU: 1 PID: 10643 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1051.281212][T10643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1051.291309][T10643] Call Trace:
[ 1051.294622][T10643]  <TASK>
[ 1051.297591][T10643]  dump_stack_lvl+0x1e7/0x2d0
[ 1051.302326][T10643]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1051.307841][T10643]  ? panic+0x770/0x770
[ 1051.311956][T10643]  ? kasan_set_track+0x64/0x80
[ 1051.316756][T10643]  ? __kasan_kmalloc+0x9b/0xb0
[ 1051.321559][T10643]  ? chrdev_open+0x54e/0x630
[ 1051.326208][T10643]  ? path_openat+0x27b3/0x3170
[ 1051.327852][T10647] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1051.331003][T10643]  ? do_sys_openat2+0x13f/0x500
[ 1051.331042][T10643]  should_fail_ex+0x3aa/0x4e0
[ 1051.331078][T10643]  prepare_alloc_pages+0x1d9/0x5b0
[ 1051.331116][T10643]  __alloc_pages+0x16e/0x7f0
[ 1051.331147][T10643]  ? zone_statistics+0x170/0x170
[ 1051.331186][T10643]  ? alloc_pages+0x510/0x780
[ 1051.366623][T10643]  get_zeroed_page+0x17/0x40
[ 1051.371236][T10643]  mon_bin_open+0x237/0x500
[ 1051.375778][T10643]  ? module_put+0x18b/0x420
[ 1051.380304][T10643]  chrdev_open+0x54e/0x630
[ 1051.384731][T10643]  ? cd_forget+0x160/0x160
[ 1051.389154][T10643]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1051.394368][T10643]  ? fsnotify_perm+0x471/0x590
[ 1051.399158][T10643]  ? cd_forget+0x160/0x160
[ 1051.403579][T10643]  do_dentry_open+0x7f9/0x10f0
[ 1051.408366][T10643]  path_openat+0x27b3/0x3170
[ 1051.412992][T10643]  ? getname_flags+0xbc/0x4e0
[ 1051.417689][T10643]  ? mark_lock+0x9a/0x340
[ 1051.422040][T10643]  ? do_filp_open+0x490/0x490
[ 1051.426734][T10643]  ? alloc_fd+0x59c/0x640
[ 1051.431080][T10643]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1051.436734][T10643]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1051.442744][T10643]  do_filp_open+0x234/0x490
[ 1051.447266][T10643]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1051.451896][T10643]  ? _raw_spin_unlock+0x28/0x40
[ 1051.456784][T10643]  ? alloc_fd+0x59c/0x640
[ 1051.461153][T10643]  do_sys_openat2+0x13f/0x500
[ 1051.465876][T10643]  ? mutex_unlock+0x10/0x10
[ 1051.470402][T10643]  ? do_sys_open+0x230/0x230
[ 1051.475039][T10643]  __x64_sys_openat+0x247/0x290
[ 1051.479927][T10643]  ? __ia32_sys_open+0x270/0x270
[ 1051.484897][T10643]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1051.490905][T10643]  ? lockdep_hardirqs_on+0x98/0x140
[ 1051.496128][T10643]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1051.502145][T10643]  do_syscall_64+0x41/0xc0
[ 1051.506584][T10643]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1051.512491][T10643] RIP: 0033:0x7f9b1943e284
[ 1051.516915][T10643] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1051.536625][T10643] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1051.545052][T10643] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
06:26:54 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5387, &(0x7f00000000c0))

06:26:54 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r1=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x2, 0x4, 0x12, 0xffffffffffffffff, 0x8000, '\x00', r1, 0xffffffffffffffff, 0x2, 0x3, 0x0, 0xe}, 0x48)
write$vhost_msg(r0, 0x0, 0x0)

[ 1051.553034][T10643] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1051.561011][T10643] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1051.569007][T10643] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1051.576985][T10643] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1051.584978][T10643]  </TASK>
06:26:54 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 10)

[ 1051.681965][T10666] FAULT_INJECTION: forcing a failure.
[ 1051.681965][T10666] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1051.696884][T10666] CPU: 0 PID: 10666 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1051.707010][T10666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1051.717118][T10666] Call Trace:
[ 1051.720435][T10666]  <TASK>
[ 1051.723408][T10666]  dump_stack_lvl+0x1e7/0x2d0
[ 1051.728147][T10666]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1051.733666][T10666]  ? panic+0x770/0x770
[ 1051.737782][T10666]  ? kasan_set_track+0x64/0x80
[ 1051.742601][T10666]  should_fail_ex+0x3aa/0x4e0
[ 1051.747329][T10666]  prepare_alloc_pages+0x1d9/0x5b0
[ 1051.752499][T10666]  __alloc_pages+0x16e/0x7f0
[ 1051.757141][T10666]  ? zone_statistics+0x170/0x170
[ 1051.762147][T10666]  ? alloc_pages+0x510/0x780
[ 1051.766786][T10666]  get_zeroed_page+0x17/0x40
[ 1051.771411][T10666]  mon_bin_open+0x237/0x500
[ 1051.775974][T10666]  chrdev_open+0x54e/0x630
[ 1051.780436][T10666]  ? cd_forget+0x160/0x160
[ 1051.784897][T10666]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1051.790139][T10666]  ? fsnotify_perm+0x471/0x590
[ 1051.794963][T10666]  ? cd_forget+0x160/0x160
[ 1051.799421][T10666]  do_dentry_open+0x7f9/0x10f0
[ 1051.804276][T10666]  path_openat+0x27b3/0x3170
[ 1051.808953][T10666]  ? getname_flags+0xbc/0x4e0
[ 1051.813671][T10666]  ? mark_lock+0x9a/0x340
[ 1051.818043][T10666]  ? do_filp_open+0x490/0x490
[ 1051.822766][T10666]  ? alloc_fd+0x59c/0x640
[ 1051.827136][T10666]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1051.832796][T10666]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1051.838819][T10666]  do_filp_open+0x234/0x490
[ 1051.843353][T10666]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1051.847986][T10666]  ? _raw_spin_unlock+0x28/0x40
[ 1051.852851][T10666]  ? alloc_fd+0x59c/0x640
[ 1051.857201][T10666]  do_sys_openat2+0x13f/0x500
[ 1051.861890][T10666]  ? mutex_unlock+0x10/0x10
[ 1051.866405][T10666]  ? do_sys_open+0x230/0x230
[ 1051.871018][T10666]  __x64_sys_openat+0x247/0x290
[ 1051.875882][T10666]  ? __ia32_sys_open+0x270/0x270
[ 1051.880834][T10666]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1051.886822][T10666]  ? lockdep_hardirqs_on+0x98/0x140
[ 1051.892034][T10666]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1051.898049][T10666]  do_syscall_64+0x41/0xc0
[ 1051.902525][T10666]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1051.908432][T10666] RIP: 0033:0x7f9b1943e284
[ 1051.912855][T10666] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1051.932469][T10666] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1051.940897][T10666] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1051.948875][T10666] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1051.956862][T10666] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1051.964839][T10666] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1051.972814][T10666] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
06:26:55 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0xa, 0x0)

06:26:55 executing program 0:
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x18, 0x140b, 0x4, 0x70bd27, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x8004}, 0x34) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000080), 0x106, 0x1}}, 0x20)
r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r2, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x48)

[ 1051.980810][T10666]  </TASK>
06:26:55 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:26:55 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 11)

[ 1052.122333][T10686] FAULT_INJECTION: forcing a failure.
[ 1052.122333][T10686] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1052.139886][T10686] CPU: 0 PID: 10686 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1052.150108][T10686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1052.160204][T10686] Call Trace:
[ 1052.163518][T10686]  <TASK>
[ 1052.166488][T10686]  dump_stack_lvl+0x1e7/0x2d0
[ 1052.171221][T10686]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1052.176736][T10686]  ? panic+0x770/0x770
[ 1052.180849][T10686]  ? kasan_set_track+0x64/0x80
[ 1052.185667][T10686]  should_fail_ex+0x3aa/0x4e0
[ 1052.190401][T10686]  prepare_alloc_pages+0x1d9/0x5b0
[ 1052.195569][T10686]  __alloc_pages+0x16e/0x7f0
[ 1052.200207][T10686]  ? zone_statistics+0x170/0x170
[ 1052.205205][T10686]  ? alloc_pages+0x510/0x780
[ 1052.209854][T10686]  get_zeroed_page+0x17/0x40
[ 1052.214479][T10686]  mon_bin_open+0x237/0x500
06:26:55 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0xb, 0x0)

[ 1052.219037][T10686]  chrdev_open+0x54e/0x630
[ 1052.223587][T10686]  ? cd_forget+0x160/0x160
[ 1052.228059][T10686]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1052.233311][T10686]  ? fsnotify_perm+0x471/0x590
[ 1052.238136][T10686]  ? cd_forget+0x160/0x160
[ 1052.242593][T10686]  do_dentry_open+0x7f9/0x10f0
[ 1052.247505][T10686]  path_openat+0x27b3/0x3170
[ 1052.252172][T10686]  ? getname_flags+0xbc/0x4e0
[ 1052.256901][T10686]  ? mark_lock+0x9a/0x340
[ 1052.261284][T10686]  ? do_filp_open+0x490/0x490
[ 1052.266020][T10686]  ? alloc_fd+0x59c/0x640
[ 1052.270407][T10686]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1052.276102][T10686]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1052.282155][T10686]  do_filp_open+0x234/0x490
[ 1052.286726][T10686]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1052.291407][T10686]  ? _raw_spin_unlock+0x28/0x40
[ 1052.296303][T10686]  ? alloc_fd+0x59c/0x640
[ 1052.300687][T10686]  do_sys_openat2+0x13f/0x500
[ 1052.305416][T10686]  ? mutex_unlock+0x10/0x10
[ 1052.309965][T10686]  ? do_sys_open+0x230/0x230
[ 1052.314616][T10686]  __x64_sys_openat+0x247/0x290
06:26:55 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x18, 0x0)

[ 1052.319517][T10686]  ? __ia32_sys_open+0x270/0x270
[ 1052.324502][T10686]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1052.330533][T10686]  ? lockdep_hardirqs_on+0x98/0x140
[ 1052.335784][T10686]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1052.341908][T10686]  do_syscall_64+0x41/0xc0
[ 1052.346384][T10686]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1052.352321][T10686] RIP: 0033:0x7f9b1943e284
[ 1052.356771][T10686] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1052.376421][T10686] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1052.384886][T10686] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1052.392903][T10686] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1052.400916][T10686] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1052.408928][T10686] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
06:26:55 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x3, 0x0)

06:26:55 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0) (async, rerun: 32)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (rerun: 32)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5387, &(0x7f00000000c0))

06:26:55 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r0=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x2, 0x4, 0x12, 0xffffffffffffffff, 0x8000, '\x00', r0, 0xffffffffffffffff, 0x2, 0x3, 0x0, 0xe}, 0x48)

06:26:55 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x2)

[ 1052.417025][T10686] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1052.425066][T10686]  </TASK>
06:26:55 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
read$usbmon(r1, &(0x7f0000000080)=""/91, 0x5b)

06:26:55 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 12)

06:26:55 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x9, 0x0)

06:26:55 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x2, 0x4, 0x12, 0xffffffffffffffff, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x0, 0xe}, 0x48)

[ 1052.615887][T10731] FAULT_INJECTION: forcing a failure.
[ 1052.615887][T10731] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1052.665929][T10731] CPU: 0 PID: 10731 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1052.676083][T10731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1052.686182][T10731] Call Trace:
[ 1052.689498][T10731]  <TASK>
[ 1052.692476][T10731]  dump_stack_lvl+0x1e7/0x2d0
[ 1052.697231][T10731]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1052.702743][T10731]  ? panic+0x770/0x770
[ 1052.706860][T10731]  ? kasan_set_track+0x64/0x80
[ 1052.711683][T10731]  should_fail_ex+0x3aa/0x4e0
06:26:55 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x3)

[ 1052.716426][T10731]  prepare_alloc_pages+0x1d9/0x5b0
[ 1052.721596][T10731]  __alloc_pages+0x16e/0x7f0
[ 1052.726233][T10731]  ? zone_statistics+0x170/0x170
[ 1052.731228][T10731]  ? alloc_pages+0x510/0x780
[ 1052.735894][T10731]  get_zeroed_page+0x17/0x40
[ 1052.740524][T10731]  mon_bin_open+0x237/0x500
[ 1052.745084][T10731]  chrdev_open+0x54e/0x630
[ 1052.749547][T10731]  ? cd_forget+0x160/0x160
[ 1052.754007][T10731]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1052.759251][T10731]  ? fsnotify_perm+0x471/0x590
[ 1052.764073][T10731]  ? cd_forget+0x160/0x160
[ 1052.768531][T10731]  do_dentry_open+0x7f9/0x10f0
[ 1052.773359][T10731]  path_openat+0x27b3/0x3170
[ 1052.778029][T10731]  ? getname_flags+0xbc/0x4e0
[ 1052.782757][T10731]  ? mark_lock+0x9a/0x340
[ 1052.787138][T10731]  ? do_filp_open+0x490/0x490
[ 1052.791882][T10731]  ? alloc_fd+0x59c/0x640
[ 1052.796261][T10731]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1052.801951][T10731]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1052.808004][T10731]  do_filp_open+0x234/0x490
[ 1052.812564][T10731]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1052.817239][T10731]  ? _raw_spin_unlock+0x28/0x40
[ 1052.822140][T10731]  ? alloc_fd+0x59c/0x640
[ 1052.826533][T10731]  do_sys_openat2+0x13f/0x500
[ 1052.831258][T10731]  ? mutex_unlock+0x10/0x10
[ 1052.835805][T10731]  ? do_sys_open+0x230/0x230
[ 1052.840456][T10731]  __x64_sys_openat+0x247/0x290
[ 1052.845352][T10731]  ? __ia32_sys_open+0x270/0x270
[ 1052.850336][T10731]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1052.856360][T10731]  ? lockdep_hardirqs_on+0x98/0x140
[ 1052.861599][T10731]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1052.867622][T10731]  do_syscall_64+0x41/0xc0
[ 1052.872088][T10731]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1052.878020][T10731] RIP: 0033:0x7f9b1943e284
[ 1052.882556][T10731] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1052.902198][T10731] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
06:26:56 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4)

06:26:56 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
read$usbmon(r1, &(0x7f0000000080)=""/91, 0x5b)

06:26:56 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5387, &(0x7f00000000c0))
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5387, &(0x7f00000000c0)) (async)

[ 1052.910690][T10731] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1052.918700][T10731] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1052.926738][T10731] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1052.934835][T10731] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1052.942851][T10731] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1052.950888][T10731]  </TASK>
06:26:56 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 13)

06:26:56 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0xa, 0x0)

06:26:56 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x2, 0x4, 0x12, 0xffffffffffffffff, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x0, 0xe}, 0x48)

06:26:56 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
read$usbmon(r1, &(0x7f0000000080)=""/91, 0x5b)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
read$usbmon(r1, &(0x7f0000000080)=""/91, 0x5b) (async)

[ 1053.138422][T10778] FAULT_INJECTION: forcing a failure.
[ 1053.138422][T10778] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1053.182677][T10778] CPU: 1 PID: 10778 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1053.192824][T10778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1053.202959][T10778] Call Trace:
[ 1053.206281][T10778]  <TASK>
[ 1053.209249][T10778]  dump_stack_lvl+0x1e7/0x2d0
[ 1053.213988][T10778]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1053.219508][T10778]  ? panic+0x770/0x770
[ 1053.223629][T10778]  ? kasan_set_track+0x64/0x80
[ 1053.228459][T10778]  should_fail_ex+0x3aa/0x4e0
[ 1053.233196][T10778]  prepare_alloc_pages+0x1d9/0x5b0
[ 1053.238369][T10778]  __alloc_pages+0x16e/0x7f0
[ 1053.243022][T10778]  ? zone_statistics+0x170/0x170
[ 1053.248052][T10778]  ? alloc_pages+0x510/0x780
[ 1053.252710][T10778]  get_zeroed_page+0x17/0x40
[ 1053.257352][T10778]  mon_bin_open+0x237/0x500
[ 1053.261925][T10778]  chrdev_open+0x54e/0x630
[ 1053.266396][T10778]  ? cd_forget+0x160/0x160
[ 1053.270863][T10778]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1053.276112][T10778]  ? fsnotify_perm+0x471/0x590
06:26:56 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

[ 1053.280940][T10778]  ? cd_forget+0x160/0x160
[ 1053.285408][T10778]  do_dentry_open+0x7f9/0x10f0
[ 1053.290240][T10778]  path_openat+0x27b3/0x3170
[ 1053.294905][T10778]  ? getname_flags+0xbc/0x4e0
[ 1053.299633][T10778]  ? mark_lock+0x9a/0x340
[ 1053.304017][T10778]  ? do_filp_open+0x490/0x490
[ 1053.308749][T10778]  ? alloc_fd+0x59c/0x640
[ 1053.313153][T10778]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1053.319068][T10778]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1053.325133][T10778]  do_filp_open+0x234/0x490
06:26:56 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

[ 1053.329703][T10778]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1053.334395][T10778]  ? _raw_spin_unlock+0x28/0x40
[ 1053.339307][T10778]  ? alloc_fd+0x59c/0x640
[ 1053.343713][T10778]  do_sys_openat2+0x13f/0x500
[ 1053.348451][T10778]  ? mutex_unlock+0x10/0x10
[ 1053.353004][T10778]  ? do_sys_open+0x230/0x230
[ 1053.357677][T10778]  __x64_sys_openat+0x247/0x290
[ 1053.362581][T10778]  ? __ia32_sys_open+0x270/0x270
[ 1053.367575][T10778]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1053.373608][T10778]  ? lockdep_hardirqs_on+0x98/0x140
[ 1053.378864][T10778]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1053.384901][T10778]  do_syscall_64+0x41/0xc0
[ 1053.389379][T10778]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1053.395329][T10778] RIP: 0033:0x7f9b1943e284
[ 1053.399810][T10778] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1053.419461][T10778] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
06:26:56 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x5)

06:26:56 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

[ 1053.427932][T10778] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1053.435994][T10778] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1053.444017][T10778] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1053.452035][T10778] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1053.460143][T10778] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1053.468219][T10778]  </TASK>
06:26:56 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 14)

06:26:56 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:26:56 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_LIST_KEY(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x48140013}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x2, 0x70bd27, 0x25dfdbfc, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x2}, 0x1)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
ioctl$IMCLEAR_L2(r2, 0x80044946, &(0x7f0000000000)=0x1000)

06:26:56 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0xb, 0x0)

06:26:56 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x0, 0x2, 0x4, 0x12, 0xffffffffffffffff, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x0, 0xe}, 0x48)

[ 1053.707604][T10820] FAULT_INJECTION: forcing a failure.
[ 1053.707604][T10820] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1053.733907][T10820] CPU: 1 PID: 10820 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1053.744055][T10820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1053.754147][T10820] Call Trace:
[ 1053.757444][T10820]  <TASK>
[ 1053.760391][T10820]  dump_stack_lvl+0x1e7/0x2d0
[ 1053.765099][T10820]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1053.770599][T10820]  ? panic+0x770/0x770
[ 1053.774682][T10820]  ? kasan_set_track+0x64/0x80
[ 1053.779482][T10820]  should_fail_ex+0x3aa/0x4e0
[ 1053.784183][T10820]  prepare_alloc_pages+0x1d9/0x5b0
[ 1053.789320][T10820]  __alloc_pages+0x16e/0x7f0
[ 1053.793927][T10820]  ? zone_statistics+0x170/0x170
[ 1053.798914][T10820]  ? alloc_pages+0x510/0x780
[ 1053.803517][T10820]  get_zeroed_page+0x17/0x40
[ 1053.808202][T10820]  mon_bin_open+0x237/0x500
[ 1053.812726][T10820]  chrdev_open+0x54e/0x630
[ 1053.817153][T10820]  ? cd_forget+0x160/0x160
[ 1053.821580][T10820]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1053.826797][T10820]  ? fsnotify_perm+0x471/0x590
[ 1053.831595][T10820]  ? cd_forget+0x160/0x160
[ 1053.836016][T10820]  do_dentry_open+0x7f9/0x10f0
[ 1053.840813][T10820]  path_openat+0x27b3/0x3170
[ 1053.845435][T10820]  ? getname_flags+0xbc/0x4e0
[ 1053.850145][T10820]  ? mark_lock+0x9a/0x340
[ 1053.854492][T10820]  ? do_filp_open+0x490/0x490
[ 1053.859192][T10820]  ? alloc_fd+0x59c/0x640
[ 1053.863533][T10820]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1053.869185][T10820]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1053.875195][T10820]  do_filp_open+0x234/0x490
[ 1053.879719][T10820]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1053.884349][T10820]  ? _raw_spin_unlock+0x28/0x40
[ 1053.889217][T10820]  ? alloc_fd+0x59c/0x640
[ 1053.893568][T10820]  do_sys_openat2+0x13f/0x500
[ 1053.898260][T10820]  ? mutex_unlock+0x10/0x10
[ 1053.902772][T10820]  ? do_sys_open+0x230/0x230
[ 1053.907388][T10820]  __x64_sys_openat+0x247/0x290
[ 1053.912254][T10820]  ? __ia32_sys_open+0x270/0x270
[ 1053.917202][T10820]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1053.923279][T10820]  ? lockdep_hardirqs_on+0x98/0x140
[ 1053.928488][T10820]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1053.934485][T10820]  do_syscall_64+0x41/0xc0
[ 1053.938931][T10820]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1053.944840][T10820] RIP: 0033:0x7f9b1943e284
[ 1053.949266][T10820] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1053.968891][T10820] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1053.977315][T10820] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1053.985383][T10820] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1053.993361][T10820] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
06:26:57 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x6)

06:26:57 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 15)

[ 1054.001339][T10820] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1054.009316][T10820] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1054.017316][T10820]  </TASK>
06:26:57 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x0, 0x2, 0x4, 0x12, 0xffffffffffffffff, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x0, 0xe}, 0x48)

06:26:57 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x18, 0x0)

[ 1054.080989][ T1200] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.087353][ T1200] ieee802154 phy1 wpan1: encryption failed: -22
06:26:57 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_LIST_KEY(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x48140013}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x2, 0x70bd27, 0x25dfdbfc, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x2}, 0x1)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
ioctl$IMCLEAR_L2(r2, 0x80044946, &(0x7f0000000000)=0x1000)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
sendmsg$IEEE802154_LLSEC_LIST_KEY(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x48140013}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x2, 0x70bd27, 0x25dfdbfc, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x2}, 0x1) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
ioctl$IMCLEAR_L2(r2, 0x80044946, &(0x7f0000000000)=0x1000) (async)

[ 1054.144007][T10835] FAULT_INJECTION: forcing a failure.
[ 1054.144007][T10835] name fail_page_alloc, interval 1, probability 0, space 0, times 0
06:26:57 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x0, 0x2, 0x4, 0x12, 0xffffffffffffffff, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x0, 0xe}, 0x48)

06:26:57 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

[ 1054.225246][T10835] CPU: 1 PID: 10835 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1054.235513][T10835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1054.245610][T10835] Call Trace:
[ 1054.248922][T10835]  <TASK>
[ 1054.251889][T10835]  dump_stack_lvl+0x1e7/0x2d0
[ 1054.256632][T10835]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1054.262235][T10835]  ? panic+0x770/0x770
[ 1054.266350][T10835]  ? kasan_set_track+0x64/0x80
[ 1054.271252][T10835]  should_fail_ex+0x3aa/0x4e0
[ 1054.275957][T10835]  prepare_alloc_pages+0x1d9/0x5b0
[ 1054.281091][T10835]  __alloc_pages+0x16e/0x7f0
[ 1054.285697][T10835]  ? zone_statistics+0x170/0x170
[ 1054.290753][T10835]  ? alloc_pages+0x510/0x780
[ 1054.295447][T10835]  get_zeroed_page+0x17/0x40
[ 1054.300048][T10835]  mon_bin_open+0x237/0x500
[ 1054.304574][T10835]  chrdev_open+0x54e/0x630
[ 1054.309016][T10835]  ? cd_forget+0x160/0x160
[ 1054.313440][T10835]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1054.318670][T10835]  ? fsnotify_perm+0x471/0x590
[ 1054.323458][T10835]  ? cd_forget+0x160/0x160
[ 1054.327880][T10835]  do_dentry_open+0x7f9/0x10f0
[ 1054.332668][T10835]  path_openat+0x27b3/0x3170
[ 1054.337315][T10835]  ? getname_flags+0xbc/0x4e0
[ 1054.342008][T10835]  ? mark_lock+0x9a/0x340
[ 1054.346349][T10835]  ? do_filp_open+0x490/0x490
[ 1054.351041][T10835]  ? alloc_fd+0x59c/0x640
[ 1054.355467][T10835]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1054.361132][T10835]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1054.367138][T10835]  do_filp_open+0x234/0x490
[ 1054.371671][T10835]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1054.376306][T10835]  ? _raw_spin_unlock+0x28/0x40
[ 1054.381345][T10835]  ? alloc_fd+0x59c/0x640
[ 1054.385700][T10835]  do_sys_openat2+0x13f/0x500
[ 1054.390396][T10835]  ? mutex_unlock+0x10/0x10
[ 1054.394908][T10835]  ? do_sys_open+0x230/0x230
[ 1054.399523][T10835]  __x64_sys_openat+0x247/0x290
[ 1054.404385][T10835]  ? __ia32_sys_open+0x270/0x270
[ 1054.409337][T10835]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1054.415330][T10835]  ? lockdep_hardirqs_on+0x98/0x140
[ 1054.420539][T10835]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1054.426534][T10835]  do_syscall_64+0x41/0xc0
[ 1054.430976][T10835]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1054.436882][T10835] RIP: 0033:0x7f9b1943e284
[ 1054.441331][T10835] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1054.460976][T10835] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1054.469431][T10835] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1054.477424][T10835] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1054.485414][T10835] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1054.493401][T10835] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1054.501382][T10835] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1054.509488][T10835]  </TASK>
06:26:57 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x7)

06:26:57 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x0, 0x4, 0x12, 0xffffffffffffffff, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x0, 0xe}, 0x48)

06:26:57 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 16)

06:26:57 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_LIST_KEY(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x48140013}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0x2, 0x70bd27, 0x25dfdbfc, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x2}, 0x1) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async, rerun: 64)
ioctl$IMCLEAR_L2(r2, 0x80044946, &(0x7f0000000000)=0x1000) (rerun: 64)

06:26:57 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x0, 0x0, 0x12, 0xffffffffffffffff, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x0, 0xe}, 0x48)

06:26:57 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x2)

[ 1054.773661][T10873] FAULT_INJECTION: forcing a failure.
[ 1054.773661][T10873] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1054.795392][T10873] CPU: 0 PID: 10873 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1054.805536][T10873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1054.815655][T10873] Call Trace:
[ 1054.818972][T10873]  <TASK>
[ 1054.821941][T10873]  dump_stack_lvl+0x1e7/0x2d0
[ 1054.826680][T10873]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1054.832205][T10873]  ? panic+0x770/0x770
[ 1054.836322][T10873]  ? kasan_set_track+0x64/0x80
[ 1054.841141][T10873]  should_fail_ex+0x3aa/0x4e0
[ 1054.845880][T10873]  prepare_alloc_pages+0x1d9/0x5b0
[ 1054.851048][T10873]  __alloc_pages+0x16e/0x7f0
[ 1054.855676][T10873]  ? zone_statistics+0x170/0x170
[ 1054.860642][T10873]  ? alloc_pages+0x510/0x780
[ 1054.865248][T10873]  get_zeroed_page+0x17/0x40
[ 1054.869850][T10873]  mon_bin_open+0x237/0x500
[ 1054.874373][T10873]  chrdev_open+0x54e/0x630
[ 1054.878807][T10873]  ? cd_forget+0x160/0x160
[ 1054.883234][T10873]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1054.888442][T10873]  ? fsnotify_perm+0x471/0x590
[ 1054.893227][T10873]  ? cd_forget+0x160/0x160
[ 1054.897650][T10873]  do_dentry_open+0x7f9/0x10f0
[ 1054.902617][T10873]  path_openat+0x27b3/0x3170
[ 1054.907243][T10873]  ? getname_flags+0xbc/0x4e0
[ 1054.911938][T10873]  ? mark_lock+0x9a/0x340
[ 1054.916280][T10873]  ? do_filp_open+0x490/0x490
[ 1054.920972][T10873]  ? alloc_fd+0x59c/0x640
[ 1054.925313][T10873]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1054.930966][T10873]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1054.936973][T10873]  do_filp_open+0x234/0x490
[ 1054.941503][T10873]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1054.946146][T10873]  ? _raw_spin_unlock+0x28/0x40
[ 1054.951013][T10873]  ? alloc_fd+0x59c/0x640
[ 1054.955361][T10873]  do_sys_openat2+0x13f/0x500
[ 1054.960052][T10873]  ? mutex_unlock+0x10/0x10
[ 1054.964584][T10873]  ? do_sys_open+0x230/0x230
[ 1054.969195][T10873]  __x64_sys_openat+0x247/0x290
[ 1054.974056][T10873]  ? __ia32_sys_open+0x270/0x270
[ 1054.979006][T10873]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1054.984994][T10873]  ? lockdep_hardirqs_on+0x98/0x140
[ 1054.990211][T10873]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1054.996208][T10873]  do_syscall_64+0x41/0xc0
[ 1055.000648][T10873]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1055.006556][T10873] RIP: 0033:0x7f9b1943e284
[ 1055.010982][T10873] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1055.030597][T10873] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1055.039027][T10873] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1055.047030][T10873] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1055.055011][T10873] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1055.062987][T10873] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
06:26:58 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x8000, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x0, 0xe}, 0x48)

[ 1055.070962][T10873] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1055.078958][T10873]  </TASK>
06:26:58 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 17)

06:26:58 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x8)

[ 1055.177553][T10892] FAULT_INJECTION: forcing a failure.
[ 1055.177553][T10892] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1055.209427][T10892] CPU: 1 PID: 10892 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
06:26:58 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x0, 0xe}, 0x48)

[ 1055.219581][T10892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1055.229679][T10892] Call Trace:
[ 1055.233005][T10892]  <TASK>
[ 1055.235976][T10892]  dump_stack_lvl+0x1e7/0x2d0
[ 1055.240715][T10892]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1055.246263][T10892]  ? panic+0x770/0x770
[ 1055.250380][T10892]  ? kasan_set_track+0x64/0x80
[ 1055.255186][T10892]  should_fail_ex+0x3aa/0x4e0
[ 1055.259888][T10892]  prepare_alloc_pages+0x1d9/0x5b0
[ 1055.265022][T10892]  __alloc_pages+0x16e/0x7f0
[ 1055.269629][T10892]  ? zone_statistics+0x170/0x170
[ 1055.274589][T10892]  ? alloc_pages+0x510/0x780
[ 1055.279199][T10892]  get_zeroed_page+0x17/0x40
[ 1055.283795][T10892]  mon_bin_open+0x237/0x500
[ 1055.288320][T10892]  chrdev_open+0x54e/0x630
[ 1055.292843][T10892]  ? cd_forget+0x160/0x160
[ 1055.297297][T10892]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1055.302527][T10892]  ? fsnotify_perm+0x471/0x590
[ 1055.307321][T10892]  ? cd_forget+0x160/0x160
[ 1055.311756][T10892]  do_dentry_open+0x7f9/0x10f0
[ 1055.316548][T10892]  path_openat+0x27b3/0x3170
[ 1055.321178][T10892]  ? getname_flags+0xbc/0x4e0
[ 1055.325871][T10892]  ? mark_lock+0x9a/0x340
[ 1055.330215][T10892]  ? do_filp_open+0x490/0x490
[ 1055.334992][T10892]  ? alloc_fd+0x59c/0x640
[ 1055.339335][T10892]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1055.344985][T10892]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1055.350994][T10892]  do_filp_open+0x234/0x490
[ 1055.355515][T10892]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1055.360144][T10892]  ? _raw_spin_unlock+0x28/0x40
[ 1055.365020][T10892]  ? alloc_fd+0x59c/0x640
[ 1055.369371][T10892]  do_sys_openat2+0x13f/0x500
[ 1055.374074][T10892]  ? mutex_unlock+0x10/0x10
[ 1055.378587][T10892]  ? do_sys_open+0x230/0x230
[ 1055.383204][T10892]  __x64_sys_openat+0x247/0x290
[ 1055.388067][T10892]  ? __ia32_sys_open+0x270/0x270
[ 1055.393018][T10892]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1055.399006][T10892]  ? lockdep_hardirqs_on+0x98/0x140
[ 1055.404215][T10892]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1055.410213][T10892]  do_syscall_64+0x41/0xc0
[ 1055.414652][T10892]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1055.420733][T10892] RIP: 0033:0x7f9b1943e284
[ 1055.425178][T10892] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1055.444879][T10892] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1055.453304][T10892] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1055.461285][T10892] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1055.469265][T10892] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1055.477242][T10892] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1055.485324][T10892] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1055.493345][T10892]  </TASK>
06:26:58 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async, rerun: 64)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (rerun: 64)

06:26:58 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
getsockopt$PNPIPE_HANDLE(r1, 0x113, 0x3, &(0x7f0000000000), &(0x7f0000000080)=0x4)

06:26:58 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 18)

06:26:58 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xe}, 0x48)

06:26:58 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x3)

06:26:58 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x9)

[ 1055.740118][T10915] FAULT_INJECTION: forcing a failure.
[ 1055.740118][T10915] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1055.769426][T10915] CPU: 0 PID: 10915 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1055.779569][T10915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
06:26:58 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xe}, 0x48)

[ 1055.789676][T10915] Call Trace:
[ 1055.793000][T10915]  <TASK>
[ 1055.795968][T10915]  dump_stack_lvl+0x1e7/0x2d0
[ 1055.800713][T10915]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1055.806227][T10915]  ? panic+0x770/0x770
[ 1055.810342][T10915]  ? kasan_set_track+0x64/0x80
[ 1055.815161][T10915]  should_fail_ex+0x3aa/0x4e0
[ 1055.819932][T10915]  prepare_alloc_pages+0x1d9/0x5b0
[ 1055.825106][T10915]  __alloc_pages+0x16e/0x7f0
[ 1055.829753][T10915]  ? zone_statistics+0x170/0x170
[ 1055.834738][T10915]  ? alloc_pages+0x510/0x780
[ 1055.839349][T10915]  get_zeroed_page+0x17/0x40
[ 1055.843949][T10915]  mon_bin_open+0x237/0x500
[ 1055.848475][T10915]  chrdev_open+0x54e/0x630
[ 1055.852903][T10915]  ? cd_forget+0x160/0x160
[ 1055.857332][T10915]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1055.862545][T10915]  ? fsnotify_perm+0x471/0x590
[ 1055.867328][T10915]  ? cd_forget+0x160/0x160
[ 1055.871753][T10915]  do_dentry_open+0x7f9/0x10f0
[ 1055.876540][T10915]  path_openat+0x27b3/0x3170
[ 1055.881167][T10915]  ? getname_flags+0xbc/0x4e0
[ 1055.885863][T10915]  ? mark_lock+0x9a/0x340
[ 1055.890209][T10915]  ? do_filp_open+0x490/0x490
[ 1055.894901][T10915]  ? alloc_fd+0x59c/0x640
[ 1055.899241][T10915]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1055.904888][T10915]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1055.910899][T10915]  do_filp_open+0x234/0x490
[ 1055.915421][T10915]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1055.920052][T10915]  ? _raw_spin_unlock+0x28/0x40
[ 1055.924921][T10915]  ? alloc_fd+0x59c/0x640
[ 1055.929286][T10915]  do_sys_openat2+0x13f/0x500
[ 1055.933987][T10915]  ? mutex_unlock+0x10/0x10
[ 1055.938500][T10915]  ? do_sys_open+0x230/0x230
[ 1055.943114][T10915]  __x64_sys_openat+0x247/0x290
[ 1055.947977][T10915]  ? __ia32_sys_open+0x270/0x270
[ 1055.952932][T10915]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1055.958920][T10915]  ? lockdep_hardirqs_on+0x98/0x140
[ 1055.964131][T10915]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1055.970124][T10915]  do_syscall_64+0x41/0xc0
[ 1055.974560][T10915]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1055.980463][T10915] RIP: 0033:0x7f9b1943e284
[ 1055.984889][T10915] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1056.004503][T10915] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1056.012928][T10915] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1056.020905][T10915] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1056.028887][T10915] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1056.036861][T10915] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1056.044848][T10915] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1056.052864][T10915]  </TASK>
06:26:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0xe}, 0x48)

06:26:59 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 19)

06:26:59 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
getsockopt$PNPIPE_HANDLE(r1, 0x113, 0x3, &(0x7f0000000000), &(0x7f0000000080)=0x4)

06:26:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0xe}, 0x48)

[ 1056.201336][T10940] FAULT_INJECTION: forcing a failure.
[ 1056.201336][T10940] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1056.217357][T10940] CPU: 0 PID: 10940 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1056.227488][T10940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1056.237597][T10940] Call Trace:
[ 1056.240913][T10940]  <TASK>
[ 1056.243884][T10940]  dump_stack_lvl+0x1e7/0x2d0
[ 1056.248624][T10940]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1056.254142][T10940]  ? panic+0x770/0x770
[ 1056.258258][T10940]  ? kasan_set_track+0x64/0x80
[ 1056.263077][T10940]  should_fail_ex+0x3aa/0x4e0
[ 1056.267897][T10940]  prepare_alloc_pages+0x1d9/0x5b0
[ 1056.273066][T10940]  __alloc_pages+0x16e/0x7f0
[ 1056.277706][T10940]  ? zone_statistics+0x170/0x170
[ 1056.282699][T10940]  ? alloc_pages+0x510/0x780
[ 1056.287341][T10940]  get_zeroed_page+0x17/0x40
[ 1056.291969][T10940]  mon_bin_open+0x237/0x500
[ 1056.296515][T10940]  chrdev_open+0x54e/0x630
[ 1056.300969][T10940]  ? cd_forget+0x160/0x160
[ 1056.305416][T10940]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1056.310657][T10940]  ? fsnotify_perm+0x471/0x590
[ 1056.315480][T10940]  ? cd_forget+0x160/0x160
[ 1056.319938][T10940]  do_dentry_open+0x7f9/0x10f0
[ 1056.324771][T10940]  path_openat+0x27b3/0x3170
[ 1056.329436][T10940]  ? getname_flags+0xbc/0x4e0
[ 1056.334166][T10940]  ? mark_lock+0x9a/0x340
[ 1056.338546][T10940]  ? do_filp_open+0x490/0x490
[ 1056.343279][T10940]  ? alloc_fd+0x59c/0x640
06:26:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0xe}, 0x48)

[ 1056.347653][T10940]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1056.353341][T10940]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1056.359390][T10940]  do_filp_open+0x234/0x490
[ 1056.363953][T10940]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1056.368630][T10940]  ? _raw_spin_unlock+0x28/0x40
[ 1056.373524][T10940]  ? alloc_fd+0x59c/0x640
[ 1056.377901][T10940]  do_sys_openat2+0x13f/0x500
[ 1056.382628][T10940]  ? mutex_unlock+0x10/0x10
[ 1056.387186][T10940]  ? do_sys_open+0x230/0x230
[ 1056.391839][T10940]  __x64_sys_openat+0x247/0x290
[ 1056.396745][T10940]  ? __ia32_sys_open+0x270/0x270
[ 1056.401759][T10940]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1056.407790][T10940]  ? lockdep_hardirqs_on+0x98/0x140
[ 1056.413050][T10940]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1056.419096][T10940]  do_syscall_64+0x41/0xc0
[ 1056.423566][T10940]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1056.429498][T10940] RIP: 0033:0x7f9b1943e284
[ 1056.433948][T10940] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1056.453596][T10940] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1056.462070][T10940] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1056.470090][T10940] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1056.478096][T10940] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1056.486099][T10940] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1056.494108][T10940] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1056.502174][T10940]  </TASK>
06:26:59 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x1, 0x4}}, 0x48)

06:26:59 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4)

06:26:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0xe}, 0x48)

06:26:59 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 20)

06:26:59 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xa)

06:26:59 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async, rerun: 64)
getsockopt$PNPIPE_HANDLE(r1, 0x113, 0x3, &(0x7f0000000000), &(0x7f0000000080)=0x4) (rerun: 64)

06:26:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3}, 0x48)

06:26:59 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0xe}, 0x48)

06:26:59 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x1, 0x4}}, 0x48)

[ 1056.778692][T10982] FAULT_INJECTION: forcing a failure.
[ 1056.778692][T10982] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1056.825788][T10982] CPU: 1 PID: 10982 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1056.836026][T10982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1056.846126][T10982] Call Trace:
[ 1056.849438][T10982]  <TASK>
[ 1056.852395][T10982]  dump_stack_lvl+0x1e7/0x2d0
[ 1056.857116][T10982]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1056.862598][T10982]  ? panic+0x770/0x770
[ 1056.866682][T10982]  ? kasan_set_track+0x64/0x80
[ 1056.871470][T10982]  should_fail_ex+0x3aa/0x4e0
[ 1056.876196][T10982]  prepare_alloc_pages+0x1d9/0x5b0
[ 1056.881329][T10982]  __alloc_pages+0x16e/0x7f0
[ 1056.885932][T10982]  ? zone_statistics+0x170/0x170
[ 1056.890891][T10982]  ? alloc_pages+0x510/0x780
[ 1056.895501][T10982]  get_zeroed_page+0x17/0x40
[ 1056.900104][T10982]  mon_bin_open+0x237/0x500
[ 1056.904634][T10982]  chrdev_open+0x54e/0x630
[ 1056.909067][T10982]  ? cd_forget+0x160/0x160
[ 1056.913508][T10982]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1056.918716][T10982]  ? fsnotify_perm+0x471/0x590
[ 1056.923507][T10982]  ? cd_forget+0x160/0x160
[ 1056.927930][T10982]  do_dentry_open+0x7f9/0x10f0
[ 1056.932737][T10982]  path_openat+0x27b3/0x3170
[ 1056.937364][T10982]  ? getname_flags+0xbc/0x4e0
[ 1056.942056][T10982]  ? mark_lock+0x9a/0x340
[ 1056.946399][T10982]  ? do_filp_open+0x490/0x490
[ 1056.951097][T10982]  ? alloc_fd+0x59c/0x640
[ 1056.955444][T10982]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1056.961102][T10982]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1056.967108][T10982]  do_filp_open+0x234/0x490
[ 1056.971635][T10982]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1056.976266][T10982]  ? _raw_spin_unlock+0x28/0x40
[ 1056.981133][T10982]  ? alloc_fd+0x59c/0x640
[ 1056.985485][T10982]  do_sys_openat2+0x13f/0x500
[ 1056.990181][T10982]  ? mutex_unlock+0x10/0x10
[ 1056.994692][T10982]  ? do_sys_open+0x230/0x230
[ 1056.999305][T10982]  __x64_sys_openat+0x247/0x290
[ 1057.004170][T10982]  ? __ia32_sys_open+0x270/0x270
[ 1057.009122][T10982]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1057.015114][T10982]  ? lockdep_hardirqs_on+0x98/0x140
[ 1057.020325][T10982]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1057.026319][T10982]  do_syscall_64+0x41/0xc0
[ 1057.030757][T10982]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1057.036666][T10982] RIP: 0033:0x7f9b1943e284
[ 1057.041090][T10982] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1057.060704][T10982] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1057.069127][T10982] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1057.077107][T10982] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1057.085098][T10982] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1057.093074][T10982] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1057.101049][T10982] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1057.109046][T10982]  </TASK>
06:27:00 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x5)

06:27:00 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 21)

06:27:00 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xb)

06:27:00 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0xe}, 0x48)

[ 1057.268318][T11004] FAULT_INJECTION: forcing a failure.
[ 1057.268318][T11004] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1057.283767][T11004] CPU: 1 PID: 11004 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1057.293905][T11004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1057.304022][T11004] Call Trace:
[ 1057.307334][T11004]  <TASK>
[ 1057.310297][T11004]  dump_stack_lvl+0x1e7/0x2d0
[ 1057.315119][T11004]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1057.320635][T11004]  ? panic+0x770/0x770
[ 1057.324751][T11004]  ? kasan_set_track+0x64/0x80
[ 1057.329574][T11004]  should_fail_ex+0x3aa/0x4e0
[ 1057.334306][T11004]  prepare_alloc_pages+0x1d9/0x5b0
[ 1057.339471][T11004]  __alloc_pages+0x16e/0x7f0
[ 1057.344106][T11004]  ? zone_statistics+0x170/0x170
[ 1057.349099][T11004]  ? alloc_pages+0x510/0x780
[ 1057.353739][T11004]  get_zeroed_page+0x17/0x40
[ 1057.358373][T11004]  mon_bin_open+0x237/0x500
[ 1057.362933][T11004]  chrdev_open+0x54e/0x630
[ 1057.367386][T11004]  ? cd_forget+0x160/0x160
[ 1057.371836][T11004]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1057.377080][T11004]  ? fsnotify_perm+0x471/0x590
[ 1057.381899][T11004]  ? cd_forget+0x160/0x160
[ 1057.386374][T11004]  do_dentry_open+0x7f9/0x10f0
[ 1057.391203][T11004]  path_openat+0x27b3/0x3170
[ 1057.395872][T11004]  ? getname_flags+0xbc/0x4e0
[ 1057.400598][T11004]  ? mark_lock+0x9a/0x340
[ 1057.404982][T11004]  ? do_filp_open+0x490/0x490
[ 1057.409709][T11004]  ? alloc_fd+0x59c/0x640
[ 1057.414058][T11004]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1057.419713][T11004]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1057.425719][T11004]  do_filp_open+0x234/0x490
[ 1057.430243][T11004]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1057.434872][T11004]  ? _raw_spin_unlock+0x28/0x40
[ 1057.439740][T11004]  ? alloc_fd+0x59c/0x640
[ 1057.444094][T11004]  do_sys_openat2+0x13f/0x500
[ 1057.448790][T11004]  ? mutex_unlock+0x10/0x10
[ 1057.453318][T11004]  ? do_sys_open+0x230/0x230
[ 1057.457931][T11004]  __x64_sys_openat+0x247/0x290
[ 1057.462803][T11004]  ? __ia32_sys_open+0x270/0x270
[ 1057.467758][T11004]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1057.473767][T11004]  ? lockdep_hardirqs_on+0x98/0x140
[ 1057.479005][T11004]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1057.485112][T11004]  do_syscall_64+0x41/0xc0
[ 1057.489562][T11004]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1057.495475][T11004] RIP: 0033:0x7f9b1943e284
[ 1057.499920][T11004] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1057.519541][T11004] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1057.527972][T11004] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1057.535951][T11004] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1057.543949][T11004] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1057.551943][T11004] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1057.559925][T11004] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
06:27:00 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x1, 0x4}}, 0x48)

[ 1057.567938][T11004]  </TASK>
06:27:00 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x81, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0xe}, 0x48)

06:27:00 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 22)

06:27:00 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000000))
write$vhost_msg(r0, 0x0, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f0000000080)={<r3=>0x0, 0x0, r1})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f00000000c0)={<r4=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[r3, r4], &(0x7f0000000140)=[0x1, 0x3, 0x10001], 0x2, 0x1})

06:27:00 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

06:27:00 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

06:27:00 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xc)

06:27:00 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)

06:27:00 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x6)

06:27:00 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x2, 0x2}}, 0x48)

[ 1057.807717][T11034] FAULT_INJECTION: forcing a failure.
[ 1057.807717][T11034] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1057.848603][T11034] CPU: 0 PID: 11034 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1057.858747][T11034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1057.868843][T11034] Call Trace:
[ 1057.872162][T11034]  <TASK>
[ 1057.875129][T11034]  dump_stack_lvl+0x1e7/0x2d0
[ 1057.879874][T11034]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1057.885393][T11034]  ? panic+0x770/0x770
[ 1057.889516][T11034]  ? kasan_set_track+0x64/0x80
[ 1057.894373][T11034]  should_fail_ex+0x3aa/0x4e0
[ 1057.899118][T11034]  prepare_alloc_pages+0x1d9/0x5b0
[ 1057.904294][T11034]  __alloc_pages+0x16e/0x7f0
[ 1057.908937][T11034]  ? zone_statistics+0x170/0x170
[ 1057.914027][T11034]  ? alloc_pages+0x510/0x780
[ 1057.918673][T11034]  get_zeroed_page+0x17/0x40
[ 1057.923311][T11034]  mon_bin_open+0x237/0x500
[ 1057.927877][T11034]  chrdev_open+0x54e/0x630
[ 1057.932344][T11034]  ? cd_forget+0x160/0x160
[ 1057.936805][T11034]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1057.942053][T11034]  ? fsnotify_perm+0x471/0x590
[ 1057.946848][T11034]  ? cd_forget+0x160/0x160
[ 1057.951270][T11034]  do_dentry_open+0x7f9/0x10f0
[ 1057.956059][T11034]  path_openat+0x27b3/0x3170
[ 1057.960684][T11034]  ? getname_flags+0xbc/0x4e0
[ 1057.965375][T11034]  ? mark_lock+0x9a/0x340
[ 1057.969724][T11034]  ? do_filp_open+0x490/0x490
[ 1057.974428][T11034]  ? alloc_fd+0x59c/0x640
[ 1057.978776][T11034]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1057.984456][T11034]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1057.990556][T11034]  do_filp_open+0x234/0x490
[ 1057.995082][T11034]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1057.999711][T11034]  ? _raw_spin_unlock+0x28/0x40
[ 1058.004578][T11034]  ? alloc_fd+0x59c/0x640
[ 1058.008931][T11034]  do_sys_openat2+0x13f/0x500
[ 1058.013622][T11034]  ? mutex_unlock+0x10/0x10
[ 1058.018148][T11034]  ? do_sys_open+0x230/0x230
[ 1058.022760][T11034]  __x64_sys_openat+0x247/0x290
[ 1058.027622][T11034]  ? __ia32_sys_open+0x270/0x270
[ 1058.032575][T11034]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1058.038569][T11034]  ? lockdep_hardirqs_on+0x98/0x140
[ 1058.043782][T11034]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1058.049780][T11034]  do_syscall_64+0x41/0xc0
[ 1058.054221][T11034]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1058.060129][T11034] RIP: 0033:0x7f9b1943e284
[ 1058.064552][T11034] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1058.084169][T11034] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
06:27:01 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x0, 0x0, 0xe}, 0x48)

06:27:01 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000000))
write$vhost_msg(r0, 0x0, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f0000000080)={<r3=>0x0, 0x0, r1})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f00000000c0)={<r4=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[r3, r4], &(0x7f0000000140)=[0x1, 0x3, 0x10001], 0x2, 0x1})
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000000)) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f0000000080)={0x0, 0x0, r1}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f00000000c0)) (async)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[r3, r4], &(0x7f0000000140)=[0x1, 0x3, 0x10001], 0x2, 0x1}) (async)

[ 1058.092595][T11034] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1058.100665][T11034] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1058.108641][T11034] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1058.116619][T11034] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1058.124595][T11034] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1058.132590][T11034]  </TASK>
06:27:01 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x7)

06:27:01 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 23)

06:27:01 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xd)

[ 1058.219333][T11051] FAULT_INJECTION: forcing a failure.
[ 1058.219333][T11051] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1058.251772][T11051] CPU: 1 PID: 11051 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1058.262010][T11051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1058.272108][T11051] Call Trace:
[ 1058.275428][T11051]  <TASK>
[ 1058.278399][T11051]  dump_stack_lvl+0x1e7/0x2d0
[ 1058.283136][T11051]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1058.288750][T11051]  ? panic+0x770/0x770
[ 1058.292977][T11051]  ? kasan_set_track+0x64/0x80
[ 1058.297806][T11051]  should_fail_ex+0x3aa/0x4e0
[ 1058.302565][T11051]  prepare_alloc_pages+0x1d9/0x5b0
[ 1058.307744][T11051]  __alloc_pages+0x16e/0x7f0
[ 1058.312390][T11051]  ? zone_statistics+0x170/0x170
[ 1058.317395][T11051]  ? alloc_pages+0x510/0x780
[ 1058.322044][T11051]  get_zeroed_page+0x17/0x40
[ 1058.326680][T11051]  mon_bin_open+0x237/0x500
[ 1058.331249][T11051]  chrdev_open+0x54e/0x630
[ 1058.335723][T11051]  ? cd_forget+0x160/0x160
[ 1058.340182][T11051]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1058.345436][T11051]  ? fsnotify_perm+0x471/0x590
[ 1058.350257][T11051]  ? cd_forget+0x160/0x160
[ 1058.354716][T11051]  do_dentry_open+0x7f9/0x10f0
[ 1058.359554][T11051]  path_openat+0x27b3/0x3170
[ 1058.364226][T11051]  ? getname_flags+0xbc/0x4e0
[ 1058.368960][T11051]  ? mark_lock+0x9a/0x340
[ 1058.373346][T11051]  ? do_filp_open+0x490/0x490
[ 1058.378108][T11051]  ? alloc_fd+0x59c/0x640
[ 1058.382484][T11051]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1058.388202][T11051]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1058.394262][T11051]  do_filp_open+0x234/0x490
[ 1058.398826][T11051]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1058.403501][T11051]  ? _raw_spin_unlock+0x28/0x40
[ 1058.408405][T11051]  ? alloc_fd+0x59c/0x640
[ 1058.412790][T11051]  do_sys_openat2+0x13f/0x500
[ 1058.417512][T11051]  ? mutex_unlock+0x10/0x10
[ 1058.422062][T11051]  ? do_sys_open+0x230/0x230
[ 1058.426707][T11051]  __x64_sys_openat+0x247/0x290
[ 1058.431613][T11051]  ? __ia32_sys_open+0x270/0x270
[ 1058.436611][T11051]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1058.442642][T11051]  ? lockdep_hardirqs_on+0x98/0x140
[ 1058.447898][T11051]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1058.453943][T11051]  do_syscall_64+0x41/0xc0
[ 1058.458429][T11051]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1058.464374][T11051] RIP: 0033:0x7f9b1943e284
[ 1058.468835][T11051] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1058.488488][T11051] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1058.496954][T11051] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1058.504975][T11051] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
06:27:01 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x2, 0x2}}, 0x48)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x2, 0x2}}, 0x48) (async)

06:27:01 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xe}, 0x48)

[ 1058.512990][T11051] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1058.521003][T11051] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1058.529012][T11051] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1058.537051][T11051]  </TASK>
06:27:01 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000000))
write$vhost_msg(r0, 0x0, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f0000000080)={0x0, 0x0, r1}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f0000000080)={<r3=>0x0, 0x0, r1})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f00000000c0)) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f00000000c0)={<r4=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[r3, r4], &(0x7f0000000140)=[0x1, 0x3, 0x10001], 0x2, 0x1})

06:27:01 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xe}, 0x48)

06:27:01 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 24)

06:27:01 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xe)

06:27:01 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x8)

[ 1058.788835][T11100] FAULT_INJECTION: forcing a failure.
[ 1058.788835][T11100] name fail_page_alloc, interval 1, probability 0, space 0, times 0
06:27:01 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x2, 0x2}}, 0x48)

06:27:01 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0xe}, 0x48)

06:27:01 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000000)=0x100000000)
write$vhost_msg(r0, 0x0, 0x0)

06:27:02 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x9)

[ 1058.994622][T11100] CPU: 1 PID: 11100 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1059.004766][T11100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1059.014860][T11100] Call Trace:
[ 1059.018174][T11100]  <TASK>
[ 1059.021151][T11100]  dump_stack_lvl+0x1e7/0x2d0
[ 1059.025889][T11100]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1059.031420][T11100]  ? panic+0x770/0x770
[ 1059.035542][T11100]  ? kasan_set_track+0x64/0x80
[ 1059.040360][T11100]  should_fail_ex+0x3aa/0x4e0
[ 1059.045096][T11100]  prepare_alloc_pages+0x1d9/0x5b0
[ 1059.050262][T11100]  __alloc_pages+0x16e/0x7f0
[ 1059.054903][T11100]  ? zone_statistics+0x170/0x170
[ 1059.059897][T11100]  ? alloc_pages+0x510/0x780
[ 1059.064533][T11100]  get_zeroed_page+0x17/0x40
[ 1059.069163][T11100]  mon_bin_open+0x237/0x500
[ 1059.073726][T11100]  chrdev_open+0x54e/0x630
[ 1059.078187][T11100]  ? cd_forget+0x160/0x160
[ 1059.082658][T11100]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1059.087939][T11100]  ? fsnotify_perm+0x471/0x590
06:27:02 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x10)

06:27:02 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2}, 0x48)

[ 1059.092758][T11100]  ? cd_forget+0x160/0x160
[ 1059.097296][T11100]  do_dentry_open+0x7f9/0x10f0
[ 1059.102121][T11100]  path_openat+0x27b3/0x3170
[ 1059.106788][T11100]  ? getname_flags+0xbc/0x4e0
[ 1059.111517][T11100]  ? mark_lock+0x9a/0x340
[ 1059.115900][T11100]  ? do_filp_open+0x490/0x490
[ 1059.120620][T11100]  ? alloc_fd+0x59c/0x640
[ 1059.124962][T11100]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1059.130617][T11100]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1059.136627][T11100]  do_filp_open+0x234/0x490
[ 1059.141154][T11100]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1059.145786][T11100]  ? _raw_spin_unlock+0x28/0x40
[ 1059.150654][T11100]  ? alloc_fd+0x59c/0x640
[ 1059.155024][T11100]  do_sys_openat2+0x13f/0x500
[ 1059.159717][T11100]  ? mutex_unlock+0x10/0x10
[ 1059.164231][T11100]  ? do_sys_open+0x230/0x230
[ 1059.168844][T11100]  __x64_sys_openat+0x247/0x290
[ 1059.173709][T11100]  ? __ia32_sys_open+0x270/0x270
[ 1059.178661][T11100]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1059.184654][T11100]  ? lockdep_hardirqs_on+0x98/0x140
[ 1059.189866][T11100]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1059.195862][T11100]  do_syscall_64+0x41/0xc0
[ 1059.200303][T11100]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1059.206219][T11100] RIP: 0033:0x7f9b1943e284
[ 1059.210648][T11100] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1059.230261][T11100] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1059.238685][T11100] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1059.246753][T11100] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1059.254733][T11100] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1059.262733][T11100] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1059.270723][T11100] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1059.278719][T11100]  </TASK>
06:27:02 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000000)=0x100000000) (async)
write$vhost_msg(r0, 0x0, 0x0)

06:27:02 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$MON_IOCH_MFLUSH(r1, 0x9208, 0x800)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:02 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 25)

06:27:02 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000000)=0x100000000)
write$vhost_msg(r0, 0x0, 0x0)

06:27:02 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xa)

06:27:02 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x11)

06:27:02 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000000)=0x100000000) (async, rerun: 64)
write$vhost_msg(r0, 0x0, 0x0) (rerun: 64)

[ 1059.590973][T11154] FAULT_INJECTION: forcing a failure.
[ 1059.590973][T11154] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1059.617467][T11154] CPU: 0 PID: 11154 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1059.627695][T11154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1059.637793][T11154] Call Trace:
[ 1059.641100][T11154]  <TASK>
[ 1059.644056][T11154]  dump_stack_lvl+0x1e7/0x2d0
[ 1059.648790][T11154]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1059.654300][T11154]  ? panic+0x770/0x770
[ 1059.658419][T11154]  ? kasan_set_track+0x64/0x80
[ 1059.663235][T11154]  should_fail_ex+0x3aa/0x4e0
[ 1059.667963][T11154]  prepare_alloc_pages+0x1d9/0x5b0
[ 1059.673126][T11154]  __alloc_pages+0x16e/0x7f0
[ 1059.677752][T11154]  ? zone_statistics+0x170/0x170
[ 1059.682750][T11154]  ? alloc_pages+0x510/0x780
[ 1059.687397][T11154]  get_zeroed_page+0x17/0x40
[ 1059.692027][T11154]  mon_bin_open+0x237/0x500
[ 1059.696587][T11154]  chrdev_open+0x54e/0x630
[ 1059.701042][T11154]  ? cd_forget+0x160/0x160
[ 1059.705488][T11154]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1059.710725][T11154]  ? fsnotify_perm+0x471/0x590
[ 1059.715551][T11154]  ? cd_forget+0x160/0x160
[ 1059.720002][T11154]  do_dentry_open+0x7f9/0x10f0
[ 1059.724826][T11154]  path_openat+0x27b3/0x3170
[ 1059.729480][T11154]  ? getname_flags+0xbc/0x4e0
[ 1059.734209][T11154]  ? mark_lock+0x9a/0x340
[ 1059.738591][T11154]  ? do_filp_open+0x490/0x490
[ 1059.743318][T11154]  ? alloc_fd+0x59c/0x640
[ 1059.747686][T11154]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1059.753369][T11154]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1059.759408][T11154]  do_filp_open+0x234/0x490
[ 1059.763961][T11154]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1059.768626][T11154]  ? _raw_spin_unlock+0x28/0x40
[ 1059.773518][T11154]  ? alloc_fd+0x59c/0x640
[ 1059.777895][T11154]  do_sys_openat2+0x13f/0x500
[ 1059.782611][T11154]  ? mutex_unlock+0x10/0x10
[ 1059.787160][T11154]  ? do_sys_open+0x230/0x230
[ 1059.791811][T11154]  __x64_sys_openat+0x247/0x290
[ 1059.796700][T11154]  ? __ia32_sys_open+0x270/0x270
[ 1059.801680][T11154]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1059.807697][T11154]  ? lockdep_hardirqs_on+0x98/0x140
[ 1059.812934][T11154]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1059.818958][T11154]  do_syscall_64+0x41/0xc0
[ 1059.823419][T11154]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1059.829349][T11154] RIP: 0033:0x7f9b1943e284
[ 1059.833800][T11154] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1059.853440][T11154] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1059.861891][T11154] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1059.869923][T11154] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1059.877920][T11154] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
06:27:03 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async, rerun: 32)
ioctl$MON_IOCH_MFLUSH(r1, 0x9208, 0x800) (async, rerun: 32)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:03 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 26)

[ 1059.885922][T11154] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1059.893926][T11154] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1059.901954][T11154]  </TASK>
06:27:03 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xb)

06:27:03 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$MON_IOCH_MFLUSH(r1, 0x9208, 0x800)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

[ 1060.070406][T11182] FAULT_INJECTION: forcing a failure.
[ 1060.070406][T11182] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1060.105582][T11182] CPU: 0 PID: 11182 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1060.115734][T11182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1060.125829][T11182] Call Trace:
[ 1060.129145][T11182]  <TASK>
[ 1060.132111][T11182]  dump_stack_lvl+0x1e7/0x2d0
[ 1060.136847][T11182]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1060.142359][T11182]  ? panic+0x770/0x770
[ 1060.146473][T11182]  ? kasan_set_track+0x64/0x80
[ 1060.151291][T11182]  should_fail_ex+0x3aa/0x4e0
[ 1060.156025][T11182]  prepare_alloc_pages+0x1d9/0x5b0
[ 1060.161196][T11182]  __alloc_pages+0x16e/0x7f0
[ 1060.165838][T11182]  ? zone_statistics+0x170/0x170
[ 1060.170834][T11182]  ? alloc_pages+0x510/0x780
[ 1060.175477][T11182]  get_zeroed_page+0x17/0x40
[ 1060.180111][T11182]  mon_bin_open+0x237/0x500
[ 1060.184672][T11182]  chrdev_open+0x54e/0x630
[ 1060.189136][T11182]  ? cd_forget+0x160/0x160
[ 1060.193585][T11182]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1060.198824][T11182]  ? fsnotify_perm+0x471/0x590
[ 1060.203646][T11182]  ? cd_forget+0x160/0x160
[ 1060.208095][T11182]  do_dentry_open+0x7f9/0x10f0
[ 1060.212927][T11182]  path_openat+0x27b3/0x3170
06:27:03 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x12)

[ 1060.217583][T11182]  ? getname_flags+0xbc/0x4e0
[ 1060.222300][T11182]  ? mark_lock+0x9a/0x340
[ 1060.226672][T11182]  ? do_filp_open+0x490/0x490
[ 1060.231403][T11182]  ? alloc_fd+0x59c/0x640
[ 1060.235773][T11182]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1060.241453][T11182]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1060.247490][T11182]  do_filp_open+0x234/0x490
[ 1060.252036][T11182]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1060.256785][T11182]  ? _raw_spin_unlock+0x28/0x40
[ 1060.261676][T11182]  ? alloc_fd+0x59c/0x640
[ 1060.266110][T11182]  do_sys_openat2+0x13f/0x500
[ 1060.270825][T11182]  ? mutex_unlock+0x10/0x10
[ 1060.275365][T11182]  ? do_sys_open+0x230/0x230
[ 1060.280006][T11182]  __x64_sys_openat+0x247/0x290
[ 1060.284894][T11182]  ? __ia32_sys_open+0x270/0x270
[ 1060.289867][T11182]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1060.295880][T11182]  ? lockdep_hardirqs_on+0x98/0x140
[ 1060.301118][T11182]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1060.307132][T11182]  do_syscall_64+0x41/0xc0
[ 1060.311685][T11182]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1060.317629][T11182] RIP: 0033:0x7f9b1943e284
[ 1060.322079][T11182] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1060.341733][T11182] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1060.350186][T11182] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1060.358218][T11182] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1060.366225][T11182] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1060.374239][T11182] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1060.382272][T11182] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1060.390296][T11182]  </TASK>
06:27:03 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$MON_IOCH_MFLUSH(r1, 0x9208, 0x800) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:03 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 27)

06:27:03 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
accept4$ax25(r2, &(0x7f0000000080)={{0x3, @bcast}, [@default, @default, @default, @netrom, @netrom, @bcast, @remote, @default]}, &(0x7f0000000100)=0x48, 0x800)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1)

06:27:03 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x18)

[ 1060.538290][T11203] FAULT_INJECTION: forcing a failure.
[ 1060.538290][T11203] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1060.612006][T11203] CPU: 0 PID: 11203 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1060.622152][T11203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1060.632264][T11203] Call Trace:
[ 1060.635579][T11203]  <TASK>
[ 1060.638548][T11203]  dump_stack_lvl+0x1e7/0x2d0
[ 1060.643292][T11203]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1060.648808][T11203]  ? panic+0x770/0x770
[ 1060.652925][T11203]  ? kasan_set_track+0x64/0x80
[ 1060.657742][T11203]  should_fail_ex+0x3aa/0x4e0
[ 1060.662473][T11203]  prepare_alloc_pages+0x1d9/0x5b0
[ 1060.667643][T11203]  __alloc_pages+0x16e/0x7f0
[ 1060.672283][T11203]  ? zone_statistics+0x170/0x170
[ 1060.677250][T11203]  ? alloc_pages+0x510/0x780
[ 1060.681861][T11203]  get_zeroed_page+0x17/0x40
[ 1060.686489][T11203]  mon_bin_open+0x237/0x500
[ 1060.691019][T11203]  chrdev_open+0x54e/0x630
[ 1060.695447][T11203]  ? cd_forget+0x160/0x160
[ 1060.699879][T11203]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1060.705087][T11203]  ? fsnotify_perm+0x471/0x590
[ 1060.709871][T11203]  ? cd_forget+0x160/0x160
[ 1060.714296][T11203]  do_dentry_open+0x7f9/0x10f0
[ 1060.719344][T11203]  path_openat+0x27b3/0x3170
[ 1060.723967][T11203]  ? getname_flags+0xbc/0x4e0
[ 1060.728748][T11203]  ? mark_lock+0x9a/0x340
[ 1060.733101][T11203]  ? do_filp_open+0x490/0x490
[ 1060.737793][T11203]  ? alloc_fd+0x59c/0x640
[ 1060.742141][T11203]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1060.747792][T11203]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1060.753804][T11203]  do_filp_open+0x234/0x490
[ 1060.758324][T11203]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1060.762951][T11203]  ? _raw_spin_unlock+0x28/0x40
[ 1060.767814][T11203]  ? alloc_fd+0x59c/0x640
[ 1060.772165][T11203]  do_sys_openat2+0x13f/0x500
[ 1060.776857][T11203]  ? mutex_unlock+0x10/0x10
[ 1060.781369][T11203]  ? do_sys_open+0x230/0x230
[ 1060.785979][T11203]  __x64_sys_openat+0x247/0x290
[ 1060.790841][T11203]  ? __ia32_sys_open+0x270/0x270
[ 1060.795791][T11203]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1060.801783][T11203]  ? lockdep_hardirqs_on+0x98/0x140
[ 1060.806990][T11203]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1060.812988][T11203]  do_syscall_64+0x41/0xc0
[ 1060.817441][T11203]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1060.823353][T11203] RIP: 0033:0x7f9b1943e284
[ 1060.827789][T11203] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1060.847402][T11203] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
06:27:03 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xc)

06:27:03 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xb)

06:27:03 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
socket$isdn(0x22, 0x3, 0x3)

[ 1060.855917][T11203] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1060.863899][T11203] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1060.871879][T11203] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1060.879942][T11203] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1060.887917][T11203] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1060.895918][T11203]  </TASK>
06:27:04 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 28)

06:27:04 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
accept4$ax25(r2, &(0x7f0000000080)={{0x3, @bcast}, [@default, @default, @default, @netrom, @netrom, @bcast, @remote, @default]}, &(0x7f0000000100)=0x48, 0x800) (async)
accept4$ax25(r2, &(0x7f0000000080)={{0x3, @bcast}, [@default, @default, @default, @netrom, @netrom, @bcast, @remote, @default]}, &(0x7f0000000100)=0x48, 0x800)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1)

06:27:04 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x25)

06:27:04 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
accept4$ax25(r2, &(0x7f0000000080)={{0x3, @bcast}, [@default, @default, @default, @netrom, @netrom, @bcast, @remote, @default]}, &(0x7f0000000100)=0x48, 0x800)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1)

06:27:04 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xd)

[ 1061.182948][T11238] FAULT_INJECTION: forcing a failure.
[ 1061.182948][T11238] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1061.207237][T11238] CPU: 0 PID: 11238 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1061.217374][T11238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1061.227488][T11238] Call Trace:
[ 1061.230803][T11238]  <TASK>
[ 1061.233767][T11238]  dump_stack_lvl+0x1e7/0x2d0
[ 1061.238501][T11238]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1061.244014][T11238]  ? panic+0x770/0x770
[ 1061.248141][T11238]  ? kasan_set_track+0x64/0x80
[ 1061.252983][T11238]  should_fail_ex+0x3aa/0x4e0
[ 1061.257717][T11238]  prepare_alloc_pages+0x1d9/0x5b0
[ 1061.262890][T11238]  __alloc_pages+0x16e/0x7f0
[ 1061.267540][T11238]  ? zone_statistics+0x170/0x170
[ 1061.272531][T11238]  ? alloc_pages+0x510/0x780
[ 1061.277179][T11238]  get_zeroed_page+0x17/0x40
[ 1061.281811][T11238]  mon_bin_open+0x237/0x500
[ 1061.286371][T11238]  chrdev_open+0x54e/0x630
[ 1061.290829][T11238]  ? cd_forget+0x160/0x160
[ 1061.295278][T11238]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1061.300515][T11238]  ? fsnotify_perm+0x471/0x590
[ 1061.305323][T11238]  ? cd_forget+0x160/0x160
[ 1061.309889][T11238]  do_dentry_open+0x7f9/0x10f0
[ 1061.314726][T11238]  path_openat+0x27b3/0x3170
[ 1061.319393][T11238]  ? getname_flags+0xbc/0x4e0
[ 1061.324205][T11238]  ? mark_lock+0x9a/0x340
[ 1061.328579][T11238]  ? do_filp_open+0x490/0x490
[ 1061.333298][T11238]  ? alloc_fd+0x59c/0x640
[ 1061.337665][T11238]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1061.343342][T11238]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1061.349380][T11238]  do_filp_open+0x234/0x490
[ 1061.353930][T11238]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1061.358593][T11238]  ? _raw_spin_unlock+0x28/0x40
[ 1061.363482][T11238]  ? alloc_fd+0x59c/0x640
[ 1061.367892][T11238]  do_sys_openat2+0x13f/0x500
[ 1061.372617][T11238]  ? mutex_unlock+0x10/0x10
[ 1061.377156][T11238]  ? do_sys_open+0x230/0x230
[ 1061.381802][T11238]  __x64_sys_openat+0x247/0x290
[ 1061.386690][T11238]  ? __ia32_sys_open+0x270/0x270
[ 1061.391667][T11238]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1061.397684][T11238]  ? lockdep_hardirqs_on+0x98/0x140
[ 1061.402921][T11238]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1061.408947][T11238]  do_syscall_64+0x41/0xc0
[ 1061.413418][T11238]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1061.419351][T11238] RIP: 0033:0x7f9b1943e284
[ 1061.423801][T11238] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1061.443450][T11238] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1061.451909][T11238] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1061.459916][T11238] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1061.467920][T11238] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1061.475941][T11238] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1061.483945][T11238] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1061.492063][T11238]  </TASK>
06:27:04 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
socket$isdn(0x22, 0x3, 0x3)

06:27:04 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 29)

06:27:04 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000180)={0x11, 0x10, 0xfa00, {&(0x7f0000000140)}}, 0x18)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
accept4$ax25(r2, &(0x7f0000000080)={{0x3, @bcast}, [@default, @default, @default, @netrom, @netrom, @bcast, @remote, @default]}, &(0x7f0000000100)=0x48, 0x800) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1)

06:27:04 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x48)

06:27:04 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xe)

[ 1061.685410][T11267] FAULT_INJECTION: forcing a failure.
[ 1061.685410][T11267] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1061.739114][T11267] CPU: 0 PID: 11267 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1061.749270][T11267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1061.759367][T11267] Call Trace:
[ 1061.762686][T11267]  <TASK>
[ 1061.765660][T11267]  dump_stack_lvl+0x1e7/0x2d0
[ 1061.770393][T11267]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1061.775912][T11267]  ? panic+0x770/0x770
[ 1061.780018][T11267]  ? kasan_set_track+0x64/0x80
[ 1061.784810][T11267]  should_fail_ex+0x3aa/0x4e0
[ 1061.789509][T11267]  prepare_alloc_pages+0x1d9/0x5b0
[ 1061.794639][T11267]  __alloc_pages+0x16e/0x7f0
[ 1061.799266][T11267]  ? zone_statistics+0x170/0x170
[ 1061.804226][T11267]  ? alloc_pages+0x510/0x780
[ 1061.808833][T11267]  get_zeroed_page+0x17/0x40
[ 1061.813430][T11267]  mon_bin_open+0x237/0x500
[ 1061.817957][T11267]  chrdev_open+0x54e/0x630
[ 1061.822384][T11267]  ? cd_forget+0x160/0x160
[ 1061.826810][T11267]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1061.832024][T11267]  ? fsnotify_perm+0x471/0x590
[ 1061.836810][T11267]  ? cd_forget+0x160/0x160
[ 1061.841228][T11267]  do_dentry_open+0x7f9/0x10f0
[ 1061.846017][T11267]  path_openat+0x27b3/0x3170
[ 1061.850642][T11267]  ? getname_flags+0xbc/0x4e0
[ 1061.855427][T11267]  ? mark_lock+0x9a/0x340
[ 1061.859773][T11267]  ? do_filp_open+0x490/0x490
[ 1061.864471][T11267]  ? alloc_fd+0x59c/0x640
[ 1061.868817][T11267]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1061.874479][T11267]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1061.880488][T11267]  do_filp_open+0x234/0x490
[ 1061.885014][T11267]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1061.889643][T11267]  ? _raw_spin_unlock+0x28/0x40
[ 1061.894506][T11267]  ? alloc_fd+0x59c/0x640
[ 1061.898858][T11267]  do_sys_openat2+0x13f/0x500
[ 1061.903551][T11267]  ? mutex_unlock+0x10/0x10
[ 1061.908084][T11267]  ? do_sys_open+0x230/0x230
[ 1061.912700][T11267]  __x64_sys_openat+0x247/0x290
[ 1061.917561][T11267]  ? __ia32_sys_open+0x270/0x270
[ 1061.922516][T11267]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1061.928505][T11267]  ? lockdep_hardirqs_on+0x98/0x140
[ 1061.933714][T11267]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1061.939712][T11267]  do_syscall_64+0x41/0xc0
[ 1061.944153][T11267]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1061.950074][T11267] RIP: 0033:0x7f9b1943e284
[ 1061.954502][T11267] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1061.974116][T11267] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1061.982539][T11267] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
06:27:05 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
socket$isdn(0x22, 0x3, 0x3)

[ 1061.990525][T11267] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1061.998500][T11267] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1062.006476][T11267] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1062.014455][T11267] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1062.022454][T11267]  </TASK>
06:27:05 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
socket$isdn(0x22, 0x3, 0x3)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
socket$isdn(0x22, 0x3, 0x3) (async)

06:27:05 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 30)

06:27:05 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x10)

06:27:05 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

06:27:05 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4c)

[ 1062.241514][T11306] FAULT_INJECTION: forcing a failure.
[ 1062.241514][T11306] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1062.262855][T11306] CPU: 1 PID: 11306 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1062.272996][T11306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1062.283119][T11306] Call Trace:
[ 1062.286413][T11306]  <TASK>
[ 1062.289372][T11306]  dump_stack_lvl+0x1e7/0x2d0
[ 1062.294101][T11306]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1062.299623][T11306]  ? panic+0x770/0x770
[ 1062.303716][T11306]  ? kasan_set_track+0x64/0x80
[ 1062.308508][T11306]  should_fail_ex+0x3aa/0x4e0
[ 1062.313212][T11306]  prepare_alloc_pages+0x1d9/0x5b0
[ 1062.318367][T11306]  __alloc_pages+0x16e/0x7f0
[ 1062.322979][T11306]  ? zone_statistics+0x170/0x170
[ 1062.327940][T11306]  ? alloc_pages+0x510/0x780
[ 1062.332559][T11306]  get_zeroed_page+0x17/0x40
[ 1062.337163][T11306]  mon_bin_open+0x237/0x500
[ 1062.341689][T11306]  chrdev_open+0x54e/0x630
[ 1062.346201][T11306]  ? cd_forget+0x160/0x160
[ 1062.350625][T11306]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1062.355836][T11306]  ? fsnotify_perm+0x471/0x590
[ 1062.360624][T11306]  ? cd_forget+0x160/0x160
[ 1062.365223][T11306]  do_dentry_open+0x7f9/0x10f0
[ 1062.370013][T11306]  path_openat+0x27b3/0x3170
[ 1062.374647][T11306]  ? getname_flags+0xbc/0x4e0
[ 1062.379354][T11306]  ? mark_lock+0x9a/0x340
[ 1062.383710][T11306]  ? do_filp_open+0x490/0x490
[ 1062.388404][T11306]  ? alloc_fd+0x59c/0x640
[ 1062.392752][T11306]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1062.398405][T11306]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1062.404416][T11306]  do_filp_open+0x234/0x490
[ 1062.408943][T11306]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1062.413571][T11306]  ? _raw_spin_unlock+0x28/0x40
[ 1062.418437][T11306]  ? alloc_fd+0x59c/0x640
[ 1062.422791][T11306]  do_sys_openat2+0x13f/0x500
[ 1062.427484][T11306]  ? mutex_unlock+0x10/0x10
[ 1062.431998][T11306]  ? do_sys_open+0x230/0x230
[ 1062.436614][T11306]  __x64_sys_openat+0x247/0x290
[ 1062.441481][T11306]  ? __ia32_sys_open+0x270/0x270
[ 1062.446432][T11306]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1062.452422][T11306]  ? lockdep_hardirqs_on+0x98/0x140
[ 1062.457633][T11306]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1062.463672][T11306]  do_syscall_64+0x41/0xc0
[ 1062.468123][T11306]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1062.474038][T11306] RIP: 0033:0x7f9b1943e284
[ 1062.478468][T11306] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1062.498087][T11306] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1062.506538][T11306] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1062.514530][T11306] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1062.522512][T11306] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1062.530500][T11306] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
06:27:05 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 31)

[ 1062.538476][T11306] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1062.546474][T11306]  </TASK>
[ 1062.615964][T11316] FAULT_INJECTION: forcing a failure.
[ 1062.615964][T11316] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1062.634780][T11316] CPU: 1 PID: 11316 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1062.644916][T11316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1062.655042][T11316] Call Trace:
[ 1062.658353][T11316]  <TASK>
[ 1062.661322][T11316]  dump_stack_lvl+0x1e7/0x2d0
[ 1062.666069][T11316]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1062.671586][T11316]  ? panic+0x770/0x770
[ 1062.675709][T11316]  ? kasan_set_track+0x64/0x80
[ 1062.680538][T11316]  should_fail_ex+0x3aa/0x4e0
[ 1062.685279][T11316]  prepare_alloc_pages+0x1d9/0x5b0
[ 1062.690451][T11316]  __alloc_pages+0x16e/0x7f0
[ 1062.695100][T11316]  ? zone_statistics+0x170/0x170
[ 1062.700192][T11316]  ? alloc_pages+0x510/0x780
[ 1062.704879][T11316]  get_zeroed_page+0x17/0x40
[ 1062.709509][T11316]  mon_bin_open+0x237/0x500
06:27:05 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
socket$isdn(0x22, 0x3, 0x3)

[ 1062.714081][T11316]  chrdev_open+0x54e/0x630
[ 1062.718557][T11316]  ? cd_forget+0x160/0x160
[ 1062.723017][T11316]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1062.728280][T11316]  ? fsnotify_perm+0x471/0x590
[ 1062.733109][T11316]  ? cd_forget+0x160/0x160
[ 1062.737564][T11316]  do_dentry_open+0x7f9/0x10f0
[ 1062.742393][T11316]  path_openat+0x27b3/0x3170
[ 1062.747062][T11316]  ? getname_flags+0xbc/0x4e0
[ 1062.751788][T11316]  ? mark_lock+0x9a/0x340
[ 1062.756198][T11316]  ? do_filp_open+0x490/0x490
[ 1062.760932][T11316]  ? alloc_fd+0x59c/0x640
[ 1062.765389][T11316]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1062.771081][T11316]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1062.777133][T11316]  do_filp_open+0x234/0x490
[ 1062.781698][T11316]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1062.786375][T11316]  ? _raw_spin_unlock+0x28/0x40
[ 1062.791285][T11316]  ? alloc_fd+0x59c/0x640
[ 1062.795681][T11316]  do_sys_openat2+0x13f/0x500
[ 1062.800411][T11316]  ? mutex_unlock+0x10/0x10
[ 1062.804960][T11316]  ? do_sys_open+0x230/0x230
[ 1062.809613][T11316]  __x64_sys_openat+0x247/0x290
06:27:05 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x18, 0x140b, 0x200, 0x70bd29, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x4140}, 0x800)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x101200, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000080)={0x0, r3})

[ 1062.814523][T11316]  ? __ia32_sys_open+0x270/0x270
[ 1062.819526][T11316]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1062.825552][T11316]  ? lockdep_hardirqs_on+0x98/0x140
[ 1062.830799][T11316]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1062.836837][T11316]  do_syscall_64+0x41/0xc0
[ 1062.841314][T11316]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1062.847255][T11316] RIP: 0033:0x7f9b1943e284
[ 1062.851713][T11316] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1062.871365][T11316] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1062.879829][T11316] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1062.887874][T11316] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1062.895897][T11316] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1062.903913][T11316] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
06:27:06 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

[ 1062.911930][T11316] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1062.919973][T11316]  </TASK>
06:27:06 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 32)

06:27:06 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x11)

06:27:06 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
socket$isdn(0x22, 0x3, 0x3)

06:27:06 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x18, 0x140b, 0x200, 0x70bd29, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x4140}, 0x800) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x101200, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000080)={0x0, r3})

[ 1063.083990][T11353] FAULT_INJECTION: forcing a failure.
[ 1063.083990][T11353] name fail_page_alloc, interval 1, probability 0, space 0, times 0
06:27:06 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x5c)

06:27:06 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

[ 1063.175455][T11353] CPU: 1 PID: 11353 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1063.185614][T11353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1063.195710][T11353] Call Trace:
[ 1063.199026][T11353]  <TASK>
[ 1063.201990][T11353]  dump_stack_lvl+0x1e7/0x2d0
[ 1063.206736][T11353]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1063.212255][T11353]  ? panic+0x770/0x770
[ 1063.216374][T11353]  ? kasan_set_track+0x64/0x80
[ 1063.221193][T11353]  should_fail_ex+0x3aa/0x4e0
[ 1063.225929][T11353]  prepare_alloc_pages+0x1d9/0x5b0
[ 1063.231098][T11353]  __alloc_pages+0x16e/0x7f0
[ 1063.235747][T11353]  ? zone_statistics+0x170/0x170
[ 1063.240745][T11353]  ? alloc_pages+0x510/0x780
[ 1063.245402][T11353]  get_zeroed_page+0x17/0x40
[ 1063.250043][T11353]  mon_bin_open+0x237/0x500
[ 1063.254605][T11353]  chrdev_open+0x54e/0x630
[ 1063.259149][T11353]  ? cd_forget+0x160/0x160
[ 1063.263600][T11353]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1063.268845][T11353]  ? fsnotify_perm+0x471/0x590
[ 1063.273660][T11353]  ? cd_forget+0x160/0x160
[ 1063.278104][T11353]  do_dentry_open+0x7f9/0x10f0
[ 1063.282930][T11353]  path_openat+0x27b3/0x3170
[ 1063.287703][T11353]  ? getname_flags+0xbc/0x4e0
[ 1063.292441][T11353]  ? mark_lock+0x9a/0x340
[ 1063.296824][T11353]  ? do_filp_open+0x490/0x490
[ 1063.301551][T11353]  ? alloc_fd+0x59c/0x640
[ 1063.305939][T11353]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1063.311638][T11353]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1063.317694][T11353]  do_filp_open+0x234/0x490
[ 1063.322252][T11353]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1063.326926][T11353]  ? _raw_spin_unlock+0x28/0x40
[ 1063.331836][T11353]  ? alloc_fd+0x59c/0x640
[ 1063.336236][T11353]  do_sys_openat2+0x13f/0x500
[ 1063.340969][T11353]  ? mutex_unlock+0x10/0x10
[ 1063.345523][T11353]  ? do_sys_open+0x230/0x230
[ 1063.350173][T11353]  __x64_sys_openat+0x247/0x290
[ 1063.355067][T11353]  ? __ia32_sys_open+0x270/0x270
[ 1063.360060][T11353]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1063.366098][T11353]  ? lockdep_hardirqs_on+0x98/0x140
[ 1063.371344][T11353]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1063.377379][T11353]  do_syscall_64+0x41/0xc0
[ 1063.381857][T11353]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1063.387802][T11353] RIP: 0033:0x7f9b1943e284
[ 1063.392257][T11353] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1063.411911][T11353] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
06:27:06 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x12)

[ 1063.420407][T11353] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1063.428425][T11353] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1063.436438][T11353] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1063.444452][T11353] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1063.452464][T11353] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1063.460505][T11353]  </TASK>
06:27:06 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 33)

06:27:06 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r2, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x18, 0x140b, 0x200, 0x70bd29, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x4140}, 0x800) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x101200, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000080)={0x0, r3})

06:27:06 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
msgget(0x3, 0x440)
r1 = msgget(0x2, 0x221)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000080)=""/61)
write$vhost_msg(r0, 0x0, 0x0)

06:27:06 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x60)

[ 1063.625422][T11394] FAULT_INJECTION: forcing a failure.
[ 1063.625422][T11394] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1063.639392][T11394] CPU: 1 PID: 11394 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1063.649519][T11394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1063.659618][T11394] Call Trace:
[ 1063.662937][T11394]  <TASK>
[ 1063.665904][T11394]  dump_stack_lvl+0x1e7/0x2d0
[ 1063.670656][T11394]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1063.676173][T11394]  ? panic+0x770/0x770
[ 1063.680288][T11394]  ? kasan_set_track+0x64/0x80
[ 1063.685139][T11394]  should_fail_ex+0x3aa/0x4e0
[ 1063.689875][T11394]  prepare_alloc_pages+0x1d9/0x5b0
[ 1063.695051][T11394]  __alloc_pages+0x16e/0x7f0
[ 1063.699781][T11394]  ? zone_statistics+0x170/0x170
[ 1063.704781][T11394]  ? alloc_pages+0x510/0x780
[ 1063.709420][T11394]  get_zeroed_page+0x17/0x40
[ 1063.714064][T11394]  mon_bin_open+0x237/0x500
[ 1063.718627][T11394]  chrdev_open+0x54e/0x630
[ 1063.723096][T11394]  ? cd_forget+0x160/0x160
[ 1063.727557][T11394]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1063.732810][T11394]  ? fsnotify_perm+0x471/0x590
[ 1063.737631][T11394]  ? cd_forget+0x160/0x160
[ 1063.742086][T11394]  do_dentry_open+0x7f9/0x10f0
[ 1063.746913][T11394]  path_openat+0x27b3/0x3170
[ 1063.751576][T11394]  ? getname_flags+0xbc/0x4e0
[ 1063.756306][T11394]  ? mark_lock+0x9a/0x340
[ 1063.760689][T11394]  ? do_filp_open+0x490/0x490
[ 1063.765421][T11394]  ? alloc_fd+0x59c/0x640
[ 1063.769795][T11394]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1063.775486][T11394]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1063.781535][T11394]  do_filp_open+0x234/0x490
[ 1063.786094][T11394]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1063.790774][T11394]  ? _raw_spin_unlock+0x28/0x40
[ 1063.795673][T11394]  ? alloc_fd+0x59c/0x640
[ 1063.800073][T11394]  do_sys_openat2+0x13f/0x500
[ 1063.804801][T11394]  ? mutex_unlock+0x10/0x10
[ 1063.809349][T11394]  ? do_sys_open+0x230/0x230
[ 1063.814006][T11394]  __x64_sys_openat+0x247/0x290
[ 1063.818915][T11394]  ? __ia32_sys_open+0x270/0x270
[ 1063.823901][T11394]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1063.829927][T11394]  ? lockdep_hardirqs_on+0x98/0x140
[ 1063.835195][T11394]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1063.841227][T11394]  do_syscall_64+0x41/0xc0
[ 1063.845728][T11394]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1063.851674][T11394] RIP: 0033:0x7f9b1943e284
[ 1063.856124][T11394] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1063.875775][T11394] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1063.884238][T11394] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1063.892253][T11394] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1063.900264][T11394] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1063.908279][T11394] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1063.916292][T11394] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
06:27:07 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:07 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x18)

06:27:07 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x68)

[ 1063.924337][T11394]  </TASK>
06:27:07 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socket$isdn(0x22, 0x3, 0x3)

06:27:07 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
msgget(0x3, 0x440)
r1 = msgget(0x2, 0x221)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000080)=""/61)
write$vhost_msg(r0, 0x0, 0x0)

06:27:07 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 34)

06:27:07 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:07 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x6c)

[ 1064.100278][T11437] FAULT_INJECTION: forcing a failure.
[ 1064.100278][T11437] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1064.127091][T11437] CPU: 1 PID: 11437 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1064.137237][T11437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1064.147343][T11437] Call Trace:
[ 1064.150638][T11437]  <TASK>
[ 1064.153597][T11437]  dump_stack_lvl+0x1e7/0x2d0
[ 1064.158301][T11437]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1064.163780][T11437]  ? panic+0x770/0x770
[ 1064.167865][T11437]  ? kasan_set_track+0x64/0x80
[ 1064.172651][T11437]  should_fail_ex+0x3aa/0x4e0
[ 1064.177351][T11437]  prepare_alloc_pages+0x1d9/0x5b0
[ 1064.182482][T11437]  __alloc_pages+0x16e/0x7f0
[ 1064.187087][T11437]  ? zone_statistics+0x170/0x170
[ 1064.192050][T11437]  ? alloc_pages+0x510/0x780
[ 1064.196656][T11437]  get_zeroed_page+0x17/0x40
[ 1064.201256][T11437]  mon_bin_open+0x237/0x500
[ 1064.205783][T11437]  chrdev_open+0x54e/0x630
[ 1064.210211][T11437]  ? cd_forget+0x160/0x160
[ 1064.214635][T11437]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1064.219857][T11437]  ? fsnotify_perm+0x471/0x590
[ 1064.224665][T11437]  ? cd_forget+0x160/0x160
[ 1064.229097][T11437]  do_dentry_open+0x7f9/0x10f0
[ 1064.233890][T11437]  path_openat+0x27b3/0x3170
[ 1064.238514][T11437]  ? getname_flags+0xbc/0x4e0
[ 1064.243205][T11437]  ? mark_lock+0x9a/0x340
[ 1064.247650][T11437]  ? do_filp_open+0x490/0x490
[ 1064.252377][T11437]  ? alloc_fd+0x59c/0x640
[ 1064.256764][T11437]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1064.262548][T11437]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1064.268583][T11437]  do_filp_open+0x234/0x490
[ 1064.273209][T11437]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1064.277838][T11437]  ? _raw_spin_unlock+0x28/0x40
[ 1064.282706][T11437]  ? alloc_fd+0x59c/0x640
[ 1064.287057][T11437]  do_sys_openat2+0x13f/0x500
[ 1064.291766][T11437]  ? mutex_unlock+0x10/0x10
[ 1064.296283][T11437]  ? do_sys_open+0x230/0x230
[ 1064.300896][T11437]  __x64_sys_openat+0x247/0x290
[ 1064.305760][T11437]  ? __ia32_sys_open+0x270/0x270
[ 1064.310715][T11437]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1064.316728][T11437]  ? lockdep_hardirqs_on+0x98/0x140
[ 1064.321967][T11437]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1064.327979][T11437]  do_syscall_64+0x41/0xc0
[ 1064.332428][T11437]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1064.338334][T11437] RIP: 0033:0x7f9b1943e284
[ 1064.342761][T11437] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1064.362376][T11437] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1064.370802][T11437] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1064.378791][T11437] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1064.386777][T11437] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1064.394760][T11437] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1064.402849][T11437] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1064.410868][T11437]  </TASK>
06:27:07 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 35)

06:27:07 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
msgget(0x3, 0x440) (async)
r1 = msgget(0x2, 0x221)
msgctl$MSG_STAT_ANY(r1, 0xd, &(0x7f0000000080)=""/61) (async)
write$vhost_msg(r0, 0x0, 0x0)

06:27:07 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x25)

[ 1064.581066][T11464] FAULT_INJECTION: forcing a failure.
[ 1064.581066][T11464] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1064.618960][T11464] CPU: 1 PID: 11464 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
06:27:07 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
socket$isdn(0x22, 0x3, 0x3)

[ 1064.629113][T11464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1064.639298][T11464] Call Trace:
[ 1064.642614][T11464]  <TASK>
[ 1064.645580][T11464]  dump_stack_lvl+0x1e7/0x2d0
[ 1064.650320][T11464]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1064.655834][T11464]  ? panic+0x770/0x770
[ 1064.659957][T11464]  ? kasan_set_track+0x64/0x80
[ 1064.664780][T11464]  should_fail_ex+0x3aa/0x4e0
[ 1064.669512][T11464]  prepare_alloc_pages+0x1d9/0x5b0
[ 1064.674687][T11464]  __alloc_pages+0x16e/0x7f0
[ 1064.679331][T11464]  ? zone_statistics+0x170/0x170
[ 1064.684420][T11464]  ? alloc_pages+0x510/0x780
[ 1064.689069][T11464]  get_zeroed_page+0x17/0x40
[ 1064.693701][T11464]  mon_bin_open+0x237/0x500
[ 1064.698264][T11464]  chrdev_open+0x54e/0x630
[ 1064.702728][T11464]  ? cd_forget+0x160/0x160
[ 1064.707192][T11464]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1064.712437][T11464]  ? fsnotify_perm+0x471/0x590
[ 1064.717261][T11464]  ? cd_forget+0x160/0x160
[ 1064.721714][T11464]  do_dentry_open+0x7f9/0x10f0
[ 1064.726543][T11464]  path_openat+0x27b3/0x3170
[ 1064.731218][T11464]  ? getname_flags+0xbc/0x4e0
[ 1064.735950][T11464]  ? mark_lock+0x9a/0x340
[ 1064.740333][T11464]  ? do_filp_open+0x490/0x490
[ 1064.745069][T11464]  ? alloc_fd+0x59c/0x640
[ 1064.749449][T11464]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1064.755144][T11464]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1064.761213][T11464]  do_filp_open+0x234/0x490
[ 1064.765786][T11464]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1064.770466][T11464]  ? _raw_spin_unlock+0x28/0x40
[ 1064.775366][T11464]  ? alloc_fd+0x59c/0x640
06:27:07 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

[ 1064.779760][T11464]  do_sys_openat2+0x13f/0x500
[ 1064.784482][T11464]  ? mutex_unlock+0x10/0x10
[ 1064.789063][T11464]  ? do_sys_open+0x230/0x230
[ 1064.793713][T11464]  __x64_sys_openat+0x247/0x290
[ 1064.798613][T11464]  ? __ia32_sys_open+0x270/0x270
[ 1064.803601][T11464]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1064.809626][T11464]  ? lockdep_hardirqs_on+0x98/0x140
[ 1064.814880][T11464]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1064.820920][T11464]  do_syscall_64+0x41/0xc0
[ 1064.825397][T11464]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1064.831339][T11464] RIP: 0033:0x7f9b1943e284
[ 1064.835794][T11464] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1064.855441][T11464] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1064.863902][T11464] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1064.871917][T11464] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
06:27:07 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 36)

06:27:08 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x74)

[ 1064.879935][T11464] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1064.887949][T11464] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1064.895966][T11464] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1064.904012][T11464]  </TASK>
[ 1064.947483][T11484] FAULT_INJECTION: forcing a failure.
[ 1064.947483][T11484] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1064.962616][T11484] CPU: 1 PID: 11484 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1064.972747][T11484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1064.982927][T11484] Call Trace:
[ 1064.986242][T11484]  <TASK>
[ 1064.989209][T11484]  dump_stack_lvl+0x1e7/0x2d0
[ 1064.993946][T11484]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1064.999465][T11484]  ? panic+0x770/0x770
[ 1065.003597][T11484]  should_fail_ex+0x3aa/0x4e0
[ 1065.008332][T11484]  prepare_alloc_pages+0x1d9/0x5b0
[ 1065.013505][T11484]  __alloc_pages+0x16e/0x7f0
[ 1065.018150][T11484]  ? zone_statistics+0x170/0x170
[ 1065.023171][T11484]  ? alloc_pages+0x510/0x780
[ 1065.027786][T11484]  get_zeroed_page+0x17/0x40
[ 1065.032387][T11484]  mon_bin_open+0x237/0x500
[ 1065.036930][T11484]  chrdev_open+0x54e/0x630
[ 1065.041368][T11484]  ? cd_forget+0x160/0x160
[ 1065.045801][T11484]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1065.051016][T11484]  ? fsnotify_perm+0x471/0x590
[ 1065.055805][T11484]  ? cd_forget+0x160/0x160
[ 1065.060226][T11484]  do_dentry_open+0x7f9/0x10f0
[ 1065.065019][T11484]  path_openat+0x27b3/0x3170
[ 1065.069645][T11484]  ? getname_flags+0xbc/0x4e0
[ 1065.074338][T11484]  ? mark_lock+0x9a/0x340
[ 1065.078684][T11484]  ? do_filp_open+0x490/0x490
[ 1065.083381][T11484]  ? alloc_fd+0x59c/0x640
[ 1065.087768][T11484]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1065.093421][T11484]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1065.099429][T11484]  do_filp_open+0x234/0x490
[ 1065.103950][T11484]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1065.108589][T11484]  ? _raw_spin_unlock+0x28/0x40
[ 1065.113451][T11484]  ? alloc_fd+0x59c/0x640
[ 1065.117805][T11484]  do_sys_openat2+0x13f/0x500
[ 1065.122492][T11484]  ? mutex_unlock+0x10/0x10
[ 1065.127005][T11484]  ? do_sys_open+0x230/0x230
[ 1065.131619][T11484]  __x64_sys_openat+0x247/0x290
[ 1065.136485][T11484]  ? __ia32_sys_open+0x270/0x270
[ 1065.141449][T11484]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1065.147441][T11484]  ? lockdep_hardirqs_on+0x98/0x140
[ 1065.152652][T11484]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1065.158648][T11484]  do_syscall_64+0x41/0xc0
[ 1065.163086][T11484]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1065.169002][T11484] RIP: 0033:0x7f9b1943e284
[ 1065.173430][T11484] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1065.193044][T11484] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1065.201470][T11484] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1065.209451][T11484] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1065.217452][T11484] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1065.225446][T11484] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1065.233437][T11484] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1065.241464][T11484]  </TASK>
06:27:08 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, &(0x7f00000000c0)=[{0x1, 0x1, {0x5, 0xf0}, {0x1, 0xff, 0x3}, 0xfe, 0xff}, {0x1, 0x2, {0x0, 0xf0, 0x1}, {0x1, 0x0, 0x4}, 0xfd, 0x2}, {0x1, 0x3, {0x2, 0x1, 0x3acab18b5c4e027b}, {0x1, 0xf0}, 0x0, 0xfe}, {0x2, 0x2, {0x1, 0xff, 0x2}, {0x1, 0x1}, 0x1, 0xff}, {0x1, 0x4, {0x1, 0x1, 0x3}, {0x2, 0xff, 0x1}, 0xfd, 0x2}, {0x2, 0x3, {0x2, 0x11e, 0x3}, {0x2, 0x1, 0x4}, 0xff, 0xfe}, {0x0, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x1}, 0x0, 0xfd}, {0x3, 0x0, {0x0, 0xff}, {0x1, 0xff, 0x1}, 0x0, 0x2}], 0x100)
write$vhost_msg(r0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
r1 = syz_open_dev$sg(&(0x7f0000000040), 0x4, 0x20000)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
setsockopt$SO_J1939_SEND_PRIO(r2, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000001c0))
ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000000080))

06:27:08 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 37)

06:27:08 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x41)

06:27:08 executing program 2:
socket$isdn(0x22, 0x3, 0x3)

[ 1065.361331][T11498] FAULT_INJECTION: forcing a failure.
[ 1065.361331][T11498] name fail_page_alloc, interval 1, probability 0, space 0, times 0
06:27:08 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
connect$nfc_raw(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0x1, 0x1}, 0x10)

[ 1065.420993][T11498] CPU: 1 PID: 11498 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1065.431223][T11498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1065.441318][T11498] Call Trace:
[ 1065.444630][T11498]  <TASK>
[ 1065.447600][T11498]  dump_stack_lvl+0x1e7/0x2d0
[ 1065.452339][T11498]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1065.457868][T11498]  ? panic+0x770/0x770
[ 1065.461989][T11498]  ? kasan_set_track+0x64/0x80
[ 1065.466824][T11498]  should_fail_ex+0x3aa/0x4e0
[ 1065.471565][T11498]  prepare_alloc_pages+0x1d9/0x5b0
[ 1065.476742][T11498]  __alloc_pages+0x16e/0x7f0
[ 1065.481377][T11498]  ? zone_statistics+0x170/0x170
[ 1065.486367][T11498]  ? alloc_pages+0x510/0x780
[ 1065.491007][T11498]  get_zeroed_page+0x17/0x40
[ 1065.495642][T11498]  mon_bin_open+0x237/0x500
[ 1065.500203][T11498]  chrdev_open+0x54e/0x630
[ 1065.504675][T11498]  ? cd_forget+0x160/0x160
[ 1065.509140][T11498]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1065.514385][T11498]  ? fsnotify_perm+0x471/0x590
[ 1065.519205][T11498]  ? cd_forget+0x160/0x160
[ 1065.523666][T11498]  do_dentry_open+0x7f9/0x10f0
[ 1065.528496][T11498]  path_openat+0x27b3/0x3170
[ 1065.533164][T11498]  ? getname_flags+0xbc/0x4e0
[ 1065.537899][T11498]  ? mark_lock+0x9a/0x340
[ 1065.542283][T11498]  ? do_filp_open+0x490/0x490
[ 1065.547008][T11498]  ? alloc_fd+0x59c/0x640
[ 1065.551386][T11498]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1065.557068][T11498]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1065.563117][T11498]  do_filp_open+0x234/0x490
[ 1065.567674][T11498]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1065.572387][T11498]  ? _raw_spin_unlock+0x28/0x40
[ 1065.577281][T11498]  ? alloc_fd+0x59c/0x640
[ 1065.581670][T11498]  do_sys_openat2+0x13f/0x500
[ 1065.586390][T11498]  ? mutex_unlock+0x10/0x10
[ 1065.590934][T11498]  ? do_sys_open+0x230/0x230
[ 1065.595579][T11498]  __x64_sys_openat+0x247/0x290
[ 1065.600475][T11498]  ? __ia32_sys_open+0x270/0x270
[ 1065.605457][T11498]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1065.611480][T11498]  ? lockdep_hardirqs_on+0x98/0x140
[ 1065.616720][T11498]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1065.622757][T11498]  do_syscall_64+0x41/0xc0
[ 1065.627235][T11498]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1065.633179][T11498] RIP: 0033:0x7f9b1943e284
[ 1065.637631][T11498] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1065.657279][T11498] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
06:27:08 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x7a)

[ 1065.665749][T11498] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1065.673773][T11498] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1065.681796][T11498] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1065.689812][T11498] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1065.697830][T11498] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1065.705870][T11498]  </TASK>
06:27:08 executing program 2:
socket$isdn(0x22, 0x3, 0x0)

06:27:08 executing program 2:
socket$isdn(0x22, 0x3, 0x0)

06:27:08 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 38)

06:27:08 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, &(0x7f00000000c0)=[{0x1, 0x1, {0x5, 0xf0}, {0x1, 0xff, 0x3}, 0xfe, 0xff}, {0x1, 0x2, {0x0, 0xf0, 0x1}, {0x1, 0x0, 0x4}, 0xfd, 0x2}, {0x1, 0x3, {0x2, 0x1, 0x3acab18b5c4e027b}, {0x1, 0xf0}, 0x0, 0xfe}, {0x2, 0x2, {0x1, 0xff, 0x2}, {0x1, 0x1}, 0x1, 0xff}, {0x1, 0x4, {0x1, 0x1, 0x3}, {0x2, 0xff, 0x1}, 0xfd, 0x2}, {0x2, 0x3, {0x2, 0x11e, 0x3}, {0x2, 0x1, 0x4}, 0xff, 0xfe}, {0x0, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x1}, 0x0, 0xfd}, {0x3, 0x0, {0x0, 0xff}, {0x1, 0xff, 0x1}, 0x0, 0x2}], 0x100)
write$vhost_msg(r0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
r1 = syz_open_dev$sg(&(0x7f0000000040), 0x4, 0x20000)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
setsockopt$SO_J1939_SEND_PRIO(r2, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000001c0))
ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000000080))
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, &(0x7f00000000c0)=[{0x1, 0x1, {0x5, 0xf0}, {0x1, 0xff, 0x3}, 0xfe, 0xff}, {0x1, 0x2, {0x0, 0xf0, 0x1}, {0x1, 0x0, 0x4}, 0xfd, 0x2}, {0x1, 0x3, {0x2, 0x1, 0x3acab18b5c4e027b}, {0x1, 0xf0}, 0x0, 0xfe}, {0x2, 0x2, {0x1, 0xff, 0x2}, {0x1, 0x1}, 0x1, 0xff}, {0x1, 0x4, {0x1, 0x1, 0x3}, {0x2, 0xff, 0x1}, 0xfd, 0x2}, {0x2, 0x3, {0x2, 0x11e, 0x3}, {0x2, 0x1, 0x4}, 0xff, 0xfe}, {0x0, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x1}, 0x0, 0xfd}, {0x3, 0x0, {0x0, 0xff}, {0x1, 0xff, 0x1}, 0x0, 0x2}], 0x100) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) (async)
syz_open_dev$sg(&(0x7f0000000040), 0x4, 0x20000) (async)
socket$can_j1939(0x1d, 0x2, 0x7) (async)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0) (async)
setsockopt$SO_J1939_SEND_PRIO(r2, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000001c0)) (async)
ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000000080)) (async)

06:27:08 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x48)

06:27:09 executing program 2:
socket$isdn(0x22, 0x3, 0x0)

06:27:09 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
connect$nfc_raw(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0x1, 0x1}, 0x10)

[ 1065.930790][T11533] FAULT_INJECTION: forcing a failure.
[ 1065.930790][T11533] name fail_page_alloc, interval 1, probability 0, space 0, times 0
06:27:09 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x108)

[ 1065.999279][T11533] CPU: 0 PID: 11533 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1066.009423][T11533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1066.019522][T11533] Call Trace:
[ 1066.022840][T11533]  <TASK>
[ 1066.025807][T11533]  dump_stack_lvl+0x1e7/0x2d0
[ 1066.030548][T11533]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1066.036065][T11533]  ? panic+0x770/0x770
[ 1066.040184][T11533]  ? kasan_set_track+0x64/0x80
[ 1066.045014][T11533]  should_fail_ex+0x3aa/0x4e0
[ 1066.049752][T11533]  prepare_alloc_pages+0x1d9/0x5b0
[ 1066.054923][T11533]  __alloc_pages+0x16e/0x7f0
[ 1066.059563][T11533]  ? zone_statistics+0x170/0x170
[ 1066.064560][T11533]  ? alloc_pages+0x510/0x780
[ 1066.069200][T11533]  get_zeroed_page+0x17/0x40
[ 1066.073847][T11533]  mon_bin_open+0x237/0x500
[ 1066.078409][T11533]  chrdev_open+0x54e/0x630
[ 1066.082869][T11533]  ? cd_forget+0x160/0x160
[ 1066.087326][T11533]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1066.092546][T11533]  ? fsnotify_perm+0x471/0x590
[ 1066.092591][T11533]  ? cd_forget+0x160/0x160
[ 1066.092611][T11533]  do_dentry_open+0x7f9/0x10f0
[ 1066.092658][T11533]  path_openat+0x27b3/0x3170
[ 1066.111376][T11533]  ? getname_flags+0xbc/0x4e0
[ 1066.116114][T11533]  ? mark_lock+0x9a/0x340
[ 1066.120524][T11533]  ? do_filp_open+0x490/0x490
[ 1066.125257][T11533]  ? alloc_fd+0x59c/0x640
[ 1066.129635][T11533]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1066.135325][T11533]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1066.141379][T11533]  do_filp_open+0x234/0x490
06:27:09 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, &(0x7f00000000c0)=[{0x1, 0x1, {0x5, 0xf0}, {0x1, 0xff, 0x3}, 0xfe, 0xff}, {0x1, 0x2, {0x0, 0xf0, 0x1}, {0x1, 0x0, 0x4}, 0xfd, 0x2}, {0x1, 0x3, {0x2, 0x1, 0x3acab18b5c4e027b}, {0x1, 0xf0}, 0x0, 0xfe}, {0x2, 0x2, {0x1, 0xff, 0x2}, {0x1, 0x1}, 0x1, 0xff}, {0x1, 0x4, {0x1, 0x1, 0x3}, {0x2, 0xff, 0x1}, 0xfd, 0x2}, {0x2, 0x3, {0x2, 0x11e, 0x3}, {0x2, 0x1, 0x4}, 0xff, 0xfe}, {0x0, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x1}, 0x0, 0xfd}, {0x3, 0x0, {0x0, 0xff}, {0x1, 0xff, 0x1}, 0x0, 0x2}], 0x100)
write$vhost_msg(r0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
r1 = syz_open_dev$sg(&(0x7f0000000040), 0x4, 0x20000)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
setsockopt$SO_J1939_SEND_PRIO(r2, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000001c0))
ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000000080))

[ 1066.145939][T11533]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1066.150622][T11533]  ? _raw_spin_unlock+0x28/0x40
[ 1066.155519][T11533]  ? alloc_fd+0x59c/0x640
[ 1066.159906][T11533]  do_sys_openat2+0x13f/0x500
[ 1066.164632][T11533]  ? mutex_unlock+0x10/0x10
[ 1066.169193][T11533]  ? do_sys_open+0x230/0x230
[ 1066.173839][T11533]  __x64_sys_openat+0x247/0x290
[ 1066.178712][T11533]  ? __ia32_sys_open+0x270/0x270
[ 1066.183671][T11533]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1066.189665][T11533]  ? lockdep_hardirqs_on+0x98/0x140
[ 1066.194878][T11533]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1066.200875][T11533]  do_syscall_64+0x41/0xc0
[ 1066.205314][T11533]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1066.211224][T11533] RIP: 0033:0x7f9b1943e284
[ 1066.215658][T11533] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1066.235271][T11533] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
06:27:09 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 39)

[ 1066.243698][T11533] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1066.251678][T11533] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1066.259659][T11533] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1066.267657][T11533] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1066.275650][T11533] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1066.283649][T11533]  </TASK>
06:27:09 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, &(0x7f00000000c0)=[{0x1, 0x1, {0x5, 0xf0}, {0x1, 0xff, 0x3}, 0xfe, 0xff}, {0x1, 0x2, {0x0, 0xf0, 0x1}, {0x1, 0x0, 0x4}, 0xfd, 0x2}, {0x1, 0x3, {0x2, 0x1, 0x3acab18b5c4e027b}, {0x1, 0xf0}, 0x0, 0xfe}, {0x2, 0x2, {0x1, 0xff, 0x2}, {0x1, 0x1}, 0x1, 0xff}, {0x1, 0x4, {0x1, 0x1, 0x3}, {0x2, 0xff, 0x1}, 0xfd, 0x2}, {0x2, 0x3, {0x2, 0x11e, 0x3}, {0x2, 0x1, 0x4}, 0xff, 0xfe}, {0x0, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x1}, 0x0, 0xfd}, {0x3, 0x0, {0x0, 0xff}, {0x1, 0xff, 0x1}, 0x0, 0x2}], 0x100) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) (async)
r1 = syz_open_dev$sg(&(0x7f0000000040), 0x4, 0x20000) (async)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0) (async)
setsockopt$SO_J1939_SEND_PRIO(r2, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000001c0)) (async)
ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000000080))

06:27:09 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4c)

06:27:09 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
connect$nfc_raw(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0x1, 0x1}, 0x10)

[ 1066.438661][T11573] FAULT_INJECTION: forcing a failure.
[ 1066.438661][T11573] name fail_page_alloc, interval 1, probability 0, space 0, times 0
06:27:09 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x300)

06:27:09 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, &(0x7f00000000c0)=[{0x1, 0x1, {0x5, 0xf0}, {0x1, 0xff, 0x3}, 0xfe, 0xff}, {0x1, 0x2, {0x0, 0xf0, 0x1}, {0x1, 0x0, 0x4}, 0xfd, 0x2}, {0x1, 0x3, {0x2, 0x1, 0x3acab18b5c4e027b}, {0x1, 0xf0}, 0x0, 0xfe}, {0x2, 0x2, {0x1, 0xff, 0x2}, {0x1, 0x1}, 0x1, 0xff}, {0x1, 0x4, {0x1, 0x1, 0x3}, {0x2, 0xff, 0x1}, 0xfd, 0x2}, {0x2, 0x3, {0x2, 0x11e, 0x3}, {0x2, 0x1, 0x4}, 0xff, 0xfe}, {0x0, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x1}, 0x0, 0xfd}, {0x3, 0x0, {0x0, 0xff}, {0x1, 0xff, 0x1}, 0x0, 0x2}], 0x100)
write$vhost_msg(r0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
r1 = syz_open_dev$sg(&(0x7f0000000040), 0x4, 0x20000)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
setsockopt$SO_J1939_SEND_PRIO(r2, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000001c0))
ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000000080))

[ 1066.538608][T11573] CPU: 0 PID: 11573 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1066.548773][T11573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1066.558866][T11573] Call Trace:
[ 1066.562158][T11573]  <TASK>
[ 1066.565096][T11573]  dump_stack_lvl+0x1e7/0x2d0
[ 1066.569804][T11573]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1066.575287][T11573]  ? panic+0x770/0x770
[ 1066.579394][T11573]  should_fail_ex+0x3aa/0x4e0
[ 1066.584186][T11573]  prepare_alloc_pages+0x1d9/0x5b0
[ 1066.589323][T11573]  __alloc_pages+0x16e/0x7f0
[ 1066.593925][T11573]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1066.600099][T11573]  ? zone_statistics+0x170/0x170
[ 1066.605048][T11573]  ? alloc_pages+0x2e6/0x780
[ 1066.609649][T11573]  ? __sanitizer_cov_trace_const_cmp8+0x34/0x80
[ 1066.615971][T11573]  ? alloc_pages+0x510/0x780
[ 1066.620575][T11573]  get_zeroed_page+0x17/0x40
[ 1066.625176][T11573]  mon_bin_open+0x237/0x500
[ 1066.629702][T11573]  chrdev_open+0x54e/0x630
[ 1066.634152][T11573]  ? cd_forget+0x160/0x160
[ 1066.638576][T11573]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1066.643790][T11573]  ? fsnotify_perm+0x471/0x590
[ 1066.648574][T11573]  ? cd_forget+0x160/0x160
[ 1066.652996][T11573]  do_dentry_open+0x7f9/0x10f0
[ 1066.657786][T11573]  path_openat+0x27b3/0x3170
[ 1066.662432][T11573]  ? getname_flags+0xbc/0x4e0
[ 1066.667127][T11573]  ? mark_lock+0x9a/0x340
[ 1066.671475][T11573]  ? do_filp_open+0x490/0x490
[ 1066.676170][T11573]  ? alloc_fd+0x59c/0x640
[ 1066.680513][T11573]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1066.686162][T11573]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1066.692174][T11573]  do_filp_open+0x234/0x490
[ 1066.696701][T11573]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1066.701336][T11573]  ? _raw_spin_unlock+0x28/0x40
[ 1066.706199][T11573]  ? alloc_fd+0x59c/0x640
[ 1066.710554][T11573]  do_sys_openat2+0x13f/0x500
[ 1066.715246][T11573]  ? mutex_unlock+0x10/0x10
[ 1066.719762][T11573]  ? do_sys_open+0x230/0x230
[ 1066.724378][T11573]  __x64_sys_openat+0x247/0x290
[ 1066.729241][T11573]  ? __ia32_sys_open+0x270/0x270
[ 1066.734192][T11573]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1066.740193][T11573]  ? lockdep_hardirqs_on+0x98/0x140
[ 1066.745405][T11573]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1066.751488][T11573]  do_syscall_64+0x41/0xc0
[ 1066.755930][T11573]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1066.761839][T11573] RIP: 0033:0x7f9b1943e284
[ 1066.766265][T11573] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1066.785893][T11573] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1066.794320][T11573] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1066.802300][T11573] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1066.810277][T11573] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1066.818269][T11573] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1066.826245][T11573] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1066.834255][T11573]  </TASK>
06:27:10 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x5c)

06:27:10 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
write$vhost_msg(r0, 0x0, 0x0)

06:27:10 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 40)

06:27:10 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, &(0x7f00000000c0)=[{0x1, 0x1, {0x5, 0xf0}, {0x1, 0xff, 0x3}, 0xfe, 0xff}, {0x1, 0x2, {0x0, 0xf0, 0x1}, {0x1, 0x0, 0x4}, 0xfd, 0x2}, {0x1, 0x3, {0x2, 0x1, 0x3acab18b5c4e027b}, {0x1, 0xf0}, 0x0, 0xfe}, {0x2, 0x2, {0x1, 0xff, 0x2}, {0x1, 0x1}, 0x1, 0xff}, {0x1, 0x4, {0x1, 0x1, 0x3}, {0x2, 0xff, 0x1}, 0xfd, 0x2}, {0x2, 0x3, {0x2, 0x11e, 0x3}, {0x2, 0x1, 0x4}, 0xff, 0xfe}, {0x0, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x1}, 0x0, 0xfd}, {0x3, 0x0, {0x0, 0xff}, {0x1, 0xff, 0x1}, 0x0, 0x2}], 0x100)
write$vhost_msg(r0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
r1 = syz_open_dev$sg(&(0x7f0000000040), 0x4, 0x20000)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
setsockopt$SO_J1939_SEND_PRIO(r2, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000001c0))
ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000000080))

06:27:10 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000000)=0x20800001d)

06:27:10 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x500)

06:27:10 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
write$vhost_msg(r0, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000)) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)

[ 1067.162240][T11614] FAULT_INJECTION: forcing a failure.
[ 1067.162240][T11614] name fail_page_alloc, interval 1, probability 0, space 0, times 0
06:27:10 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x60)

[ 1067.215971][T11614] CPU: 0 PID: 11614 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1067.226126][T11614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1067.236260][T11614] Call Trace:
[ 1067.239585][T11614]  <TASK>
[ 1067.242560][T11614]  dump_stack_lvl+0x1e7/0x2d0
[ 1067.247303][T11614]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1067.252912][T11614]  ? panic+0x770/0x770
[ 1067.257053][T11614]  should_fail_ex+0x3aa/0x4e0
[ 1067.261801][T11614]  prepare_alloc_pages+0x1d9/0x5b0
[ 1067.266974][T11614]  __alloc_pages+0x16e/0x7f0
[ 1067.271619][T11614]  ? zone_statistics+0x170/0x170
[ 1067.276603][T11614]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1067.282808][T11614]  ? lockdep_hardirqs_on+0x98/0x140
[ 1067.288071][T11614]  ? alloc_pages+0x510/0x780
[ 1067.292724][T11614]  get_zeroed_page+0x17/0x40
[ 1067.297358][T11614]  mon_bin_open+0x237/0x500
[ 1067.301926][T11614]  chrdev_open+0x54e/0x630
[ 1067.306386][T11614]  ? cd_forget+0x160/0x160
[ 1067.310847][T11614]  ? do_raw_spin_unlock+0x13b/0x8b0
06:27:10 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, &(0x7f00000000c0)=[{0x1, 0x1, {0x5, 0xf0}, {0x1, 0xff, 0x3}, 0xfe, 0xff}, {0x1, 0x2, {0x0, 0xf0, 0x1}, {0x1, 0x0, 0x4}, 0xfd, 0x2}, {0x1, 0x3, {0x2, 0x1, 0x3acab18b5c4e027b}, {0x1, 0xf0}, 0x0, 0xfe}, {0x2, 0x2, {0x1, 0xff, 0x2}, {0x1, 0x1}, 0x1, 0xff}, {0x1, 0x4, {0x1, 0x1, 0x3}, {0x2, 0xff, 0x1}, 0xfd, 0x2}, {0x2, 0x3, {0x2, 0x11e, 0x3}, {0x2, 0x1, 0x4}, 0xff, 0xfe}, {0x0, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x1}, 0x0, 0xfd}, {0x3, 0x0, {0x0, 0xff}, {0x1, 0xff, 0x1}, 0x0, 0x2}], 0x100)
write$vhost_msg(r0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
syz_open_dev$sg(&(0x7f0000000040), 0x4, 0x20000)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
setsockopt$SO_J1939_SEND_PRIO(r1, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000001c0))

[ 1067.316098][T11614]  ? fsnotify_perm+0x471/0x590
[ 1067.320923][T11614]  ? cd_forget+0x160/0x160
[ 1067.325383][T11614]  do_dentry_open+0x7f9/0x10f0
[ 1067.330217][T11614]  path_openat+0x27b3/0x3170
[ 1067.334886][T11614]  ? getname_flags+0xbc/0x4e0
[ 1067.339699][T11614]  ? mark_lock+0x9a/0x340
[ 1067.344078][T11614]  ? do_filp_open+0x490/0x490
[ 1067.348814][T11614]  ? alloc_fd+0x59c/0x640
[ 1067.353195][T11614]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1067.358918][T11614]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1067.364976][T11614]  do_filp_open+0x234/0x490
[ 1067.369542][T11614]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1067.374219][T11614]  ? _raw_spin_unlock+0x28/0x40
[ 1067.379121][T11614]  ? alloc_fd+0x59c/0x640
[ 1067.383513][T11614]  do_sys_openat2+0x13f/0x500
[ 1067.388244][T11614]  ? mutex_unlock+0x10/0x10
[ 1067.392795][T11614]  ? do_sys_open+0x230/0x230
[ 1067.397445][T11614]  __x64_sys_openat+0x247/0x290
[ 1067.402349][T11614]  ? __ia32_sys_open+0x270/0x270
[ 1067.407334][T11614]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1067.413356][T11614]  ? lockdep_hardirqs_on+0x98/0x140
[ 1067.418581][T11614]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1067.424579][T11614]  do_syscall_64+0x41/0xc0
[ 1067.429020][T11614]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1067.434957][T11614] RIP: 0033:0x7f9b1943e284
[ 1067.439394][T11614] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1067.459028][T11614] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1067.467492][T11614] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1067.475492][T11614] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1067.483474][T11614] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1067.491454][T11614] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1067.499439][T11614] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1067.507439][T11614]  </TASK>
06:27:10 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 41)

06:27:10 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async, rerun: 32)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000000)=0x20800001d) (rerun: 32)

[ 1067.607186][T11643] FAULT_INJECTION: forcing a failure.
[ 1067.607186][T11643] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1067.631880][T11643] CPU: 1 PID: 11643 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1067.642028][T11643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1067.652130][T11643] Call Trace:
06:27:10 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x600)

[ 1067.655447][T11643]  <TASK>
[ 1067.658414][T11643]  dump_stack_lvl+0x1e7/0x2d0
[ 1067.663146][T11643]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1067.668662][T11643]  ? panic+0x770/0x770
[ 1067.672777][T11643]  ? kasan_set_track+0x64/0x80
[ 1067.677596][T11643]  should_fail_ex+0x3aa/0x4e0
[ 1067.682345][T11643]  prepare_alloc_pages+0x1d9/0x5b0
[ 1067.687510][T11643]  __alloc_pages+0x16e/0x7f0
[ 1067.692176][T11643]  ? zone_statistics+0x170/0x170
[ 1067.697166][T11643]  ? alloc_pages+0x510/0x780
[ 1067.701803][T11643]  get_zeroed_page+0x17/0x40
06:27:10 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
write$vhost_msg(r0, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000)) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)

[ 1067.706440][T11643]  mon_bin_open+0x237/0x500
[ 1067.711002][T11643]  chrdev_open+0x54e/0x630
[ 1067.715467][T11643]  ? cd_forget+0x160/0x160
[ 1067.719925][T11643]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1067.725170][T11643]  ? fsnotify_perm+0x471/0x590
[ 1067.729994][T11643]  ? cd_forget+0x160/0x160
[ 1067.734444][T11643]  do_dentry_open+0x7f9/0x10f0
[ 1067.739270][T11643]  path_openat+0x27b3/0x3170
[ 1067.743934][T11643]  ? getname_flags+0xbc/0x4e0
[ 1067.748659][T11643]  ? mark_lock+0x9a/0x340
[ 1067.753039][T11643]  ? do_filp_open+0x490/0x490
[ 1067.757771][T11643]  ? alloc_fd+0x59c/0x640
[ 1067.762143][T11643]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1067.767829][T11643]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1067.773878][T11643]  do_filp_open+0x234/0x490
[ 1067.778442][T11643]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1067.783114][T11643]  ? _raw_spin_unlock+0x28/0x40
[ 1067.788016][T11643]  ? alloc_fd+0x59c/0x640
[ 1067.792451][T11643]  do_sys_openat2+0x13f/0x500
[ 1067.797173][T11643]  ? mutex_unlock+0x10/0x10
[ 1067.801715][T11643]  ? do_sys_open+0x230/0x230
[ 1067.806390][T11643]  __x64_sys_openat+0x247/0x290
[ 1067.811288][T11643]  ? __ia32_sys_open+0x270/0x270
[ 1067.816277][T11643]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1067.822301][T11643]  ? lockdep_hardirqs_on+0x98/0x140
[ 1067.827570][T11643]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1067.833605][T11643]  do_syscall_64+0x41/0xc0
[ 1067.838089][T11643]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1067.844029][T11643] RIP: 0033:0x7f9b1943e284
06:27:10 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, &(0x7f00000000c0)=[{0x1, 0x1, {0x5, 0xf0}, {0x1, 0xff, 0x3}, 0xfe, 0xff}, {0x1, 0x2, {0x0, 0xf0, 0x1}, {0x1, 0x0, 0x4}, 0xfd, 0x2}, {0x1, 0x3, {0x2, 0x1, 0x3acab18b5c4e027b}, {0x1, 0xf0}, 0x0, 0xfe}, {0x2, 0x2, {0x1, 0xff, 0x2}, {0x1, 0x1}, 0x1, 0xff}, {0x1, 0x4, {0x1, 0x1, 0x3}, {0x2, 0xff, 0x1}, 0xfd, 0x2}, {0x2, 0x3, {0x2, 0x11e, 0x3}, {0x2, 0x1, 0x4}, 0xff, 0xfe}, {0x0, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x1}, 0x0, 0xfd}, {0x3, 0x0, {0x0, 0xff}, {0x1, 0xff, 0x1}, 0x0, 0x2}], 0x100)
write$vhost_msg(r0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
syz_open_dev$sg(&(0x7f0000000040), 0x4, 0x20000)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
setsockopt$SO_J1939_SEND_PRIO(r1, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4)

[ 1067.848489][T11643] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1067.868141][T11643] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1067.876604][T11643] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1067.884621][T11643] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1067.892637][T11643] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1067.900651][T11643] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
06:27:11 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 42)

[ 1067.908663][T11643] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1067.916705][T11643]  </TASK>
06:27:11 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x68)

[ 1067.975956][T11666] FAULT_INJECTION: forcing a failure.
[ 1067.975956][T11666] name fail_page_alloc, interval 1, probability 0, space 0, times 0
06:27:11 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000000)=0x20800001d)

06:27:11 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = socket$isdn(0x22, 0x3, 0x2)
getsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f00000003c0), &(0x7f0000000400)=0x4)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
recvmsg$can_j1939(r2, &(0x7f0000000380)={&(0x7f0000000100)=@nfc_llcp, 0x80, &(0x7f0000000280)=[{&(0x7f0000000180)=""/221, 0xdd}], 0x1, &(0x7f00000002c0)=""/186, 0xba}, 0x2)
write$vhost_msg(r0, 0x0, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x90003, 0x0)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x82, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f00000000c0)={0x1, r4})

[ 1068.081935][T11666] CPU: 1 PID: 11666 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1068.092163][T11666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1068.102260][T11666] Call Trace:
[ 1068.105578][T11666]  <TASK>
[ 1068.108544][T11666]  dump_stack_lvl+0x1e7/0x2d0
[ 1068.113280][T11666]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1068.118844][T11666]  ? panic+0x770/0x770
[ 1068.122967][T11666]  ? kasan_set_track+0x64/0x80
[ 1068.127791][T11666]  should_fail_ex+0x3aa/0x4e0
[ 1068.132524][T11666]  prepare_alloc_pages+0x1d9/0x5b0
[ 1068.137698][T11666]  __alloc_pages+0x16e/0x7f0
[ 1068.142339][T11666]  ? zone_statistics+0x170/0x170
[ 1068.147337][T11666]  ? alloc_pages+0x510/0x780
[ 1068.151981][T11666]  get_zeroed_page+0x17/0x40
[ 1068.156621][T11666]  mon_bin_open+0x237/0x500
[ 1068.161185][T11666]  chrdev_open+0x54e/0x630
[ 1068.165645][T11666]  ? cd_forget+0x160/0x160
[ 1068.170104][T11666]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1068.175334][T11666]  ? fsnotify_perm+0x471/0x590
[ 1068.180122][T11666]  ? cd_forget+0x160/0x160
[ 1068.184547][T11666]  do_dentry_open+0x7f9/0x10f0
[ 1068.189340][T11666]  path_openat+0x27b3/0x3170
[ 1068.193961][T11666]  ? getname_flags+0xbc/0x4e0
[ 1068.198654][T11666]  ? mark_lock+0x9a/0x340
[ 1068.203002][T11666]  ? do_filp_open+0x490/0x490
[ 1068.207698][T11666]  ? alloc_fd+0x59c/0x640
[ 1068.212047][T11666]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1068.217701][T11666]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1068.223713][T11666]  do_filp_open+0x234/0x490
[ 1068.228242][T11666]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1068.232884][T11666]  ? _raw_spin_unlock+0x28/0x40
[ 1068.237749][T11666]  ? alloc_fd+0x59c/0x640
[ 1068.242115][T11666]  do_sys_openat2+0x13f/0x500
[ 1068.246804][T11666]  ? mutex_unlock+0x10/0x10
[ 1068.251316][T11666]  ? do_sys_open+0x230/0x230
[ 1068.255932][T11666]  __x64_sys_openat+0x247/0x290
[ 1068.260794][T11666]  ? __ia32_sys_open+0x270/0x270
[ 1068.265745][T11666]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1068.271737][T11666]  ? lockdep_hardirqs_on+0x98/0x140
[ 1068.276944][T11666]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1068.282938][T11666]  do_syscall_64+0x41/0xc0
[ 1068.287400][T11666]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1068.293331][T11666] RIP: 0033:0x7f9b1943e284
[ 1068.297769][T11666] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1068.317392][T11666] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
06:27:11 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x700)

[ 1068.325908][T11666] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1068.333978][T11666] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1068.341964][T11666] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1068.349953][T11666] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1068.357927][T11666] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1068.365926][T11666]  </TASK>
06:27:11 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 43)

06:27:11 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, &(0x7f00000000c0)=[{0x1, 0x1, {0x5, 0xf0}, {0x1, 0xff, 0x3}, 0xfe, 0xff}, {0x1, 0x2, {0x0, 0xf0, 0x1}, {0x1, 0x0, 0x4}, 0xfd, 0x2}, {0x1, 0x3, {0x2, 0x1, 0x3acab18b5c4e027b}, {0x1, 0xf0}, 0x0, 0xfe}, {0x2, 0x2, {0x1, 0xff, 0x2}, {0x1, 0x1}, 0x1, 0xff}, {0x1, 0x4, {0x1, 0x1, 0x3}, {0x2, 0xff, 0x1}, 0xfd, 0x2}, {0x2, 0x3, {0x2, 0x11e, 0x3}, {0x2, 0x1, 0x4}, 0xff, 0xfe}, {0x0, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x1}, 0x0, 0xfd}, {0x3, 0x0, {0x0, 0xff}, {0x1, 0xff, 0x1}, 0x0, 0x2}], 0x100)
write$vhost_msg(r0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
syz_open_dev$sg(&(0x7f0000000040), 0x4, 0x20000)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r1, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4)

06:27:11 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000000))
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:11 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
socket$isdn(0x22, 0x3, 0x2) (async)
r1 = socket$isdn(0x22, 0x3, 0x2)
getsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f00000003c0), &(0x7f0000000400)=0x4) (async)
getsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f00000003c0), &(0x7f0000000400)=0x4)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
recvmsg$can_j1939(r2, &(0x7f0000000380)={&(0x7f0000000100)=@nfc_llcp, 0x80, &(0x7f0000000280)=[{&(0x7f0000000180)=""/221, 0xdd}], 0x1, &(0x7f00000002c0)=""/186, 0xba}, 0x2)
write$vhost_msg(r0, 0x0, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x90003, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x82, 0x0) (async)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x82, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f00000000c0)={0x1, r4})

[ 1068.563501][T11698] FAULT_INJECTION: forcing a failure.
[ 1068.563501][T11698] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1068.590841][T11698] CPU: 0 PID: 11698 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1068.601002][T11698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1068.611101][T11698] Call Trace:
[ 1068.614407][T11698]  <TASK>
[ 1068.617440][T11698]  dump_stack_lvl+0x1e7/0x2d0
[ 1068.622168][T11698]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1068.627668][T11698]  ? panic+0x770/0x770
[ 1068.631750][T11698]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1068.637423][T11698]  should_fail_ex+0x3aa/0x4e0
[ 1068.642134][T11698]  prepare_alloc_pages+0x1d9/0x5b0
[ 1068.647297][T11698]  __alloc_pages+0x16e/0x7f0
[ 1068.651950][T11698]  ? zone_statistics+0x170/0x170
[ 1068.656965][T11698]  ? alloc_pages+0x510/0x780
[ 1068.661604][T11698]  ? __sanitizer_cov_trace_const_cmp8+0x10/0x80
[ 1068.667895][T11698]  get_zeroed_page+0x17/0x40
[ 1068.672517][T11698]  mon_bin_open+0x237/0x500
[ 1068.677040][T11698]  chrdev_open+0x54e/0x630
[ 1068.681480][T11698]  ? cd_forget+0x160/0x160
[ 1068.685920][T11698]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1068.691161][T11698]  ? fsnotify_perm+0x471/0x590
[ 1068.696067][T11698]  ? cd_forget+0x160/0x160
[ 1068.700548][T11698]  do_dentry_open+0x7f9/0x10f0
[ 1068.705363][T11698]  path_openat+0x27b3/0x3170
[ 1068.710035][T11698]  ? getname_flags+0xbc/0x4e0
[ 1068.714769][T11698]  ? mark_lock+0x9a/0x340
[ 1068.719215][T11698]  ? do_filp_open+0x490/0x490
[ 1068.723928][T11698]  ? alloc_fd+0x59c/0x640
[ 1068.728310][T11698]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1068.733997][T11698]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1068.740048][T11698]  do_filp_open+0x234/0x490
[ 1068.744607][T11698]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1068.749274][T11698]  ? _raw_spin_unlock+0x28/0x40
[ 1068.754177][T11698]  ? alloc_fd+0x59c/0x640
[ 1068.758554][T11698]  do_sys_openat2+0x13f/0x500
[ 1068.763257][T11698]  ? mutex_unlock+0x10/0x10
[ 1068.767768][T11698]  ? do_sys_open+0x230/0x230
[ 1068.772376][T11698]  __x64_sys_openat+0x247/0x290
[ 1068.777251][T11698]  ? __ia32_sys_open+0x270/0x270
[ 1068.782227][T11698]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1068.788215][T11698]  ? lockdep_hardirqs_on+0x98/0x140
[ 1068.793549][T11698]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1068.799578][T11698]  do_syscall_64+0x41/0xc0
[ 1068.804124][T11698]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1068.810068][T11698] RIP: 0033:0x7f9b1943e284
[ 1068.814492][T11698] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1068.834208][T11698] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1068.842689][T11698] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1068.850688][T11698] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
06:27:11 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 44)

[ 1068.858691][T11698] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1068.866684][T11698] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1068.874697][T11698] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1068.882732][T11698]  </TASK>
06:27:12 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x6c)

06:27:12 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = socket$isdn(0x22, 0x3, 0x2)
getsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f00000003c0), &(0x7f0000000400)=0x4)
r2 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
recvmsg$can_j1939(r2, &(0x7f0000000380)={&(0x7f0000000100)=@nfc_llcp, 0x80, &(0x7f0000000280)=[{&(0x7f0000000180)=""/221, 0xdd}], 0x1, &(0x7f00000002c0)=""/186, 0xba}, 0x2)
write$vhost_msg(r0, 0x0, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x90003, 0x0)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x82, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f00000000c0)={0x1, r4})
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
socket$isdn(0x22, 0x3, 0x2) (async)
getsockopt$MISDN_TIME_STAMP(r1, 0x0, 0x1, &(0x7f00000003c0), &(0x7f0000000400)=0x4) (async)
socket$can_j1939(0x1d, 0x2, 0x7) (async)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r2, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0) (async)
recvmsg$can_j1939(r2, &(0x7f0000000380)={&(0x7f0000000100)=@nfc_llcp, 0x80, &(0x7f0000000280)=[{&(0x7f0000000180)=""/221, 0xdd}], 0x1, &(0x7f00000002c0)=""/186, 0xba}, 0x2) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x90003, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x82, 0x0) (async)
ioctl$VHOST_NET_SET_BACKEND(r3, 0x4008af30, &(0x7f00000000c0)={0x1, r4}) (async)

06:27:12 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x801)

06:27:12 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, &(0x7f00000000c0)=[{0x1, 0x1, {0x5, 0xf0}, {0x1, 0xff, 0x3}, 0xfe, 0xff}, {0x1, 0x2, {0x0, 0xf0, 0x1}, {0x1, 0x0, 0x4}, 0xfd, 0x2}, {0x1, 0x3, {0x2, 0x1, 0x3acab18b5c4e027b}, {0x1, 0xf0}, 0x0, 0xfe}, {0x2, 0x2, {0x1, 0xff, 0x2}, {0x1, 0x1}, 0x1, 0xff}, {0x1, 0x4, {0x1, 0x1, 0x3}, {0x2, 0xff, 0x1}, 0xfd, 0x2}, {0x2, 0x3, {0x2, 0x11e, 0x3}, {0x2, 0x1, 0x4}, 0xff, 0xfe}, {0x0, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x1}, 0x0, 0xfd}, {0x3, 0x0, {0x0, 0xff}, {0x1, 0xff, 0x1}, 0x0, 0x2}], 0x100)
write$vhost_msg(r0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
syz_open_dev$sg(&(0x7f0000000040), 0x4, 0x20000)
setsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4)

[ 1069.057902][T11726] FAULT_INJECTION: forcing a failure.
[ 1069.057902][T11726] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1069.083041][T11726] CPU: 0 PID: 11726 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1069.093183][T11726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1069.103279][T11726] Call Trace:
[ 1069.106598][T11726]  <TASK>
[ 1069.109563][T11726]  dump_stack_lvl+0x1e7/0x2d0
[ 1069.114300][T11726]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1069.119819][T11726]  ? panic+0x770/0x770
[ 1069.123952][T11726]  ? kasan_set_track+0x64/0x80
[ 1069.128774][T11726]  should_fail_ex+0x3aa/0x4e0
[ 1069.133501][T11726]  prepare_alloc_pages+0x1d9/0x5b0
[ 1069.138661][T11726]  __alloc_pages+0x16e/0x7f0
[ 1069.143287][T11726]  ? zone_statistics+0x170/0x170
[ 1069.148253][T11726]  ? alloc_pages+0x510/0x780
[ 1069.152861][T11726]  get_zeroed_page+0x17/0x40
[ 1069.157461][T11726]  mon_bin_open+0x237/0x500
[ 1069.161986][T11726]  chrdev_open+0x54e/0x630
[ 1069.166411][T11726]  ? cd_forget+0x160/0x160
[ 1069.170834][T11726]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1069.176044][T11726]  ? fsnotify_perm+0x471/0x590
[ 1069.180829][T11726]  ? cd_forget+0x160/0x160
[ 1069.185336][T11726]  do_dentry_open+0x7f9/0x10f0
[ 1069.190128][T11726]  path_openat+0x27b3/0x3170
[ 1069.194750][T11726]  ? getname_flags+0xbc/0x4e0
[ 1069.199443][T11726]  ? mark_lock+0x9a/0x340
[ 1069.203786][T11726]  ? do_filp_open+0x490/0x490
[ 1069.208477][T11726]  ? alloc_fd+0x59c/0x640
[ 1069.212822][T11726]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1069.218476][T11726]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1069.224492][T11726]  do_filp_open+0x234/0x490
[ 1069.229015][T11726]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1069.233643][T11726]  ? _raw_spin_unlock+0x28/0x40
[ 1069.238508][T11726]  ? alloc_fd+0x59c/0x640
[ 1069.242878][T11726]  do_sys_openat2+0x13f/0x500
[ 1069.247574][T11726]  ? mutex_unlock+0x10/0x10
[ 1069.252088][T11726]  ? do_sys_open+0x230/0x230
[ 1069.256702][T11726]  __x64_sys_openat+0x247/0x290
[ 1069.261567][T11726]  ? __ia32_sys_open+0x270/0x270
[ 1069.266516][T11726]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1069.272523][T11726]  ? lockdep_hardirqs_on+0x98/0x140
[ 1069.277737][T11726]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1069.283739][T11726]  do_syscall_64+0x41/0xc0
[ 1069.288180][T11726]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1069.294087][T11726] RIP: 0033:0x7f9b1943e284
[ 1069.298511][T11726] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1069.318139][T11726] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1069.326581][T11726] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1069.334584][T11726] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1069.342568][T11726] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1069.350551][T11726] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
06:27:12 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000000))
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:12 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 45)

[ 1069.358526][T11726] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1069.366522][T11726]  </TASK>
06:27:12 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x74)

06:27:12 executing program 5:
ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, &(0x7f0000000000)={0x2, 0x8, 0x2})
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

[ 1069.435821][T11748] FAULT_INJECTION: forcing a failure.
[ 1069.435821][T11748] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1069.504631][T11748] CPU: 0 PID: 11748 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1069.514788][T11748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1069.524891][T11748] Call Trace:
[ 1069.528210][T11748]  <TASK>
[ 1069.531180][T11748]  dump_stack_lvl+0x1e7/0x2d0
[ 1069.536011][T11748]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1069.541532][T11748]  ? panic+0x770/0x770
[ 1069.545650][T11748]  ? kasan_set_track+0x64/0x80
[ 1069.550477][T11748]  should_fail_ex+0x3aa/0x4e0
[ 1069.555212][T11748]  prepare_alloc_pages+0x1d9/0x5b0
[ 1069.560377][T11748]  __alloc_pages+0x16e/0x7f0
[ 1069.564998][T11748]  ? zone_statistics+0x170/0x170
[ 1069.569959][T11748]  ? alloc_pages+0x510/0x780
[ 1069.574564][T11748]  get_zeroed_page+0x17/0x40
[ 1069.579162][T11748]  mon_bin_open+0x237/0x500
[ 1069.583774][T11748]  chrdev_open+0x54e/0x630
[ 1069.588198][T11748]  ? cd_forget+0x160/0x160
[ 1069.592629][T11748]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1069.597839][T11748]  ? fsnotify_perm+0x471/0x590
[ 1069.602621][T11748]  ? cd_forget+0x160/0x160
[ 1069.607042][T11748]  do_dentry_open+0x7f9/0x10f0
[ 1069.611830][T11748]  path_openat+0x27b3/0x3170
[ 1069.616456][T11748]  ? getname_flags+0xbc/0x4e0
[ 1069.621151][T11748]  ? mark_lock+0x9a/0x340
[ 1069.625493][T11748]  ? do_filp_open+0x490/0x490
[ 1069.630189][T11748]  ? alloc_fd+0x59c/0x640
[ 1069.634529][T11748]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1069.640176][T11748]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1069.646184][T11748]  do_filp_open+0x234/0x490
[ 1069.650711][T11748]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1069.655345][T11748]  ? _raw_spin_unlock+0x28/0x40
[ 1069.660225][T11748]  ? alloc_fd+0x59c/0x640
[ 1069.664576][T11748]  do_sys_openat2+0x13f/0x500
[ 1069.669266][T11748]  ? mutex_unlock+0x10/0x10
[ 1069.673781][T11748]  ? do_sys_open+0x230/0x230
[ 1069.678400][T11748]  __x64_sys_openat+0x247/0x290
[ 1069.683265][T11748]  ? __ia32_sys_open+0x270/0x270
[ 1069.688216][T11748]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1069.694205][T11748]  ? lockdep_hardirqs_on+0x98/0x140
[ 1069.699421][T11748]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1069.705419][T11748]  do_syscall_64+0x41/0xc0
[ 1069.709861][T11748]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1069.715784][T11748] RIP: 0033:0x7f9b1943e284
[ 1069.720210][T11748] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1069.739822][T11748] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
06:27:12 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, &(0x7f00000000c0)=[{0x1, 0x1, {0x5, 0xf0}, {0x1, 0xff, 0x3}, 0xfe, 0xff}, {0x1, 0x2, {0x0, 0xf0, 0x1}, {0x1, 0x0, 0x4}, 0xfd, 0x2}, {0x1, 0x3, {0x2, 0x1, 0x3acab18b5c4e027b}, {0x1, 0xf0}, 0x0, 0xfe}, {0x2, 0x2, {0x1, 0xff, 0x2}, {0x1, 0x1}, 0x1, 0xff}, {0x1, 0x4, {0x1, 0x1, 0x3}, {0x2, 0xff, 0x1}, 0xfd, 0x2}, {0x2, 0x3, {0x2, 0x11e, 0x3}, {0x2, 0x1, 0x4}, 0xff, 0xfe}, {0x0, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x1}, 0x0, 0xfd}, {0x3, 0x0, {0x0, 0xff}, {0x1, 0xff, 0x1}, 0x0, 0x2}], 0x100)
write$vhost_msg(r0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
syz_open_dev$sg(&(0x7f0000000040), 0x4, 0x20000)
setsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4)

06:27:12 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x900)

[ 1069.748247][T11748] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1069.756313][T11748] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1069.764291][T11748] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1069.772368][T11748] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1069.780350][T11748] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1069.788360][T11748]  </TASK>
06:27:12 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f0000000000)) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:12 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 46)

06:27:13 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x7a)

[ 1069.950807][T11774] FAULT_INJECTION: forcing a failure.
[ 1069.950807][T11774] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1069.983798][T11774] CPU: 1 PID: 11774 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1069.993968][T11774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1070.004065][T11774] Call Trace:
[ 1070.007388][T11774]  <TASK>
[ 1070.010358][T11774]  dump_stack_lvl+0x1e7/0x2d0
[ 1070.015094][T11774]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1070.020612][T11774]  ? panic+0x770/0x770
[ 1070.024733][T11774]  ? kasan_set_track+0x64/0x80
[ 1070.029550][T11774]  should_fail_ex+0x3aa/0x4e0
[ 1070.034285][T11774]  prepare_alloc_pages+0x1d9/0x5b0
[ 1070.039457][T11774]  __alloc_pages+0x16e/0x7f0
[ 1070.044099][T11774]  ? zone_statistics+0x170/0x170
06:27:13 executing program 5:
ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, &(0x7f0000000000)={0x2, 0x8, 0x2})
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

[ 1070.049097][T11774]  ? alloc_pages+0x510/0x780
[ 1070.053736][T11774]  get_zeroed_page+0x17/0x40
[ 1070.058369][T11774]  mon_bin_open+0x237/0x500
[ 1070.062933][T11774]  chrdev_open+0x54e/0x630
[ 1070.067400][T11774]  ? cd_forget+0x160/0x160
[ 1070.071954][T11774]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1070.077206][T11774]  ? fsnotify_perm+0x471/0x590
[ 1070.082026][T11774]  ? cd_forget+0x160/0x160
[ 1070.086479][T11774]  do_dentry_open+0x7f9/0x10f0
[ 1070.091305][T11774]  path_openat+0x27b3/0x3170
[ 1070.095968][T11774]  ? getname_flags+0xbc/0x4e0
06:27:13 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x108)

[ 1070.100697][T11774]  ? mark_lock+0x9a/0x340
[ 1070.105085][T11774]  ? do_filp_open+0x490/0x490
[ 1070.109816][T11774]  ? alloc_fd+0x59c/0x640
[ 1070.114201][T11774]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1070.119891][T11774]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1070.125938][T11774]  do_filp_open+0x234/0x490
[ 1070.130506][T11774]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1070.135189][T11774]  ? _raw_spin_unlock+0x28/0x40
[ 1070.140091][T11774]  ? alloc_fd+0x59c/0x640
[ 1070.144481][T11774]  do_sys_openat2+0x13f/0x500
[ 1070.149203][T11774]  ? mutex_unlock+0x10/0x10
[ 1070.153747][T11774]  ? do_sys_open+0x230/0x230
[ 1070.158400][T11774]  __x64_sys_openat+0x247/0x290
[ 1070.163296][T11774]  ? __ia32_sys_open+0x270/0x270
[ 1070.168279][T11774]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1070.174305][T11774]  ? lockdep_hardirqs_on+0x98/0x140
[ 1070.179548][T11774]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1070.185663][T11774]  do_syscall_64+0x41/0xc0
[ 1070.190134][T11774]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1070.196079][T11774] RIP: 0033:0x7f9b1943e284
06:27:13 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xa00)

[ 1070.200531][T11774] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1070.220183][T11774] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1070.228648][T11774] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1070.236671][T11774] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1070.244692][T11774] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1070.252701][T11774] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1070.260715][T11774] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1070.268751][T11774]  </TASK>
06:27:13 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'team0\x00', <r1=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', <r2=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r4=>0x0})
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000500)={&(0x7f0000000200)={0x2c4, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [{{0x8, 0x1, r1}, {0x1b0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x81}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xe94a}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x477}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r3}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}]}}, {{0x8}, {0xf0, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8}}}]}}]}, 0x2c4}, 0x1, 0x0, 0x0, 0x20044481}, 0x20042840)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:13 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 47)

06:27:13 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, &(0x7f00000000c0)=[{0x1, 0x1, {0x5, 0xf0}, {0x1, 0xff, 0x3}, 0xfe, 0xff}, {0x1, 0x2, {0x0, 0xf0, 0x1}, {0x1, 0x0, 0x4}, 0xfd, 0x2}, {0x1, 0x3, {0x2, 0x1, 0x3acab18b5c4e027b}, {0x1, 0xf0}, 0x0, 0xfe}, {0x2, 0x2, {0x1, 0xff, 0x2}, {0x1, 0x1}, 0x1, 0xff}, {0x1, 0x4, {0x1, 0x1, 0x3}, {0x2, 0xff, 0x1}, 0xfd, 0x2}, {0x2, 0x3, {0x2, 0x11e, 0x3}, {0x2, 0x1, 0x4}, 0xff, 0xfe}, {0x0, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x1}, 0x0, 0xfd}, {0x3, 0x0, {0x0, 0xff}, {0x1, 0xff, 0x1}, 0x0, 0x2}], 0x100)
write$vhost_msg(r0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
syz_open_dev$sg(&(0x7f0000000040), 0x4, 0x20000)
setsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4)

[ 1070.371418][T11802] FAULT_INJECTION: forcing a failure.
[ 1070.371418][T11802] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1070.396568][T11802] CPU: 0 PID: 11802 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1070.406709][T11802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1070.416804][T11802] Call Trace:
[ 1070.420117][T11802]  <TASK>
[ 1070.423080][T11802]  dump_stack_lvl+0x1e7/0x2d0
[ 1070.427813][T11802]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1070.433333][T11802]  ? panic+0x770/0x770
[ 1070.437463][T11802]  ? kasan_set_track+0x64/0x80
[ 1070.442281][T11802]  should_fail_ex+0x3aa/0x4e0
[ 1070.447014][T11802]  prepare_alloc_pages+0x1d9/0x5b0
[ 1070.452185][T11802]  __alloc_pages+0x16e/0x7f0
[ 1070.456827][T11802]  ? zone_statistics+0x170/0x170
[ 1070.461816][T11802]  ? alloc_pages+0x510/0x780
[ 1070.466437][T11802]  get_zeroed_page+0x17/0x40
[ 1070.471047][T11802]  mon_bin_open+0x237/0x500
[ 1070.475583][T11802]  chrdev_open+0x54e/0x630
[ 1070.480019][T11802]  ? cd_forget+0x160/0x160
[ 1070.484462][T11802]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1070.489695][T11802]  ? fsnotify_perm+0x471/0x590
[ 1070.494487][T11802]  ? cd_forget+0x160/0x160
[ 1070.498911][T11802]  do_dentry_open+0x7f9/0x10f0
[ 1070.503701][T11802]  path_openat+0x27b3/0x3170
[ 1070.508324][T11802]  ? getname_flags+0xbc/0x4e0
[ 1070.513028][T11802]  ? mark_lock+0x9a/0x340
[ 1070.517371][T11802]  ? do_filp_open+0x490/0x490
[ 1070.522061][T11802]  ? alloc_fd+0x59c/0x640
[ 1070.526414][T11802]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1070.532062][T11802]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1070.538164][T11802]  do_filp_open+0x234/0x490
[ 1070.542689][T11802]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1070.547331][T11802]  ? _raw_spin_unlock+0x28/0x40
[ 1070.552196][T11802]  ? alloc_fd+0x59c/0x640
[ 1070.556559][T11802]  do_sys_openat2+0x13f/0x500
[ 1070.561248][T11802]  ? mutex_unlock+0x10/0x10
[ 1070.565766][T11802]  ? do_sys_open+0x230/0x230
[ 1070.570397][T11802]  __x64_sys_openat+0x247/0x290
[ 1070.575274][T11802]  ? __ia32_sys_open+0x270/0x270
[ 1070.580229][T11802]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1070.586311][T11802]  ? lockdep_hardirqs_on+0x98/0x140
[ 1070.591522][T11802]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1070.597514][T11802]  do_syscall_64+0x41/0xc0
[ 1070.601955][T11802]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1070.607880][T11802] RIP: 0033:0x7f9b1943e284
[ 1070.612318][T11802] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1070.631932][T11802] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1070.640356][T11802] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1070.648332][T11802] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1070.656396][T11802] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1070.664393][T11802] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
06:27:13 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 48)

[ 1070.672384][T11802] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1070.680396][T11802]  </TASK>
[ 1070.757331][T11816] FAULT_INJECTION: forcing a failure.
[ 1070.757331][T11816] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1070.773083][T11816] CPU: 1 PID: 11816 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1070.783216][T11816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1070.793308][T11816] Call Trace:
[ 1070.796622][T11816]  <TASK>
[ 1070.799596][T11816]  dump_stack_lvl+0x1e7/0x2d0
[ 1070.804340][T11816]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1070.809853][T11816]  ? panic+0x770/0x770
[ 1070.813968][T11816]  ? kasan_set_track+0x64/0x80
[ 1070.818790][T11816]  should_fail_ex+0x3aa/0x4e0
[ 1070.823524][T11816]  prepare_alloc_pages+0x1d9/0x5b0
[ 1070.828686][T11816]  __alloc_pages+0x16e/0x7f0
[ 1070.833330][T11816]  ? zone_statistics+0x170/0x170
[ 1070.838340][T11816]  ? alloc_pages+0x510/0x780
[ 1070.842993][T11816]  get_zeroed_page+0x17/0x40
[ 1070.847630][T11816]  mon_bin_open+0x237/0x500
[ 1070.852233][T11816]  chrdev_open+0x54e/0x630
[ 1070.856689][T11816]  ? cd_forget+0x160/0x160
[ 1070.861143][T11816]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1070.866383][T11816]  ? fsnotify_perm+0x471/0x590
[ 1070.871205][T11816]  ? cd_forget+0x160/0x160
[ 1070.875663][T11816]  do_dentry_open+0x7f9/0x10f0
[ 1070.880485][T11816]  path_openat+0x27b3/0x3170
[ 1070.885155][T11816]  ? getname_flags+0xbc/0x4e0
[ 1070.889883][T11816]  ? mark_lock+0x9a/0x340
[ 1070.894261][T11816]  ? do_filp_open+0x490/0x490
[ 1070.898997][T11816]  ? alloc_fd+0x59c/0x640
[ 1070.903371][T11816]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1070.909057][T11816]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1070.915103][T11816]  do_filp_open+0x234/0x490
[ 1070.919661][T11816]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1070.924340][T11816]  ? _raw_spin_unlock+0x28/0x40
[ 1070.929234][T11816]  ? alloc_fd+0x59c/0x640
[ 1070.933621][T11816]  do_sys_openat2+0x13f/0x500
[ 1070.938348][T11816]  ? mutex_unlock+0x10/0x10
[ 1070.942897][T11816]  ? do_sys_open+0x230/0x230
[ 1070.947546][T11816]  __x64_sys_openat+0x247/0x290
[ 1070.952444][T11816]  ? __ia32_sys_open+0x270/0x270
06:27:14 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xb00)

[ 1070.957433][T11816]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1070.963460][T11816]  ? lockdep_hardirqs_on+0x98/0x140
[ 1070.968703][T11816]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1070.974747][T11816]  do_syscall_64+0x41/0xc0
[ 1070.979221][T11816]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1070.985159][T11816] RIP: 0033:0x7f9b1943e284
[ 1070.989620][T11816] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1071.009264][T11816] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1071.017753][T11816] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1071.026026][T11816] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1071.034043][T11816] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1071.042060][T11816] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1071.050074][T11816] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
06:27:14 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x300)

06:27:14 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'team0\x00', <r1=>0x0}) (async, rerun: 32)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', <r2=>0x0}) (rerun: 32)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r4=>0x0})
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000500)={&(0x7f0000000200)={0x2c4, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [{{0x8, 0x1, r1}, {0x1b0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x81}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xe94a}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x477}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r3}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}]}}, {{0x8}, {0xf0, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8}}}]}}]}, 0x2c4}, 0x1, 0x0, 0x0, 0x20044481}, 0x20042840) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:14 executing program 5:
ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, &(0x7f0000000000)={0x2, 0x8, 0x2})
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0)

[ 1071.058106][T11816]  </TASK>
06:27:14 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, &(0x7f00000000c0)=[{0x1, 0x1, {0x5, 0xf0}, {0x1, 0xff, 0x3}, 0xfe, 0xff}, {0x1, 0x2, {0x0, 0xf0, 0x1}, {0x1, 0x0, 0x4}, 0xfd, 0x2}, {0x1, 0x3, {0x2, 0x1, 0x3acab18b5c4e027b}, {0x1, 0xf0}, 0x0, 0xfe}, {0x2, 0x2, {0x1, 0xff, 0x2}, {0x1, 0x1}, 0x1, 0xff}, {0x1, 0x4, {0x1, 0x1, 0x3}, {0x2, 0xff, 0x1}, 0xfd, 0x2}, {0x2, 0x3, {0x2, 0x11e, 0x3}, {0x2, 0x1, 0x4}, 0xff, 0xfe}, {0x0, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x1}, 0x0, 0xfd}, {0x3, 0x0, {0x0, 0xff}, {0x1, 0xff, 0x1}, 0x0, 0x2}], 0x100)
write$vhost_msg(r0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r1, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4)

06:27:14 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async, rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'team0\x00', <r1=>0x0}) (async, rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', <r2=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r3=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r4=>0x0})
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000500)={&(0x7f0000000200)={0x2c4, 0x0, 0x200, 0x70bd2c, 0x25dfdbfe, {}, [{{0x8, 0x1, r1}, {0x1b0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x81}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xe94a}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x477}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r3}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}]}}, {{0x8}, {0xf0, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8}}}]}}]}, 0x2c4}, 0x1, 0x0, 0x0, 0x20044481}, 0x20042840) (async, rerun: 32)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (rerun: 32)

06:27:14 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xc00)

06:27:14 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 49)

06:27:14 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000100)={0x1, {&(0x7f0000000080)=""/128, 0x80, &(0x7f0000000000)=""/34, 0x2, 0x1}}, 0x48)

06:27:14 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x500)

06:27:14 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, &(0x7f00000000c0)=[{0x1, 0x1, {0x5, 0xf0}, {0x1, 0xff, 0x3}, 0xfe, 0xff}, {0x1, 0x2, {0x0, 0xf0, 0x1}, {0x1, 0x0, 0x4}, 0xfd, 0x2}, {0x1, 0x3, {0x2, 0x1, 0x3acab18b5c4e027b}, {0x1, 0xf0}, 0x0, 0xfe}, {0x2, 0x2, {0x1, 0xff, 0x2}, {0x1, 0x1}, 0x1, 0xff}, {0x1, 0x4, {0x1, 0x1, 0x3}, {0x2, 0xff, 0x1}, 0xfd, 0x2}, {0x2, 0x3, {0x2, 0x11e, 0x3}, {0x2, 0x1, 0x4}, 0xff, 0xfe}, {0x0, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x1}, 0x0, 0xfd}, {0x3, 0x0, {0x0, 0xff}, {0x1, 0xff, 0x1}, 0x0, 0x2}], 0x100)
write$vhost_msg(r0, 0x0, 0x0)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r1, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4)

[ 1071.333810][T11859] FAULT_INJECTION: forcing a failure.
[ 1071.333810][T11859] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1071.364276][T11859] CPU: 1 PID: 11859 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1071.374427][T11859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1071.384531][T11859] Call Trace:
[ 1071.387847][T11859]  <TASK>
[ 1071.390818][T11859]  dump_stack_lvl+0x1e7/0x2d0
[ 1071.395559][T11859]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1071.401164][T11859]  ? panic+0x770/0x770
[ 1071.405287][T11859]  ? kasan_set_track+0x64/0x80
[ 1071.410114][T11859]  should_fail_ex+0x3aa/0x4e0
[ 1071.414854][T11859]  prepare_alloc_pages+0x1d9/0x5b0
[ 1071.420028][T11859]  __alloc_pages+0x16e/0x7f0
[ 1071.424644][T11859]  ? zone_statistics+0x170/0x170
[ 1071.429606][T11859]  ? alloc_pages+0x510/0x780
[ 1071.434215][T11859]  get_zeroed_page+0x17/0x40
[ 1071.438825][T11859]  mon_bin_open+0x237/0x500
[ 1071.443363][T11859]  chrdev_open+0x54e/0x630
[ 1071.447816][T11859]  ? cd_forget+0x160/0x160
[ 1071.452247][T11859]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1071.457461][T11859]  ? fsnotify_perm+0x471/0x590
[ 1071.462252][T11859]  ? cd_forget+0x160/0x160
[ 1071.466676][T11859]  do_dentry_open+0x7f9/0x10f0
[ 1071.471480][T11859]  path_openat+0x27b3/0x3170
[ 1071.476103][T11859]  ? getname_flags+0xbc/0x4e0
[ 1071.480794][T11859]  ? mark_lock+0x9a/0x340
[ 1071.485165][T11859]  ? do_filp_open+0x490/0x490
[ 1071.489896][T11859]  ? alloc_fd+0x59c/0x640
[ 1071.494254][T11859]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1071.499913][T11859]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1071.505929][T11859]  do_filp_open+0x234/0x490
[ 1071.510459][T11859]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1071.515090][T11859]  ? _raw_spin_unlock+0x28/0x40
[ 1071.519955][T11859]  ? alloc_fd+0x59c/0x640
[ 1071.524307][T11859]  do_sys_openat2+0x13f/0x500
[ 1071.529001][T11859]  ? mutex_unlock+0x10/0x10
[ 1071.533516][T11859]  ? do_sys_open+0x230/0x230
[ 1071.538134][T11859]  __x64_sys_openat+0x247/0x290
[ 1071.542998][T11859]  ? __ia32_sys_open+0x270/0x270
[ 1071.547949][T11859]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1071.553940][T11859]  ? lockdep_hardirqs_on+0x98/0x140
[ 1071.559151][T11859]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1071.565145][T11859]  do_syscall_64+0x41/0xc0
[ 1071.569605][T11859]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1071.575513][T11859] RIP: 0033:0x7f9b1943e284
[ 1071.579936][T11859] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1071.599649][T11859] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1071.608092][T11859] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1071.616092][T11859] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1071.624072][T11859] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1071.632055][T11859] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1071.640036][T11859] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1071.648033][T11859]  </TASK>
06:27:14 executing program 0:
socketpair(0x23, 0x0, 0x9, &(0x7f0000000180))
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000000))

06:27:14 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xd00)

06:27:14 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 50)

06:27:14 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x600)

06:27:14 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
setsockopt$SO_J1939_FILTER(0xffffffffffffffff, 0x6b, 0x1, &(0x7f00000000c0)=[{0x1, 0x1, {0x5, 0xf0}, {0x1, 0xff, 0x3}, 0xfe, 0xff}, {0x1, 0x2, {0x0, 0xf0, 0x1}, {0x1, 0x0, 0x4}, 0xfd, 0x2}, {0x1, 0x3, {0x2, 0x1, 0x3acab18b5c4e027b}, {0x1, 0xf0}, 0x0, 0xfe}, {0x2, 0x2, {0x1, 0xff, 0x2}, {0x1, 0x1}, 0x1, 0xff}, {0x1, 0x4, {0x1, 0x1, 0x3}, {0x2, 0xff, 0x1}, 0xfd, 0x2}, {0x2, 0x3, {0x2, 0x11e, 0x3}, {0x2, 0x1, 0x4}, 0xff, 0xfe}, {0x0, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x1}, 0x0, 0xfd}, {0x3, 0x0, {0x0, 0xff}, {0x1, 0xff, 0x1}, 0x0, 0x2}], 0x100)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4)

06:27:14 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000100)={0x1, {&(0x7f0000000080)=""/128, 0x80, &(0x7f0000000000)=""/34, 0x2, 0x1}}, 0x48)

[ 1071.923325][T11897] FAULT_INJECTION: forcing a failure.
[ 1071.923325][T11897] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1071.938326][T11897] CPU: 1 PID: 11897 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1071.948462][T11897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1071.958562][T11897] Call Trace:
[ 1071.961879][T11897]  <TASK>
[ 1071.964850][T11897]  dump_stack_lvl+0x1e7/0x2d0
[ 1071.969592][T11897]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1071.975108][T11897]  ? panic+0x770/0x770
[ 1071.979229][T11897]  ? kasan_set_track+0x64/0x80
[ 1071.984054][T11897]  should_fail_ex+0x3aa/0x4e0
[ 1071.988879][T11897]  prepare_alloc_pages+0x1d9/0x5b0
[ 1071.994051][T11897]  __alloc_pages+0x16e/0x7f0
[ 1071.998693][T11897]  ? zone_statistics+0x170/0x170
[ 1072.003696][T11897]  ? alloc_pages+0x510/0x780
[ 1072.008343][T11897]  get_zeroed_page+0x17/0x40
[ 1072.012987][T11897]  mon_bin_open+0x237/0x500
[ 1072.017551][T11897]  chrdev_open+0x54e/0x630
[ 1072.022017][T11897]  ? cd_forget+0x160/0x160
[ 1072.026496][T11897]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1072.031747][T11897]  ? fsnotify_perm+0x471/0x590
[ 1072.036569][T11897]  ? cd_forget+0x160/0x160
[ 1072.041199][T11897]  do_dentry_open+0x7f9/0x10f0
[ 1072.046029][T11897]  path_openat+0x27b3/0x3170
[ 1072.050700][T11897]  ? getname_flags+0xbc/0x4e0
[ 1072.055427][T11897]  ? mark_lock+0x9a/0x340
[ 1072.059806][T11897]  ? do_filp_open+0x490/0x490
[ 1072.064530][T11897]  ? alloc_fd+0x59c/0x640
[ 1072.068910][T11897]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1072.074594][T11897]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1072.080643][T11897]  do_filp_open+0x234/0x490
[ 1072.085204][T11897]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1072.089871][T11897]  ? _raw_spin_unlock+0x28/0x40
[ 1072.094771][T11897]  ? alloc_fd+0x59c/0x640
[ 1072.099155][T11897]  do_sys_openat2+0x13f/0x500
[ 1072.103877][T11897]  ? mutex_unlock+0x10/0x10
[ 1072.108424][T11897]  ? do_sys_open+0x230/0x230
[ 1072.113094][T11897]  __x64_sys_openat+0x247/0x290
[ 1072.117986][T11897]  ? __ia32_sys_open+0x270/0x270
[ 1072.122973][T11897]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1072.129002][T11897]  ? lockdep_hardirqs_on+0x98/0x140
[ 1072.134289][T11897]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1072.140332][T11897]  do_syscall_64+0x41/0xc0
[ 1072.144906][T11897]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1072.150852][T11897] RIP: 0033:0x7f9b1943e284
06:27:15 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xe00)

[ 1072.155404][T11897] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1072.175053][T11897] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1072.183515][T11897] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1072.191526][T11897] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1072.199536][T11897] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1072.207552][T11897] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1072.215568][T11897] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
06:27:15 executing program 0:
socketpair(0x23, 0x0, 0x9, &(0x7f0000000180))
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000000))
socketpair(0x23, 0x0, 0x9, &(0x7f0000000180)) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000000)) (async)

[ 1072.223616][T11897]  </TASK>
06:27:15 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 51)

06:27:15 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4)

06:27:15 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x700)

[ 1072.355754][T11924] FAULT_INJECTION: forcing a failure.
[ 1072.355754][T11924] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1072.369596][T11924] CPU: 1 PID: 11924 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1072.379717][T11924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1072.389818][T11924] Call Trace:
[ 1072.393139][T11924]  <TASK>
[ 1072.396106][T11924]  dump_stack_lvl+0x1e7/0x2d0
[ 1072.400843][T11924]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1072.406364][T11924]  ? panic+0x770/0x770
[ 1072.410483][T11924]  ? kasan_set_track+0x64/0x80
[ 1072.415311][T11924]  should_fail_ex+0x3aa/0x4e0
[ 1072.420053][T11924]  prepare_alloc_pages+0x1d9/0x5b0
[ 1072.425316][T11924]  __alloc_pages+0x16e/0x7f0
[ 1072.429966][T11924]  ? zone_statistics+0x170/0x170
[ 1072.434968][T11924]  ? alloc_pages+0x510/0x780
[ 1072.439608][T11924]  get_zeroed_page+0x17/0x40
[ 1072.444247][T11924]  mon_bin_open+0x237/0x500
[ 1072.448810][T11924]  chrdev_open+0x54e/0x630
[ 1072.453261][T11924]  ? cd_forget+0x160/0x160
[ 1072.457690][T11924]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1072.462905][T11924]  ? fsnotify_perm+0x471/0x590
[ 1072.467711][T11924]  ? cd_forget+0x160/0x160
[ 1072.472139][T11924]  do_dentry_open+0x7f9/0x10f0
[ 1072.476928][T11924]  path_openat+0x27b3/0x3170
[ 1072.481551][T11924]  ? getname_flags+0xbc/0x4e0
[ 1072.486241][T11924]  ? mark_lock+0x9a/0x340
[ 1072.490675][T11924]  ? do_filp_open+0x490/0x490
[ 1072.495371][T11924]  ? alloc_fd+0x59c/0x640
[ 1072.499731][T11924]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1072.505386][T11924]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1072.511399][T11924]  do_filp_open+0x234/0x490
[ 1072.515924][T11924]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1072.520560][T11924]  ? _raw_spin_unlock+0x28/0x40
[ 1072.525430][T11924]  ? alloc_fd+0x59c/0x640
[ 1072.529784][T11924]  do_sys_openat2+0x13f/0x500
[ 1072.534472][T11924]  ? mutex_unlock+0x10/0x10
[ 1072.538986][T11924]  ? do_sys_open+0x230/0x230
[ 1072.543598][T11924]  __x64_sys_openat+0x247/0x290
[ 1072.548475][T11924]  ? __ia32_sys_open+0x270/0x270
[ 1072.553427][T11924]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1072.559422][T11924]  ? lockdep_hardirqs_on+0x98/0x140
[ 1072.564630][T11924]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1072.570629][T11924]  do_syscall_64+0x41/0xc0
[ 1072.575068][T11924]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1072.580973][T11924] RIP: 0033:0x7f9b1943e284
[ 1072.585397][T11924] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1072.605013][T11924] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1072.613438][T11924] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1072.621424][T11924] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1072.629418][T11924] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1072.637396][T11924] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1072.645373][T11924] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1072.653368][T11924]  </TASK>
06:27:15 executing program 0:
socketpair(0x23, 0x0, 0x9, &(0x7f0000000180))
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000000))

06:27:15 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000100)={0x1, {&(0x7f0000000080)=""/128, 0x80, &(0x7f0000000000)=""/34, 0x2, 0x1}}, 0x48)

06:27:15 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1100)

06:27:15 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4)

06:27:15 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 52)

06:27:16 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x801)

06:27:16 executing program 2:
socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4)

[ 1073.029009][T11968] FAULT_INJECTION: forcing a failure.
[ 1073.029009][T11968] name fail_page_alloc, interval 1, probability 0, space 0, times 0
06:27:16 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x113d)

06:27:16 executing program 5:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000300), 0x0, 0x9}}, 0x20)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$IMHOLD_L1(r0, 0x80044948, &(0x7f0000000040)=0x8)
write$vhost_msg(r1, &(0x7f00000001c0)={0x1, {&(0x7f0000000080)=""/117, 0x75, &(0x7f0000000100)=""/153, 0x1}}, 0x48)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
ioctl$SIOCAX25CTLCON(r2, 0x89e8, &(0x7f0000000280)={@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x9, 0x533, 0x3, [@bcast, @bcast, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
write$vhost_msg(r1, 0x0, 0x0)

06:27:16 executing program 2:
socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4)

[ 1073.186345][T11968] CPU: 0 PID: 11968 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1073.196496][T11968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1073.206592][T11968] Call Trace:
[ 1073.209907][T11968]  <TASK>
[ 1073.212891][T11968]  dump_stack_lvl+0x1e7/0x2d0
[ 1073.217627][T11968]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1073.223156][T11968]  ? panic+0x770/0x770
[ 1073.227275][T11968]  ? kasan_set_track+0x64/0x80
[ 1073.232102][T11968]  should_fail_ex+0x3aa/0x4e0
06:27:16 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x900)

06:27:16 executing program 2:
socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f0000000200)=0x5, 0x4)

[ 1073.236839][T11968]  prepare_alloc_pages+0x1d9/0x5b0
[ 1073.242018][T11968]  __alloc_pages+0x16e/0x7f0
[ 1073.246666][T11968]  ? zone_statistics+0x170/0x170
[ 1073.251667][T11968]  ? alloc_pages+0x510/0x780
[ 1073.256308][T11968]  get_zeroed_page+0x17/0x40
[ 1073.260970][T11968]  mon_bin_open+0x237/0x500
[ 1073.265533][T11968]  chrdev_open+0x54e/0x630
[ 1073.269999][T11968]  ? cd_forget+0x160/0x160
[ 1073.274464][T11968]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1073.279801][T11968]  ? fsnotify_perm+0x471/0x590
[ 1073.284632][T11968]  ? cd_forget+0x160/0x160
[ 1073.289096][T11968]  do_dentry_open+0x7f9/0x10f0
[ 1073.293918][T11968]  path_openat+0x27b3/0x3170
[ 1073.298556][T11968]  ? getname_flags+0xbc/0x4e0
[ 1073.303259][T11968]  ? mark_lock+0x9a/0x340
[ 1073.307618][T11968]  ? do_filp_open+0x490/0x490
[ 1073.312326][T11968]  ? alloc_fd+0x59c/0x640
[ 1073.316670][T11968]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1073.322323][T11968]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1073.328330][T11968]  do_filp_open+0x234/0x490
[ 1073.332890][T11968]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1073.337549][T11968]  ? _raw_spin_unlock+0x28/0x40
[ 1073.342515][T11968]  ? alloc_fd+0x59c/0x640
[ 1073.346868][T11968]  do_sys_openat2+0x13f/0x500
[ 1073.351577][T11968]  ? mutex_unlock+0x10/0x10
[ 1073.356122][T11968]  ? do_sys_open+0x230/0x230
[ 1073.360734][T11968]  __x64_sys_openat+0x247/0x290
[ 1073.365595][T11968]  ? __ia32_sys_open+0x270/0x270
[ 1073.370553][T11968]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1073.376543][T11968]  ? lockdep_hardirqs_on+0x98/0x140
[ 1073.381750][T11968]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1073.387742][T11968]  do_syscall_64+0x41/0xc0
[ 1073.392177][T11968]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1073.398083][T11968] RIP: 0033:0x7f9b1943e284
[ 1073.402513][T11968] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1073.422128][T11968] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1073.430552][T11968] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1073.438536][T11968] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1073.446525][T11968] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1073.454502][T11968] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1073.462492][T11968] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1073.470491][T11968]  </TASK>
06:27:16 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:27:16 executing program 5:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000300), 0x0, 0x9}}, 0x20)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$IMHOLD_L1(r0, 0x80044948, &(0x7f0000000040)=0x8)
write$vhost_msg(r1, &(0x7f00000001c0)={0x1, {&(0x7f0000000080)=""/117, 0x75, &(0x7f0000000100)=""/153, 0x1}}, 0x48) (async)
write$vhost_msg(r1, &(0x7f00000001c0)={0x1, {&(0x7f0000000080)=""/117, 0x75, &(0x7f0000000100)=""/153, 0x1}}, 0x48)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
ioctl$SIOCAX25CTLCON(r2, 0x89e8, &(0x7f0000000280)={@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x9, 0x533, 0x3, [@bcast, @bcast, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
write$vhost_msg(r1, 0x0, 0x0)

06:27:16 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 53)

06:27:16 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, 0x0, 0x0)

06:27:16 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x114b)

06:27:16 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xa00)

06:27:16 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, 0x0, 0x0)

[ 1073.666382][T12006] FAULT_INJECTION: forcing a failure.
[ 1073.666382][T12006] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1073.691998][T12006] CPU: 0 PID: 12006 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1073.702184][T12006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1073.712298][T12006] Call Trace:
[ 1073.715614][T12006]  <TASK>
[ 1073.718581][T12006]  dump_stack_lvl+0x1e7/0x2d0
[ 1073.723321][T12006]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1073.728834][T12006]  ? panic+0x770/0x770
[ 1073.732954][T12006]  ? kasan_set_track+0x64/0x80
[ 1073.737779][T12006]  should_fail_ex+0x3aa/0x4e0
[ 1073.742512][T12006]  prepare_alloc_pages+0x1d9/0x5b0
[ 1073.747672][T12006]  __alloc_pages+0x16e/0x7f0
[ 1073.752321][T12006]  ? zone_statistics+0x170/0x170
[ 1073.757281][T12006]  ? alloc_pages+0x510/0x780
[ 1073.761897][T12006]  get_zeroed_page+0x17/0x40
[ 1073.766495][T12006]  mon_bin_open+0x237/0x500
[ 1073.771020][T12006]  chrdev_open+0x54e/0x630
[ 1073.775448][T12006]  ? cd_forget+0x160/0x160
[ 1073.779876][T12006]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1073.785088][T12006]  ? fsnotify_perm+0x471/0x590
[ 1073.789874][T12006]  ? cd_forget+0x160/0x160
[ 1073.794297][T12006]  do_dentry_open+0x7f9/0x10f0
[ 1073.799084][T12006]  path_openat+0x27b3/0x3170
[ 1073.803708][T12006]  ? getname_flags+0xbc/0x4e0
[ 1073.808418][T12006]  ? mark_lock+0x9a/0x340
[ 1073.812763][T12006]  ? do_filp_open+0x490/0x490
[ 1073.817454][T12006]  ? alloc_fd+0x59c/0x640
[ 1073.821797][T12006]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1073.827446][T12006]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1073.833457][T12006]  do_filp_open+0x234/0x490
[ 1073.837979][T12006]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1073.842610][T12006]  ? _raw_spin_unlock+0x28/0x40
[ 1073.847491][T12006]  ? alloc_fd+0x59c/0x640
[ 1073.851864][T12006]  do_sys_openat2+0x13f/0x500
[ 1073.856559][T12006]  ? mutex_unlock+0x10/0x10
[ 1073.861073][T12006]  ? do_sys_open+0x230/0x230
[ 1073.865689][T12006]  __x64_sys_openat+0x247/0x290
[ 1073.870556][T12006]  ? __ia32_sys_open+0x270/0x270
[ 1073.875505][T12006]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1073.881513][T12006]  ? lockdep_hardirqs_on+0x98/0x140
[ 1073.886728][T12006]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1073.892728][T12006]  do_syscall_64+0x41/0xc0
[ 1073.897167][T12006]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1073.903083][T12006] RIP: 0033:0x7f9b1943e284
[ 1073.907521][T12006] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1073.927135][T12006] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1073.935564][T12006] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1073.943554][T12006] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1073.951533][T12006] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1073.959518][T12006] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1073.967497][T12006] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1073.975505][T12006]  </TASK>
06:27:17 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, 0x0, 0x0)

06:27:17 executing program 5:
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000340)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000300), 0x0, 0x9}}, 0x20)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$IMHOLD_L1(r0, 0x80044948, &(0x7f0000000040)=0x8)
write$vhost_msg(r1, &(0x7f00000001c0)={0x1, {&(0x7f0000000080)=""/117, 0x75, &(0x7f0000000100)=""/153, 0x1}}, 0x48)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
ioctl$SIOCAX25CTLCON(r2, 0x89e8, &(0x7f0000000280)={@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x9, 0x533, 0x3, [@bcast, @bcast, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
write$vhost_msg(r1, 0x0, 0x0) (async)
write$vhost_msg(r1, 0x0, 0x0)

06:27:17 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)

06:27:17 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 54)

06:27:17 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000200), 0x4)

06:27:17 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xb00)

06:27:17 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1200)

06:27:17 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000200), 0x4)

[ 1074.254477][T12038] FAULT_INJECTION: forcing a failure.
[ 1074.254477][T12038] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1074.268044][T12038] CPU: 1 PID: 12038 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1074.278164][T12038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1074.288263][T12038] Call Trace:
[ 1074.291576][T12038]  <TASK>
[ 1074.294540][T12038]  dump_stack_lvl+0x1e7/0x2d0
[ 1074.299299][T12038]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1074.304818][T12038]  ? panic+0x770/0x770
[ 1074.308935][T12038]  ? kasan_set_track+0x64/0x80
[ 1074.313760][T12038]  should_fail_ex+0x3aa/0x4e0
[ 1074.318505][T12038]  prepare_alloc_pages+0x1d9/0x5b0
[ 1074.323679][T12038]  __alloc_pages+0x16e/0x7f0
[ 1074.328324][T12038]  ? zone_statistics+0x170/0x170
[ 1074.333303][T12038]  ? alloc_pages+0x510/0x780
[ 1074.337917][T12038]  get_zeroed_page+0x17/0x40
[ 1074.342553][T12038]  mon_bin_open+0x237/0x500
[ 1074.347086][T12038]  chrdev_open+0x54e/0x630
[ 1074.351519][T12038]  ? cd_forget+0x160/0x160
[ 1074.355953][T12038]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1074.361171][T12038]  ? fsnotify_perm+0x471/0x590
[ 1074.365960][T12038]  ? cd_forget+0x160/0x160
[ 1074.370387][T12038]  do_dentry_open+0x7f9/0x10f0
[ 1074.375175][T12038]  path_openat+0x27b3/0x3170
[ 1074.379814][T12038]  ? getname_flags+0xbc/0x4e0
[ 1074.384507][T12038]  ? mark_lock+0x9a/0x340
[ 1074.388864][T12038]  ? do_filp_open+0x490/0x490
[ 1074.393557][T12038]  ? alloc_fd+0x59c/0x640
[ 1074.397900][T12038]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1074.403549][T12038]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1074.409555][T12038]  do_filp_open+0x234/0x490
[ 1074.414091][T12038]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1074.418721][T12038]  ? _raw_spin_unlock+0x28/0x40
[ 1074.423591][T12038]  ? alloc_fd+0x59c/0x640
[ 1074.428065][T12038]  do_sys_openat2+0x13f/0x500
[ 1074.432789][T12038]  ? mutex_unlock+0x10/0x10
[ 1074.437317][T12038]  ? do_sys_open+0x230/0x230
[ 1074.441960][T12038]  __x64_sys_openat+0x247/0x290
[ 1074.446843][T12038]  ? __ia32_sys_open+0x270/0x270
[ 1074.451803][T12038]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1074.457800][T12038]  ? lockdep_hardirqs_on+0x98/0x140
[ 1074.463025][T12038]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1074.469044][T12038]  do_syscall_64+0x41/0xc0
[ 1074.473484][T12038]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1074.479392][T12038] RIP: 0033:0x7f9b1943e284
[ 1074.483818][T12038] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1074.503449][T12038] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1074.511886][T12038] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1074.519872][T12038] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1074.527874][T12038] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1074.535849][T12038] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1074.543824][T12038] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1074.551823][T12038]  </TASK>
06:27:17 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000200), 0x4)

06:27:17 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000200), 0x4)

06:27:17 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x181081, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair(0x2a, 0x5, 0xfff, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r4, 0x0, 0x0)

06:27:17 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 55)

06:27:17 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xc00)

[ 1074.700741][T12057] FAULT_INJECTION: forcing a failure.
[ 1074.700741][T12057] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1074.720118][T12057] CPU: 0 PID: 12057 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1074.730265][T12057] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1074.740362][T12057] Call Trace:
[ 1074.743682][T12057]  <TASK>
06:27:17 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000200), 0x4)

[ 1074.746647][T12057]  dump_stack_lvl+0x1e7/0x2d0
[ 1074.751386][T12057]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1074.756910][T12057]  ? panic+0x770/0x770
[ 1074.761032][T12057]  ? kasan_set_track+0x64/0x80
[ 1074.765858][T12057]  should_fail_ex+0x3aa/0x4e0
[ 1074.770592][T12057]  prepare_alloc_pages+0x1d9/0x5b0
[ 1074.775762][T12057]  __alloc_pages+0x16e/0x7f0
[ 1074.780404][T12057]  ? zone_statistics+0x170/0x170
[ 1074.785400][T12057]  ? alloc_pages+0x510/0x780
[ 1074.790046][T12057]  get_zeroed_page+0x17/0x40
[ 1074.794680][T12057]  mon_bin_open+0x237/0x500
[ 1074.799239][T12057]  chrdev_open+0x54e/0x630
[ 1074.803702][T12057]  ? cd_forget+0x160/0x160
[ 1074.808194][T12057]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1074.813457][T12057]  ? fsnotify_perm+0x471/0x590
[ 1074.818286][T12057]  ? cd_forget+0x160/0x160
[ 1074.822737][T12057]  do_dentry_open+0x7f9/0x10f0
[ 1074.827536][T12057]  path_openat+0x27b3/0x3170
[ 1074.832160][T12057]  ? getname_flags+0xbc/0x4e0
[ 1074.836855][T12057]  ? mark_lock+0x9a/0x340
[ 1074.841205][T12057]  ? do_filp_open+0x490/0x490
[ 1074.845896][T12057]  ? alloc_fd+0x59c/0x640
[ 1074.850242][T12057]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1074.855891][T12057]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1074.861898][T12057]  do_filp_open+0x234/0x490
[ 1074.866423][T12057]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1074.871060][T12057]  ? _raw_spin_unlock+0x28/0x40
[ 1074.875930][T12057]  ? alloc_fd+0x59c/0x640
[ 1074.880284][T12057]  do_sys_openat2+0x13f/0x500
[ 1074.884975][T12057]  ? mutex_unlock+0x10/0x10
[ 1074.889490][T12057]  ? do_sys_open+0x230/0x230
[ 1074.894120][T12057]  __x64_sys_openat+0x247/0x290
[ 1074.898984][T12057]  ? __ia32_sys_open+0x270/0x270
[ 1074.904045][T12057]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1074.910037][T12057]  ? lockdep_hardirqs_on+0x98/0x140
[ 1074.915249][T12057]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1074.921256][T12057]  do_syscall_64+0x41/0xc0
[ 1074.925698][T12057]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1074.931606][T12057] RIP: 0033:0x7f9b1943e284
[ 1074.936029][T12057] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1074.955642][T12057] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1074.964065][T12057] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1074.972045][T12057] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1074.980026][T12057] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1074.988001][T12057] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1074.995999][T12057] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1075.003997][T12057]  </TASK>
06:27:18 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:27:18 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1221)

06:27:18 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000200), 0x4)

06:27:18 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 56)

06:27:18 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xd00)

06:27:18 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x181081, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
socketpair(0x2a, 0x5, 0xfff, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r4, 0x0, 0x0)

[ 1075.270952][T12089] FAULT_INJECTION: forcing a failure.
[ 1075.270952][T12089] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1075.287621][T12089] CPU: 0 PID: 12089 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1075.297762][T12089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1075.307866][T12089] Call Trace:
[ 1075.311190][T12089]  <TASK>
[ 1075.314163][T12089]  dump_stack_lvl+0x1e7/0x2d0
[ 1075.318905][T12089]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1075.324444][T12089]  ? panic+0x770/0x770
[ 1075.328578][T12089]  ? kasan_set_track+0x64/0x80
[ 1075.333402][T12089]  should_fail_ex+0x3aa/0x4e0
[ 1075.338140][T12089]  prepare_alloc_pages+0x1d9/0x5b0
[ 1075.343320][T12089]  __alloc_pages+0x16e/0x7f0
[ 1075.347977][T12089]  ? zone_statistics+0x170/0x170
[ 1075.352992][T12089]  ? alloc_pages+0x510/0x780
[ 1075.357654][T12089]  get_zeroed_page+0x17/0x40
[ 1075.362305][T12089]  mon_bin_open+0x237/0x500
[ 1075.366902][T12089]  chrdev_open+0x54e/0x630
[ 1075.371378][T12089]  ? cd_forget+0x160/0x160
[ 1075.375838][T12089]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1075.381098][T12089]  ? fsnotify_perm+0x471/0x590
[ 1075.385926][T12089]  ? cd_forget+0x160/0x160
[ 1075.390381][T12089]  do_dentry_open+0x7f9/0x10f0
[ 1075.395213][T12089]  path_openat+0x27b3/0x3170
[ 1075.399864][T12089]  ? getname_flags+0xbc/0x4e0
[ 1075.404565][T12089]  ? mark_lock+0x9a/0x340
[ 1075.408916][T12089]  ? do_filp_open+0x490/0x490
[ 1075.413698][T12089]  ? alloc_fd+0x59c/0x640
[ 1075.418048][T12089]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1075.423699][T12089]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1075.429712][T12089]  do_filp_open+0x234/0x490
[ 1075.434238][T12089]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1075.438880][T12089]  ? _raw_spin_unlock+0x28/0x40
[ 1075.443778][T12089]  ? alloc_fd+0x59c/0x640
[ 1075.448131][T12089]  do_sys_openat2+0x13f/0x500
[ 1075.452851][T12089]  ? mutex_unlock+0x10/0x10
[ 1075.457399][T12089]  ? do_sys_open+0x230/0x230
[ 1075.462027][T12089]  __x64_sys_openat+0x247/0x290
[ 1075.466910][T12089]  ? __ia32_sys_open+0x270/0x270
[ 1075.471871][T12089]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1075.477886][T12089]  ? lockdep_hardirqs_on+0x98/0x140
[ 1075.483115][T12089]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1075.489122][T12089]  do_syscall_64+0x41/0xc0
[ 1075.493576][T12089]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1075.499488][T12089] RIP: 0033:0x7f9b1943e284
[ 1075.503916][T12089] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1075.523545][T12089] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1075.531980][T12089] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1075.539970][T12089] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1075.547950][T12089] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1075.555930][T12089] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1075.563914][T12089] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
06:27:18 executing program 2:
setsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f0000000200), 0x4)

[ 1075.571930][T12089]  </TASK>
06:27:18 executing program 2:
setsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f0000000200), 0x4)

06:27:18 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1800)

06:27:18 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 57)

06:27:18 executing program 2:
setsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f0000000200), 0x4)

06:27:18 executing program 2:
socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f0000000200), 0x4)

06:27:18 executing program 0:
getsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f0000000040), &(0x7f0000000140)=0x4)
openat$nci(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000080)={0x1, {0x0, 0x0, 0x0, 0x2, 0x3}}, 0x48)

[ 1075.797708][T12117] FAULT_INJECTION: forcing a failure.
[ 1075.797708][T12117] name fail_page_alloc, interval 1, probability 0, space 0, times 0
06:27:18 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xe00)

[ 1075.848176][T12117] CPU: 0 PID: 12117 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1075.858326][T12117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1075.868428][T12117] Call Trace:
[ 1075.871750][T12117]  <TASK>
[ 1075.874730][T12117]  dump_stack_lvl+0x1e7/0x2d0
[ 1075.879483][T12117]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1075.885005][T12117]  ? panic+0x770/0x770
[ 1075.889126][T12117]  ? kasan_set_track+0x64/0x80
[ 1075.893954][T12117]  should_fail_ex+0x3aa/0x4e0
[ 1075.898698][T12117]  prepare_alloc_pages+0x1d9/0x5b0
[ 1075.903878][T12117]  __alloc_pages+0x16e/0x7f0
[ 1075.908528][T12117]  ? zone_statistics+0x170/0x170
[ 1075.913536][T12117]  ? alloc_pages+0x510/0x780
[ 1075.918186][T12117]  get_zeroed_page+0x17/0x40
[ 1075.922821][T12117]  mon_bin_open+0x237/0x500
[ 1075.927398][T12117]  chrdev_open+0x54e/0x630
[ 1075.931875][T12117]  ? cd_forget+0x160/0x160
[ 1075.936339][T12117]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1075.941591][T12117]  ? fsnotify_perm+0x471/0x590
[ 1075.946421][T12117]  ? cd_forget+0x160/0x160
[ 1075.950885][T12117]  do_dentry_open+0x7f9/0x10f0
[ 1075.955684][T12117]  path_openat+0x27b3/0x3170
[ 1075.960312][T12117]  ? getname_flags+0xbc/0x4e0
[ 1075.965007][T12117]  ? mark_lock+0x9a/0x340
[ 1075.969356][T12117]  ? do_filp_open+0x490/0x490
[ 1075.974056][T12117]  ? alloc_fd+0x59c/0x640
[ 1075.978398][T12117]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1075.984046][T12117]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1075.990067][T12117]  do_filp_open+0x234/0x490
[ 1075.994604][T12117]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1075.999255][T12117]  ? _raw_spin_unlock+0x28/0x40
[ 1076.004153][T12117]  ? alloc_fd+0x59c/0x640
[ 1076.008509][T12117]  do_sys_openat2+0x13f/0x500
[ 1076.013205][T12117]  ? mutex_unlock+0x10/0x10
[ 1076.017723][T12117]  ? do_sys_open+0x230/0x230
[ 1076.022337][T12117]  __x64_sys_openat+0x247/0x290
[ 1076.027204][T12117]  ? __ia32_sys_open+0x270/0x270
[ 1076.032155][T12117]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1076.038145][T12117]  ? lockdep_hardirqs_on+0x98/0x140
[ 1076.043360][T12117]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1076.049357][T12117]  do_syscall_64+0x41/0xc0
[ 1076.053817][T12117]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1076.059733][T12117] RIP: 0033:0x7f9b1943e284
[ 1076.064157][T12117] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1076.083862][T12117] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
06:27:19 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x181081, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair(0x2a, 0x5, 0xfff, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r4, 0x0, 0x0)

06:27:19 executing program 2:
socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f0000000200), 0x4)

[ 1076.092286][T12117] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1076.100269][T12117] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1076.108250][T12117] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1076.116233][T12117] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1076.124213][T12117] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1076.132215][T12117]  </TASK>
06:27:19 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 58)

06:27:19 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x2000)

06:27:19 executing program 2:
socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f0000000200), 0x4)

06:27:19 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1100)

06:27:19 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, 0x0, 0x0)

06:27:19 executing program 0:
getsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f0000000040), &(0x7f0000000140)=0x4) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000080)={0x1, {0x0, 0x0, 0x0, 0x2, 0x3}}, 0x48)

06:27:19 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x2112)

[ 1076.392874][T12151] FAULT_INJECTION: forcing a failure.
[ 1076.392874][T12151] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1076.449029][T12151] CPU: 1 PID: 12151 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1076.459189][T12151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1076.469286][T12151] Call Trace:
[ 1076.472612][T12151]  <TASK>
[ 1076.475591][T12151]  dump_stack_lvl+0x1e7/0x2d0
[ 1076.480341][T12151]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1076.485861][T12151]  ? panic+0x770/0x770
[ 1076.489985][T12151]  ? kasan_set_track+0x64/0x80
[ 1076.494804][T12151]  should_fail_ex+0x3aa/0x4e0
06:27:19 executing program 5:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000080)=0x6, 0x4)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r1, 0x0, 0x0)

[ 1076.499545][T12151]  prepare_alloc_pages+0x1d9/0x5b0
[ 1076.504776][T12151]  __alloc_pages+0x16e/0x7f0
[ 1076.509422][T12151]  ? zone_statistics+0x170/0x170
[ 1076.514423][T12151]  ? alloc_pages+0x510/0x780
[ 1076.519071][T12151]  get_zeroed_page+0x17/0x40
[ 1076.523695][T12151]  mon_bin_open+0x237/0x500
[ 1076.528228][T12151]  chrdev_open+0x54e/0x630
[ 1076.532658][T12151]  ? cd_forget+0x160/0x160
[ 1076.537088][T12151]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1076.542311][T12151]  ? fsnotify_perm+0x471/0x590
[ 1076.547099][T12151]  ? cd_forget+0x160/0x160
[ 1076.551527][T12151]  do_dentry_open+0x7f9/0x10f0
[ 1076.556318][T12151]  path_openat+0x27b3/0x3170
[ 1076.560936][T12151]  ? __kfence_alloc+0x344/0x370
[ 1076.565803][T12151]  ? __kfence_alloc+0x265/0x370
[ 1076.570685][T12151]  ? mark_lock+0x9a/0x340
[ 1076.575029][T12151]  ? do_filp_open+0x490/0x490
[ 1076.579724][T12151]  ? alloc_fd+0x59c/0x640
[ 1076.584068][T12151]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1076.589717][T12151]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1076.595729][T12151]  do_filp_open+0x234/0x490
[ 1076.600253][T12151]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1076.604884][T12151]  ? _raw_spin_unlock+0x28/0x40
[ 1076.609749][T12151]  ? alloc_fd+0x59c/0x640
[ 1076.614105][T12151]  do_sys_openat2+0x13f/0x500
[ 1076.618802][T12151]  ? mutex_unlock+0x10/0x10
[ 1076.623317][T12151]  ? do_sys_open+0x230/0x230
[ 1076.627932][T12151]  __x64_sys_openat+0x247/0x290
[ 1076.632797][T12151]  ? __ia32_sys_open+0x270/0x270
[ 1076.637751][T12151]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1076.643755][T12151]  ? lockdep_hardirqs_on+0x98/0x140
[ 1076.649016][T12151]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1076.655015][T12151]  do_syscall_64+0x41/0xc0
[ 1076.659452][T12151]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1076.665358][T12151] RIP: 0033:0x7f9b1943e284
[ 1076.669792][T12151] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1076.689405][T12151] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1076.697831][T12151] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1076.705833][T12151] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1076.713898][T12151] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1076.721881][T12151] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1076.729858][T12151] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1076.737859][T12151]  </TASK>
06:27:19 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, 0x0, 0x0)

06:27:19 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, 0x0, 0x0)

06:27:19 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x2500)

06:27:19 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 59)

06:27:19 executing program 0:
getsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f0000000040), &(0x7f0000000140)=0x4)
openat$nci(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000080)={0x1, {0x0, 0x0, 0x0, 0x2, 0x3}}, 0x48)
getsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f0000000040), &(0x7f0000000140)=0x4) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000080)={0x1, {0x0, 0x0, 0x0, 0x2, 0x3}}, 0x48) (async)

06:27:20 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x2000)

06:27:20 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x113d)

[ 1076.969808][T12186] FAULT_INJECTION: forcing a failure.
[ 1076.969808][T12186] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1077.013484][T12186] CPU: 0 PID: 12186 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1077.023633][T12186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1077.033744][T12186] Call Trace:
[ 1077.037065][T12186]  <TASK>
[ 1077.040037][T12186]  dump_stack_lvl+0x1e7/0x2d0
[ 1077.044782][T12186]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1077.050315][T12186]  ? panic+0x770/0x770
[ 1077.054451][T12186]  ? kasan_set_track+0x64/0x80
[ 1077.059274][T12186]  should_fail_ex+0x3aa/0x4e0
[ 1077.064011][T12186]  prepare_alloc_pages+0x1d9/0x5b0
[ 1077.069231][T12186]  __alloc_pages+0x16e/0x7f0
[ 1077.073873][T12186]  ? zone_statistics+0x170/0x170
[ 1077.078874][T12186]  ? alloc_pages+0x510/0x780
[ 1077.083524][T12186]  get_zeroed_page+0x17/0x40
[ 1077.088164][T12186]  mon_bin_open+0x237/0x500
[ 1077.092736][T12186]  chrdev_open+0x54e/0x630
[ 1077.097243][T12186]  ? cd_forget+0x160/0x160
[ 1077.101704][T12186]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1077.106955][T12186]  ? fsnotify_perm+0x471/0x590
06:27:20 executing program 5:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000080)=0x6, 0x4)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r1, 0x0, 0x0)

06:27:20 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x3d11)

[ 1077.111785][T12186]  ? cd_forget+0x160/0x160
[ 1077.116250][T12186]  do_dentry_open+0x7f9/0x10f0
[ 1077.121122][T12186]  path_openat+0x27b3/0x3170
[ 1077.125801][T12186]  ? getname_flags+0xbc/0x4e0
[ 1077.130539][T12186]  ? mark_lock+0x9a/0x340
[ 1077.134927][T12186]  ? do_filp_open+0x490/0x490
[ 1077.139665][T12186]  ? alloc_fd+0x59c/0x640
[ 1077.144046][T12186]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1077.149736][T12186]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1077.155821][T12186]  do_filp_open+0x234/0x490
[ 1077.160390][T12186]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1077.165083][T12186]  ? _raw_spin_unlock+0x28/0x40
[ 1077.169986][T12186]  ? alloc_fd+0x59c/0x640
[ 1077.174377][T12186]  do_sys_openat2+0x13f/0x500
[ 1077.179110][T12186]  ? mutex_unlock+0x10/0x10
[ 1077.183673][T12186]  ? do_sys_open+0x230/0x230
[ 1077.188334][T12186]  __x64_sys_openat+0x247/0x290
[ 1077.193239][T12186]  ? __ia32_sys_open+0x270/0x270
[ 1077.198235][T12186]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1077.204260][T12186]  ? lockdep_hardirqs_on+0x98/0x140
06:27:20 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xe00)

[ 1077.209506][T12186]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1077.215548][T12186]  do_syscall_64+0x41/0xc0
[ 1077.220022][T12186]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1077.225966][T12186] RIP: 0033:0x7f9b1943e284
[ 1077.230426][T12186] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1077.250079][T12186] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
06:27:20 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 60)

[ 1077.258550][T12186] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1077.266563][T12186] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1077.274580][T12186] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1077.282593][T12186] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1077.290607][T12186] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1077.298648][T12186]  </TASK>
06:27:20 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x114b)

06:27:20 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x3f00)

06:27:20 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

[ 1077.450782][T12222] FAULT_INJECTION: forcing a failure.
[ 1077.450782][T12222] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1077.506510][T12222] CPU: 0 PID: 12222 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1077.516655][T12222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1077.526756][T12222] Call Trace:
[ 1077.530072][T12222]  <TASK>
[ 1077.533035][T12222]  dump_stack_lvl+0x1e7/0x2d0
[ 1077.537769][T12222]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1077.543287][T12222]  ? panic+0x770/0x770
[ 1077.547408][T12222]  ? kasan_set_track+0x64/0x80
[ 1077.552225][T12222]  should_fail_ex+0x3aa/0x4e0
06:27:20 executing program 5:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000080)=0x6, 0x4) (async)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r1, 0x0, 0x0)

[ 1077.556961][T12222]  prepare_alloc_pages+0x1d9/0x5b0
[ 1077.562130][T12222]  __alloc_pages+0x16e/0x7f0
[ 1077.566761][T12222]  ? zone_statistics+0x170/0x170
[ 1077.571750][T12222]  ? alloc_pages+0x510/0x780
[ 1077.576390][T12222]  get_zeroed_page+0x17/0x40
[ 1077.581019][T12222]  mon_bin_open+0x237/0x500
[ 1077.585581][T12222]  chrdev_open+0x54e/0x630
[ 1077.590043][T12222]  ? cd_forget+0x160/0x160
[ 1077.594507][T12222]  ? fsnotify_perm+0x471/0x590
[ 1077.599335][T12222]  ? cd_forget+0x160/0x160
[ 1077.603802][T12222]  do_dentry_open+0x7f9/0x10f0
[ 1077.608643][T12222]  path_openat+0x27b3/0x3170
[ 1077.613306][T12222]  ? getname_flags+0xbc/0x4e0
[ 1077.618024][T12222]  ? mark_lock+0x9a/0x340
[ 1077.622414][T12222]  ? do_filp_open+0x490/0x490
[ 1077.627156][T12222]  ? alloc_fd+0x59c/0x640
[ 1077.631528][T12222]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1077.637223][T12222]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1077.643277][T12222]  do_filp_open+0x234/0x490
[ 1077.647840][T12222]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1077.652511][T12222]  ? _raw_spin_unlock+0x28/0x40
06:27:20 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1221)

[ 1077.657405][T12222]  ? alloc_fd+0x59c/0x640
[ 1077.661796][T12222]  do_sys_openat2+0x13f/0x500
[ 1077.666525][T12222]  ? mutex_unlock+0x10/0x10
[ 1077.671069][T12222]  ? do_sys_open+0x230/0x230
[ 1077.675725][T12222]  __x64_sys_openat+0x247/0x290
[ 1077.680620][T12222]  ? __ia32_sys_open+0x270/0x270
[ 1077.685605][T12222]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1077.691631][T12222]  ? lockdep_hardirqs_on+0x98/0x140
[ 1077.696872][T12222]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1077.702906][T12222]  do_syscall_64+0x41/0xc0
[ 1077.707376][T12222]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1077.713316][T12222] RIP: 0033:0x7f9b1943e284
[ 1077.717774][T12222] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1077.737426][T12222] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1077.745898][T12222] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
06:27:20 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4000)

[ 1077.753913][T12222] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1077.761927][T12222] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1077.769939][T12222] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1077.777945][T12222] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1077.785981][T12222]  </TASK>
06:27:20 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
getsockopt$PNPIPE_HANDLE(0xffffffffffffffff, 0x113, 0x3, &(0x7f0000000000), &(0x7f0000000080)=0x4)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r1, 0xa03, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x488d2}, 0x40000)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

06:27:20 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 61)

06:27:20 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1200)

06:27:21 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000)) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)

06:27:21 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x181081, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair(0x2a, 0x5, 0xfff, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r4, 0x0, 0x0)

[ 1077.966595][T12261] FAULT_INJECTION: forcing a failure.
[ 1077.966595][T12261] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1078.005364][T12261] CPU: 0 PID: 12261 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1078.015507][T12261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1078.025605][T12261] Call Trace:
[ 1078.028926][T12261]  <TASK>
[ 1078.031895][T12261]  dump_stack_lvl+0x1e7/0x2d0
[ 1078.036728][T12261]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1078.042246][T12261]  ? panic+0x770/0x770
[ 1078.046365][T12261]  ? kasan_set_track+0x64/0x80
[ 1078.051197][T12261]  should_fail_ex+0x3aa/0x4e0
[ 1078.055937][T12261]  prepare_alloc_pages+0x1d9/0x5b0
[ 1078.061109][T12261]  __alloc_pages+0x16e/0x7f0
[ 1078.065756][T12261]  ? zone_statistics+0x170/0x170
[ 1078.070755][T12261]  ? alloc_pages+0x510/0x780
[ 1078.075403][T12261]  get_zeroed_page+0x17/0x40
[ 1078.080038][T12261]  mon_bin_open+0x237/0x500
[ 1078.084609][T12261]  chrdev_open+0x54e/0x630
[ 1078.089077][T12261]  ? cd_forget+0x160/0x160
[ 1078.093534][T12261]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1078.098788][T12261]  ? fsnotify_perm+0x471/0x590
[ 1078.103618][T12261]  ? cd_forget+0x160/0x160
[ 1078.108062][T12261]  do_dentry_open+0x7f9/0x10f0
[ 1078.112883][T12261]  path_openat+0x27b3/0x3170
[ 1078.117547][T12261]  ? getname_flags+0xbc/0x4e0
[ 1078.122316][T12261]  ? mark_lock+0x9a/0x340
[ 1078.126706][T12261]  ? do_filp_open+0x490/0x490
[ 1078.131443][T12261]  ? alloc_fd+0x59c/0x640
[ 1078.135822][T12261]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1078.141517][T12261]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1078.147575][T12261]  do_filp_open+0x234/0x490
[ 1078.152137][T12261]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1078.156820][T12261]  ? _raw_spin_unlock+0x28/0x40
[ 1078.161716][T12261]  ? alloc_fd+0x59c/0x640
[ 1078.166100][T12261]  do_sys_openat2+0x13f/0x500
[ 1078.170824][T12261]  ? mutex_unlock+0x10/0x10
[ 1078.175371][T12261]  ? do_sys_open+0x230/0x230
[ 1078.180020][T12261]  __x64_sys_openat+0x247/0x290
[ 1078.185018][T12261]  ? __ia32_sys_open+0x270/0x270
[ 1078.190013][T12261]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1078.196047][T12261]  ? lockdep_hardirqs_on+0x98/0x140
[ 1078.201301][T12261]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1078.207332][T12261]  do_syscall_64+0x41/0xc0
[ 1078.211805][T12261]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1078.217750][T12261] RIP: 0033:0x7f9b1943e284
[ 1078.222208][T12261] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1078.241859][T12261] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1078.250335][T12261] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1078.258336][T12261] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
06:27:21 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
getsockopt$PNPIPE_HANDLE(0xffffffffffffffff, 0x113, 0x3, &(0x7f0000000000), &(0x7f0000000080)=0x4) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r1, 0xa03, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x488d2}, 0x40000)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0)

06:27:21 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1221)

06:27:21 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4800)

[ 1078.266360][T12261] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1078.274383][T12261] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1078.282395][T12261] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1078.290437][T12261]  </TASK>
06:27:21 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000)) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:21 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x181081, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair(0x2a, 0x5, 0xfff, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r4, 0x0, 0x0)

06:27:21 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
getsockopt$PNPIPE_HANDLE(0xffffffffffffffff, 0x113, 0x3, &(0x7f0000000000), &(0x7f0000000080)=0x4) (async)
getsockopt$PNPIPE_HANDLE(0xffffffffffffffff, 0x113, 0x3, &(0x7f0000000000), &(0x7f0000000080)=0x4)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000100), r0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r1, 0xa03, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x488d2}, 0x40000)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

06:27:21 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4b11)

06:27:21 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 62)

06:27:21 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000080)=0x10)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
getsockopt$SO_J1939_PROMISC(0xffffffffffffffff, 0x6b, 0x2, &(0x7f0000000140), &(0x7f0000000180)=0x4)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
write$vhost_msg(r0, &(0x7f00000000c0)={0x1, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x55)

06:27:21 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1800)

[ 1078.562306][T12319] FAULT_INJECTION: forcing a failure.
[ 1078.562306][T12319] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1078.575856][T12319] CPU: 1 PID: 12319 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1078.585971][T12319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1078.596069][T12319] Call Trace:
[ 1078.599385][T12319]  <TASK>
[ 1078.602357][T12319]  dump_stack_lvl+0x1e7/0x2d0
[ 1078.607099][T12319]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1078.612626][T12319]  ? panic+0x770/0x770
[ 1078.616745][T12319]  ? kasan_set_track+0x64/0x80
[ 1078.621565][T12319]  should_fail_ex+0x3aa/0x4e0
[ 1078.626294][T12319]  prepare_alloc_pages+0x1d9/0x5b0
[ 1078.631463][T12319]  __alloc_pages+0x16e/0x7f0
[ 1078.636111][T12319]  ? zone_statistics+0x170/0x170
[ 1078.641113][T12319]  ? alloc_pages+0x510/0x780
[ 1078.645767][T12319]  get_zeroed_page+0x17/0x40
[ 1078.650395][T12319]  mon_bin_open+0x237/0x500
[ 1078.654955][T12319]  chrdev_open+0x54e/0x630
[ 1078.659419][T12319]  ? cd_forget+0x160/0x160
[ 1078.663875][T12319]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1078.669123][T12319]  ? fsnotify_perm+0x471/0x590
[ 1078.673953][T12319]  ? cd_forget+0x160/0x160
[ 1078.678407][T12319]  do_dentry_open+0x7f9/0x10f0
[ 1078.683240][T12319]  path_openat+0x27b3/0x3170
[ 1078.687903][T12319]  ? getname_flags+0xbc/0x4e0
[ 1078.692627][T12319]  ? mark_lock+0x9a/0x340
[ 1078.697006][T12319]  ? do_filp_open+0x490/0x490
[ 1078.701739][T12319]  ? alloc_fd+0x59c/0x640
[ 1078.706113][T12319]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1078.711809][T12319]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1078.717858][T12319]  do_filp_open+0x234/0x490
[ 1078.722417][T12319]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1078.727095][T12319]  ? _raw_spin_unlock+0x28/0x40
[ 1078.732004][T12319]  ? alloc_fd+0x59c/0x640
[ 1078.736392][T12319]  do_sys_openat2+0x13f/0x500
[ 1078.741120][T12319]  ? mutex_unlock+0x10/0x10
[ 1078.745686][T12319]  ? do_sys_open+0x230/0x230
[ 1078.750343][T12319]  __x64_sys_openat+0x247/0x290
[ 1078.755249][T12319]  ? __ia32_sys_open+0x270/0x270
[ 1078.760237][T12319]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1078.766266][T12319]  ? lockdep_hardirqs_on+0x98/0x140
[ 1078.771603][T12319]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1078.777636][T12319]  do_syscall_64+0x41/0xc0
[ 1078.782112][T12319]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1078.788059][T12319] RIP: 0033:0x7f9b1943e284
[ 1078.792510][T12319] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
06:27:21 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000080)=0x10) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
getsockopt$SO_J1939_PROMISC(0xffffffffffffffff, 0x6b, 0x2, &(0x7f0000000140), &(0x7f0000000180)=0x4) (async, rerun: 64)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async, rerun: 64)
write$vhost_msg(r0, &(0x7f00000000c0)={0x1, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x55)

06:27:21 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

[ 1078.812157][T12319] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1078.820619][T12319] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1078.828634][T12319] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1078.836652][T12319] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1078.844677][T12319] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1078.852694][T12319] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1078.860735][T12319]  </TASK>
06:27:21 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 63)

[ 1078.966883][T12347] FAULT_INJECTION: forcing a failure.
[ 1078.966883][T12347] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1078.980778][T12347] CPU: 1 PID: 12347 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1078.990898][T12347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1079.000992][T12347] Call Trace:
[ 1079.004303][T12347]  <TASK>
[ 1079.007268][T12347]  dump_stack_lvl+0x1e7/0x2d0
[ 1079.012008][T12347]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1079.017518][T12347]  ? panic+0x770/0x770
[ 1079.021636][T12347]  ? kasan_set_track+0x64/0x80
[ 1079.026434][T12347]  should_fail_ex+0x3aa/0x4e0
[ 1079.031142][T12347]  prepare_alloc_pages+0x1d9/0x5b0
[ 1079.036273][T12347]  __alloc_pages+0x16e/0x7f0
[ 1079.040880][T12347]  ? zone_statistics+0x170/0x170
[ 1079.045838][T12347]  ? alloc_pages+0x510/0x780
[ 1079.050470][T12347]  get_zeroed_page+0x17/0x40
[ 1079.055086][T12347]  mon_bin_open+0x237/0x500
[ 1079.059618][T12347]  chrdev_open+0x54e/0x630
[ 1079.064045][T12347]  ? cd_forget+0x160/0x160
[ 1079.068472][T12347]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1079.073690][T12347]  ? fsnotify_perm+0x471/0x590
[ 1079.078479][T12347]  ? cd_forget+0x160/0x160
[ 1079.082902][T12347]  do_dentry_open+0x7f9/0x10f0
[ 1079.087695][T12347]  path_openat+0x27b3/0x3170
[ 1079.092322][T12347]  ? getname_flags+0xbc/0x4e0
[ 1079.097016][T12347]  ? mark_lock+0x9a/0x340
[ 1079.101385][T12347]  ? do_filp_open+0x490/0x490
[ 1079.106078][T12347]  ? alloc_fd+0x59c/0x640
[ 1079.110426][T12347]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1079.116080][T12347]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1079.122092][T12347]  do_filp_open+0x234/0x490
[ 1079.126623][T12347]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1079.131252][T12347]  ? _raw_spin_unlock+0x28/0x40
[ 1079.136119][T12347]  ? alloc_fd+0x59c/0x640
[ 1079.140473][T12347]  do_sys_openat2+0x13f/0x500
[ 1079.145163][T12347]  ? mutex_unlock+0x10/0x10
[ 1079.149680][T12347]  ? do_sys_open+0x230/0x230
[ 1079.154291][T12347]  __x64_sys_openat+0x247/0x290
[ 1079.159156][T12347]  ? __ia32_sys_open+0x270/0x270
[ 1079.164115][T12347]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1079.170110][T12347]  ? lockdep_hardirqs_on+0x98/0x140
[ 1079.175321][T12347]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1079.181316][T12347]  do_syscall_64+0x41/0xc0
[ 1079.185757][T12347]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1079.191686][T12347] RIP: 0033:0x7f9b1943e284
[ 1079.196113][T12347] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
06:27:22 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4c00)

06:27:22 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x181081, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair(0x2a, 0x5, 0xfff, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
r4 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r4, 0x0, 0x0)

[ 1079.215726][T12347] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1079.224153][T12347] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1079.232132][T12347] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1079.240129][T12347] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1079.248108][T12347] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1079.256085][T12347] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1079.264091][T12347]  </TASK>
06:27:22 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 64)

06:27:22 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000080)=0x10)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
getsockopt$SO_J1939_PROMISC(0xffffffffffffffff, 0x6b, 0x2, &(0x7f0000000140), &(0x7f0000000180)=0x4) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
write$vhost_msg(r0, &(0x7f00000000c0)={0x1, {0x0, 0x0, 0x0, 0x0, 0x3}}, 0x55)

06:27:22 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x2000)

06:27:22 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0)

[ 1079.398254][T12358] FAULT_INJECTION: forcing a failure.
[ 1079.398254][T12358] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1079.447741][T12358] CPU: 0 PID: 12358 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1079.457892][T12358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1079.467993][T12358] Call Trace:
[ 1079.471312][T12358]  <TASK>
[ 1079.474292][T12358]  dump_stack_lvl+0x1e7/0x2d0
[ 1079.479032][T12358]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1079.484549][T12358]  ? panic+0x770/0x770
[ 1079.488670][T12358]  ? kasan_set_track+0x64/0x80
[ 1079.493493][T12358]  should_fail_ex+0x3aa/0x4e0
[ 1079.498275][T12358]  prepare_alloc_pages+0x1d9/0x5b0
[ 1079.503443][T12358]  __alloc_pages+0x16e/0x7f0
[ 1079.508089][T12358]  ? zone_statistics+0x170/0x170
[ 1079.513090][T12358]  ? alloc_pages+0x510/0x780
[ 1079.517735][T12358]  get_zeroed_page+0x17/0x40
[ 1079.522369][T12358]  mon_bin_open+0x237/0x500
[ 1079.526930][T12358]  chrdev_open+0x54e/0x630
[ 1079.531400][T12358]  ? cd_forget+0x160/0x160
[ 1079.535869][T12358]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1079.541121][T12358]  ? fsnotify_perm+0x471/0x590
[ 1079.545931][T12358]  ? cd_forget+0x160/0x160
[ 1079.550361][T12358]  do_dentry_open+0x7f9/0x10f0
[ 1079.555155][T12358]  path_openat+0x27b3/0x3170
[ 1079.559778][T12358]  ? getname_flags+0xbc/0x4e0
[ 1079.564469][T12358]  ? mark_lock+0x9a/0x340
[ 1079.568816][T12358]  ? do_filp_open+0x490/0x490
[ 1079.573511][T12358]  ? alloc_fd+0x59c/0x640
[ 1079.577860][T12358]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1079.583521][T12358]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1079.589545][T12358]  do_filp_open+0x234/0x490
[ 1079.594078][T12358]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1079.598710][T12358]  ? _raw_spin_unlock+0x28/0x40
[ 1079.603584][T12358]  ? alloc_fd+0x59c/0x640
[ 1079.607959][T12358]  do_sys_openat2+0x13f/0x500
[ 1079.612652][T12358]  ? mutex_unlock+0x10/0x10
[ 1079.617167][T12358]  ? do_sys_open+0x230/0x230
[ 1079.621782][T12358]  __x64_sys_openat+0x247/0x290
[ 1079.626647][T12358]  ? __ia32_sys_open+0x270/0x270
[ 1079.631605][T12358]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1079.637596][T12358]  ? lockdep_hardirqs_on+0x98/0x140
[ 1079.642811][T12358]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1079.648808][T12358]  do_syscall_64+0x41/0xc0
[ 1079.653257][T12358]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1079.659166][T12358] RIP: 0033:0x7f9b1943e284
[ 1079.663609][T12358] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1079.683227][T12358] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
06:27:22 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan1\x00'})
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r1, &(0x7f0000000100)={0x1, {0x0, 0x0, 0x0, 0x2, 0x1}}, 0x48)

[ 1079.691656][T12358] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1079.699639][T12358] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1079.707622][T12358] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1079.715599][T12358] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1079.723578][T12358] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1079.731584][T12358]  </TASK>
06:27:22 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 65)

06:27:22 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x5c00)

[ 1079.824637][T12387] FAULT_INJECTION: forcing a failure.
[ 1079.824637][T12387] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1079.863266][T12387] CPU: 0 PID: 12387 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1079.873412][T12387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1079.883512][T12387] Call Trace:
[ 1079.886834][T12387]  <TASK>
[ 1079.889802][T12387]  dump_stack_lvl+0x1e7/0x2d0
[ 1079.894551][T12387]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1079.900069][T12387]  ? panic+0x770/0x770
[ 1079.904240][T12387]  ? kasan_set_track+0x64/0x80
[ 1079.909069][T12387]  should_fail_ex+0x3aa/0x4e0
[ 1079.913806][T12387]  prepare_alloc_pages+0x1d9/0x5b0
[ 1079.918986][T12387]  __alloc_pages+0x16e/0x7f0
[ 1079.923626][T12387]  ? zone_statistics+0x170/0x170
[ 1079.928600][T12387]  ? alloc_pages+0x510/0x780
[ 1079.933208][T12387]  get_zeroed_page+0x17/0x40
[ 1079.937808][T12387]  mon_bin_open+0x237/0x500
[ 1079.942340][T12387]  chrdev_open+0x54e/0x630
[ 1079.946771][T12387]  ? cd_forget+0x160/0x160
[ 1079.951198][T12387]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1079.956409][T12387]  ? fsnotify_perm+0x471/0x590
[ 1079.961193][T12387]  ? cd_forget+0x160/0x160
[ 1079.965615][T12387]  do_dentry_open+0x7f9/0x10f0
[ 1079.970412][T12387]  path_openat+0x27b3/0x3170
[ 1079.975040][T12387]  ? getname_flags+0xbc/0x4e0
[ 1079.979735][T12387]  ? mark_lock+0x9a/0x340
[ 1079.984087][T12387]  ? do_filp_open+0x490/0x490
[ 1079.988790][T12387]  ? alloc_fd+0x59c/0x640
[ 1079.993201][T12387]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1079.998866][T12387]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1080.004890][T12387]  do_filp_open+0x234/0x490
[ 1080.009419][T12387]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1080.014054][T12387]  ? _raw_spin_unlock+0x28/0x40
[ 1080.018919][T12387]  ? alloc_fd+0x59c/0x640
[ 1080.023270][T12387]  do_sys_openat2+0x13f/0x500
[ 1080.027961][T12387]  ? mutex_unlock+0x10/0x10
[ 1080.032476][T12387]  ? do_sys_open+0x230/0x230
[ 1080.037092][T12387]  __x64_sys_openat+0x247/0x290
[ 1080.041959][T12387]  ? __ia32_sys_open+0x270/0x270
[ 1080.046910][T12387]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1080.052906][T12387]  ? lockdep_hardirqs_on+0x98/0x140
[ 1080.058118][T12387]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1080.064116][T12387]  do_syscall_64+0x41/0xc0
[ 1080.068559][T12387]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1080.074495][T12387] RIP: 0033:0x7f9b1943e284
[ 1080.078946][T12387] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1080.098561][T12387] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1080.107001][T12387] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1080.115011][T12387] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
06:27:23 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x181081, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair(0x2a, 0x5, 0xfff, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

[ 1080.123002][T12387] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1080.130985][T12387] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1080.138975][T12387] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1080.146974][T12387]  </TASK>
06:27:23 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0)

06:27:23 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x2112)

06:27:23 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 66)

06:27:23 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x6000)

06:27:23 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan1\x00'})
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r1, &(0x7f0000000100)={0x1, {0x0, 0x0, 0x0, 0x2, 0x1}}, 0x48)

06:27:23 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x2500)

[ 1080.397564][T12418] FAULT_INJECTION: forcing a failure.
[ 1080.397564][T12418] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1080.432073][T12418] CPU: 1 PID: 12418 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1080.442237][T12418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1080.452338][T12418] Call Trace:
[ 1080.455656][T12418]  <TASK>
[ 1080.458632][T12418]  dump_stack_lvl+0x1e7/0x2d0
[ 1080.463389][T12418]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1080.468906][T12418]  ? panic+0x770/0x770
[ 1080.473079][T12418]  ? kasan_set_track+0x64/0x80
[ 1080.477899][T12418]  should_fail_ex+0x3aa/0x4e0
[ 1080.482631][T12418]  prepare_alloc_pages+0x1d9/0x5b0
[ 1080.487799][T12418]  __alloc_pages+0x16e/0x7f0
[ 1080.492440][T12418]  ? zone_statistics+0x170/0x170
[ 1080.497446][T12418]  ? alloc_pages+0x510/0x780
[ 1080.502092][T12418]  get_zeroed_page+0x17/0x40
[ 1080.506727][T12418]  mon_bin_open+0x237/0x500
[ 1080.511290][T12418]  chrdev_open+0x54e/0x630
[ 1080.515755][T12418]  ? cd_forget+0x160/0x160
[ 1080.520215][T12418]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1080.525469][T12418]  ? fsnotify_perm+0x471/0x590
[ 1080.530287][T12418]  ? cd_forget+0x160/0x160
[ 1080.534738][T12418]  do_dentry_open+0x7f9/0x10f0
[ 1080.539572][T12418]  path_openat+0x27b3/0x3170
[ 1080.544234][T12418]  ? getname_flags+0xbc/0x4e0
[ 1080.548981][T12418]  ? mark_lock+0x9a/0x340
[ 1080.553379][T12418]  ? do_filp_open+0x490/0x490
[ 1080.558111][T12418]  ? alloc_fd+0x59c/0x640
[ 1080.562487][T12418]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1080.568179][T12418]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1080.574232][T12418]  do_filp_open+0x234/0x490
[ 1080.578805][T12418]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1080.583486][T12418]  ? _raw_spin_unlock+0x28/0x40
[ 1080.588387][T12418]  ? alloc_fd+0x59c/0x640
[ 1080.592784][T12418]  do_sys_openat2+0x13f/0x500
06:27:23 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x3d11)

[ 1080.597518][T12418]  ? mutex_unlock+0x10/0x10
[ 1080.602069][T12418]  ? do_sys_open+0x230/0x230
[ 1080.606727][T12418]  __x64_sys_openat+0x247/0x290
[ 1080.611630][T12418]  ? __ia32_sys_open+0x270/0x270
[ 1080.616625][T12418]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1080.622652][T12418]  ? lockdep_hardirqs_on+0x98/0x140
[ 1080.627901][T12418]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1080.633943][T12418]  do_syscall_64+0x41/0xc0
[ 1080.638425][T12418]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1080.644370][T12418] RIP: 0033:0x7f9b1943e284
06:27:23 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x3f00)

[ 1080.648823][T12418] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1080.668471][T12418] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1080.676925][T12418] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1080.684940][T12418] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
06:27:23 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x6800)

06:27:23 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x181081, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair(0x2a, 0x5, 0xfff, &(0x7f00000000c0)={<r3=>0xffffffffffffffff})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)

[ 1080.692968][T12418] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1080.700993][T12418] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1080.709008][T12418] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1080.717048][T12418]  </TASK>
06:27:23 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan1\x00'})
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r1, &(0x7f0000000100)={0x1, {0x0, 0x0, 0x0, 0x2, 0x1}}, 0x48)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vxcan1\x00'}) (async)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
write$vhost_msg(r1, &(0x7f0000000100)={0x1, {0x0, 0x0, 0x0, 0x2, 0x1}}, 0x48) (async)

06:27:23 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 67)

06:27:23 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4000)

06:27:23 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'team0\x00', <r3=>0x0})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'erspan0\x00', &(0x7f0000000100)={'tunl0\x00', <r4=>0x0, 0x701, 0x20, 0xfffff94b, 0x3, {{0x1c, 0x4, 0x0, 0x13, 0x70, 0x66, 0x0, 0x4, 0x2f, 0x0, @broadcast, @private=0xa010102, {[@ssrr={0x89, 0x7, 0x99, [@initdev={0xac, 0x1e, 0x0, 0x0}]}, @timestamp={0x44, 0x8, 0x98, 0x0, 0x2, [0x80]}, @ssrr={0x89, 0x23, 0x10, [@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @dev={0xac, 0x14, 0x14, 0x31}, @dev={0xac, 0x14, 0x14, 0x1c}, @empty, @private=0xa010100, @empty]}, @timestamp={0x44, 0x24, 0xaf, 0x0, 0x2, [0x791f, 0x8, 0xcc9, 0x4, 0x800, 0x0, 0x406, 0x7]}, @ra={0x94, 0x4, 0x1}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'syztnl1\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="6772b78efb1400000000000006fff900", @ANYRES32=<r5=>0x0, @ANYBLOB="0001800000000006000000044bb1006c0065000005049078ac1414bbe000000194040000892749ac14143dac1414bb640101000a0101017f000001e0000002ac1414aa7f000001ffffffff004408faa06000000044242231ac1e0001000000047f00000100000007ffffffff00000001e000000200000002"]})
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'vxcan0\x00', <r6=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'batadv_slave_1\x00', <r7=>0x0})
r8 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r8, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
setsockopt$SO_J1939_FILTER(r8, 0x6b, 0x1, &(0x7f0000000a80)=[{0x3, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x1, 0x3}, 0x1, 0x1}, {0x2, 0x2, {0x1, 0xff, 0x1}, {0x0, 0xff, 0x2}, 0x1}, {0x3, 0x3, {0x0, 0xff, 0x1}, {0x0, 0xff, 0x3}, 0x0, 0xfe}, {0x0, 0x3, {0x2, 0x0, 0x2}, {0x2, 0xff, 0x3}, 0xff, 0xff}, {0x1, 0x3, {0x2, 0xf0}, {0x0, 0xf0, 0x2}, 0x2, 0x2}, {0x3, 0x0, {0x1, 0xff, 0x5}, {0x1, 0xff, 0x2}, 0x2, 0x1}, {0x1, 0x2, {0x0, 0x1, 0x1}, {0x2, 0xf0, 0x4}, 0xfd, 0xfd}, {0x2, 0x1, {0x2, 0x1, 0x2}, {0x0, 0x1, 0x1}, 0xfc, 0xff}], 0x100)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'team0\x00', <r9=>0x0})
sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000000a40)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000a00)={&(0x7f00000003c0)={0x608, r2, 0x20, 0x70bd27, 0x25dfdbfc, {}, [{{0x8, 0x1, r3}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3ff}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xff}}}]}}, {{0x8}, {0x178, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r5}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xeb}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}, {{0x8}, {0x224, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r6}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xd6b}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r7}}, {0x8}}}, {0x74, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x44, 0x4, [{0x3, 0x4, 0x1, 0x5}, {0x0, 0x81, 0x0, 0x8}, {0xfffb, 0x0, 0x8, 0xfff}, {0x7a, 0x4, 0x94, 0x7}, {0x8, 0x20, 0x20, 0x3e0f}, {0x40, 0x1f, 0x6, 0xffffffc0}, {0x20, 0x7f, 0x1, 0x4309bc6a}, {0x7, 0x80, 0x0, 0x81}]}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}]}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r9}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}]}, 0x608}}, 0x20040004)
write$vhost_msg(r0, 0x0, 0x0)

06:27:23 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x6c00)

[ 1080.938426][T12466] FAULT_INJECTION: forcing a failure.
[ 1080.938426][T12466] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1080.955395][T12466] CPU: 1 PID: 12466 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1080.965534][T12466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1080.975633][T12466] Call Trace:
[ 1080.978948][T12466]  <TASK>
[ 1080.981909][T12466]  dump_stack_lvl+0x1e7/0x2d0
[ 1080.986648][T12466]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1080.992154][T12466]  ? panic+0x770/0x770
[ 1080.996282][T12466]  should_fail_ex+0x3aa/0x4e0
[ 1081.001019][T12466]  prepare_alloc_pages+0x1d9/0x5b0
[ 1081.006195][T12466]  __alloc_pages+0x16e/0x7f0
[ 1081.010842][T12466]  ? zone_statistics+0x170/0x170
[ 1081.015846][T12466]  ? alloc_pages+0x510/0x780
[ 1081.020500][T12466]  get_zeroed_page+0x17/0x40
[ 1081.025137][T12466]  mon_bin_open+0x237/0x500
[ 1081.029699][T12466]  chrdev_open+0x54e/0x630
[ 1081.034165][T12466]  ? cd_forget+0x160/0x160
[ 1081.038630][T12466]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1081.043880][T12466]  ? fsnotify_perm+0x471/0x590
[ 1081.048713][T12466]  ? cd_forget+0x160/0x160
[ 1081.053171][T12466]  do_dentry_open+0x7f9/0x10f0
[ 1081.058002][T12466]  path_openat+0x27b3/0x3170
[ 1081.062666][T12466]  ? getname_flags+0xbc/0x4e0
[ 1081.067391][T12466]  ? mark_lock+0x9a/0x340
[ 1081.071768][T12466]  ? do_filp_open+0x490/0x490
[ 1081.076503][T12466]  ? alloc_fd+0x59c/0x640
[ 1081.080883][T12466]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1081.086580][T12466]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1081.092633][T12466]  do_filp_open+0x234/0x490
[ 1081.097193][T12466]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1081.101865][T12466]  ? _raw_spin_unlock+0x28/0x40
[ 1081.106777][T12466]  ? alloc_fd+0x59c/0x640
[ 1081.111162][T12466]  do_sys_openat2+0x13f/0x500
[ 1081.115887][T12466]  ? mutex_unlock+0x10/0x10
[ 1081.120451][T12466]  ? do_sys_open+0x230/0x230
[ 1081.125105][T12466]  __x64_sys_openat+0x247/0x290
[ 1081.130013][T12466]  ? __ia32_sys_open+0x270/0x270
[ 1081.135003][T12466]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1081.141025][T12466]  ? lockdep_hardirqs_on+0x98/0x140
[ 1081.146274][T12466]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1081.152334][T12466]  do_syscall_64+0x41/0xc0
[ 1081.156820][T12466]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1081.162760][T12466] RIP: 0033:0x7f9b1943e284
[ 1081.167212][T12466] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
06:27:24 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x181081, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair(0x2a, 0x5, 0xfff, &(0x7f00000000c0)={<r2=>0xffffffffffffffff})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2)

06:27:24 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff) (async, rerun: 32)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'team0\x00', <r3=>0x0}) (rerun: 32)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'erspan0\x00', &(0x7f0000000100)={'tunl0\x00', <r4=>0x0, 0x701, 0x20, 0xfffff94b, 0x3, {{0x1c, 0x4, 0x0, 0x13, 0x70, 0x66, 0x0, 0x4, 0x2f, 0x0, @broadcast, @private=0xa010102, {[@ssrr={0x89, 0x7, 0x99, [@initdev={0xac, 0x1e, 0x0, 0x0}]}, @timestamp={0x44, 0x8, 0x98, 0x0, 0x2, [0x80]}, @ssrr={0x89, 0x23, 0x10, [@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @dev={0xac, 0x14, 0x14, 0x31}, @dev={0xac, 0x14, 0x14, 0x1c}, @empty, @private=0xa010100, @empty]}, @timestamp={0x44, 0x24, 0xaf, 0x0, 0x2, [0x791f, 0x8, 0xcc9, 0x4, 0x800, 0x0, 0x406, 0x7]}, @ra={0x94, 0x4, 0x1}]}}}}}) (async, rerun: 64)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'syztnl1\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="6772b78efb1400000000000006fff900", @ANYRES32=<r5=>0x0, @ANYBLOB="0001800000000006000000044bb1006c0065000005049078ac1414bbe000000194040000892749ac14143dac1414bb640101000a0101017f000001e0000002ac1414aa7f000001ffffffff004408faa06000000044242231ac1e0001000000047f00000100000007ffffffff00000001e000000200000002"]}) (async, rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'vxcan0\x00', <r6=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'batadv_slave_1\x00', <r7=>0x0})
r8 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r8, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
setsockopt$SO_J1939_FILTER(r8, 0x6b, 0x1, &(0x7f0000000a80)=[{0x3, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x1, 0x3}, 0x1, 0x1}, {0x2, 0x2, {0x1, 0xff, 0x1}, {0x0, 0xff, 0x2}, 0x1}, {0x3, 0x3, {0x0, 0xff, 0x1}, {0x0, 0xff, 0x3}, 0x0, 0xfe}, {0x0, 0x3, {0x2, 0x0, 0x2}, {0x2, 0xff, 0x3}, 0xff, 0xff}, {0x1, 0x3, {0x2, 0xf0}, {0x0, 0xf0, 0x2}, 0x2, 0x2}, {0x3, 0x0, {0x1, 0xff, 0x5}, {0x1, 0xff, 0x2}, 0x2, 0x1}, {0x1, 0x2, {0x0, 0x1, 0x1}, {0x2, 0xf0, 0x4}, 0xfd, 0xfd}, {0x2, 0x1, {0x2, 0x1, 0x2}, {0x0, 0x1, 0x1}, 0xfc, 0xff}], 0x100) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'team0\x00', <r9=>0x0})
sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000000a40)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000a00)={&(0x7f00000003c0)={0x608, r2, 0x20, 0x70bd27, 0x25dfdbfc, {}, [{{0x8, 0x1, r3}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3ff}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xff}}}]}}, {{0x8}, {0x178, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r5}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xeb}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}, {{0x8}, {0x224, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r6}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xd6b}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r7}}, {0x8}}}, {0x74, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x44, 0x4, [{0x3, 0x4, 0x1, 0x5}, {0x0, 0x81, 0x0, 0x8}, {0xfffb, 0x0, 0x8, 0xfff}, {0x7a, 0x4, 0x94, 0x7}, {0x8, 0x20, 0x20, 0x3e0f}, {0x40, 0x1f, 0x6, 0xffffffc0}, {0x20, 0x7f, 0x1, 0x4309bc6a}, {0x7, 0x80, 0x0, 0x81}]}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}]}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r9}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}]}, 0x608}}, 0x20040004) (async)
write$vhost_msg(r0, 0x0, 0x0)

06:27:24 executing program 0:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000880))
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

[ 1081.186867][T12466] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1081.195335][T12466] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1081.203349][T12466] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1081.211362][T12466] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1081.219374][T12466] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1081.227383][T12466] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1081.235418][T12466]  </TASK>
06:27:24 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 68)

06:27:24 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4100)

06:27:24 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x7400)

06:27:24 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'team0\x00', <r3=>0x0})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'erspan0\x00', &(0x7f0000000100)={'tunl0\x00', <r4=>0x0, 0x701, 0x20, 0xfffff94b, 0x3, {{0x1c, 0x4, 0x0, 0x13, 0x70, 0x66, 0x0, 0x4, 0x2f, 0x0, @broadcast, @private=0xa010102, {[@ssrr={0x89, 0x7, 0x99, [@initdev={0xac, 0x1e, 0x0, 0x0}]}, @timestamp={0x44, 0x8, 0x98, 0x0, 0x2, [0x80]}, @ssrr={0x89, 0x23, 0x10, [@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @dev={0xac, 0x14, 0x14, 0x31}, @dev={0xac, 0x14, 0x14, 0x1c}, @empty, @private=0xa010100, @empty]}, @timestamp={0x44, 0x24, 0xaf, 0x0, 0x2, [0x791f, 0x8, 0xcc9, 0x4, 0x800, 0x0, 0x406, 0x7]}, @ra={0x94, 0x4, 0x1}]}}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'syztnl1\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="6772b78efb1400000000000006fff900", @ANYRES32=<r5=>0x0, @ANYBLOB="0001800000000006000000044bb1006c0065000005049078ac1414bbe000000194040000892749ac14143dac1414bb640101000a0101017f000001e0000002ac1414aa7f000001ffffffff004408faa06000000044242231ac1e0001000000047f00000100000007ffffffff00000001e000000200000002"]})
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'vxcan0\x00', <r6=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'batadv_slave_1\x00', <r7=>0x0})
r8 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r8, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
setsockopt$SO_J1939_FILTER(r8, 0x6b, 0x1, &(0x7f0000000a80)=[{0x3, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x1, 0x3}, 0x1, 0x1}, {0x2, 0x2, {0x1, 0xff, 0x1}, {0x0, 0xff, 0x2}, 0x1}, {0x3, 0x3, {0x0, 0xff, 0x1}, {0x0, 0xff, 0x3}, 0x0, 0xfe}, {0x0, 0x3, {0x2, 0x0, 0x2}, {0x2, 0xff, 0x3}, 0xff, 0xff}, {0x1, 0x3, {0x2, 0xf0}, {0x0, 0xf0, 0x2}, 0x2, 0x2}, {0x3, 0x0, {0x1, 0xff, 0x5}, {0x1, 0xff, 0x2}, 0x2, 0x1}, {0x1, 0x2, {0x0, 0x1, 0x1}, {0x2, 0xf0, 0x4}, 0xfd, 0xfd}, {0x2, 0x1, {0x2, 0x1, 0x2}, {0x0, 0x1, 0x1}, 0xfc, 0xff}], 0x100)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'team0\x00', <r9=>0x0})
sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000000a40)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000a00)={&(0x7f00000003c0)={0x608, r2, 0x20, 0x70bd27, 0x25dfdbfc, {}, [{{0x8, 0x1, r3}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3ff}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xff}}}]}}, {{0x8}, {0x178, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r5}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xeb}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}, {{0x8}, {0x224, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r6}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xd6b}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r7}}, {0x8}}}, {0x74, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x44, 0x4, [{0x3, 0x4, 0x1, 0x5}, {0x0, 0x81, 0x0, 0x8}, {0xfffb, 0x0, 0x8, 0xfff}, {0x7a, 0x4, 0x94, 0x7}, {0x8, 0x20, 0x20, 0x3e0f}, {0x40, 0x1f, 0x6, 0xffffffc0}, {0x20, 0x7f, 0x1, 0x4309bc6a}, {0x7, 0x80, 0x0, 0x81}]}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}]}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r9}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}]}, 0x608}}, 0x20040004)
write$vhost_msg(r0, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)) (async)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'erspan0\x00', &(0x7f0000000100)={'tunl0\x00', 0x0, 0x701, 0x20, 0xfffff94b, 0x3, {{0x1c, 0x4, 0x0, 0x13, 0x70, 0x66, 0x0, 0x4, 0x2f, 0x0, @broadcast, @private=0xa010102, {[@ssrr={0x89, 0x7, 0x99, [@initdev={0xac, 0x1e, 0x0, 0x0}]}, @timestamp={0x44, 0x8, 0x98, 0x0, 0x2, [0x80]}, @ssrr={0x89, 0x23, 0x10, [@multicast1, @initdev={0xac, 0x1e, 0x0, 0x0}, @multicast2, @dev={0xac, 0x14, 0x14, 0x31}, @dev={0xac, 0x14, 0x14, 0x1c}, @empty, @private=0xa010100, @empty]}, @timestamp={0x44, 0x24, 0xaf, 0x0, 0x2, [0x791f, 0x8, 0xcc9, 0x4, 0x800, 0x0, 0x406, 0x7]}, @ra={0x94, 0x4, 0x1}]}}}}}) (async)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000002c0)={'syztnl1\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="6772b78efb1400000000000006fff900", @ANYRES32=0x0, @ANYBLOB="0001800000000006000000044bb1006c0065000005049078ac1414bbe000000194040000892749ac14143dac1414bb640101000a0101017f000001e0000002ac1414aa7f000001ffffffff004408faa06000000044242231ac1e0001000000047f00000100000007ffffffff00000001e000000200000002"]}) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'vxcan0\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'batadv_slave_1\x00'}) (async)
socket$can_j1939(0x1d, 0x2, 0x7) (async)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r8, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0) (async)
setsockopt$SO_J1939_FILTER(r8, 0x6b, 0x1, &(0x7f0000000a80)=[{0x3, 0x3, {0x2, 0xff, 0x4}, {0x0, 0x1, 0x3}, 0x1, 0x1}, {0x2, 0x2, {0x1, 0xff, 0x1}, {0x0, 0xff, 0x2}, 0x1}, {0x3, 0x3, {0x0, 0xff, 0x1}, {0x0, 0xff, 0x3}, 0x0, 0xfe}, {0x0, 0x3, {0x2, 0x0, 0x2}, {0x2, 0xff, 0x3}, 0xff, 0xff}, {0x1, 0x3, {0x2, 0xf0}, {0x0, 0xf0, 0x2}, 0x2, 0x2}, {0x3, 0x0, {0x1, 0xff, 0x5}, {0x1, 0xff, 0x2}, 0x2, 0x1}, {0x1, 0x2, {0x0, 0x1, 0x1}, {0x2, 0xf0, 0x4}, 0xfd, 0xfd}, {0x2, 0x1, {0x2, 0x1, 0x2}, {0x0, 0x1, 0x1}, 0xfc, 0xff}], 0x100) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000380)) (async)
sendmsg$TEAM_CMD_NOOP(r1, &(0x7f0000000a40)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000a00)={&(0x7f00000003c0)={0x608, r2, 0x20, 0x70bd27, 0x25dfdbfc, {}, [{{0x8, 0x1, r3}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3ff}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xff}}}]}}, {{0x8}, {0x178, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r5}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xeb}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}, {{0x8}, {0x224, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r6}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xd6b}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r7}}, {0x8}}}, {0x74, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x44, 0x4, [{0x3, 0x4, 0x1, 0x5}, {0x0, 0x81, 0x0, 0x8}, {0xfffb, 0x0, 0x8, 0xfff}, {0x7a, 0x4, 0x94, 0x7}, {0x8, 0x20, 0x20, 0x3e0f}, {0x40, 0x1f, 0x6, 0xffffffc0}, {0x20, 0x7f, 0x1, 0x4309bc6a}, {0x7, 0x80, 0x0, 0x81}]}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}]}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r9}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}]}, 0x608}}, 0x20040004) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)

[ 1081.388573][T12500] FAULT_INJECTION: forcing a failure.
[ 1081.388573][T12500] name fail_page_alloc, interval 1, probability 0, space 0, times 0
06:27:24 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x181081, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair(0x2a, 0x5, 0xfff, &(0x7f00000000c0))

[ 1081.569922][T12500] CPU: 0 PID: 12500 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1081.580073][T12500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1081.590158][T12500] Call Trace:
[ 1081.593452][T12500]  <TASK>
[ 1081.596395][T12500]  dump_stack_lvl+0x1e7/0x2d0
[ 1081.601105][T12500]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1081.606605][T12500]  ? panic+0x770/0x770
[ 1081.610690][T12500]  ? kasan_set_track+0x64/0x80
[ 1081.615494][T12500]  should_fail_ex+0x3aa/0x4e0
[ 1081.620223][T12500]  prepare_alloc_pages+0x1d9/0x5b0
[ 1081.625367][T12500]  __alloc_pages+0x16e/0x7f0
[ 1081.629990][T12500]  ? zone_statistics+0x170/0x170
[ 1081.634968][T12500]  ? alloc_pages+0x510/0x780
[ 1081.639579][T12500]  get_zeroed_page+0x17/0x40
[ 1081.644177][T12500]  mon_bin_open+0x237/0x500
[ 1081.648760][T12500]  chrdev_open+0x54e/0x630
[ 1081.653223][T12500]  ? cd_forget+0x160/0x160
[ 1081.657648][T12500]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1081.662862][T12500]  ? fsnotify_perm+0x471/0x590
[ 1081.667648][T12500]  ? cd_forget+0x160/0x160
[ 1081.672068][T12500]  do_dentry_open+0x7f9/0x10f0
[ 1081.676887][T12500]  path_openat+0x27b3/0x3170
[ 1081.681534][T12500]  ? getname_flags+0xbc/0x4e0
[ 1081.686245][T12500]  ? mark_lock+0x9a/0x340
[ 1081.690614][T12500]  ? do_filp_open+0x490/0x490
[ 1081.695315][T12500]  ? alloc_fd+0x59c/0x640
[ 1081.699661][T12500]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1081.705315][T12500]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1081.711325][T12500]  do_filp_open+0x234/0x490
[ 1081.715849][T12500]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1081.720484][T12500]  ? _raw_spin_unlock+0x28/0x40
[ 1081.725353][T12500]  ? alloc_fd+0x59c/0x640
[ 1081.729705][T12500]  do_sys_openat2+0x13f/0x500
[ 1081.734397][T12500]  ? mutex_unlock+0x10/0x10
[ 1081.738910][T12500]  ? do_sys_open+0x230/0x230
[ 1081.743526][T12500]  __x64_sys_openat+0x247/0x290
[ 1081.748390][T12500]  ? __ia32_sys_open+0x270/0x270
[ 1081.753348][T12500]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1081.759341][T12500]  ? lockdep_hardirqs_on+0x98/0x140
[ 1081.764580][T12500]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1081.770578][T12500]  do_syscall_64+0x41/0xc0
[ 1081.775016][T12500]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1081.780946][T12500] RIP: 0033:0x7f9b1943e284
[ 1081.785396][T12500] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1081.805015][T12500] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
06:27:24 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4800)

[ 1081.813475][T12500] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1081.821458][T12500] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1081.829438][T12500] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1081.837418][T12500] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1081.845396][T12500] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1081.853413][T12500]  </TASK>
06:27:24 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x7a00)

06:27:25 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

06:27:25 executing program 0:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000880))
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
socketpair(0x0, 0x0, 0x0, &(0x7f0000000880)) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)

06:27:25 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 69)

06:27:25 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x181081, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
socketpair(0x2a, 0x5, 0xfff, &(0x7f00000000c0))

06:27:25 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4b11)

06:27:25 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x100000)

[ 1082.107535][T12550] FAULT_INJECTION: forcing a failure.
[ 1082.107535][T12550] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1082.178946][T12550] CPU: 1 PID: 12550 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1082.189090][T12550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1082.199184][T12550] Call Trace:
[ 1082.202490][T12550]  <TASK>
[ 1082.205441][T12550]  dump_stack_lvl+0x1e7/0x2d0
[ 1082.210182][T12550]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1082.215695][T12550]  ? panic+0x770/0x770
[ 1082.219817][T12550]  ? kasan_set_track+0x64/0x80
[ 1082.224659][T12550]  should_fail_ex+0x3aa/0x4e0
[ 1082.229396][T12550]  prepare_alloc_pages+0x1d9/0x5b0
[ 1082.234577][T12550]  __alloc_pages+0x16e/0x7f0
[ 1082.239236][T12550]  ? zone_statistics+0x170/0x170
[ 1082.244232][T12550]  ? alloc_pages+0x510/0x780
[ 1082.248874][T12550]  get_zeroed_page+0x17/0x40
[ 1082.253500][T12550]  mon_bin_open+0x237/0x500
[ 1082.258053][T12550]  chrdev_open+0x54e/0x630
[ 1082.262506][T12550]  ? cd_forget+0x160/0x160
[ 1082.266965][T12550]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1082.272215][T12550]  ? fsnotify_perm+0x471/0x590
[ 1082.277065][T12550]  ? cd_forget+0x160/0x160
[ 1082.281524][T12550]  do_dentry_open+0x7f9/0x10f0
[ 1082.286358][T12550]  path_openat+0x27b3/0x3170
[ 1082.291031][T12550]  ? getname_flags+0xbc/0x4e0
[ 1082.295763][T12550]  ? mark_lock+0x9a/0x340
[ 1082.300148][T12550]  ? do_filp_open+0x490/0x490
[ 1082.304881][T12550]  ? alloc_fd+0x59c/0x640
[ 1082.309259][T12550]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1082.314951][T12550]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1082.321010][T12550]  do_filp_open+0x234/0x490
[ 1082.325570][T12550]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1082.330249][T12550]  ? _raw_spin_unlock+0x28/0x40
[ 1082.335148][T12550]  ? alloc_fd+0x59c/0x640
[ 1082.339540][T12550]  do_sys_openat2+0x13f/0x500
[ 1082.344268][T12550]  ? mutex_unlock+0x10/0x10
[ 1082.348819][T12550]  ? do_sys_open+0x230/0x230
[ 1082.353467][T12550]  __x64_sys_openat+0x247/0x290
[ 1082.358378][T12550]  ? __ia32_sys_open+0x270/0x270
[ 1082.363375][T12550]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1082.369416][T12550]  ? lockdep_hardirqs_on+0x98/0x140
[ 1082.374666][T12550]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1082.380706][T12550]  do_syscall_64+0x41/0xc0
[ 1082.385177][T12550]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1082.391116][T12550] RIP: 0033:0x7f9b1943e284
[ 1082.395571][T12550] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1082.415227][T12550] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
06:27:25 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0)

06:27:25 executing program 0:
socketpair(0x0, 0x0, 0x0, &(0x7f0000000880)) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

[ 1082.423693][T12550] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1082.431712][T12550] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1082.439730][T12550] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1082.447750][T12550] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1082.455763][T12550] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1082.463804][T12550]  </TASK>
06:27:25 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x181081, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
socketpair(0x2a, 0x5, 0xfff, &(0x7f00000000c0))

06:27:25 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1fffff)

06:27:25 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4c00)

06:27:25 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 70)

[ 1082.652955][T12598] FAULT_INJECTION: forcing a failure.
[ 1082.652955][T12598] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1082.672158][T12598] CPU: 1 PID: 12598 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1082.682295][T12598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1082.692367][T12598] Call Trace:
[ 1082.695654][T12598]  <TASK>
[ 1082.698592][T12598]  dump_stack_lvl+0x1e7/0x2d0
[ 1082.703297][T12598]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1082.708781][T12598]  ? panic+0x770/0x770
[ 1082.712891][T12598]  ? kasan_set_track+0x64/0x80
[ 1082.717676][T12598]  should_fail_ex+0x3aa/0x4e0
[ 1082.722382][T12598]  prepare_alloc_pages+0x1d9/0x5b0
[ 1082.727512][T12598]  __alloc_pages+0x16e/0x7f0
[ 1082.732115][T12598]  ? zone_statistics+0x170/0x170
[ 1082.737072][T12598]  ? alloc_pages+0x510/0x780
[ 1082.741694][T12598]  get_zeroed_page+0x17/0x40
[ 1082.746298][T12598]  mon_bin_open+0x237/0x500
[ 1082.750846][T12598]  chrdev_open+0x54e/0x630
[ 1082.755274][T12598]  ? cd_forget+0x160/0x160
[ 1082.759699][T12598]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1082.764931][T12598]  ? fsnotify_perm+0x471/0x590
[ 1082.769717][T12598]  ? cd_forget+0x160/0x160
[ 1082.774136][T12598]  do_dentry_open+0x7f9/0x10f0
[ 1082.778949][T12598]  path_openat+0x27b3/0x3170
[ 1082.783578][T12598]  ? getname_flags+0xbc/0x4e0
[ 1082.788273][T12598]  ? mark_lock+0x9a/0x340
[ 1082.792618][T12598]  ? do_filp_open+0x490/0x490
[ 1082.797314][T12598]  ? alloc_fd+0x59c/0x640
[ 1082.801668][T12598]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1082.807322][T12598]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1082.813360][T12598]  do_filp_open+0x234/0x490
[ 1082.817883][T12598]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1082.822516][T12598]  ? _raw_spin_unlock+0x28/0x40
[ 1082.827386][T12598]  ? alloc_fd+0x59c/0x640
[ 1082.831750][T12598]  do_sys_openat2+0x13f/0x500
[ 1082.836453][T12598]  ? mutex_unlock+0x10/0x10
[ 1082.840967][T12598]  ? do_sys_open+0x230/0x230
[ 1082.845579][T12598]  __x64_sys_openat+0x247/0x290
[ 1082.850461][T12598]  ? __ia32_sys_open+0x270/0x270
[ 1082.855410][T12598]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1082.861405][T12598]  ? lockdep_hardirqs_on+0x98/0x140
[ 1082.866614][T12598]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1082.872612][T12598]  do_syscall_64+0x41/0xc0
[ 1082.877053][T12598]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1082.882960][T12598] RIP: 0033:0x7f9b1943e284
[ 1082.887385][T12598] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1082.907005][T12598] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1082.915432][T12598] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1082.923414][T12598] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1082.931393][T12598] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1082.939372][T12598] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
06:27:26 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)

[ 1082.947354][T12598] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1082.955354][T12598]  </TASK>
06:27:26 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 71)

06:27:26 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x181081, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
socketpair(0x2a, 0x5, 0xfff, &(0x7f00000000c0))

06:27:26 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x5c00)

06:27:26 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1000000)

[ 1083.142606][T12619] FAULT_INJECTION: forcing a failure.
[ 1083.142606][T12619] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1083.198652][T12619] CPU: 0 PID: 12619 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1083.208800][T12619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1083.218993][T12619] Call Trace:
[ 1083.222312][T12619]  <TASK>
[ 1083.225291][T12619]  dump_stack_lvl+0x1e7/0x2d0
[ 1083.230027][T12619]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1083.235546][T12619]  ? panic+0x770/0x770
[ 1083.239660][T12619]  ? kasan_set_track+0x64/0x80
[ 1083.244485][T12619]  should_fail_ex+0x3aa/0x4e0
[ 1083.249224][T12619]  prepare_alloc_pages+0x1d9/0x5b0
[ 1083.254393][T12619]  __alloc_pages+0x16e/0x7f0
[ 1083.259037][T12619]  ? zone_statistics+0x170/0x170
[ 1083.264038][T12619]  ? alloc_pages+0x510/0x780
[ 1083.268693][T12619]  get_zeroed_page+0x17/0x40
[ 1083.273328][T12619]  mon_bin_open+0x237/0x500
[ 1083.277894][T12619]  chrdev_open+0x54e/0x630
[ 1083.282360][T12619]  ? cd_forget+0x160/0x160
[ 1083.286820][T12619]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1083.292086][T12619]  ? fsnotify_perm+0x471/0x590
[ 1083.296910][T12619]  ? cd_forget+0x160/0x160
[ 1083.301369][T12619]  do_dentry_open+0x7f9/0x10f0
[ 1083.306202][T12619]  path_openat+0x27b3/0x3170
[ 1083.310836][T12619]  ? getname_flags+0xbc/0x4e0
[ 1083.315534][T12619]  ? mark_lock+0x9a/0x340
[ 1083.319883][T12619]  ? do_filp_open+0x490/0x490
[ 1083.324596][T12619]  ? alloc_fd+0x59c/0x640
[ 1083.328950][T12619]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1083.334601][T12619]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1083.340610][T12619]  do_filp_open+0x234/0x490
[ 1083.345135][T12619]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1083.349765][T12619]  ? _raw_spin_unlock+0x28/0x40
[ 1083.354642][T12619]  ? alloc_fd+0x59c/0x640
[ 1083.359026][T12619]  do_sys_openat2+0x13f/0x500
[ 1083.363736][T12619]  ? mutex_unlock+0x10/0x10
[ 1083.368253][T12619]  ? do_sys_open+0x230/0x230
[ 1083.372957][T12619]  __x64_sys_openat+0x247/0x290
[ 1083.377824][T12619]  ? __ia32_sys_open+0x270/0x270
[ 1083.382789][T12619]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1083.388786][T12619]  ? lockdep_hardirqs_on+0x98/0x140
[ 1083.394001][T12619]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1083.399996][T12619]  do_syscall_64+0x41/0xc0
[ 1083.404444][T12619]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1083.410354][T12619] RIP: 0033:0x7f9b1943e284
[ 1083.414778][T12619] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1083.434396][T12619] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
06:27:26 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, 0x0)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r5, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f00000000c0)={<r6=>0x0, 0x0, r2})
ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000080)={r6})
r7 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r7, 0xc00864bf, 0x0)
socketpair(0x23, 0x3, 0x2, &(0x7f0000000100))
getsockopt$PNPIPE_ENCAP(r5, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000180)=0xfffffc99)

[ 1083.442826][T12619] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1083.450844][T12619] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1083.458842][T12619] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1083.466836][T12619] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1083.474820][T12619] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1083.482821][T12619]  </TASK>
06:27:26 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000000100))
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(r1, 0x2288, &(0x7f0000000000))
accept4$phonet_pipe(r1, &(0x7f00000001c0), &(0x7f0000000200)=0x10, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000280))
pselect6(0x0, 0x0, 0x0, &(0x7f0000000300), &(0x7f0000000340)={0x0, 0x3938700}, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000080), 0x1, 0x402)
ioctl$SG_GET_RESERVED_SIZE(r2, 0x2272, &(0x7f00000000c0))

06:27:26 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x6000)

06:27:26 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x181081, 0x0)
socketpair(0x2a, 0x5, 0xfff, &(0x7f00000000c0))

06:27:26 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 72)

[ 1083.636551][T12645] FAULT_INJECTION: forcing a failure.
[ 1083.636551][T12645] name fail_page_alloc, interval 1, probability 0, space 0, times 0
06:27:26 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, 0x0)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r5, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f00000000c0)={<r6=>0x0, 0x0, r2})
ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000080)={r6})
r7 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r7, 0xc00864bf, 0x0)
socketpair(0x23, 0x3, 0x2, &(0x7f0000000100))
getsockopt$PNPIPE_ENCAP(r5, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000180)=0xfffffc99)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r5, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r2}) (async)
ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000080)={r6}) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r7, 0xc00864bf, 0x0) (async)
socketpair(0x23, 0x3, 0x2, &(0x7f0000000100)) (async)
getsockopt$PNPIPE_ENCAP(r5, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000180)=0xfffffc99) (async)

[ 1083.694610][T12645] CPU: 0 PID: 12645 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1083.704767][T12645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1083.714875][T12645] Call Trace:
[ 1083.718201][T12645]  <TASK>
[ 1083.721176][T12645]  dump_stack_lvl+0x1e7/0x2d0
[ 1083.725924][T12645]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1083.731438][T12645]  ? panic+0x770/0x770
[ 1083.735562][T12645]  ? kasan_set_track+0x64/0x80
[ 1083.740388][T12645]  should_fail_ex+0x3aa/0x4e0
[ 1083.745119][T12645]  prepare_alloc_pages+0x1d9/0x5b0
[ 1083.750300][T12645]  __alloc_pages+0x16e/0x7f0
[ 1083.754951][T12645]  ? zone_statistics+0x170/0x170
[ 1083.760006][T12645]  ? alloc_pages+0x510/0x780
[ 1083.764661][T12645]  get_zeroed_page+0x17/0x40
[ 1083.769314][T12645]  mon_bin_open+0x237/0x500
[ 1083.773888][T12645]  chrdev_open+0x54e/0x630
[ 1083.778365][T12645]  ? cd_forget+0x160/0x160
[ 1083.782838][T12645]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1083.788092][T12645]  ? fsnotify_perm+0x471/0x590
06:27:26 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x6800)

[ 1083.792922][T12645]  ? cd_forget+0x160/0x160
[ 1083.797384][T12645]  do_dentry_open+0x7f9/0x10f0
[ 1083.802217][T12645]  path_openat+0x27b3/0x3170
[ 1083.806890][T12645]  ? getname_flags+0xbc/0x4e0
[ 1083.811626][T12645]  ? mark_lock+0x9a/0x340
[ 1083.816019][T12645]  ? do_filp_open+0x490/0x490
[ 1083.820760][T12645]  ? alloc_fd+0x59c/0x640
[ 1083.825145][T12645]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1083.830843][T12645]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1083.836908][T12645]  do_filp_open+0x234/0x490
[ 1083.841485][T12645]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1083.846179][T12645]  ? _raw_spin_unlock+0x28/0x40
[ 1083.851083][T12645]  ? alloc_fd+0x59c/0x640
[ 1083.855484][T12645]  do_sys_openat2+0x13f/0x500
[ 1083.860219][T12645]  ? mutex_unlock+0x10/0x10
[ 1083.864781][T12645]  ? do_sys_open+0x230/0x230
[ 1083.869436][T12645]  __x64_sys_openat+0x247/0x290
[ 1083.874347][T12645]  ? __ia32_sys_open+0x270/0x270
[ 1083.879342][T12645]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1083.885373][T12645]  ? lockdep_hardirqs_on+0x98/0x140
06:27:27 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
socketpair(0x2a, 0x5, 0xfff, &(0x7f00000000c0))

[ 1083.890627][T12645]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1083.896686][T12645]  do_syscall_64+0x41/0xc0
[ 1083.901169][T12645]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1083.907115][T12645] RIP: 0033:0x7f9b1943e284
[ 1083.911579][T12645] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1083.931236][T12645] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
06:27:27 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, 0x0)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r5, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f00000000c0)={<r6=>0x0, 0x0, r2})
ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000080)={r6})
r7 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r7, 0xc00864bf, 0x0)
socketpair(0x23, 0x3, 0x2, &(0x7f0000000100))
getsockopt$PNPIPE_ENCAP(r5, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000180)=0xfffffc99)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x800, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r5, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r2}) (async)
ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000080)={r6}) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r7, 0xc00864bf, 0x0) (async)
socketpair(0x23, 0x3, 0x2, &(0x7f0000000100)) (async)
getsockopt$PNPIPE_ENCAP(r5, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000180)=0xfffffc99) (async)

06:27:27 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1080000)

[ 1083.939726][T12645] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1083.947744][T12645] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1083.955804][T12645] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1083.963835][T12645] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1083.971853][T12645] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1083.979902][T12645]  </TASK>
06:27:27 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 73)

06:27:27 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async, rerun: 64)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (rerun: 64)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000000100))
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$SG_GET_KEEP_ORPHAN(r1, 0x2288, &(0x7f0000000000)) (async)
accept4$phonet_pipe(r1, &(0x7f00000001c0), &(0x7f0000000200)=0x10, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async, rerun: 32)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000280)) (async, rerun: 32)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000300), &(0x7f0000000340)={0x0, 0x3938700}, 0x0)
r2 = syz_open_dev$sg(&(0x7f0000000080), 0x1, 0x402)
ioctl$SG_GET_RESERVED_SIZE(r2, 0x2272, &(0x7f00000000c0))

06:27:27 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x6c00)

06:27:27 executing program 2:
socketpair(0x2a, 0x5, 0xfff, &(0x7f00000000c0))

[ 1084.200350][T12692] FAULT_INJECTION: forcing a failure.
[ 1084.200350][T12692] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1084.219183][T12692] CPU: 1 PID: 12692 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1084.229319][T12692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1084.239417][T12692] Call Trace:
[ 1084.242747][T12692]  <TASK>
[ 1084.245714][T12692]  dump_stack_lvl+0x1e7/0x2d0
[ 1084.250458][T12692]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1084.255983][T12692]  ? panic+0x770/0x770
[ 1084.260102][T12692]  ? kasan_set_track+0x64/0x80
[ 1084.264921][T12692]  should_fail_ex+0x3aa/0x4e0
[ 1084.269661][T12692]  prepare_alloc_pages+0x1d9/0x5b0
[ 1084.274853][T12692]  __alloc_pages+0x16e/0x7f0
[ 1084.279502][T12692]  ? zone_statistics+0x170/0x170
[ 1084.284528][T12692]  ? alloc_pages+0x510/0x780
[ 1084.289186][T12692]  get_zeroed_page+0x17/0x40
[ 1084.293834][T12692]  mon_bin_open+0x237/0x500
[ 1084.298400][T12692]  chrdev_open+0x54e/0x630
[ 1084.302865][T12692]  ? cd_forget+0x160/0x160
[ 1084.307334][T12692]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1084.312587][T12692]  ? fsnotify_perm+0x471/0x590
[ 1084.317433][T12692]  ? cd_forget+0x160/0x160
[ 1084.321892][T12692]  do_dentry_open+0x7f9/0x10f0
[ 1084.326735][T12692]  path_openat+0x27b3/0x3170
[ 1084.331412][T12692]  ? getname_flags+0xbc/0x4e0
[ 1084.336149][T12692]  ? mark_lock+0x9a/0x340
[ 1084.340540][T12692]  ? do_filp_open+0x490/0x490
[ 1084.345277][T12692]  ? alloc_fd+0x59c/0x640
[ 1084.349671][T12692]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1084.355368][T12692]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1084.361419][T12692]  do_filp_open+0x234/0x490
[ 1084.365983][T12692]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1084.370666][T12692]  ? _raw_spin_unlock+0x28/0x40
[ 1084.375565][T12692]  ? alloc_fd+0x59c/0x640
[ 1084.379956][T12692]  do_sys_openat2+0x13f/0x500
[ 1084.384695][T12692]  ? mutex_unlock+0x10/0x10
[ 1084.389259][T12692]  ? do_sys_open+0x230/0x230
[ 1084.393923][T12692]  __x64_sys_openat+0x247/0x290
[ 1084.398838][T12692]  ? __ia32_sys_open+0x270/0x270
[ 1084.403831][T12692]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1084.409873][T12692]  ? lockdep_hardirqs_on+0x98/0x140
[ 1084.415127][T12692]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1084.421170][T12692]  do_syscall_64+0x41/0xc0
[ 1084.425652][T12692]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1084.431597][T12692] RIP: 0033:0x7f9b1943e284
[ 1084.436058][T12692] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1084.455708][T12692] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1084.464176][T12692] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1084.472198][T12692] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1084.480349][T12692] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1084.488373][T12692] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
06:27:27 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f0000000100)) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$SG_GET_KEEP_ORPHAN(r1, 0x2288, &(0x7f0000000000)) (async)
accept4$phonet_pipe(r1, &(0x7f00000001c0), &(0x7f0000000200)=0x10, 0x0) (async, rerun: 32)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async, rerun: 32)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000280)) (async)
pselect6(0x0, 0x0, 0x0, &(0x7f0000000300), &(0x7f0000000340)={0x0, 0x3938700}, 0x0) (async, rerun: 64)
r2 = syz_open_dev$sg(&(0x7f0000000080), 0x1, 0x402) (rerun: 64)
ioctl$SG_GET_RESERVED_SIZE(r2, 0x2272, &(0x7f00000000c0))

[ 1084.496395][T12692] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1084.504453][T12692]  </TASK>
06:27:27 executing program 2:
socketpair(0x0, 0x5, 0xfff, &(0x7f00000000c0))

06:27:27 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 74)

06:27:27 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x2000000)

06:27:27 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x7400)

06:27:27 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

[ 1084.745734][T12735] FAULT_INJECTION: forcing a failure.
[ 1084.745734][T12735] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1084.768925][T12735] CPU: 0 PID: 12735 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1084.779082][T12735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1084.789199][T12735] Call Trace:
[ 1084.792519][T12735]  <TASK>
[ 1084.795487][T12735]  dump_stack_lvl+0x1e7/0x2d0
[ 1084.800239][T12735]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1084.805764][T12735]  ? panic+0x770/0x770
[ 1084.809885][T12735]  ? kasan_set_track+0x64/0x80
[ 1084.814707][T12735]  should_fail_ex+0x3aa/0x4e0
[ 1084.819458][T12735]  prepare_alloc_pages+0x1d9/0x5b0
[ 1084.824625][T12735]  __alloc_pages+0x16e/0x7f0
[ 1084.829257][T12735]  ? zone_statistics+0x170/0x170
[ 1084.834260][T12735]  ? alloc_pages+0x510/0x780
[ 1084.838912][T12735]  get_zeroed_page+0x17/0x40
[ 1084.843606][T12735]  mon_bin_open+0x237/0x500
[ 1084.848174][T12735]  chrdev_open+0x54e/0x630
[ 1084.852635][T12735]  ? cd_forget+0x160/0x160
[ 1084.857101][T12735]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1084.862351][T12735]  ? fsnotify_perm+0x471/0x590
[ 1084.867172][T12735]  ? cd_forget+0x160/0x160
[ 1084.871623][T12735]  do_dentry_open+0x7f9/0x10f0
[ 1084.876422][T12735]  path_openat+0x27b3/0x3170
[ 1084.881051][T12735]  ? getname_flags+0xbc/0x4e0
[ 1084.885758][T12735]  ? mark_lock+0x9a/0x340
[ 1084.890110][T12735]  ? do_filp_open+0x490/0x490
[ 1084.894806][T12735]  ? alloc_fd+0x59c/0x640
[ 1084.899151][T12735]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1084.904818][T12735]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1084.910833][T12735]  do_filp_open+0x234/0x490
[ 1084.915362][T12735]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1084.919993][T12735]  ? _raw_spin_unlock+0x28/0x40
[ 1084.924860][T12735]  ? alloc_fd+0x59c/0x640
[ 1084.929214][T12735]  do_sys_openat2+0x13f/0x500
[ 1084.933904][T12735]  ? mutex_unlock+0x10/0x10
[ 1084.938417][T12735]  ? do_sys_open+0x230/0x230
[ 1084.943031][T12735]  __x64_sys_openat+0x247/0x290
[ 1084.947897][T12735]  ? __ia32_sys_open+0x270/0x270
[ 1084.952852][T12735]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1084.958842][T12735]  ? lockdep_hardirqs_on+0x98/0x140
[ 1084.964054][T12735]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1084.970057][T12735]  do_syscall_64+0x41/0xc0
[ 1084.974502][T12735]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1084.980414][T12735] RIP: 0033:0x7f9b1943e284
[ 1084.984844][T12735] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1085.004476][T12735] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1085.012911][T12735] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1085.020896][T12735] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1085.028877][T12735] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1085.036858][T12735] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
06:27:28 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x3000000)

06:27:28 executing program 2:
socketpair(0x0, 0x5, 0xfff, &(0x7f00000000c0))

[ 1085.044836][T12735] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1085.052837][T12735]  </TASK>
06:27:28 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
sendmsg$RDMA_NLDEV_CMD_SET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x1402, 0x200, 0x70bd25, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000)

06:27:28 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 75)

06:27:28 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

06:27:28 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x7a00)

06:27:28 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4000000)

[ 1085.293124][T12758] FAULT_INJECTION: forcing a failure.
[ 1085.293124][T12758] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1085.316065][T12758] CPU: 0 PID: 12758 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1085.326209][T12758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1085.336356][T12758] Call Trace:
[ 1085.339685][T12758]  <TASK>
[ 1085.342656][T12758]  dump_stack_lvl+0x1e7/0x2d0
[ 1085.347745][T12758]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1085.353274][T12758]  ? panic+0x770/0x770
[ 1085.357398][T12758]  ? kasan_set_track+0x64/0x80
[ 1085.362225][T12758]  should_fail_ex+0x3aa/0x4e0
[ 1085.366964][T12758]  prepare_alloc_pages+0x1d9/0x5b0
[ 1085.372142][T12758]  __alloc_pages+0x16e/0x7f0
[ 1085.376789][T12758]  ? zone_statistics+0x170/0x170
[ 1085.381791][T12758]  ? alloc_pages+0x510/0x780
[ 1085.386435][T12758]  get_zeroed_page+0x17/0x40
[ 1085.391081][T12758]  mon_bin_open+0x237/0x500
[ 1085.395647][T12758]  chrdev_open+0x54e/0x630
[ 1085.400116][T12758]  ? cd_forget+0x160/0x160
[ 1085.404576][T12758]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1085.409825][T12758]  ? fsnotify_perm+0x471/0x590
[ 1085.414646][T12758]  ? cd_forget+0x160/0x160
[ 1085.419120][T12758]  do_dentry_open+0x7f9/0x10f0
[ 1085.423947][T12758]  path_openat+0x27b3/0x3170
[ 1085.428617][T12758]  ? getname_flags+0xbc/0x4e0
[ 1085.433345][T12758]  ? mark_lock+0x9a/0x340
[ 1085.437730][T12758]  ? do_filp_open+0x490/0x490
[ 1085.442467][T12758]  ? alloc_fd+0x59c/0x640
[ 1085.446847][T12758]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1085.452543][T12758]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1085.458611][T12758]  do_filp_open+0x234/0x490
[ 1085.463181][T12758]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1085.467874][T12758]  ? _raw_spin_unlock+0x28/0x40
[ 1085.472779][T12758]  ? alloc_fd+0x59c/0x640
[ 1085.477185][T12758]  do_sys_openat2+0x13f/0x500
[ 1085.481913][T12758]  ? mutex_unlock+0x10/0x10
[ 1085.486466][T12758]  ? do_sys_open+0x230/0x230
06:27:28 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x100000)

[ 1085.491122][T12758]  __x64_sys_openat+0x247/0x290
[ 1085.496022][T12758]  ? __ia32_sys_open+0x270/0x270
[ 1085.501018][T12758]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1085.507069][T12758]  ? lockdep_hardirqs_on+0x98/0x140
[ 1085.512327][T12758]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1085.518368][T12758]  do_syscall_64+0x41/0xc0
[ 1085.522845][T12758]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1085.528788][T12758] RIP: 0033:0x7f9b1943e284
[ 1085.533246][T12758] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1085.553245][T12758] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1085.561716][T12758] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1085.569732][T12758] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1085.577747][T12758] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1085.585759][T12758] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
06:27:28 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x5000000)

[ 1085.593771][T12758] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1085.601805][T12758]  </TASK>
06:27:28 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 76)

06:27:28 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) (async)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

06:27:28 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
sendmsg$RDMA_NLDEV_CMD_SET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x1402, 0x200, 0x70bd25, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000)

06:27:28 executing program 2:
socketpair(0x0, 0x5, 0xfff, &(0x7f00000000c0))

[ 1085.738095][T12787] FAULT_INJECTION: forcing a failure.
[ 1085.738095][T12787] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1085.766852][T12787] CPU: 0 PID: 12787 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1085.777006][T12787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1085.787110][T12787] Call Trace:
[ 1085.790422][T12787]  <TASK>
[ 1085.793379][T12787]  dump_stack_lvl+0x1e7/0x2d0
[ 1085.798125][T12787]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1085.803607][T12787]  ? panic+0x770/0x770
[ 1085.807702][T12787]  ? kasan_set_track+0x64/0x80
[ 1085.812503][T12787]  should_fail_ex+0x3aa/0x4e0
[ 1085.817199][T12787]  prepare_alloc_pages+0x1d9/0x5b0
[ 1085.822356][T12787]  __alloc_pages+0x16e/0x7f0
[ 1085.827009][T12787]  ? zone_statistics+0x170/0x170
[ 1085.832010][T12787]  ? alloc_pages+0x510/0x780
[ 1085.836633][T12787]  get_zeroed_page+0x17/0x40
[ 1085.841233][T12787]  mon_bin_open+0x237/0x500
[ 1085.845763][T12787]  chrdev_open+0x54e/0x630
[ 1085.850201][T12787]  ? cd_forget+0x160/0x160
[ 1085.854625][T12787]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1085.859835][T12787]  ? fsnotify_perm+0x471/0x590
[ 1085.864637][T12787]  ? cd_forget+0x160/0x160
[ 1085.869071][T12787]  do_dentry_open+0x7f9/0x10f0
[ 1085.873877][T12787]  path_openat+0x27b3/0x3170
[ 1085.878507][T12787]  ? getname_flags+0xbc/0x4e0
[ 1085.883200][T12787]  ? mark_lock+0x9a/0x340
[ 1085.887545][T12787]  ? do_filp_open+0x490/0x490
[ 1085.892240][T12787]  ? alloc_fd+0x59c/0x640
[ 1085.896581][T12787]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1085.902232][T12787]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1085.908242][T12787]  do_filp_open+0x234/0x490
[ 1085.912767][T12787]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1085.917421][T12787]  ? _raw_spin_unlock+0x28/0x40
[ 1085.922295][T12787]  ? alloc_fd+0x59c/0x640
[ 1085.926654][T12787]  do_sys_openat2+0x13f/0x500
[ 1085.931363][T12787]  ? mutex_unlock+0x10/0x10
[ 1085.935898][T12787]  ? do_sys_open+0x230/0x230
[ 1085.940526][T12787]  __x64_sys_openat+0x247/0x290
[ 1085.945405][T12787]  ? __ia32_sys_open+0x270/0x270
[ 1085.950380][T12787]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1085.956377][T12787]  ? lockdep_hardirqs_on+0x98/0x140
[ 1085.961590][T12787]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1085.967586][T12787]  do_syscall_64+0x41/0xc0
[ 1085.972026][T12787]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1085.977941][T12787] RIP: 0033:0x7f9b1943e284
[ 1085.982363][T12787] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1086.001975][T12787] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1086.010407][T12787] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1086.018386][T12787] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1086.026368][T12787] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1086.034368][T12787] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1086.042361][T12787] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1086.050362][T12787]  </TASK>
06:27:29 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 77)

06:27:29 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1fffff)

[ 1086.149565][T12805] FAULT_INJECTION: forcing a failure.
[ 1086.149565][T12805] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1086.166501][T12805] CPU: 0 PID: 12805 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1086.176638][T12805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1086.186737][T12805] Call Trace:
[ 1086.190064][T12805]  <TASK>
[ 1086.193032][T12805]  dump_stack_lvl+0x1e7/0x2d0
[ 1086.197769][T12805]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1086.203279][T12805]  ? panic+0x770/0x770
[ 1086.207393][T12805]  ? kasan_set_track+0x64/0x80
[ 1086.212213][T12805]  should_fail_ex+0x3aa/0x4e0
[ 1086.216947][T12805]  prepare_alloc_pages+0x1d9/0x5b0
[ 1086.222110][T12805]  __alloc_pages+0x16e/0x7f0
[ 1086.226746][T12805]  ? zone_statistics+0x170/0x170
[ 1086.231748][T12805]  ? alloc_pages+0x510/0x780
[ 1086.236395][T12805]  get_zeroed_page+0x17/0x40
[ 1086.241041][T12805]  mon_bin_open+0x237/0x500
[ 1086.245610][T12805]  chrdev_open+0x54e/0x630
[ 1086.250083][T12805]  ? cd_forget+0x160/0x160
[ 1086.254541][T12805]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1086.259793][T12805]  ? fsnotify_perm+0x471/0x590
[ 1086.264621][T12805]  ? cd_forget+0x160/0x160
[ 1086.269076][T12805]  do_dentry_open+0x7f9/0x10f0
[ 1086.273897][T12805]  path_openat+0x27b3/0x3170
[ 1086.278564][T12805]  ? getname_flags+0xbc/0x4e0
[ 1086.283290][T12805]  ? mark_lock+0x9a/0x340
[ 1086.287666][T12805]  ? do_filp_open+0x490/0x490
[ 1086.292397][T12805]  ? alloc_fd+0x59c/0x640
[ 1086.296786][T12805]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1086.302469][T12805]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1086.308515][T12805]  do_filp_open+0x234/0x490
[ 1086.313073][T12805]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1086.317746][T12805]  ? _raw_spin_unlock+0x28/0x40
[ 1086.322665][T12805]  ? alloc_fd+0x59c/0x640
[ 1086.327075][T12805]  do_sys_openat2+0x13f/0x500
[ 1086.331810][T12805]  ? mutex_unlock+0x10/0x10
[ 1086.336363][T12805]  ? do_sys_open+0x230/0x230
[ 1086.341026][T12805]  __x64_sys_openat+0x247/0x290
[ 1086.345955][T12805]  ? __ia32_sys_open+0x270/0x270
[ 1086.350948][T12805]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1086.356984][T12805]  ? lockdep_hardirqs_on+0x98/0x140
[ 1086.362245][T12805]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1086.368265][T12805]  do_syscall_64+0x41/0xc0
[ 1086.372714][T12805]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1086.378652][T12805] RIP: 0033:0x7f9b1943e284
06:27:29 executing program 2:
socketpair(0x2a, 0x0, 0xfff, &(0x7f00000000c0))

[ 1086.383105][T12805] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1086.402757][T12805] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1086.411222][T12805] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1086.419243][T12805] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1086.427258][T12805] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1086.435274][T12805] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1086.443286][T12805] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
06:27:29 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
sendmsg$RDMA_NLDEV_CMD_SET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x1402, 0x200, 0x70bd25, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000)

[ 1086.451334][T12805]  </TASK>
06:27:29 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))

06:27:29 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 78)

06:27:29 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x6000000)

[ 1086.577397][T12823] FAULT_INJECTION: forcing a failure.
[ 1086.577397][T12823] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1086.601237][T12823] CPU: 0 PID: 12823 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1086.611373][T12823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1086.621441][T12823] Call Trace:
[ 1086.624729][T12823]  <TASK>
[ 1086.627690][T12823]  dump_stack_lvl+0x1e7/0x2d0
[ 1086.632395][T12823]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1086.637874][T12823]  ? panic+0x770/0x770
[ 1086.641986][T12823]  ? kasan_set_track+0x64/0x80
[ 1086.646779][T12823]  should_fail_ex+0x3aa/0x4e0
[ 1086.651488][T12823]  prepare_alloc_pages+0x1d9/0x5b0
[ 1086.656628][T12823]  __alloc_pages+0x16e/0x7f0
[ 1086.661239][T12823]  ? zone_statistics+0x170/0x170
[ 1086.666200][T12823]  ? alloc_pages+0x510/0x780
[ 1086.670811][T12823]  get_zeroed_page+0x17/0x40
[ 1086.675419][T12823]  mon_bin_open+0x237/0x500
[ 1086.679946][T12823]  chrdev_open+0x54e/0x630
[ 1086.684390][T12823]  ? cd_forget+0x160/0x160
[ 1086.688833][T12823]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1086.694047][T12823]  ? fsnotify_perm+0x471/0x590
[ 1086.698833][T12823]  ? cd_forget+0x160/0x160
[ 1086.703254][T12823]  do_dentry_open+0x7f9/0x10f0
[ 1086.708056][T12823]  path_openat+0x27b3/0x3170
[ 1086.712706][T12823]  ? getname_flags+0xbc/0x4e0
[ 1086.717403][T12823]  ? mark_lock+0x9a/0x340
[ 1086.721751][T12823]  ? do_filp_open+0x490/0x490
[ 1086.726445][T12823]  ? alloc_fd+0x59c/0x640
[ 1086.730790][T12823]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1086.736441][T12823]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1086.742459][T12823]  do_filp_open+0x234/0x490
[ 1086.746988][T12823]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1086.751656][T12823]  ? _raw_spin_unlock+0x28/0x40
[ 1086.756533][T12823]  ? alloc_fd+0x59c/0x640
[ 1086.760883][T12823]  do_sys_openat2+0x13f/0x500
[ 1086.765572][T12823]  ? mutex_unlock+0x10/0x10
[ 1086.770089][T12823]  ? do_sys_open+0x230/0x230
[ 1086.774701][T12823]  __x64_sys_openat+0x247/0x290
[ 1086.779563][T12823]  ? __ia32_sys_open+0x270/0x270
[ 1086.784521][T12823]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1086.790518][T12823]  ? lockdep_hardirqs_on+0x98/0x140
[ 1086.795727][T12823]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1086.801723][T12823]  do_syscall_64+0x41/0xc0
[ 1086.806164][T12823]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1086.812069][T12823] RIP: 0033:0x7f9b1943e284
[ 1086.816507][T12823] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1086.836130][T12823] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1086.844564][T12823] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1086.852555][T12823] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1086.860532][T12823] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1086.868517][T12823] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
06:27:29 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1000000)

06:27:30 executing program 2:
socketpair(0x2a, 0x0, 0x0, &(0x7f00000000c0))

[ 1086.876493][T12823] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1086.884493][T12823]  </TASK>
06:27:30 executing program 2:
socketpair(0x2a, 0x0, 0x0, 0x0)

06:27:30 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000)) (async)

06:27:30 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:27:30 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 79)

06:27:30 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x7000000)

06:27:30 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1080000)

06:27:30 executing program 2:
socketpair(0x2a, 0x0, 0x0, 0x0)

[ 1087.115159][T12850] FAULT_INJECTION: forcing a failure.
[ 1087.115159][T12850] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1087.176859][T12850] CPU: 0 PID: 12850 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1087.187023][T12850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1087.197127][T12850] Call Trace:
[ 1087.200455][T12850]  <TASK>
[ 1087.203438][T12850]  dump_stack_lvl+0x1e7/0x2d0
[ 1087.208176][T12850]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1087.213695][T12850]  ? panic+0x770/0x770
[ 1087.217810][T12850]  ? kasan_set_track+0x64/0x80
[ 1087.222636][T12850]  should_fail_ex+0x3aa/0x4e0
[ 1087.227374][T12850]  prepare_alloc_pages+0x1d9/0x5b0
[ 1087.232553][T12850]  __alloc_pages+0x16e/0x7f0
[ 1087.237195][T12850]  ? zone_statistics+0x170/0x170
[ 1087.242205][T12850]  ? alloc_pages+0x510/0x780
[ 1087.246857][T12850]  get_zeroed_page+0x17/0x40
[ 1087.251535][T12850]  mon_bin_open+0x237/0x500
[ 1087.256117][T12850]  chrdev_open+0x54e/0x630
[ 1087.260580][T12850]  ? cd_forget+0x160/0x160
[ 1087.265063][T12850]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1087.270328][T12850]  ? fsnotify_perm+0x471/0x590
06:27:30 executing program 2:
socketpair(0x2a, 0x0, 0x0, 0x0)

[ 1087.275160][T12850]  ? cd_forget+0x160/0x160
[ 1087.279620][T12850]  do_dentry_open+0x7f9/0x10f0
[ 1087.284439][T12850]  path_openat+0x27b3/0x3170
[ 1087.289099][T12850]  ? getname_flags+0xbc/0x4e0
[ 1087.293836][T12850]  ? mark_lock+0x9a/0x340
[ 1087.298244][T12850]  ? do_filp_open+0x490/0x490
[ 1087.302982][T12850]  ? alloc_fd+0x59c/0x640
[ 1087.307360][T12850]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1087.313051][T12850]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1087.319104][T12850]  do_filp_open+0x234/0x490
06:27:30 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1fffff)

[ 1087.323667][T12850]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1087.328341][T12850]  ? _raw_spin_unlock+0x28/0x40
[ 1087.333254][T12850]  ? alloc_fd+0x59c/0x640
[ 1087.337658][T12850]  do_sys_openat2+0x13f/0x500
[ 1087.342388][T12850]  ? mutex_unlock+0x10/0x10
[ 1087.346937][T12850]  ? do_sys_open+0x230/0x230
[ 1087.351582][T12850]  __x64_sys_openat+0x247/0x290
[ 1087.356476][T12850]  ? __ia32_sys_open+0x270/0x270
[ 1087.361478][T12850]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1087.367516][T12850]  ? lockdep_hardirqs_on+0x98/0x140
[ 1087.372763][T12850]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1087.378789][T12850]  do_syscall_64+0x41/0xc0
[ 1087.383253][T12850]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1087.389186][T12850] RIP: 0033:0x7f9b1943e284
[ 1087.393696][T12850] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1087.413347][T12850] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
06:27:30 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 80)

[ 1087.421821][T12850] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1087.429842][T12850] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1087.437866][T12850] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1087.445882][T12850] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1087.453906][T12850] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1087.461953][T12850]  </TASK>
06:27:30 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x8000000)

06:27:30 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))

06:27:30 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:27:30 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x2000000)

06:27:30 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1080000)

[ 1087.621337][T12885] FAULT_INJECTION: forcing a failure.
[ 1087.621337][T12885] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1087.635366][T12885] CPU: 0 PID: 12885 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1087.645491][T12885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1087.655592][T12885] Call Trace:
[ 1087.658920][T12885]  <TASK>
[ 1087.661886][T12885]  dump_stack_lvl+0x1e7/0x2d0
[ 1087.666627][T12885]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1087.672142][T12885]  ? panic+0x770/0x770
[ 1087.676259][T12885]  ? kasan_set_track+0x64/0x80
[ 1087.681076][T12885]  should_fail_ex+0x3aa/0x4e0
[ 1087.685829][T12885]  prepare_alloc_pages+0x1d9/0x5b0
[ 1087.691015][T12885]  __alloc_pages+0x16e/0x7f0
[ 1087.695657][T12885]  ? zone_statistics+0x170/0x170
[ 1087.700648][T12885]  ? alloc_pages+0x510/0x780
[ 1087.705289][T12885]  get_zeroed_page+0x17/0x40
[ 1087.709929][T12885]  mon_bin_open+0x237/0x500
[ 1087.714582][T12885]  chrdev_open+0x54e/0x630
[ 1087.719048][T12885]  ? cd_forget+0x160/0x160
[ 1087.723503][T12885]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1087.728738][T12885]  ? fsnotify_perm+0x471/0x590
[ 1087.733556][T12885]  ? cd_forget+0x160/0x160
[ 1087.738014][T12885]  do_dentry_open+0x7f9/0x10f0
[ 1087.742830][T12885]  path_openat+0x27b3/0x3170
[ 1087.747464][T12885]  ? getname_flags+0xbc/0x4e0
[ 1087.752166][T12885]  ? mark_lock+0x9a/0x340
[ 1087.756513][T12885]  ? do_filp_open+0x490/0x490
[ 1087.761205][T12885]  ? alloc_fd+0x59c/0x640
[ 1087.765549][T12885]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1087.771202][T12885]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1087.777210][T12885]  do_filp_open+0x234/0x490
[ 1087.781735][T12885]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1087.786370][T12885]  ? _raw_spin_unlock+0x28/0x40
[ 1087.791238][T12885]  ? alloc_fd+0x59c/0x640
[ 1087.795591][T12885]  do_sys_openat2+0x13f/0x500
[ 1087.800282][T12885]  ? mutex_unlock+0x10/0x10
[ 1087.804795][T12885]  ? do_sys_open+0x230/0x230
[ 1087.809413][T12885]  __x64_sys_openat+0x247/0x290
[ 1087.814275][T12885]  ? __ia32_sys_open+0x270/0x270
[ 1087.819228][T12885]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1087.825245][T12885]  ? lockdep_hardirqs_on+0x98/0x140
[ 1087.830454][T12885]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1087.836447][T12885]  do_syscall_64+0x41/0xc0
[ 1087.840902][T12885]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1087.846810][T12885] RIP: 0033:0x7f9b1943e284
[ 1087.851235][T12885] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1087.870876][T12885] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1087.879315][T12885] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1087.887308][T12885] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1087.895308][T12885] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1087.903292][T12885] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1087.911271][T12885] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1087.919276][T12885]  </TASK>
06:27:31 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x9000000)

06:27:31 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2f00, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000140)={0xae9, "cf2408e8e62bc1dbf3109cd90ea5004b68548708be2987d62224ee123d989ba1"})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x5, 0xffffffff, 0x83, 0x803, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x1, 0xd}, 0x48)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000100)={0x2000, r2}, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000680))
openat$nci(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0)
ioctl$PTP_SYS_OFFSET_EXTENDED(r0, 0xc4c03d09, &(0x7f0000000180)={0x16})

06:27:31 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:27:31 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 81)

06:27:31 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x3000000)

06:27:31 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x2000000)

[ 1088.154332][T12922] FAULT_INJECTION: forcing a failure.
[ 1088.154332][T12922] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1088.173606][T12922] CPU: 0 PID: 12922 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1088.183748][T12922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1088.193855][T12922] Call Trace:
[ 1088.197186][T12922]  <TASK>
[ 1088.200158][T12922]  dump_stack_lvl+0x1e7/0x2d0
[ 1088.204903][T12922]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1088.210422][T12922]  ? panic+0x770/0x770
[ 1088.214600][T12922]  ? kasan_set_track+0x64/0x80
[ 1088.219427][T12922]  should_fail_ex+0x3aa/0x4e0
[ 1088.224165][T12922]  prepare_alloc_pages+0x1d9/0x5b0
[ 1088.229351][T12922]  __alloc_pages+0x16e/0x7f0
[ 1088.233998][T12922]  ? zone_statistics+0x170/0x170
[ 1088.239012][T12922]  ? alloc_pages+0x510/0x780
[ 1088.243664][T12922]  get_zeroed_page+0x17/0x40
[ 1088.248300][T12922]  mon_bin_open+0x237/0x500
[ 1088.252871][T12922]  chrdev_open+0x54e/0x630
[ 1088.257335][T12922]  ? cd_forget+0x160/0x160
[ 1088.261787][T12922]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1088.267004][T12922]  ? fsnotify_perm+0x471/0x590
[ 1088.271796][T12922]  ? cd_forget+0x160/0x160
[ 1088.276227][T12922]  do_dentry_open+0x7f9/0x10f0
[ 1088.281022][T12922]  path_openat+0x27b3/0x3170
[ 1088.285665][T12922]  ? getname_flags+0xbc/0x4e0
[ 1088.290376][T12922]  ? mark_lock+0x9a/0x340
[ 1088.294723][T12922]  ? do_filp_open+0x490/0x490
[ 1088.299426][T12922]  ? alloc_fd+0x59c/0x640
[ 1088.303777][T12922]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1088.309427][T12922]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1088.315477][T12922]  do_filp_open+0x234/0x490
[ 1088.320006][T12922]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1088.324637][T12922]  ? _raw_spin_unlock+0x28/0x40
[ 1088.329534][T12922]  ? alloc_fd+0x59c/0x640
[ 1088.333887][T12922]  do_sys_openat2+0x13f/0x500
[ 1088.338580][T12922]  ? mutex_unlock+0x10/0x10
[ 1088.343094][T12922]  ? do_sys_open+0x230/0x230
[ 1088.347709][T12922]  __x64_sys_openat+0x247/0x290
[ 1088.352607][T12922]  ? __ia32_sys_open+0x270/0x270
[ 1088.357648][T12922]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1088.363641][T12922]  ? lockdep_hardirqs_on+0x98/0x140
[ 1088.368855][T12922]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1088.374851][T12922]  do_syscall_64+0x41/0xc0
[ 1088.379298][T12922]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1088.385208][T12922] RIP: 0033:0x7f9b1943e284
[ 1088.389636][T12922] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1088.409254][T12922] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1088.417704][T12922] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1088.425683][T12922] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1088.433673][T12922] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1088.441673][T12922] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
06:27:31 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xa000000)

[ 1088.449698][T12922] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1088.457715][T12922]  </TASK>
06:27:31 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 82)

[ 1088.572019][T12945] FAULT_INJECTION: forcing a failure.
[ 1088.572019][T12945] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1088.585637][T12945] CPU: 0 PID: 12945 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1088.595768][T12945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1088.605855][T12945] Call Trace:
[ 1088.609146][T12945]  <TASK>
[ 1088.612085][T12945]  dump_stack_lvl+0x1e7/0x2d0
[ 1088.616797][T12945]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1088.622289][T12945]  ? panic+0x770/0x770
[ 1088.626372][T12945]  ? kasan_set_track+0x64/0x80
[ 1088.631159][T12945]  should_fail_ex+0x3aa/0x4e0
[ 1088.635860][T12945]  prepare_alloc_pages+0x1d9/0x5b0
[ 1088.641040][T12945]  __alloc_pages+0x16e/0x7f0
[ 1088.645647][T12945]  ? zone_statistics+0x170/0x170
[ 1088.650615][T12945]  ? alloc_pages+0x510/0x780
[ 1088.655234][T12945]  get_zeroed_page+0x17/0x40
[ 1088.659840][T12945]  mon_bin_open+0x237/0x500
[ 1088.664362][T12945]  chrdev_open+0x54e/0x630
[ 1088.668801][T12945]  ? cd_forget+0x160/0x160
[ 1088.673228][T12945]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1088.678440][T12945]  ? fsnotify_perm+0x471/0x590
[ 1088.683228][T12945]  ? cd_forget+0x160/0x160
[ 1088.687654][T12945]  do_dentry_open+0x7f9/0x10f0
[ 1088.692449][T12945]  path_openat+0x27b3/0x3170
[ 1088.697076][T12945]  ? getname_flags+0xbc/0x4e0
[ 1088.701776][T12945]  ? mark_lock+0x9a/0x340
[ 1088.706127][T12945]  ? do_filp_open+0x490/0x490
[ 1088.710831][T12945]  ? alloc_fd+0x59c/0x640
[ 1088.715174][T12945]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1088.720828][T12945]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1088.726837][T12945]  do_filp_open+0x234/0x490
[ 1088.731365][T12945]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1088.735993][T12945]  ? _raw_spin_unlock+0x28/0x40
[ 1088.740859][T12945]  ? alloc_fd+0x59c/0x640
[ 1088.745209][T12945]  do_sys_openat2+0x13f/0x500
[ 1088.749902][T12945]  ? mutex_unlock+0x10/0x10
[ 1088.754415][T12945]  ? do_sys_open+0x230/0x230
[ 1088.759029][T12945]  __x64_sys_openat+0x247/0x290
[ 1088.763899][T12945]  ? __ia32_sys_open+0x270/0x270
[ 1088.768856][T12945]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1088.774848][T12945]  ? lockdep_hardirqs_on+0x98/0x140
[ 1088.780056][T12945]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1088.786059][T12945]  do_syscall_64+0x41/0xc0
[ 1088.790502][T12945]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1088.796411][T12945] RIP: 0033:0x7f9b1943e284
[ 1088.800844][T12945] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
06:27:31 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4000000)

[ 1088.820462][T12945] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1088.828896][T12945] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1088.836878][T12945] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1088.844858][T12945] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1088.852840][T12945] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1088.860848][T12945] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1088.868849][T12945]  </TASK>
06:27:32 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:32 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 83)

06:27:32 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:27:32 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2f00, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2f00, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000140)={0xae9, "cf2408e8e62bc1dbf3109cd90ea5004b68548708be2987d62224ee123d989ba1"})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x5, 0xffffffff, 0x83, 0x803, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x1, 0xd}, 0x48)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000100)={0x2000, r2}, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000680))
openat$nci(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0)
ioctl$PTP_SYS_OFFSET_EXTENDED(r0, 0xc4c03d09, &(0x7f0000000180)={0x16})

06:27:32 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x5000000)

[ 1089.064269][T12956] FAULT_INJECTION: forcing a failure.
[ 1089.064269][T12956] name fail_page_alloc, interval 1, probability 0, space 0, times 0
06:27:32 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xb000000)

[ 1089.143564][T12956] CPU: 1 PID: 12956 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1089.153717][T12956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1089.163813][T12956] Call Trace:
[ 1089.167106][T12956]  <TASK>
[ 1089.170049][T12956]  dump_stack_lvl+0x1e7/0x2d0
[ 1089.174771][T12956]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1089.180254][T12956]  ? panic+0x770/0x770
[ 1089.184335][T12956]  ? kasan_set_track+0x64/0x80
[ 1089.189119][T12956]  should_fail_ex+0x3aa/0x4e0
[ 1089.193821][T12956]  prepare_alloc_pages+0x1d9/0x5b0
[ 1089.198962][T12956]  __alloc_pages+0x16e/0x7f0
[ 1089.203572][T12956]  ? zone_statistics+0x170/0x170
[ 1089.208532][T12956]  ? alloc_pages+0x510/0x780
[ 1089.213143][T12956]  get_zeroed_page+0x17/0x40
[ 1089.217744][T12956]  mon_bin_open+0x237/0x500
[ 1089.222275][T12956]  chrdev_open+0x54e/0x630
[ 1089.226707][T12956]  ? cd_forget+0x160/0x160
[ 1089.231130][T12956]  ? do_raw_spin_unlock+0x13b/0x8b0
[ 1089.236387][T12956]  ? fsnotify_perm+0x471/0x590
[ 1089.241171][T12956]  ? cd_forget+0x160/0x160
[ 1089.245600][T12956]  do_dentry_open+0x7f9/0x10f0
[ 1089.250427][T12956]  path_openat+0x27b3/0x3170
[ 1089.255049][T12956]  ? getname_flags+0xbc/0x4e0
[ 1089.259774][T12956]  ? mark_lock+0x9a/0x340
[ 1089.264116][T12956]  ? do_filp_open+0x490/0x490
[ 1089.268810][T12956]  ? alloc_fd+0x59c/0x640
[ 1089.273154][T12956]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1089.278832][T12956]  ? __bpf_trace_rcu_stall_warning+0x10/0x10
[ 1089.284863][T12956]  do_filp_open+0x234/0x490
[ 1089.289416][T12956]  ? vfs_tmpfile+0x4a0/0x4a0
[ 1089.294080][T12956]  ? _raw_spin_unlock+0x28/0x40
[ 1089.298948][T12956]  ? alloc_fd+0x59c/0x640
[ 1089.303302][T12956]  do_sys_openat2+0x13f/0x500
[ 1089.307992][T12956]  ? mutex_unlock+0x10/0x10
[ 1089.312510][T12956]  ? do_sys_open+0x230/0x230
[ 1089.317122][T12956]  __x64_sys_openat+0x247/0x290
[ 1089.321984][T12956]  ? __ia32_sys_open+0x270/0x270
[ 1089.326933][T12956]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1089.332928][T12956]  ? lockdep_hardirqs_on+0x98/0x140
[ 1089.338170][T12956]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1089.344173][T12956]  do_syscall_64+0x41/0xc0
[ 1089.348617][T12956]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1089.354527][T12956] RIP: 0033:0x7f9b1943e284
[ 1089.358951][T12956] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[ 1089.378569][T12956] RSP: 002b:00007f9b1a190ca0 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[ 1089.386993][T12956] RAX: ffffffffffffffda RBX: 6666666666666667 RCX: 00007f9b1943e284
[ 1089.394973][T12956] RDX: 0000000000004100 RSI: 00007f9b1a190d40 RDI: 00000000ffffff9c
[ 1089.402981][T12956] RBP: 00007f9b1a190d40 R08: 0000000000000000 R09: 0000000000000000
[ 1089.410985][T12956] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000004100
[ 1089.418977][T12956] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1089.426981][T12956]  </TASK>
06:27:32 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (fail_nth: 84)

06:27:32 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000)) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)

[ 1089.537076][T12987] FAULT_INJECTION: forcing a failure.
[ 1089.537076][T12987] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1089.557925][T12987] CPU: 1 PID: 12987 Comm: syz-executor.4 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1089.568079][T12987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1089.578181][T12987] Call Trace:
[ 1089.581503][T12987]  <TASK>
[ 1089.584527][T12987]  dump_stack_lvl+0x1e7/0x2d0
[ 1089.589285][T12987]  ? nf_tcp_handle_invalid+0x650/0x650
[ 1089.594805][T12987]  ? panic+0x770/0x770
[ 1089.598932][T12987]  ? snprintf+0xda/0x120
[ 1089.603228][T12987]  should_fail_ex+0x3aa/0x4e0
[ 1089.607962][T12987]  _copy_to_user+0x2f/0x130
[ 1089.612520][T12987]  simple_read_from_buffer+0xca/0x150
[ 1089.617956][T12987]  proc_fail_nth_read+0x1a7/0x210
[ 1089.623033][T12987]  ? proc_fault_inject_write+0x390/0x390
[ 1089.628723][T12987]  ? fsnotify_perm+0x42f/0x590
[ 1089.633536][T12987]  ? proc_fault_inject_write+0x390/0x390
[ 1089.639235][T12987]  vfs_read+0x2f1/0xbe0
[ 1089.643457][T12987]  ? kernel_read+0x1f0/0x1f0
[ 1089.648108][T12987]  ? mutex_lock_nested+0x1b/0x20
[ 1089.653093][T12987]  ? __fdget_pos+0x254/0x2f0
[ 1089.657749][T12987]  ? ksys_read+0x7b/0x2c0
[ 1089.662117][T12987]  ksys_read+0x1a0/0x2c0
[ 1089.666382][T12987]  ? print_irqtrace_events+0x220/0x220
[ 1089.671871][T12987]  ? vfs_write+0xbb0/0xbb0
[ 1089.676320][T12987]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1089.682315][T12987]  ? lockdep_hardirqs_on+0x98/0x140
[ 1089.687525][T12987]  ? syscall_enter_from_user_mode+0x32/0x2c0
[ 1089.693521][T12987]  do_syscall_64+0x41/0xc0
[ 1089.697955][T12987]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1089.703861][T12987] RIP: 0033:0x7f9b1943df1c
[ 1089.708289][T12987] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 1089.728085][T12987] RSP: 002b:00007f9b1a191160 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
06:27:32 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2f00, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000140)={0xae9, "cf2408e8e62bc1dbf3109cd90ea5004b68548708be2987d62224ee123d989ba1"})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x5, 0xffffffff, 0x83, 0x803, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x1, 0xd}, 0x48)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000100)={0x2000, r2}, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000680))
openat$nci(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0)
ioctl$PTP_SYS_OFFSET_EXTENDED(r0, 0xc4c03d09, &(0x7f0000000180)={0x16})

06:27:32 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x6000000)

[ 1089.736520][T12987] RAX: ffffffffffffffda RBX: 00007f9b195abf80 RCX: 00007f9b1943df1c
[ 1089.744504][T12987] RDX: 000000000000000f RSI: 00007f9b1a1911e0 RDI: 0000000000000003
[ 1089.752483][T12987] RBP: 00007f9b1a1911d0 R08: 0000000000000000 R09: 0000000000000000
[ 1089.760466][T12987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1089.768446][T12987] R13: 00007fffed4f6b3f R14: 00007f9b1a191300 R15: 0000000000022000
[ 1089.776446][T12987]  </TASK>
06:27:32 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2f00, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000140)={0xae9, "cf2408e8e62bc1dbf3109cd90ea5004b68548708be2987d62224ee123d989ba1"})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x5, 0xffffffff, 0x83, 0x803, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x1, 0xd}, 0x48)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000100)={0x2000, r2}, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000680))
openat$nci(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0)
ioctl$PTP_SYS_OFFSET_EXTENDED(r0, 0xc4c03d09, &(0x7f0000000180)={0x16})

06:27:32 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

06:27:32 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000)) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)

06:27:32 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xc000000)

06:27:33 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x2, 0x4100)

06:27:33 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x7000000)

06:27:33 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x3, 0x4100)

06:27:33 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x4, 0x4100)

06:27:33 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x5, 0x4100)

06:27:33 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x2f00, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000140)={0xae9, "cf2408e8e62bc1dbf3109cd90ea5004b68548708be2987d62224ee123d989ba1"})
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@bloom_filter={0x1e, 0x5, 0xffffffff, 0x83, 0x803, 0x1, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x0, 0x1, 0xd}, 0x48)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000100)={0x2000, r2}, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000680))
openat$nci(0xffffffffffffff9c, &(0x7f0000000640), 0x2, 0x0)
ioctl$PTP_SYS_OFFSET_EXTENDED(r0, 0xc4c03d09, &(0x7f0000000180)={0x16})

06:27:33 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
ioctl$SCSI_IOCTL_TEST_UNIT_READY(0xffffffffffffffff, 0x2)

06:27:33 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x8000000)

06:27:33 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xd000000)

06:27:33 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00'})
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept4$ax25(r1, 0x0, &(0x7f0000000080), 0x180000)

06:27:33 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x6, 0x4100)

06:27:33 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
ioctl$SCSI_IOCTL_TEST_UNIT_READY(0xffffffffffffffff, 0x2)

06:27:33 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00'})
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept4$ax25(r1, 0x0, &(0x7f0000000080), 0x180000)

06:27:33 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x7, 0x4100)

06:27:33 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xe000000)

06:27:33 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x9000000)

06:27:33 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x8, 0x4100)

06:27:33 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00'})
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept4$ax25(r1, 0x0, &(0x7f0000000080), 0x180000)

06:27:33 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x9, 0x4100)

06:27:33 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
ioctl$SCSI_IOCTL_TEST_UNIT_READY(0xffffffffffffffff, 0x2)

06:27:33 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00'})
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept4$ax25(r1, 0x0, &(0x7f0000000080), 0x180000)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00'}) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
accept4$ax25(r1, 0x0, &(0x7f0000000080), 0x180000) (async)

06:27:33 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x10000000)

06:27:33 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xa, 0x4100)

06:27:33 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xa000000)

06:27:33 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0x0, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x101}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xc01}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20040010}, 0x4004010)
socket$can_j1939(0x1d, 0x2, 0x7)

06:27:34 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xb, 0x4100)

06:27:34 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
read$smackfs_logging(r1, &(0x7f0000000080), 0x14)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f00000000c0)={<r2=>0x0, 0x0, r1})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r1, 0xc01064c1, &(0x7f0000000100)={r2})
ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f00000001c0))

06:27:34 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x11000000)

06:27:34 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00'})
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept4$ax25(r1, 0x0, &(0x7f0000000080), 0x180000)

06:27:34 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xc, 0x4100)

06:27:34 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async, rerun: 32)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (rerun: 32)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0x0, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x101}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xc01}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20040010}, 0x4004010) (async)
socket$can_j1939(0x1d, 0x2, 0x7)

06:27:34 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xb000000)

06:27:34 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
read$smackfs_logging(r1, &(0x7f0000000080), 0x14)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f00000000c0)={<r2=>0x0, 0x0, r1})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r1, 0xc01064c1, &(0x7f0000000100)={r2}) (async)
ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f00000001c0))

06:27:34 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00'})
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept4$ax25(r1, 0x0, &(0x7f0000000080), 0x180000)

06:27:34 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xd, 0x4100)

06:27:34 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x12000000)

06:27:34 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xe, 0x4100)

06:27:34 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
read$smackfs_logging(r1, &(0x7f0000000080), 0x14)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f00000000c0)={<r2=>0x0, 0x0, r1})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r1, 0xc01064c1, &(0x7f0000000100)={r2})
ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f00000001c0))
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000)) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
read$smackfs_logging(r1, &(0x7f0000000080), 0x14) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f00000000c0)={0x0, 0x0, r1}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r1, 0xc01064c1, &(0x7f0000000100)={r2}) (async)
ioctl$DRM_IOCTL_ADD_CTX(r1, 0xc0086420, &(0x7f00000001c0)) (async)

06:27:34 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xc000000)

06:27:34 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0x0, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x101}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xc01}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20040010}, 0x4004010)
socket$can_j1939(0x1d, 0x2, 0x7)

06:27:34 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x10, 0x4100)

06:27:34 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x18000000)

06:27:34 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00'})
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
accept4$ax25(r1, 0x0, &(0x7f0000000080), 0x180000)

06:27:34 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x11, 0x4100)

06:27:34 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x12, 0x4100)

06:27:34 executing program 0:
r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r0, 0x10, 0x70bd27, 0x25dfdbff, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000086}, 0x4)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r0, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20004800)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:34 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0)
landlock_restrict_self(r1, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000000080)={0x1c, 0x1402, 0x4, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48080}, 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
getuid()
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000280), 0x129b00, 0x0)
ioctl$VHOST_SET_FEATURES(r4, 0x4008af00, &(0x7f00000002c0)=0x100000000)
ioctl$PTP_SYS_OFFSET_EXTENDED(r4, 0xc4c03d09, &(0x7f0000000580)={0x11})
sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1800000004141c0425bd7000ffdbdf25080001f24c164400"], 0x18}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000001)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000000)={0x4502, r2}, 0x0)
accept$ax25(0xffffffffffffffff, &(0x7f00000000c0)={{0x3, @netrom}, [@rose, @remote, @netrom, @remote, @bcast, @default, @bcast, @rose]}, &(0x7f0000000140)=0x48)

06:27:34 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00'})
accept4$ax25(0xffffffffffffffff, 0x0, &(0x7f0000000080), 0x180000)

06:27:34 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x18, 0x4100)

06:27:34 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x25, 0x4100)

06:27:34 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xd000000)

06:27:34 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x20000000)

06:27:35 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x41, 0x4100)

06:27:35 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x5c, 0x4100)

06:27:35 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00'})
accept4$ax25(0xffffffffffffffff, 0x0, &(0x7f0000000080), 0x180000)

06:27:35 executing program 0:
r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r0, 0x10, 0x70bd27, 0x25dfdbff, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000086}, 0x4)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r0, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20004800)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff) (async)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r0, 0x10, 0x70bd27, 0x25dfdbff, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000086}, 0x4) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r0, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20004800) (async)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)

06:27:35 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x21120000)

06:27:35 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0)
landlock_restrict_self(r1, 0x0) (async)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000000080)={0x1c, 0x1402, 0x4, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48080}, 0x0) (async)
r3 = socket$nl_rdma(0x10, 0x3, 0x14) (async)
getuid() (async)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000280), 0x129b00, 0x0)
ioctl$VHOST_SET_FEATURES(r4, 0x4008af00, &(0x7f00000002c0)=0x100000000) (async)
ioctl$PTP_SYS_OFFSET_EXTENDED(r4, 0xc4c03d09, &(0x7f0000000580)={0x11}) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1800000004141c0425bd7000ffdbdf25080001f24c164400"], 0x18}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000001)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000000)={0x4502, r2}, 0x0)
accept$ax25(0xffffffffffffffff, &(0x7f00000000c0)={{0x3, @netrom}, [@rose, @remote, @netrom, @remote, @bcast, @default, @bcast, @rose]}, &(0x7f0000000140)=0x48)

06:27:35 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x300, 0x4100)

06:27:35 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'vxcan0\x00'})
accept4$ax25(0xffffffffffffffff, 0x0, &(0x7f0000000080), 0x180000)

06:27:35 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xe000000)

06:27:35 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x500, 0x4100)

06:27:35 executing program 0:
r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r0, 0x10, 0x70bd27, 0x25dfdbff, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000086}, 0x4) (async)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$IEEE802154_LLSEC_LIST_DEVKEY(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r0, 0x1, 0x70bd2d, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20004800) (async)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:35 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0)
landlock_restrict_self(r1, 0x0) (async)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000000080)={0x1c, 0x1402, 0x4, 0x0, 0x0, "", [@RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz1\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48080}, 0x0) (async, rerun: 32)
r3 = socket$nl_rdma(0x10, 0x3, 0x14) (rerun: 32)
getuid() (async)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000280), 0x129b00, 0x0)
ioctl$VHOST_SET_FEATURES(r4, 0x4008af00, &(0x7f00000002c0)=0x100000000) (async)
ioctl$PTP_SYS_OFFSET_EXTENDED(r4, 0xc4c03d09, &(0x7f0000000580)={0x11})
sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1800000004141c0425bd7000ffdbdf25080001f24c164400"], 0x18}, 0x1, 0x0, 0x0, 0x4000000}, 0x24000001) (async)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000000)={0x4502, r2}, 0x0)
accept$ax25(0xffffffffffffffff, &(0x7f00000000c0)={{0x3, @netrom}, [@rose, @remote, @netrom, @remote, @bcast, @default, @bcast, @rose]}, &(0x7f0000000140)=0x48)

06:27:35 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x25000000)

06:27:35 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
accept4$ax25(r1, 0x0, &(0x7f0000000080), 0x180000)

06:27:35 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x600, 0x4100)

06:27:35 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x10000000)

06:27:35 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
write$vhost_msg(r1, &(0x7f00000001c0)={0x1, {&(0x7f0000000000)=""/1, 0x1, &(0x7f0000000080)=""/133, 0x1, 0x3}}, 0x48)

06:27:35 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x700, 0x4100)

06:27:35 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x3d110000)

06:27:35 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x900, 0x4100)

06:27:35 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x24)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x0, {&(0x7f0000000040)=""/215, 0xd7, &(0x7f0000000140)=""/253, 0x1, 0x3}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000300), 0x121000, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000340), r1)

06:27:35 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
accept4$ax25(r0, 0x0, &(0x7f0000000080), 0x180000)

06:27:35 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x11000000)

06:27:35 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xa00, 0x4100)

06:27:35 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
write$vhost_msg(r1, &(0x7f00000001c0)={0x1, {&(0x7f0000000000)=""/1, 0x1, &(0x7f0000000080)=""/133, 0x1, 0x3}}, 0x48)

06:27:36 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
accept4$ax25(r0, 0x0, &(0x7f0000000080), 0x180000)

06:27:36 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x3f000000)

06:27:36 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
accept4$ax25(r0, 0x0, &(0x7f0000000080), 0x180000)

06:27:36 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x24) (async)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x0, {&(0x7f0000000040)=""/215, 0xd7, &(0x7f0000000140)=""/253, 0x1, 0x3}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000300), 0x121000, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000340), r1)

06:27:36 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xb00, 0x4100)

06:27:36 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x12000000)

06:27:36 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async, rerun: 32)
write$vhost_msg(r1, &(0x7f00000001c0)={0x1, {&(0x7f0000000000)=""/1, 0x1, &(0x7f0000000080)=""/133, 0x1, 0x3}}, 0x48) (rerun: 32)

06:27:36 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
accept4$ax25(r0, 0x0, &(0x7f0000000080), 0x180000)

06:27:36 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xc00, 0x4100)

06:27:36 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x24) (async)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x0, {&(0x7f0000000040)=""/215, 0xd7, &(0x7f0000000140)=""/253, 0x1, 0x3}}, 0x48) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000300), 0x121000, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000340), r1)

06:27:36 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
accept4$ax25(r0, 0x0, &(0x7f0000000080), 0x180000)

06:27:36 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xd00, 0x4100)

06:27:36 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x40000000)

06:27:36 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r1)
write$vhost_msg(r0, 0x0, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r1)

06:27:36 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x18000000)

06:27:36 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000000)={0x2000}, 0x8, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000080)={0x1000, r2}, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:36 executing program 2:
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
accept4$ax25(0xffffffffffffffff, 0x0, &(0x7f0000000080), 0x180000)

06:27:36 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r1)
write$vhost_msg(r0, 0x0, 0x0)
syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r1)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000)) (async)
openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r1) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r1) (async)

06:27:36 executing program 2:
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
accept4$ax25(0xffffffffffffffff, 0x0, &(0x7f0000000080), 0x180000)

06:27:36 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xe00, 0x4100)

06:27:36 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x48000000)

06:27:36 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
landlock_create_ruleset(&(0x7f0000000000)={0x2000}, 0x8, 0x0) (async)
r1 = landlock_create_ruleset(&(0x7f0000000000)={0x2000}, 0x8, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000080)={0x1000, r2}, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:36 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x20000000)

06:27:36 executing program 2:
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
accept4$ax25(0xffffffffffffffff, 0x0, &(0x7f0000000080), 0x180000)

06:27:36 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x1100, 0x4100)

06:27:36 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000)) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r1) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r1)

06:27:36 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4b110000)

06:27:37 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
accept4$ax25(r0, 0x0, 0x0, 0x180000)

06:27:37 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r1 = landlock_create_ruleset(&(0x7f0000000000)={0x2000}, 0x8, 0x0) (async)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000080)={0x1000, r2}, 0x0) (async, rerun: 32)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (rerun: 32)

06:27:37 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x21120000)

06:27:37 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
accept4$ax25(r0, 0x0, 0x0, 0x0)

06:27:37 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x1200, 0x4100)

06:27:37 executing program 5:
accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x10, 0x800)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
landlock_create_ruleset(&(0x7f00000000c0)={0x228}, 0x8, 0x0)

06:27:37 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
accept4$ax25(r0, 0x0, 0x0, 0x0)

06:27:37 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4c000000)

06:27:37 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x1800, 0x4100)

06:27:37 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x2000, 0x4100)

06:27:37 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x9, 0x1c3600)
ioctl$MON_IOCQ_URB_LEN(r0, 0x9201)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x2, 0x1}}, 0x48)

06:27:37 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x25000000)

06:27:37 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
accept4$ax25(r0, 0x0, 0x0, 0x0)

06:27:37 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x2500, 0x4100)

06:27:37 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x5c000000)

06:27:37 executing program 5:
accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x10, 0x800) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
landlock_create_ruleset(&(0x7f00000000c0)={0x228}, 0x8, 0x0)

06:27:37 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x3f00, 0x4100)

06:27:37 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x48000000)

06:27:37 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x9, 0x1c3600)
ioctl$MON_IOCQ_URB_LEN(r0, 0x9201) (async)
ioctl$MON_IOCQ_URB_LEN(r0, 0x9201)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x2, 0x1}}, 0x48)

06:27:37 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x3d110000)

06:27:37 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x4100, 0x4100)

06:27:37 executing program 5:
accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x10, 0x800) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
landlock_create_ruleset(&(0x7f00000000c0)={0x228}, 0x8, 0x0)

06:27:37 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x60000000)

06:27:37 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x48000000)

06:27:37 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x5c00, 0x4100)

06:27:37 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x9, 0x1c3600)
ioctl$MON_IOCQ_URB_LEN(r0, 0x9201)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x2, 0x1}}, 0x48)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x9, 0x1c3600) (async)
ioctl$MON_IOCQ_URB_LEN(r0, 0x9201) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x2, 0x1}}, 0x48) (async)

06:27:37 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x3f000000)

06:27:38 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x200000, 0x4100)

06:27:38 executing program 2:
syz_open_dev$usbmon(&(0x7f0000000000), 0x4100, 0x4100)

06:27:38 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x68000000)

06:27:38 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000000b1404002dbd6400ffdbdf25080001000000000056f0b17c010000000800010002000000080003000000000008003f0000000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x20040080)
write$vhost_msg(r0, 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, 0x0)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f0000001180)={&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000180)=""/4096, 0x1000})
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x2d8401, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f00000011c0)={<r2=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000001200)={<r3=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000012c0)={&(0x7f0000001240)=[r2, 0x0, 0x0, 0x0, 0x0, r3], &(0x7f0000001280)=[0x14, 0x530, 0xff, 0x0, 0x1, 0xfffffffffffff36e, 0x1, 0x2], 0x6, 0x1})

06:27:38 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x40000000)

06:27:38 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
getsockopt$PNPIPE_ENCAP(r1, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000080)=0x4)

06:27:38 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x1000000, 0x4100)

06:27:38 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x3f000000)

06:27:38 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000000b1404002dbd6400ffdbdf25080001000000000056f0b17c010000000800010002000000080003000000000008003f0000000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x20040080)
write$vhost_msg(r0, 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, 0x0)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f0000001180)={&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000180)=""/4096, 0x1000})
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x2d8401, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f00000011c0)={<r2=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000001200)={<r3=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000012c0)={&(0x7f0000001240)=[r2, 0x0, 0x0, 0x0, 0x0, r3], &(0x7f0000001280)=[0x14, 0x530, 0xff, 0x0, 0x1, 0xfffffffffffff36e, 0x1, 0x2], 0x6, 0x1})
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000000b1404002dbd6400ffdbdf25080001000000000056f0b17c010000000800010002000000080003000000000008003f0000000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x20040080) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, 0x0) (async)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f0000001180)={&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000180)=""/4096, 0x1000}) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x2d8401, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f00000011c0)={0x0, 0x1}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000001200)) (async)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000012c0)={&(0x7f0000001240)=[r2, 0x0, 0x0, 0x0, 0x0, r3], &(0x7f0000001280)=[0x14, 0x530, 0xff, 0x0, 0x1, 0xfffffffffffff36e, 0x1, 0x2], 0x6, 0x1}) (async)

06:27:38 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x2000000, 0x4100)

06:27:38 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x6c000000)

06:27:38 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x3000000, 0x4100)

06:27:38 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x3f000000)

06:27:38 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async, rerun: 32)
getsockopt$PNPIPE_ENCAP(r1, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000080)=0x4) (rerun: 32)

06:27:38 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x41000000)

06:27:38 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000000b1404002dbd6400ffdbdf25080001000000000056f0b17c010000000800010002000000080003000000000008003f0000000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x20040080)
write$vhost_msg(r0, 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, 0x0)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f0000001180)={&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000180)=""/4096, 0x1000})
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x2d8401, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f00000011c0)={<r2=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000001200)={<r3=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000012c0)={&(0x7f0000001240)=[r2, 0x0, 0x0, 0x0, 0x0, r3], &(0x7f0000001280)=[0x14, 0x530, 0xff, 0x0, 0x1, 0xfffffffffffff36e, 0x1, 0x2], 0x6, 0x1})
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000000b1404002dbd6400ffdbdf25080001000000000056f0b17c010000000800010002000000080003000000000008003f0000000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x20040080) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, 0x0) (async)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f0000001180)={&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000180)=""/4096, 0x1000}) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x2d8401, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f00000011c0)={0x0, 0x1}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000001200)) (async)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000012c0)={&(0x7f0000001240)=[r2, 0x0, 0x0, 0x0, 0x0, r3], &(0x7f0000001280)=[0x14, 0x530, 0xff, 0x0, 0x1, 0xfffffffffffff36e, 0x1, 0x2], 0x6, 0x1}) (async)

06:27:38 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x4000000, 0x4100)

06:27:38 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x74000000)

06:27:38 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000000b1404002dbd6400ffdbdf25080001000000000056f0b17c010000000800010002000000080003000000000008003f0000000000"], 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x20040080)
write$vhost_msg(r0, 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, 0x0)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f0000001180)={&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000180)=""/4096, 0x1000})
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x2d8401, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, &(0x7f00000011c0)={<r2=>0x0, 0x1})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000001200)={<r3=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f00000012c0)={&(0x7f0000001240)=[r2, 0x0, 0x0, 0x0, 0x0, r3], &(0x7f0000001280)=[0x14, 0x530, 0xff, 0x0, 0x1, 0xfffffffffffff36e, 0x1, 0x2], 0x6, 0x1})

06:27:38 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
getsockopt$PNPIPE_ENCAP(r1, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000080)=0x4)

06:27:38 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x5000000, 0x4100)

06:27:38 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x48000000)

06:27:38 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
read$usbmon(0xffffffffffffffff, &(0x7f0000000040)=""/118, 0x76)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_CONTROL(r2, 0x40086414, &(0x7f00000000c0))
ioctl$MON_IOCQ_URB_LEN(r1, 0x9201)

06:27:38 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x6000000, 0x4100)

06:27:38 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x41000000)

06:27:38 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x7000000, 0x4100)

06:27:38 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x7a000000)

06:27:39 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4b110000)

06:27:39 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x8000000, 0x4100)

06:27:39 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
getsockopt$SO_J1939_ERRQUEUE(r1, 0x6b, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4)

06:27:39 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
read$usbmon(0xffffffffffffffff, &(0x7f0000000040)=""/118, 0x76)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_CONTROL(r2, 0x40086414, &(0x7f00000000c0))
ioctl$MON_IOCQ_URB_LEN(r1, 0x9201)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
read$usbmon(0xffffffffffffffff, &(0x7f0000000040)=""/118, 0x76) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_CONTROL(r2, 0x40086414, &(0x7f00000000c0)) (async)
ioctl$MON_IOCQ_URB_LEN(r1, 0x9201) (async)

06:27:39 executing program 2:
syz_open_dev$usbmon(&(0x7f0000000000), 0x6000000, 0x4100)

06:27:39 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x9000000, 0x4100)

06:27:39 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x97ffffff)

06:27:39 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xa000000, 0x4100)

06:27:39 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xb000000, 0x4100)

06:27:39 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
getsockopt$SO_J1939_ERRQUEUE(r1, 0x6b, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
socket$can_j1939(0x1d, 0x2, 0x7) (async)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0) (async)
getsockopt$SO_J1939_ERRQUEUE(r1, 0x6b, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4) (async)

06:27:39 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
getsockopt$SO_J1939_ERRQUEUE(r1, 0x6b, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4)

06:27:39 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4c000000)

06:27:39 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xebffffff)

06:27:39 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
read$usbmon(0xffffffffffffffff, &(0x7f0000000040)=""/118, 0x76)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_CONTROL(r2, 0x40086414, &(0x7f00000000c0))
ioctl$MON_IOCQ_URB_LEN(r1, 0x9201)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
read$usbmon(0xffffffffffffffff, &(0x7f0000000040)=""/118, 0x76) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_CONTROL(r2, 0x40086414, &(0x7f00000000c0)) (async)
ioctl$MON_IOCQ_URB_LEN(r1, 0x9201) (async)

06:27:39 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xc000000, 0x4100)

06:27:39 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
getsockopt$SO_J1939_ERRQUEUE(r1, 0x6b, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4)

06:27:39 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xfdffffff)

06:27:39 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xd000000, 0x4100)

06:27:39 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_clone(0xcc040400, &(0x7f0000000180)="79d0fcbead175aea98ad6bafc51e53b4a4d39e7f9f9d45d02321ec1249892e46324126e2205fd14797374311fc2b7a537143a329e50511389043788ba1e4201ec44344424fb225dd69d5d3001d14a9ffeef22a3a71ae12878f6d7a45c74b518b74d887c4ae9f3bcdf70ff37f7e09451cbd6f7e", 0x73, &(0x7f0000000300), &(0x7f0000000000), &(0x7f0000000240)="178085357bc9fed84b63eef0210158d8116b1ff3150d8e5f63246114d6e963a5ae922dd5dc3ced9ed0564194d6e564ee0e9766cadf52d701306815edaeb36eae6901f43b593303f318568e4a93b4e0feb7d65183674bedfaddb652ab54f460be764e237ddbb5606596e111830cba17966495ff73383f13d12c13908a50a64de9d856fa653907daa005697319ec1d2720fed4db9bd4fc96686dc09b3650e88a538e556f9fe1d9")
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
read$usbmon(0xffffffffffffffff, &(0x7f0000000080)=""/194, 0xc2)

06:27:39 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x5c000000)

06:27:39 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
getsockopt$SO_J1939_ERRQUEUE(r1, 0x6b, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4)

06:27:39 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
getsockopt$SO_J1939_ERRQUEUE(r1, 0x6b, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4)

06:27:39 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xe000000, 0x4100)

06:27:39 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xffff1f00)

06:27:39 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x9c, 0x9c, 0xb, [@union={0x10, 0x2, 0x0, 0x5, 0x0, 0xda5a, [{0xd, 0x1, 0x3}, {0x10, 0x5, 0x2}]}, @const={0xc, 0x0, 0x0, 0xa, 0x1}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x5, 0x5, 0x2}}, @ptr={0x6, 0x0, 0x0, 0x2, 0x1}, @enum={0x10000, 0x6, 0x0, 0x6, 0x4, [{0x8, 0x101}, {0xb}, {0xf, 0xaf46}, {0x3, 0x7fffffff}, {0x3, 0x8}, {0xc, 0x3}]}, @func={0x6, 0x0, 0x0, 0xc, 0x2}]}, {0x0, [0x0, 0x30, 0x61, 0x61, 0x2e, 0x30, 0x61, 0x2e, 0x5f]}}, &(0x7f00000001c0)=""/135, 0xbf, 0x87}, 0x20)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
sendto$isdn(0xffffffffffffffff, &(0x7f0000000280)={0xa8d, 0x7fffffff, "99e3b11726d1f97c902bb9980c9340b379eea6de9ce25d193fbeb9535b542fa99f07841567c381232f005f369766455f0fea8eb9a9f9a637fc272842fd660da0828418ed75320b97ce64227aac4edc305ee8cf2121b742370c2e9b64825b1b56a7e16849634a1ba42b4526f6d911aaa4cc51fba3ab32240c433ebb7f64e20229335737475aa187c0408bcee0a96aa25ac2cb3865b11d0ad917319ba0056a53f3afb2171befc27a748f8142406346ca7dbbce46ef4a9862eed3ff8496bba41d"}, 0xc7, 0x4000884, &(0x7f0000000380)={0x22, 0xff, 0x6, 0x20, 0x7}, 0x6)

06:27:40 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x60000000)

06:27:40 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x10000000, 0x4100)

06:27:40 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_ERRQUEUE(r1, 0x6b, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4)

06:27:40 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x11000000, 0x4100)

06:27:40 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_clone(0xcc040400, &(0x7f0000000180)="79d0fcbead175aea98ad6bafc51e53b4a4d39e7f9f9d45d02321ec1249892e46324126e2205fd14797374311fc2b7a537143a329e50511389043788ba1e4201ec44344424fb225dd69d5d3001d14a9ffeef22a3a71ae12878f6d7a45c74b518b74d887c4ae9f3bcdf70ff37f7e09451cbd6f7e", 0x73, &(0x7f0000000300), &(0x7f0000000000), &(0x7f0000000240)="178085357bc9fed84b63eef0210158d8116b1ff3150d8e5f63246114d6e963a5ae922dd5dc3ced9ed0564194d6e564ee0e9766cadf52d701306815edaeb36eae6901f43b593303f318568e4a93b4e0feb7d65183674bedfaddb652ab54f460be764e237ddbb5606596e111830cba17966495ff73383f13d12c13908a50a64de9d856fa653907daa005697319ec1d2720fed4db9bd4fc96686dc09b3650e88a538e556f9fe1d9")
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0)
read$usbmon(0xffffffffffffffff, &(0x7f0000000080)=""/194, 0xc2) (async)
read$usbmon(0xffffffffffffffff, &(0x7f0000000080)=""/194, 0xc2)

06:27:40 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xffffff7f)

06:27:40 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x9c, 0x9c, 0xb, [@union={0x10, 0x2, 0x0, 0x5, 0x0, 0xda5a, [{0xd, 0x1, 0x3}, {0x10, 0x5, 0x2}]}, @const={0xc, 0x0, 0x0, 0xa, 0x1}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x5, 0x5, 0x2}}, @ptr={0x6, 0x0, 0x0, 0x2, 0x1}, @enum={0x10000, 0x6, 0x0, 0x6, 0x4, [{0x8, 0x101}, {0xb}, {0xf, 0xaf46}, {0x3, 0x7fffffff}, {0x3, 0x8}, {0xc, 0x3}]}, @func={0x6, 0x0, 0x0, 0xc, 0x2}]}, {0x0, [0x0, 0x30, 0x61, 0x61, 0x2e, 0x30, 0x61, 0x2e, 0x5f]}}, &(0x7f00000001c0)=""/135, 0xbf, 0x87}, 0x20)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
sendto$isdn(0xffffffffffffffff, &(0x7f0000000280)={0xa8d, 0x7fffffff, "99e3b11726d1f97c902bb9980c9340b379eea6de9ce25d193fbeb9535b542fa99f07841567c381232f005f369766455f0fea8eb9a9f9a637fc272842fd660da0828418ed75320b97ce64227aac4edc305ee8cf2121b742370c2e9b64825b1b56a7e16849634a1ba42b4526f6d911aaa4cc51fba3ab32240c433ebb7f64e20229335737475aa187c0408bcee0a96aa25ac2cb3865b11d0ad917319ba0056a53f3afb2171befc27a748f8142406346ca7dbbce46ef4a9862eed3ff8496bba41d"}, 0xc7, 0x4000884, &(0x7f0000000380)={0x22, 0xff, 0x6, 0x20, 0x7}, 0x6)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x9c, 0x9c, 0xb, [@union={0x10, 0x2, 0x0, 0x5, 0x0, 0xda5a, [{0xd, 0x1, 0x3}, {0x10, 0x5, 0x2}]}, @const={0xc, 0x0, 0x0, 0xa, 0x1}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x5, 0x5, 0x2}}, @ptr={0x6, 0x0, 0x0, 0x2, 0x1}, @enum={0x10000, 0x6, 0x0, 0x6, 0x4, [{0x8, 0x101}, {0xb}, {0xf, 0xaf46}, {0x3, 0x7fffffff}, {0x3, 0x8}, {0xc, 0x3}]}, @func={0x6, 0x0, 0x0, 0xc, 0x2}]}, {0x0, [0x0, 0x30, 0x61, 0x61, 0x2e, 0x30, 0x61, 0x2e, 0x5f]}}, &(0x7f00000001c0)=""/135, 0xbf, 0x87}, 0x20) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
sendto$isdn(0xffffffffffffffff, &(0x7f0000000280)={0xa8d, 0x7fffffff, "99e3b11726d1f97c902bb9980c9340b379eea6de9ce25d193fbeb9535b542fa99f07841567c381232f005f369766455f0fea8eb9a9f9a637fc272842fd660da0828418ed75320b97ce64227aac4edc305ee8cf2121b742370c2e9b64825b1b56a7e16849634a1ba42b4526f6d911aaa4cc51fba3ab32240c433ebb7f64e20229335737475aa187c0408bcee0a96aa25ac2cb3865b11d0ad917319ba0056a53f3afb2171befc27a748f8142406346ca7dbbce46ef4a9862eed3ff8496bba41d"}, 0xc7, 0x4000884, &(0x7f0000000380)={0x22, 0xff, 0x6, 0x20, 0x7}, 0x6) (async)

06:27:40 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x12000000, 0x4100)

06:27:40 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x68000000)

06:27:40 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
getsockopt$SO_J1939_ERRQUEUE(0xffffffffffffffff, 0x6b, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4)

06:27:40 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x9c, 0x9c, 0xb, [@union={0x10, 0x2, 0x0, 0x5, 0x0, 0xda5a, [{0xd, 0x1, 0x3}, {0x10, 0x5, 0x2}]}, @const={0xc, 0x0, 0x0, 0xa, 0x1}, @array={0x0, 0x0, 0x0, 0x3, 0x0, {0x5, 0x5, 0x2}}, @ptr={0x6, 0x0, 0x0, 0x2, 0x1}, @enum={0x10000, 0x6, 0x0, 0x6, 0x4, [{0x8, 0x101}, {0xb}, {0xf, 0xaf46}, {0x3, 0x7fffffff}, {0x3, 0x8}, {0xc, 0x3}]}, @func={0x6, 0x0, 0x0, 0xc, 0x2}]}, {0x0, [0x0, 0x30, 0x61, 0x61, 0x2e, 0x30, 0x61, 0x2e, 0x5f]}}, &(0x7f00000001c0)=""/135, 0xbf, 0x87}, 0x20) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
sendto$isdn(0xffffffffffffffff, &(0x7f0000000280)={0xa8d, 0x7fffffff, "99e3b11726d1f97c902bb9980c9340b379eea6de9ce25d193fbeb9535b542fa99f07841567c381232f005f369766455f0fea8eb9a9f9a637fc272842fd660da0828418ed75320b97ce64227aac4edc305ee8cf2121b742370c2e9b64825b1b56a7e16849634a1ba42b4526f6d911aaa4cc51fba3ab32240c433ebb7f64e20229335737475aa187c0408bcee0a96aa25ac2cb3865b11d0ad917319ba0056a53f3afb2171befc27a748f8142406346ca7dbbce46ef4a9862eed3ff8496bba41d"}, 0xc7, 0x4000884, &(0x7f0000000380)={0x22, 0xff, 0x6, 0x20, 0x7}, 0x6)

06:27:40 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x18000000, 0x4100)

06:27:40 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_clone(0xcc040400, &(0x7f0000000180)="79d0fcbead175aea98ad6bafc51e53b4a4d39e7f9f9d45d02321ec1249892e46324126e2205fd14797374311fc2b7a537143a329e50511389043788ba1e4201ec44344424fb225dd69d5d3001d14a9ffeef22a3a71ae12878f6d7a45c74b518b74d887c4ae9f3bcdf70ff37f7e09451cbd6f7e", 0x73, &(0x7f0000000300), &(0x7f0000000000), &(0x7f0000000240)="178085357bc9fed84b63eef0210158d8116b1ff3150d8e5f63246114d6e963a5ae922dd5dc3ced9ed0564194d6e564ee0e9766cadf52d701306815edaeb36eae6901f43b593303f318568e4a93b4e0feb7d65183674bedfaddb652ab54f460be764e237ddbb5606596e111830cba17966495ff73383f13d12c13908a50a64de9d856fa653907daa005697319ec1d2720fed4db9bd4fc96686dc09b3650e88a538e556f9fe1d9")
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
read$usbmon(0xffffffffffffffff, &(0x7f0000000080)=""/194, 0xc2) (async)
read$usbmon(0xffffffffffffffff, &(0x7f0000000080)=""/194, 0xc2)

06:27:40 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xffffff97)

06:27:40 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x6c000000)

06:27:40 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x20000000, 0x4100)

06:27:40 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
getsockopt$SO_J1939_ERRQUEUE(0xffffffffffffffff, 0x6b, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4)

06:27:40 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
connect$nfc_raw(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x4}, 0x10)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:40 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xffffffeb)

06:27:40 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x25000000, 0x4100)

06:27:40 executing program 5:
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000000))
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept4$phonet_pipe(r1, 0x0, &(0x7f0000000100), 0x1000)

06:27:40 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x74000000)

06:27:40 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x3f000000, 0x4100)

06:27:40 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
getsockopt$SO_J1939_ERRQUEUE(0xffffffffffffffff, 0x6b, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4)

06:27:40 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
connect$nfc_raw(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x4}, 0x10)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:40 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x41000000, 0x4100)

06:27:41 executing program 5:
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, 0x0) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000000)) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async, rerun: 32)
write$vhost_msg(0xffffffffffffffff, 0x0, 0x0) (async, rerun: 32)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept4$phonet_pipe(r1, 0x0, &(0x7f0000000100), 0x1000)

06:27:41 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xfffffffd)

06:27:41 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x7a000000)

06:27:41 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4)

06:27:41 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x5c000000, 0x4100)

06:27:41 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1000000000)

06:27:41 executing program 5:
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000000))
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(0xffffffffffffffff, 0x0, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept4$phonet_pipe(r1, 0x0, &(0x7f0000000100), 0x1000) (async)
accept4$phonet_pipe(r1, 0x0, &(0x7f0000000100), 0x1000)

06:27:41 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xebffffff, 0x4100)

06:27:41 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
connect$nfc_raw(0xffffffffffffffff, &(0x7f0000000000)={0x27, 0x0, 0x0, 0x4}, 0x10) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:41 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x97ffffff)

06:27:41 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4)

06:27:41 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xebffffff)

06:27:41 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xffffff7f, 0x4100)

06:27:41 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000100), &(0x7f0000000200)=0x10, 0x800)
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x26201, 0x0)
r1 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000180), 0x301000, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000080)={<r2=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f00000000c0)={r2})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000140)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x0, {0xa, 0x4e21, 0x855, @remote, 0x10001}}}, 0x38)

06:27:41 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:41 executing program 2:
socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_ERRQUEUE(0xffffffffffffffff, 0x6b, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4)

06:27:41 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xffffffeb, 0x4100)

06:27:41 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x100000000000)

06:27:41 executing program 2:
socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_ERRQUEUE(0xffffffffffffffff, 0x6b, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4)

06:27:41 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xfdffffff)

06:27:41 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x1000000000000, 0x4100)

06:27:41 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:41 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000100), &(0x7f0000000200)=0x10, 0x800) (async)
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x26201, 0x0)
r1 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000180), 0x301000, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000080)={<r2=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f00000000c0)={r2}) (async)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000140)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x0, {0xa, 0x4e21, 0x855, @remote, 0x10001}}}, 0x38)

06:27:41 executing program 2:
socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_ERRQUEUE(0xffffffffffffffff, 0x6b, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4)

06:27:41 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x20000000000000, 0x4100)

06:27:41 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xffff1f00)

06:27:41 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1000000000000)

06:27:41 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:41 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, 0x0, &(0x7f0000000080))

06:27:42 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x100000000000000, 0x4100)

06:27:42 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000100), &(0x7f0000000200)=0x10, 0x800)
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x26201, 0x0) (async)
r1 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000180), 0x301000, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, &(0x7f0000000080)={<r2=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r0, 0xc01064c1, &(0x7f00000000c0)={r2})
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000140)={0x10, 0x30, 0xfa00, {&(0x7f00000001c0), 0x0, {0xa, 0x4e21, 0x855, @remote, 0x10001}}}, 0x38)

06:27:42 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, 0x0, &(0x7f0000000080))

06:27:42 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xffffff7f)

06:27:42 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x100000000000000)

06:27:42 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000000)=0x1)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={0xffffffffffffffff}, 0x4)

06:27:42 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x200000000000000, 0x4100)

06:27:42 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, 0x0, &(0x7f0000000080))

06:27:42 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {&(0x7f0000000000)=""/3, 0x3, &(0x7f0000000080)=""/153, 0x2, 0x1}}, 0x48)

06:27:42 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x108000000000000)

06:27:42 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xffffff97)

06:27:42 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x300000000000000, 0x4100)

06:27:42 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f0000000040), 0x0)

06:27:42 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x200000000000000)

06:27:42 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000000)=0x1)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={0xffffffffffffffff}, 0x4) (async)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={0xffffffffffffffff}, 0x4)

06:27:42 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {&(0x7f0000000000)=""/3, 0x3, &(0x7f0000000080)=""/153, 0x2, 0x1}}, 0x48)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {&(0x7f0000000000)=""/3, 0x3, &(0x7f0000000080)=""/153, 0x2, 0x1}}, 0x48) (async)

06:27:42 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x400000000000000, 0x4100)

06:27:42 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f0000000040), 0x0)

06:27:42 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xffffffeb)

06:27:42 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x300000000000000)

06:27:42 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x500000000000000, 0x4100)

06:27:42 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f0000000040), 0x0)

06:27:42 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x600000000000000, 0x4100)

06:27:42 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000000)=0x1) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={0xffffffffffffffff}, 0x4)

06:27:42 executing program 2:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$SO_J1939_ERRQUEUE(r0, 0x6b, 0x4, &(0x7f0000000040), 0x0)

06:27:42 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {&(0x7f0000000000)=""/3, 0x3, &(0x7f0000000080)=""/153, 0x2, 0x1}}, 0x48) (async)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {&(0x7f0000000000)=""/3, 0x3, &(0x7f0000000080)=""/153, 0x2, 0x1}}, 0x48)

06:27:42 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xfffffffd)

06:27:42 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x400000000000000)

06:27:42 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x300000000000000)

06:27:42 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x700000000000000, 0x4100)

06:27:42 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x800000000000000, 0x4100)

06:27:43 executing program 0:
r0 = openat$smackfs_logging(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$smackfs_logging(r0, &(0x7f00000000c0)=0x1, 0x14)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:43 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x900000000000000, 0x4100)

06:27:43 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
socket$isdn(0x22, 0x3, 0x22)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r1)
ioctl$SG_SCSI_RESET(r1, 0x2284, 0x0)

06:27:43 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1000000000)

06:27:43 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xa00000000000000, 0x4100)

06:27:43 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000000)=0x1)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={0xffffffffffffffff}, 0x4)

06:27:43 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x500000000000000)

06:27:43 executing program 0:
r0 = openat$smackfs_logging(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$smackfs_logging(r0, &(0x7f00000000c0)=0x1, 0x14) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:43 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xb00000000000000, 0x4100)

06:27:43 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xc00000000000000, 0x4100)

06:27:43 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
socket$isdn(0x22, 0x3, 0x22)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0) (async)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r1) (async)
ioctl$SG_SCSI_RESET(r1, 0x2284, 0x0)

06:27:43 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x100000000000)

06:27:43 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xd00000000000000, 0x4100)

06:27:43 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000000)=0x1)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={0xffffffffffffffff}, 0x4)

06:27:43 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x600000000000000)

06:27:43 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
socket$isdn(0x22, 0x3, 0x22) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0) (async)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r1) (async)
ioctl$SG_SCSI_RESET(r1, 0x2284, 0x0)

06:27:43 executing program 0:
r0 = openat$smackfs_logging(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$smackfs_logging(r0, &(0x7f00000000c0)=0x1, 0x14)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
openat$smackfs_logging(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
write$smackfs_logging(r0, &(0x7f00000000c0)=0x1, 0x14) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x40980, 0x0) (async)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)

06:27:43 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xe00000000000000, 0x4100)

06:27:43 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1000000000000)

06:27:43 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000000)=0x1)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={0xffffffffffffffff}, 0x4)

06:27:43 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x1000000000000000, 0x4100)

06:27:43 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x100000000000000)

06:27:43 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x1100000000000000, 0x4100)

06:27:43 executing program 0:
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:43 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

06:27:43 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x700000000000000)

06:27:43 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000000)=0x1)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={0xffffffffffffffff}, 0x4)

06:27:44 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x108000000000000)

06:27:44 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x1200000000000000, 0x4100)

06:27:44 executing program 0:
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:44 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x800000000000000)

06:27:44 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x200000000000000)

06:27:44 executing program 0:
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:44 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x1800000000000000, 0x4100)

06:27:44 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)

06:27:44 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x2000000000000000, 0x4100)

06:27:44 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={0xffffffffffffffff}, 0x4)

06:27:44 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x2}}, 0x48)

06:27:44 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x2500000000000000, 0x4100)

06:27:44 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x900000000000000)

06:27:44 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0)

06:27:44 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x300000000000000)

06:27:44 executing program 2:
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000000c0)={0xffffffffffffffff}, 0x4)

06:27:44 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x3f00000000000000, 0x4100)

06:27:44 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x4100000000000000, 0x4100)

06:27:44 executing program 2:
bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0)

06:27:44 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x2}}, 0x48)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x2}}, 0x48) (async)

06:27:44 executing program 2:
bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0)

06:27:44 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000000)={0x13}, 0x4)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
ioctl$MON_IOCQ_URB_LEN(r2, 0x9201)
getsockname$llc(r1, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000140)=0x10)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$IMHOLD_L1(r1, 0x80044948, &(0x7f0000000080)=0x3)

06:27:44 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xa00000000000000)

06:27:44 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x5c00000000000000, 0x4100)

06:27:44 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x400000000000000)

06:27:44 executing program 2:
bpf$BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x0)

06:27:44 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xebffffff00000000, 0x4100)

06:27:44 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000000)={0x13}, 0x4)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
ioctl$MON_IOCQ_URB_LEN(r2, 0x9201)
getsockname$llc(r1, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000140)=0x10)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$IMHOLD_L1(r1, 0x80044948, &(0x7f0000000080)=0x3)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000000)={0x13}, 0x4) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
ioctl$MON_IOCQ_URB_LEN(r2, 0x9201) (async)
getsockname$llc(r1, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000140)=0x10) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$IMHOLD_L1(r1, 0x80044948, &(0x7f0000000080)=0x3) (async)

06:27:44 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xb00000000000000)

06:27:44 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xffffff7f00000000, 0x4100)

06:27:44 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xa00000000000000)

06:27:45 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x2}}, 0x48)

06:27:45 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0xffffffff00000000, 0x4100)

06:27:45 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x500000000000000)

06:27:45 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xc00000000000000)

06:27:45 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4102)

06:27:45 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000000)={0x13}, 0x4)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
ioctl$MON_IOCQ_URB_LEN(r2, 0x9201) (async)
getsockname$llc(r1, &(0x7f00000000c0)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000000140)=0x10)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$IMHOLD_L1(r1, 0x80044948, &(0x7f0000000080)=0x3)

06:27:45 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x700000000000000)

06:27:45 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x0, {&(0x7f00000001c0)=""/246, 0xf6, &(0x7f0000000080)=""/79, 0x1, 0x2}}, 0x48)

06:27:45 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4103)

06:27:45 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4104)

06:27:45 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x600000000000000)

06:27:45 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xd00000000000000)

06:27:45 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4105)

06:27:45 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r1, 0xc01064ab, &(0x7f0000000140)={0x2aca, 0x8, 0x7})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, <r2=>0xffffffffffffffff})
r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000000c0), 0x120c1, 0x0)
ioctl$DRM_IOCTL_MARK_BUFS(r3, 0x40206417, &(0x7f0000000100)={0x7fff, 0x1, 0x10001, 0x7ff, 0x8, 0x6})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000080)={0x0, 0x0, r2})

06:27:45 executing program 2:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4102)

06:27:45 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x700000000000000)

06:27:45 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x0, {&(0x7f00000001c0)=""/246, 0xf6, &(0x7f0000000080)=""/79, 0x1, 0x2}}, 0x48)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x0, {&(0x7f00000001c0)=""/246, 0xf6, &(0x7f0000000080)=""/79, 0x1, 0x2}}, 0x48) (async)

06:27:45 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xe00000000000000)

06:27:45 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4106)

06:27:45 executing program 2:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4102)

06:27:45 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r1, 0xc01064ab, &(0x7f0000000140)={0x2aca, 0x8, 0x7})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, <r2=>0xffffffffffffffff}) (async)
r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000000c0), 0x120c1, 0x0)
ioctl$DRM_IOCTL_MARK_BUFS(r3, 0x40206417, &(0x7f0000000100)={0x7fff, 0x1, 0x10001, 0x7ff, 0x8, 0x6}) (async)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000080)={0x0, 0x0, r2})

06:27:45 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4107)

06:27:45 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x800000000000000)

06:27:45 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4108)

06:27:45 executing program 2:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4102)

06:27:45 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x0, {&(0x7f00000001c0)=""/246, 0xf6, &(0x7f0000000080)=""/79, 0x1, 0x2}}, 0x48)

06:27:46 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1000000000000000)

06:27:46 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4109)

06:27:46 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x900000000000000)

06:27:46 executing program 2:
syz_open_dev$usbmon(0x0, 0x0, 0x4102)

06:27:46 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r1, 0xc01064ab, &(0x7f0000000140)={0x2aca, 0x8, 0x7}) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, <r2=>0xffffffffffffffff}) (async)
r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000000c0), 0x120c1, 0x0)
ioctl$DRM_IOCTL_MARK_BUFS(r3, 0x40206417, &(0x7f0000000100)={0x7fff, 0x1, 0x10001, 0x7ff, 0x8, 0x6}) (async)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r1, 0xc00c642e, &(0x7f0000000080)={0x0, 0x0, r2})

06:27:46 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x410a)

06:27:46 executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)={0x0, 0x1, r0})
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0xa0080, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(r2, 0x3b88, &(0x7f0000000080)={0xc})

06:27:46 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x410b)

06:27:46 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1100000000000000)

06:27:46 executing program 2:
syz_open_dev$usbmon(0x0, 0x0, 0x4102)

06:27:46 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f00000000c0)={&(0x7f0000000080), 0x0, 0x50})
write$vhost_msg_v2(r1, &(0x7f0000000280)={0x2, 0x0, {&(0x7f0000000100)=""/178, 0xb2, &(0x7f00000001c0)=""/153, 0x1, 0x2}}, 0x48)

06:27:46 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xa00000000000000)

06:27:46 executing program 2:
syz_open_dev$usbmon(0x0, 0x0, 0x4102)

06:27:46 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x410c)

06:27:46 executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)={0x0, 0x1, r0})
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0xa0080, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(r2, 0x3b88, &(0x7f0000000080)={0xc})

06:27:46 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1200000000000000)

06:27:46 executing program 2:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x0)

06:27:46 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f00000000c0)={&(0x7f0000000080), 0x0, 0x50})
write$vhost_msg_v2(r1, &(0x7f0000000280)={0x2, 0x0, {&(0x7f0000000100)=""/178, 0xb2, &(0x7f00000001c0)=""/153, 0x1, 0x2}}, 0x48)

06:27:46 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x410d)

06:27:46 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xb00000000000000)

06:27:46 executing program 2:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x0)

06:27:46 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1800000000000000)

06:27:46 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x410e)

06:27:46 executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)={0x0, 0x1, r0})
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0xa0080, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(r2, 0x3b88, &(0x7f0000000080)={0xc})
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)={0x0, 0x1, r0}) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0xa0080, 0x0) (async)
ioctl$IOMMU_VFIO_IOAS$GET(r2, 0x3b88, &(0x7f0000000080)={0xc}) (async)

06:27:46 executing program 2:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x0)

06:27:46 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
ioctl$MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f00000000c0)={&(0x7f0000000080), 0x0, 0x50}) (async)
write$vhost_msg_v2(r1, &(0x7f0000000280)={0x2, 0x0, {&(0x7f0000000100)=""/178, 0xb2, &(0x7f00000001c0)=""/153, 0x1, 0x2}}, 0x48)

06:27:46 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xc00000000000000)

06:27:46 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4110)

06:27:46 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x2000000000000000)

06:27:46 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x313002, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept$phonet_pipe(r1, &(0x7f00000000c0), &(0x7f00000001c0)=0x10)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000), 0x111, 0x2}}, 0x20)

06:27:46 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4111)

06:27:47 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4)
write$vhost_msg(r0, 0x0, 0x0)

06:27:47 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4112)

06:27:47 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xd00000000000000)

06:27:47 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xc00000000000000)

06:27:47 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x2112000000000000)

06:27:47 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x313002, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept$phonet_pipe(r1, &(0x7f00000000c0), &(0x7f00000001c0)=0x10)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000), 0x111, 0x2}}, 0x20)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x313002, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
accept$phonet_pipe(r1, &(0x7f00000000c0), &(0x7f00000001c0)=0x10) (async)
socket$phonet_pipe(0x23, 0x5, 0x2) (async)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000), 0x111, 0x2}}, 0x20) (async)

06:27:47 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x2500000000000000)

06:27:47 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4118)

06:27:47 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4) (async)
write$vhost_msg(r0, 0x0, 0x0)

06:27:47 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4125)

06:27:47 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x313002, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept$phonet_pipe(r1, &(0x7f00000000c0), &(0x7f00000001c0)=0x10)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000), 0x111, 0x2}}, 0x20)

06:27:47 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xe00000000000000)

06:27:47 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4141)

06:27:47 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x415c)

06:27:47 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x313002, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept$phonet_pipe(r1, &(0x7f00000000c0), &(0x7f00000001c0)=0x10)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000), 0x111, 0x2}}, 0x20)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x313002, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
accept$phonet_pipe(r1, &(0x7f00000000c0), &(0x7f00000001c0)=0x10) (async)
socket$phonet_pipe(0x23, 0x5, 0x2) (async)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000), 0x111, 0x2}}, 0x20) (async)

06:27:47 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x3d11000000000000)

06:27:47 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4) (async)
write$vhost_msg(r0, 0x0, 0x0)

06:27:47 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x313002, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept$phonet_pipe(r1, &(0x7f00000000c0), &(0x7f00000001c0)=0x10)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000), 0x111, 0x2}}, 0x20)

06:27:47 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x5e00)

06:27:47 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1000000000000000)

06:27:47 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x3f00000000000000)

06:27:47 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x2}}, 0x48)

06:27:47 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(0xffffffffffffffff, 0x0, 0x0)

06:27:47 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000000c0)={0x4, <r1=>0x0}, 0x8)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000140)=0x1d)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100)=r1, 0x4)
accept$phonet_pipe(r0, &(0x7f0000000040), &(0x7f0000000080)=0x10)

06:27:47 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x313002, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept$phonet_pipe(r1, &(0x7f00000000c0), &(0x7f00000001c0)=0x10)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000000), 0x111, 0x2}}, 0x20)

06:27:47 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000000c0)={0x4, <r1=>0x0}, 0x8)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000140)=0x1d) (async)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000140)=0x1d)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100)=r1, 0x4)
accept$phonet_pipe(r0, &(0x7f0000000040), &(0x7f0000000080)=0x10)

06:27:47 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1100000000000000)

06:27:48 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x2}}, 0x48)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x2}}, 0x48) (async)

06:27:48 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
write$vhost_msg(0xffffffffffffffff, 0x0, 0x0)

06:27:48 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4000000000000000)

06:27:48 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000000c0)={0x4, <r1=>0x0}, 0x8)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000140)=0x1d)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100)=r1, 0x4)
accept$phonet_pipe(r0, &(0x7f0000000040), &(0x7f0000000080)=0x10)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000000c0)={0x4}, 0x8) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000140)=0x1d) (async)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000100)=r1, 0x4) (async)
accept$phonet_pipe(r0, &(0x7f0000000040), &(0x7f0000000080)=0x10) (async)

06:27:48 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x313002, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept$phonet_pipe(r1, &(0x7f00000000c0), &(0x7f00000001c0)=0x10)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)

06:27:48 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(0xffffffffffffffff, 0x0, 0x0)

06:27:48 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1200000000000000)

06:27:48 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000000c0)={'gre0\x00', &(0x7f0000000040)={'sit0\x00', 0x0, 0x0, 0x80, 0xec4, 0x967b, {{0x13, 0x4, 0x3, 0x15, 0x4c, 0x65, 0x0, 0x0, 0x4, 0x0, @rand_addr=0x64010100, @broadcast, {[@generic={0x86, 0x7, "0a717854d1"}, @noop, @timestamp={0x44, 0xc, 0xc0, 0x0, 0x2, [0x4, 0x101]}, @lsrr={0x83, 0x23, 0xdd, [@local, @broadcast, @multicast1, @loopback, @empty, @broadcast, @loopback, @local]}]}}}}})
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4)

06:27:48 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000000c0)={'gre0\x00', &(0x7f0000000040)={'sit0\x00', 0x0, 0x0, 0x80, 0xec4, 0x967b, {{0x13, 0x4, 0x3, 0x15, 0x4c, 0x65, 0x0, 0x0, 0x4, 0x0, @rand_addr=0x64010100, @broadcast, {[@generic={0x86, 0x7, "0a717854d1"}, @noop, @timestamp={0x44, 0xc, 0xc0, 0x0, 0x2, [0x4, 0x101]}, @lsrr={0x83, 0x23, 0xdd, [@local, @broadcast, @multicast1, @loopback, @empty, @broadcast, @loopback, @local]}]}}}}}) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4)

06:27:48 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4800000000000000)

06:27:48 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x2}}, 0x48) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x2}}, 0x48)

06:27:48 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000000c0)={'gre0\x00', &(0x7f0000000040)={'sit0\x00', 0x0, 0x0, 0x80, 0xec4, 0x967b, {{0x13, 0x4, 0x3, 0x15, 0x4c, 0x65, 0x0, 0x0, 0x4, 0x0, @rand_addr=0x64010100, @broadcast, {[@generic={0x86, 0x7, "0a717854d1"}, @noop, @timestamp={0x44, 0xc, 0xc0, 0x0, 0x2, [0x4, 0x101]}, @lsrr={0x83, 0x23, 0xdd, [@local, @broadcast, @multicast1, @loopback, @empty, @broadcast, @loopback, @local]}]}}}}})
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f00000000c0)={'gre0\x00', &(0x7f0000000040)={'sit0\x00', 0x0, 0x0, 0x80, 0xec4, 0x967b, {{0x13, 0x4, 0x3, 0x15, 0x4c, 0x65, 0x0, 0x0, 0x4, 0x0, @rand_addr=0x64010100, @broadcast, {[@generic={0x86, 0x7, "0a717854d1"}, @noop, @timestamp={0x44, 0xc, 0xc0, 0x0, 0x2, [0x4, 0x101]}, @lsrr={0x83, 0x23, 0xdd, [@local, @broadcast, @multicast1, @loopback, @empty, @broadcast, @loopback, @local]}]}}}}}) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4) (async)

06:27:48 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x313002, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept$phonet_pipe(r1, &(0x7f00000000c0), &(0x7f00000001c0)=0x10)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)

06:27:48 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000380), 0x1, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)={<r2=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[0x0, 0x0, r2, 0x0], &(0x7f0000000140)=[0x72c77f4b, 0x9, 0x1, 0x0], 0x4, 0x1})
r3 = landlock_create_ruleset(&(0x7f0000000000)={0x300}, 0x8, 0x0)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r4, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)=ANY=[@ANYBLOB="100000f700"/16], 0x10}}, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r3, 0x1, &(0x7f0000000080)={0x1, r4}, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000300)={0x10, 0x30, 0xfa00, {&(0x7f00000002c0)={<r5=>0xffffffffffffffff}, 0x4, {0xa, 0x4e23, 0x3f, @remote, 0x101}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000340)={0x11, 0x10, 0xfa00, {&(0x7f0000000280), r5}}, 0x18)
write$vhost_msg(r0, 0x0, 0x0)
r6 = landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR2(r4, 0xc02464bb, &(0x7f0000000200)={0x5, 0xc9c8, 0x8, 0x0, 0x3ff, 0x2, 0x5, 0x323, 0x101})
landlock_restrict_self(r6, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r6, 0x1, &(0x7f00000001c0)={0x401, r0}, 0x0)

06:27:48 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x4100)

06:27:48 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x1800000000000000)

06:27:48 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000080))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_JOIN_OCB(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x38, 0x0, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0xffff, 0x1a}}}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040000}, 0x815)

06:27:48 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4b11000000000000)

06:27:48 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x4100)
syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x4100) (async)

06:27:48 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x313002, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept$phonet_pipe(r1, &(0x7f00000000c0), &(0x7f00000001c0)=0x10)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4)

06:27:48 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x4100)

06:27:48 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000380), 0x1, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)={<r2=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[0x0, 0x0, r2, 0x0], &(0x7f0000000140)=[0x72c77f4b, 0x9, 0x1, 0x0], 0x4, 0x1})
r3 = landlock_create_ruleset(&(0x7f0000000000)={0x300}, 0x8, 0x0)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r4, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)=ANY=[@ANYBLOB="100000f700"/16], 0x10}}, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r3, 0x1, &(0x7f0000000080)={0x1, r4}, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000300)={0x10, 0x30, 0xfa00, {&(0x7f00000002c0)={<r5=>0xffffffffffffffff}, 0x4, {0xa, 0x4e23, 0x3f, @remote, 0x101}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000340)={0x11, 0x10, 0xfa00, {&(0x7f0000000280), r5}}, 0x18)
write$vhost_msg(r0, 0x0, 0x0)
r6 = landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR2(r4, 0xc02464bb, &(0x7f0000000200)={0x5, 0xc9c8, 0x8, 0x0, 0x3ff, 0x2, 0x5, 0x323, 0x101})
landlock_restrict_self(r6, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r6, 0x1, &(0x7f00000001c0)={0x401, r0}, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000380), 0x1, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)) (async)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[0x0, 0x0, r2, 0x0], &(0x7f0000000140)=[0x72c77f4b, 0x9, 0x1, 0x0], 0x4, 0x1}) (async)
landlock_create_ruleset(&(0x7f0000000000)={0x300}, 0x8, 0x0) (async)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
sendmsg$RDMA_NLDEV_CMD_SET(r4, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)=ANY=[@ANYBLOB="100000f700"/16], 0x10}}, 0x0) (async)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r3, 0x1, &(0x7f0000000080)={0x1, r4}, 0x0) (async)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000300)={0x10, 0x30, 0xfa00, {&(0x7f00000002c0), 0x4, {0xa, 0x4e23, 0x3f, @remote, 0x101}}}, 0x38) (async)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000340)={0x11, 0x10, 0xfa00, {&(0x7f0000000280), r5}}, 0x18) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0) (async)
ioctl$DRM_IOCTL_MODE_CURSOR2(r4, 0xc02464bb, &(0x7f0000000200)={0x5, 0xc9c8, 0x8, 0x0, 0x3ff, 0x2, 0x5, 0x323, 0x101}) (async)
landlock_restrict_self(r6, 0x0) (async)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r6, 0x1, &(0x7f00000001c0)={0x401, r0}, 0x0) (async)

06:27:48 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x2000000000000000)

06:27:48 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async, rerun: 32)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000)) (rerun: 32)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000080)) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_JOIN_OCB(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x38, 0x0, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0xffff, 0x1a}}}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040000}, 0x815)

06:27:49 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x313002, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept$phonet_pipe(r1, &(0x7f00000000c0), &(0x7f00000001c0)=0x10)
getsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4)

06:27:49 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4c00000000000000)

06:27:49 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x2, 0x4100)

06:27:49 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000)) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000080)) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_JOIN_OCB(r1, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x38, 0x0, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8}, @val={0xc, 0x99, {0xffff, 0x1a}}}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8}]}, 0x38}, 0x1, 0x0, 0x0, 0x4040000}, 0x815)

06:27:49 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000380), 0x1, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)={<r2=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r1, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[0x0, 0x0, r2, 0x0], &(0x7f0000000140)=[0x72c77f4b, 0x9, 0x1, 0x0], 0x4, 0x1})
r3 = landlock_create_ruleset(&(0x7f0000000000)={0x300}, 0x8, 0x0)
r4 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r4, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)=ANY=[@ANYBLOB="100000f700"/16], 0x10}}, 0x0) (async)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r3, 0x1, &(0x7f0000000080)={0x1, r4}, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000300)={0x10, 0x30, 0xfa00, {&(0x7f00000002c0)={<r5=>0xffffffffffffffff}, 0x4, {0xa, 0x4e23, 0x3f, @remote, 0x101}}}, 0x38)
write$RDMA_USER_CM_CMD_LEAVE_MCAST(r1, &(0x7f0000000340)={0x11, 0x10, 0xfa00, {&(0x7f0000000280), r5}}, 0x18) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
r6 = landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR2(r4, 0xc02464bb, &(0x7f0000000200)={0x5, 0xc9c8, 0x8, 0x0, 0x3ff, 0x2, 0x5, 0x323, 0x101}) (async)
landlock_restrict_self(r6, 0x0) (async)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r6, 0x1, &(0x7f00000001c0)={0x401, r0}, 0x0)

06:27:49 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x2112000000000000)

06:27:49 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x2, 0x4100)

06:27:49 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x313002, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept$phonet_pipe(r1, &(0x7f00000000c0), &(0x7f00000001c0)=0x10)
getsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4)

06:27:49 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x204400, 0x0)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x58, 0x1404, 0x1, 0x70bd28, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x8800}, 0x4020000)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x4}}, 0xfffffe29)

06:27:49 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x5c00000000000000)

06:27:49 executing program 5:
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, 0x0)
ioctl$PTP_PIN_SETFUNC2(0xffffffffffffffff, 0x40603d10, &(0x7f0000000080)={'\x00', 0xfffff69b, 0x2, 0xfffffffd})
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'})

06:27:49 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x2500000000000000)

06:27:49 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x2, 0x4100)
syz_open_dev$usbmon(&(0x7f0000000000), 0x2, 0x4100) (async)

06:27:49 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x313002, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept$phonet_pipe(r1, &(0x7f00000000c0), &(0x7f00000001c0)=0x10)
getsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4)

06:27:49 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00', 0x0, 0x18}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000000c0))

06:27:49 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x6000000000000000)

06:27:49 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x204400, 0x0)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x58, 0x1404, 0x1, 0x70bd28, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x8800}, 0x4020000)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x4}}, 0xfffffe29)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x204400, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x58, 0x1404, 0x1, 0x70bd28, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x8800}, 0x4020000) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x4}}, 0xfffffe29) (async)

06:27:49 executing program 5:
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, 0x0) (async)
ioctl$PTP_PIN_SETFUNC2(0xffffffffffffffff, 0x40603d10, &(0x7f0000000080)={'\x00', 0xfffff69b, 0x2, 0xfffffffd}) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'})

06:27:49 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00', 0x0, 0x18}, 0x10) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000000c0))

06:27:49 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x3d11000000000000)

06:27:49 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x313002, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4)

06:27:49 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00', 0x0, 0x18}, 0x10) (async)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00', 0x0, 0x18}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000000c0))

06:27:49 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x6800000000000000)

06:27:49 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x204400, 0x0)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x58, 0x1404, 0x1, 0x70bd28, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x58}, 0x1, 0x0, 0x0, 0x8800}, 0x4020000)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x4}}, 0xfffffe29)

06:27:49 executing program 5:
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, 0x0) (async, rerun: 64)
ioctl$PTP_PIN_SETFUNC2(0xffffffffffffffff, 0x40603d10, &(0x7f0000000080)={'\x00', 0xfffff69b, 0x2, 0xfffffffd}) (async, rerun: 64)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'})

06:27:50 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x3f00000000000000)

06:27:50 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x313002, 0x0)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r1, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4)

06:27:50 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x5, 0x60d00)
ioctl$SG_GET_COMMAND_Q(r0, 0x2270, &(0x7f0000000080))
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

06:27:50 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x5, 0x60d00)
ioctl$SG_GET_COMMAND_Q(r0, 0x2270, &(0x7f0000000080))
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
syz_open_dev$sg(&(0x7f0000000040), 0x5, 0x60d00) (async)
ioctl$SG_GET_COMMAND_Q(r0, 0x2270, &(0x7f0000000080)) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)

06:27:50 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4000000000000000)

06:27:50 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x6c00000000000000)

06:27:50 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0))
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:50 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x1000000000000})

06:27:50 executing program 4:
r0 = syz_open_dev$sg(&(0x7f0000000040), 0x5, 0x60d00)
ioctl$SG_GET_COMMAND_Q(r0, 0x2270, &(0x7f0000000080)) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

06:27:50 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r1, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4)

06:27:50 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x8, 0x410803)

06:27:50 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4100000000000000)

06:27:50 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x7400000000000000)

06:27:50 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0))
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10) (async)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:50 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x8, 0x410803)

06:27:50 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x1000000000000})

06:27:50 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x8, 0x410803)

06:27:50 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4)

06:27:50 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4800000000000000)

06:27:50 executing program 4:
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000, <r0=>0xffffffffffffffff})
openat$zero(0xffffffffffffff9c, &(0x7f0000001440), 0x10000, 0x0)
ioctl$DRM_IOCTL_MAP_BUFS(r0, 0xc0186419, &(0x7f0000001400)={0x0, &(0x7f0000000080)=""/43, &(0x7f0000001380)})

06:27:50 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x7a00000000000000)

06:27:50 executing program 2:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4)

06:27:50 executing program 2:
socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4)

06:27:50 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async, rerun: 64)
ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x1000000000000}) (rerun: 64)

06:27:50 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0))
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)) (async)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)

06:27:50 executing program 2:
socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4)

06:27:50 executing program 4:
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000, <r0=>0xffffffffffffffff})
openat$zero(0xffffffffffffff9c, &(0x7f0000001440), 0x10000, 0x0)
ioctl$DRM_IOCTL_MAP_BUFS(r0, 0xc0186419, &(0x7f0000001400)={0x0, &(0x7f0000000080)=""/43, &(0x7f0000001380)})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000}) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000001440), 0x10000, 0x0) (async)
ioctl$DRM_IOCTL_MAP_BUFS(r0, 0xc0186419, &(0x7f0000001400)={0x0, &(0x7f0000000080)=""/43, &(0x7f0000001380)}) (async)

06:27:50 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4b11000000000000)

06:27:50 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x97ffffff00000000)

06:27:51 executing program 2:
socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000200), &(0x7f0000000080)=0x4)

06:27:51 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f00000000c0)={&(0x7f0000000080)=[0xffffff7f, 0x4, 0xff, 0x8ee, 0x6, 0x0, 0x4e, 0xe0, 0x0], 0x9, 0x63, 0x87d, 0x6, 0x20, 0x6, 0x5137, {0xff, 0x9, 0x4, 0x0, 0x5, 0x8001, 0x2, 0x7f, 0x1, 0x7, 0x14, 0x20, 0x5, 0x0, "686056b0c9f51695fe28856863f752fff4812bfb88686a509ac157de42ecc7cd"}})
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:51 executing program 4:
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000040)={0x0, 0x80000, <r0=>0xffffffffffffffff})
openat$zero(0xffffffffffffff9c, &(0x7f0000001440), 0x10000, 0x0) (async)
ioctl$DRM_IOCTL_MAP_BUFS(r0, 0xc0186419, &(0x7f0000001400)={0x0, &(0x7f0000000080)=""/43, &(0x7f0000001380)})

06:27:51 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x8, 0x80080)
ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r1, 0x0, 0x0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg_v2(r2, &(0x7f00000001c0)={0x2, 0x0, {&(0x7f0000000080)=""/185, 0xb9, &(0x7f0000000140)=""/62, 0x2, 0x2}}, 0x48)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000380), 0x82000, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f00000003c0)={0x1, r3})
syz_open_dev$usbmon(&(0x7f0000000440), 0x2, 0x400)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f0000000340)={&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000240)=""/199, 0xc7})

06:27:51 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4c00000000000000)

06:27:51 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xebffffff00000000)

06:27:51 executing program 2:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, 0x0, &(0x7f0000000080))

06:27:51 executing program 2:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, 0x0, &(0x7f0000000080))

06:27:51 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x84100)

06:27:51 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f00000000c0)={&(0x7f0000000080)=[0xffffff7f, 0x4, 0xff, 0x8ee, 0x6, 0x0, 0x4e, 0xe0, 0x0], 0x9, 0x63, 0x87d, 0x6, 0x20, 0x6, 0x5137, {0xff, 0x9, 0x4, 0x0, 0x5, 0x8001, 0x2, 0x7f, 0x1, 0x7, 0x14, 0x20, 0x5, 0x0, "686056b0c9f51695fe28856863f752fff4812bfb88686a509ac157de42ecc7cd"}})
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:51 executing program 2:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, 0x0, &(0x7f0000000080))

06:27:51 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xfdffffff00000000)

06:27:51 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x5c00000000000000)

06:27:51 executing program 5:
syz_open_dev$sg(&(0x7f0000000400), 0x8, 0x80080) (async)
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x8, 0x80080)
ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r1, 0x0, 0x0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg_v2(r2, &(0x7f00000001c0)={0x2, 0x0, {&(0x7f0000000080)=""/185, 0xb9, &(0x7f0000000140)=""/62, 0x2, 0x2}}, 0x48) (async)
write$vhost_msg_v2(r2, &(0x7f00000001c0)={0x2, 0x0, {&(0x7f0000000080)=""/185, 0xb9, &(0x7f0000000140)=""/62, 0x2, 0x2}}, 0x48)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000380), 0x82000, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f00000003c0)={0x1, r3})
syz_open_dev$usbmon(&(0x7f0000000440), 0x2, 0x400)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f0000000340)={&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000240)=""/199, 0xc7}) (async)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f0000000340)={&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000240)=""/199, 0xc7})

06:27:51 executing program 2:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000200), 0x0)

06:27:51 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x84100)

06:27:51 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xffff1f0000000000)

06:27:51 executing program 2:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000200), 0x0)

06:27:51 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x84100)

06:27:51 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x6000000000000000)

06:27:51 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xffffff7f00000000)

06:27:51 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000000)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f00000000c0)={&(0x7f0000000080)=[0xffffff7f, 0x4, 0xff, 0x8ee, 0x6, 0x0, 0x4e, 0xe0, 0x0], 0x9, 0x63, 0x87d, 0x6, 0x20, 0x6, 0x5137, {0xff, 0x9, 0x4, 0x0, 0x5, 0x8001, 0x2, 0x7f, 0x1, 0x7, 0x14, 0x20, 0x5, 0x0, "686056b0c9f51695fe28856863f752fff4812bfb88686a509ac157de42ecc7cd"}})
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:51 executing program 5:
r0 = syz_open_dev$sg(&(0x7f0000000400), 0x8, 0x80080)
ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0) (async)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r1, 0x0, 0x0)
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg_v2(r2, &(0x7f00000001c0)={0x2, 0x0, {&(0x7f0000000080)=""/185, 0xb9, &(0x7f0000000140)=""/62, 0x2, 0x2}}, 0x48)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000380), 0x82000, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f00000003c0)={0x1, r3})
syz_open_dev$usbmon(&(0x7f0000000440), 0x2, 0x400)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f0000000340)={&(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000240)=""/199, 0xc7})

06:27:51 executing program 2:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000200), 0x0)

06:27:51 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x6800000000000000)

06:27:51 executing program 4:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x106005}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, 0x1407, 0x20, 0x70bd29, 0x25dfdbfb, "", [@RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r0}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz2\x00'}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x45}, 0x20000000)
r2 = landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0)
landlock_restrict_self(r2, 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r3, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)=ANY=[@ANYBLOB='\x00'/16], 0x10}}, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f0000000140)={0x2400, r3}, 0x0)
r4 = accept$ax25(r0, &(0x7f0000000180)={{0x3, @netrom}, [@bcast, @remote, @remote, @remote, @null, @remote, @default, @bcast]}, &(0x7f0000000200)=0x48)
ioctl$SIOCAX25CTLCON(r4, 0x89e8, &(0x7f0000000280)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, 0x2, 0x0, 0x1, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]})
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r5, 0xc00864bf, 0x0)
ioctl$MON_IOCH_MFLUSH(r5, 0x9208, 0x6)

06:27:52 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xffffffff00000000)

06:27:52 executing program 5:
ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, &(0x7f0000000000)={0x8, 0x80000001, 0x6})
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f00000000c0))
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000080))
arch_prctl$ARCH_SET_GS(0x1001, &(0x7f0000000100))
write$vhost_msg(r0, 0x0, 0x0)

06:27:52 executing program 4:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x106005}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, 0x1407, 0x20, 0x70bd29, 0x25dfdbfb, "", [@RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r0}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz2\x00'}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x45}, 0x20000000)
r2 = landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0)
landlock_restrict_self(r2, 0x0)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r3, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)=ANY=[@ANYBLOB='\x00'/16], 0x10}}, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f0000000140)={0x2400, r3}, 0x0)
r4 = accept$ax25(r0, &(0x7f0000000180)={{0x3, @netrom}, [@bcast, @remote, @remote, @remote, @null, @remote, @default, @bcast]}, &(0x7f0000000200)=0x48)
ioctl$SIOCAX25CTLCON(r4, 0x89e8, &(0x7f0000000280)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, 0x2, 0x0, 0x1, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]})
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r5, 0xc00864bf, 0x0)
ioctl$MON_IOCH_MFLUSH(r5, 0x9208, 0x6)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x106005}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, 0x1407, 0x20, 0x70bd29, 0x25dfdbfb, "", [@RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r0}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz2\x00'}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x45}, 0x20000000) (async)
landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0) (async)
landlock_restrict_self(r2, 0x0) (async)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
sendmsg$RDMA_NLDEV_CMD_SET(r3, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)=ANY=[@ANYBLOB='\x00'/16], 0x10}}, 0x0) (async)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f0000000140)={0x2400, r3}, 0x0) (async)
accept$ax25(r0, &(0x7f0000000180)={{0x3, @netrom}, [@bcast, @remote, @remote, @remote, @null, @remote, @default, @bcast]}, &(0x7f0000000200)=0x48) (async)
ioctl$SIOCAX25CTLCON(r4, 0x89e8, &(0x7f0000000280)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, 0x2, 0x0, 0x1, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r5, 0xc00864bf, 0x0) (async)
ioctl$MON_IOCH_MFLUSH(r5, 0x9208, 0x6) (async)

06:27:52 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x5c00000000000000)

06:27:52 executing program 0:
syz_open_dev$usbmon(&(0x7f0000000000), 0x80000000002e, 0x123b00)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
getsockopt$SO_J1939_PROMISC(r0, 0x6b, 0x2, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000140)={0x1, {0x0, 0xfffffe77, 0x0, 0x1, 0x1}}, 0x48)

06:27:52 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x6c00000000000000)

06:27:52 executing program 4:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x106005}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, 0x1407, 0x20, 0x70bd29, 0x25dfdbfb, "", [@RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r0}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz2\x00'}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5, 0x54, 0x1}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x45}, 0x20000000) (async, rerun: 64)
r2 = landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0) (rerun: 64)
landlock_restrict_self(r2, 0x0) (async, rerun: 64)
r3 = socket$nl_rdma(0x10, 0x3, 0x14) (rerun: 64)
sendmsg$RDMA_NLDEV_CMD_SET(r3, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)=ANY=[@ANYBLOB='\x00'/16], 0x10}}, 0x0) (async)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r2, 0x1, &(0x7f0000000140)={0x2400, r3}, 0x0)
r4 = accept$ax25(r0, &(0x7f0000000180)={{0x3, @netrom}, [@bcast, @remote, @remote, @remote, @null, @remote, @default, @bcast]}, &(0x7f0000000200)=0x48)
ioctl$SIOCAX25CTLCON(r4, 0x89e8, &(0x7f0000000280)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, 0x2, 0x0, 0x1, [@null, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null]}) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r5, 0xc00864bf, 0x0) (async)
ioctl$MON_IOCH_MFLUSH(r5, 0x9208, 0x6)

06:27:52 executing program 3:
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, 0x140b, 0x100, 0x70bd25, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x2}]}, 0x18}, 0x1, 0x0, 0x0, 0x4880}, 0x4040004)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:27:52 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x200080)
read$usbmon(r0, &(0x7f0000000080)=""/4096, 0x1000)

06:27:52 executing program 2:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000200), 0x0)

06:27:52 executing program 5:
ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, &(0x7f0000000000)={0x8, 0x80000001, 0x6})
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f00000000c0))
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000080))
arch_prctl$ARCH_SET_GS(0x1001, &(0x7f0000000100))
write$vhost_msg(r0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, &(0x7f0000000000)={0x8, 0x80000001, 0x6}) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f00000000c0)) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000080)) (async)
arch_prctl$ARCH_SET_GS(0x1001, &(0x7f0000000100)) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)

06:27:52 executing program 0:
syz_open_dev$usbmon(&(0x7f0000000000), 0x80000000002e, 0x123b00) (async)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0) (async)
getsockopt$SO_J1939_PROMISC(r0, 0x6b, 0x2, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000140)={0x1, {0x0, 0xfffffe77, 0x0, 0x1, 0x1}}, 0x48)

06:27:52 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x200080)
read$usbmon(r0, &(0x7f0000000080)=""/4096, 0x1000)

06:27:52 executing program 2:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000200), 0x0)

06:27:52 executing program 3:
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, 0x140b, 0x100, 0x70bd25, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x2}]}, 0x18}, 0x1, 0x0, 0x0, 0x4880}, 0x4040004)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:27:52 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x7400000000000000)

06:27:52 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x200080)
read$usbmon(r0, &(0x7f0000000080)=""/4096, 0x1000)
syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x200080) (async)
read$usbmon(r0, &(0x7f0000000080)=""/4096, 0x1000) (async)

06:27:52 executing program 2:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, &(0x7f0000000200), 0x0)

06:27:52 executing program 0:
syz_open_dev$usbmon(&(0x7f0000000000), 0x80000000002e, 0x123b00)
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
getsockopt$SO_J1939_PROMISC(r0, 0x6b, 0x2, &(0x7f0000000080), &(0x7f00000000c0)=0x4) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000140)={0x1, {0x0, 0xfffffe77, 0x0, 0x1, 0x1}}, 0x48)

06:27:52 executing program 2:
getsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000200), 0x0)

06:27:52 executing program 5:
ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, &(0x7f0000000000)={0x8, 0x80000001, 0x6})
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f00000000c0)) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000080))
arch_prctl$ARCH_SET_GS(0x1001, &(0x7f0000000100)) (async)
write$vhost_msg(r0, 0x0, 0x0)

06:27:52 executing program 4:
r0 = accept4$ax25(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x800)
accept$ax25(r0, 0x0, &(0x7f0000000080))
r1 = accept4$ax25(r0, &(0x7f00000000c0)={{}, [@bcast, @bcast, @remote, @remote, @null, @remote, @null]}, &(0x7f0000000140)=0x48, 0x80000)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000300)={&(0x7f00000001c0), 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x88, 0x1403, 0x100, 0x70bd2a, 0x25dfdbfd, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'team0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ip6erspan0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'vcan0\x00'}}]}, 0x88}, 0x1, 0x0, 0x0, 0x40004}, 0x40)
r3 = msgget$private(0x0, 0x490)
r4 = getuid()
getresuid(&(0x7f0000001280)=<r5=>0x0, &(0x7f00000012c0), &(0x7f0000001300)=<r6=>0x0)
msgctl$IPC_SET(r3, 0x1, &(0x7f0000001340)={{0x1, r4, 0xffffffffffffffff, r5, 0xffffffffffffffff, 0x20, 0x5}, 0x0, 0x0, 0x5, 0x2, 0xffffffffffffffff, 0x100000000, 0xfb8, 0x5, 0x8000, 0x5, 0xffffffffffffffff, 0xffffffffffffffff})
r7 = getegid()
msgctl$IPC_SET(r3, 0x1, &(0x7f0000002500)={{0x2, r4, r7, r6, 0xffffffffffffffff, 0x1, 0x3f}, 0x0, 0x0, 0x5, 0x2, 0x7, 0x8000, 0x83e, 0x9, 0x23f, 0x40})
ioctl$SIOCAX25GETUID(r1, 0x89e0, &(0x7f0000000180)={0x3, @null, r4})
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

06:27:52 executing program 3:
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, 0x140b, 0x100, 0x70bd25, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x2}]}, 0x18}, 0x1, 0x0, 0x0, 0x4880}, 0x4040004)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:27:52 executing program 2:
getsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000200), 0x0)

06:27:52 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x7a00000000000000)

06:27:52 executing program 2:
getsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000200), 0x0)

06:27:52 executing program 4:
r0 = accept4$ax25(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x800)
accept$ax25(r0, 0x0, &(0x7f0000000080))
r1 = accept4$ax25(r0, &(0x7f00000000c0)={{}, [@bcast, @bcast, @remote, @remote, @null, @remote, @null]}, &(0x7f0000000140)=0x48, 0x80000) (async, rerun: 64)
r2 = socket$nl_rdma(0x10, 0x3, 0x14) (rerun: 64)
sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000300)={&(0x7f00000001c0), 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x88, 0x1403, 0x100, 0x70bd2a, 0x25dfdbfd, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'team0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ip6erspan0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'vcan0\x00'}}]}, 0x88}, 0x1, 0x0, 0x0, 0x40004}, 0x40)
r3 = msgget$private(0x0, 0x490)
r4 = getuid() (async)
getresuid(&(0x7f0000001280)=<r5=>0x0, &(0x7f00000012c0), &(0x7f0000001300)=<r6=>0x0)
msgctl$IPC_SET(r3, 0x1, &(0x7f0000001340)={{0x1, r4, 0xffffffffffffffff, r5, 0xffffffffffffffff, 0x20, 0x5}, 0x0, 0x0, 0x5, 0x2, 0xffffffffffffffff, 0x100000000, 0xfb8, 0x5, 0x8000, 0x5, 0xffffffffffffffff, 0xffffffffffffffff}) (async, rerun: 64)
r7 = getegid() (rerun: 64)
msgctl$IPC_SET(r3, 0x1, &(0x7f0000002500)={{0x2, r4, r7, r6, 0xffffffffffffffff, 0x1, 0x3f}, 0x0, 0x0, 0x5, 0x2, 0x7, 0x8000, 0x83e, 0x9, 0x23f, 0x40})
ioctl$SIOCAX25GETUID(r1, 0x89e0, &(0x7f0000000180)={0x3, @null, r4}) (async, rerun: 64)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (rerun: 64)

06:27:52 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r1=>0xffffffffffffffff}, 0x111, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000140)={0x10, 0x30, 0xfa00, {&(0x7f0000000080), 0x6, {0xa, 0x4e20, 0x1, @remote, 0xb62}, r1}}, 0x38)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
write$vhost_msg(r2, 0x0, 0x0)

06:27:52 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000080)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:52 executing program 2:
socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000200), 0x0)

06:27:52 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, 0x0, 0x0, {0x0, 0x0, 0x3}, 0x2}, 0x18)
sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, 0x0, 0x415, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040}, 0x24040010)

06:27:53 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x97ffffff00000000)

06:27:53 executing program 2:
socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000200), 0x0)

06:27:53 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) (async, rerun: 32)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (rerun: 32)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r1=>0xffffffffffffffff}, 0x111, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000140)={0x10, 0x30, 0xfa00, {&(0x7f0000000080), 0x6, {0xa, 0x4e20, 0x1, @remote, 0xb62}, r1}}, 0x38) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
write$vhost_msg(r2, 0x0, 0x0)

06:27:53 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000080)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:53 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, 0x0, 0x0, {0x0, 0x0, 0x3}, 0x2}, 0x18)
sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, 0x0, 0x415, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040}, 0x24040010)

06:27:53 executing program 2:
socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000200), 0x0)

06:27:53 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xebffffff00000000)

06:27:53 executing program 4:
accept4$ax25(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x800) (async)
r0 = accept4$ax25(0xffffffffffffffff, 0x0, &(0x7f0000000040), 0x800)
accept$ax25(r0, 0x0, &(0x7f0000000080))
r1 = accept4$ax25(r0, &(0x7f00000000c0)={{}, [@bcast, @bcast, @remote, @remote, @null, @remote, @null]}, &(0x7f0000000140)=0x48, 0x80000)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000300)={&(0x7f00000001c0), 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x88, 0x1403, 0x100, 0x70bd2a, 0x25dfdbfd, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'team0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'ip6erspan0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'vcan0\x00'}}]}, 0x88}, 0x1, 0x0, 0x0, 0x40004}, 0x40)
r3 = msgget$private(0x0, 0x490)
getuid() (async)
r4 = getuid()
getresuid(&(0x7f0000001280), &(0x7f00000012c0), &(0x7f0000001300)) (async)
getresuid(&(0x7f0000001280)=<r5=>0x0, &(0x7f00000012c0), &(0x7f0000001300)=<r6=>0x0)
msgctl$IPC_SET(r3, 0x1, &(0x7f0000001340)={{0x1, r4, 0xffffffffffffffff, r5, 0xffffffffffffffff, 0x20, 0x5}, 0x0, 0x0, 0x5, 0x2, 0xffffffffffffffff, 0x100000000, 0xfb8, 0x5, 0x8000, 0x5, 0xffffffffffffffff, 0xffffffffffffffff})
r7 = getegid()
msgctl$IPC_SET(r3, 0x1, &(0x7f0000002500)={{0x2, r4, r7, r6, 0xffffffffffffffff, 0x1, 0x3f}, 0x0, 0x0, 0x5, 0x2, 0x7, 0x8000, 0x83e, 0x9, 0x23f, 0x40}) (async)
msgctl$IPC_SET(r3, 0x1, &(0x7f0000002500)={{0x2, r4, r7, r6, 0xffffffffffffffff, 0x1, 0x3f}, 0x0, 0x0, 0x5, 0x2, 0x7, 0x8000, 0x83e, 0x9, 0x23f, 0x40})
ioctl$SIOCAX25GETUID(r1, 0x89e0, &(0x7f0000000180)={0x3, @null, r4})
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

06:27:53 executing program 2:
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
getsockopt$PNPIPE_ENCAP(r0, 0x113, 0x1, 0x0, 0x0)

06:27:53 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f00000000c0)={<r1=>0xffffffffffffffff}, 0x111, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000140)={0x10, 0x30, 0xfa00, {&(0x7f0000000080), 0x6, {0xa, 0x4e20, 0x1, @remote, 0xb62}, r1}}, 0x38) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
write$vhost_msg(r2, 0x0, 0x0)

06:27:53 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, 0x0, 0x0, {0x0, 0x0, 0x3}, 0x2}, 0x18)
sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, 0x0, 0x415, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040}, 0x24040010)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000140)={0x1d, 0x0, 0x0, {0x0, 0x0, 0x3}, 0x2}, 0x18) (async)
sendmsg$BATADV_CMD_TP_METER_CANCEL(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, 0x0, 0x415, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4040}, 0x24040010) (async)

06:27:53 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x1c000)

06:27:53 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000080)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:53 executing program 2:
ioctl$DRM_IOCTL_MODE_SETPROPERTY(0xffffffffffffffff, 0xc01064ab, &(0x7f0000000000)={0x8, 0x80000001, 0x6})
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_NET_SET_BACKEND(0xffffffffffffffff, 0x4008af30, &(0x7f00000000c0))
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000080))
arch_prctl$ARCH_SET_GS(0x1001, &(0x7f0000000100))
write$vhost_msg(r0, 0x0, 0x0)

06:27:53 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = accept4$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000080)=0x10, 0x800)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'})
landlock_create_ruleset(&(0x7f0000000100)={0x100}, 0x8, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

06:27:53 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xfdffffff00000000)

06:27:53 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x9e, 0x40040)
ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000080))

06:27:53 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x1c000)

06:27:53 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x4c00000000000000)

06:27:53 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xffff1f0000000000)

06:27:53 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x1c000)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x1c000) (async)

06:27:53 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r1 = accept4$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000080)=0x10, 0x800)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'}) (async)
landlock_create_ruleset(&(0x7f0000000100)={0x100}, 0x8, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

06:27:54 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x9e, 0x40040)
ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000080))

06:27:54 executing program 4:
syz_open_dev$usbmon(&(0x7f00000000c0), 0x0, 0x6500)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000080))

06:27:54 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
memfd_create(&(0x7f0000000000)='\'!$\x00', 0x2)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:54 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x9e, 0x40040)
ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000080))

06:27:54 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xffffff7f00000000)

06:27:54 executing program 4:
syz_open_dev$usbmon(&(0x7f00000000c0), 0x0, 0x6500) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000080))

06:27:54 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x9e, 0x40040)
ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000080))
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
syz_open_dev$sg(&(0x7f0000000000), 0x9e, 0x40040) (async)
ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000080)) (async)

06:27:54 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = accept4$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000080)=0x10, 0x800)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'})
landlock_create_ruleset(&(0x7f0000000100)={0x100}, 0x8, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
accept4$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f0000000080)=0x10, 0x800) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'}) (async)
landlock_create_ruleset(&(0x7f0000000100)={0x100}, 0x8, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)

06:27:54 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
memfd_create(&(0x7f0000000000)='\'!$\x00', 0x2) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:54 executing program 4:
syz_open_dev$usbmon(&(0x7f00000000c0), 0x0, 0x6500)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000080)) (async)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000080))

06:27:54 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0xffffffff00000000)

06:27:54 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
write$vhost_msg(r0, 0x0, 0x56)
ioctl$SCSI_IOCTL_GET_IDLUN(r0, 0x5382, &(0x7f00000001c0))
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x100, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
write$vhost_msg_v2(r2, &(0x7f00000013c0)={0x2, 0x0, {&(0x7f0000001280)=""/156, 0x9c, &(0x7f0000001340)=""/66, 0x3, 0x4}}, 0x48)
write$vhost_msg_v2(r1, &(0x7f0000000140)={0x2, 0x0, {&(0x7f0000000080)=""/154, 0x9a, &(0x7f0000000280)=""/4096, 0x3, 0x2}}, 0x48)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000200)={0x4f02, r3}, 0x0)
write$vhost_msg(r2, &(0x7f0000001600)={0x1, {&(0x7f0000001440)=""/209, 0xd1, &(0x7f0000001540)=""/139, 0x2, 0x4}}, 0x48)

06:27:54 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x9e, 0x40040)
ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000080))

06:27:54 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
getsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000080)=0x4)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001214000326bd7000fcdbdf25080003000300000008004f000500000008004b001300000008004f0003000000080001000100000008001500020000000800010002ff0f000800150005000000"], 0x50}, 0x1, 0x0, 0x0, 0x51}, 0x20000000)

06:27:54 executing program 4:
sendmsg$IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="280595ec440000", @ANYRES16=0x0, @ANYBLOB="020027bd7000fedbdf25250000000c000500000000000000000006000400ffff0000"], 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
ioctl$SG_GET_COMMAND_Q(0xffffffffffffffff, 0x2270, &(0x7f0000000040))
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

06:27:54 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
memfd_create(&(0x7f0000000000)='\'!$\x00', 0x2) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:27:54 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(0xffffffffffffffff, 0x2288, &(0x7f0000000080))

06:27:54 executing program 4:
sendmsg$IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="280595ec440000", @ANYRES16=0x0, @ANYBLOB="020027bd7000fedbdf25250000000c000500000000000000000006000400ffff0000"], 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
ioctl$SG_GET_COMMAND_Q(0xffffffffffffffff, 0x2270, &(0x7f0000000040))
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
sendmsg$IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="280595ec440000", @ANYRES16=0x0, @ANYBLOB="020027bd7000fedbdf25250000000c000500000000000000000006000400ffff0000"], 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x44) (async)
ioctl$SG_GET_COMMAND_Q(0xffffffffffffffff, 0x2270, &(0x7f0000000040)) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)

06:27:54 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x56) (async)
ioctl$SCSI_IOCTL_GET_IDLUN(r0, 0x5382, &(0x7f00000001c0)) (async, rerun: 32)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (rerun: 32)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x100, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
write$vhost_msg_v2(r2, &(0x7f00000013c0)={0x2, 0x0, {&(0x7f0000001280)=""/156, 0x9c, &(0x7f0000001340)=""/66, 0x3, 0x4}}, 0x48) (async)
write$vhost_msg_v2(r1, &(0x7f0000000140)={0x2, 0x0, {&(0x7f0000000080)=""/154, 0x9a, &(0x7f0000000280)=""/4096, 0x3, 0x2}}, 0x48) (async)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000200)={0x4f02, r3}, 0x0) (async, rerun: 64)
write$vhost_msg(r2, &(0x7f0000001600)={0x1, {&(0x7f0000001440)=""/209, 0xd1, &(0x7f0000001540)=""/139, 0x2, 0x4}}, 0x48) (rerun: 64)

06:27:54 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x9e, 0x40040)
ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000080))

06:27:54 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
getsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000080)=0x4)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001214000326bd7000fcdbdf25080003000300000008004f000500000008004b001300000008004f0003000000080001000100000008001500020000000800010002ff0f000800150005000000"], 0x50}, 0x1, 0x0, 0x0, 0x51}, 0x20000000)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
getsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000080)=0x4) (async)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001214000326bd7000fcdbdf25080003000300000008004f000500000008004b001300000008004f0003000000080001000100000008001500020000000800010002ff0f000800150005000000"], 0x50}, 0x1, 0x0, 0x0, 0x51}, 0x20000000) (async)

06:27:54 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x1}}, 0x48)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0)

06:27:54 executing program 4:
sendmsg$IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="280595ec440000", @ANYRES16=0x0, @ANYBLOB="020027bd7000fedbdf25250000000c000500000000000000000006000400ffff0000"], 0x28}, 0x1, 0x0, 0x0, 0x20000000}, 0x44)
ioctl$SG_GET_COMMAND_Q(0xffffffffffffffff, 0x2270, &(0x7f0000000040))
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

06:27:54 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$SG_GET_KEEP_ORPHAN(0xffffffffffffffff, 0x2288, &(0x7f0000000080))

06:27:54 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
write$vhost_msg(r0, 0x0, 0x56)
ioctl$SCSI_IOCTL_GET_IDLUN(r0, 0x5382, &(0x7f00000001c0)) (async)
ioctl$SCSI_IOCTL_GET_IDLUN(r0, 0x5382, &(0x7f00000001c0))
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x100, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
write$vhost_msg_v2(r2, &(0x7f00000013c0)={0x2, 0x0, {&(0x7f0000001280)=""/156, 0x9c, &(0x7f0000001340)=""/66, 0x3, 0x4}}, 0x48)
write$vhost_msg_v2(r1, &(0x7f0000000140)={0x2, 0x0, {&(0x7f0000000080)=""/154, 0x9a, &(0x7f0000000280)=""/4096, 0x3, 0x2}}, 0x48)
socket$inet_udp(0x2, 0x2, 0x0) (async)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000200)={0x4f02, r3}, 0x0)
write$vhost_msg(r2, &(0x7f0000001600)={0x1, {&(0x7f0000001440)=""/209, 0xd1, &(0x7f0000001540)=""/139, 0x2, 0x4}}, 0x48)

06:27:54 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x9e, 0x40040)

06:27:54 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
getsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000080)=0x4)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001214000326bd7000fcdbdf25080003000300000008004f000500000008004b001300000008004f0003000000080001000100000008001500020000000800010002ff0f000800150005000000"], 0x50}, 0x1, 0x0, 0x0, 0x51}, 0x20000000)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
getsockopt$PNPIPE_ENCAP(0xffffffffffffffff, 0x113, 0x1, &(0x7f0000000000), &(0x7f0000000080)=0x4) (async)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001214000326bd7000fcdbdf25080003000300000008004f000500000008004b001300000008004f0003000000080001000100000008001500020000000800010002ff0f000800150005000000"], 0x50}, 0x1, 0x0, 0x0, 0x51}, 0x20000000) (async)

06:27:55 executing program 4:
socket$phonet_pipe(0x23, 0x5, 0x2)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

06:27:55 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x1}}, 0x48)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0)

06:27:55 executing program 4:
socket$phonet_pipe(0x23, 0x5, 0x2)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
socket$phonet_pipe(0x23, 0x5, 0x2) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)

06:27:55 executing program 2:
syz_open_dev$sg(&(0x7f0000000000), 0x9e, 0x40040)

06:27:55 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(0xffffffffffffffff, 0x2288, &(0x7f0000000080))

06:27:55 executing program 4:
socket$phonet_pipe(0x23, 0x5, 0x2) (async)
socket$phonet_pipe(0x23, 0x5, 0x2)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

06:27:55 executing program 2:
syz_open_dev$sg(0x0, 0x9e, 0x40040)

06:27:55 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = memfd_create(&(0x7f0000000000)='\\#!\x00', 0x7)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, 0x0)
ioctl$IOMMU_VFIO_IOAS$GET(r4, 0x3b88, &(0x7f0000000180)={0xc, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f00000001c0)={0x38, 0x2, r5})
ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f00000000c0)={0x0, 0x7, [{r1, 0x0, 0x2000, 0x1000}, {r2, 0x0, 0x8000, 0x4000}, {0xffffffffffffffff, 0x0, 0x2000, 0x8000}, {0xffffffffffffffff, 0x0, 0x100000000, 0x10000}, {r3, 0x0, 0x1000000}, {0xffffffffffffffff, 0x0, 0xfefee000, 0xfffffffffffff000}, {r4, 0x0, 0xfffff000, 0x1000000000000}]})

06:27:55 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="20000090b989cf0426bd7000fddbdf25020000008ff8eac730fb517f48f934b8fbd69eccd6d2e904000084ee20d91db15f554c2895d2b8d08c9a35324bc78f6e76"], 0x20}, 0x1, 0x0, 0x0, 0x40080}, 0x10)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x3c}, 0x10}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x20, 0x1402, 0x100, 0x70bd2c, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}]}, 0x20}}, 0x14)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x40800, 0x0)
r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000003c0), 0x4000, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f0000000400))
read$usbmon(r1, &(0x7f00000002c0)=""/251, 0xfb)

06:27:55 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x1}}, 0x48)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0)

06:27:55 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x4100)

06:27:55 executing program 2:
syz_open_dev$sg(0x0, 0x9e, 0x40040)

06:27:55 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
r2 = memfd_create(&(0x7f0000000000)='\\#!\x00', 0x7) (async)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0) (async)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, 0x0) (async, rerun: 32)
ioctl$IOMMU_VFIO_IOAS$GET(r4, 0x3b88, &(0x7f0000000180)={0xc, <r5=>0x0}) (rerun: 32)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f00000001c0)={0x38, 0x2, r5})
ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f00000000c0)={0x0, 0x7, [{r1, 0x0, 0x2000, 0x1000}, {r2, 0x0, 0x8000, 0x4000}, {0xffffffffffffffff, 0x0, 0x2000, 0x8000}, {0xffffffffffffffff, 0x0, 0x100000000, 0x10000}, {r3, 0x0, 0x1000000}, {0xffffffffffffffff, 0x0, 0xfefee000, 0xfffffffffffff000}, {r4, 0x0, 0xfffff000, 0x1000000000000}]})

06:27:55 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x4100)

06:27:55 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x4100)

06:27:55 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
getsockname$llc(0xffffffffffffffff, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f00000000c0)=0x10)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$DMA_BUF_SET_NAME_A(r1, 0x40046201, &(0x7f0000000000)='/dev/virtual_nci\x00')

06:27:55 executing program 1:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000140))
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
ioctl$IMCTRLREQ(0xffffffffffffffff, 0x80044945, &(0x7f0000000180)={0x200, 0x3, 0x5, 0x4})
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000080))
getsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f00000000c0), &(0x7f0000000100)=0x4)

06:27:55 executing program 2:
syz_open_dev$sg(0x0, 0x9e, 0x40040)

06:27:55 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="20000090b989cf0426bd7000fddbdf25020000008ff8eac730fb517f48f934b8fbd69eccd6d2e904000084ee20d91db15f554c2895d2b8d08c9a35324bc78f6e76"], 0x20}, 0x1, 0x0, 0x0, 0x40080}, 0x10)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x3c}, 0x10}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x20, 0x1402, 0x100, 0x70bd2c, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}]}, 0x20}}, 0x14) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x40800, 0x0) (async)
r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000003c0), 0x4000, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f0000000400)) (async)
read$usbmon(r1, &(0x7f00000002c0)=""/251, 0xfb)

06:27:55 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
getsockname$llc(0xffffffffffffffff, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f00000000c0)=0x10)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$DMA_BUF_SET_NAME_A(r1, 0x40046201, &(0x7f0000000000)='/dev/virtual_nci\x00')

06:27:55 executing program 2:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40040)

06:27:55 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x10000, 0x4500)

06:27:55 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
r2 = memfd_create(&(0x7f0000000000)='\\#!\x00', 0x7)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0) (async)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, 0x0) (async)
ioctl$IOMMU_VFIO_IOAS$GET(r4, 0x3b88, &(0x7f0000000180)={0xc, <r5=>0x0})
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f00000001c0)={0x38, 0x2, r5}) (async)
ioctl$UDMABUF_CREATE_LIST(0xffffffffffffffff, 0x40087543, &(0x7f00000000c0)={0x0, 0x7, [{r1, 0x0, 0x2000, 0x1000}, {r2, 0x0, 0x8000, 0x4000}, {0xffffffffffffffff, 0x0, 0x2000, 0x8000}, {0xffffffffffffffff, 0x0, 0x100000000, 0x10000}, {r3, 0x0, 0x1000000}, {0xffffffffffffffff, 0x0, 0xfefee000, 0xfffffffffffff000}, {r4, 0x0, 0xfffff000, 0x1000000000000}]})

06:27:55 executing program 2:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40040)

06:27:55 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000140))
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
ioctl$IMCTRLREQ(0xffffffffffffffff, 0x80044945, &(0x7f0000000180)={0x200, 0x3, 0x5, 0x4}) (async)
ioctl$IMCTRLREQ(0xffffffffffffffff, 0x80044945, &(0x7f0000000180)={0x200, 0x3, 0x5, 0x4})
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000080))
getsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f00000000c0), &(0x7f0000000100)=0x4)

06:27:55 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
getsockname$llc(0xffffffffffffffff, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, &(0x7f00000000c0)=0x10)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$DMA_BUF_SET_NAME_A(r1, 0x40046201, &(0x7f0000000000)='/dev/virtual_nci\x00')

06:27:55 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="20000090b989cf0426bd7000fddbdf25020000008ff8eac730fb517f48f934b8fbd69eccd6d2e904000084ee20d91db15f554c2895d2b8d08c9a35324bc78f6e76"], 0x20}, 0x1, 0x0, 0x0, 0x40080}, 0x10) (async)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x3c}, 0x10}}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000280)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x20, 0x1402, 0x100, 0x70bd2c, 0x25dfdbfc, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}]}, 0x20}}, 0x14) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x40800, 0x0) (async)
r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000003c0), 0x4000, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f0000000400))
read$usbmon(r1, &(0x7f00000002c0)=""/251, 0xfb)

06:27:55 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x10000, 0x4500)
syz_open_dev$usbmon(&(0x7f0000000000), 0x10000, 0x4500) (async)

06:27:56 executing program 5:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x406000, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
write$vhost_msg(r1, 0x0, 0x0)

06:27:56 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x8000000)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r2)

06:27:56 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x10000, 0x4500)

06:27:56 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
r0 = msgget$private(0x0, 0x86)
msgctl$MSG_INFO(r0, 0xc, &(0x7f0000000140)=""/4)
msgctl$MSG_STAT_ANY(r0, 0xd, &(0x7f0000000300)=""/153)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)
ioctl$MON_IOCX_GET(r1, 0x40189206, &(0x7f00000002c0)={&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000200)=""/177, 0xb1})
openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x8a002, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0)
read$usbmon(r2, &(0x7f00000000c0)=""/190, 0xbe)

06:27:56 executing program 2:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x40040)

06:27:56 executing program 1:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000140))
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
ioctl$IMCTRLREQ(0xffffffffffffffff, 0x80044945, &(0x7f0000000180)={0x200, 0x3, 0x5, 0x4}) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000080)) (async)
getsockopt$SO_J1939_SEND_PRIO(0xffffffffffffffff, 0x6b, 0x3, &(0x7f00000000c0), &(0x7f0000000100)=0x4)

06:27:56 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
r0 = msgget$private(0x0, 0x86)
msgctl$MSG_INFO(r0, 0xc, &(0x7f0000000140)=""/4)
msgctl$MSG_STAT_ANY(r0, 0xd, &(0x7f0000000300)=""/153) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)
ioctl$MON_IOCX_GET(r1, 0x40189206, &(0x7f00000002c0)={&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000200)=""/177, 0xb1})
openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x8a002, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0)
read$usbmon(r2, &(0x7f00000000c0)=""/190, 0xbe)

06:27:56 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
mmap$usbmon(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000003, 0x1010, 0xffffffffffffffff, 0x7fff)

06:27:56 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x8000000) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r2)

06:27:56 executing program 2:
syz_open_dev$sg(&(0x7f0000000000), 0x9e, 0x0)

06:27:56 executing program 5:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x406000, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
write$vhost_msg(r1, 0x0, 0x0)

06:27:56 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:27:56 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
r0 = msgget$private(0x0, 0x86)
msgctl$MSG_INFO(r0, 0xc, &(0x7f0000000140)=""/4)
msgctl$MSG_STAT_ANY(r0, 0xd, &(0x7f0000000300)=""/153)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0)
ioctl$MON_IOCX_GET(r1, 0x40189206, &(0x7f00000002c0)={&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000200)=""/177, 0xb1})
openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x8a002, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0)
read$usbmon(r2, &(0x7f00000000c0)=""/190, 0xbe)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
msgget$private(0x0, 0x86) (async)
msgctl$MSG_INFO(r0, 0xc, &(0x7f0000000140)=""/4) (async)
msgctl$MSG_STAT_ANY(r0, 0xd, &(0x7f0000000300)=""/153) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x100, 0x0) (async)
ioctl$MON_IOCX_GET(r1, 0x40189206, &(0x7f00000002c0)={&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000200)=""/177, 0xb1}) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000180), 0x8a002, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x40, 0x0) (async)
read$usbmon(r2, &(0x7f00000000c0)=""/190, 0xbe) (async)

06:27:56 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
mmap$usbmon(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000003, 0x1010, 0xffffffffffffffff, 0x7fff)

06:27:56 executing program 2:
syz_open_dev$sg(&(0x7f0000000000), 0x9e, 0x0)

06:27:56 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x8000000)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r2)

06:27:56 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:27:56 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x40, 0x4100)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000080)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x4})

06:27:56 executing program 2:
syz_open_dev$sg(&(0x7f0000000000), 0x9e, 0x0)

06:27:56 executing program 5:
openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x406000, 0x0) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x406000, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
write$vhost_msg(r1, 0x0, 0x0)

06:27:56 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
mmap$usbmon(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x2000003, 0x1010, 0xffffffffffffffff, 0x7fff)

06:27:56 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x40, 0x4100)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000080)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x4}) (async)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000080)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x4})

06:27:56 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x8000000)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r2)

06:27:56 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:27:56 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x40, 0x4100)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000080)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x4})
syz_open_dev$usbmon(&(0x7f0000000000), 0x40, 0x4100) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000080)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x4}) (async)

06:27:57 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), r2)
openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x808c0, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000080)={0x1})

06:27:57 executing program 0:
syz_init_net_socket$ax25(0x3, 0x5, 0xca)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, {&(0x7f0000000000)=""/13, 0xd, &(0x7f0000000040)=""/120, 0x0, 0x4}}, 0x48)

06:27:57 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x3, 0x34b342)
landlock_restrict_self(0xffffffffffffffff, 0x0)
r0 = landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x20801, 0x0)
ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000000080))

06:27:57 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4)

06:27:57 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x8000000)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r2)

06:27:57 executing program 0:
syz_init_net_socket$ax25(0x3, 0x5, 0xca)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, {&(0x7f0000000000)=""/13, 0xd, &(0x7f0000000040)=""/120, 0x0, 0x4}}, 0x48) (async)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, {&(0x7f0000000000)=""/13, 0xd, &(0x7f0000000040)=""/120, 0x0, 0x4}}, 0x48)

06:27:57 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

06:27:57 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x3, 0x34b342) (async)
landlock_restrict_self(0xffffffffffffffff, 0x0)
r0 = landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0)
landlock_restrict_self(r0, 0x0)
landlock_restrict_self(r0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x20801, 0x0) (async)
ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000000080))

06:27:57 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), r2) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x808c0, 0x0) (async)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000080)={0x1})

06:27:57 executing program 0:
syz_init_net_socket$ax25(0x3, 0x5, 0xca)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, {&(0x7f0000000000)=""/13, 0xd, &(0x7f0000000040)=""/120, 0x0, 0x4}}, 0x48)
syz_init_net_socket$ax25(0x3, 0x5, 0xca) (async)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, {&(0x7f0000000000)=""/13, 0xd, &(0x7f0000000040)=""/120, 0x0, 0x4}}, 0x48) (async)

06:27:57 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x3, 0x34b342) (async)
landlock_restrict_self(0xffffffffffffffff, 0x0) (async, rerun: 64)
r0 = landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0) (rerun: 64)
landlock_restrict_self(r0, 0x0) (async)
landlock_restrict_self(r0, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x20801, 0x0) (async)
ioctl$SCSI_IOCTL_GET_IDLUN(r1, 0x5382, &(0x7f0000000080))

06:27:57 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)

06:27:57 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={0x0, 0x80000, <r2=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f00000001c0)={&(0x7f00000000c0)=[0x0, 0x0], &(0x7f0000000100)=[0x44e], 0x2, 0x1})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'})
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
setsockopt$inet6_icmp_ICMP_FILTER(r3, 0x1, 0x1, &(0x7f0000000200)={0x1ff}, 0x4)

06:27:57 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4)

06:27:57 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), r2)
openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x808c0, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000080)={0x1})

06:27:57 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x8000000)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r2)

06:27:57 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

06:27:57 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000), 0x4)

06:27:57 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async, rerun: 32)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async, rerun: 32)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={0x0, 0x80000, <r2=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f00000001c0)={&(0x7f00000000c0)=[0x0, 0x0], &(0x7f0000000100)=[0x44e], 0x2, 0x1})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) (async)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0) (async)
setsockopt$inet6_icmp_ICMP_FILTER(r3, 0x1, 0x1, &(0x7f0000000200)={0x1ff}, 0x4)

06:27:57 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0xa)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept$ax25(r1, &(0x7f0000000080)={{0x3, @default}, [@netrom, @bcast, @netrom, @default, @bcast, @default, @remote, @rose]}, &(0x7f0000000000)=0x48)
getresuid(&(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140), &(0x7f0000000180))
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000280), r1)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r1, &(0x7f0000000380)={&(0x7f0000000200), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x74, r3, 0x8b50643964aa00f9, 0x0, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}, {0x6, 0x11, 0xffe1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0x3}}]}, 0x74}, 0x1, 0x0, 0x0, 0x8004}, 0x10)
ioctl$SIOCAX25GETUID(r1, 0x89e0, &(0x7f00000001c0)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, r2})

06:27:57 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IEEE802154_SET_MACPARAMS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x44, r0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@IEEE802154_ATTR_CCA_MODE={0x5, 0x23, 0x81}, @IEEE802154_ATTR_CSMA_RETRIES={0x5}, @IEEE802154_ATTR_TXPOWER={0x5, 0x21, 0x3}, @IEEE802154_ATTR_LBT_ENABLED={0x5}, @IEEE802154_ATTR_CCA_MODE={0x5, 0x23, 0xfb}, @IEEE802154_ATTR_CCA_ED_LEVEL={0x8, 0x24, 0x7f}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x90)

06:27:57 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x8000000)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)

06:27:57 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IEEE802154_SET_MACPARAMS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x44, r0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@IEEE802154_ATTR_CCA_MODE={0x5, 0x23, 0x81}, @IEEE802154_ATTR_CSMA_RETRIES={0x5}, @IEEE802154_ATTR_TXPOWER={0x5, 0x21, 0x3}, @IEEE802154_ATTR_LBT_ENABLED={0x5}, @IEEE802154_ATTR_CCA_MODE={0x5, 0x23, 0xfb}, @IEEE802154_ATTR_CCA_ED_LEVEL={0x8, 0x24, 0x7f}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x90)

06:27:57 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$smackfs_logging(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:27:57 executing program 1:
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x10001, 0x402000)
read$usbmon(r0, &(0x7f0000000080)=""/109, 0x6d)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:27:57 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0xa)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
accept$ax25(r1, &(0x7f0000000080)={{0x3, @default}, [@netrom, @bcast, @netrom, @default, @bcast, @default, @remote, @rose]}, &(0x7f0000000000)=0x48) (async, rerun: 64)
getresuid(&(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140), &(0x7f0000000180)) (async, rerun: 64)
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000280), r1)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r1, &(0x7f0000000380)={&(0x7f0000000200), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x74, r3, 0x8b50643964aa00f9, 0x0, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}, {0x6, 0x11, 0xffe1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0x3}}]}, 0x74}, 0x1, 0x0, 0x0, 0x8004}, 0x10) (async, rerun: 32)
ioctl$SIOCAX25GETUID(r1, 0x89e0, &(0x7f00000001c0)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, r2}) (rerun: 32)

06:27:57 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
r0 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IEEE802154_SET_MACPARAMS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x44, r0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@IEEE802154_ATTR_CCA_MODE={0x5, 0x23, 0x81}, @IEEE802154_ATTR_CSMA_RETRIES={0x5}, @IEEE802154_ATTR_TXPOWER={0x5, 0x21, 0x3}, @IEEE802154_ATTR_LBT_ENABLED={0x5}, @IEEE802154_ATTR_CCA_MODE={0x5, 0x23, 0xfb}, @IEEE802154_ATTR_CCA_ED_LEVEL={0x8, 0x24, 0x7f}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x90)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff) (async)
sendmsg$IEEE802154_SET_MACPARAMS(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x44, r0, 0x100, 0x70bd2a, 0x25dfdbff, {}, [@IEEE802154_ATTR_CCA_MODE={0x5, 0x23, 0x81}, @IEEE802154_ATTR_CSMA_RETRIES={0x5}, @IEEE802154_ATTR_TXPOWER={0x5, 0x21, 0x3}, @IEEE802154_ATTR_LBT_ENABLED={0x5}, @IEEE802154_ATTR_CCA_MODE={0x5, 0x23, 0xfb}, @IEEE802154_ATTR_CCA_ED_LEVEL={0x8, 0x24, 0x7f}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x90) (async)

06:27:58 executing program 1:
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x10001, 0x402000)
read$usbmon(r0, &(0x7f0000000080)=""/109, 0x6d)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:27:58 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x8000000)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)

06:27:58 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={0x0, 0x80000, <r2=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f00000001c0)={&(0x7f00000000c0)=[0x0, 0x0], &(0x7f0000000100)=[0x44e], 0x2, 0x1})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) (async)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
setsockopt$inet6_icmp_ICMP_FILTER(r3, 0x1, 0x1, &(0x7f0000000200)={0x1ff}, 0x4)

06:27:58 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0xa) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
accept$ax25(r1, &(0x7f0000000080)={{0x3, @default}, [@netrom, @bcast, @netrom, @default, @bcast, @default, @remote, @rose]}, &(0x7f0000000000)=0x48)
getresuid(&(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140), &(0x7f0000000180))
r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000280), r1)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r1, &(0x7f0000000380)={&(0x7f0000000200), 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x74, r3, 0x8b50643964aa00f9, 0x0, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1}, {0x6, 0x11, 0xffe1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7}, {0x6, 0x11, 0x3}}]}, 0x74}, 0x1, 0x0, 0x0, 0x8004}, 0x10)
ioctl$SIOCAX25GETUID(r1, 0x89e0, &(0x7f00000001c0)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, r2})

06:27:58 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f0000000080)=ANY=[@ANYBLOB="010000080000000012f433184e702dbabed7c85e069782c19588c7743c0627d40b7d1cb2af13a8a2fd647414f4eabad8f368dc0fd9b3cb3f20305a805ade77f4b36e1dd40c3ca9ccfe5e36"])

06:27:58 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$smackfs_logging(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$smackfs_logging(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)

06:27:58 executing program 1:
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x10001, 0x402000)
read$usbmon(r0, &(0x7f0000000080)=""/109, 0x6d)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:27:58 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f0000000080)=ANY=[@ANYBLOB="010000080000000012f433184e702dbabed7c85e069782c19588c7743c0627d40b7d1cb2af13a8a2fd647414f4eabad8f368dc0fd9b3cb3f20305a805ade77f4b36e1dd40c3ca9ccfe5e36"]) (async)
ioctl$UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f0000000080)=ANY=[@ANYBLOB="010000080000000012f433184e702dbabed7c85e069782c19588c7743c0627d40b7d1cb2af13a8a2fd647414f4eabad8f368dc0fd9b3cb3f20305a805ade77f4b36e1dd40c3ca9ccfe5e36"])

06:27:58 executing program 0:
setsockopt$SO_J1939_PROMISC(0xffffffffffffffff, 0x6b, 0x2, &(0x7f0000000000)=0x1, 0x4)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x3}}, 0x48)

06:27:58 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f0000000080)=ANY=[@ANYBLOB="010000080000000012f433184e702dbabed7c85e069782c19588c7743c0627d40b7d1cb2af13a8a2fd647414f4eabad8f368dc0fd9b3cb3f20305a805ade77f4b36e1dd40c3ca9ccfe5e36"])

06:27:58 executing program 5:
ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000000)={0x0, <r0=>0x0})
r1 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000180), 0x100800, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000140)={r0, 0x0, <r2=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r2, 0xc01064ab, &(0x7f0000000080)={0x7, 0x200ff, 0x9})
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r3, 0x0, 0x0)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x7dea0470279713a9, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, 0x0)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f00000000c0))
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r5, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r5, 0xc01064c2, &(0x7f00000001c0)={0x0, 0x1, r4})

06:27:58 executing program 4:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="3a800032", @ANYRES16=0x0, @ANYBLOB="200029bd7000fddbdf252e0000050003000000aaaaaaaa06000400a2aa000006000600030000002f08002c00"/54], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x24040001)
syz_open_dev$usbmon(&(0x7f0000000040), 0x8000000000, 0x50000)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), r0)

06:27:58 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_init_net_socket$llc(0x1a, 0x3, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR2(0xffffffffffffffff, 0xc02464bb, &(0x7f0000000000)={0x6, 0x1205, 0x6, 0x5, 0x8, 0x43ac, 0x3ff, 0x8000})
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/ipc\x00')
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x248}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x44, 0x1402, 0x800, 0x70bd2e, 0x25dfdbfb, "", [@RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x44}}, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x400000, 0x0)
accept$ax25(r2, &(0x7f0000000240)={{0x3, @rose}, [@null, @rose, @netrom, @bcast, @rose, @bcast, @bcast]}, &(0x7f00000002c0)=0x48)

06:27:58 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x8000000)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)

06:27:58 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$smackfs_logging(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
openat$smackfs_logging(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:27:58 executing program 4:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="3a800032", @ANYRES16=0x0, @ANYBLOB="200029bd7000fddbdf252e0000050003000000aaaaaaaa06000400a2aa000006000600030000002f08002c00"/54], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x24040001) (async, rerun: 32)
syz_open_dev$usbmon(&(0x7f0000000040), 0x8000000000, 0x50000) (async, rerun: 32)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), r0)

06:27:58 executing program 0:
setsockopt$SO_J1939_PROMISC(0xffffffffffffffff, 0x6b, 0x2, &(0x7f0000000000)=0x1, 0x4) (async)
setsockopt$SO_J1939_PROMISC(0xffffffffffffffff, 0x6b, 0x2, &(0x7f0000000000)=0x1, 0x4)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x3}}, 0x48)

06:27:58 executing program 4:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="3a800032", @ANYRES16=0x0, @ANYBLOB="200029bd7000fddbdf252e0000050003000000aaaaaaaa06000400a2aa000006000600030000002f08002c00"/54], 0x4c}, 0x1, 0x0, 0x0, 0x800}, 0x24040001) (async, rerun: 64)
syz_open_dev$usbmon(&(0x7f0000000040), 0x8000000000, 0x50000) (async, rerun: 64)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000140), r0)

[ 1115.522070][ T1200] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.528445][ T1200] ieee802154 phy1 wpan1: encryption failed: -22
06:27:58 executing program 5:
ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000000)={0x0, <r0=>0x0})
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000180), 0x100800, 0x0) (async)
r1 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000180), 0x100800, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000140)={r0, 0x0, <r2=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r2, 0xc01064ab, &(0x7f0000000080)={0x7, 0x200ff, 0x9})
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r3, 0x0, 0x0)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x7dea0470279713a9, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, 0x0)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f00000000c0)) (async)
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f00000000c0))
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r5, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r5, 0xc01064c2, &(0x7f00000001c0)={0x0, 0x1, r4}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r5, 0xc01064c2, &(0x7f00000001c0)={0x0, 0x1, r4})

06:27:58 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x22c002)

06:27:58 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
syz_init_net_socket$llc(0x1a, 0x3, 0x0) (async)
ioctl$DRM_IOCTL_MODE_CURSOR2(0xffffffffffffffff, 0xc02464bb, &(0x7f0000000000)={0x6, 0x1205, 0x6, 0x5, 0x8, 0x43ac, 0x3ff, 0x8000}) (async)
r0 = socket$nl_rdma(0x10, 0x3, 0x14) (async)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/ipc\x00')
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x248}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x44, 0x1402, 0x800, 0x70bd2e, 0x25dfdbfb, "", [@RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x44}}, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x400000, 0x0)
accept$ax25(r2, &(0x7f0000000240)={{0x3, @rose}, [@null, @rose, @netrom, @bcast, @rose, @bcast, @bcast]}, &(0x7f00000002c0)=0x48)

06:27:58 executing program 5:
ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000000)={0x0, <r0=>0x0}) (async)
r1 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000180), 0x100800, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000140)={r0, 0x0, <r2=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r2, 0xc01064ab, &(0x7f0000000080)={0x7, 0x200ff, 0x9}) (async)
r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r3, 0x0, 0x0)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x7dea0470279713a9, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, 0x0) (async, rerun: 32)
r5 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (rerun: 32)
ioctl$DRM_IOCTL_ADD_CTX(r4, 0xc0086420, &(0x7f00000000c0)) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r5, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r5, 0xc01064c2, &(0x7f00000001c0)={0x0, 0x1, r4})

06:27:58 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x8000000)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r2)

06:27:58 executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x200, 0x70bd28, 0x25dfdbff, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x10)

06:27:58 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x22c002)

06:27:58 executing program 0:
setsockopt$SO_J1939_PROMISC(0xffffffffffffffff, 0x6b, 0x2, &(0x7f0000000000)=0x1, 0x4) (async, rerun: 32)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (rerun: 32)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x3}}, 0x48)

06:27:59 executing program 3:
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x200, 0x70bd28, 0x25dfdbff, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x10)

06:27:59 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000040), 0x0, 0x22c002)

06:27:59 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x8000000)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)

06:27:59 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_init_net_socket$llc(0x1a, 0x3, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR2(0xffffffffffffffff, 0xc02464bb, &(0x7f0000000000)={0x6, 0x1205, 0x6, 0x5, 0x8, 0x43ac, 0x3ff, 0x8000})
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
r1 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/ipc\x00')
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x248}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x44, 0x1402, 0x800, 0x70bd2e, 0x25dfdbfb, "", [@RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x44}}, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x400000, 0x0)
accept$ax25(r2, &(0x7f0000000240)={{0x3, @rose}, [@null, @rose, @netrom, @bcast, @rose, @bcast, @bcast]}, &(0x7f00000002c0)=0x48)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
syz_init_net_socket$llc(0x1a, 0x3, 0x0) (async)
ioctl$DRM_IOCTL_MODE_CURSOR2(0xffffffffffffffff, 0xc02464bb, &(0x7f0000000000)={0x6, 0x1205, 0x6, 0x5, 0x8, 0x43ac, 0x3ff, 0x8000}) (async)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/ipc\x00') (async)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x248}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x44, 0x1402, 0x800, 0x70bd2e, 0x25dfdbfb, "", [@RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x44}}, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x400000, 0x0) (async)
accept$ax25(r2, &(0x7f0000000240)={{0x3, @rose}, [@null, @rose, @netrom, @bcast, @rose, @bcast, @bcast]}, &(0x7f00000002c0)=0x48) (async)

06:27:59 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x89e9, &(0x7f0000000000))
write$vhost_msg(r0, 0x0, 0x0)

06:27:59 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000100), 0x240800000, 0x585040)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$MON_IOCQ_URB_LEN(r0, 0x9201)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080), 0x2}}, 0x20)
ioctl$MON_IOCG_STATS(r0, 0x80089203, &(0x7f0000000000))

06:27:59 executing program 3:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x200, 0x70bd28, 0x25dfdbff, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x10)

06:27:59 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000100), 0x240800000, 0x585040) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$MON_IOCQ_URB_LEN(r0, 0x9201)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080), 0x2}}, 0x20) (async)
ioctl$MON_IOCG_STATS(r0, 0x80089203, &(0x7f0000000000))

06:27:59 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x781000, 0x0)
ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0x857a7)

06:27:59 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:27:59 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x8000000)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)

06:28:00 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
landlock_restrict_self(0xffffffffffffffff, 0x0)

06:28:00 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000100), 0x240800000, 0x585040)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$MON_IOCQ_URB_LEN(r0, 0x9201)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080), 0x2}}, 0x20)
ioctl$MON_IOCG_STATS(r0, 0x80089203, &(0x7f0000000000))
syz_open_dev$usbmon(&(0x7f0000000100), 0x240800000, 0x585040) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$MON_IOCQ_URB_LEN(r0, 0x9201) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080), 0x2}}, 0x20) (async)
ioctl$MON_IOCG_STATS(r0, 0x80089203, &(0x7f0000000000)) (async)

06:28:00 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x89e9, &(0x7f0000000000)) (async, rerun: 64)
write$vhost_msg(r0, 0x0, 0x0) (rerun: 64)

06:28:00 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async, rerun: 32)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x781000, 0x0) (rerun: 32)
ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0x857a7)

06:28:00 executing program 2:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r1, 0x4008af00, &(0x7f0000000080)=0x8000000)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)

06:28:00 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:00 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000040)={<r0=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000080)={<r1=>0x0})
r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0), 0x20000, 0x0)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r2, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000240)={0x150, 0x0, 0x10, 0x70bd2b, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x8}, {0x6, 0x11, 0x626c}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x62b1}, {0x6, 0x11, 0x6}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}, {0x6}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x7ff}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}, {0x6, 0x11, 0x16}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0x81}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x4}}]}, 0x150}, 0x1, 0x0, 0x0, 0x40040}, 0x24004071)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)={<r3=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(0xffffffffffffffff, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[0x0, 0x0, r0, r1, 0x0, r3, 0x0], &(0x7f0000000140)=[0x5c4, 0x0, 0x8], 0x7})

06:28:00 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x89e9, &(0x7f0000000000))
write$vhost_msg(r0, 0x0, 0x0)

06:28:00 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000040)={<r0=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000080)={<r1=>0x0}) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0), 0x20000, 0x0)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r2, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000240)={0x150, 0x0, 0x10, 0x70bd2b, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x8}, {0x6, 0x11, 0x626c}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x62b1}, {0x6, 0x11, 0x6}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}, {0x6}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x7ff}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}, {0x6, 0x11, 0x16}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0x81}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x4}}]}, 0x150}, 0x1, 0x0, 0x0, 0x40040}, 0x24004071)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)={<r3=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(0xffffffffffffffff, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[0x0, 0x0, r0, r1, 0x0, r3, 0x0], &(0x7f0000000140)=[0x5c4, 0x0, 0x8], 0x7})

06:28:00 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000040)={<r0=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000080)={<r1=>0x0})
r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0), 0x20000, 0x0)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r2, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000240)={0x150, 0x0, 0x10, 0x70bd2b, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x8}, {0x6, 0x11, 0x626c}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x62b1}, {0x6, 0x11, 0x6}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}, {0x6}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x7ff}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}, {0x6, 0x11, 0x16}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0x81}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x4}}]}, 0x150}, 0x1, 0x0, 0x0, 0x40040}, 0x24004071)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)={<r3=>0x0})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(0xffffffffffffffff, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[0x0, 0x0, r0, r1, 0x0, r3, 0x0], &(0x7f0000000140)=[0x5c4, 0x0, 0x8], 0x7})
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000040)) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f0000000080)) (async)
openat$zero(0xffffffffffffff9c, &(0x7f00000001c0), 0x20000, 0x0) (async)
sendmsg$DEVLINK_CMD_SB_POOL_GET(r2, &(0x7f0000000400)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000240)={0x150, 0x0, 0x10, 0x70bd2b, 0x25dfdbff, {}, [{@pci={{0x8}, {0x11}}, {0x8}, {0x6, 0x11, 0x626c}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x62b1}, {0x6, 0x11, 0x6}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}, {0x6}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x7ff}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}, {0x6, 0x11, 0x16}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x2}, {0x6, 0x11, 0x81}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9}, {0x6, 0x11, 0x4}}]}, 0x150}, 0x1, 0x0, 0x0, 0x40040}, 0x24004071) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000000c0)) (async)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(0xffffffffffffffff, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[0x0, 0x0, r0, r1, 0x0, r3, 0x0], &(0x7f0000000140)=[0x5c4, 0x0, 0x8], 0x7}) (async)

06:28:00 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
landlock_restrict_self(0xffffffffffffffff, 0x0)

06:28:00 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x8000000)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1)

06:28:00 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r1, 0xc01064c2, &(0x7f0000000080)={<r3=>0x0, 0x1, r1})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f00000000c0)={<r4=>0x0, 0x0, r1})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[0x0, 0x0, 0x0, r3, r4, 0x0], &(0x7f0000000140)=[0x9, 0x7, 0x7, 0x1000, 0x10000, 0xc569, 0x2, 0x1], 0x6})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r1, 0xc01064c1, &(0x7f0000000000))

06:28:00 executing program 4:
ioctl$MON_IOCX_GETX(0xffffffffffffffff, 0x4018920a, &(0x7f0000000100)={&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000080)=""/101, 0x65})
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x400, 0x2520c3)
ioctl$MON_IOCH_MFLUSH(r0, 0x9208, 0xffffffffffffffff)

06:28:00 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)

06:28:01 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x781000, 0x0)
ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0x857a7)

06:28:01 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
landlock_restrict_self(0xffffffffffffffff, 0x0)

06:28:01 executing program 4:
ioctl$MON_IOCX_GETX(0xffffffffffffffff, 0x4018920a, &(0x7f0000000100)={&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000080)=""/101, 0x65}) (async)
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x400, 0x2520c3)
ioctl$MON_IOCH_MFLUSH(r0, 0x9208, 0xffffffffffffffff)

06:28:01 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000080)=0x8000000)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r0)

06:28:01 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async, rerun: 32)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (rerun: 32)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r1, 0xc01064c2, &(0x7f0000000080)={<r3=>0x0, 0x1, r1}) (async, rerun: 64)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f00000000c0)={<r4=>0x0, 0x0, r1}) (rerun: 64)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[0x0, 0x0, 0x0, r3, r4, 0x0], &(0x7f0000000140)=[0x9, 0x7, 0x7, 0x1000, 0x10000, 0xc569, 0x2, 0x1], 0x6})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r1, 0xc01064c1, &(0x7f0000000000))

06:28:01 executing program 1:
accept4$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast}, &(0x7f0000000040)=0x10, 0x800)
connect$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, 0x0, 0x3, {0x1, 0x78}, 0xfd}, 0x18)

06:28:01 executing program 4:
ioctl$MON_IOCX_GETX(0xffffffffffffffff, 0x4018920a, &(0x7f0000000100)={&(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000080)=""/101, 0x65})
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x400, 0x2520c3)
ioctl$MON_IOCH_MFLUSH(r0, 0x9208, 0xffffffffffffffff)

06:28:01 executing program 1:
accept4$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast}, &(0x7f0000000040)=0x10, 0x800) (async)
connect$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, 0x0, 0x3, {0x1, 0x78}, 0xfd}, 0x18)

06:28:01 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000080)=0x8000000)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r0)

06:28:01 executing program 4:
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000000080)=ANY=[@ANYBLOB="100000000214040000000000000000003a16fbcf4460be926a7bf328ae4195bd287b60ddeab97d35322845b6d914b7d4084ef490d05e077ee548dc608cba5625fae2448f4ee85ad179"], 0x10}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040))
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

06:28:01 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r1, 0xc01064c2, &(0x7f0000000080)={<r3=>0x0, 0x1, r1})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f00000000c0)={<r4=>0x0, 0x0, r1})
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[0x0, 0x0, 0x0, r3, r4, 0x0], &(0x7f0000000140)=[0x9, 0x7, 0x7, 0x1000, 0x10000, 0xc569, 0x2, 0x1], 0x6})
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r1, 0xc01064c1, &(0x7f0000000000))
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r1, 0xc01064c2, &(0x7f0000000080)={0x0, 0x1, r1}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r1, 0xc01064c2, &(0x7f00000000c0)={0x0, 0x0, r1}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_TIMELINE_SIGNAL(r2, 0xc01864cd, &(0x7f0000000180)={&(0x7f0000000100)=[0x0, 0x0, 0x0, r3, r4, 0x0], &(0x7f0000000140)=[0x9, 0x7, 0x7, 0x1000, 0x10000, 0xc569, 0x2, 0x1], 0x6}) (async)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(r1, 0xc01064c1, &(0x7f0000000000)) (async)

06:28:01 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:28:01 executing program 3:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x400, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:01 executing program 1:
accept4$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast}, &(0x7f0000000040)=0x10, 0x800)
connect$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, 0x0, 0x3, {0x1, 0x78}, 0xfd}, 0x18)
accept4$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @multicast}, &(0x7f0000000040)=0x10, 0x800) (async)
connect$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, 0x0, 0x3, {0x1, 0x78}, 0xfd}, 0x18) (async)

06:28:01 executing program 4:
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000000080)=ANY=[@ANYBLOB="100000000214040000000000000000003a16fbcf4460be926a7bf328ae4195bd287b60ddeab97d35322845b6d914b7d4084ef490d05e077ee548dc608cba5625fae2448f4ee85ad179"], 0x10}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)) (async, rerun: 32)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (rerun: 32)

06:28:01 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000000)=0x1)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x4a00, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r1, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f00000000c0)={0x4004, r1}, 0x0)

06:28:01 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000080)=0x8000000)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r0)

06:28:01 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000180)=0x10, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
accept$phonet_pipe(r2, 0x0, &(0x7f0000000140)=0x5)
r3 = syz_open_dev$sg(&(0x7f00000000c0), 0x9, 0x10000)
ioctl$SCSI_IOCTL_GET_IDLUN(r3, 0x5382, &(0x7f0000000100))
write$vhost_msg(r0, 0x0, 0x0)

06:28:02 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000)) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)

06:28:02 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async, rerun: 64)
ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000000)=0x1) (async, rerun: 64)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x4a00, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r1, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0) (async)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f00000000c0)={0x4004, r1}, 0x0)

06:28:02 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x8000000)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1)

06:28:02 executing program 3:
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x400, 0x0) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x400, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:02 executing program 4:
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000000080)=ANY=[@ANYBLOB="100000000214040000000000000000003a16fbcf4460be926a7bf328ae4195bd287b60ddeab97d35322845b6d914b7d4084ef490d05e077ee548dc608cba5625fae2448f4ee85ad179"], 0x10}}, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000040)) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

06:28:02 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000180)=0x10, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
accept$phonet_pipe(r2, 0x0, &(0x7f0000000140)=0x5) (async)
accept$phonet_pipe(r2, 0x0, &(0x7f0000000140)=0x5)
r3 = syz_open_dev$sg(&(0x7f00000000c0), 0x9, 0x10000)
ioctl$SCSI_IOCTL_GET_IDLUN(r3, 0x5382, &(0x7f0000000100))
write$vhost_msg(r0, 0x0, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0)

06:28:02 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000)) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:28:02 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x8000000)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1)

06:28:02 executing program 4:
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x20, 0x140d, 0x1401, 0x70bd26, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004050}, 0x24000080)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000002c0), 0x101920, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0xb0, 0x1403, 0x20, 0x70bd28, 0x25dfdbff, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wlan0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'virt_wifi0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'pimreg\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'ip6gre0\x00'}}]}, 0xb0}}, 0x4000014)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000540), 0x40001, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), r1)
sendmsg$NL80211_CMD_JOIN_OCB(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x78, r3, 0x1, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x4e}}}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x1}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x34}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x40}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x9d50}]}, 0x78}, 0x1, 0x0, 0x0, 0x2000c010}, 0x4085)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x511040, 0x0)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="500000000714020027bd7000fcdbdf2508004400", @ANYRES32, @ANYBLOB="09000200590614019454bdb93c2b73797a32000000000500", @ANYRES32=r4, @ANYBLOB="08000100020000000900020073797a31000000000800010002000000"], 0x50}, 0x1, 0x0, 0x0, 0x20000090}, 0x8010)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
socketpair(0x2, 0x5, 0x7, &(0x7f0000000480)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCAX25CTLCON(r5, 0x89e8, &(0x7f00000004c0)={@null, @bcast, @null, 0x8, 0x1, 0x4, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})

06:28:02 executing program 3:
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x400, 0x0) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x400, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:02 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000180)=0x10, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r2 = socket$phonet_pipe(0x23, 0x5, 0x2)
accept$phonet_pipe(r2, 0x0, &(0x7f0000000140)=0x5)
r3 = syz_open_dev$sg(&(0x7f00000000c0), 0x9, 0x10000)
ioctl$SCSI_IOCTL_GET_IDLUN(r3, 0x5382, &(0x7f0000000100))
write$vhost_msg(r0, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000180)=0x10, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
socket$phonet_pipe(0x23, 0x5, 0x2) (async)
accept$phonet_pipe(r2, 0x0, &(0x7f0000000140)=0x5) (async)
syz_open_dev$sg(&(0x7f00000000c0), 0x9, 0x10000) (async)
ioctl$SCSI_IOCTL_GET_IDLUN(r3, 0x5382, &(0x7f0000000100)) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)

06:28:02 executing program 0:
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000225bd7000fbdbdf252d00000005002e0001000000f8000600ffff0000"], 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'wpan1\x00', <r0=>0x0})
sendmsg$IEEE802154_LLSEC_DEL_DEV(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x30, 0x0, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r0}]}, 0x30}, 0x1, 0x0, 0x0, 0x4082}, 0x10000001)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000440)={0x1, {&(0x7f0000000300)=""/118, 0x76, &(0x7f0000000380)=""/129, 0xd5a4fbaf2a0a2d52, 0x3}}, 0x48)
socketpair(0x26, 0x5, 0xffff0001, &(0x7f00000001c0)={<r2=>0xffffffffffffffff})
sendmsg$RDMA_NLDEV_CMD_DELLINK(r2, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x28, 0x1404, 0x200, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x28}}, 0x440c0)

06:28:02 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x8000000)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1)

06:28:03 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000000)=0x1)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x4a00, 0x0)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r1, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f00000000c0)={0x4004, r1}, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000000)=0x1) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x4a00, 0x0) (async)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
sendmsg$RDMA_NLDEV_CMD_SET(r1, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0) (async)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f00000000c0)={0x4004, r1}, 0x0) (async)

06:28:03 executing program 3:
syz_open_dev$usbmon(&(0x7f0000000640), 0x0, 0x0)
ioctl$IMHOLD_L1(0xffffffffffffffff, 0x80044948, &(0x7f0000000000))
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:03 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
write$smackfs_logging(r1, &(0x7f0000000000)=0x2, 0x14)

06:28:03 executing program 4:
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x20, 0x140d, 0x1401, 0x70bd26, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004050}, 0x24000080) (async)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000002c0), 0x101920, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0xb0, 0x1403, 0x20, 0x70bd28, 0x25dfdbff, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wlan0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'virt_wifi0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'pimreg\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'ip6gre0\x00'}}]}, 0xb0}}, 0x4000014) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000540), 0x40001, 0x0) (async)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), r1)
sendmsg$NL80211_CMD_JOIN_OCB(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x78, r3, 0x1, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x4e}}}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x1}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x34}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x40}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x9d50}]}, 0x78}, 0x1, 0x0, 0x0, 0x2000c010}, 0x4085) (async)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x511040, 0x0)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="500000000714020027bd7000fcdbdf2508004400", @ANYRES32, @ANYBLOB="09000200590614019454bdb93c2b73797a32000000000500", @ANYRES32=r4, @ANYBLOB="08000100020000000900020073797a31000000000800010002000000"], 0x50}, 0x1, 0x0, 0x0, 0x20000090}, 0x8010) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
socketpair(0x2, 0x5, 0x7, &(0x7f0000000480)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCAX25CTLCON(r5, 0x89e8, &(0x7f00000004c0)={@null, @bcast, @null, 0x8, 0x1, 0x4, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})

06:28:03 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x8000000)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1)

06:28:03 executing program 0:
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000225bd7000fbdbdf252d00000005002e0001000000f8000600ffff0000"], 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x0) (async)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000225bd7000fbdbdf252d00000005002e0001000000f8000600ffff0000"], 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'wpan1\x00', <r0=>0x0})
sendmsg$IEEE802154_LLSEC_DEL_DEV(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x30, 0x0, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r0}]}, 0x30}, 0x1, 0x0, 0x0, 0x4082}, 0x10000001)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000440)={0x1, {&(0x7f0000000300)=""/118, 0x76, &(0x7f0000000380)=""/129, 0xd5a4fbaf2a0a2d52, 0x3}}, 0x48)
socketpair(0x26, 0x5, 0xffff0001, &(0x7f00000001c0)={<r2=>0xffffffffffffffff})
sendmsg$RDMA_NLDEV_CMD_DELLINK(r2, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x28, 0x1404, 0x200, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x28}}, 0x440c0) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r2, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x28, 0x1404, 0x200, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x28}}, 0x440c0)

06:28:04 executing program 0:
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000225bd7000fbdbdf252d00000005002e0001000000f8000600ffff0000"], 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'wpan1\x00', <r0=>0x0})
sendmsg$IEEE802154_LLSEC_DEL_DEV(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x30, 0x0, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r0}]}, 0x30}, 0x1, 0x0, 0x0, 0x4082}, 0x10000001)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000440)={0x1, {&(0x7f0000000300)=""/118, 0x76, &(0x7f0000000380)=""/129, 0xd5a4fbaf2a0a2d52, 0x3}}, 0x48)
socketpair(0x26, 0x5, 0xffff0001, &(0x7f00000001c0)={<r2=>0xffffffffffffffff})
sendmsg$RDMA_NLDEV_CMD_DELLINK(r2, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x28, 0x1404, 0x200, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x28}}, 0x440c0)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000225bd7000fbdbdf252d00000005002e0001000000f8000600ffff0000"], 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'wpan1\x00'}) (async)
sendmsg$IEEE802154_LLSEC_DEL_DEV(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x30, 0x0, 0x100, 0x70bd2d, 0x25dfdbfc, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r0}]}, 0x30}, 0x1, 0x0, 0x0, 0x4082}, 0x10000001) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000440)={0x1, {&(0x7f0000000300)=""/118, 0x76, &(0x7f0000000380)=""/129, 0xd5a4fbaf2a0a2d52, 0x3}}, 0x48) (async)
socketpair(0x26, 0x5, 0xffff0001, &(0x7f00000001c0)) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r2, &(0x7f00000002c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x28, 0x1404, 0x200, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x28}}, 0x440c0) (async)

06:28:04 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
write$smackfs_logging(r1, &(0x7f0000000000)=0x2, 0x14)

06:28:04 executing program 3:
syz_open_dev$usbmon(&(0x7f0000000640), 0x0, 0x0) (async)
ioctl$IMHOLD_L1(0xffffffffffffffff, 0x80044948, &(0x7f0000000000)) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:04 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
ioctl$DRM_IOCTL_CONTROL(r0, 0x40086414, &(0x7f0000000080)={0x0, 0x20000008})

06:28:04 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x8000000)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1)

06:28:04 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
write$smackfs_logging(r1, &(0x7f0000000000)=0x2, 0x14)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
write$smackfs_logging(r1, &(0x7f0000000000)=0x2, 0x14) (async)

06:28:04 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x8000000)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1)

06:28:04 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:28:04 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
ioctl$DRM_IOCTL_CONTROL(r0, 0x40086414, &(0x7f0000000080)={0x0, 0x20000008})
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000)) (async)
ioctl$DRM_IOCTL_CONTROL(r0, 0x40086414, &(0x7f0000000080)={0x0, 0x20000008}) (async)

06:28:04 executing program 4:
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r0, &(0x7f0000000280)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x20, 0x140d, 0x1401, 0x70bd26, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}]}, 0x20}, 0x1, 0x0, 0x0, 0x4004050}, 0x24000080) (async)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f00000002c0), 0x101920, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0xb0, 0x1403, 0x20, 0x70bd28, 0x25dfdbff, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'wlan0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'virt_wifi0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'pimreg\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'ip6gre0\x00'}}]}, 0xb0}}, 0x4000014) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000540), 0x40001, 0x0) (async)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), r1)
sendmsg$NL80211_CMD_JOIN_OCB(r2, &(0x7f00000006c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000600)={0x78, r3, 0x1, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x2, 0x4e}}}}, [@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x1}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x34}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x5}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x40}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x9d50}]}, 0x78}, 0x1, 0x0, 0x0, 0x2000c010}, 0x4085) (async)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x511040, 0x0)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r0, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="500000000714020027bd7000fcdbdf2508004400", @ANYRES32, @ANYBLOB="09000200590614019454bdb93c2b73797a32000000000500", @ANYRES32=r4, @ANYBLOB="08000100020000000900020073797a31000000000800010002000000"], 0x50}, 0x1, 0x0, 0x0, 0x20000090}, 0x8010) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
socketpair(0x2, 0x5, 0x7, &(0x7f0000000480)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$SIOCAX25CTLCON(r5, 0x89e8, &(0x7f00000004c0)={@null, @bcast, @null, 0x8, 0x1, 0x4, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}]})

06:28:04 executing program 3:
syz_open_dev$usbmon(&(0x7f0000000640), 0x0, 0x0)
ioctl$IMHOLD_L1(0xffffffffffffffff, 0x80044948, &(0x7f0000000000))
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_open_dev$usbmon(&(0x7f0000000640), 0x0, 0x0) (async)
ioctl$IMHOLD_L1(0xffffffffffffffff, 0x80044948, &(0x7f0000000000)) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)

06:28:04 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x8000000)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1)

06:28:04 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0xe9f068e96f877b44, 0x0)
write$vhost_msg(r0, 0x0, 0x1f)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:04 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:28:04 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x8000000)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1)

06:28:04 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x8000000)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1)

06:28:04 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(0xffffffffffffffff, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
ioctl$DRM_IOCTL_CONTROL(r0, 0x40086414, &(0x7f0000000080)={0x0, 0x20000008})

06:28:05 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
mmap$usbmon(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x8, 0x10, r0, 0xfff)

06:28:05 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000080)=0x8000000)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r0)

06:28:05 executing program 3:
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x30, 0xfa00, {&(0x7f0000000000), 0x0, {0xa, 0x4e20, 0x0, @empty, 0x8}}}, 0x38)
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000000c0), 0x300041, 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000140)={&(0x7f0000000100)=[0x0, 0xffff, 0x7fffffff, 0x0, 0x1, 0x1b2d3bed, 0x1, 0x6, 0x7ff, 0x1], 0xa, 0xfffffffa, 0x0, 0x0, 0x8000, 0x8, 0x3, {0x3ff, 0xa1, 0x7, 0x4, 0x6b0, 0x7ff, 0xe69, 0x30bc, 0x2, 0x2, 0x6, 0x2, 0x2, 0x200, "8617db80c09bcd9329c1309802bc2a6be2cbb5f0aac066405484c2412a1e6680"}})
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:05 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
mmap$usbmon(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x8, 0x10, r0, 0xfff)

06:28:05 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:28:05 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0xe9f068e96f877b44, 0x0)
write$vhost_msg(r0, 0x0, 0x1f)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0xe9f068e96f877b44, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x1f) (async)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)

06:28:05 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$usbmon(0xffffffffffffffff, &(0x7f0000000140)=""/129, 0x81)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0xc2, 0x0)
getsockopt$SO_J1939_PROMISC(r0, 0x6b, 0x2, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x10000, 0x100000000})

06:28:05 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
mmap$usbmon(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x8, 0x10, r0, 0xfff)

06:28:05 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000080)=0x8000000)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r0)

06:28:05 executing program 3:
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x30, 0xfa00, {&(0x7f0000000000), 0x0, {0xa, 0x4e20, 0x0, @empty, 0x8}}}, 0x38) (async, rerun: 64)
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000000c0), 0x300041, 0x0) (rerun: 64)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000140)={&(0x7f0000000100)=[0x0, 0xffff, 0x7fffffff, 0x0, 0x1, 0x1b2d3bed, 0x1, 0x6, 0x7ff, 0x1], 0xa, 0xfffffffa, 0x0, 0x0, 0x8000, 0x8, 0x3, {0x3ff, 0xa1, 0x7, 0x4, 0x6b0, 0x7ff, 0xe69, 0x30bc, 0x2, 0x2, 0x6, 0x2, 0x2, 0x200, "8617db80c09bcd9329c1309802bc2a6be2cbb5f0aac066405484c2412a1e6680"}}) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:05 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000100)=0x1)
r1 = syz_open_dev$usbmon(&(0x7f0000000000), 0xae97, 0x40)
syz_open_dev$usbmon(&(0x7f0000000640), 0x0, 0x0)
syz_open_dev$usbmon(&(0x7f0000000ac0), 0x0, 0x0)
ioctl$MON_IOCX_GETX(r1, 0x4018920a, &(0x7f00000000c0)={&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000280)=""/192, 0xfffffffffffffe1f})

06:28:05 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
socket$phonet_pipe(0x23, 0x5, 0x2)

06:28:05 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0xe9f068e96f877b44, 0x0)
write$vhost_msg(r0, 0x0, 0x1f)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0xe9f068e96f877b44, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x1f) (async)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)

06:28:05 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$usbmon(0xffffffffffffffff, &(0x7f0000000140)=""/129, 0x81) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0xc2, 0x0)
getsockopt$SO_J1939_PROMISC(r0, 0x6b, 0x2, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x10000, 0x100000000})

06:28:05 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, &(0x7f0000000080)=0x8000000)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r0)

06:28:05 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
socket$phonet_pipe(0x23, 0x5, 0x2)

06:28:05 executing program 3:
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x30, 0xfa00, {&(0x7f0000000000), 0x0, {0xa, 0x4e20, 0x0, @empty, 0x8}}}, 0x38)
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000000c0), 0x300041, 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000140)={&(0x7f0000000100)=[0x0, 0xffff, 0x7fffffff, 0x0, 0x1, 0x1b2d3bed, 0x1, 0x6, 0x7ff, 0x1], 0xa, 0xfffffffa, 0x0, 0x0, 0x8000, 0x8, 0x3, {0x3ff, 0xa1, 0x7, 0x4, 0x6b0, 0x7ff, 0xe69, 0x30bc, 0x2, 0x2, 0x6, 0x2, 0x2, 0x200, "8617db80c09bcd9329c1309802bc2a6be2cbb5f0aac066405484c2412a1e6680"}})
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x30, 0xfa00, {&(0x7f0000000000), 0x0, {0xa, 0x4e20, 0x0, @empty, 0x8}}}, 0x38) (async)
openat$drirender128(0xffffffffffffff9c, &(0x7f00000000c0), 0x300041, 0x0) (async)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000140)={&(0x7f0000000100)=[0x0, 0xffff, 0x7fffffff, 0x0, 0x1, 0x1b2d3bed, 0x1, 0x6, 0x7ff, 0x1], 0xa, 0xfffffffa, 0x0, 0x0, 0x8000, 0x8, 0x3, {0x3ff, 0xa1, 0x7, 0x4, 0x6b0, 0x7ff, 0xe69, 0x30bc, 0x2, 0x2, 0x6, 0x2, 0x2, 0x200, "8617db80c09bcd9329c1309802bc2a6be2cbb5f0aac066405484c2412a1e6680"}}) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)

06:28:05 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000100)=0x1) (async)
r1 = syz_open_dev$usbmon(&(0x7f0000000000), 0xae97, 0x40)
syz_open_dev$usbmon(&(0x7f0000000640), 0x0, 0x0) (async)
syz_open_dev$usbmon(&(0x7f0000000ac0), 0x0, 0x0) (async)
ioctl$MON_IOCX_GETX(r1, 0x4018920a, &(0x7f00000000c0)={&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000280)=""/192, 0xfffffffffffffe1f})

06:28:05 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
read$usbmon(0xffffffffffffffff, &(0x7f0000000140)=""/129, 0x81) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0xc2, 0x0)
getsockopt$SO_J1939_PROMISC(r0, 0x6b, 0x2, &(0x7f00000000c0), &(0x7f0000000100)=0x4) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$UDMABUF_CREATE(r1, 0x40187542, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x10000, 0x100000000})

06:28:05 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
socket$phonet_pipe(0x23, 0x5, 0x2)

06:28:05 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1)

06:28:05 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x10481, 0x0)
connect$can_j1939(r1, &(0x7f0000000080)={0x1d, 0x0, 0x1, {0x2, 0x1, 0x1}, 0xfd}, 0x18)
write$vhost_msg(r0, 0x0, 0x0)

06:28:05 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
ioctl$DMA_BUF_IOCTL_SYNC(0xffffffffffffffff, 0x40086200, &(0x7f0000000100)=0x1)
r1 = syz_open_dev$usbmon(&(0x7f0000000000), 0xae97, 0x40) (async)
syz_open_dev$usbmon(&(0x7f0000000640), 0x0, 0x0) (async)
syz_open_dev$usbmon(&(0x7f0000000ac0), 0x0, 0x0)
ioctl$MON_IOCX_GETX(r1, 0x4018920a, &(0x7f00000000c0)={&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000280)=""/192, 0xfffffffffffffe1f})

06:28:05 executing program 3:
ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x5)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000040)={<r0=>0x0})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={r0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000100)={&(0x7f00000000c0)=[0x5, 0x3, 0x7, 0x3, 0x9, 0x5, 0x2, 0x1f], 0x8, 0x7fa, 0x101, 0x0, 0x5, 0xffffffa8, 0x1, {0x739, 0x0, 0x8000, 0x9, 0x100, 0x2, 0x1, 0x5, 0x5, 0x5, 0x22d8, 0x3, 0xc9ea, 0x3, "0d401dec213132fcbf816c0d330ce7849ac0e024455562378e9fc733f7926680"}})
socket$nl_rdma(0x10, 0x3, 0x14)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:06 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r0)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0xa, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000004}, 0x40d5)

06:28:06 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1)

06:28:06 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r0)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0xa, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000004}, 0x40d5)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r0) (async)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0xa, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000004}, 0x40d5) (async)

06:28:06 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x10481, 0x0)
connect$can_j1939(r1, &(0x7f0000000080)={0x1d, 0x0, 0x1, {0x2, 0x1, 0x1}, 0xfd}, 0x18)
write$vhost_msg(r0, 0x0, 0x0)

06:28:06 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x5c, 0x0, 0x200, 0x70bd29, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x30}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x18}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2a5}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x4953220b00615600}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44000}, 0x4004)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:28:06 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = accept4$ax25(0xffffffffffffffff, &(0x7f0000000080)={{0x3, @netrom}, [@netrom, @netrom, @null, @rose, @netrom]}, &(0x7f0000000100)=0x48, 0x800)
ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000140)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, 0x63, 0x7ff, 0x8, [@null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]})

06:28:06 executing program 3:
ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x5) (async)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000040)={<r0=>0x0})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={r0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000100)={&(0x7f00000000c0)=[0x5, 0x3, 0x7, 0x3, 0x9, 0x5, 0x2, 0x1f], 0x8, 0x7fa, 0x101, 0x0, 0x5, 0xffffffa8, 0x1, {0x739, 0x0, 0x8000, 0x9, 0x100, 0x2, 0x1, 0x5, 0x5, 0x5, 0x22d8, 0x3, 0xc9ea, 0x3, "0d401dec213132fcbf816c0d330ce7849ac0e024455562378e9fc733f7926680"}}) (async)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:06 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r0) (async)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0xa, 0x70bd2c, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20000004}, 0x40d5)

06:28:06 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1)

06:28:06 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x2, 0x404002)

06:28:06 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = accept4$ax25(0xffffffffffffffff, &(0x7f0000000080)={{0x3, @netrom}, [@netrom, @netrom, @null, @rose, @netrom]}, &(0x7f0000000100)=0x48, 0x800)
ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000140)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, 0x63, 0x7ff, 0x8, [@null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]})

06:28:06 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x10481, 0x0)
connect$can_j1939(r1, &(0x7f0000000080)={0x1d, 0x0, 0x1, {0x2, 0x1, 0x1}, 0xfd}, 0x18) (async)
write$vhost_msg(r0, 0x0, 0x0)

06:28:06 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x2, 0x404002)
syz_open_dev$usbmon(&(0x7f0000000000), 0x2, 0x404002) (async)

06:28:06 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x5c, 0x0, 0x200, 0x70bd29, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x30}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x18}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2a5}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x4953220b00615600}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44000}, 0x4004) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:28:06 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080))
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1)

06:28:06 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x2, 0x404002)
syz_open_dev$usbmon(&(0x7f0000000000), 0x2, 0x404002) (async)

06:28:06 executing program 3:
ioctl$MON_IOCH_MFLUSH(0xffffffffffffffff, 0x9208, 0x5) (async)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000040)={<r0=>0x0})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000080)={r0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f0000000100)={&(0x7f00000000c0)=[0x5, 0x3, 0x7, 0x3, 0x9, 0x5, 0x2, 0x1f], 0x8, 0x7fa, 0x101, 0x0, 0x5, 0xffffffa8, 0x1, {0x739, 0x0, 0x8000, 0x9, 0x100, 0x2, 0x1, 0x5, 0x5, 0x5, 0x22d8, 0x3, 0xc9ea, 0x3, "0d401dec213132fcbf816c0d330ce7849ac0e024455562378e9fc733f7926680"}}) (async)
socket$nl_rdma(0x10, 0x3, 0x14) (async, rerun: 64)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (rerun: 64)

06:28:06 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x153180)

06:28:06 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = accept4$ax25(0xffffffffffffffff, &(0x7f0000000080)={{0x3, @netrom}, [@netrom, @netrom, @null, @rose, @netrom]}, &(0x7f0000000100)=0x48, 0x800)
ioctl$SIOCAX25CTLCON(r0, 0x89e8, &(0x7f0000000140)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, 0x63, 0x7ff, 0x8, [@null, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default]})

06:28:06 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

06:28:06 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080))
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1)

06:28:06 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x153180)

06:28:06 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x5c, 0x0, 0x200, 0x70bd29, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x30}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x18}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2a5}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x4953220b00615600}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x44000}, 0x4004) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:28:06 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x153180)

06:28:06 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080))
r1 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1)

06:28:06 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x1}}, 0x48)

06:28:07 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)

06:28:07 executing program 4:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$IMHOLD_L1(r0, 0x80044948, &(0x7f0000000040)=0x7)
syz_open_dev$usbmon(&(0x7f0000000000), 0x9, 0x14102)

06:28:08 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:08 executing program 4:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$IMHOLD_L1(r0, 0x80044948, &(0x7f0000000040)=0x7) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x9, 0x14102)

06:28:08 executing program 1:
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000000))
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:08 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x1}}, 0x48)

06:28:08 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080))
r1 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r1)

06:28:08 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0)

06:28:08 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080))
r1 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, r1)

06:28:08 executing program 4:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$IMHOLD_L1(r0, 0x80044948, &(0x7f0000000040)=0x7) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x9, 0x14102)

06:28:08 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x1}}, 0x48)

06:28:08 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4)
write$vhost_msg(0xffffffffffffffff, 0x0, 0x49)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:08 executing program 1:
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000000))
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:08 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000040), 0x80000000000000, 0x1a3f42)

06:28:08 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:08 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080))
r1 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, r1)

06:28:08 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000040), 0x80000000000000, 0x1a3f42)

06:28:08 executing program 0:
getresuid(&(0x7f00000000c0), &(0x7f0000000080), &(0x7f0000000200))
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000100), 0x80800, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f00000001c0))
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:28:08 executing program 1:
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000000))
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:08 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000040), 0x80000000000000, 0x1a3f42)

06:28:08 executing program 4:
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4)
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4)
ioctl$SG_GET_RESERVED_SIZE(0xffffffffffffffff, 0x2272, &(0x7f0000000200))
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5387, &(0x7f0000000400))
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$MON_IOCX_GET(r0, 0x40189206, &(0x7f0000000280)={&(0x7f0000000180), &(0x7f00000002c0)=""/153, 0x99})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f00000001c0))
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$usbmon(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2000010, 0x80010, r2, 0x100000000)
r3 = syz_open_dev$sg(&(0x7f0000000100), 0x34, 0x24140)
r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$PTP_PIN_SETFUNC2(r4, 0x40603d10, &(0x7f0000000480)={'\x00', 0x8000, 0x1, 0xf690})
ioctl$SG_GET_KEEP_ORPHAN(r3, 0x2288, &(0x7f0000000140))
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000380)={0x0, 0x80000, <r5=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r5, 0xc01064c2, &(0x7f00000003c0)={0x0, 0x1, r2})

06:28:08 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080))
r1 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, r1)

06:28:08 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4) (async)
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4)
write$vhost_msg(0xffffffffffffffff, 0x0, 0x49)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:08 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)

06:28:08 executing program 0:
getresuid(&(0x7f00000000c0), &(0x7f0000000080), &(0x7f0000000200)) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r1 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000100), 0x80800, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f00000001c0))
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:28:08 executing program 1:
sendto$isdn(0xffffffffffffffff, &(0x7f0000000000)={0xca, 0x3, "0c57bcd6ddfe87876d781d055ceb0200410893224e6b75ab07568d2f14f17b2250b9"}, 0x2a, 0x20000040, &(0x7f0000000080)={0x22, 0xbd, 0x4, 0x1f, 0x6}, 0x6)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:08 executing program 4:
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4) (async)
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4) (async)
ioctl$SG_GET_RESERVED_SIZE(0xffffffffffffffff, 0x2272, &(0x7f0000000200))
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5387, &(0x7f0000000400))
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
ioctl$MON_IOCX_GET(r0, 0x40189206, &(0x7f0000000280)={&(0x7f0000000180), &(0x7f00000002c0)=""/153, 0x99}) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f00000001c0)) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$usbmon(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2000010, 0x80010, r2, 0x100000000) (async, rerun: 64)
r3 = syz_open_dev$sg(&(0x7f0000000100), 0x34, 0x24140) (rerun: 64)
r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$PTP_PIN_SETFUNC2(r4, 0x40603d10, &(0x7f0000000480)={'\x00', 0x8000, 0x1, 0xf690}) (async)
ioctl$SG_GET_KEEP_ORPHAN(r3, 0x2288, &(0x7f0000000140)) (async, rerun: 64)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000380)={0x0, 0x80000, <r5=>0xffffffffffffffff}) (rerun: 64)
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r5, 0xc01064c2, &(0x7f00000003c0)={0x0, 0x1, r2})

06:28:08 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080))
openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)

06:28:08 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4)
write$vhost_msg(0xffffffffffffffff, 0x0, 0x49) (async)
write$vhost_msg(0xffffffffffffffff, 0x0, 0x49)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:08 executing program 3:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
read$smackfs_logging(r0, &(0x7f0000000300), 0x14)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000002c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x15, 0x1, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x2, 0xfa0c912f4ef4e434, 0xb, 0x100}], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:09 executing program 4:
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4)
ioctl$SCSI_IOCTL_SYNC(0xffffffffffffffff, 0x4) (async)
ioctl$SG_GET_RESERVED_SIZE(0xffffffffffffffff, 0x2272, &(0x7f0000000200))
openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5387, &(0x7f0000000400)) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
ioctl$MON_IOCX_GET(r0, 0x40189206, &(0x7f0000000280)={&(0x7f0000000180), &(0x7f00000002c0)=""/153, 0x99}) (async)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000080)={0x0, 0x80000, <r1=>0xffffffffffffffff})
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f00000001c0)) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
mmap$usbmon(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2000010, 0x80010, r2, 0x100000000)
r3 = syz_open_dev$sg(&(0x7f0000000100), 0x34, 0x24140) (async)
r4 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$PTP_PIN_SETFUNC2(r4, 0x40603d10, &(0x7f0000000480)={'\x00', 0x8000, 0x1, 0xf690}) (async)
ioctl$SG_GET_KEEP_ORPHAN(r3, 0x2288, &(0x7f0000000140))
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000380)={0x0, 0x80000, <r5=>0xffffffffffffffff})
ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r5, 0xc01064c2, &(0x7f00000003c0)={0x0, 0x1, r2})

06:28:09 executing program 0:
getresuid(&(0x7f00000000c0), &(0x7f0000000080), &(0x7f0000000200))
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000100), 0x80800, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f00000001c0)) (async)
ioctl$DRM_IOCTL_GEM_FLINK(r1, 0xc008640a, &(0x7f00000001c0))
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:28:09 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080))
openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)

06:28:09 executing program 1:
sendto$isdn(0xffffffffffffffff, &(0x7f0000000000)={0xca, 0x3, "0c57bcd6ddfe87876d781d055ceb0200410893224e6b75ab07568d2f14f17b2250b9"}, 0x2a, 0x20000040, &(0x7f0000000080)={0x22, 0xbd, 0x4, 0x1f, 0x6}, 0x6) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:09 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x200000000000, 0x4101)

06:28:09 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_DELLINK(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f00000000c0)={0x18, 0x1404, 0x210, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x90}, 0x20008004)

06:28:09 executing program 3:
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
read$smackfs_logging(r0, &(0x7f0000000300), 0x14)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000002c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x15, 0x1, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x2, 0xfa0c912f4ef4e434, 0xb, 0x100}], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x15, 0x1, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x2, 0xfa0c912f4ef4e434, 0xb, 0x100}], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:09 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r1)
sendmsg$IEEE802154_LLSEC_LIST_DEV(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0x4, 0x70bd29, 0x25dfdbfb, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x1}}, 0x48)

06:28:09 executing program 2:
openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080))
openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)

06:28:09 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_DELLINK(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f00000000c0)={0x18, 0x1404, 0x210, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x90}, 0x20008004)

06:28:09 executing program 1:
sendto$isdn(0xffffffffffffffff, &(0x7f0000000000)={0xca, 0x3, "0c57bcd6ddfe87876d781d055ceb0200410893224e6b75ab07568d2f14f17b2250b9"}, 0x2a, 0x20000040, &(0x7f0000000080)={0x22, 0xbd, 0x4, 0x1f, 0x6}, 0x6)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:09 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async, rerun: 32)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 32)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r1) (async)
sendmsg$IEEE802154_LLSEC_LIST_DEV(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0x4, 0x70bd29, 0x25dfdbfb, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x1}}, 0x48)

06:28:09 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x200000000000, 0x4101)

06:28:09 executing program 3:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
read$smackfs_logging(r0, &(0x7f0000000300), 0x14) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000002c0)) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x15, 0x1, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x2, 0xfa0c912f4ef4e434, 0xb, 0x100}], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:09 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
read$smackfs_logging(r0, &(0x7f0000000300), 0x14)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000002c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x15, 0x1, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x2, 0xfa0c912f4ef4e434, 0xb, 0x100}], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:09 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x200000000000, 0x4101)

06:28:09 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000080)={&(0x7f00000000c0)={0x18, 0x1404, 0x210, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x90}, 0x20008004)

06:28:09 executing program 3:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x106, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000100)={0x10, 0x30, 0xfa00, {&(0x7f0000000000), 0x3, {0xa, 0x4e21, 0x7, @dev={0xfe, 0x80, '\x00', 0x2a}, 0x3}, r0}}, 0x38)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x40000, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180), 0x1, {0xa, 0x4e28, 0xbd63, @loopback, 0x31}, r0}}, 0x38)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000200))

06:28:09 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r1) (async)
sendmsg$IEEE802154_LLSEC_LIST_DEV(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0x4, 0x70bd29, 0x25dfdbfb, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x0, 0x1}}, 0x48)

06:28:09 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x501400, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0)
ioctl$IMCTRLREQ(0xffffffffffffffff, 0x80044945, &(0x7f0000000000)={0x4007, 0x7fff, 0x9, 0x2ac27})

06:28:09 executing program 4:
pselect6(0x40, &(0x7f0000000280)={0xd1, 0x56b5, 0x6b, 0x33, 0x1, 0x2, 0xb7}, &(0x7f00000002c0)={0x1, 0x3fc0000000, 0x9, 0x3, 0xb3d1, 0x5, 0x20, 0x3}, &(0x7f0000000300)={0x1ff, 0x41, 0x2, 0xdc, 0x1, 0x9, 0x2, 0x2}, &(0x7f0000000340), &(0x7f00000003c0)={&(0x7f0000000380)={[0x81]}, 0x8})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x0, 0x10, 0x70bd2d, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0x49}}}}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40084}, 0x20000800)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x30}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x4c, r1, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x65}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x92}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8080}, 0x4810)

06:28:09 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
read$smackfs_logging(r0, &(0x7f0000000300), 0x14)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000002c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x15, 0x1, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x2, 0xfa0c912f4ef4e434, 0xb, 0x100}], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:09 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x8000)
write$vhost_msg(r0, 0x0, 0x0)

06:28:09 executing program 3:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080), 0x106, 0x4}}, 0x20) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x106, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000100)={0x10, 0x30, 0xfa00, {&(0x7f0000000000), 0x3, {0xa, 0x4e21, 0x7, @dev={0xfe, 0x80, '\x00', 0x2a}, 0x3}, r0}}, 0x38)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x40000, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x40000, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180), 0x1, {0xa, 0x4e28, 0xbd63, @loopback, 0x31}, r0}}, 0x38)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000200))

06:28:09 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000080)=0x10)

06:28:09 executing program 4:
pselect6(0x40, &(0x7f0000000280)={0xd1, 0x56b5, 0x6b, 0x33, 0x1, 0x2, 0xb7}, &(0x7f00000002c0)={0x1, 0x3fc0000000, 0x9, 0x3, 0xb3d1, 0x5, 0x20, 0x3}, &(0x7f0000000300)={0x1ff, 0x41, 0x2, 0xdc, 0x1, 0x9, 0x2, 0x2}, &(0x7f0000000340), &(0x7f00000003c0)={&(0x7f0000000380)={[0x81]}, 0x8})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x0, 0x10, 0x70bd2d, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0x49}}}}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40084}, 0x20000800) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x30}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x4c, r1, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x65}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x92}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8080}, 0x4810)

06:28:10 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x501400, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0) (async)
ioctl$IMCTRLREQ(0xffffffffffffffff, 0x80044945, &(0x7f0000000000)={0x4007, 0x7fff, 0x9, 0x2ac27})

06:28:10 executing program 4:
pselect6(0x40, &(0x7f0000000280)={0xd1, 0x56b5, 0x6b, 0x33, 0x1, 0x2, 0xb7}, &(0x7f00000002c0)={0x1, 0x3fc0000000, 0x9, 0x3, 0xb3d1, 0x5, 0x20, 0x3}, &(0x7f0000000300)={0x1ff, 0x41, 0x2, 0xdc, 0x1, 0x9, 0x2, 0x2}, &(0x7f0000000340), &(0x7f00000003c0)={&(0x7f0000000380)={[0x81]}, 0x8})
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_GET_SURVEY(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x28, 0x0, 0x10, 0x70bd2d, 0x25dfdbfd, {{}, {@val={0x8}, @val={0xc, 0x99, {0x0, 0x49}}}}, ["", "", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x40084}, 0x20000800) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x30}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x4c, r1, 0x400, 0x70bd25, 0x25dfdbfc, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x8}, @BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x8}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x65}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x92}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8080}, 0x4810)

06:28:10 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x8000)
write$vhost_msg(r0, 0x0, 0x0)

06:28:10 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
read$smackfs_logging(r0, &(0x7f0000000300), 0x14)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000002c0))
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x15, 0x1, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x2, 0xfa0c912f4ef4e434, 0xb, 0x100}], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:10 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x100000000000000, 0x107142)
syz_open_dev$usbmon(&(0x7f0000000080), 0x5, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$MON_IOCX_GETX(r1, 0x4018920a, &(0x7f0000000300)={&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000280)=""/67, 0x43})
openat$drirender128(0xffffffffffffff9c, &(0x7f00000003c0), 0x4040, 0x0)
ioctl$MON_IOCH_MFLUSH(r1, 0x9208, 0x91)
syz_open_dev$usbmon(&(0x7f00000000c0), 0x80000000, 0xc6000)
ioctl$MON_IOCX_GETX(r0, 0x4018920a, &(0x7f0000000100)={&(0x7f0000000040), &(0x7f0000000340)=""/107, 0x6b})
ioctl$MON_IOCG_STATS(0xffffffffffffffff, 0x80089203, &(0x7f0000000180))
r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0), 0x5c341, 0x0)
ioctl$UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f0000000580)=ANY=[@ANYBLOB="927d569ba609dcfe441b0c5659c63cbaffaffc47d9fb1e6e44503d30a23516c1bd367e222ac34b28aa86174e3220ae6c6bc2d36d27847d2aa328dff221f51a92b5439c8e5dd0d9bba450d5690fd86974acc3ac83813c160ed3ca", @ANYRES32=r2, @ANYBLOB="00000000006000010100000000e0ffffffffffff", @ANYRES32=r1, @ANYBLOB="00fbff0000000000010000000000000001000000"])
openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x10400, 0x0)
r3 = syz_open_dev$usbmon(&(0x7f0000000400), 0x7, 0x0)
ioctl$MON_IOCX_GET(r3, 0x40189206, &(0x7f0000000540)={&(0x7f0000000440), &(0x7f0000000480)=""/168, 0xa8})

06:28:10 executing program 3:
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, &(0x7f0000000080)={<r0=>0xffffffffffffffff}, 0x106, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000100)={0x10, 0x30, 0xfa00, {&(0x7f0000000000), 0x3, {0xa, 0x4e21, 0x7, @dev={0xfe, 0x80, '\x00', 0x2a}, 0x3}, r0}}, 0x38) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x40000, 0x0)
write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r1, &(0x7f00000001c0)={0x10, 0x30, 0xfa00, {&(0x7f0000000180), 0x1, {0xa, 0x4e28, 0xbd63, @loopback, 0x31}, r0}}, 0x38) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000200))

06:28:10 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000080)=0x10)

06:28:10 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x501400, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async, rerun: 32)
ioctl$SG_SCSI_RESET(r0, 0x2284, 0x0) (rerun: 32)
ioctl$IMCTRLREQ(0xffffffffffffffff, 0x80044945, &(0x7f0000000000)={0x4007, 0x7fff, 0x9, 0x2ac27})

06:28:10 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x8000)
write$vhost_msg(r0, 0x0, 0x0)

06:28:10 executing program 3:
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x200, 0x70bd27, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x0, 0x6f}}}}, ["", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x10)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r1)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r1, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="20002bbd7000fddbdf2528000000060006000300000006000400ffff00000a0001007770616e3000000006000400a3aa0000020006000100000006000600000000000c0005000201aaaaaaaaaaaa0600060000000000"], 0x5c}, 0x1, 0x0, 0x0, 0x40}, 0x40)

06:28:10 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
read$smackfs_logging(r0, &(0x7f0000000300), 0x14)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x15, 0x1, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x2, 0xfa0c912f4ef4e434, 0xb, 0x100}], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:10 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:10 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
getsockname$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast}, &(0x7f0000000080)=0x10)

06:28:10 executing program 3:
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x200, 0x70bd27, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x0, 0x6f}}}}, ["", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x10)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r1)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r1, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="20002bbd7000fddbdf2528000000060006000300000006000400ffff00000a0001007770616e3000000006000400a3aa0000020006000100000006000600000000000c0005000201aaaaaaaaaaaa0600060000000000"], 0x5c}, 0x1, 0x0, 0x0, 0x40}, 0x40)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x200, 0x70bd27, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x0, 0x6f}}}}, ["", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x10) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r1) (async)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), 0xffffffffffffffff) (async)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r1, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="20002bbd7000fddbdf2528000000060006000300000006000400ffff00000a0001007770616e3000000006000400a3aa0000020006000100000006000600000000000c0005000201aaaaaaaaaaaa0600060000000000"], 0x5c}, 0x1, 0x0, 0x0, 0x40}, 0x40) (async)

06:28:10 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$IEEE802154_START_REQ(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfb, {}, [@IEEE802154_ATTR_PAN_COORD={0x5, 0x19, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4040800)
write$vhost_msg(r0, 0x0, 0x0)

06:28:10 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
read$smackfs_logging(r0, &(0x7f0000000300), 0x14)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x15, 0x1, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x2, 0xfa0c912f4ef4e434, 0xb, 0x100}], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:11 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x100000000000000, 0x107142) (async)
syz_open_dev$usbmon(&(0x7f0000000080), 0x5, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$MON_IOCX_GETX(r1, 0x4018920a, &(0x7f0000000300)={&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000280)=""/67, 0x43})
openat$drirender128(0xffffffffffffff9c, &(0x7f00000003c0), 0x4040, 0x0)
ioctl$MON_IOCH_MFLUSH(r1, 0x9208, 0x91) (async)
syz_open_dev$usbmon(&(0x7f00000000c0), 0x80000000, 0xc6000)
ioctl$MON_IOCX_GETX(r0, 0x4018920a, &(0x7f0000000100)={&(0x7f0000000040), &(0x7f0000000340)=""/107, 0x6b})
ioctl$MON_IOCG_STATS(0xffffffffffffffff, 0x80089203, &(0x7f0000000180)) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0), 0x5c341, 0x0)
ioctl$UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f0000000580)=ANY=[@ANYBLOB="927d569ba609dcfe441b0c5659c63cbaffaffc47d9fb1e6e44503d30a23516c1bd367e222ac34b28aa86174e3220ae6c6bc2d36d27847d2aa328dff221f51a92b5439c8e5dd0d9bba450d5690fd86974acc3ac83813c160ed3ca", @ANYRES32=r2, @ANYBLOB="00000000006000010100000000e0ffffffffffff", @ANYRES32=r1, @ANYBLOB="00fbff0000000000010000000000000001000000"])
openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x10400, 0x0) (async)
r3 = syz_open_dev$usbmon(&(0x7f0000000400), 0x7, 0x0)
ioctl$MON_IOCX_GET(r3, 0x40189206, &(0x7f0000000540)={&(0x7f0000000440), &(0x7f0000000480)=""/168, 0xa8})

06:28:11 executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000080)={&(0x7f0000000000)=[0x0, 0x0, 0x0], 0x3, 0x8})
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:28:11 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)

06:28:11 executing program 3:
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), 0xffffffffffffffff)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x20, 0x0, 0x200, 0x70bd27, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x0, 0x6f}}}}, ["", "", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x4000000}, 0x10) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r1) (async)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_DEL_KEY(r1, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="20002bbd7000fddbdf2528000000060006000300000006000400ffff00000a0001007770616e3000000006000400a3aa0000020006000100000006000600000000000c0005000201aaaaaaaaaaaa0600060000000000"], 0x5c}, 0x1, 0x0, 0x0, 0x40}, 0x40)

06:28:11 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$IEEE802154_START_REQ(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfb, {}, [@IEEE802154_ATTR_PAN_COORD={0x5, 0x19, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4040800)
write$vhost_msg(r0, 0x0, 0x0)

06:28:11 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
read$smackfs_logging(r0, &(0x7f0000000300), 0x14)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x15, 0x1, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x2, 0xfa0c912f4ef4e434, 0xb, 0x100}], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:11 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
syz_clone(0x8000, &(0x7f0000000080)="d999581dcaa926ecffeaad49083ad146a36c322b44de3a41fc9b8775b98025c94eb11cf6c1c5914717d5fa46c7ececceaacc30f249950909837d96ccd313322192fa2e55f52758a4512dac1da0b3fc102eaf61e5ce252120e3991016bddcd15e1c42b6e78843b5fc76b6f2659f12f81a59e1d31cb206f55ad14213afb1e0795100ce3b4d240f9c1ec9bacd83160f24db428ec5b73d06128928b5195182afe534dfbe5448f08128cc3b6b9dd7d2866766b193146ea2a32d9452b1b9d1e7973ddeb8880e99bccc55d62466cf1be33c6666b5ada0", 0xd3, &(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0)="0c7339c50f586a7a867acecbdf22446646cb53e75cdfaa70b944d2ddd3b7092e10d6cec41a08980a78d9889a94d2b265171433cf66fa68aa28cc326faa00a37a67ffafd8e5a6a6cfcf3a0df1cfc24c24e91ecedb131f57cfb80b570890723dfe7337964f75d3e21f4af01b7302835286f6facb84be304bcd591c271925541940b0bf15f5092e911d85306a31bbc3182385462c0d4298089604212b62eeb0a5af7ed020cc562026b0813f758ade3534f952f9fec0d306d6")

06:28:11 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
read$smackfs_logging(r0, &(0x7f0000000300), 0x14)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x15, 0x1, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x2, 0xfa0c912f4ef4e434, 0xb, 0x100}], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:11 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$IEEE802154_START_REQ(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfb, {}, [@IEEE802154_ATTR_PAN_COORD={0x5, 0x19, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4040800) (async)
write$vhost_msg(r0, 0x0, 0x0)

06:28:11 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:11 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x15, 0x1, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x2, 0xfa0c912f4ef4e434, 0xb, 0x100}], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:11 executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000080)={&(0x7f0000000000)=[0x0, 0x0, 0x0], 0x3, 0x8})
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:28:12 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x100000000000000, 0x107142) (async)
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x100000000000000, 0x107142)
syz_open_dev$usbmon(&(0x7f0000000080), 0x5, 0x0) (async)
syz_open_dev$usbmon(&(0x7f0000000080), 0x5, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$MON_IOCX_GETX(r1, 0x4018920a, &(0x7f0000000300)={&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000280)=""/67, 0x43})
openat$drirender128(0xffffffffffffff9c, &(0x7f00000003c0), 0x4040, 0x0) (async)
openat$drirender128(0xffffffffffffff9c, &(0x7f00000003c0), 0x4040, 0x0)
ioctl$MON_IOCH_MFLUSH(r1, 0x9208, 0x91)
syz_open_dev$usbmon(&(0x7f00000000c0), 0x80000000, 0xc6000)
ioctl$MON_IOCX_GETX(r0, 0x4018920a, &(0x7f0000000100)={&(0x7f0000000040), &(0x7f0000000340)=""/107, 0x6b})
ioctl$MON_IOCG_STATS(0xffffffffffffffff, 0x80089203, &(0x7f0000000180))
r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000001c0), 0x5c341, 0x0)
ioctl$UDMABUF_CREATE_LIST(r1, 0x40087543, &(0x7f0000000580)=ANY=[@ANYBLOB="927d569ba609dcfe441b0c5659c63cbaffaffc47d9fb1e6e44503d30a23516c1bd367e222ac34b28aa86174e3220ae6c6bc2d36d27847d2aa328dff221f51a92b5439c8e5dd0d9bba450d5690fd86974acc3ac83813c160ed3ca", @ANYRES32=r2, @ANYBLOB="00000000006000010100000000e0ffffffffffff", @ANYRES32=r1, @ANYBLOB="00fbff0000000000010000000000000001000000"])
openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x10400, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000140), 0x10400, 0x0)
r3 = syz_open_dev$usbmon(&(0x7f0000000400), 0x7, 0x0)
ioctl$MON_IOCX_GET(r3, 0x40189206, &(0x7f0000000540)={&(0x7f0000000440), &(0x7f0000000480)=""/168, 0xa8})

06:28:12 executing program 1:
r0 = accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x10, 0x0)
getsockopt$PNPIPE_HANDLE(r0, 0x113, 0x3, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:12 executing program 2:
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x15, 0x1, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x2, 0xfa0c912f4ef4e434, 0xb, 0x100}], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:12 executing program 5:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={r0, 0x1, 0x2000, 0xfffffffff0000000})
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$vhost_msg(r1, 0x0, 0x0)

06:28:12 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
syz_clone(0x8000, &(0x7f0000000080)="d999581dcaa926ecffeaad49083ad146a36c322b44de3a41fc9b8775b98025c94eb11cf6c1c5914717d5fa46c7ececceaacc30f249950909837d96ccd313322192fa2e55f52758a4512dac1da0b3fc102eaf61e5ce252120e3991016bddcd15e1c42b6e78843b5fc76b6f2659f12f81a59e1d31cb206f55ad14213afb1e0795100ce3b4d240f9c1ec9bacd83160f24db428ec5b73d06128928b5195182afe534dfbe5448f08128cc3b6b9dd7d2866766b193146ea2a32d9452b1b9d1e7973ddeb8880e99bccc55d62466cf1be33c6666b5ada0", 0xd3, &(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0)="0c7339c50f586a7a867acecbdf22446646cb53e75cdfaa70b944d2ddd3b7092e10d6cec41a08980a78d9889a94d2b265171433cf66fa68aa28cc326faa00a37a67ffafd8e5a6a6cfcf3a0df1cfc24c24e91ecedb131f57cfb80b570890723dfe7337964f75d3e21f4af01b7302835286f6facb84be304bcd591c271925541940b0bf15f5092e911d85306a31bbc3182385462c0d4298089604212b62eeb0a5af7ed020cc562026b0813f758ade3534f952f9fec0d306d6")

06:28:12 executing program 0:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000080)={&(0x7f0000000000)=[0x0, 0x0, 0x0], 0x3, 0x8})
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:28:12 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x15, 0x1, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x2, 0xfa0c912f4ef4e434, 0xb, 0x100}], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:12 executing program 5:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={r0, 0x1, 0x2000, 0xfffffffff0000000})
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$vhost_msg(r1, 0x0, 0x0)

06:28:12 executing program 2:
bpf$PROG_LOAD(0x5, 0x0, 0x0)

06:28:12 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
write$vhost_msg(r0, &(0x7f0000000100)={0x1, {0x0, 0x0, 0x0, 0x1, 0x3}}, 0x48)

06:28:12 executing program 1:
r0 = accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x10, 0x0)
getsockopt$PNPIPE_HANDLE(r0, 0x113, 0x3, &(0x7f00000000c0), &(0x7f0000000100)=0x4) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:12 executing program 2:
bpf$PROG_LOAD(0x5, 0x0, 0x0)

06:28:13 executing program 2:
bpf$PROG_LOAD(0x5, 0x0, 0x0)

06:28:13 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x5, 0x4100)
ioctl$MON_IOCH_MFLUSH(r0, 0x9208, 0x6)
syz_open_dev$usbmon(&(0x7f0000000040), 0xce6e, 0x4000)

06:28:13 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
syz_clone(0x8000, &(0x7f0000000080)="d999581dcaa926ecffeaad49083ad146a36c322b44de3a41fc9b8775b98025c94eb11cf6c1c5914717d5fa46c7ececceaacc30f249950909837d96ccd313322192fa2e55f52758a4512dac1da0b3fc102eaf61e5ce252120e3991016bddcd15e1c42b6e78843b5fc76b6f2659f12f81a59e1d31cb206f55ad14213afb1e0795100ce3b4d240f9c1ec9bacd83160f24db428ec5b73d06128928b5195182afe534dfbe5448f08128cc3b6b9dd7d2866766b193146ea2a32d9452b1b9d1e7973ddeb8880e99bccc55d62466cf1be33c6666b5ada0", 0xd3, &(0x7f0000000000), &(0x7f0000000180), &(0x7f00000001c0)="0c7339c50f586a7a867acecbdf22446646cb53e75cdfaa70b944d2ddd3b7092e10d6cec41a08980a78d9889a94d2b265171433cf66fa68aa28cc326faa00a37a67ffafd8e5a6a6cfcf3a0df1cfc24c24e91ecedb131f57cfb80b570890723dfe7337964f75d3e21f4af01b7302835286f6facb84be304bcd591c271925541940b0bf15f5092e911d85306a31bbc3182385462c0d4298089604212b62eeb0a5af7ed020cc562026b0813f758ade3534f952f9fec0d306d6")

06:28:13 executing program 5:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={r0, 0x1, 0x2000, 0xfffffffff0000000})
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
write$vhost_msg(r1, 0x0, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={r0, 0x1, 0x2000, 0xfffffffff0000000}) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
write$vhost_msg(r1, 0x0, 0x0) (async)

06:28:13 executing program 1:
r0 = accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x10, 0x0)
getsockopt$PNPIPE_HANDLE(r0, 0x113, 0x3, &(0x7f00000000c0), &(0x7f0000000100)=0x4) (async)
getsockopt$PNPIPE_HANDLE(r0, 0x113, 0x3, &(0x7f00000000c0), &(0x7f0000000100)=0x4)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:13 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
write$vhost_msg(r0, &(0x7f0000000100)={0x1, {0x0, 0x0, 0x0, 0x1, 0x3}}, 0x48)

06:28:13 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x1, &(0x7f0000000000)=@raw=[@alu={0x4, 0x1, 0x2, 0xfa0c912f4ef4e434, 0xb, 0x100}], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:13 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000000)={0x2000}, 0x8, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000080)={0x10, r0}, 0x0)
write$vhost_msg(0xffffffffffffffff, 0x0, 0x0)

06:28:13 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x5, 0x4100)
ioctl$MON_IOCH_MFLUSH(r0, 0x9208, 0x6) (async)
syz_open_dev$usbmon(&(0x7f0000000040), 0xce6e, 0x4000)

06:28:13 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000)) (async)
write$vhost_msg(r0, &(0x7f0000000100)={0x1, {0x0, 0x0, 0x0, 0x1, 0x3}}, 0x48)

06:28:13 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:13 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)

06:28:13 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x5, 0x4100)
ioctl$MON_IOCH_MFLUSH(r0, 0x9208, 0x6) (async)
syz_open_dev$usbmon(&(0x7f0000000040), 0xce6e, 0x4000)

06:28:13 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r1 = landlock_create_ruleset(&(0x7f0000000000)={0x2000}, 0x8, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000080)={0x10, r0}, 0x0) (async, rerun: 64)
write$vhost_msg(0xffffffffffffffff, 0x0, 0x0) (rerun: 64)

06:28:13 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:13 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$IEEE802154_START_REQ(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x14}, 0x14}}, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x440, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x58, 0x1409, 0x1, 0x70bd2b, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x58}, 0x1, 0x0, 0x0, 0x840}, 0x890)

06:28:13 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:13 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:28:13 executing program 4:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r0)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan4\x00', <r2=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x50, r1, 0x300, 0x70bd29, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x2}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x24000090}, 0x48005)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000380)={'wpan3\x00', <r3=>0x0})
sendmsg$IEEE802154_LLSEC_GETPARAMS(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r1, 0x2, 0x70bd25, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}]}, 0x1c}}, 0x40)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r4)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r0)
sendmsg$IEEE802154_LLSEC_GETPARAMS(r4, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, r5, 0x800, 0x70bd26, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400}, 0x840)

06:28:13 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)

06:28:13 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:13 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000000)={0x2000}, 0x8, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000080)={0x10, r0}, 0x0) (async)
write$vhost_msg(0xffffffffffffffff, 0x0, 0x0)

06:28:13 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:14 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:28:14 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)

06:28:14 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:14 executing program 5:
r0 = syz_clone(0x4040200, &(0x7f0000000080)="add6ab0db0af1045650b9eedaa277d4e69c2ae57a4a620c9b98ee316d401f78b5de143a87f9b0c3f4bc429f0ab9c04ecb4f14caa504c457a1b2d17fe2a758600724f1cdb2b8b4a72", 0x48, &(0x7f0000000000), &(0x7f0000000100), &(0x7f0000000140)="1f3b8153db11e34e17fbe6449f436b2ec366830c3842618daa01fafb1acf2559eef229b92e3490883b8919f4ca84526004840b41ea03f993123c61860ae78354894614ce496af1ac1b338cc8b88de3c2c1d85e002296174fd5dba7e29ab3df1262279719d21794aefe379004fde37897ac9ba87d3b33d665ed8f563229ae60ccc49d317e924f7a96cb8278375df49bc701264d62d1862061ffce2afd2c75accbde8f2c72b4c3dc8f6b9457e87e46753839c286cf1275f846f0dc9ebb1198d57adaf6b088f1baeb3b3caebc4839d22a907c8f4e4adbe9d403dbd40526fb566cda99c3d0a6306e2dd49407b1338d840b3af489a6a8548c99bd8e6b53d36f72370c81c4a6cadebcf0c9542bba1d10912594f5f00be44439721a6417d01b367b20e861d52f66ebf5be917f9f3a89c4aac1681617ed0f1d1f84cde79c439f179a0546e2077dc1ddfb46b4cab26df3942a1aa4347729a63076829ffc0db29bd901e285ef9e92d8f40db28c05882c06de040a1b52ac66c632e37ac3eed2cc18e8fea4a470a63192d954375e7eca519884b5c1f0e031ea7cdaa72c7fcb28c9a547cc13c97d57706dd2bbd90d4762d294c01264013c7df902ba00ba42a92636f318867b0205653da17348366ef1e11dac46286e6f12f5b1a7a074b66f48bddba144e42177aecdd769003b54c15bcb5a1710c3d8e99354ebb622da46b3120a8d613dcb5787d78fad6833d2d0f6bb543e92d8a9ceb54fe96abf138c929bd605dbca62759dc482a0178933adfb217208bef1e5ef0a03ff35d626f148d6013afe3b47c8106eeb59c2b4f2fcd111d17837e8891a33c81d440c7d04c1504b638ff53db7657bc33adfb6cb04b714c4999ae25152df442fa5eb72aaca1a569a5d8dff8347d6045df80d7b6694fac36bb54d08c7979d3a5fa8287be71c95d2e8499ae0515c7f07094b37f4ff34e7cb5347b258f082332a8ed4a2dc579304ea0aafe8ee446d47a024c729d496cc1a4eaeb879392b33d7911e289daee278d54aad24fd4714475aa7f5320c437343f71b0b82f2c1f43995dfab229dfb2fa8f0219d548f85c9868cbc8fb779c0c7a07aff69b2486af20ca7b20491495d5ec0dd2c19c0d25910502bad24a8abff715b79ffc8cf49924e149c8d061a53d1eaf27208b1d6f5772fb94751caa3c7d0dc06951f1c6a09eb32c8cbd34b6375006a097e958fa03dcb0b58fb513f4ae1ebd75bc0b1199f8f4a134d498b10b82aeb9b0f3d2a2f28b16bfe87cdff2d917a1ad895bfd8e81afdc88848f1986c7310fb8a84b47f90535290a7df32a38141b0a53dc518dc86b2fc07d4e6869aab3dc2609b30aa696a505465f4c98415b07e7235b44ba0b677103715f5237151bb7674909ac9af94119d8b465213327b358ecece40bccd0da92cef4fe098fc1b98d563f7c04eeb239ad7aabb673c05a8a929790d690264ca2ee4b762198998f1becc3473c381a0354112d87f5d0b9222b509f687ffd208149a0aa2ef055778991d379e5ca711d0306f108c253492f8bd04b4e72a3beb2ec7c90ca14f8e3f7d203b5ef8b386ffe0dbd32f75974c6f94235b22f322689edb4e8b4af57c5ee302c9068e334caaeae7534defa46a1475c3e74f92594174cebd394ca1316f5ce376d7032cc65141cadd96da2218380f51596083c635c4ed8656c551088b3b19c112fac0c54d2daaff15633f16a839bf396149d48bf48e6553456f020532a5b7d30eb4ba9bf01dffcea13b14050fbb5ccb27ce4ac9f1da24958c1b4a5ea553deef4e91245d0ab5ead68fb657430c41ab5f9f0566cfca632ba8193f6a4d2f9b3e9a67947d4b05d1a16ded6f7917d3fccf6129bcb8e7a0cb3fddd04feebb4b04b2349db04b52b8d900d51db6399852b6365ffe6dcb297b129f9f2ddcb261d1815ec971a3e0a1b017d32b0ccb1b59926bd51bfb0cd7b51fbf5301fe4a8e1b9968a3f32298b4a47f51e246caf50f5da305cc89902772b28ea4a824eab0229682f27eb102c901a3644334e6d76f0f42196029a435417bcbfca357d6eafa00e30e4b01db25a4c4f8c6a0ce6c1be5658ed3969315135244a2b124896bb02e03ce60bb8708c57102ff768f9ea37e7497b470302d85d33b4535b6c9b2bfa78a5511cd98034e6394415ac57c5ed8151d6e9cef4d321092cfd2d503487a03b21669534be02732fa4b4329306593d611848fbfb32465c2af1712f080ba1c4124647fb12cc91f40b2e4332c773a95ef72e2ec7a029e18e5b0d23f1921f895cde2c6e228e7324f337b96432e213c608bc2c8b35d1d38bd63721bcc5aae191a38f63ab0d3bbabf46e0cb9d80b28e240f4363f5c679af7743516d7a1aa2b7f24eb5b6500b14da95c4522ae5e110e36b6785459c0aebbb685776f067de9cd9f2e62aea17bb192a8a0a6c4709f737e83a338b2be2a767a5bba95fe80c6b71b2f3eaabaa72f5a0b317996de1ae078ee5b0f71befd1da73975314aef15045b41eb5e5bdcca16c923cd13a45dd6670c86f894905581ad6e4adde95caee75a771fb202b59e6626f9d8090f440b53952002ae479066f22c128d0a1a887ccfd737b895b8d945148ac1656af773766ab3020e8089be7c38698e6d8994460ffcae25079cd0220bbd4192cde08d6676d52f4acf0ccf25843a0aef699392ef38e2650e914ce47aca2d15e3f85bd324f7f066d22b4f8707a76f5184cf8b0c1e2ac5a179d768c0114325fba86b4d2c11e6622a59832c5441a194fd536884085ab3edd8da23aed5e35407ba922f1a80f61a4fa72e00a1cb3a2ecafa0d1d68c39cb39b26be33d284a18240dac3df1d4fdd2db2254609fe76099fca05d360d8bb0abd51cc6f1c967ff921e194a09ab7273313f1b8689f75d135cbec0d302a4d7148e5d8a263afdece7f8b5665bbb94bb90f0173e02117ed1f1e9a04f5fa8f6c1e239650f546448b19f8be69c18dcd1513e0f97fce4dc65639374eddc8faf192f0cbaebc9f6accc0403048d24a372771d7f8da515773a16675e53f795930e0fff1203648aa3392490f823bed8e55d090c58d3b7b0c95732523f6ff59edc8075d1e823b09e1e78c4891ac6c26217e4deeccbf035df119b46c5833f3309ffd478333dde3257b4c5219f9370884bde585b8b784f1f71cf916843997ab0864d8cbed7df311e7aa56481ad9c175df9db6b911d6cf558ca64ea174c6bbe1dfa775bb535366b5cf5d51c52de9d26ea07b527cbc1dddb81c62dba5d20fd453e29050561f2e963a91da8608cdd880d6469e9fd8caf335b9854c20e65216813db5cddf1674e1b78fc82afc515698dac5ca5f002b0802fd3d77c8e4a254fcd8f6dc11fa03ff6003f5fdda0f3825b2160164a7ecc705364da215c82662605195b2f540941510ce86e035c87626a41b134c65723239ef44fc73cc68ace1d9da767468ff1c60eb19415c12b3c42b2cfe680a891a5233ffd095edee0cef6815070ee5d6b48e08e234dbbbb183f9b5848e63f034c26cddd4eaa9b2136f4a58213f7e711373277818a7f0675605ae45fbfe04c5c1eb5d349e1175e378b9d6a6cf228031c7636c42c62f0194f7057eb762850ae0dc8813c3e76539c8e029e17d196f8b666cf3e4d78517d1cb90f6858a7ab564db0e74c06ad61649e6e2bfdb27d408064ad154bb079b66a7d0df4480f36bf499c11779acfd66520e6ab40e34fbc86037a4ca9ebfd9e612c04e0ae7e47b214e1eb98a7cacb12a3373f4ae667a850a5a7d020f94d139394e1c264479780431dfddec17b1f9dfce20cff9c157e06445c2b618415f029e5813db4d6912ad38fbd199df35f6cd3173cb12c02b5f7a1a64644d46d3840ce524ca7f518c58d8b0a84550e02f0ddbffdfdb0f2c1324245f2a6acedc4a65a26bcef520f15c47029468a47a6b006944b83ea5e26c73ec79d469f1fd5db28af3ba53214c7ec560451e387c8ea65245b15b0e85325f8610b9ea0f95783a7fd9cf96f6c4485f432c7bfb7750780f2451799c8f0a08c8e8890d09c412616c40e640ade8c92831903907f601967ee6e7870ecdde6bbc33772ee5f4b926d579698d340050cc07dec805d361e59aced8201d1a7cf6c4cbddb0e68cb78af6a1004adbd2cbe0c06d05cf346f485d8a31c4a1ae6d9c2d6e07a1736560cb1ab21d92b9f6c86dc186af9724bda836fc1f888077428b0aa0555053154db40235d3c875f130f9cc9177c1109b3a989fcd7b65b1edbf4c121b726c941ab2bb38023ef84620c322ecce66bb44f58a4ac87b3eb6344f7c9f92afcb68ec5a0929db6ede18e36a1cc92fd18002f51f3818a6d3d2fc877804bef38be80e3b8bb4c85a264661645be14e9390ea41e3e280c63e797286adfdebb7a4819f775ccf8e849d3af5c28b834bca91447f715fcd96cf0808c8d823579d1adfbe5dada0eb66e0d71881c7454a54cad4fcdf00b439f5e54779c306b2017c501c658a94e707a982edd170013bcb04f4a093c8905bd43570076deed2af740a45a9e22aa750c5aa5c445164d502185db60803d43ee7e6f358cbbfb373350c66f32ebfcff063a558b9719634c3521e371b721d61a35b3afac8d650538d52f29de22400056b6f7716c0a3fa4a7e7546bff985603898b10e92b6ec18df2a0ff71aa3f10c9d607d9cd5ee908b3156f894511af7a58a18d1ff084224ad07bd4ed9374e3dfae3412d5499537d0a2018cf0b85eae2bd0a3a9b94636470a07627907237e12d6e9f16550806e0f1a8484fd012a0578699a191d4a4d122ec41b460c2f4c703093727ece54b476b38fa06258aad4b586e010bdc720130851853a7281a8bfbafd85a2f3e86c5f3e0f4ddf2fe868cd11347e1aeead81482a4f93e4a80258c44a084aa9c9078e5e13f3419ce5b1296b5b72e730a5c3789cca15ddacf4abd8a262a9474bf07b615cbe812f1952cddc2406644fbc7adb86979ba9e0b650ce37039b41237e83e5342c7b153cdf153d72ec569c2e56e0b3ba4e65e1d2e2b0e1f23b35b26f368da0c166e5dd19e3572e405bf886477bc35843b440bebaf13b2ce3b205cbb4cf6dd2e1fb40a77f7757daf7fd304e0b4bbf4dd68ed3920f870d1068f579705542a9f544e4f9c67ae98bc47549523af942ae40bdf52cf5b2f5e7c9e4db1320651028eecddcdad91cb5a97cbdfbef6d589391c0b1e63ed3e0af68d9e8f6b3ee45610476727c98bab5fb40c83fcd98f40c29c1320078c315967639ffb72437594e6580bb9669820deef01d5037157d6e5041cfb5e0fb4ea47fdf2f1b3b0b195768b20ab479e69a4badfa215951154fb2773747441abfb1362d5f8472e5a135dcbcf90afb462eb678c0e0ca0d8e865d947dbc7441289b2ce1e429fa1c8e2746e4bed8cbed0e6002baf81032e277ddabc5efb324fc0006f3a1d85126a7e4af9ee4834671fdaddf4b6a2207366d10657927a1cf0521829e78b5acb85c86f4c61f704e5202b6bf32891336a76e518c588dcf83eeddcade6053bb446d9a7b362f886304df4a780e1cee35a8d865710f067a8d8916ad48ef41ff15b9889a971022dfcf1b9ca6670a571e1f75e23c59923794efcee91abdbca8c3a2c2286457fbade07fedfd9f11b26e77ddaa2b634b29bc9c90f36782caf8b898561934fc3cacb74600d0cf00247a67aede44e227c9ffe091f96826793ac782382f86207bca090c12d5656b1fb39348ceff154d47fd3ff6e5a3e7ab968c33707e5a5d68e322d1d89e984e46c4029f4c9e7e8ed9db2377e99a2e25649c4489d875e057eccc1b84da76e301e03e8658ce8812bb2b2ef2cbfb03ee90fe22088549892")
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r2)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000011c0), r2)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r5, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r1, &(0x7f0000001280)={&(0x7f0000001180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001300)={&(0x7f0000001380)=ANY=[@ANYRES16=r5, @ANYRES16=r4, @ANYRES16=0x0, @ANYRES32=r0, @ANYRES8=r3, @ANYRES64=r4], 0x40}, 0x1, 0x0, 0x0, 0x801}, 0x20004081)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r6)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000012c0), r6)
syz_open_procfs$namespace(r0, &(0x7f0000001140)='ns/user\x00')
r7 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001240), r6)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r8, &(0x7f00000014c0)={&(0x7f0000001200)={0x10, 0x0, 0x0, 0x608a020a}, 0xc, &(0x7f0000001480)={&(0x7f0000001400)={0x48, r9, 0x2, 0x70bd29, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x2}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0xffffe927}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x84}, 0x4000000)
write$vhost_msg(r7, 0x0, 0x0)

06:28:14 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$IEEE802154_START_REQ(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x14}, 0x14}}, 0x0) (async)
sendmsg$IEEE802154_START_REQ(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x14}, 0x14}}, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x440, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x58, 0x1409, 0x1, 0x70bd2b, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x58}, 0x1, 0x0, 0x0, 0x840}, 0x890)

06:28:14 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x1, &(0x7f0000000000)=@raw=[@alu={0x0, 0x1, 0x2, 0xfa0c912f4ef4e434, 0xb, 0x100}], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:14 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async, rerun: 32)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (rerun: 32)

06:28:14 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SIOCAX25CTLCON(0xffffffffffffffff, 0x89e8, &(0x7f0000000080)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, 0xa, 0x7, 0x8, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast]})
ioctl$IMCLEAR_L2(0xffffffffffffffff, 0x80044946, &(0x7f0000000000)=0x8)

06:28:14 executing program 4:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r0)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan4\x00', <r2=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x50, r1, 0x300, 0x70bd29, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x2}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x24000090}, 0x48005)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000380)={'wpan3\x00', <r3=>0x0})
sendmsg$IEEE802154_LLSEC_GETPARAMS(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r1, 0x2, 0x70bd25, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}]}, 0x1c}}, 0x40)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r4)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r0)
sendmsg$IEEE802154_LLSEC_GETPARAMS(r4, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, r5, 0x800, 0x70bd26, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400}, 0x840)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r0) (async)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan4\x00'}) (async)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x50, r1, 0x300, 0x70bd29, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x2}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x24000090}, 0x48005) (async)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000380)={'wpan3\x00'}) (async)
sendmsg$IEEE802154_LLSEC_GETPARAMS(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r1, 0x2, 0x70bd25, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}]}, 0x1c}}, 0x40) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x0) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r4) (async)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r0) (async)
sendmsg$IEEE802154_LLSEC_GETPARAMS(r4, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, r5, 0x800, 0x70bd26, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400}, 0x840) (async)

06:28:14 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x1, &(0x7f0000000000)=@raw=[@alu={0x0, 0x0, 0x2, 0xfa0c912f4ef4e434, 0xb, 0x100}], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:14 executing program 5:
r0 = syz_clone(0x4040200, &(0x7f0000000080)="add6ab0db0af1045650b9eedaa277d4e69c2ae57a4a620c9b98ee316d401f78b5de143a87f9b0c3f4bc429f0ab9c04ecb4f14caa504c457a1b2d17fe2a758600724f1cdb2b8b4a72", 0x48, &(0x7f0000000000), &(0x7f0000000100), &(0x7f0000000140)="1f3b8153db11e34e17fbe6449f436b2ec366830c3842618daa01fafb1acf2559eef229b92e3490883b8919f4ca84526004840b41ea03f993123c61860ae78354894614ce496af1ac1b338cc8b88de3c2c1d85e002296174fd5dba7e29ab3df1262279719d21794aefe379004fde37897ac9ba87d3b33d665ed8f563229ae60ccc49d317e924f7a96cb8278375df49bc701264d62d1862061ffce2afd2c75accbde8f2c72b4c3dc8f6b9457e87e46753839c286cf1275f846f0dc9ebb1198d57adaf6b088f1baeb3b3caebc4839d22a907c8f4e4adbe9d403dbd40526fb566cda99c3d0a6306e2dd49407b1338d840b3af489a6a8548c99bd8e6b53d36f72370c81c4a6cadebcf0c9542bba1d10912594f5f00be44439721a6417d01b367b20e861d52f66ebf5be917f9f3a89c4aac1681617ed0f1d1f84cde79c439f179a0546e2077dc1ddfb46b4cab26df3942a1aa4347729a63076829ffc0db29bd901e285ef9e92d8f40db28c05882c06de040a1b52ac66c632e37ac3eed2cc18e8fea4a470a63192d954375e7eca519884b5c1f0e031ea7cdaa72c7fcb28c9a547cc13c97d57706dd2bbd90d4762d294c01264013c7df902ba00ba42a92636f318867b0205653da17348366ef1e11dac46286e6f12f5b1a7a074b66f48bddba144e42177aecdd769003b54c15bcb5a1710c3d8e99354ebb622da46b3120a8d613dcb5787d78fad6833d2d0f6bb543e92d8a9ceb54fe96abf138c929bd605dbca62759dc482a0178933adfb217208bef1e5ef0a03ff35d626f148d6013afe3b47c8106eeb59c2b4f2fcd111d17837e8891a33c81d440c7d04c1504b638ff53db7657bc33adfb6cb04b714c4999ae25152df442fa5eb72aaca1a569a5d8dff8347d6045df80d7b6694fac36bb54d08c7979d3a5fa8287be71c95d2e8499ae0515c7f07094b37f4ff34e7cb5347b258f082332a8ed4a2dc579304ea0aafe8ee446d47a024c729d496cc1a4eaeb879392b33d7911e289daee278d54aad24fd4714475aa7f5320c437343f71b0b82f2c1f43995dfab229dfb2fa8f0219d548f85c9868cbc8fb779c0c7a07aff69b2486af20ca7b20491495d5ec0dd2c19c0d25910502bad24a8abff715b79ffc8cf49924e149c8d061a53d1eaf27208b1d6f5772fb94751caa3c7d0dc06951f1c6a09eb32c8cbd34b6375006a097e958fa03dcb0b58fb513f4ae1ebd75bc0b1199f8f4a134d498b10b82aeb9b0f3d2a2f28b16bfe87cdff2d917a1ad895bfd8e81afdc88848f1986c7310fb8a84b47f90535290a7df32a38141b0a53dc518dc86b2fc07d4e6869aab3dc2609b30aa696a505465f4c98415b07e7235b44ba0b677103715f5237151bb7674909ac9af94119d8b465213327b358ecece40bccd0da92cef4fe098fc1b98d563f7c04eeb239ad7aabb673c05a8a929790d690264ca2ee4b762198998f1becc3473c381a0354112d87f5d0b9222b509f687ffd208149a0aa2ef055778991d379e5ca711d0306f108c253492f8bd04b4e72a3beb2ec7c90ca14f8e3f7d203b5ef8b386ffe0dbd32f75974c6f94235b22f322689edb4e8b4af57c5ee302c9068e334caaeae7534defa46a1475c3e74f92594174cebd394ca1316f5ce376d7032cc65141cadd96da2218380f51596083c635c4ed8656c551088b3b19c112fac0c54d2daaff15633f16a839bf396149d48bf48e6553456f020532a5b7d30eb4ba9bf01dffcea13b14050fbb5ccb27ce4ac9f1da24958c1b4a5ea553deef4e91245d0ab5ead68fb657430c41ab5f9f0566cfca632ba8193f6a4d2f9b3e9a67947d4b05d1a16ded6f7917d3fccf6129bcb8e7a0cb3fddd04feebb4b04b2349db04b52b8d900d51db6399852b6365ffe6dcb297b129f9f2ddcb261d1815ec971a3e0a1b017d32b0ccb1b59926bd51bfb0cd7b51fbf5301fe4a8e1b9968a3f32298b4a47f51e246caf50f5da305cc89902772b28ea4a824eab0229682f27eb102c901a3644334e6d76f0f42196029a435417bcbfca357d6eafa00e30e4b01db25a4c4f8c6a0ce6c1be5658ed3969315135244a2b124896bb02e03ce60bb8708c57102ff768f9ea37e7497b470302d85d33b4535b6c9b2bfa78a5511cd98034e6394415ac57c5ed8151d6e9cef4d321092cfd2d503487a03b21669534be02732fa4b4329306593d611848fbfb32465c2af1712f080ba1c4124647fb12cc91f40b2e4332c773a95ef72e2ec7a029e18e5b0d23f1921f895cde2c6e228e7324f337b96432e213c608bc2c8b35d1d38bd63721bcc5aae191a38f63ab0d3bbabf46e0cb9d80b28e240f4363f5c679af7743516d7a1aa2b7f24eb5b6500b14da95c4522ae5e110e36b6785459c0aebbb685776f067de9cd9f2e62aea17bb192a8a0a6c4709f737e83a338b2be2a767a5bba95fe80c6b71b2f3eaabaa72f5a0b317996de1ae078ee5b0f71befd1da73975314aef15045b41eb5e5bdcca16c923cd13a45dd6670c86f894905581ad6e4adde95caee75a771fb202b59e6626f9d8090f440b53952002ae479066f22c128d0a1a887ccfd737b895b8d945148ac1656af773766ab3020e8089be7c38698e6d8994460ffcae25079cd0220bbd4192cde08d6676d52f4acf0ccf25843a0aef699392ef38e2650e914ce47aca2d15e3f85bd324f7f066d22b4f8707a76f5184cf8b0c1e2ac5a179d768c0114325fba86b4d2c11e6622a59832c5441a194fd536884085ab3edd8da23aed5e35407ba922f1a80f61a4fa72e00a1cb3a2ecafa0d1d68c39cb39b26be33d284a18240dac3df1d4fdd2db2254609fe76099fca05d360d8bb0abd51cc6f1c967ff921e194a09ab7273313f1b8689f75d135cbec0d302a4d7148e5d8a263afdece7f8b5665bbb94bb90f0173e02117ed1f1e9a04f5fa8f6c1e239650f546448b19f8be69c18dcd1513e0f97fce4dc65639374eddc8faf192f0cbaebc9f6accc0403048d24a372771d7f8da515773a16675e53f795930e0fff1203648aa3392490f823bed8e55d090c58d3b7b0c95732523f6ff59edc8075d1e823b09e1e78c4891ac6c26217e4deeccbf035df119b46c5833f3309ffd478333dde3257b4c5219f9370884bde585b8b784f1f71cf916843997ab0864d8cbed7df311e7aa56481ad9c175df9db6b911d6cf558ca64ea174c6bbe1dfa775bb535366b5cf5d51c52de9d26ea07b527cbc1dddb81c62dba5d20fd453e29050561f2e963a91da8608cdd880d6469e9fd8caf335b9854c20e65216813db5cddf1674e1b78fc82afc515698dac5ca5f002b0802fd3d77c8e4a254fcd8f6dc11fa03ff6003f5fdda0f3825b2160164a7ecc705364da215c82662605195b2f540941510ce86e035c87626a41b134c65723239ef44fc73cc68ace1d9da767468ff1c60eb19415c12b3c42b2cfe680a891a5233ffd095edee0cef6815070ee5d6b48e08e234dbbbb183f9b5848e63f034c26cddd4eaa9b2136f4a58213f7e711373277818a7f0675605ae45fbfe04c5c1eb5d349e1175e378b9d6a6cf228031c7636c42c62f0194f7057eb762850ae0dc8813c3e76539c8e029e17d196f8b666cf3e4d78517d1cb90f6858a7ab564db0e74c06ad61649e6e2bfdb27d408064ad154bb079b66a7d0df4480f36bf499c11779acfd66520e6ab40e34fbc86037a4ca9ebfd9e612c04e0ae7e47b214e1eb98a7cacb12a3373f4ae667a850a5a7d020f94d139394e1c264479780431dfddec17b1f9dfce20cff9c157e06445c2b618415f029e5813db4d6912ad38fbd199df35f6cd3173cb12c02b5f7a1a64644d46d3840ce524ca7f518c58d8b0a84550e02f0ddbffdfdb0f2c1324245f2a6acedc4a65a26bcef520f15c47029468a47a6b006944b83ea5e26c73ec79d469f1fd5db28af3ba53214c7ec560451e387c8ea65245b15b0e85325f8610b9ea0f95783a7fd9cf96f6c4485f432c7bfb7750780f2451799c8f0a08c8e8890d09c412616c40e640ade8c92831903907f601967ee6e7870ecdde6bbc33772ee5f4b926d579698d340050cc07dec805d361e59aced8201d1a7cf6c4cbddb0e68cb78af6a1004adbd2cbe0c06d05cf346f485d8a31c4a1ae6d9c2d6e07a1736560cb1ab21d92b9f6c86dc186af9724bda836fc1f888077428b0aa0555053154db40235d3c875f130f9cc9177c1109b3a989fcd7b65b1edbf4c121b726c941ab2bb38023ef84620c322ecce66bb44f58a4ac87b3eb6344f7c9f92afcb68ec5a0929db6ede18e36a1cc92fd18002f51f3818a6d3d2fc877804bef38be80e3b8bb4c85a264661645be14e9390ea41e3e280c63e797286adfdebb7a4819f775ccf8e849d3af5c28b834bca91447f715fcd96cf0808c8d823579d1adfbe5dada0eb66e0d71881c7454a54cad4fcdf00b439f5e54779c306b2017c501c658a94e707a982edd170013bcb04f4a093c8905bd43570076deed2af740a45a9e22aa750c5aa5c445164d502185db60803d43ee7e6f358cbbfb373350c66f32ebfcff063a558b9719634c3521e371b721d61a35b3afac8d650538d52f29de22400056b6f7716c0a3fa4a7e7546bff985603898b10e92b6ec18df2a0ff71aa3f10c9d607d9cd5ee908b3156f894511af7a58a18d1ff084224ad07bd4ed9374e3dfae3412d5499537d0a2018cf0b85eae2bd0a3a9b94636470a07627907237e12d6e9f16550806e0f1a8484fd012a0578699a191d4a4d122ec41b460c2f4c703093727ece54b476b38fa06258aad4b586e010bdc720130851853a7281a8bfbafd85a2f3e86c5f3e0f4ddf2fe868cd11347e1aeead81482a4f93e4a80258c44a084aa9c9078e5e13f3419ce5b1296b5b72e730a5c3789cca15ddacf4abd8a262a9474bf07b615cbe812f1952cddc2406644fbc7adb86979ba9e0b650ce37039b41237e83e5342c7b153cdf153d72ec569c2e56e0b3ba4e65e1d2e2b0e1f23b35b26f368da0c166e5dd19e3572e405bf886477bc35843b440bebaf13b2ce3b205cbb4cf6dd2e1fb40a77f7757daf7fd304e0b4bbf4dd68ed3920f870d1068f579705542a9f544e4f9c67ae98bc47549523af942ae40bdf52cf5b2f5e7c9e4db1320651028eecddcdad91cb5a97cbdfbef6d589391c0b1e63ed3e0af68d9e8f6b3ee45610476727c98bab5fb40c83fcd98f40c29c1320078c315967639ffb72437594e6580bb9669820deef01d5037157d6e5041cfb5e0fb4ea47fdf2f1b3b0b195768b20ab479e69a4badfa215951154fb2773747441abfb1362d5f8472e5a135dcbcf90afb462eb678c0e0ca0d8e865d947dbc7441289b2ce1e429fa1c8e2746e4bed8cbed0e6002baf81032e277ddabc5efb324fc0006f3a1d85126a7e4af9ee4834671fdaddf4b6a2207366d10657927a1cf0521829e78b5acb85c86f4c61f704e5202b6bf32891336a76e518c588dcf83eeddcade6053bb446d9a7b362f886304df4a780e1cee35a8d865710f067a8d8916ad48ef41ff15b9889a971022dfcf1b9ca6670a571e1f75e23c59923794efcee91abdbca8c3a2c2286457fbade07fedfd9f11b26e77ddaa2b634b29bc9c90f36782caf8b898561934fc3cacb74600d0cf00247a67aede44e227c9ffe091f96826793ac782382f86207bca090c12d5656b1fb39348ceff154d47fd3ff6e5a3e7ab968c33707e5a5d68e322d1d89e984e46c4029f4c9e7e8ed9db2377e99a2e25649c4489d875e057eccc1b84da76e301e03e8658ce8812bb2b2ef2cbfb03ee90fe22088549892") (async)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r2) (async)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000011c0), r2)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r5, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0) (async)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r1, &(0x7f0000001280)={&(0x7f0000001180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001300)={&(0x7f0000001380)=ANY=[@ANYRES16=r5, @ANYRES16=r4, @ANYRES16=0x0, @ANYRES32=r0, @ANYRES8=r3, @ANYRES64=r4], 0x40}, 0x1, 0x0, 0x0, 0x801}, 0x20004081) (async)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r6)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000012c0), r6) (async)
syz_open_procfs$namespace(r0, &(0x7f0000001140)='ns/user\x00')
r7 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001240), r6)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r8, &(0x7f00000014c0)={&(0x7f0000001200)={0x10, 0x0, 0x0, 0x608a020a}, 0xc, &(0x7f0000001480)={&(0x7f0000001400)={0x48, r9, 0x2, 0x70bd29, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x2}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0xffffe927}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async)
write$vhost_msg(r7, 0x0, 0x0)

06:28:14 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$SIOCAX25CTLCON(0xffffffffffffffff, 0x89e8, &(0x7f0000000080)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, 0xa, 0x7, 0x8, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast]})
ioctl$IMCLEAR_L2(0xffffffffffffffff, 0x80044946, &(0x7f0000000000)=0x8)

06:28:14 executing program 4:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r0) (async)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wpan4\x00', <r2=>0x0})
sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x50, r1, 0x300, 0x70bd29, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x2}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r2}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}, @IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x1}]}, 0x50}, 0x1, 0x0, 0x0, 0x24000090}, 0x48005) (async)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000380)={'wpan3\x00', <r3=>0x0})
sendmsg$IEEE802154_LLSEC_GETPARAMS(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r1, 0x2, 0x70bd25, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r3}]}, 0x1c}}, 0x40)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x0) (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r4) (async)
r5 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000240), r0)
sendmsg$IEEE802154_LLSEC_GETPARAMS(r4, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x2c, r5, 0x800, 0x70bd26, 0x25dfdbfb, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan4\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x400}, 0x840)

06:28:14 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x1, &(0x7f0000000000)=@raw=[@alu={0x0, 0x0, 0x0, 0xfa0c912f4ef4e434, 0xb, 0x100}], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:15 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$SIOCAX25CTLCON(0xffffffffffffffff, 0x89e8, &(0x7f0000000080)={@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @default, 0xa, 0x7, 0x8, [@bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @bcast, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast]}) (async)
ioctl$IMCLEAR_L2(0xffffffffffffffff, 0x80044946, &(0x7f0000000000)=0x8)

06:28:15 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x1, &(0x7f0000000000)=@raw=[@alu={0x0, 0x0, 0x0, 0x0, 0xb, 0x100}], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:15 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
sendmsg$IEEE802154_START_REQ(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x14}, 0x14}}, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x440, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_GET(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x58, 0x1409, 0x1, 0x70bd2b, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x58}, 0x1, 0x0, 0x0, 0x840}, 0x890)

06:28:15 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x1, &(0x7f0000000000)=@raw=[@alu={0x0, 0x0, 0x0, 0x0, 0x0, 0x100}], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:16 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x1}}, 0x48)

06:28:16 executing program 1:
accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x10, 0x1000)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:16 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x1, &(0x7f0000000000)=@raw=[@alu], &(0x7f0000000080)='GPL\x00', 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:16 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
r0 = syz_open_dev$usbmon(&(0x7f0000000040), 0xff, 0x101000)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0], 0x1})

06:28:16 executing program 5:
r0 = syz_clone(0x4040200, &(0x7f0000000080)="add6ab0db0af1045650b9eedaa277d4e69c2ae57a4a620c9b98ee316d401f78b5de143a87f9b0c3f4bc429f0ab9c04ecb4f14caa504c457a1b2d17fe2a758600724f1cdb2b8b4a72", 0x48, &(0x7f0000000000), &(0x7f0000000100), &(0x7f0000000140)="1f3b8153db11e34e17fbe6449f436b2ec366830c3842618daa01fafb1acf2559eef229b92e3490883b8919f4ca84526004840b41ea03f993123c61860ae78354894614ce496af1ac1b338cc8b88de3c2c1d85e002296174fd5dba7e29ab3df1262279719d21794aefe379004fde37897ac9ba87d3b33d665ed8f563229ae60ccc49d317e924f7a96cb8278375df49bc701264d62d1862061ffce2afd2c75accbde8f2c72b4c3dc8f6b9457e87e46753839c286cf1275f846f0dc9ebb1198d57adaf6b088f1baeb3b3caebc4839d22a907c8f4e4adbe9d403dbd40526fb566cda99c3d0a6306e2dd49407b1338d840b3af489a6a8548c99bd8e6b53d36f72370c81c4a6cadebcf0c9542bba1d10912594f5f00be44439721a6417d01b367b20e861d52f66ebf5be917f9f3a89c4aac1681617ed0f1d1f84cde79c439f179a0546e2077dc1ddfb46b4cab26df3942a1aa4347729a63076829ffc0db29bd901e285ef9e92d8f40db28c05882c06de040a1b52ac66c632e37ac3eed2cc18e8fea4a470a63192d954375e7eca519884b5c1f0e031ea7cdaa72c7fcb28c9a547cc13c97d57706dd2bbd90d4762d294c01264013c7df902ba00ba42a92636f318867b0205653da17348366ef1e11dac46286e6f12f5b1a7a074b66f48bddba144e42177aecdd769003b54c15bcb5a1710c3d8e99354ebb622da46b3120a8d613dcb5787d78fad6833d2d0f6bb543e92d8a9ceb54fe96abf138c929bd605dbca62759dc482a0178933adfb217208bef1e5ef0a03ff35d626f148d6013afe3b47c8106eeb59c2b4f2fcd111d17837e8891a33c81d440c7d04c1504b638ff53db7657bc33adfb6cb04b714c4999ae25152df442fa5eb72aaca1a569a5d8dff8347d6045df80d7b6694fac36bb54d08c7979d3a5fa8287be71c95d2e8499ae0515c7f07094b37f4ff34e7cb5347b258f082332a8ed4a2dc579304ea0aafe8ee446d47a024c729d496cc1a4eaeb879392b33d7911e289daee278d54aad24fd4714475aa7f5320c437343f71b0b82f2c1f43995dfab229dfb2fa8f0219d548f85c9868cbc8fb779c0c7a07aff69b2486af20ca7b20491495d5ec0dd2c19c0d25910502bad24a8abff715b79ffc8cf49924e149c8d061a53d1eaf27208b1d6f5772fb94751caa3c7d0dc06951f1c6a09eb32c8cbd34b6375006a097e958fa03dcb0b58fb513f4ae1ebd75bc0b1199f8f4a134d498b10b82aeb9b0f3d2a2f28b16bfe87cdff2d917a1ad895bfd8e81afdc88848f1986c7310fb8a84b47f90535290a7df32a38141b0a53dc518dc86b2fc07d4e6869aab3dc2609b30aa696a505465f4c98415b07e7235b44ba0b677103715f5237151bb7674909ac9af94119d8b465213327b358ecece40bccd0da92cef4fe098fc1b98d563f7c04eeb239ad7aabb673c05a8a929790d690264ca2ee4b762198998f1becc3473c381a0354112d87f5d0b9222b509f687ffd208149a0aa2ef055778991d379e5ca711d0306f108c253492f8bd04b4e72a3beb2ec7c90ca14f8e3f7d203b5ef8b386ffe0dbd32f75974c6f94235b22f322689edb4e8b4af57c5ee302c9068e334caaeae7534defa46a1475c3e74f92594174cebd394ca1316f5ce376d7032cc65141cadd96da2218380f51596083c635c4ed8656c551088b3b19c112fac0c54d2daaff15633f16a839bf396149d48bf48e6553456f020532a5b7d30eb4ba9bf01dffcea13b14050fbb5ccb27ce4ac9f1da24958c1b4a5ea553deef4e91245d0ab5ead68fb657430c41ab5f9f0566cfca632ba8193f6a4d2f9b3e9a67947d4b05d1a16ded6f7917d3fccf6129bcb8e7a0cb3fddd04feebb4b04b2349db04b52b8d900d51db6399852b6365ffe6dcb297b129f9f2ddcb261d1815ec971a3e0a1b017d32b0ccb1b59926bd51bfb0cd7b51fbf5301fe4a8e1b9968a3f32298b4a47f51e246caf50f5da305cc89902772b28ea4a824eab0229682f27eb102c901a3644334e6d76f0f42196029a435417bcbfca357d6eafa00e30e4b01db25a4c4f8c6a0ce6c1be5658ed3969315135244a2b124896bb02e03ce60bb8708c57102ff768f9ea37e7497b470302d85d33b4535b6c9b2bfa78a5511cd98034e6394415ac57c5ed8151d6e9cef4d321092cfd2d503487a03b21669534be02732fa4b4329306593d611848fbfb32465c2af1712f080ba1c4124647fb12cc91f40b2e4332c773a95ef72e2ec7a029e18e5b0d23f1921f895cde2c6e228e7324f337b96432e213c608bc2c8b35d1d38bd63721bcc5aae191a38f63ab0d3bbabf46e0cb9d80b28e240f4363f5c679af7743516d7a1aa2b7f24eb5b6500b14da95c4522ae5e110e36b6785459c0aebbb685776f067de9cd9f2e62aea17bb192a8a0a6c4709f737e83a338b2be2a767a5bba95fe80c6b71b2f3eaabaa72f5a0b317996de1ae078ee5b0f71befd1da73975314aef15045b41eb5e5bdcca16c923cd13a45dd6670c86f894905581ad6e4adde95caee75a771fb202b59e6626f9d8090f440b53952002ae479066f22c128d0a1a887ccfd737b895b8d945148ac1656af773766ab3020e8089be7c38698e6d8994460ffcae25079cd0220bbd4192cde08d6676d52f4acf0ccf25843a0aef699392ef38e2650e914ce47aca2d15e3f85bd324f7f066d22b4f8707a76f5184cf8b0c1e2ac5a179d768c0114325fba86b4d2c11e6622a59832c5441a194fd536884085ab3edd8da23aed5e35407ba922f1a80f61a4fa72e00a1cb3a2ecafa0d1d68c39cb39b26be33d284a18240dac3df1d4fdd2db2254609fe76099fca05d360d8bb0abd51cc6f1c967ff921e194a09ab7273313f1b8689f75d135cbec0d302a4d7148e5d8a263afdece7f8b5665bbb94bb90f0173e02117ed1f1e9a04f5fa8f6c1e239650f546448b19f8be69c18dcd1513e0f97fce4dc65639374eddc8faf192f0cbaebc9f6accc0403048d24a372771d7f8da515773a16675e53f795930e0fff1203648aa3392490f823bed8e55d090c58d3b7b0c95732523f6ff59edc8075d1e823b09e1e78c4891ac6c26217e4deeccbf035df119b46c5833f3309ffd478333dde3257b4c5219f9370884bde585b8b784f1f71cf916843997ab0864d8cbed7df311e7aa56481ad9c175df9db6b911d6cf558ca64ea174c6bbe1dfa775bb535366b5cf5d51c52de9d26ea07b527cbc1dddb81c62dba5d20fd453e29050561f2e963a91da8608cdd880d6469e9fd8caf335b9854c20e65216813db5cddf1674e1b78fc82afc515698dac5ca5f002b0802fd3d77c8e4a254fcd8f6dc11fa03ff6003f5fdda0f3825b2160164a7ecc705364da215c82662605195b2f540941510ce86e035c87626a41b134c65723239ef44fc73cc68ace1d9da767468ff1c60eb19415c12b3c42b2cfe680a891a5233ffd095edee0cef6815070ee5d6b48e08e234dbbbb183f9b5848e63f034c26cddd4eaa9b2136f4a58213f7e711373277818a7f0675605ae45fbfe04c5c1eb5d349e1175e378b9d6a6cf228031c7636c42c62f0194f7057eb762850ae0dc8813c3e76539c8e029e17d196f8b666cf3e4d78517d1cb90f6858a7ab564db0e74c06ad61649e6e2bfdb27d408064ad154bb079b66a7d0df4480f36bf499c11779acfd66520e6ab40e34fbc86037a4ca9ebfd9e612c04e0ae7e47b214e1eb98a7cacb12a3373f4ae667a850a5a7d020f94d139394e1c264479780431dfddec17b1f9dfce20cff9c157e06445c2b618415f029e5813db4d6912ad38fbd199df35f6cd3173cb12c02b5f7a1a64644d46d3840ce524ca7f518c58d8b0a84550e02f0ddbffdfdb0f2c1324245f2a6acedc4a65a26bcef520f15c47029468a47a6b006944b83ea5e26c73ec79d469f1fd5db28af3ba53214c7ec560451e387c8ea65245b15b0e85325f8610b9ea0f95783a7fd9cf96f6c4485f432c7bfb7750780f2451799c8f0a08c8e8890d09c412616c40e640ade8c92831903907f601967ee6e7870ecdde6bbc33772ee5f4b926d579698d340050cc07dec805d361e59aced8201d1a7cf6c4cbddb0e68cb78af6a1004adbd2cbe0c06d05cf346f485d8a31c4a1ae6d9c2d6e07a1736560cb1ab21d92b9f6c86dc186af9724bda836fc1f888077428b0aa0555053154db40235d3c875f130f9cc9177c1109b3a989fcd7b65b1edbf4c121b726c941ab2bb38023ef84620c322ecce66bb44f58a4ac87b3eb6344f7c9f92afcb68ec5a0929db6ede18e36a1cc92fd18002f51f3818a6d3d2fc877804bef38be80e3b8bb4c85a264661645be14e9390ea41e3e280c63e797286adfdebb7a4819f775ccf8e849d3af5c28b834bca91447f715fcd96cf0808c8d823579d1adfbe5dada0eb66e0d71881c7454a54cad4fcdf00b439f5e54779c306b2017c501c658a94e707a982edd170013bcb04f4a093c8905bd43570076deed2af740a45a9e22aa750c5aa5c445164d502185db60803d43ee7e6f358cbbfb373350c66f32ebfcff063a558b9719634c3521e371b721d61a35b3afac8d650538d52f29de22400056b6f7716c0a3fa4a7e7546bff985603898b10e92b6ec18df2a0ff71aa3f10c9d607d9cd5ee908b3156f894511af7a58a18d1ff084224ad07bd4ed9374e3dfae3412d5499537d0a2018cf0b85eae2bd0a3a9b94636470a07627907237e12d6e9f16550806e0f1a8484fd012a0578699a191d4a4d122ec41b460c2f4c703093727ece54b476b38fa06258aad4b586e010bdc720130851853a7281a8bfbafd85a2f3e86c5f3e0f4ddf2fe868cd11347e1aeead81482a4f93e4a80258c44a084aa9c9078e5e13f3419ce5b1296b5b72e730a5c3789cca15ddacf4abd8a262a9474bf07b615cbe812f1952cddc2406644fbc7adb86979ba9e0b650ce37039b41237e83e5342c7b153cdf153d72ec569c2e56e0b3ba4e65e1d2e2b0e1f23b35b26f368da0c166e5dd19e3572e405bf886477bc35843b440bebaf13b2ce3b205cbb4cf6dd2e1fb40a77f7757daf7fd304e0b4bbf4dd68ed3920f870d1068f579705542a9f544e4f9c67ae98bc47549523af942ae40bdf52cf5b2f5e7c9e4db1320651028eecddcdad91cb5a97cbdfbef6d589391c0b1e63ed3e0af68d9e8f6b3ee45610476727c98bab5fb40c83fcd98f40c29c1320078c315967639ffb72437594e6580bb9669820deef01d5037157d6e5041cfb5e0fb4ea47fdf2f1b3b0b195768b20ab479e69a4badfa215951154fb2773747441abfb1362d5f8472e5a135dcbcf90afb462eb678c0e0ca0d8e865d947dbc7441289b2ce1e429fa1c8e2746e4bed8cbed0e6002baf81032e277ddabc5efb324fc0006f3a1d85126a7e4af9ee4834671fdaddf4b6a2207366d10657927a1cf0521829e78b5acb85c86f4c61f704e5202b6bf32891336a76e518c588dcf83eeddcade6053bb446d9a7b362f886304df4a780e1cee35a8d865710f067a8d8916ad48ef41ff15b9889a971022dfcf1b9ca6670a571e1f75e23c59923794efcee91abdbca8c3a2c2286457fbade07fedfd9f11b26e77ddaa2b634b29bc9c90f36782caf8b898561934fc3cacb74600d0cf00247a67aede44e227c9ffe091f96826793ac782382f86207bca090c12d5656b1fb39348ceff154d47fd3ff6e5a3e7ab968c33707e5a5d68e322d1d89e984e46c4029f4c9e7e8ed9db2377e99a2e25649c4489d875e057eccc1b84da76e301e03e8658ce8812bb2b2ef2cbfb03ee90fe22088549892") (async)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r2) (async)
r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000011c0), r2) (async)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r5, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0) (async)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r1, &(0x7f0000001280)={&(0x7f0000001180)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001300)={&(0x7f0000001380)=ANY=[@ANYRES16=r5, @ANYRES16=r4, @ANYRES16=0x0, @ANYRES32=r0, @ANYRES8=r3, @ANYRES64=r4], 0x40}, 0x1, 0x0, 0x0, 0x801}, 0x20004081) (async)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r6)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000012c0), r6)
syz_open_procfs$namespace(r0, &(0x7f0000001140)='ns/user\x00') (async)
r7 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001240), r6)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r8, &(0x7f00000014c0)={&(0x7f0000001200)={0x10, 0x0, 0x0, 0x608a020a}, 0xc, &(0x7f0000001480)={&(0x7f0000001400)={0x48, r9, 0x2, 0x70bd29, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x2}, @IEEE802154_ATTR_LLSEC_FRAME_COUNTER={0x8, 0x2f, 0xffffe927}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0202}}, @IEEE802154_ATTR_LLSEC_DEV_OVERRIDE={0x5, 0x36, 0x1}, @IEEE802154_ATTR_PAN_ID={0x6, 0x6, 0x1}]}, 0x48}, 0x1, 0x0, 0x0, 0x84}, 0x4000000) (async)
write$vhost_msg(r7, 0x0, 0x0)

06:28:16 executing program 3:
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, 0x1411, 0x714, 0x70bd25, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x5}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x4000)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:16 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x1, &(0x7f0000000000)=@raw=[@alu], 0x0, 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:16 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

06:28:16 executing program 1:
accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x10, 0x1000) (async)
accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x10, 0x1000)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:16 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x1}}, 0x48)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x1}}, 0x48) (async)

06:28:16 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x1, &(0x7f0000000000)=@raw=[@alu], 0x0, 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:16 executing program 1:
accept4$phonet_pipe(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x10, 0x1000)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:16 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x1, &(0x7f0000000000)=@raw=[@alu], 0x0, 0x7, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:16 executing program 3:
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, 0x1411, 0x714, 0x70bd25, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x5}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x4000)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:16 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x1, &(0x7f0000000000)=@raw=[@alu], &(0x7f0000000080)='GPL\x00', 0x0, 0x90, &(0x7f00000000c0)=""/144, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:17 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
r0 = syz_open_dev$usbmon(&(0x7f0000000040), 0xff, 0x101000)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0], 0x1})

06:28:17 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0, 0x1}}, 0x48)

06:28:17 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x1, &(0x7f0000000000)=@raw=[@alu], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:17 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

06:28:17 executing program 1:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000140), 0x400000, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0))
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000080))
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000100), 0x4)

06:28:17 executing program 3:
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_GET(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, 0x1411, 0x714, 0x70bd25, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_STAT_COUNTER_ID={0x8, 0x4f, 0x5}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_STAT_MODE={0x8, 0x4a, 0x1}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x4000)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:17 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x1, &(0x7f0000000000)=@raw=[@alu], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x14, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:17 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = accept4$phonet_pipe(0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000100)=0x10, 0x80000)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000440), 0x44c001, 0x0)
socketpair(0xb, 0x6, 0x0, &(0x7f0000000500)={<r3=>0xffffffffffffffff})
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000580), r2)
sendmsg$BATADV_CMD_SET_HARDIF(r3, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x24, r4, 0x400, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004891}, 0x8080)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000480), &(0x7f00000004c0)=0x4)
accept$phonet_pipe(r1, &(0x7f00000001c0), &(0x7f0000000200)=0x10)
getsockopt$PNPIPE_HANDLE(0xffffffffffffffff, 0x113, 0x3, &(0x7f0000000000), &(0x7f0000000080)=0x4)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f0000000240)=""/230, 0xe6, &(0x7f0000000340)=""/85, 0x0, 0x2}}, 0x48)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:28:17 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x1, &(0x7f0000000000)=@raw=[@alu], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:17 executing program 1:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000140), 0x400000, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0))
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000080))
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000100), 0x4)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000140), 0x400000, 0x0) (async)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000080)) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000100), 0x4) (async)

06:28:17 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x1, &(0x7f0000000000)=@raw=[@alu], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:17 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r1 = accept4$phonet_pipe(0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000100)=0x10, 0x80000) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000440), 0x44c001, 0x0)
socketpair(0xb, 0x6, 0x0, &(0x7f0000000500)={<r3=>0xffffffffffffffff}) (async, rerun: 64)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000580), r2) (rerun: 64)
sendmsg$BATADV_CMD_SET_HARDIF(r3, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x24, r4, 0x400, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004891}, 0x8080) (async)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000480), &(0x7f00000004c0)=0x4) (async)
accept$phonet_pipe(r1, &(0x7f00000001c0), &(0x7f0000000200)=0x10) (async)
getsockopt$PNPIPE_HANDLE(0xffffffffffffffff, 0x113, 0x3, &(0x7f0000000000), &(0x7f0000000080)=0x4)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f0000000240)=""/230, 0xe6, &(0x7f0000000340)=""/85, 0x0, 0x2}}, 0x48) (async, rerun: 64)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (rerun: 64)

06:28:17 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
r0 = syz_open_dev$usbmon(&(0x7f0000000040), 0xff, 0x101000)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0], 0x1}) (async)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0], 0x1})

06:28:17 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x1, &(0x7f0000000000)=@raw=[@alu], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000001c0)={0x5, 0x4, 0x400, 0x80000001}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:17 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

06:28:17 executing program 1:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
r3 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000140), 0x400000, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0))
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000080))
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000100), 0x4)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
openat$drirender128(0xffffffffffffff9c, &(0x7f0000000140), 0x400000, 0x0) (async)
socket$inet_udplite(0x2, 0x2, 0x88) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000080)) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
setsockopt$inet6_icmp_ICMP_FILTER(r1, 0x1, 0x1, &(0x7f0000000100), 0x4) (async)

06:28:17 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = accept4$phonet_pipe(0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000100)=0x10, 0x80000)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000440), 0x44c001, 0x0)
socketpair(0xb, 0x6, 0x0, &(0x7f0000000500)={<r3=>0xffffffffffffffff})
r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000580), r2)
sendmsg$BATADV_CMD_SET_HARDIF(r3, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x24, r4, 0x400, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004891}, 0x8080)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000480), &(0x7f00000004c0)=0x4)
accept$phonet_pipe(r1, &(0x7f00000001c0), &(0x7f0000000200)=0x10)
getsockopt$PNPIPE_HANDLE(0xffffffffffffffff, 0x113, 0x3, &(0x7f0000000000), &(0x7f0000000080)=0x4)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f0000000240)=""/230, 0xe6, &(0x7f0000000340)=""/85, 0x0, 0x2}}, 0x48)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
accept4$phonet_pipe(0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000100)=0x10, 0x80000) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000440), 0x44c001, 0x0) (async)
socketpair(0xb, 0x6, 0x0, &(0x7f0000000500)) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000580), r2) (async)
sendmsg$BATADV_CMD_SET_HARDIF(r3, &(0x7f0000000640)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000600)={&(0x7f00000005c0)={0x24, r4, 0x400, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004891}, 0x8080) (async)
getsockopt$PNPIPE_ENCAP(r2, 0x113, 0x1, &(0x7f0000000480), &(0x7f00000004c0)=0x4) (async)
accept$phonet_pipe(r1, &(0x7f00000001c0), &(0x7f0000000200)=0x10) (async)
getsockopt$PNPIPE_HANDLE(0xffffffffffffffff, 0x113, 0x3, &(0x7f0000000000), &(0x7f0000000080)=0x4) (async)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f00000003c0)={0x2, 0x0, {&(0x7f0000000240)=""/230, 0xe6, &(0x7f0000000340)=""/85, 0x0, 0x2}}, 0x48) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)

06:28:17 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0xa578, 0x109000)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000080))

06:28:18 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x1, &(0x7f0000000000)=@raw=[@alu], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000200)=[0x1, 0x1]}, 0x80)

06:28:18 executing program 0:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000280)={0x3, r3})
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r4, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r5, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1000000007000400c54af506f0b25a5a9f7af02500000000a8c9dc5440dc00000000d720f05909c584075daa5b5ff5f2fb5a02f8ee639d64ab178d4341b07546d5289020e41fb871dfbb954d3a5dc624168788d932eaf9ebfc14ad2a9b58c922fc20"], 0x10}}, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000100)={0x40, r5}, 0x0)

06:28:18 executing program 5:
ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000080)=0x1)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$vhost_msg(0xffffffffffffffff, 0x0, 0x16)

06:28:18 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0xa578, 0x109000)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000080))

06:28:18 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)

06:28:18 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x0, 0x1, &(0x7f0000000000)=@raw=[@alu], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x80)

06:28:18 executing program 0:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000280)={0x3, r3})
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r4, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r5, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1000000007000400c54af506f0b25a5a9f7af02500000000a8c9dc5440dc00000000d720f05909c584075daa5b5ff5f2fb5a02f8ee639d64ab178d4341b07546d5289020e41fb871dfbb954d3a5dc624168788d932eaf9ebfc14ad2a9b58c922fc20"], 0x10}}, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000100)={0x40, r5}, 0x0)

06:28:18 executing program 4:
msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000040)=""/4096)
syz_open_dev$usbmon(&(0x7f0000001040), 0x0, 0x64200)

06:28:18 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0xa578, 0x109000)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000080))

06:28:18 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) (async)

06:28:18 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0xa578, 0x109000)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000080))

06:28:18 executing program 0:
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x10000, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000280)={0x3, r3}) (async)
r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r4, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
r5 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r5, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1000000007000400c54af506f0b25a5a9f7af02500000000a8c9dc5440dc00000000d720f05909c584075daa5b5ff5f2fb5a02f8ee639d64ab178d4341b07546d5289020e41fb871dfbb954d3a5dc624168788d932eaf9ebfc14ad2a9b58c922fc20"], 0x10}}, 0x0) (async)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r1, 0x1, &(0x7f0000000100)={0x40, r5}, 0x0)

06:28:18 executing program 5:
ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000080)=0x1)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$vhost_msg(0xffffffffffffffff, 0x0, 0x16)

06:28:18 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0xa578, 0x109000)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000080))

06:28:19 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:28:19 executing program 4:
msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000040)=""/4096) (async)
syz_open_dev$usbmon(&(0x7f0000001040), 0x0, 0x64200)

06:28:19 executing program 3:
read$usbmon(0xffffffffffffffff, &(0x7f0000000080)=""/165, 0xa5)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0xbdcaf)

06:28:19 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = syz_open_dev$sg(&(0x7f0000000000), 0xa578, 0x109000)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000080))

06:28:19 executing program 5:
ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000080)=0x1)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
write$vhost_msg(0xffffffffffffffff, 0x0, 0x16)
ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f0000000080)=0x1) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
openat$vnet(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async)
write$vhost_msg(0xffffffffffffffff, 0x0, 0x16) (async)

06:28:19 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)

06:28:19 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:28:19 executing program 3:
read$usbmon(0xffffffffffffffff, &(0x7f0000000080)=""/165, 0xa5)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0xbdcaf)

06:28:19 executing program 4:
msgctl$MSG_INFO(0x0, 0xc, &(0x7f0000000040)=""/4096) (async, rerun: 64)
syz_open_dev$usbmon(&(0x7f0000001040), 0x0, 0x64200) (rerun: 64)

06:28:19 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(0xffffffffffffffff, 0x2288, &(0x7f0000000080))

06:28:19 executing program 3:
read$usbmon(0xffffffffffffffff, &(0x7f0000000080)=""/165, 0xa5) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$MON_IOCT_RING_SIZE(r0, 0x9204, 0xbdcaf)

06:28:19 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)

06:28:19 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000))

06:28:19 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(0xffffffffffffffff, 0x2288, &(0x7f0000000080))

06:28:19 executing program 3:
r0 = syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'team0\x00', <r1=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', <r2=>0x0})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000240)={'sit0\x00', &(0x7f0000000140)={'gre0\x00', <r3=>0x0, 0x7, 0x7, 0x4d9b, 0x20000000, {{0x2f, 0x4, 0x3, 0x6, 0xbc, 0x64, 0x0, 0x9, 0x2f, 0x0, @multicast2, @loopback, {[@timestamp_addr={0x44, 0x24, 0x30, 0x1, 0xc, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x100}, {@multicast2, 0x4}, {@loopback, 0x3ff}, {@local, 0x5}]}, @ssrr={0x89, 0x2b, 0x6d, [@loopback, @loopback, @loopback, @loopback, @multicast2, @remote, @loopback, @dev={0xac, 0x14, 0x14, 0x37}, @initdev={0xac, 0x1e, 0x0, 0x0}, @local]}, @rr={0x7, 0x13, 0x37, [@initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, @remote, @local]}, @rr={0x7, 0x7, 0x58, [@private=0xa010101]}, @timestamp_addr={0x44, 0x34, 0xe2, 0x1, 0x4, [{@private=0xa010100, 0xff}, {@multicast1, 0x9}, {@multicast1, 0x2}, {@dev={0xac, 0x14, 0x14, 0x2b}, 0x1}, {@multicast1, 0xffffffff}, {@private=0x6, 0x1ff}]}, @timestamp={0x44, 0x8, 0x23, 0x0, 0xb, [0xfffffff9]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_0\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'team0\x00', <r5=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'team0\x00', <r6=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'team0\x00', <r7=>0x0})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000480)={'syztnl2\x00', &(0x7f0000000380)={'syztnl1\x00', <r8=>0x0, 0x10, 0x8000, 0x3, 0x100, {{0x29, 0x4, 0x1, 0x1, 0xa4, 0x66, 0x0, 0x8, 0x29, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x27}, {[@lsrr={0x83, 0xf, 0xd, [@rand_addr=0x64010100, @multicast1, @multicast1]}, @rr={0x7, 0x27, 0xd4, [@initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, @dev={0xac, 0x14, 0x14, 0x11}, @dev={0xac, 0x14, 0x14, 0x2b}, @loopback, @broadcast]}, @timestamp_addr={0x44, 0x2c, 0xc9, 0x1, 0x5, [{@empty, 0x1}, {@empty, 0x1}, {@remote, 0x9}, {@remote, 0xff}, {@dev={0xac, 0x14, 0x14, 0xa}}]}, @cipso={0x86, 0x9, 0x1, [{0x6, 0x3, 'Z'}]}, @ssrr={0x89, 0x1f, 0xdd, [@remote, @broadcast, @private=0xa010102, @loopback, @rand_addr=0x64010100, @private=0xa010101, @multicast1]}, @ra={0x94, 0x4, 0x1}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'team0\x00', <r9=>0x0})
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000f00)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000500)={0x9a0, r0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [{{0x8, 0x1, r1}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8}, {0xe8, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r2}, {0x230, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x72}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6400}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x9, 0x7e, 0x6, 0x7}, {0x8, 0xff, 0x8, 0x800}, {0xbb7, 0x1, 0xff, 0x200000}]}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xd7e}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}]}}, {{0x8}, {0x260, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r3}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r5}}}]}}, {{0x8, 0x1, r6}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}]}}, {{0x8}, {0x100, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x80}}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0xb8, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}]}}, {{0x8}, {0x1a4, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r9}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x91c}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x10000}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}]}, 0x9a0}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:19 executing program 0:
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x1, 0x8404c0)
ioctl$MON_IOCG_STATS(r0, 0x80089203, &(0x7f0000000080))
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
socketpair(0x1a, 0xa, 0x6c, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r2)

06:28:20 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000080)=""/136, 0x88, &(0x7f0000000140)=""/188, 0x2}}, 0x48)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000001280)={0x2, 0x0, {&(0x7f0000000000)=""/59, 0x3b, &(0x7f0000000280)=""/4096, 0x2, 0x1}}, 0x48)

06:28:20 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000))

06:28:20 executing program 3:
r0 = syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'team0\x00', <r1=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', <r2=>0x0})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000240)={'sit0\x00', &(0x7f0000000140)={'gre0\x00', <r3=>0x0, 0x7, 0x7, 0x4d9b, 0x20000000, {{0x2f, 0x4, 0x3, 0x6, 0xbc, 0x64, 0x0, 0x9, 0x2f, 0x0, @multicast2, @loopback, {[@timestamp_addr={0x44, 0x24, 0x30, 0x1, 0xc, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x100}, {@multicast2, 0x4}, {@loopback, 0x3ff}, {@local, 0x5}]}, @ssrr={0x89, 0x2b, 0x6d, [@loopback, @loopback, @loopback, @loopback, @multicast2, @remote, @loopback, @dev={0xac, 0x14, 0x14, 0x37}, @initdev={0xac, 0x1e, 0x0, 0x0}, @local]}, @rr={0x7, 0x13, 0x37, [@initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, @remote, @local]}, @rr={0x7, 0x7, 0x58, [@private=0xa010101]}, @timestamp_addr={0x44, 0x34, 0xe2, 0x1, 0x4, [{@private=0xa010100, 0xff}, {@multicast1, 0x9}, {@multicast1, 0x2}, {@dev={0xac, 0x14, 0x14, 0x2b}, 0x1}, {@multicast1, 0xffffffff}, {@private=0x6, 0x1ff}]}, @timestamp={0x44, 0x8, 0x23, 0x0, 0xb, [0xfffffff9]}]}}}}}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_0\x00', <r4=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'team0\x00', <r5=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'team0\x00', <r6=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'team0\x00', <r7=>0x0}) (async)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000480)={'syztnl2\x00', &(0x7f0000000380)={'syztnl1\x00', <r8=>0x0, 0x10, 0x8000, 0x3, 0x100, {{0x29, 0x4, 0x1, 0x1, 0xa4, 0x66, 0x0, 0x8, 0x29, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x27}, {[@lsrr={0x83, 0xf, 0xd, [@rand_addr=0x64010100, @multicast1, @multicast1]}, @rr={0x7, 0x27, 0xd4, [@initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, @dev={0xac, 0x14, 0x14, 0x11}, @dev={0xac, 0x14, 0x14, 0x2b}, @loopback, @broadcast]}, @timestamp_addr={0x44, 0x2c, 0xc9, 0x1, 0x5, [{@empty, 0x1}, {@empty, 0x1}, {@remote, 0x9}, {@remote, 0xff}, {@dev={0xac, 0x14, 0x14, 0xa}}]}, @cipso={0x86, 0x9, 0x1, [{0x6, 0x3, 'Z'}]}, @ssrr={0x89, 0x1f, 0xdd, [@remote, @broadcast, @private=0xa010102, @loopback, @rand_addr=0x64010100, @private=0xa010101, @multicast1]}, @ra={0x94, 0x4, 0x1}]}}}}}) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'team0\x00', <r9=>0x0})
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000f00)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000500)={0x9a0, r0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [{{0x8, 0x1, r1}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8}, {0xe8, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r2}, {0x230, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x72}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6400}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x9, 0x7e, 0x6, 0x7}, {0x8, 0xff, 0x8, 0x800}, {0xbb7, 0x1, 0xff, 0x200000}]}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xd7e}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}]}}, {{0x8}, {0x260, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r3}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r5}}}]}}, {{0x8, 0x1, r6}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}]}}, {{0x8}, {0x100, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x80}}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0xb8, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}]}}, {{0x8}, {0x1a4, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r9}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x91c}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x10000}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}]}, 0x9a0}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:20 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(0xffffffffffffffff, 0x2288, &(0x7f0000000080))

06:28:20 executing program 4:
socketpair(0x2c, 0x80000, 0xefa, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x8, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004890}, 0x852)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

06:28:20 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_HANDLE_TO_FD_FD(0xffffffffffffffff, 0xc01064c1, &(0x7f0000000000))

06:28:20 executing program 5:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000080)=""/136, 0x88, &(0x7f0000000140)=""/188, 0x2}}, 0x48)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000001280)={0x2, 0x0, {&(0x7f0000000000)=""/59, 0x3b, &(0x7f0000000280)=""/4096, 0x2, 0x1}}, 0x48)

06:28:20 executing program 0:
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x1, 0x8404c0)
ioctl$MON_IOCG_STATS(r0, 0x80089203, &(0x7f0000000080)) (async)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
socketpair(0x1a, 0xa, 0x6c, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r2)

06:28:20 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0xa578, 0x109000)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000080))

06:28:20 executing program 4:
socketpair(0x2c, 0x80000, 0xefa, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x8, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004890}, 0x852) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

06:28:20 executing program 3:
syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff) (async)
r0 = syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'team0\x00', <r1=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', <r2=>0x0})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000240)={'sit0\x00', &(0x7f0000000140)={'gre0\x00', <r3=>0x0, 0x7, 0x7, 0x4d9b, 0x20000000, {{0x2f, 0x4, 0x3, 0x6, 0xbc, 0x64, 0x0, 0x9, 0x2f, 0x0, @multicast2, @loopback, {[@timestamp_addr={0x44, 0x24, 0x30, 0x1, 0xc, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x100}, {@multicast2, 0x4}, {@loopback, 0x3ff}, {@local, 0x5}]}, @ssrr={0x89, 0x2b, 0x6d, [@loopback, @loopback, @loopback, @loopback, @multicast2, @remote, @loopback, @dev={0xac, 0x14, 0x14, 0x37}, @initdev={0xac, 0x1e, 0x0, 0x0}, @local]}, @rr={0x7, 0x13, 0x37, [@initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, @remote, @local]}, @rr={0x7, 0x7, 0x58, [@private=0xa010101]}, @timestamp_addr={0x44, 0x34, 0xe2, 0x1, 0x4, [{@private=0xa010100, 0xff}, {@multicast1, 0x9}, {@multicast1, 0x2}, {@dev={0xac, 0x14, 0x14, 0x2b}, 0x1}, {@multicast1, 0xffffffff}, {@private=0x6, 0x1ff}]}, @timestamp={0x44, 0x8, 0x23, 0x0, 0xb, [0xfffffff9]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_0\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'batadv_slave_0\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'team0\x00', <r5=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000300)) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'team0\x00', <r6=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'team0\x00', <r7=>0x0})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000480)={'syztnl2\x00', &(0x7f0000000380)={'syztnl1\x00', <r8=>0x0, 0x10, 0x8000, 0x3, 0x100, {{0x29, 0x4, 0x1, 0x1, 0xa4, 0x66, 0x0, 0x8, 0x29, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x27}, {[@lsrr={0x83, 0xf, 0xd, [@rand_addr=0x64010100, @multicast1, @multicast1]}, @rr={0x7, 0x27, 0xd4, [@initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, @remote, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, @dev={0xac, 0x14, 0x14, 0x11}, @dev={0xac, 0x14, 0x14, 0x2b}, @loopback, @broadcast]}, @timestamp_addr={0x44, 0x2c, 0xc9, 0x1, 0x5, [{@empty, 0x1}, {@empty, 0x1}, {@remote, 0x9}, {@remote, 0xff}, {@dev={0xac, 0x14, 0x14, 0xa}}]}, @cipso={0x86, 0x9, 0x1, [{0x6, 0x3, 'Z'}]}, @ssrr={0x89, 0x1f, 0xdd, [@remote, @broadcast, @private=0xa010102, @loopback, @rand_addr=0x64010100, @private=0xa010101, @multicast1]}, @ra={0x94, 0x4, 0x1}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'team0\x00', <r9=>0x0})
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000f00)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000500)={0x9a0, r0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [{{0x8, 0x1, r1}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8}, {0xe8, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r2}, {0x230, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x72}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6400}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x9, 0x7e, 0x6, 0x7}, {0x8, 0xff, 0x8, 0x800}, {0xbb7, 0x1, 0xff, 0x200000}]}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xd7e}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}]}}, {{0x8}, {0x260, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r3}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r5}}}]}}, {{0x8, 0x1, r6}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}]}}, {{0x8}, {0x100, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x80}}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0xb8, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}]}}, {{0x8}, {0x1a4, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r9}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x91c}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x10000}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}]}, 0x9a0}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) (async)
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000f00)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000ec0)={&(0x7f0000000500)={0x9a0, r0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [{{0x8, 0x1, r1}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8}, {0xe8, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8, 0x1, r2}, {0x230, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x72}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6400}}}, {0x4c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x1c, 0x4, [{0x9, 0x7e, 0x6, 0x7}, {0x8, 0xff, 0x8, 0x800}, {0xbb7, 0x1, 0xff, 0x200000}]}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xd7e}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}]}}, {{0x8}, {0x260, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r3}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r5}}}]}}, {{0x8, 0x1, r6}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}]}}, {{0x8}, {0x100, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x80}}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0xb8, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}]}}, {{0x8}, {0x1a4, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r9}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x91c}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x10000}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}]}, 0x9a0}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:20 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r0)
sendmsg$IEEE802154_LLSEC_ADD_KEY(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0x0, 0x4, 0x70bd2a, 0x25dfdbfc, {}, [@IEEE802154_ATTR_LLSEC_KEY_BYTES={0x14, 0x30, "09c0d29b9ded4f74456e43d7b3ce3c16"}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x4000000)

06:28:20 executing program 2:
r0 = syz_open_dev$sg(0x0, 0xa578, 0x109000)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000080))

06:28:20 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000080)=""/136, 0x88, &(0x7f0000000140)=""/188, 0x2}}, 0x48) (async)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000080)=""/136, 0x88, &(0x7f0000000140)=""/188, 0x2}}, 0x48)
write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000001280)={0x2, 0x0, {&(0x7f0000000000)=""/59, 0x3b, &(0x7f0000000280)=""/4096, 0x2, 0x1}}, 0x48)

06:28:20 executing program 4:
socketpair(0x2c, 0x80000, 0xefa, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000140)={&(0x7f0000000080), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x8, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004890}, 0x852) (async, rerun: 64)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (rerun: 64)

06:28:20 executing program 0:
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x1, 0x8404c0)
ioctl$MON_IOCG_STATS(r0, 0x80089203, &(0x7f0000000080)) (async)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r1, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
socketpair(0x1a, 0xa, 0x6c, &(0x7f0000000100)={<r2=>0xffffffffffffffff})
syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), r2)

06:28:20 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x4600a0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={r0, 0x1, 0x2000, 0xfffffffffffff000})

06:28:20 executing program 2:
r0 = syz_open_dev$sg(0x0, 0xa578, 0x109000)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000080))

06:28:20 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r0)
sendmsg$IEEE802154_LLSEC_ADD_KEY(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0x0, 0x4, 0x70bd2a, 0x25dfdbfc, {}, [@IEEE802154_ATTR_LLSEC_KEY_BYTES={0x14, 0x30, "09c0d29b9ded4f74456e43d7b3ce3c16"}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x4000000)

06:28:20 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0xc101, 0x0)
write$vhost_msg_v2(r0, &(0x7f00000002c0)={0x2, 0x0, {&(0x7f0000000080)=""/181, 0xb5, &(0x7f00000001c0)=""/203, 0x1, 0x2}}, 0x48)

06:28:20 executing program 2:
r0 = syz_open_dev$sg(0x0, 0xa578, 0x109000)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000080))

06:28:20 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000080)={0x0, <r2=>0x0})
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_RM_CTX(r3, 0xc0086421, &(0x7f0000000140)={0x0, 0x2})
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
ioctl$DRM_IOCTL_MODE_CURSOR2(r3, 0xc02464bb, &(0x7f0000000100)={0x0, 0xeab2, 0xa1d, 0xffff, 0xffff4f48, 0x6b0, 0x8, 0x1, 0x2})
ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f00000000c0)={r2})
write$vhost_msg(r0, 0x0, 0x0)

06:28:20 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x4600a0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={r0, 0x1, 0x2000, 0xfffffffffffff000})

06:28:20 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async, rerun: 64)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r0) (async, rerun: 32)
sendmsg$IEEE802154_LLSEC_ADD_KEY(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0x0, 0x4, 0x70bd2a, 0x25dfdbfc, {}, [@IEEE802154_ATTR_LLSEC_KEY_BYTES={0x14, 0x30, "09c0d29b9ded4f74456e43d7b3ce3c16"}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0302}}]}, 0x34}, 0x1, 0x0, 0x0, 0x40}, 0x4000000) (rerun: 32)

06:28:20 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x5, 0x200680)

06:28:20 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x109000)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000080))

06:28:21 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0xc101, 0x0)
write$vhost_msg_v2(r0, &(0x7f00000002c0)={0x2, 0x0, {&(0x7f0000000080)=""/181, 0xb5, &(0x7f00000001c0)=""/203, 0x1, 0x2}}, 0x48)

06:28:21 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x5, 0x200680)

06:28:21 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000080))

06:28:21 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r1 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) (async)
ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000080)={0x0, <r2=>0x0}) (async, rerun: 64)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (rerun: 64)
ioctl$DRM_IOCTL_RM_CTX(r3, 0xc0086421, &(0x7f0000000140)={0x0, 0x2}) (async, rerun: 64)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0) (rerun: 64)
ioctl$DRM_IOCTL_MODE_CURSOR2(r3, 0xc02464bb, &(0x7f0000000100)={0x0, 0xeab2, 0xa1d, 0xffff, 0xffff4f48, 0x6b0, 0x8, 0x1, 0x2})
ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f00000000c0)={r2})
write$vhost_msg(r0, 0x0, 0x0)

06:28:21 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x5, 0x200680)

06:28:21 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x4600a0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
ioctl$UDMABUF_CREATE(0xffffffffffffffff, 0x40187542, &(0x7f0000000000)={r0, 0x1, 0x2000, 0xfffffffffffff000})

06:28:21 executing program 2:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(0xffffffffffffffff, 0x2288, &(0x7f0000000080))

06:28:21 executing program 2:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(0xffffffffffffffff, 0x2288, &(0x7f0000000080))

06:28:21 executing program 0:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(0xffffffffffffffff, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0xc101, 0x0)
write$vhost_msg_v2(r0, &(0x7f00000002c0)={0x2, 0x0, {&(0x7f0000000080)=""/181, 0xb5, &(0x7f00000001c0)=""/203, 0x1, 0x2}}, 0x48)

06:28:21 executing program 1:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000000)=0x1)

06:28:21 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000040)={&(0x7f0000000080)=[0x0, 0x0, 0x0], 0x3, 0x1})

06:28:21 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:21 executing program 2:
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(0xffffffffffffffff, 0x2288, &(0x7f0000000080))

06:28:21 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000040)={&(0x7f0000000080)=[0x0, 0x0, 0x0], 0x3, 0x1})

06:28:21 executing program 1:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000000)=0x1)

06:28:21 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r1 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000080)={0x0, <r2=>0x0}) (async)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_RM_CTX(r3, 0xc0086421, &(0x7f0000000140)={0x0, 0x2}) (async, rerun: 64)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0) (async, rerun: 64)
ioctl$DRM_IOCTL_MODE_CURSOR2(r3, 0xc02464bb, &(0x7f0000000100)={0x0, 0xeab2, 0xa1d, 0xffff, 0xffff4f48, 0x6b0, 0x8, 0x1, 0x2}) (async)
ioctl$DRM_IOCTL_GEM_OPEN(r1, 0xc010640b, &(0x7f00000000c0)={r2})
write$vhost_msg(r0, 0x0, 0x0)

06:28:21 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000040)={&(0x7f0000000080)=[0x0, 0x0, 0x0], 0x3, 0x1})

06:28:21 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000080)={0x1, r2})
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)

06:28:21 executing program 1:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000000)=0x1)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
ioctl$SG_SET_COMMAND_Q(r0, 0x2271, &(0x7f0000000000)=0x1) (async)

06:28:21 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:21 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, 0x0)

06:28:21 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)={0x128, 0x1403, 0x4, 0x70bd29, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'nr0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'pimreg0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'ipvlan1\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'virt_wifi0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'pim6reg\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth1_to_bond\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_virt_wifi\x00'}}]}, 0x128}, 0x1, 0x0, 0x0, 0x4010}, 0x20004050)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x38, 0x140c, 0x4, 0x70bd25, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x3}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

06:28:21 executing program 4:
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x10000, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000080)={<r1=>0x0})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f00000000c0)={r1})
syz_open_dev$usbmon(&(0x7f0000000000), 0x800000, 0x204100)

06:28:21 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = msgget(0x2, 0x404)
msgsnd(r0, &(0x7f0000000000)={0x2, "f10f1065e5e6efb3002e3ade040aab50b1fa0589ef9713bed43c03a0e00e43da4d33eb7bc0651ecbdfa0f646d7e882a80fa039b19578e1ab787cbf0486d51dd39fc1abf5effc85ee3d9b223afccb27385f494702ae85823d9e6498ef1e0887cf47e14489369d24d11ec3a16ac3675e8e717ad76224918fe2f0e762226aae7f3559428d2bb11b606e151edb3415c563e37e488abf8fd98a122a6c07b2ea4eb9526b82a13b1f3ea014316dedf7ed1708f547176ecb2332054243710f11e1d48a54690c79abe33b52fe7ee850eca1dbd7b1eb4bc0d9bc920a"}, 0xdf, 0x0)
msgsnd(r0, &(0x7f00000014c0)={0x1, "fddc59c508efd32adc6531ccc0df07191df74d937d7ccc23ce32119b742367e1fa8554ee9ac4c1b2b9c63eb23f32538496ae210c6ea20976bde4aaed01f67e217c0380d1d5cd88c3868fd38ad332b5dc14cabc32f0262d7d39cefd322483f318e678b558b657e4e0e43ec83dc2ed570a7b6c774a4d0523d7c1f1b02baa477a62144dff6758ed91ae01d3e020bdac1c453fddcd5afef4d9f5ead76b98ab9aa858bd1c2a74dac4613eb7f2bb7cc2b085271f54c01b8f455b12d4c9a470830962aadc79cea59cb9e8f7a0cc4f34eba14091e8fa02196b0faa4a69926b9bdff42a51a80f1d294d08618066c031f3a5792bac4ae658b3ad7049bd666d6f0396621a1f92a3bd861e9a033afadb3b456a3b3bf14d6c0d718c9d2655fc5327ec0de610dec5e6af30ee509aa84b165f97d7f668c077cff84e6d14d7bf4c14a7acf83922beafe37ff35b839ed85c56b47a5cbde8580c28ec7c6e22961462f5fad26e6acc54b201b613c4d261d5b0c050c91254a92e190c8569bdd4ee9d9877af6f062962db6ce5031a5c172df0a4e95a870e3bbde6b64305242214e6a2483730b16a4eadba065ed7a57719163b7100d8cc643b3fcf1cf273e64e8971d8c267f11c85c369f27310ac7bdd14e4526649b6e2e88a10fcb2bb177c7a68be75d74be482d3a54b77206c6b02533aea231d882b431d52824cdf5c27d6251e2422fd19e835f4954fea52f7e8c380c641c449bf6599a608d0f65d7ba24d8b626ce7c42a668eb62244b826b060f28e50d86c8a1e96b2c05318ace9b1762ed46acc833de457358a3c72fbec3d97e85ba906512184f8f421e0c0ea552ae8e7dc1f3bc61fde5a9d03c216e63566edf46c424c737994c1bab27583e94b0094338f90f63007c25cc4ec7935a4b46efb1f2e7f86a863d62aeea159aef98a8ef272bc658eead44fd65b7e8c5c3ae93715dbf1aad76c311cc204e31f2ac285c390c8cca497500a6f33fc5057542547d14a2a3d326a56178ba4b409ddcee45eea5bfa8001eca6441774612962ed254ab1236f690c17bf48b76ca12eefeb8a54edc769f62c30d5fb8821d6dec5ab406809d1029a865ddb15b895abe57abc6e3e13127709dbd8158ded30e8a209b2ad6f2b203f07745a0db4135f5230f7b42cb228c9cb02399b41fef5b976a7eaa4c0bc06dbc43735ea33436fd7fdaeb5e9bde145f04458a5666dbf91888e573c00528e12b00682e05936a25a23c4d93eb3635243d87a91929749c6a180cfa1c25349cffb3082842a394147675934bb543aad73acbc6834053ed3bc0a832328c4175edc0a814df55a3deb4189ca321967e56962d6b383fd88be39622bee306eaf73ddc33cd6549b2d7948115a384551fa866d32cc3a07fe2cd002cdc6faabde6cb93ac96104b712adf2918f9e9e839ce749a3694fd6458350ae60f77969d6f0dcaaf1e82c933e820d68a2d6d35585121d94c732dcf01f8c0c5f204307d51b6e4f6d307feb8ef08cee2e3f5e44cf1972b305656986a79ba7c5e93158989632f87b6ed5991d2a1c06ed5cb8c92a39d6c92a37841de4dd01e25b58e74c2ca5cc93fe9f3cb4ca09710b9969b02d252a2e9728325dcd31603c69eec71e6008e9dae71df7da14b33667cb6afe21675d534123b96e3cfa462905ec50ad76269f9ce3702e5026ea0a9518123b576057b5ffa403e8af6d88c5f15e6d31205dc99c27cdf5304d1bcf50ca20c54afb38ce24e6a0a6f299bfdd576f66e5915e810a6e1e25bf879e3bdb2dec688685d433d9f8b59c058c6643c8bbd3c11da098c7e066fa1d0ff92133da7e2ac7f05abddf7cb97d4cf51a9e30b479f55fe21a5d721109d0a5dd6643db987d072d51f66277abe8bcdef83d33cb1adae60ef278947256d3a5f97b60d950178cf611a7be8532e9c53ac421e306c3c36087214937c25841ea01189c746a9f8deee6788840376ea0e1d88b474f6cde4fc741124de4aff69d5e0dcd374ad5a289ee7067b0c3fc7c32bf5a1ad19c4aa902dd7e38a066abfd1721d4fa2bc77a2b43d60a613ad683f1e6fe9c4b985aeb326cda4fedbd79a817f1df4356e1043b3d8039cb733fc767c3b8ed61000ca894a05ea8ca5cb25c93c2d94ef48763fa3b69ba0ed9f3911ed3a5e963a2da79f93411e79896206ec558913e5c1bde611deb424d4a09c91b5b8bda50aa991384f56283098e02284faf941f0b6beaecfc69f7616c8bce918d5c626ecc4a4f229f63d475a8d384065922f9303da6939a4bb278fd2d1f91f8bce4092410f55642e0c403429fedd17a61561e7cab529b2aa0ccd5efef569f0a2eb1d9992c96701435303c9d7c7e0d7385e7607b7575fd47dab47fecc9ddb7ce017b230e3a6d7780813daf3e29318a172d9af45514c8f153963f71e3c72dfa8525fd1f752851f89d25624b970f20d8edbc93becf1e8bca2f4938969ffc754c5a872729d53c1b0edb7f1461096fe075356206e5c7cba1c7491e0382a853940f96c6b17efb1f2d8f1741d23736afe413c6443f95f94485471208c9201e1c7db1a95bc625b0463e011fc7108a73083fa977fa3cb8557678788e44d21032d3d3aec7724ae76244f10c90df9528d5b8dcf2b323ecde6cdceb6f0ea93e9fb0a3943c0b8b2e55d229f3439827b1f541b801e0af9855abea8a0a12663b01f7dec1cab5c1d41f369b36289e91453ffc8a69e5b681248c24eba2fd3c4d7a780cd41a83ab5f69e85e0c633254f6840d809ac6b0eca94695ed7ae1e067f3e05a8dc7cb1f4231d6b2ccde1a4f8d13369c0235444f4f44bce85660602a6994128f02d985f699602df4025fb1f616127fb616e5663e88993f361dc73349e8452555b6ebf8df4825f85e83188626bc98e568ad8586d2cdb0fd71ae961cf428bbdfbbfd7a0dba454e9cc7317cf7e1d0e06df3fc8cf96c6a6e2304dd16908a95e324034e0bacd4b2e83e61ff7042d8788537d8726eda9d2f6124060dc1b139796f8a1afee2e392cf83d2f692c7cf7fc5e908dd5087483ab5aad0e4bf942f44d2a4b612f4438cc2cafc0a242ffc95241e975b9d84016dc3f30470693f410620159bfa3ca06915377643de86fbf135f21fdcb14fedb4a79f8a058163189cb3f6cc9fa8fc0aadba58a8a98e4fbafd70382247b8e49d2db59c99a488f52e7730b6792edf0c8cf28be3597ef5968182f7d03e9ec44e2d7f5792691e488e6f78d5ae3df1c6ffa2e0c31e0c891463445835abc96983d594df1c82f776bfedb497e0787952d7574b75b38058f2ae1ce7d7e815924d1e2b520d9be5a702e15b974f07c2101a180392f80145c7f2964cda19319e6514f7850cbdec210915ef2428cb1209219788b981c603ea34f612a3012cef4151ba41c151aec6f65814c367f0d74d1792ceb228fc6d04fae31171f69406d2306499b44185fc823539c538c279a6740db262696bcf58d41c8b664f58cc833312b1f4302311584508ea992fbdf2d8dda501c91a51ff9149e4aa1534d7364290f68ff3519e3dc3af9b0741fe3a3a4408839e5d49afc25ef86a5e6ec4be9065a0cf47be6ddc96f5d842657d0a1a812480331eb817d123470303f2d306a79ad3aa29a4c1fe469a6990b0c8521f01dd26399c9eaac4109c5fff5fb4cd288ccbcee76e8bb0eeda8c8fc403c414db047d470152a9a4dd2105d7033446d5f6e3bb49461ed490d02fe9f93689df0629b3140e631ae48a69ae71049c35470273723caff1cea106ff363f0799d09b3168c13a1e2117fd30753f3c5f680c44f5dbf4e3e8b81ef7ffc1afb4f5d96e6906154e0c24906713889c024c32d0351e78263833bb7eed92ea3bdcdaaaf6047eb06c5c1a7ebdad813c0f2f06f4ea158cbd90c285c257a28e09a66ad848cbff8f7afaf46b6586629b450545e2c986799711652e37cf69261af9fbceb13021eb6fcfd803ff9685b56a42fb0d45ac2c4e854304060bb7179f10d0080585cae68d0973371f434ec976c94dbe09f454c1385956a2d9ff4e5e5be4568e613e51fc98043cc25703fc85609c6abc7bcd17731e81baab5d8774183ff16ef30aa05c6a6d528e63665c90f884109b8f7210ad174312f3696e0c49b92d84675ffd8e8d8693ab07ef280a1d276b20795d4bacf288f1c3494d4f982233b3651b5cc84cd744100e26507344ebabc9380f0254a7b63ba061ff53f0683ec3f67b0b0ea9bf3854d94a0e9c4f0346c4a0841ba3bca3dd952afa90536e8909bf0e67c3fe60decdeb43294f248099d2d9e9714131a3d8dc42af1000708ffa3d96ebfc50878b4164ffbf3fd0d4dfd4acdd1c898365ca26854dad51bf27a48633a837aa9b660d668ab417e8b501f6dee85c18682a210796cfaf90a33d4b6d61d445596a1aebfbcda3efc97a5791dc1d07d1fcb82d0651bf36bb5a07c8fa52bca4cbcc1f09475370a65ad89b8cd52c8207a837f8083f1652a4605c415935fe3906b99d460ee229dba05ddf9531f5479445e657d74878fc5c8dec3a61d393bbf6f18bb21b0f54eadb70f64c069e4dcb979975dd58423d619f500c8ae505090bbc8b0a8059093fec4ede3f1aa78ab368fecb58a780e4b97fad5c6d9bdbbe80d9fff51466a78452e3c33cad305b62518e8cab20bd3fdd023abf46d92f380544086951f1d0e832f0e698b14babb6264e7db48aa5a9739952d3be12991e386609089a53997006c4603f751c8acb5dbe1b412244e02a73b9ca6c02509f40d4787786b9368bea220f95f94f62ce3e0b9d31b6d2e836e09f705fcdc5531d87dbdf85c8ac872eebf6b3fbb781e1222a29dfcbfae9425a350f1b168cff9df5e01c9f92e1e399a7b808000dc5e1383169d07878794d037d83ea0418d77e9dd9b636380bf595f2a1caad65a9b64d5826f077242a97b77b52281dd88b21024e8f7707b1fcd540afd8664b4c4ddebe0abe5f19496b669cb50f1a1be87b4f996521520e10f8bfb1b7f9dd0fe0e2470c34f018a3cbe68bf7276035df05cffed64b2e707aa9b2e9b1c05e86d99ba64f120457e755897888f4141a2ae0eb87979cd452acaa0a17b7bb778021b58242120b12ebe42cd5b50c4e5ff31e8ca981031d0b46855bb12ca54ae25248ee711aa939ed93c98ff9f91058921ffd2b54b26dd69212df3e7c2d2bf469d3333026fba132c4135c57afbe5a748aa3b86f5b7e213ccf8f74e95184522d927904d175287d17b3b5dd951d9671c940b210e32a07a49591c9d5a71be6d94d925de79dd600e57a6d66530ec71528fc67ef59f7b4b769ed09b32db87177e63c83487231652bfcc85c262a03dcde7fdce9e7d06e8b639f821e67ffb84e48a56c55525529fe1257eff745b78404588c05980fd12588dd3ed4f96f52eb3787dd7c83da7c4533efaa6fcc98340fc8744982269db7c916fc469f1f8f3cec5f953513fe9473331fd8d576dceff9365d721583141f01066e01ef6f79aec7a2adaeb50163c59ba3de8d453fca3ca2e8ad3fb9506b9f9126f1abdaef131dccced40262624a63082f1c3a4b1f213ec8068dfae1b6991347cc83fab9b3cce34bc260b859ae0efaa97dcf9bf43ec79aec330593a6960ebdecbd9ce22acdb7f48a560da34fa7552bd51f7824570764cfd572d8d2b9c18472fd57fda4c53998f54133938fc1b02b53e50df26b394b1034dd0c846c612996b9588d48f12b9abd3c42ca96bec21983a1efd17c5045d8b388377830c795a8e9d93d5942d590f5c9ae7bef8ff9ed7fa662bd37cf3e2b97fbeae67716ce3e59cfabf755d155f1f9fe43a0e60c9db5f95b8ce80316f4ba505d7ea88658c531ea2219af5cae6e723b98"}, 0x1008, 0x0)
r1 = getegid()
r2 = getgid()
r3 = getpgrp(0x0)
syz_open_procfs$namespace(r3, 0x0)
r4 = getpgrp(0x0)
syz_open_procfs$namespace(r4, 0x0)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000080)={{0x1, 0x0, r1, 0x0, r2, 0x10, 0x7}, 0x0, 0x0, 0x0, 0xb9c4, 0x3, 0x5, 0x81, 0x9, 0x2, 0x2, r3, r4})
ioctl$IOMMU_DESTROY$device(0xffffffffffffffff, 0x3b80, &(0x7f0000000000)={0x8})

06:28:21 executing program 4:
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x10000, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000080)={<r1=>0x0})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f00000000c0)={r1})
syz_open_dev$usbmon(&(0x7f0000000000), 0x800000, 0x204100) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x800000, 0x204100)

06:28:21 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, 0x0)

06:28:21 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:21 executing program 4:
r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x10000, 0x0)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, &(0x7f0000000080)={<r1=>0x0})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f00000000c0)={r1}) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x800000, 0x204100)

06:28:21 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)={0x128, 0x1403, 0x4, 0x70bd29, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'nr0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'pimreg0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'ipvlan1\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'virt_wifi0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'pim6reg\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth1_to_bond\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_virt_wifi\x00'}}]}, 0x128}, 0x1, 0x0, 0x0, 0x4010}, 0x20004050)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x38, 0x140c, 0x4, 0x70bd25, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x3}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)={0x128, 0x1403, 0x4, 0x70bd29, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'nr0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'pimreg0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'ipvlan1\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'virt_wifi0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'pim6reg\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth1_to_bond\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_virt_wifi\x00'}}]}, 0x128}, 0x1, 0x0, 0x0, 0x4010}, 0x20004050) (async)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x38, 0x140c, 0x4, 0x70bd25, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x3}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) (async)

06:28:22 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000080)={0x1, r2}) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)

06:28:22 executing program 4:
r0 = msgget$private(0x0, 0x490)
r1 = getuid()
getresuid(&(0x7f0000001280)=<r2=>0x0, &(0x7f00000012c0), &(0x7f0000001300)=<r3=>0x0)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000001340)={{0x1, r1, 0xffffffffffffffff, r2, 0xffffffffffffffff, 0x20, 0x5}, 0x0, 0x0, 0x5, 0x2, 0xffffffffffffffff, 0x100000000, 0xfb8, 0x5, 0x8000, 0x5, 0xffffffffffffffff, 0xffffffffffffffff})
r4 = getegid()
msgctl$IPC_SET(r0, 0x1, &(0x7f0000002500)={{0x2, r1, r4, r3, 0xffffffffffffffff, 0x1, 0x3f}, 0x0, 0x0, 0x5, 0x6, 0x7, 0x7ffd, 0x83e, 0x8, 0x23f, 0x40})
r5 = getegid()
r6 = syz_clone(0x20080480, &(0x7f0000000040)="e1a9fd30e4af46f6be3e3211b7cc73641a246519e111744ad346465219f5697f72e981f0ab051c7a7a295242aa506efb93ef2a6a48ef25cbf610380c480736cbff119b56d978593835dec93d3be9618f292cf5cb26378f1cbaf8758dc5cba89ab75485128aa8c922259f268ee12961c60c01716bfa7f8d6b178afa9ab50fb567ce04106872d90c89b7de2c1187a115762d940a52c11a8f01e086896617cddc76e0b247f8ad1e3818bda5c56d48f9a65e417f339e9193e2fb6c9936bbb2922e55c1e2d197", 0xc4, &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)="e3921003d959c8f6b05f5b8eafd2018d99104433d4c2e98acb281f314e5c2e19be6e")
ioctl$SIOCAX25GETUID(0xffffffffffffffff, 0x89e0, &(0x7f0000000280)={0x3, @default, r1})
r7 = getpgrp(0x0)
syz_open_procfs$namespace(r7, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000200)={{0x1, 0xee01, 0x0, r1, r5, 0x24, 0x5}, 0x0, 0x0, 0x5, 0x3, 0x4, 0x0, 0x1400000, 0x80, 0x7, 0x0, r6, r7})
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

06:28:22 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, 0x0)

06:28:22 executing program 2:
r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0)
ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, 0x0)

06:28:22 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = msgget(0x2, 0x404)
msgsnd(r0, &(0x7f0000000000)={0x2, "f10f1065e5e6efb3002e3ade040aab50b1fa0589ef9713bed43c03a0e00e43da4d33eb7bc0651ecbdfa0f646d7e882a80fa039b19578e1ab787cbf0486d51dd39fc1abf5effc85ee3d9b223afccb27385f494702ae85823d9e6498ef1e0887cf47e14489369d24d11ec3a16ac3675e8e717ad76224918fe2f0e762226aae7f3559428d2bb11b606e151edb3415c563e37e488abf8fd98a122a6c07b2ea4eb9526b82a13b1f3ea014316dedf7ed1708f547176ecb2332054243710f11e1d48a54690c79abe33b52fe7ee850eca1dbd7b1eb4bc0d9bc920a"}, 0xdf, 0x0) (async)
msgsnd(r0, &(0x7f00000014c0)={0x1, "fddc59c508efd32adc6531ccc0df07191df74d937d7ccc23ce32119b742367e1fa8554ee9ac4c1b2b9c63eb23f32538496ae210c6ea20976bde4aaed01f67e217c0380d1d5cd88c3868fd38ad332b5dc14cabc32f0262d7d39cefd322483f318e678b558b657e4e0e43ec83dc2ed570a7b6c774a4d0523d7c1f1b02baa477a62144dff6758ed91ae01d3e020bdac1c453fddcd5afef4d9f5ead76b98ab9aa858bd1c2a74dac4613eb7f2bb7cc2b085271f54c01b8f455b12d4c9a470830962aadc79cea59cb9e8f7a0cc4f34eba14091e8fa02196b0faa4a69926b9bdff42a51a80f1d294d08618066c031f3a5792bac4ae658b3ad7049bd666d6f0396621a1f92a3bd861e9a033afadb3b456a3b3bf14d6c0d718c9d2655fc5327ec0de610dec5e6af30ee509aa84b165f97d7f668c077cff84e6d14d7bf4c14a7acf83922beafe37ff35b839ed85c56b47a5cbde8580c28ec7c6e22961462f5fad26e6acc54b201b613c4d261d5b0c050c91254a92e190c8569bdd4ee9d9877af6f062962db6ce5031a5c172df0a4e95a870e3bbde6b64305242214e6a2483730b16a4eadba065ed7a57719163b7100d8cc643b3fcf1cf273e64e8971d8c267f11c85c369f27310ac7bdd14e4526649b6e2e88a10fcb2bb177c7a68be75d74be482d3a54b77206c6b02533aea231d882b431d52824cdf5c27d6251e2422fd19e835f4954fea52f7e8c380c641c449bf6599a608d0f65d7ba24d8b626ce7c42a668eb62244b826b060f28e50d86c8a1e96b2c05318ace9b1762ed46acc833de457358a3c72fbec3d97e85ba906512184f8f421e0c0ea552ae8e7dc1f3bc61fde5a9d03c216e63566edf46c424c737994c1bab27583e94b0094338f90f63007c25cc4ec7935a4b46efb1f2e7f86a863d62aeea159aef98a8ef272bc658eead44fd65b7e8c5c3ae93715dbf1aad76c311cc204e31f2ac285c390c8cca497500a6f33fc5057542547d14a2a3d326a56178ba4b409ddcee45eea5bfa8001eca6441774612962ed254ab1236f690c17bf48b76ca12eefeb8a54edc769f62c30d5fb8821d6dec5ab406809d1029a865ddb15b895abe57abc6e3e13127709dbd8158ded30e8a209b2ad6f2b203f07745a0db4135f5230f7b42cb228c9cb02399b41fef5b976a7eaa4c0bc06dbc43735ea33436fd7fdaeb5e9bde145f04458a5666dbf91888e573c00528e12b00682e05936a25a23c4d93eb3635243d87a91929749c6a180cfa1c25349cffb3082842a394147675934bb543aad73acbc6834053ed3bc0a832328c4175edc0a814df55a3deb4189ca321967e56962d6b383fd88be39622bee306eaf73ddc33cd6549b2d7948115a384551fa866d32cc3a07fe2cd002cdc6faabde6cb93ac96104b712adf2918f9e9e839ce749a3694fd6458350ae60f77969d6f0dcaaf1e82c933e820d68a2d6d35585121d94c732dcf01f8c0c5f204307d51b6e4f6d307feb8ef08cee2e3f5e44cf1972b305656986a79ba7c5e93158989632f87b6ed5991d2a1c06ed5cb8c92a39d6c92a37841de4dd01e25b58e74c2ca5cc93fe9f3cb4ca09710b9969b02d252a2e9728325dcd31603c69eec71e6008e9dae71df7da14b33667cb6afe21675d534123b96e3cfa462905ec50ad76269f9ce3702e5026ea0a9518123b576057b5ffa403e8af6d88c5f15e6d31205dc99c27cdf5304d1bcf50ca20c54afb38ce24e6a0a6f299bfdd576f66e5915e810a6e1e25bf879e3bdb2dec688685d433d9f8b59c058c6643c8bbd3c11da098c7e066fa1d0ff92133da7e2ac7f05abddf7cb97d4cf51a9e30b479f55fe21a5d721109d0a5dd6643db987d072d51f66277abe8bcdef83d33cb1adae60ef278947256d3a5f97b60d950178cf611a7be8532e9c53ac421e306c3c36087214937c25841ea01189c746a9f8deee6788840376ea0e1d88b474f6cde4fc741124de4aff69d5e0dcd374ad5a289ee7067b0c3fc7c32bf5a1ad19c4aa902dd7e38a066abfd1721d4fa2bc77a2b43d60a613ad683f1e6fe9c4b985aeb326cda4fedbd79a817f1df4356e1043b3d8039cb733fc767c3b8ed61000ca894a05ea8ca5cb25c93c2d94ef48763fa3b69ba0ed9f3911ed3a5e963a2da79f93411e79896206ec558913e5c1bde611deb424d4a09c91b5b8bda50aa991384f56283098e02284faf941f0b6beaecfc69f7616c8bce918d5c626ecc4a4f229f63d475a8d384065922f9303da6939a4bb278fd2d1f91f8bce4092410f55642e0c403429fedd17a61561e7cab529b2aa0ccd5efef569f0a2eb1d9992c96701435303c9d7c7e0d7385e7607b7575fd47dab47fecc9ddb7ce017b230e3a6d7780813daf3e29318a172d9af45514c8f153963f71e3c72dfa8525fd1f752851f89d25624b970f20d8edbc93becf1e8bca2f4938969ffc754c5a872729d53c1b0edb7f1461096fe075356206e5c7cba1c7491e0382a853940f96c6b17efb1f2d8f1741d23736afe413c6443f95f94485471208c9201e1c7db1a95bc625b0463e011fc7108a73083fa977fa3cb8557678788e44d21032d3d3aec7724ae76244f10c90df9528d5b8dcf2b323ecde6cdceb6f0ea93e9fb0a3943c0b8b2e55d229f3439827b1f541b801e0af9855abea8a0a12663b01f7dec1cab5c1d41f369b36289e91453ffc8a69e5b681248c24eba2fd3c4d7a780cd41a83ab5f69e85e0c633254f6840d809ac6b0eca94695ed7ae1e067f3e05a8dc7cb1f4231d6b2ccde1a4f8d13369c0235444f4f44bce85660602a6994128f02d985f699602df4025fb1f616127fb616e5663e88993f361dc73349e8452555b6ebf8df4825f85e83188626bc98e568ad8586d2cdb0fd71ae961cf428bbdfbbfd7a0dba454e9cc7317cf7e1d0e06df3fc8cf96c6a6e2304dd16908a95e324034e0bacd4b2e83e61ff7042d8788537d8726eda9d2f6124060dc1b139796f8a1afee2e392cf83d2f692c7cf7fc5e908dd5087483ab5aad0e4bf942f44d2a4b612f4438cc2cafc0a242ffc95241e975b9d84016dc3f30470693f410620159bfa3ca06915377643de86fbf135f21fdcb14fedb4a79f8a058163189cb3f6cc9fa8fc0aadba58a8a98e4fbafd70382247b8e49d2db59c99a488f52e7730b6792edf0c8cf28be3597ef5968182f7d03e9ec44e2d7f5792691e488e6f78d5ae3df1c6ffa2e0c31e0c891463445835abc96983d594df1c82f776bfedb497e0787952d7574b75b38058f2ae1ce7d7e815924d1e2b520d9be5a702e15b974f07c2101a180392f80145c7f2964cda19319e6514f7850cbdec210915ef2428cb1209219788b981c603ea34f612a3012cef4151ba41c151aec6f65814c367f0d74d1792ceb228fc6d04fae31171f69406d2306499b44185fc823539c538c279a6740db262696bcf58d41c8b664f58cc833312b1f4302311584508ea992fbdf2d8dda501c91a51ff9149e4aa1534d7364290f68ff3519e3dc3af9b0741fe3a3a4408839e5d49afc25ef86a5e6ec4be9065a0cf47be6ddc96f5d842657d0a1a812480331eb817d123470303f2d306a79ad3aa29a4c1fe469a6990b0c8521f01dd26399c9eaac4109c5fff5fb4cd288ccbcee76e8bb0eeda8c8fc403c414db047d470152a9a4dd2105d7033446d5f6e3bb49461ed490d02fe9f93689df0629b3140e631ae48a69ae71049c35470273723caff1cea106ff363f0799d09b3168c13a1e2117fd30753f3c5f680c44f5dbf4e3e8b81ef7ffc1afb4f5d96e6906154e0c24906713889c024c32d0351e78263833bb7eed92ea3bdcdaaaf6047eb06c5c1a7ebdad813c0f2f06f4ea158cbd90c285c257a28e09a66ad848cbff8f7afaf46b6586629b450545e2c986799711652e37cf69261af9fbceb13021eb6fcfd803ff9685b56a42fb0d45ac2c4e854304060bb7179f10d0080585cae68d0973371f434ec976c94dbe09f454c1385956a2d9ff4e5e5be4568e613e51fc98043cc25703fc85609c6abc7bcd17731e81baab5d8774183ff16ef30aa05c6a6d528e63665c90f884109b8f7210ad174312f3696e0c49b92d84675ffd8e8d8693ab07ef280a1d276b20795d4bacf288f1c3494d4f982233b3651b5cc84cd744100e26507344ebabc9380f0254a7b63ba061ff53f0683ec3f67b0b0ea9bf3854d94a0e9c4f0346c4a0841ba3bca3dd952afa90536e8909bf0e67c3fe60decdeb43294f248099d2d9e9714131a3d8dc42af1000708ffa3d96ebfc50878b4164ffbf3fd0d4dfd4acdd1c898365ca26854dad51bf27a48633a837aa9b660d668ab417e8b501f6dee85c18682a210796cfaf90a33d4b6d61d445596a1aebfbcda3efc97a5791dc1d07d1fcb82d0651bf36bb5a07c8fa52bca4cbcc1f09475370a65ad89b8cd52c8207a837f8083f1652a4605c415935fe3906b99d460ee229dba05ddf9531f5479445e657d74878fc5c8dec3a61d393bbf6f18bb21b0f54eadb70f64c069e4dcb979975dd58423d619f500c8ae505090bbc8b0a8059093fec4ede3f1aa78ab368fecb58a780e4b97fad5c6d9bdbbe80d9fff51466a78452e3c33cad305b62518e8cab20bd3fdd023abf46d92f380544086951f1d0e832f0e698b14babb6264e7db48aa5a9739952d3be12991e386609089a53997006c4603f751c8acb5dbe1b412244e02a73b9ca6c02509f40d4787786b9368bea220f95f94f62ce3e0b9d31b6d2e836e09f705fcdc5531d87dbdf85c8ac872eebf6b3fbb781e1222a29dfcbfae9425a350f1b168cff9df5e01c9f92e1e399a7b808000dc5e1383169d07878794d037d83ea0418d77e9dd9b636380bf595f2a1caad65a9b64d5826f077242a97b77b52281dd88b21024e8f7707b1fcd540afd8664b4c4ddebe0abe5f19496b669cb50f1a1be87b4f996521520e10f8bfb1b7f9dd0fe0e2470c34f018a3cbe68bf7276035df05cffed64b2e707aa9b2e9b1c05e86d99ba64f120457e755897888f4141a2ae0eb87979cd452acaa0a17b7bb778021b58242120b12ebe42cd5b50c4e5ff31e8ca981031d0b46855bb12ca54ae25248ee711aa939ed93c98ff9f91058921ffd2b54b26dd69212df3e7c2d2bf469d3333026fba132c4135c57afbe5a748aa3b86f5b7e213ccf8f74e95184522d927904d175287d17b3b5dd951d9671c940b210e32a07a49591c9d5a71be6d94d925de79dd600e57a6d66530ec71528fc67ef59f7b4b769ed09b32db87177e63c83487231652bfcc85c262a03dcde7fdce9e7d06e8b639f821e67ffb84e48a56c55525529fe1257eff745b78404588c05980fd12588dd3ed4f96f52eb3787dd7c83da7c4533efaa6fcc98340fc8744982269db7c916fc469f1f8f3cec5f953513fe9473331fd8d576dceff9365d721583141f01066e01ef6f79aec7a2adaeb50163c59ba3de8d453fca3ca2e8ad3fb9506b9f9126f1abdaef131dccced40262624a63082f1c3a4b1f213ec8068dfae1b6991347cc83fab9b3cce34bc260b859ae0efaa97dcf9bf43ec79aec330593a6960ebdecbd9ce22acdb7f48a560da34fa7552bd51f7824570764cfd572d8d2b9c18472fd57fda4c53998f54133938fc1b02b53e50df26b394b1034dd0c846c612996b9588d48f12b9abd3c42ca96bec21983a1efd17c5045d8b388377830c795a8e9d93d5942d590f5c9ae7bef8ff9ed7fa662bd37cf3e2b97fbeae67716ce3e59cfabf755d155f1f9fe43a0e60c9db5f95b8ce80316f4ba505d7ea88658c531ea2219af5cae6e723b98"}, 0x1008, 0x0)
r1 = getegid() (async)
r2 = getgid()
r3 = getpgrp(0x0)
syz_open_procfs$namespace(r3, 0x0) (async)
r4 = getpgrp(0x0)
syz_open_procfs$namespace(r4, 0x0) (async)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000080)={{0x1, 0x0, r1, 0x0, r2, 0x10, 0x7}, 0x0, 0x0, 0x0, 0xb9c4, 0x3, 0x5, 0x81, 0x9, 0x2, 0x2, r3, r4}) (async)
ioctl$IOMMU_DESTROY$device(0xffffffffffffffff, 0x3b80, &(0x7f0000000000)={0x8})

06:28:22 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = msgget(0x2, 0x404)
msgsnd(r0, &(0x7f0000000000)={0x2, "f10f1065e5e6efb3002e3ade040aab50b1fa0589ef9713bed43c03a0e00e43da4d33eb7bc0651ecbdfa0f646d7e882a80fa039b19578e1ab787cbf0486d51dd39fc1abf5effc85ee3d9b223afccb27385f494702ae85823d9e6498ef1e0887cf47e14489369d24d11ec3a16ac3675e8e717ad76224918fe2f0e762226aae7f3559428d2bb11b606e151edb3415c563e37e488abf8fd98a122a6c07b2ea4eb9526b82a13b1f3ea014316dedf7ed1708f547176ecb2332054243710f11e1d48a54690c79abe33b52fe7ee850eca1dbd7b1eb4bc0d9bc920a"}, 0xdf, 0x0)
msgsnd(r0, &(0x7f00000014c0)={0x1, "fddc59c508efd32adc6531ccc0df07191df74d937d7ccc23ce32119b742367e1fa8554ee9ac4c1b2b9c63eb23f32538496ae210c6ea20976bde4aaed01f67e217c0380d1d5cd88c3868fd38ad332b5dc14cabc32f0262d7d39cefd322483f318e678b558b657e4e0e43ec83dc2ed570a7b6c774a4d0523d7c1f1b02baa477a62144dff6758ed91ae01d3e020bdac1c453fddcd5afef4d9f5ead76b98ab9aa858bd1c2a74dac4613eb7f2bb7cc2b085271f54c01b8f455b12d4c9a470830962aadc79cea59cb9e8f7a0cc4f34eba14091e8fa02196b0faa4a69926b9bdff42a51a80f1d294d08618066c031f3a5792bac4ae658b3ad7049bd666d6f0396621a1f92a3bd861e9a033afadb3b456a3b3bf14d6c0d718c9d2655fc5327ec0de610dec5e6af30ee509aa84b165f97d7f668c077cff84e6d14d7bf4c14a7acf83922beafe37ff35b839ed85c56b47a5cbde8580c28ec7c6e22961462f5fad26e6acc54b201b613c4d261d5b0c050c91254a92e190c8569bdd4ee9d9877af6f062962db6ce5031a5c172df0a4e95a870e3bbde6b64305242214e6a2483730b16a4eadba065ed7a57719163b7100d8cc643b3fcf1cf273e64e8971d8c267f11c85c369f27310ac7bdd14e4526649b6e2e88a10fcb2bb177c7a68be75d74be482d3a54b77206c6b02533aea231d882b431d52824cdf5c27d6251e2422fd19e835f4954fea52f7e8c380c641c449bf6599a608d0f65d7ba24d8b626ce7c42a668eb62244b826b060f28e50d86c8a1e96b2c05318ace9b1762ed46acc833de457358a3c72fbec3d97e85ba906512184f8f421e0c0ea552ae8e7dc1f3bc61fde5a9d03c216e63566edf46c424c737994c1bab27583e94b0094338f90f63007c25cc4ec7935a4b46efb1f2e7f86a863d62aeea159aef98a8ef272bc658eead44fd65b7e8c5c3ae93715dbf1aad76c311cc204e31f2ac285c390c8cca497500a6f33fc5057542547d14a2a3d326a56178ba4b409ddcee45eea5bfa8001eca6441774612962ed254ab1236f690c17bf48b76ca12eefeb8a54edc769f62c30d5fb8821d6dec5ab406809d1029a865ddb15b895abe57abc6e3e13127709dbd8158ded30e8a209b2ad6f2b203f07745a0db4135f5230f7b42cb228c9cb02399b41fef5b976a7eaa4c0bc06dbc43735ea33436fd7fdaeb5e9bde145f04458a5666dbf91888e573c00528e12b00682e05936a25a23c4d93eb3635243d87a91929749c6a180cfa1c25349cffb3082842a394147675934bb543aad73acbc6834053ed3bc0a832328c4175edc0a814df55a3deb4189ca321967e56962d6b383fd88be39622bee306eaf73ddc33cd6549b2d7948115a384551fa866d32cc3a07fe2cd002cdc6faabde6cb93ac96104b712adf2918f9e9e839ce749a3694fd6458350ae60f77969d6f0dcaaf1e82c933e820d68a2d6d35585121d94c732dcf01f8c0c5f204307d51b6e4f6d307feb8ef08cee2e3f5e44cf1972b305656986a79ba7c5e93158989632f87b6ed5991d2a1c06ed5cb8c92a39d6c92a37841de4dd01e25b58e74c2ca5cc93fe9f3cb4ca09710b9969b02d252a2e9728325dcd31603c69eec71e6008e9dae71df7da14b33667cb6afe21675d534123b96e3cfa462905ec50ad76269f9ce3702e5026ea0a9518123b576057b5ffa403e8af6d88c5f15e6d31205dc99c27cdf5304d1bcf50ca20c54afb38ce24e6a0a6f299bfdd576f66e5915e810a6e1e25bf879e3bdb2dec688685d433d9f8b59c058c6643c8bbd3c11da098c7e066fa1d0ff92133da7e2ac7f05abddf7cb97d4cf51a9e30b479f55fe21a5d721109d0a5dd6643db987d072d51f66277abe8bcdef83d33cb1adae60ef278947256d3a5f97b60d950178cf611a7be8532e9c53ac421e306c3c36087214937c25841ea01189c746a9f8deee6788840376ea0e1d88b474f6cde4fc741124de4aff69d5e0dcd374ad5a289ee7067b0c3fc7c32bf5a1ad19c4aa902dd7e38a066abfd1721d4fa2bc77a2b43d60a613ad683f1e6fe9c4b985aeb326cda4fedbd79a817f1df4356e1043b3d8039cb733fc767c3b8ed61000ca894a05ea8ca5cb25c93c2d94ef48763fa3b69ba0ed9f3911ed3a5e963a2da79f93411e79896206ec558913e5c1bde611deb424d4a09c91b5b8bda50aa991384f56283098e02284faf941f0b6beaecfc69f7616c8bce918d5c626ecc4a4f229f63d475a8d384065922f9303da6939a4bb278fd2d1f91f8bce4092410f55642e0c403429fedd17a61561e7cab529b2aa0ccd5efef569f0a2eb1d9992c96701435303c9d7c7e0d7385e7607b7575fd47dab47fecc9ddb7ce017b230e3a6d7780813daf3e29318a172d9af45514c8f153963f71e3c72dfa8525fd1f752851f89d25624b970f20d8edbc93becf1e8bca2f4938969ffc754c5a872729d53c1b0edb7f1461096fe075356206e5c7cba1c7491e0382a853940f96c6b17efb1f2d8f1741d23736afe413c6443f95f94485471208c9201e1c7db1a95bc625b0463e011fc7108a73083fa977fa3cb8557678788e44d21032d3d3aec7724ae76244f10c90df9528d5b8dcf2b323ecde6cdceb6f0ea93e9fb0a3943c0b8b2e55d229f3439827b1f541b801e0af9855abea8a0a12663b01f7dec1cab5c1d41f369b36289e91453ffc8a69e5b681248c24eba2fd3c4d7a780cd41a83ab5f69e85e0c633254f6840d809ac6b0eca94695ed7ae1e067f3e05a8dc7cb1f4231d6b2ccde1a4f8d13369c0235444f4f44bce85660602a6994128f02d985f699602df4025fb1f616127fb616e5663e88993f361dc73349e8452555b6ebf8df4825f85e83188626bc98e568ad8586d2cdb0fd71ae961cf428bbdfbbfd7a0dba454e9cc7317cf7e1d0e06df3fc8cf96c6a6e2304dd16908a95e324034e0bacd4b2e83e61ff7042d8788537d8726eda9d2f6124060dc1b139796f8a1afee2e392cf83d2f692c7cf7fc5e908dd5087483ab5aad0e4bf942f44d2a4b612f4438cc2cafc0a242ffc95241e975b9d84016dc3f30470693f410620159bfa3ca06915377643de86fbf135f21fdcb14fedb4a79f8a058163189cb3f6cc9fa8fc0aadba58a8a98e4fbafd70382247b8e49d2db59c99a488f52e7730b6792edf0c8cf28be3597ef5968182f7d03e9ec44e2d7f5792691e488e6f78d5ae3df1c6ffa2e0c31e0c891463445835abc96983d594df1c82f776bfedb497e0787952d7574b75b38058f2ae1ce7d7e815924d1e2b520d9be5a702e15b974f07c2101a180392f80145c7f2964cda19319e6514f7850cbdec210915ef2428cb1209219788b981c603ea34f612a3012cef4151ba41c151aec6f65814c367f0d74d1792ceb228fc6d04fae31171f69406d2306499b44185fc823539c538c279a6740db262696bcf58d41c8b664f58cc833312b1f4302311584508ea992fbdf2d8dda501c91a51ff9149e4aa1534d7364290f68ff3519e3dc3af9b0741fe3a3a4408839e5d49afc25ef86a5e6ec4be9065a0cf47be6ddc96f5d842657d0a1a812480331eb817d123470303f2d306a79ad3aa29a4c1fe469a6990b0c8521f01dd26399c9eaac4109c5fff5fb4cd288ccbcee76e8bb0eeda8c8fc403c414db047d470152a9a4dd2105d7033446d5f6e3bb49461ed490d02fe9f93689df0629b3140e631ae48a69ae71049c35470273723caff1cea106ff363f0799d09b3168c13a1e2117fd30753f3c5f680c44f5dbf4e3e8b81ef7ffc1afb4f5d96e6906154e0c24906713889c024c32d0351e78263833bb7eed92ea3bdcdaaaf6047eb06c5c1a7ebdad813c0f2f06f4ea158cbd90c285c257a28e09a66ad848cbff8f7afaf46b6586629b450545e2c986799711652e37cf69261af9fbceb13021eb6fcfd803ff9685b56a42fb0d45ac2c4e854304060bb7179f10d0080585cae68d0973371f434ec976c94dbe09f454c1385956a2d9ff4e5e5be4568e613e51fc98043cc25703fc85609c6abc7bcd17731e81baab5d8774183ff16ef30aa05c6a6d528e63665c90f884109b8f7210ad174312f3696e0c49b92d84675ffd8e8d8693ab07ef280a1d276b20795d4bacf288f1c3494d4f982233b3651b5cc84cd744100e26507344ebabc9380f0254a7b63ba061ff53f0683ec3f67b0b0ea9bf3854d94a0e9c4f0346c4a0841ba3bca3dd952afa90536e8909bf0e67c3fe60decdeb43294f248099d2d9e9714131a3d8dc42af1000708ffa3d96ebfc50878b4164ffbf3fd0d4dfd4acdd1c898365ca26854dad51bf27a48633a837aa9b660d668ab417e8b501f6dee85c18682a210796cfaf90a33d4b6d61d445596a1aebfbcda3efc97a5791dc1d07d1fcb82d0651bf36bb5a07c8fa52bca4cbcc1f09475370a65ad89b8cd52c8207a837f8083f1652a4605c415935fe3906b99d460ee229dba05ddf9531f5479445e657d74878fc5c8dec3a61d393bbf6f18bb21b0f54eadb70f64c069e4dcb979975dd58423d619f500c8ae505090bbc8b0a8059093fec4ede3f1aa78ab368fecb58a780e4b97fad5c6d9bdbbe80d9fff51466a78452e3c33cad305b62518e8cab20bd3fdd023abf46d92f380544086951f1d0e832f0e698b14babb6264e7db48aa5a9739952d3be12991e386609089a53997006c4603f751c8acb5dbe1b412244e02a73b9ca6c02509f40d4787786b9368bea220f95f94f62ce3e0b9d31b6d2e836e09f705fcdc5531d87dbdf85c8ac872eebf6b3fbb781e1222a29dfcbfae9425a350f1b168cff9df5e01c9f92e1e399a7b808000dc5e1383169d07878794d037d83ea0418d77e9dd9b636380bf595f2a1caad65a9b64d5826f077242a97b77b52281dd88b21024e8f7707b1fcd540afd8664b4c4ddebe0abe5f19496b669cb50f1a1be87b4f996521520e10f8bfb1b7f9dd0fe0e2470c34f018a3cbe68bf7276035df05cffed64b2e707aa9b2e9b1c05e86d99ba64f120457e755897888f4141a2ae0eb87979cd452acaa0a17b7bb778021b58242120b12ebe42cd5b50c4e5ff31e8ca981031d0b46855bb12ca54ae25248ee711aa939ed93c98ff9f91058921ffd2b54b26dd69212df3e7c2d2bf469d3333026fba132c4135c57afbe5a748aa3b86f5b7e213ccf8f74e95184522d927904d175287d17b3b5dd951d9671c940b210e32a07a49591c9d5a71be6d94d925de79dd600e57a6d66530ec71528fc67ef59f7b4b769ed09b32db87177e63c83487231652bfcc85c262a03dcde7fdce9e7d06e8b639f821e67ffb84e48a56c55525529fe1257eff745b78404588c05980fd12588dd3ed4f96f52eb3787dd7c83da7c4533efaa6fcc98340fc8744982269db7c916fc469f1f8f3cec5f953513fe9473331fd8d576dceff9365d721583141f01066e01ef6f79aec7a2adaeb50163c59ba3de8d453fca3ca2e8ad3fb9506b9f9126f1abdaef131dccced40262624a63082f1c3a4b1f213ec8068dfae1b6991347cc83fab9b3cce34bc260b859ae0efaa97dcf9bf43ec79aec330593a6960ebdecbd9ce22acdb7f48a560da34fa7552bd51f7824570764cfd572d8d2b9c18472fd57fda4c53998f54133938fc1b02b53e50df26b394b1034dd0c846c612996b9588d48f12b9abd3c42ca96bec21983a1efd17c5045d8b388377830c795a8e9d93d5942d590f5c9ae7bef8ff9ed7fa662bd37cf3e2b97fbeae67716ce3e59cfabf755d155f1f9fe43a0e60c9db5f95b8ce80316f4ba505d7ea88658c531ea2219af5cae6e723b98"}, 0x1008, 0x0)
r1 = getegid()
r2 = getgid()
r3 = getpgrp(0x0)
syz_open_procfs$namespace(r3, 0x0)
r4 = getpgrp(0x0)
syz_open_procfs$namespace(r4, 0x0)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000080)={{0x1, 0x0, r1, 0x0, r2, 0x10, 0x7}, 0x0, 0x0, 0x0, 0xb9c4, 0x3, 0x5, 0x81, 0x9, 0x2, 0x2, r3, r4})
ioctl$IOMMU_DESTROY$device(0xffffffffffffffff, 0x3b80, &(0x7f0000000000)={0x8})

06:28:22 executing program 4:
r0 = msgget$private(0x0, 0x490) (async, rerun: 64)
r1 = getuid() (async, rerun: 64)
getresuid(&(0x7f0000001280)=<r2=>0x0, &(0x7f00000012c0), &(0x7f0000001300)=<r3=>0x0)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000001340)={{0x1, r1, 0xffffffffffffffff, r2, 0xffffffffffffffff, 0x20, 0x5}, 0x0, 0x0, 0x5, 0x2, 0xffffffffffffffff, 0x100000000, 0xfb8, 0x5, 0x8000, 0x5, 0xffffffffffffffff, 0xffffffffffffffff})
r4 = getegid()
msgctl$IPC_SET(r0, 0x1, &(0x7f0000002500)={{0x2, r1, r4, r3, 0xffffffffffffffff, 0x1, 0x3f}, 0x0, 0x0, 0x5, 0x6, 0x7, 0x7ffd, 0x83e, 0x8, 0x23f, 0x40}) (async)
r5 = getegid() (async)
r6 = syz_clone(0x20080480, &(0x7f0000000040)="e1a9fd30e4af46f6be3e3211b7cc73641a246519e111744ad346465219f5697f72e981f0ab051c7a7a295242aa506efb93ef2a6a48ef25cbf610380c480736cbff119b56d978593835dec93d3be9618f292cf5cb26378f1cbaf8758dc5cba89ab75485128aa8c922259f268ee12961c60c01716bfa7f8d6b178afa9ab50fb567ce04106872d90c89b7de2c1187a115762d940a52c11a8f01e086896617cddc76e0b247f8ad1e3818bda5c56d48f9a65e417f339e9193e2fb6c9936bbb2922e55c1e2d197", 0xc4, &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)="e3921003d959c8f6b05f5b8eafd2018d99104433d4c2e98acb281f314e5c2e19be6e") (async)
ioctl$SIOCAX25GETUID(0xffffffffffffffff, 0x89e0, &(0x7f0000000280)={0x3, @default, r1})
r7 = getpgrp(0x0)
syz_open_procfs$namespace(r7, 0x0) (async)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000200)={{0x1, 0xee01, 0x0, r1, r5, 0x24, 0x5}, 0x0, 0x0, 0x5, 0x3, 0x4, 0x0, 0x1400000, 0x80, 0x7, 0x0, r6, r7})
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

06:28:22 executing program 3:
socketpair(0x5, 0x5, 0x8001, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x48, 0x1402, 0x200, 0x70bd2d, 0x25dfdbfb, "", [@RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz2\x00'}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x4008050}, 0x4008844)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:22 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)={0x128, 0x1403, 0x4, 0x70bd29, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'nr0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'pimreg0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'ipvlan1\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'virt_wifi0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'pim6reg\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth1_to_bond\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'veth0_virt_wifi\x00'}}]}, 0x128}, 0x1, 0x0, 0x0, 0x4010}, 0x20004050)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x38, 0x140c, 0x4, 0x70bd25, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x3}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x38, 0x140c, 0x4, 0x70bd25, 0x25dfdbfd, "", [@RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x3}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x2}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)

06:28:22 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = msgget(0x2, 0x404)
msgsnd(r0, &(0x7f0000000000)={0x2, "f10f1065e5e6efb3002e3ade040aab50b1fa0589ef9713bed43c03a0e00e43da4d33eb7bc0651ecbdfa0f646d7e882a80fa039b19578e1ab787cbf0486d51dd39fc1abf5effc85ee3d9b223afccb27385f494702ae85823d9e6498ef1e0887cf47e14489369d24d11ec3a16ac3675e8e717ad76224918fe2f0e762226aae7f3559428d2bb11b606e151edb3415c563e37e488abf8fd98a122a6c07b2ea4eb9526b82a13b1f3ea014316dedf7ed1708f547176ecb2332054243710f11e1d48a54690c79abe33b52fe7ee850eca1dbd7b1eb4bc0d9bc920a"}, 0xdf, 0x0)
msgsnd(r0, &(0x7f00000014c0)={0x1, "fddc59c508efd32adc6531ccc0df07191df74d937d7ccc23ce32119b742367e1fa8554ee9ac4c1b2b9c63eb23f32538496ae210c6ea20976bde4aaed01f67e217c0380d1d5cd88c3868fd38ad332b5dc14cabc32f0262d7d39cefd322483f318e678b558b657e4e0e43ec83dc2ed570a7b6c774a4d0523d7c1f1b02baa477a62144dff6758ed91ae01d3e020bdac1c453fddcd5afef4d9f5ead76b98ab9aa858bd1c2a74dac4613eb7f2bb7cc2b085271f54c01b8f455b12d4c9a470830962aadc79cea59cb9e8f7a0cc4f34eba14091e8fa02196b0faa4a69926b9bdff42a51a80f1d294d08618066c031f3a5792bac4ae658b3ad7049bd666d6f0396621a1f92a3bd861e9a033afadb3b456a3b3bf14d6c0d718c9d2655fc5327ec0de610dec5e6af30ee509aa84b165f97d7f668c077cff84e6d14d7bf4c14a7acf83922beafe37ff35b839ed85c56b47a5cbde8580c28ec7c6e22961462f5fad26e6acc54b201b613c4d261d5b0c050c91254a92e190c8569bdd4ee9d9877af6f062962db6ce5031a5c172df0a4e95a870e3bbde6b64305242214e6a2483730b16a4eadba065ed7a57719163b7100d8cc643b3fcf1cf273e64e8971d8c267f11c85c369f27310ac7bdd14e4526649b6e2e88a10fcb2bb177c7a68be75d74be482d3a54b77206c6b02533aea231d882b431d52824cdf5c27d6251e2422fd19e835f4954fea52f7e8c380c641c449bf6599a608d0f65d7ba24d8b626ce7c42a668eb62244b826b060f28e50d86c8a1e96b2c05318ace9b1762ed46acc833de457358a3c72fbec3d97e85ba906512184f8f421e0c0ea552ae8e7dc1f3bc61fde5a9d03c216e63566edf46c424c737994c1bab27583e94b0094338f90f63007c25cc4ec7935a4b46efb1f2e7f86a863d62aeea159aef98a8ef272bc658eead44fd65b7e8c5c3ae93715dbf1aad76c311cc204e31f2ac285c390c8cca497500a6f33fc5057542547d14a2a3d326a56178ba4b409ddcee45eea5bfa8001eca6441774612962ed254ab1236f690c17bf48b76ca12eefeb8a54edc769f62c30d5fb8821d6dec5ab406809d1029a865ddb15b895abe57abc6e3e13127709dbd8158ded30e8a209b2ad6f2b203f07745a0db4135f5230f7b42cb228c9cb02399b41fef5b976a7eaa4c0bc06dbc43735ea33436fd7fdaeb5e9bde145f04458a5666dbf91888e573c00528e12b00682e05936a25a23c4d93eb3635243d87a91929749c6a180cfa1c25349cffb3082842a394147675934bb543aad73acbc6834053ed3bc0a832328c4175edc0a814df55a3deb4189ca321967e56962d6b383fd88be39622bee306eaf73ddc33cd6549b2d7948115a384551fa866d32cc3a07fe2cd002cdc6faabde6cb93ac96104b712adf2918f9e9e839ce749a3694fd6458350ae60f77969d6f0dcaaf1e82c933e820d68a2d6d35585121d94c732dcf01f8c0c5f204307d51b6e4f6d307feb8ef08cee2e3f5e44cf1972b305656986a79ba7c5e93158989632f87b6ed5991d2a1c06ed5cb8c92a39d6c92a37841de4dd01e25b58e74c2ca5cc93fe9f3cb4ca09710b9969b02d252a2e9728325dcd31603c69eec71e6008e9dae71df7da14b33667cb6afe21675d534123b96e3cfa462905ec50ad76269f9ce3702e5026ea0a9518123b576057b5ffa403e8af6d88c5f15e6d31205dc99c27cdf5304d1bcf50ca20c54afb38ce24e6a0a6f299bfdd576f66e5915e810a6e1e25bf879e3bdb2dec688685d433d9f8b59c058c6643c8bbd3c11da098c7e066fa1d0ff92133da7e2ac7f05abddf7cb97d4cf51a9e30b479f55fe21a5d721109d0a5dd6643db987d072d51f66277abe8bcdef83d33cb1adae60ef278947256d3a5f97b60d950178cf611a7be8532e9c53ac421e306c3c36087214937c25841ea01189c746a9f8deee6788840376ea0e1d88b474f6cde4fc741124de4aff69d5e0dcd374ad5a289ee7067b0c3fc7c32bf5a1ad19c4aa902dd7e38a066abfd1721d4fa2bc77a2b43d60a613ad683f1e6fe9c4b985aeb326cda4fedbd79a817f1df4356e1043b3d8039cb733fc767c3b8ed61000ca894a05ea8ca5cb25c93c2d94ef48763fa3b69ba0ed9f3911ed3a5e963a2da79f93411e79896206ec558913e5c1bde611deb424d4a09c91b5b8bda50aa991384f56283098e02284faf941f0b6beaecfc69f7616c8bce918d5c626ecc4a4f229f63d475a8d384065922f9303da6939a4bb278fd2d1f91f8bce4092410f55642e0c403429fedd17a61561e7cab529b2aa0ccd5efef569f0a2eb1d9992c96701435303c9d7c7e0d7385e7607b7575fd47dab47fecc9ddb7ce017b230e3a6d7780813daf3e29318a172d9af45514c8f153963f71e3c72dfa8525fd1f752851f89d25624b970f20d8edbc93becf1e8bca2f4938969ffc754c5a872729d53c1b0edb7f1461096fe075356206e5c7cba1c7491e0382a853940f96c6b17efb1f2d8f1741d23736afe413c6443f95f94485471208c9201e1c7db1a95bc625b0463e011fc7108a73083fa977fa3cb8557678788e44d21032d3d3aec7724ae76244f10c90df9528d5b8dcf2b323ecde6cdceb6f0ea93e9fb0a3943c0b8b2e55d229f3439827b1f541b801e0af9855abea8a0a12663b01f7dec1cab5c1d41f369b36289e91453ffc8a69e5b681248c24eba2fd3c4d7a780cd41a83ab5f69e85e0c633254f6840d809ac6b0eca94695ed7ae1e067f3e05a8dc7cb1f4231d6b2ccde1a4f8d13369c0235444f4f44bce85660602a6994128f02d985f699602df4025fb1f616127fb616e5663e88993f361dc73349e8452555b6ebf8df4825f85e83188626bc98e568ad8586d2cdb0fd71ae961cf428bbdfbbfd7a0dba454e9cc7317cf7e1d0e06df3fc8cf96c6a6e2304dd16908a95e324034e0bacd4b2e83e61ff7042d8788537d8726eda9d2f6124060dc1b139796f8a1afee2e392cf83d2f692c7cf7fc5e908dd5087483ab5aad0e4bf942f44d2a4b612f4438cc2cafc0a242ffc95241e975b9d84016dc3f30470693f410620159bfa3ca06915377643de86fbf135f21fdcb14fedb4a79f8a058163189cb3f6cc9fa8fc0aadba58a8a98e4fbafd70382247b8e49d2db59c99a488f52e7730b6792edf0c8cf28be3597ef5968182f7d03e9ec44e2d7f5792691e488e6f78d5ae3df1c6ffa2e0c31e0c891463445835abc96983d594df1c82f776bfedb497e0787952d7574b75b38058f2ae1ce7d7e815924d1e2b520d9be5a702e15b974f07c2101a180392f80145c7f2964cda19319e6514f7850cbdec210915ef2428cb1209219788b981c603ea34f612a3012cef4151ba41c151aec6f65814c367f0d74d1792ceb228fc6d04fae31171f69406d2306499b44185fc823539c538c279a6740db262696bcf58d41c8b664f58cc833312b1f4302311584508ea992fbdf2d8dda501c91a51ff9149e4aa1534d7364290f68ff3519e3dc3af9b0741fe3a3a4408839e5d49afc25ef86a5e6ec4be9065a0cf47be6ddc96f5d842657d0a1a812480331eb817d123470303f2d306a79ad3aa29a4c1fe469a6990b0c8521f01dd26399c9eaac4109c5fff5fb4cd288ccbcee76e8bb0eeda8c8fc403c414db047d470152a9a4dd2105d7033446d5f6e3bb49461ed490d02fe9f93689df0629b3140e631ae48a69ae71049c35470273723caff1cea106ff363f0799d09b3168c13a1e2117fd30753f3c5f680c44f5dbf4e3e8b81ef7ffc1afb4f5d96e6906154e0c24906713889c024c32d0351e78263833bb7eed92ea3bdcdaaaf6047eb06c5c1a7ebdad813c0f2f06f4ea158cbd90c285c257a28e09a66ad848cbff8f7afaf46b6586629b450545e2c986799711652e37cf69261af9fbceb13021eb6fcfd803ff9685b56a42fb0d45ac2c4e854304060bb7179f10d0080585cae68d0973371f434ec976c94dbe09f454c1385956a2d9ff4e5e5be4568e613e51fc98043cc25703fc85609c6abc7bcd17731e81baab5d8774183ff16ef30aa05c6a6d528e63665c90f884109b8f7210ad174312f3696e0c49b92d84675ffd8e8d8693ab07ef280a1d276b20795d4bacf288f1c3494d4f982233b3651b5cc84cd744100e26507344ebabc9380f0254a7b63ba061ff53f0683ec3f67b0b0ea9bf3854d94a0e9c4f0346c4a0841ba3bca3dd952afa90536e8909bf0e67c3fe60decdeb43294f248099d2d9e9714131a3d8dc42af1000708ffa3d96ebfc50878b4164ffbf3fd0d4dfd4acdd1c898365ca26854dad51bf27a48633a837aa9b660d668ab417e8b501f6dee85c18682a210796cfaf90a33d4b6d61d445596a1aebfbcda3efc97a5791dc1d07d1fcb82d0651bf36bb5a07c8fa52bca4cbcc1f09475370a65ad89b8cd52c8207a837f8083f1652a4605c415935fe3906b99d460ee229dba05ddf9531f5479445e657d74878fc5c8dec3a61d393bbf6f18bb21b0f54eadb70f64c069e4dcb979975dd58423d619f500c8ae505090bbc8b0a8059093fec4ede3f1aa78ab368fecb58a780e4b97fad5c6d9bdbbe80d9fff51466a78452e3c33cad305b62518e8cab20bd3fdd023abf46d92f380544086951f1d0e832f0e698b14babb6264e7db48aa5a9739952d3be12991e386609089a53997006c4603f751c8acb5dbe1b412244e02a73b9ca6c02509f40d4787786b9368bea220f95f94f62ce3e0b9d31b6d2e836e09f705fcdc5531d87dbdf85c8ac872eebf6b3fbb781e1222a29dfcbfae9425a350f1b168cff9df5e01c9f92e1e399a7b808000dc5e1383169d07878794d037d83ea0418d77e9dd9b636380bf595f2a1caad65a9b64d5826f077242a97b77b52281dd88b21024e8f7707b1fcd540afd8664b4c4ddebe0abe5f19496b669cb50f1a1be87b4f996521520e10f8bfb1b7f9dd0fe0e2470c34f018a3cbe68bf7276035df05cffed64b2e707aa9b2e9b1c05e86d99ba64f120457e755897888f4141a2ae0eb87979cd452acaa0a17b7bb778021b58242120b12ebe42cd5b50c4e5ff31e8ca981031d0b46855bb12ca54ae25248ee711aa939ed93c98ff9f91058921ffd2b54b26dd69212df3e7c2d2bf469d3333026fba132c4135c57afbe5a748aa3b86f5b7e213ccf8f74e95184522d927904d175287d17b3b5dd951d9671c940b210e32a07a49591c9d5a71be6d94d925de79dd600e57a6d66530ec71528fc67ef59f7b4b769ed09b32db87177e63c83487231652bfcc85c262a03dcde7fdce9e7d06e8b639f821e67ffb84e48a56c55525529fe1257eff745b78404588c05980fd12588dd3ed4f96f52eb3787dd7c83da7c4533efaa6fcc98340fc8744982269db7c916fc469f1f8f3cec5f953513fe9473331fd8d576dceff9365d721583141f01066e01ef6f79aec7a2adaeb50163c59ba3de8d453fca3ca2e8ad3fb9506b9f9126f1abdaef131dccced40262624a63082f1c3a4b1f213ec8068dfae1b6991347cc83fab9b3cce34bc260b859ae0efaa97dcf9bf43ec79aec330593a6960ebdecbd9ce22acdb7f48a560da34fa7552bd51f7824570764cfd572d8d2b9c18472fd57fda4c53998f54133938fc1b02b53e50df26b394b1034dd0c846c612996b9588d48f12b9abd3c42ca96bec21983a1efd17c5045d8b388377830c795a8e9d93d5942d590f5c9ae7bef8ff9ed7fa662bd37cf3e2b97fbeae67716ce3e59cfabf755d155f1f9fe43a0e60c9db5f95b8ce80316f4ba505d7ea88658c531ea2219af5cae6e723b98"}, 0x1008, 0x0) (async, rerun: 64)
r1 = getegid() (async, rerun: 64)
r2 = getgid()
r3 = getpgrp(0x0)
syz_open_procfs$namespace(r3, 0x0)
r4 = getpgrp(0x0)
syz_open_procfs$namespace(r4, 0x0) (async)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000080)={{0x1, 0x0, r1, 0x0, r2, 0x10, 0x7}, 0x0, 0x0, 0x0, 0xb9c4, 0x3, 0x5, 0x81, 0x9, 0x2, 0x2, r3, r4}) (async)
ioctl$IOMMU_DESTROY$device(0xffffffffffffffff, 0x3b80, &(0x7f0000000000)={0x8})

06:28:22 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000080)={0x1, r2}) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)

06:28:22 executing program 2:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = msgget(0x2, 0x404)
msgsnd(r0, &(0x7f0000000000)={0x2, "f10f1065e5e6efb3002e3ade040aab50b1fa0589ef9713bed43c03a0e00e43da4d33eb7bc0651ecbdfa0f646d7e882a80fa039b19578e1ab787cbf0486d51dd39fc1abf5effc85ee3d9b223afccb27385f494702ae85823d9e6498ef1e0887cf47e14489369d24d11ec3a16ac3675e8e717ad76224918fe2f0e762226aae7f3559428d2bb11b606e151edb3415c563e37e488abf8fd98a122a6c07b2ea4eb9526b82a13b1f3ea014316dedf7ed1708f547176ecb2332054243710f11e1d48a54690c79abe33b52fe7ee850eca1dbd7b1eb4bc0d9bc920a"}, 0xdf, 0x0)
msgsnd(r0, &(0x7f00000014c0)={0x1, "fddc59c508efd32adc6531ccc0df07191df74d937d7ccc23ce32119b742367e1fa8554ee9ac4c1b2b9c63eb23f32538496ae210c6ea20976bde4aaed01f67e217c0380d1d5cd88c3868fd38ad332b5dc14cabc32f0262d7d39cefd322483f318e678b558b657e4e0e43ec83dc2ed570a7b6c774a4d0523d7c1f1b02baa477a62144dff6758ed91ae01d3e020bdac1c453fddcd5afef4d9f5ead76b98ab9aa858bd1c2a74dac4613eb7f2bb7cc2b085271f54c01b8f455b12d4c9a470830962aadc79cea59cb9e8f7a0cc4f34eba14091e8fa02196b0faa4a69926b9bdff42a51a80f1d294d08618066c031f3a5792bac4ae658b3ad7049bd666d6f0396621a1f92a3bd861e9a033afadb3b456a3b3bf14d6c0d718c9d2655fc5327ec0de610dec5e6af30ee509aa84b165f97d7f668c077cff84e6d14d7bf4c14a7acf83922beafe37ff35b839ed85c56b47a5cbde8580c28ec7c6e22961462f5fad26e6acc54b201b613c4d261d5b0c050c91254a92e190c8569bdd4ee9d9877af6f062962db6ce5031a5c172df0a4e95a870e3bbde6b64305242214e6a2483730b16a4eadba065ed7a57719163b7100d8cc643b3fcf1cf273e64e8971d8c267f11c85c369f27310ac7bdd14e4526649b6e2e88a10fcb2bb177c7a68be75d74be482d3a54b77206c6b02533aea231d882b431d52824cdf5c27d6251e2422fd19e835f4954fea52f7e8c380c641c449bf6599a608d0f65d7ba24d8b626ce7c42a668eb62244b826b060f28e50d86c8a1e96b2c05318ace9b1762ed46acc833de457358a3c72fbec3d97e85ba906512184f8f421e0c0ea552ae8e7dc1f3bc61fde5a9d03c216e63566edf46c424c737994c1bab27583e94b0094338f90f63007c25cc4ec7935a4b46efb1f2e7f86a863d62aeea159aef98a8ef272bc658eead44fd65b7e8c5c3ae93715dbf1aad76c311cc204e31f2ac285c390c8cca497500a6f33fc5057542547d14a2a3d326a56178ba4b409ddcee45eea5bfa8001eca6441774612962ed254ab1236f690c17bf48b76ca12eefeb8a54edc769f62c30d5fb8821d6dec5ab406809d1029a865ddb15b895abe57abc6e3e13127709dbd8158ded30e8a209b2ad6f2b203f07745a0db4135f5230f7b42cb228c9cb02399b41fef5b976a7eaa4c0bc06dbc43735ea33436fd7fdaeb5e9bde145f04458a5666dbf91888e573c00528e12b00682e05936a25a23c4d93eb3635243d87a91929749c6a180cfa1c25349cffb3082842a394147675934bb543aad73acbc6834053ed3bc0a832328c4175edc0a814df55a3deb4189ca321967e56962d6b383fd88be39622bee306eaf73ddc33cd6549b2d7948115a384551fa866d32cc3a07fe2cd002cdc6faabde6cb93ac96104b712adf2918f9e9e839ce749a3694fd6458350ae60f77969d6f0dcaaf1e82c933e820d68a2d6d35585121d94c732dcf01f8c0c5f204307d51b6e4f6d307feb8ef08cee2e3f5e44cf1972b305656986a79ba7c5e93158989632f87b6ed5991d2a1c06ed5cb8c92a39d6c92a37841de4dd01e25b58e74c2ca5cc93fe9f3cb4ca09710b9969b02d252a2e9728325dcd31603c69eec71e6008e9dae71df7da14b33667cb6afe21675d534123b96e3cfa462905ec50ad76269f9ce3702e5026ea0a9518123b576057b5ffa403e8af6d88c5f15e6d31205dc99c27cdf5304d1bcf50ca20c54afb38ce24e6a0a6f299bfdd576f66e5915e810a6e1e25bf879e3bdb2dec688685d433d9f8b59c058c6643c8bbd3c11da098c7e066fa1d0ff92133da7e2ac7f05abddf7cb97d4cf51a9e30b479f55fe21a5d721109d0a5dd6643db987d072d51f66277abe8bcdef83d33cb1adae60ef278947256d3a5f97b60d950178cf611a7be8532e9c53ac421e306c3c36087214937c25841ea01189c746a9f8deee6788840376ea0e1d88b474f6cde4fc741124de4aff69d5e0dcd374ad5a289ee7067b0c3fc7c32bf5a1ad19c4aa902dd7e38a066abfd1721d4fa2bc77a2b43d60a613ad683f1e6fe9c4b985aeb326cda4fedbd79a817f1df4356e1043b3d8039cb733fc767c3b8ed61000ca894a05ea8ca5cb25c93c2d94ef48763fa3b69ba0ed9f3911ed3a5e963a2da79f93411e79896206ec558913e5c1bde611deb424d4a09c91b5b8bda50aa991384f56283098e02284faf941f0b6beaecfc69f7616c8bce918d5c626ecc4a4f229f63d475a8d384065922f9303da6939a4bb278fd2d1f91f8bce4092410f55642e0c403429fedd17a61561e7cab529b2aa0ccd5efef569f0a2eb1d9992c96701435303c9d7c7e0d7385e7607b7575fd47dab47fecc9ddb7ce017b230e3a6d7780813daf3e29318a172d9af45514c8f153963f71e3c72dfa8525fd1f752851f89d25624b970f20d8edbc93becf1e8bca2f4938969ffc754c5a872729d53c1b0edb7f1461096fe075356206e5c7cba1c7491e0382a853940f96c6b17efb1f2d8f1741d23736afe413c6443f95f94485471208c9201e1c7db1a95bc625b0463e011fc7108a73083fa977fa3cb8557678788e44d21032d3d3aec7724ae76244f10c90df9528d5b8dcf2b323ecde6cdceb6f0ea93e9fb0a3943c0b8b2e55d229f3439827b1f541b801e0af9855abea8a0a12663b01f7dec1cab5c1d41f369b36289e91453ffc8a69e5b681248c24eba2fd3c4d7a780cd41a83ab5f69e85e0c633254f6840d809ac6b0eca94695ed7ae1e067f3e05a8dc7cb1f4231d6b2ccde1a4f8d13369c0235444f4f44bce85660602a6994128f02d985f699602df4025fb1f616127fb616e5663e88993f361dc73349e8452555b6ebf8df4825f85e83188626bc98e568ad8586d2cdb0fd71ae961cf428bbdfbbfd7a0dba454e9cc7317cf7e1d0e06df3fc8cf96c6a6e2304dd16908a95e324034e0bacd4b2e83e61ff7042d8788537d8726eda9d2f6124060dc1b139796f8a1afee2e392cf83d2f692c7cf7fc5e908dd5087483ab5aad0e4bf942f44d2a4b612f4438cc2cafc0a242ffc95241e975b9d84016dc3f30470693f410620159bfa3ca06915377643de86fbf135f21fdcb14fedb4a79f8a058163189cb3f6cc9fa8fc0aadba58a8a98e4fbafd70382247b8e49d2db59c99a488f52e7730b6792edf0c8cf28be3597ef5968182f7d03e9ec44e2d7f5792691e488e6f78d5ae3df1c6ffa2e0c31e0c891463445835abc96983d594df1c82f776bfedb497e0787952d7574b75b38058f2ae1ce7d7e815924d1e2b520d9be5a702e15b974f07c2101a180392f80145c7f2964cda19319e6514f7850cbdec210915ef2428cb1209219788b981c603ea34f612a3012cef4151ba41c151aec6f65814c367f0d74d1792ceb228fc6d04fae31171f69406d2306499b44185fc823539c538c279a6740db262696bcf58d41c8b664f58cc833312b1f4302311584508ea992fbdf2d8dda501c91a51ff9149e4aa1534d7364290f68ff3519e3dc3af9b0741fe3a3a4408839e5d49afc25ef86a5e6ec4be9065a0cf47be6ddc96f5d842657d0a1a812480331eb817d123470303f2d306a79ad3aa29a4c1fe469a6990b0c8521f01dd26399c9eaac4109c5fff5fb4cd288ccbcee76e8bb0eeda8c8fc403c414db047d470152a9a4dd2105d7033446d5f6e3bb49461ed490d02fe9f93689df0629b3140e631ae48a69ae71049c35470273723caff1cea106ff363f0799d09b3168c13a1e2117fd30753f3c5f680c44f5dbf4e3e8b81ef7ffc1afb4f5d96e6906154e0c24906713889c024c32d0351e78263833bb7eed92ea3bdcdaaaf6047eb06c5c1a7ebdad813c0f2f06f4ea158cbd90c285c257a28e09a66ad848cbff8f7afaf46b6586629b450545e2c986799711652e37cf69261af9fbceb13021eb6fcfd803ff9685b56a42fb0d45ac2c4e854304060bb7179f10d0080585cae68d0973371f434ec976c94dbe09f454c1385956a2d9ff4e5e5be4568e613e51fc98043cc25703fc85609c6abc7bcd17731e81baab5d8774183ff16ef30aa05c6a6d528e63665c90f884109b8f7210ad174312f3696e0c49b92d84675ffd8e8d8693ab07ef280a1d276b20795d4bacf288f1c3494d4f982233b3651b5cc84cd744100e26507344ebabc9380f0254a7b63ba061ff53f0683ec3f67b0b0ea9bf3854d94a0e9c4f0346c4a0841ba3bca3dd952afa90536e8909bf0e67c3fe60decdeb43294f248099d2d9e9714131a3d8dc42af1000708ffa3d96ebfc50878b4164ffbf3fd0d4dfd4acdd1c898365ca26854dad51bf27a48633a837aa9b660d668ab417e8b501f6dee85c18682a210796cfaf90a33d4b6d61d445596a1aebfbcda3efc97a5791dc1d07d1fcb82d0651bf36bb5a07c8fa52bca4cbcc1f09475370a65ad89b8cd52c8207a837f8083f1652a4605c415935fe3906b99d460ee229dba05ddf9531f5479445e657d74878fc5c8dec3a61d393bbf6f18bb21b0f54eadb70f64c069e4dcb979975dd58423d619f500c8ae505090bbc8b0a8059093fec4ede3f1aa78ab368fecb58a780e4b97fad5c6d9bdbbe80d9fff51466a78452e3c33cad305b62518e8cab20bd3fdd023abf46d92f380544086951f1d0e832f0e698b14babb6264e7db48aa5a9739952d3be12991e386609089a53997006c4603f751c8acb5dbe1b412244e02a73b9ca6c02509f40d4787786b9368bea220f95f94f62ce3e0b9d31b6d2e836e09f705fcdc5531d87dbdf85c8ac872eebf6b3fbb781e1222a29dfcbfae9425a350f1b168cff9df5e01c9f92e1e399a7b808000dc5e1383169d07878794d037d83ea0418d77e9dd9b636380bf595f2a1caad65a9b64d5826f077242a97b77b52281dd88b21024e8f7707b1fcd540afd8664b4c4ddebe0abe5f19496b669cb50f1a1be87b4f996521520e10f8bfb1b7f9dd0fe0e2470c34f018a3cbe68bf7276035df05cffed64b2e707aa9b2e9b1c05e86d99ba64f120457e755897888f4141a2ae0eb87979cd452acaa0a17b7bb778021b58242120b12ebe42cd5b50c4e5ff31e8ca981031d0b46855bb12ca54ae25248ee711aa939ed93c98ff9f91058921ffd2b54b26dd69212df3e7c2d2bf469d3333026fba132c4135c57afbe5a748aa3b86f5b7e213ccf8f74e95184522d927904d175287d17b3b5dd951d9671c940b210e32a07a49591c9d5a71be6d94d925de79dd600e57a6d66530ec71528fc67ef59f7b4b769ed09b32db87177e63c83487231652bfcc85c262a03dcde7fdce9e7d06e8b639f821e67ffb84e48a56c55525529fe1257eff745b78404588c05980fd12588dd3ed4f96f52eb3787dd7c83da7c4533efaa6fcc98340fc8744982269db7c916fc469f1f8f3cec5f953513fe9473331fd8d576dceff9365d721583141f01066e01ef6f79aec7a2adaeb50163c59ba3de8d453fca3ca2e8ad3fb9506b9f9126f1abdaef131dccced40262624a63082f1c3a4b1f213ec8068dfae1b6991347cc83fab9b3cce34bc260b859ae0efaa97dcf9bf43ec79aec330593a6960ebdecbd9ce22acdb7f48a560da34fa7552bd51f7824570764cfd572d8d2b9c18472fd57fda4c53998f54133938fc1b02b53e50df26b394b1034dd0c846c612996b9588d48f12b9abd3c42ca96bec21983a1efd17c5045d8b388377830c795a8e9d93d5942d590f5c9ae7bef8ff9ed7fa662bd37cf3e2b97fbeae67716ce3e59cfabf755d155f1f9fe43a0e60c9db5f95b8ce80316f4ba505d7ea88658c531ea2219af5cae6e723b98"}, 0x1008, 0x0)
r1 = getegid()
r2 = getgid()
r3 = getpgrp(0x0)
syz_open_procfs$namespace(r3, 0x0)
r4 = getpgrp(0x0)
syz_open_procfs$namespace(r4, 0x0)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000000080)={{0x1, 0x0, r1, 0x0, r2, 0x10, 0x7}, 0x0, 0x0, 0x0, 0xb9c4, 0x3, 0x5, 0x81, 0x9, 0x2, 0x2, r3, r4})
ioctl$IOMMU_DESTROY$device(0xffffffffffffffff, 0x3b80, &(0x7f0000000000)={0x8})

06:28:22 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x1c440, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)

06:28:22 executing program 2:
r0 = msgget$private(0x0, 0x490)
r1 = getuid()
getresuid(&(0x7f0000001280)=<r2=>0x0, &(0x7f00000012c0), &(0x7f0000001300)=<r3=>0x0)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000001340)={{0x1, r1, 0xffffffffffffffff, r2, 0xffffffffffffffff, 0x20, 0x5}, 0x0, 0x0, 0x5, 0x2, 0xffffffffffffffff, 0x100000000, 0xfb8, 0x5, 0x8000, 0x5, 0xffffffffffffffff, 0xffffffffffffffff})
r4 = getegid()
msgctl$IPC_SET(r0, 0x1, &(0x7f0000002500)={{0x2, r1, r4, r3, 0xffffffffffffffff, 0x1, 0x3f}, 0x0, 0x0, 0x5, 0x6, 0x7, 0x7ffd, 0x83e, 0x8, 0x23f, 0x40})
r5 = getegid()
r6 = syz_clone(0x20080480, &(0x7f0000000040)="e1a9fd30e4af46f6be3e3211b7cc73641a246519e111744ad346465219f5697f72e981f0ab051c7a7a295242aa506efb93ef2a6a48ef25cbf610380c480736cbff119b56d978593835dec93d3be9618f292cf5cb26378f1cbaf8758dc5cba89ab75485128aa8c922259f268ee12961c60c01716bfa7f8d6b178afa9ab50fb567ce04106872d90c89b7de2c1187a115762d940a52c11a8f01e086896617cddc76e0b247f8ad1e3818bda5c56d48f9a65e417f339e9193e2fb6c9936bbb2922e55c1e2d197", 0xc4, &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)="e3921003d959c8f6b05f5b8eafd2018d99104433d4c2e98acb281f314e5c2e19be6e")
ioctl$SIOCAX25GETUID(0xffffffffffffffff, 0x89e0, &(0x7f0000000280)={0x3, @default, r1})
r7 = getpgrp(0x0)
syz_open_procfs$namespace(r7, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000200)={{0x1, 0xee01, 0x0, r1, r5, 0x24, 0x5}, 0x0, 0x0, 0x5, 0x3, 0x4, 0x0, 0x1400000, 0x80, 0x7, 0x0, r6, r7})
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

06:28:22 executing program 5:
landlock_create_ruleset(&(0x7f0000000000)={0x820}, 0x8, 0x0)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, 0x0, 0x3, {0x2, 0xf0, 0x1}, 0xff}, 0x18)

06:28:22 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)

06:28:22 executing program 3:
socketpair(0x5, 0x5, 0x8001, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x48, 0x1402, 0x200, 0x70bd2d, 0x25dfdbfb, "", [@RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz2\x00'}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x4008050}, 0x4008844) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:23 executing program 4:
r0 = msgget$private(0x0, 0x490)
r1 = getuid() (async)
getresuid(&(0x7f0000001280)=<r2=>0x0, &(0x7f00000012c0), &(0x7f0000001300)=<r3=>0x0)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000001340)={{0x1, r1, 0xffffffffffffffff, r2, 0xffffffffffffffff, 0x20, 0x5}, 0x0, 0x0, 0x5, 0x2, 0xffffffffffffffff, 0x100000000, 0xfb8, 0x5, 0x8000, 0x5, 0xffffffffffffffff, 0xffffffffffffffff}) (async)
r4 = getegid()
msgctl$IPC_SET(r0, 0x1, &(0x7f0000002500)={{0x2, r1, r4, r3, 0xffffffffffffffff, 0x1, 0x3f}, 0x0, 0x0, 0x5, 0x6, 0x7, 0x7ffd, 0x83e, 0x8, 0x23f, 0x40}) (async)
r5 = getegid() (async)
r6 = syz_clone(0x20080480, &(0x7f0000000040)="e1a9fd30e4af46f6be3e3211b7cc73641a246519e111744ad346465219f5697f72e981f0ab051c7a7a295242aa506efb93ef2a6a48ef25cbf610380c480736cbff119b56d978593835dec93d3be9618f292cf5cb26378f1cbaf8758dc5cba89ab75485128aa8c922259f268ee12961c60c01716bfa7f8d6b178afa9ab50fb567ce04106872d90c89b7de2c1187a115762d940a52c11a8f01e086896617cddc76e0b247f8ad1e3818bda5c56d48f9a65e417f339e9193e2fb6c9936bbb2922e55c1e2d197", 0xc4, &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)="e3921003d959c8f6b05f5b8eafd2018d99104433d4c2e98acb281f314e5c2e19be6e") (async)
ioctl$SIOCAX25GETUID(0xffffffffffffffff, 0x89e0, &(0x7f0000000280)={0x3, @default, r1}) (async)
r7 = getpgrp(0x0)
syz_open_procfs$namespace(r7, 0x0) (async)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000200)={{0x1, 0xee01, 0x0, r1, r5, 0x24, 0x5}, 0x0, 0x0, 0x5, 0x3, 0x4, 0x0, 0x1400000, 0x80, 0x7, 0x0, r6, r7}) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

06:28:23 executing program 5:
landlock_create_ruleset(&(0x7f0000000000)={0x820}, 0x8, 0x0)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0) (async)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, 0x0, 0x3, {0x2, 0xf0, 0x1}, 0xff}, 0x18)

06:28:23 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async, rerun: 32)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (rerun: 32)
socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (rerun: 64)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x1c440, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)

06:28:23 executing program 2:
r0 = msgget$private(0x0, 0x490)
r1 = getuid()
getresuid(&(0x7f0000001280)=<r2=>0x0, &(0x7f00000012c0), &(0x7f0000001300)=<r3=>0x0)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000001340)={{0x1, r1, 0xffffffffffffffff, r2, 0xffffffffffffffff, 0x20, 0x5}, 0x0, 0x0, 0x5, 0x2, 0xffffffffffffffff, 0x100000000, 0xfb8, 0x5, 0x8000, 0x5, 0xffffffffffffffff, 0xffffffffffffffff})
r4 = getegid()
msgctl$IPC_SET(r0, 0x1, &(0x7f0000002500)={{0x2, r1, r4, r3, 0xffffffffffffffff, 0x1, 0x3f}, 0x0, 0x0, 0x5, 0x6, 0x7, 0x7ffd, 0x83e, 0x8, 0x23f, 0x40})
r5 = getegid()
r6 = syz_clone(0x20080480, &(0x7f0000000040)="e1a9fd30e4af46f6be3e3211b7cc73641a246519e111744ad346465219f5697f72e981f0ab051c7a7a295242aa506efb93ef2a6a48ef25cbf610380c480736cbff119b56d978593835dec93d3be9618f292cf5cb26378f1cbaf8758dc5cba89ab75485128aa8c922259f268ee12961c60c01716bfa7f8d6b178afa9ab50fb567ce04106872d90c89b7de2c1187a115762d940a52c11a8f01e086896617cddc76e0b247f8ad1e3818bda5c56d48f9a65e417f339e9193e2fb6c9936bbb2922e55c1e2d197", 0xc4, &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)="e3921003d959c8f6b05f5b8eafd2018d99104433d4c2e98acb281f314e5c2e19be6e")
ioctl$SIOCAX25GETUID(0xffffffffffffffff, 0x89e0, &(0x7f0000000280)={0x3, @default, r1})
r7 = getpgrp(0x0)
syz_open_procfs$namespace(r7, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000200)={{0x1, 0xee01, 0x0, r1, r5, 0x24, 0x5}, 0x0, 0x0, 0x5, 0x3, 0x4, 0x0, 0x1400000, 0x80, 0x7, 0x0, r6, r7})
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

06:28:23 executing program 3:
socketpair(0x5, 0x5, 0x8001, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x48, 0x1402, 0x200, 0x70bd2d, 0x25dfdbfb, "", [@RDMA_NLDEV_NET_NS_FD={0x8}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz2\x00'}, @RDMA_NLDEV_ATTR_DEV_DIM={0x5}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}, @RDMA_NLDEV_NET_NS_FD={0x8, 0x44, r1}, @RDMA_NLDEV_ATTR_DEV_NAME={0x9, 0x2, 'syz0\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x4008050}, 0x4008844)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)

06:28:23 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
landlock_restrict_self(0xffffffffffffffff, 0x0) (async)

06:28:23 executing program 5:
landlock_create_ruleset(&(0x7f0000000000)={0x820}, 0x8, 0x0)
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, 0x0, 0x3, {0x2, 0xf0, 0x1}, 0xff}, 0x18)
landlock_create_ruleset(&(0x7f0000000000)={0x820}, 0x8, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
bind$can_j1939(0xffffffffffffffff, &(0x7f0000000080)={0x1d, 0x0, 0x3, {0x2, 0xf0, 0x1}, 0xff}, 0x18) (async)

06:28:23 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x4, 0x54180)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x3})

06:28:23 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
openat$nci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x1c440, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)

06:28:23 executing program 3:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$PNPIPE_HANDLE(0xffffffffffffffff, 0x113, 0x3, &(0x7f00000001c0), &(0x7f0000000200)=0x4)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000180)=0x3, 0x4)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x101100, 0x0)
setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f0000000080)=[{0x2, 0x1, {0x1, 0xf0, 0x2}, {0x2, 0x1, 0x3}, 0x0, 0x1}, {0x3, 0x1, {0x1, 0x1, 0x1}, {0x1}, 0xff, 0xfd}, {0x0, 0x1, {0x1, 0xf0, 0x1}, {0x0, 0xff}, 0xff, 0x1}, {0x2, 0x1, {0x1, 0x1}, {0x1, 0x0, 0x4}, 0x806c56b82ca92969, 0x2}, {0x1, 0x3, {0x2, 0x0, 0x1}, {0x2, 0xff, 0x2}}, {0x3, 0x2, {0x2, 0xf0, 0x2}, {0x1, 0x0, 0x2}, 0xfe, 0xff}, {0x1, 0x0, {0x0, 0x1, 0x4}, {0x0, 0x1, 0x1}, 0xfd}], 0xe0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)

06:28:23 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async, rerun: 64)
openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async, rerun: 64)
landlock_restrict_self(0xffffffffffffffff, 0x0)

06:28:23 executing program 4:
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x4, 0x54180) (async, rerun: 32)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) (rerun: 32)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x3})

06:28:23 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r0)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x400, 0x9f, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x2}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x40)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r1, 0x0, 0x0)

06:28:23 executing program 2:
r0 = msgget$private(0x0, 0x490)
r1 = getuid()
getresuid(&(0x7f0000001280)=<r2=>0x0, &(0x7f00000012c0), &(0x7f0000001300)=<r3=>0x0)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000001340)={{0x1, r1, 0xffffffffffffffff, r2, 0xffffffffffffffff, 0x20, 0x5}, 0x0, 0x0, 0x5, 0x2, 0xffffffffffffffff, 0x100000000, 0xfb8, 0x5, 0x8000, 0x5, 0xffffffffffffffff, 0xffffffffffffffff})
r4 = getegid()
msgctl$IPC_SET(r0, 0x1, &(0x7f0000002500)={{0x2, r1, r4, r3, 0xffffffffffffffff, 0x1, 0x3f}, 0x0, 0x0, 0x5, 0x6, 0x7, 0x7ffd, 0x83e, 0x8, 0x23f, 0x40})
r5 = getegid()
r6 = syz_clone(0x20080480, &(0x7f0000000040)="e1a9fd30e4af46f6be3e3211b7cc73641a246519e111744ad346465219f5697f72e981f0ab051c7a7a295242aa506efb93ef2a6a48ef25cbf610380c480736cbff119b56d978593835dec93d3be9618f292cf5cb26378f1cbaf8758dc5cba89ab75485128aa8c922259f268ee12961c60c01716bfa7f8d6b178afa9ab50fb567ce04106872d90c89b7de2c1187a115762d940a52c11a8f01e086896617cddc76e0b247f8ad1e3818bda5c56d48f9a65e417f339e9193e2fb6c9936bbb2922e55c1e2d197", 0xc4, &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)="e3921003d959c8f6b05f5b8eafd2018d99104433d4c2e98acb281f314e5c2e19be6e")
ioctl$SIOCAX25GETUID(0xffffffffffffffff, 0x89e0, &(0x7f0000000280)={0x3, @default, r1})
r7 = getpgrp(0x0)
syz_open_procfs$namespace(r7, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000200)={{0x1, 0xee01, 0x0, r1, r5, 0x24, 0x5}, 0x0, 0x0, 0x5, 0x3, 0x4, 0x0, 0x1400000, 0x80, 0x7, 0x0, r6, r7})
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

06:28:23 executing program 3:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$PNPIPE_HANDLE(0xffffffffffffffff, 0x113, 0x3, &(0x7f00000001c0), &(0x7f0000000200)=0x4) (async)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000180)=0x3, 0x4) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x101100, 0x0)
setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f0000000080)=[{0x2, 0x1, {0x1, 0xf0, 0x2}, {0x2, 0x1, 0x3}, 0x0, 0x1}, {0x3, 0x1, {0x1, 0x1, 0x1}, {0x1}, 0xff, 0xfd}, {0x0, 0x1, {0x1, 0xf0, 0x1}, {0x0, 0xff}, 0xff, 0x1}, {0x2, 0x1, {0x1, 0x1}, {0x1, 0x0, 0x4}, 0x806c56b82ca92969, 0x2}, {0x1, 0x3, {0x2, 0x0, 0x1}, {0x2, 0xff, 0x2}}, {0x3, 0x2, {0x2, 0xf0, 0x2}, {0x1, 0x0, 0x2}, 0xfe, 0xff}, {0x1, 0x0, {0x0, 0x1, 0x4}, {0x0, 0x1, 0x1}, 0xfd}], 0xe0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)

06:28:23 executing program 1:
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, &(0x7f0000000040)={0x485}, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:24 executing program 4:
syz_open_dev$usbmon(&(0x7f0000000000), 0x4, 0x54180) (async)
r0 = syz_open_dev$usbmon(&(0x7f0000000000), 0x4, 0x54180)
openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0)
ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f00000000c0)={&(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0x3})

06:28:24 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r0)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x400, 0x9f, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x2}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x40)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r1, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r0) (async)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x400, 0x9f, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x2}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x40) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r1, 0x0, 0x0) (async)

06:28:24 executing program 3:
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
getsockopt$PNPIPE_HANDLE(0xffffffffffffffff, 0x113, 0x3, &(0x7f00000001c0), &(0x7f0000000200)=0x4)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000180)=0x3, 0x4)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x101100, 0x0)
setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f0000000080)=[{0x2, 0x1, {0x1, 0xf0, 0x2}, {0x2, 0x1, 0x3}, 0x0, 0x1}, {0x3, 0x1, {0x1, 0x1, 0x1}, {0x1}, 0xff, 0xfd}, {0x0, 0x1, {0x1, 0xf0, 0x1}, {0x0, 0xff}, 0xff, 0x1}, {0x2, 0x1, {0x1, 0x1}, {0x1, 0x0, 0x4}, 0x806c56b82ca92969, 0x2}, {0x1, 0x3, {0x2, 0x0, 0x1}, {0x2, 0xff, 0x2}}, {0x3, 0x2, {0x2, 0xf0, 0x2}, {0x1, 0x0, 0x2}, 0xfe, 0xff}, {0x1, 0x0, {0x0, 0x1, 0x4}, {0x0, 0x1, 0x1}, 0xfd}], 0xe0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
socket$can_j1939(0x1d, 0x2, 0x7) (async)
getsockopt$PNPIPE_HANDLE(0xffffffffffffffff, 0x113, 0x3, &(0x7f00000001c0), &(0x7f0000000200)=0x4) (async)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={0x0}}, 0x0) (async)
setsockopt$SO_J1939_SEND_PRIO(r0, 0x6b, 0x3, &(0x7f0000000180)=0x3, 0x4) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x101100, 0x0) (async)
setsockopt$SO_J1939_FILTER(r1, 0x6b, 0x1, &(0x7f0000000080)=[{0x2, 0x1, {0x1, 0xf0, 0x2}, {0x2, 0x1, 0x3}, 0x0, 0x1}, {0x3, 0x1, {0x1, 0x1, 0x1}, {0x1}, 0xff, 0xfd}, {0x0, 0x1, {0x1, 0xf0, 0x1}, {0x0, 0xff}, 0xff, 0x1}, {0x2, 0x1, {0x1, 0x1}, {0x1, 0x0, 0x4}, 0x806c56b82ca92969, 0x2}, {0x1, 0x3, {0x2, 0x0, 0x1}, {0x2, 0xff, 0x2}}, {0x3, 0x2, {0x2, 0xf0, 0x2}, {0x1, 0x0, 0x2}, 0xfe, 0xff}, {0x1, 0x0, {0x0, 0x1, 0x4}, {0x0, 0x1, 0x1}, 0xfd}], 0xe0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
socket$inet_udplite(0x2, 0x2, 0x88) (async)

06:28:24 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r1, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x88}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, 0x1412, 0x10, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x200404c0)

06:28:24 executing program 1:
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, &(0x7f0000000040)={0x485}, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:24 executing program 4:
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={0x0, 0x0, &(0x7f0000001d40)={&(0x7f0000000140)=ANY=[@ANYBLOB="10000000026c97"], 0x10}}, 0x0)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$MON_IOCX_GETX(r1, 0x4018920a, &(0x7f0000000280)={&(0x7f00000001c0), &(0x7f0000000200)=""/115, 0x73})
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, 0x140d, 0x200, 0x70bd28, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_RES_MRN={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x5}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x4c890)
sendmsg$IEEE802154_LLSEC_LIST_DEV(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x14, 0x0, 0x10, 0x70bd26, 0x40, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x48044}, 0x4094)

06:28:24 executing program 5:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r0)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x400, 0x9f, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x2}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x40)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r1, 0x0, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000d80), r0) (async)
sendmsg$IEEE802154_LLSEC_ADD_DEV(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x38, 0x0, 0x400, 0x9f, 0x25dfdbff, {}, [@IEEE802154_ATTR_LLSEC_DEV_KEY_MODE={0x5, 0x37, 0x2}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x40) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r1, 0x0, 0x0) (async)

06:28:24 executing program 2:
r0 = msgget$private(0x0, 0x490)
r1 = getuid()
getresuid(&(0x7f0000001280)=<r2=>0x0, &(0x7f00000012c0), &(0x7f0000001300)=<r3=>0x0)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000001340)={{0x1, r1, 0xffffffffffffffff, r2, 0xffffffffffffffff, 0x20, 0x5}, 0x0, 0x0, 0x5, 0x2, 0xffffffffffffffff, 0x100000000, 0xfb8, 0x5, 0x8000, 0x5, 0xffffffffffffffff, 0xffffffffffffffff})
r4 = getegid()
msgctl$IPC_SET(r0, 0x1, &(0x7f0000002500)={{0x2, r1, r4, r3, 0xffffffffffffffff, 0x1, 0x3f}, 0x0, 0x0, 0x5, 0x6, 0x7, 0x7ffd, 0x83e, 0x8, 0x23f, 0x40})
r5 = getegid()
r6 = syz_clone(0x20080480, &(0x7f0000000040)="e1a9fd30e4af46f6be3e3211b7cc73641a246519e111744ad346465219f5697f72e981f0ab051c7a7a295242aa506efb93ef2a6a48ef25cbf610380c480736cbff119b56d978593835dec93d3be9618f292cf5cb26378f1cbaf8758dc5cba89ab75485128aa8c922259f268ee12961c60c01716bfa7f8d6b178afa9ab50fb567ce04106872d90c89b7de2c1187a115762d940a52c11a8f01e086896617cddc76e0b247f8ad1e3818bda5c56d48f9a65e417f339e9193e2fb6c9936bbb2922e55c1e2d197", 0xc4, &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)="e3921003d959c8f6b05f5b8eafd2018d99104433d4c2e98acb281f314e5c2e19be6e")
ioctl$SIOCAX25GETUID(0xffffffffffffffff, 0x89e0, &(0x7f0000000280)={0x3, @default, r1})
r7 = getpgrp(0x0)
syz_open_procfs$namespace(r7, 0x0)
msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000200)={{0x1, 0xee01, 0x0, r1, r5, 0x24, 0x5}, 0x0, 0x0, 0x5, 0x3, 0x4, 0x0, 0x1400000, 0x80, 0x7, 0x0, r6, r7})

06:28:24 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r1, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x88}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, 0x1412, 0x10, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x200404c0)

06:28:24 executing program 3:
r0 = msgget(0x1, 0x409)
msgctl$IPC_INFO(r0, 0x3, &(0x7f0000000540)=""/160)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$PTP_SYS_OFFSET_EXTENDED(0xffffffffffffffff, 0xc4c03d09, &(0x7f0000000080)={0x6})

06:28:24 executing program 2:
r0 = msgget$private(0x0, 0x490)
r1 = getuid()
getresuid(&(0x7f0000001280)=<r2=>0x0, &(0x7f00000012c0), &(0x7f0000001300)=<r3=>0x0)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000001340)={{0x1, r1, 0xffffffffffffffff, r2, 0xffffffffffffffff, 0x20, 0x5}, 0x0, 0x0, 0x5, 0x2, 0xffffffffffffffff, 0x100000000, 0xfb8, 0x5, 0x8000, 0x5, 0xffffffffffffffff, 0xffffffffffffffff})
r4 = getegid()
msgctl$IPC_SET(r0, 0x1, &(0x7f0000002500)={{0x2, r1, r4, r3, 0xffffffffffffffff, 0x1, 0x3f}, 0x0, 0x0, 0x5, 0x6, 0x7, 0x7ffd, 0x83e, 0x8, 0x23f, 0x40})
getegid()
syz_clone(0x20080480, &(0x7f0000000040)="e1a9fd30e4af46f6be3e3211b7cc73641a246519e111744ad346465219f5697f72e981f0ab051c7a7a295242aa506efb93ef2a6a48ef25cbf610380c480736cbff119b56d978593835dec93d3be9618f292cf5cb26378f1cbaf8758dc5cba89ab75485128aa8c922259f268ee12961c60c01716bfa7f8d6b178afa9ab50fb567ce04106872d90c89b7de2c1187a115762d940a52c11a8f01e086896617cddc76e0b247f8ad1e3818bda5c56d48f9a65e417f339e9193e2fb6c9936bbb2922e55c1e2d197", 0xc4, &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)="e3921003d959c8f6b05f5b8eafd2018d99104433d4c2e98acb281f314e5c2e19be6e")
ioctl$SIOCAX25GETUID(0xffffffffffffffff, 0x89e0, &(0x7f0000000280)={0x3, @default, r1})
r5 = getpgrp(0x0)
syz_open_procfs$namespace(r5, 0x0)

06:28:24 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$SG_SET_COMMAND_Q(r1, 0x2271, &(0x7f0000000000)=0x1)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x502, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
ioctl$IMCLEAR_L2(r3, 0x80044946, &(0x7f0000000100)=0xd879)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f00000000c0)={0x0, 0x1})
write$vhost_msg(r0, 0x0, 0x0)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, 0x0)
ioctl$SG_SET_DEBUG(r4, 0x227e, &(0x7f0000000140))

06:28:24 executing program 1:
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, &(0x7f0000000040)={0x485}, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:24 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r1, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x88}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, 0x1412, 0x10, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_STAT_RES={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0x200404c0)

06:28:24 executing program 4:
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={0x0, 0x0, &(0x7f0000001d40)={&(0x7f0000000140)=ANY=[@ANYBLOB="10000000026c97"], 0x10}}, 0x0) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$MON_IOCX_GETX(r1, 0x4018920a, &(0x7f0000000280)={&(0x7f00000001c0), &(0x7f0000000200)=""/115, 0x73})
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, 0x140d, 0x200, 0x70bd28, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_RES_MRN={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x5}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x4c890) (async)
sendmsg$IEEE802154_LLSEC_LIST_DEV(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x14, 0x0, 0x10, 0x70bd26, 0x40, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x48044}, 0x4094)

06:28:24 executing program 3:
r0 = msgget(0x1, 0x409)
msgctl$IPC_INFO(r0, 0x3, &(0x7f0000000540)=""/160)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$PTP_SYS_OFFSET_EXTENDED(0xffffffffffffffff, 0xc4c03d09, &(0x7f0000000080)={0x6})

06:28:24 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x89e9, &(0x7f0000000080))

06:28:24 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
ioctl$SG_SET_COMMAND_Q(r1, 0x2271, &(0x7f0000000000)=0x1)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x502, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
ioctl$IMCLEAR_L2(r3, 0x80044946, &(0x7f0000000100)=0xd879)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f00000000c0)={0x0, 0x1})
write$vhost_msg(r0, 0x0, 0x0)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, 0x0)
ioctl$SG_SET_DEBUG(r4, 0x227e, &(0x7f0000000140))
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$SG_SET_COMMAND_Q(r1, 0x2271, &(0x7f0000000000)=0x1) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x502, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0) (async)
ioctl$IMCLEAR_L2(r3, 0x80044946, &(0x7f0000000100)=0xd879) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f00000000c0)={0x0, 0x1}) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, 0x0) (async)
ioctl$SG_SET_DEBUG(r4, 0x227e, &(0x7f0000000140)) (async)

06:28:24 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'sit0\x00', &(0x7f0000000080)={'ip_vti0\x00', <r1=>0x0, 0x8, 0x8, 0x5, 0x3f, {{0x23, 0x4, 0x0, 0xc, 0x8c, 0x64, 0x0, 0x80, 0x4, 0x0, @multicast2, @private=0xa010100, {[@timestamp_addr={0x44, 0x3c, 0xc9, 0x1, 0x3, [{@local, 0x5}, {@multicast2, 0x8}, {@remote, 0x1}, {@empty, 0xfff}, {@broadcast, 0x3bd9}, {@multicast1, 0xfffffffb}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x6}]}, @end, @lsrr={0x83, 0x13, 0x28, [@loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, @multicast2]}, @lsrr={0x83, 0x7, 0xe6, [@loopback]}, @lsrr={0x83, 0x1f, 0x2f, [@remote, @private=0xa010101, @empty, @rand_addr=0x64010101, @loopback, @remote, @loopback]}]}}}}})
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000840)={&(0x7f00000002c0)={0x564, 0x0, 0x8, 0x70bd29, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}]}}, {{0x8}, {0xc0, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x5, 0x6, 0x6, 0x5}, {0x2, 0x0, 0xf9, 0x8}]}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8818}}, {0x8}}}]}}, {{0x8}, {0xbc, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x8000}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfb2}}}]}}, {{0x8}, {0x174, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0xfffffffffffffe16, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7b1}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}]}}, {{0x8}, {0x1b0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x12, 0x6, 0x5, 0x7}, {0xfffb, 0x76, 0xf7, 0x5}]}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x1000}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x87}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}]}}]}, 0x564}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
r3 = syz_open_dev$sg(&(0x7f0000000280), 0x26, 0x400080)
ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r3, 0x5386, &(0x7f00000008c0))
syz_genetlink_get_family_id$devlink(&(0x7f0000000200), r2)

06:28:25 executing program 3:
r0 = msgget(0x1, 0x409)
msgctl$IPC_INFO(r0, 0x3, &(0x7f0000000540)=""/160)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$PTP_SYS_OFFSET_EXTENDED(0xffffffffffffffff, 0xc4c03d09, &(0x7f0000000080)={0x6})
msgget(0x1, 0x409) (async)
msgctl$IPC_INFO(r0, 0x3, &(0x7f0000000540)=""/160) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
ioctl$PTP_SYS_OFFSET_EXTENDED(0xffffffffffffffff, 0xc4c03d09, &(0x7f0000000080)={0x6}) (async)

06:28:25 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000))
ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x89e9, &(0x7f0000000080)) (async)
ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x89e9, &(0x7f0000000080))

06:28:25 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$SG_SET_COMMAND_Q(r1, 0x2271, &(0x7f0000000000)=0x1) (async)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x502, 0x0) (async)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r3, 0xc00864bf, 0x0)
ioctl$IMCLEAR_L2(r3, 0x80044946, &(0x7f0000000100)=0xd879) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, &(0x7f00000000c0)={0x0, 0x1})
write$vhost_msg(r0, 0x0, 0x0) (async)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r4, 0xc00864bf, 0x0) (async)
ioctl$SG_SET_DEBUG(r4, 0x227e, &(0x7f0000000140))

06:28:25 executing program 2:
r0 = msgget$private(0x0, 0x490)
r1 = getuid()
getresuid(&(0x7f0000001280)=<r2=>0x0, &(0x7f00000012c0), &(0x7f0000001300)=<r3=>0x0)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000001340)={{0x1, r1, 0xffffffffffffffff, r2, 0xffffffffffffffff, 0x20, 0x5}, 0x0, 0x0, 0x5, 0x2, 0xffffffffffffffff, 0x100000000, 0xfb8, 0x5, 0x8000, 0x5, 0xffffffffffffffff, 0xffffffffffffffff})
r4 = getegid()
msgctl$IPC_SET(r0, 0x1, &(0x7f0000002500)={{0x2, r1, r4, r3, 0xffffffffffffffff, 0x1, 0x3f}, 0x0, 0x0, 0x5, 0x6, 0x7, 0x7ffd, 0x83e, 0x8, 0x23f, 0x40})
getegid()
syz_clone(0x20080480, &(0x7f0000000040)="e1a9fd30e4af46f6be3e3211b7cc73641a246519e111744ad346465219f5697f72e981f0ab051c7a7a295242aa506efb93ef2a6a48ef25cbf610380c480736cbff119b56d978593835dec93d3be9618f292cf5cb26378f1cbaf8758dc5cba89ab75485128aa8c922259f268ee12961c60c01716bfa7f8d6b178afa9ab50fb567ce04106872d90c89b7de2c1187a115762d940a52c11a8f01e086896617cddc76e0b247f8ad1e3818bda5c56d48f9a65e417f339e9193e2fb6c9936bbb2922e55c1e2d197", 0xc4, &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)="e3921003d959c8f6b05f5b8eafd2018d99104433d4c2e98acb281f314e5c2e19be6e")
ioctl$SIOCAX25GETUID(0xffffffffffffffff, 0x89e0, &(0x7f0000000280)={0x3, @default, r1})
getpgrp(0x0)

06:28:25 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

06:28:25 executing program 4:
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={0x0, 0x0, &(0x7f0000001d40)={&(0x7f0000000140)=ANY=[@ANYBLOB="10000000026c97"], 0x10}}, 0x0) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0) (async)
ioctl$MON_IOCX_GETX(r1, 0x4018920a, &(0x7f0000000280)={&(0x7f00000001c0), &(0x7f0000000200)=""/115, 0x73}) (async)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r2, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_RES_MR_GET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, 0x140d, 0x200, 0x70bd28, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_RES_MRN={0x8}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x4}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x5}, @RDMA_NLDEV_ATTR_RES_MRN={0x8, 0x3e, 0x1}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x4c890)
sendmsg$IEEE802154_LLSEC_LIST_DEV(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x14, 0x0, 0x10, 0x70bd26, 0x40, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x48044}, 0x4094)

06:28:25 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'sit0\x00', &(0x7f0000000080)={'ip_vti0\x00', <r1=>0x0, 0x8, 0x8, 0x5, 0x3f, {{0x23, 0x4, 0x0, 0xc, 0x8c, 0x64, 0x0, 0x80, 0x4, 0x0, @multicast2, @private=0xa010100, {[@timestamp_addr={0x44, 0x3c, 0xc9, 0x1, 0x3, [{@local, 0x5}, {@multicast2, 0x8}, {@remote, 0x1}, {@empty, 0xfff}, {@broadcast, 0x3bd9}, {@multicast1, 0xfffffffb}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x6}]}, @end, @lsrr={0x83, 0x13, 0x28, [@loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, @multicast2]}, @lsrr={0x83, 0x7, 0xe6, [@loopback]}, @lsrr={0x83, 0x1f, 0x2f, [@remote, @private=0xa010101, @empty, @rand_addr=0x64010101, @loopback, @remote, @loopback]}]}}}}})
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000840)={&(0x7f00000002c0)={0x564, 0x0, 0x8, 0x70bd29, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}]}}, {{0x8}, {0xc0, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x5, 0x6, 0x6, 0x5}, {0x2, 0x0, 0xf9, 0x8}]}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8818}}, {0x8}}}]}}, {{0x8}, {0xbc, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x8000}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfb2}}}]}}, {{0x8}, {0x174, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0xfffffffffffffe16, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7b1}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}]}}, {{0x8}, {0x1b0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x12, 0x6, 0x5, 0x7}, {0xfffb, 0x76, 0xf7, 0x5}]}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x1000}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x87}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}]}}]}, 0x564}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
r3 = syz_open_dev$sg(&(0x7f0000000280), 0x26, 0x400080)
ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r3, 0x5386, &(0x7f00000008c0))
syz_genetlink_get_family_id$devlink(&(0x7f0000000200), r2)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'sit0\x00', &(0x7f0000000080)={'ip_vti0\x00', 0x0, 0x8, 0x8, 0x5, 0x3f, {{0x23, 0x4, 0x0, 0xc, 0x8c, 0x64, 0x0, 0x80, 0x4, 0x0, @multicast2, @private=0xa010100, {[@timestamp_addr={0x44, 0x3c, 0xc9, 0x1, 0x3, [{@local, 0x5}, {@multicast2, 0x8}, {@remote, 0x1}, {@empty, 0xfff}, {@broadcast, 0x3bd9}, {@multicast1, 0xfffffffb}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x6}]}, @end, @lsrr={0x83, 0x13, 0x28, [@loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, @multicast2]}, @lsrr={0x83, 0x7, 0xe6, [@loopback]}, @lsrr={0x83, 0x1f, 0x2f, [@remote, @private=0xa010101, @empty, @rand_addr=0x64010101, @loopback, @remote, @loopback]}]}}}}}) (async)
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000840)={&(0x7f00000002c0)={0x564, 0x0, 0x8, 0x70bd29, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}]}}, {{0x8}, {0xc0, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x5, 0x6, 0x6, 0x5}, {0x2, 0x0, 0xf9, 0x8}]}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8818}}, {0x8}}}]}}, {{0x8}, {0xbc, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x8000}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfb2}}}]}}, {{0x8}, {0x174, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0xfffffffffffffe16, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7b1}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}]}}, {{0x8}, {0x1b0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x12, 0x6, 0x5, 0x7}, {0xfffb, 0x76, 0xf7, 0x5}]}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x1000}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x87}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}]}}]}, 0x564}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
syz_open_dev$sg(&(0x7f0000000280), 0x26, 0x400080) (async)
ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r3, 0x5386, &(0x7f00000008c0)) (async)
syz_genetlink_get_family_id$devlink(&(0x7f0000000200), r2) (async)

06:28:25 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)

06:28:25 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, 0x0) (async)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000000)) (async)
ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x89e9, &(0x7f0000000080))

06:28:25 executing program 3:
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)

06:28:25 executing program 4:
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x20, &(0x7f0000000280)={&(0x7f0000000180)=""/6, 0x6, <r0=>0x0, &(0x7f00000001c0)=""/155, 0x9b}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300)=r0, 0x4)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_LIST_DEV(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r2, 0x1, 0x70bd2c, 0x25dfdbfd, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4008000)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

06:28:25 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0)

06:28:25 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x150, 0x1403, 0x200, 0x70bd25, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'syzkaller0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'macsec0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'xfrm0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'pim6reg0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'xfrm0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bridge0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'pim6reg0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'vlan0\x00'}}]}, 0x150}, 0x1, 0x0, 0x0, 0x20000000}, 0x40)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, 0x1407, 0xc1513dd2e47cae1c, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_NET_NS_FD={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x6015}, 0x40000)
ioctl$SG_GET_COMMAND_Q(0xffffffffffffffff, 0x2270, &(0x7f0000000380))

06:28:25 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'sit0\x00', &(0x7f0000000080)={'ip_vti0\x00', <r1=>0x0, 0x8, 0x8, 0x5, 0x3f, {{0x23, 0x4, 0x0, 0xc, 0x8c, 0x64, 0x0, 0x80, 0x4, 0x0, @multicast2, @private=0xa010100, {[@timestamp_addr={0x44, 0x3c, 0xc9, 0x1, 0x3, [{@local, 0x5}, {@multicast2, 0x8}, {@remote, 0x1}, {@empty, 0xfff}, {@broadcast, 0x3bd9}, {@multicast1, 0xfffffffb}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x6}]}, @end, @lsrr={0x83, 0x13, 0x28, [@loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, @multicast2]}, @lsrr={0x83, 0x7, 0xe6, [@loopback]}, @lsrr={0x83, 0x1f, 0x2f, [@remote, @private=0xa010101, @empty, @rand_addr=0x64010101, @loopback, @remote, @loopback]}]}}}}})
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000840)={&(0x7f00000002c0)={0x564, 0x0, 0x8, 0x70bd29, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}]}}, {{0x8}, {0xc0, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x5, 0x6, 0x6, 0x5}, {0x2, 0x0, 0xf9, 0x8}]}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8818}}, {0x8}}}]}}, {{0x8}, {0xbc, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x8000}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfb2}}}]}}, {{0x8}, {0x174, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0xfffffffffffffe16, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7b1}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}]}}, {{0x8}, {0x1b0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x12, 0x6, 0x5, 0x7}, {0xfffb, 0x76, 0xf7, 0x5}]}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x1000}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x87}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}]}}]}, 0x564}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0)
r3 = syz_open_dev$sg(&(0x7f0000000280), 0x26, 0x400080)
ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r3, 0x5386, &(0x7f00000008c0))
syz_genetlink_get_family_id$devlink(&(0x7f0000000200), r2)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48) (async)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f00000001c0)={'sit0\x00', &(0x7f0000000080)={'ip_vti0\x00', 0x0, 0x8, 0x8, 0x5, 0x3f, {{0x23, 0x4, 0x0, 0xc, 0x8c, 0x64, 0x0, 0x80, 0x4, 0x0, @multicast2, @private=0xa010100, {[@timestamp_addr={0x44, 0x3c, 0xc9, 0x1, 0x3, [{@local, 0x5}, {@multicast2, 0x8}, {@remote, 0x1}, {@empty, 0xfff}, {@broadcast, 0x3bd9}, {@multicast1, 0xfffffffb}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x6}]}, @end, @lsrr={0x83, 0x13, 0x28, [@loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, @multicast2]}, @lsrr={0x83, 0x7, 0xe6, [@loopback]}, @lsrr={0x83, 0x1f, 0x2f, [@remote, @private=0xa010101, @empty, @rand_addr=0x64010101, @loopback, @remote, @loopback]}]}}}}}) (async)
sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000840)={&(0x7f00000002c0)={0x564, 0x0, 0x8, 0x70bd29, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}]}}, {{0x8}, {0xc0, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x5, 0x6, 0x6, 0x5}, {0x2, 0x0, 0xf9, 0x8}]}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8818}}, {0x8}}}]}}, {{0x8}, {0xbc, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x8000}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfb2}}}]}}, {{0x8}, {0x174, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0xfffffffffffffe16, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7b1}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}]}}, {{0x8}, {0x1b0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x12, 0x6, 0x5, 0x7}, {0xfffb, 0x76, 0xf7, 0x5}]}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x1000}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x87}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}]}}]}, 0x564}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) (async)
openat$zero(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r2, 0xc00864bf, 0x0) (async)
syz_open_dev$sg(&(0x7f0000000280), 0x26, 0x400080) (async)
ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r3, 0x5386, &(0x7f00000008c0)) (async)
syz_genetlink_get_family_id$devlink(&(0x7f0000000200), r2) (async)

[ 1142.675559][T19054] list_del corruption. next->prev should be ffff888058a1d000, but was dead000000000122. (next=ffff88805eeea000)
06:28:25 executing program 4:
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x20, &(0x7f0000000280)={&(0x7f0000000180)=""/6, 0x6, <r0=>0x0, &(0x7f00000001c0)=""/155, 0x9b}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300)=r0, 0x4) (async, rerun: 64)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_LIST_DEV(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r2, 0x1, 0x70bd2c, 0x25dfdbfd, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4008000) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)

[ 1142.724482][T19054] ------------[ cut here ]------------
[ 1142.730463][T19054] kernel BUG at lib/list_debug.c:64!
[ 1142.754490][T19054] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[ 1142.760627][T19054] CPU: 1 PID: 19054 Comm: syz-executor.3 Not tainted 6.2.0-syzkaller-02299-g4a7d37e824f5 #0
[ 1142.770724][T19054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/21/2023
[ 1142.780809][T19054] RIP: 0010:__list_del_entry_valid+0x122/0x130
[ 1142.787012][T19054] Code: 6a 06 0f 0b 48 c7 c7 20 53 38 8b 4c 89 fe 48 89 d9 e8 12 7e 6a 06 0f 0b 48 c7 c7 a0 53 38 8b 4c 89 fe 4c 89 f1 e8 fe 7d 6a 06 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 80 3d 95 cc
[ 1142.806669][T19054] RSP: 0018:ffffc90015277c98 EFLAGS: 00010246
[ 1142.812743][T19054] RAX: 000000000000006d RBX: ffff88805eeea008 RCX: fc3e9ad9d60a8700
[ 1142.820727][T19054] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 1142.828698][T19054] RBP: 0000000000000001 R08: ffffffff816f7d2c R09: fffff52002a4ef4d
[ 1142.836676][T19054] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 1142.844653][T19054] R13: dffffc0000000000 R14: ffff88805eeea000 R15: ffff888058a1d000
[ 1142.852626][T19054] FS:  000055555668a400(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 1142.861558][T19054] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1142.868166][T19054] CR2: 00007f8ed61ad988 CR3: 00000000783d4000 CR4: 00000000003506e0
[ 1142.876149][T19054] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1142.884126][T19054] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1142.892101][T19054] Call Trace:
[ 1142.895379][T19054]  <TASK>
[ 1142.898324][T19054]  nfc_llcp_local_put+0x5f/0x180
[ 1142.903349][T19054]  nfc_unregister_device+0x167/0x2a0
[ 1142.908643][T19054]  virtual_ncidev_close+0x59/0x90
[ 1142.913677][T19054]  ? virtual_ncidev_open+0x1b0/0x1b0
[ 1142.918978][T19054]  __fput+0x3b7/0x890
[ 1142.922976][T19054]  task_work_run+0x24a/0x300
[ 1142.927631][T19054]  ? task_work_cancel+0x2b0/0x2b0
[ 1142.932662][T19054]  ? rcu_read_lock_sched_held+0x8d/0x130
[ 1142.938305][T19054]  ? exit_to_user_mode_loop+0x39/0x100
[ 1142.943769][T19054]  exit_to_user_mode_loop+0xd9/0x100
[ 1142.949071][T19054]  exit_to_user_mode_prepare+0xb1/0x140
[ 1142.954625][T19054]  syscall_exit_to_user_mode+0x64/0x2e0
[ 1142.960190][T19054]  do_syscall_64+0x4d/0xc0
[ 1142.964615][T19054]  entry_SYSCALL_64_after_hwframe+0x63/0xcd
[ 1142.970525][T19054] RIP: 0033:0x7f9f18a3dfab
[ 1142.974941][T19054] Code: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44
[ 1142.994552][T19054] RSP: 002b:00007ffc90b754e0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
[ 1143.002970][T19054] RAX: 0000000000000000 RBX: 0000000000000005 RCX: 00007f9f18a3dfab
[ 1143.010942][T19054] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000004
[ 1143.018911][T19054] RBP: 00007f9f18bad980 R08: 0000000000000000 R09: 00007f9f18600188
[ 1143.026881][T19054] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000116c41
[ 1143.034849][T19054] R13: 00007f9f18600180 R14: 00007f9f18bac050 R15: 0000000000000001
[ 1143.042828][T19054]  </TASK>
[ 1143.045843][T19054] Modules linked in:
[ 1143.083772][T19054] ---[ end trace 0000000000000000 ]---
[ 1143.104580][T19054] RIP: 0010:__list_del_entry_valid+0x122/0x130
06:28:26 executing program 1:
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x150, 0x1403, 0x200, 0x70bd25, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'syzkaller0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'macsec0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'xfrm0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'pim6reg0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'xfrm0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bridge0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'pim6reg0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'vlan0\x00'}}]}, 0x150}, 0x1, 0x0, 0x0, 0x20000000}, 0x40)
r1 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, 0x1407, 0xc1513dd2e47cae1c, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_NET_NS_FD={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x6015}, 0x40000)
ioctl$SG_GET_COMMAND_Q(0xffffffffffffffff, 0x2270, &(0x7f0000000380))
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
sendmsg$RDMA_NLDEV_CMD_SET(r0, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0) (async)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)={0x150, 0x1403, 0x200, 0x70bd25, 0x25dfdbfb, "", [{{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'syzkaller0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'macsec0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'xfrm0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'pim6reg0\x00'}}, {{0x9, 0x2, 'syz2\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'xfrm0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'bridge0\x00'}}, {{0x9, 0x2, 'syz1\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'pim6reg0\x00'}}, {{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'siw\x00'}, {0x14, 0x33, 'vlan0\x00'}}]}, 0x150}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) (async)
socket$nl_rdma(0x10, 0x3, 0x14) (async)
sendmsg$RDMA_NLDEV_CMD_SYS_SET(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, 0x1407, 0xc1513dd2e47cae1c, 0x70bd26, 0x25dfdbfe, "", [@RDMA_NLDEV_NET_NS_FD={0x8}]}, 0x18}, 0x1, 0x0, 0x0, 0x6015}, 0x40000) (async)
ioctl$SG_GET_COMMAND_Q(0xffffffffffffffff, 0x2270, &(0x7f0000000380)) (async)

[ 1143.127051][T19054] Code: 6a 06 0f 0b 48 c7 c7 20 53 38 8b 4c 89 fe 48 89 d9 e8 12 7e 6a 06 0f 0b 48 c7 c7 a0 53 38 8b 4c 89 fe 4c 89 f1 e8 fe 7d 6a 06 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 66 90 f3 0f 1e fa 80 3d 95 cc
06:28:26 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000080))
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x10840, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r2, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000340)={&(0x7f00000004c0)={0x40, 0x140b, 0x200, 0x70bd2b, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x1}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x2}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x40c0050}, 0x40000)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0)
landlock_create_ruleset(&(0x7f00000001c0)={0x80}, 0x8, 0x0)
r4 = landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0)
landlock_restrict_self(r4, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r4, 0x1, &(0x7f0000000480)={0x0, r5}, 0x0)
landlock_restrict_self(r3, 0x0)
r6 = landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0)
landlock_restrict_self(r6, 0x0)
landlock_restrict_self(r6, 0x0)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r7, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)=ANY=[@ANYBLOB="4d9d00ce"], 0x10}}, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r3, 0x1, &(0x7f0000000100)={0x10, r7}, 0x0)
r8 = landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0)
landlock_restrict_self(r8, 0x0)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r9, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r8, 0x1, &(0x7f0000000440)={0x1048, r9}, 0x0)
socketpair(0x2b, 0x6, 0x100, &(0x7f0000000280)={<r10=>0xffffffffffffffff})
syz_genetlink_get_family_id$devlink(&(0x7f0000000240), r10)
syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r1)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000000)={0x38})
setsockopt$SO_J1939_PROMISC(r1, 0x6b, 0x2, &(0x7f0000000400)=0x1, 0x4)

06:28:26 executing program 2:
r0 = msgget$private(0x0, 0x490)
r1 = getuid()
getresuid(&(0x7f0000001280)=<r2=>0x0, &(0x7f00000012c0), &(0x7f0000001300)=<r3=>0x0)
msgctl$IPC_SET(r0, 0x1, &(0x7f0000001340)={{0x1, r1, 0xffffffffffffffff, r2, 0xffffffffffffffff, 0x20, 0x5}, 0x0, 0x0, 0x5, 0x2, 0xffffffffffffffff, 0x100000000, 0xfb8, 0x5, 0x8000, 0x5, 0xffffffffffffffff, 0xffffffffffffffff})
r4 = getegid()
msgctl$IPC_SET(r0, 0x1, &(0x7f0000002500)={{0x2, r1, r4, r3, 0xffffffffffffffff, 0x1, 0x3f}, 0x0, 0x0, 0x5, 0x6, 0x7, 0x7ffd, 0x83e, 0x8, 0x23f, 0x40})
getegid()
syz_clone(0x20080480, &(0x7f0000000040)="e1a9fd30e4af46f6be3e3211b7cc73641a246519e111744ad346465219f5697f72e981f0ab051c7a7a295242aa506efb93ef2a6a48ef25cbf610380c480736cbff119b56d978593835dec93d3be9618f292cf5cb26378f1cbaf8758dc5cba89ab75485128aa8c922259f268ee12961c60c01716bfa7f8d6b178afa9ab50fb567ce04106872d90c89b7de2c1187a115762d940a52c11a8f01e086896617cddc76e0b247f8ad1e3818bda5c56d48f9a65e417f339e9193e2fb6c9936bbb2922e55c1e2d197", 0xc4, &(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)="e3921003d959c8f6b05f5b8eafd2018d99104433d4c2e98acb281f314e5c2e19be6e")
ioctl$SIOCAX25GETUID(0xffffffffffffffff, 0x89e0, &(0x7f0000000280)={0x3, @default, r1})
getpgrp(0x0)

06:28:26 executing program 5:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$vhost_msg(r0, 0x0, 0x0)
openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
write$vhost_msg(r0, 0x0, 0x0) (async)

06:28:26 executing program 4:
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x20, &(0x7f0000000280)={&(0x7f0000000180)=""/6, 0x6, <r0=>0x0, &(0x7f00000001c0)=""/155, 0x9b}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300)=r0, 0x4)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$IEEE802154_LLSEC_LIST_DEV(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r2, 0x1, 0x70bd2c, 0x25dfdbfd, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4008000)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0x20, &(0x7f0000000280)={&(0x7f0000000180)=""/6, 0x6, 0x0, &(0x7f00000001c0)=""/155, 0x9b}}, 0x10) (async)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000300)=r0, 0x4) (async)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000080), 0xffffffffffffffff) (async)
sendmsg$IEEE802154_LLSEC_LIST_DEV(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r2, 0x1, 0x70bd2c, 0x25dfdbfd, {}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x4008000) (async)
syz_open_dev$usbmon(&(0x7f0000000000), 0x0, 0x4100) (async)

[ 1143.267945][T19054] RSP: 0018:ffffc90015277c98 EFLAGS: 00010246
[ 1143.277656][T19054] RAX: 000000000000006d RBX: ffff88805eeea008 RCX: fc3e9ad9d60a8700
[ 1143.286737][T19054] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000
[ 1143.297639][T19054] RBP: 0000000000000001 R08: ffffffff816f7d2c R09: fffff52002a4ef4d
[ 1143.307472][T19054] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
06:28:26 executing program 0:
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$vhost_msg(r0, &(0x7f0000000140)={0x1, {0x0, 0x0, 0x0}}, 0x48)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f0000000080))
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x10840, 0x0)
r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$RDMA_NLDEV_CMD_RES_CM_ID_GET(r2, &(0x7f00000003c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000340)={&(0x7f00000004c0)={0x40, 0x140b, 0x200, 0x70bd2b, 0x25dfdbff, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x1}, @RDMA_NLDEV_ATTR_RES_CM_IDN={0x8, 0x3f, 0x2}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x40c0050}, 0x40000) (async)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r1, 0xc00864bf, 0x0)
r3 = landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0)
landlock_create_ruleset(&(0x7f00000001c0)={0x80}, 0x8, 0x0) (async)
r4 = landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0)
landlock_restrict_self(r4, 0x0) (async)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r4, 0x1, &(0x7f0000000480)={0x0, r5}, 0x0)
landlock_restrict_self(r3, 0x0)
r6 = landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0)
landlock_restrict_self(r6, 0x0)
landlock_restrict_self(r6, 0x0) (async)
r7 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r7, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)=ANY=[@ANYBLOB="4d9d00ce"], 0x10}}, 0x0) (async)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r3, 0x1, &(0x7f0000000100)={0x10, r7}, 0x0) (async)
r8 = landlock_create_ruleset(&(0x7f0000000540)={0x6006}, 0x8, 0x0)
landlock_restrict_self(r8, 0x0) (async)
r9 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_SET(r9, &(0x7f0000001d80)={&(0x7f0000001cc0), 0xc, &(0x7f0000001d40)={&(0x7f0000001d00)={0x10, 0x1402, 0x4}, 0x10}}, 0x0) (async)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r8, 0x1, &(0x7f0000000440)={0x1048, r9}, 0x0) (async)
socketpair(0x2b, 0x6, 0x100, &(0x7f0000000280)={<r10=>0xffffffffffffffff})
syz_genetlink_get_family_id$devlink(&(0x7f0000000240), r10)
syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r1)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f0000000000)={0x38}) (async)
setsockopt$SO_J1939_PROMISC(r1, 0x6b, 0x2, &(0x7f0000000400)=0x1, 0x4)

[ 1143.318294][T19054] R13: dffffc0000000000 R14: ffff88805eeea000 R15: ffff888058a1d000
[ 1143.334693][T19054] FS:  000055555668a400(0000) GS:ffff8880b9900000(0000) knlGS:0000000000000000
[ 1143.358565][T19054] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1143.392403][T19054] CR2: 00007f9b195ad988 CR3: 00000000783d4000 CR4: 00000000003506e0
[ 1143.400574][T19054] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1143.419316][T19054] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1143.427364][T19054] Kernel panic - not syncing: Fatal exception
[ 1143.433690][T19054] Kernel Offset: disabled
[ 1143.438034][T19054] Rebooting in 86400 seconds..