last executing test programs:

7m46.758466609s ago: executing program 2 (id=1224):
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = memfd_create(0x0, 0x3)
write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[], 0x78)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000003c0)={0xc})
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[], 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
fcntl$addseals(r0, 0x409, 0x8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$tun(r2, &(0x7f0000000600)=ANY=[@ANYBLOB="0103ffff0900ffd5"], 0x82)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x12, r3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x1, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], 0x0, 0x0, 0x1, 0x1}}, 0x40)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan0\x00'})
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TLS_RX(r5, 0x6, 0x2, &(0x7f0000000000)=@ccm_128={{0x304}, "1b399373b44f512c", "108a0a7a34b2183379316f64ba2a24bb", "83db4204", "9739ebb775af6a17"}, 0x28)
syz_open_dev$tty1(0xc, 0x4, 0x1)

7m45.090639243s ago: executing program 3 (id=1226):
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getpriority(0x2, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000200)=ANY=[@ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20)
r2 = syz_open_dev$radio(&(0x7f0000001640), 0x0, 0x2)
r3 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2)
dup2(r3, r3)
preadv(r2, &(0x7f00000033c0)=[{&(0x7f00000031c0)=""/207, 0xcf}], 0x1, 0x6, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r4, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000ac0)={0x34, 0x3e, 0x107, 0xfffffffe, 0xfffffffc, {0x1, 0x7c}, [@nested={0x8, 0x142, 0x0, 0x1, [@typed={0x4, 0x8}]}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0xc, 0x2, 0x0, 0x1, [@nested={0x6, 0x17, 0x0, 0x1, [@generic="b82f"]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
sendmsg$inet(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000540)='`', 0x1}], 0x1}, 0x4010)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x200002, 0x30}, 0xc)
writev(r4, &(0x7f00000006c0)=[{&(0x7f00000005c0)='I', 0x1}], 0x1)
sendmsg$inet6(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)='h', 0x1}], 0x1}, 0x20044800)
writev(r4, 0x0, 0x0)
ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r1, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x63c, 0x1, 0x3, 0xd59f83, 0x19f5, 0x3f, 0x7, 0x3, 0x6, 0x2800, 0x2800, 0x12, 0xba2, 0x5, 0x3e, {0x8, 0xffffffff}, 0xd0, 0x9}})
getsockopt$inet_buf(0xffffffffffffffff, 0x6, 0x29, 0x0, &(0x7f0000695ffc))

7m40.307007971s ago: executing program 2 (id=1232):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee200090582"], 0x0)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000140), 0xe)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r2 = creat(0x0, 0xecf86c37d53049cc)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000004c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000040)={&(0x7f00000be000/0x4000)=nil, &(0x7f0000a5a000/0x4000)=nil, 0x4000, 0x0, 0x18100})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000500)={0xae, 0x0, 0x1d, "191bf923da3877d1075712619428c35d795e85a4d853f36f9055b20f7e312e5ec94cb92ef4e63d6cb1572876855a1b81b326db48b13783df94949c10e067a906425e6bc53f201ff4ba9ec1390c9b992023ea7be1992edb3e8415c4bda552bb1b24c0d1c4a6455b3f0266d8e5cf99429d7717a12c8eb0b8e3e82137f2a910e87aafdc2567e64c24c9387b9aeb5146f41499c3327c935563edd3c1b4c823e5afc524ee68781cb918b5efc339fbe8f5"})
setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0xf, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)=@generic={&(0x7f0000000180)='./file0\x00', 0x0, 0x8}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wg1\x00', <r6=>0x0})
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb0100180000000000000094000000940000000800000006000000000000090500000001000000000000090300000003000000060000060400000004000000040000000f0000000700000005000000828d00000d00000080f1685e0e000000ffffffff0d0000000700000006000000000000010000000050000e030e000000030000130000000040d10000090000000f00000000800000010000000b000000020000000200000000003000005f5f00"], &(0x7f0000000300)=""/121, 0xb4, 0x79, 0x0, 0x8, 0x0, @void, @value}, 0x28)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000800000000000000", @ANYRES32=r5, @ANYBLOB="0e00"/20, @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="0500000000100000000000000000000000000000000800"], 0x50)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000000c0), 0x404480, 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000f10d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r10, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e507646dcef67df33c9e9", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x4c)
read$FUSE(r9, &(0x7f0000000880)={0x2020}, 0x2020)
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f0000000440)={'wpan1\x00', <r11=>0x0})
r12 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000640), r8)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r8, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000780)={0x2c, r12, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_PAN_ID={0x6}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r11}]}, 0x2c}}, 0x40840)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f00000028c0)=@ethtool_per_queue_op={0x4b, 0xe, [0xfd55, 0xcf1, 0xffb0, 0x2, 0x58ab, 0x1, 0xffffffff, 0x7, 0x6, 0x7220, 0x45, 0xd, 0x5, 0x8, 0x3, 0xfffffffb, 0x5, 0x6, 0x8, 0x8, 0x200, 0x4, 0xe0000000, 0x7, 0x9, 0x6, 0x54bb8ba6, 0x7fffffff, 0x6, 0x400, 0x36, 0xfffffffa, 0x5, 0x5, 0x2, 0x1ff, 0x9, 0x3, 0x0, 0x4, 0x3, 0x0, 0x10000, 0x7, 0x3, 0x3, 0x7, 0x5, 0x4, 0x2, 0x0, 0xd, 0x31, 0x2, 0xffffffff, 0x8, 0x7, 0x80000000, 0xd0d, 0xe68, 0x10001, 0xf, 0x1d4, 0x8, 0x80000001, 0x3, 0x8, 0x697e, 0x200, 0x9, 0xe3, 0x8000, 0x7, 0x400, 0xf, 0x6, 0x9, 0x800, 0x1, 0xe, 0x80000001, 0xae, 0x0, 0x1, 0x9, 0x4, 0x2, 0xffff8001, 0xffffffff, 0x0, 0xc9e, 0x3, 0xfffffffa, 0x7fff, 0x4, 0x8, 0x87ca, 0x1, 0x3, 0xa1, 0x7, 0x80, 0x5, 0x8, 0x6, 0x7, 0x6, 0x7, 0x2, 0x8000, 0x3, 0x9, 0x7, 0x8, 0x3, 0x7, 0x7, 0xffffffff, 0x7f, 0x3, 0x3, 0xb, 0xad, 0x3, 0x9, 0x2, 0x7, 0x7e], "9c8d50f78d1e4bde05015f1f956718fa80254bbd09c7deb8bcbba3f78ffb54902e5c8cef9c6e76e295c3b148d17b31e9e54a26732513c0a4f4959775d2a68ff743802e743c68c0edc402ab76a9a53210ed92e3519deac8fab3b414e9649208db86849c30b2bc6cc198771890ff98a9d66d152fd38d4a88f54472ede217f6cd8c44ee63bfb6aa4950b9d2ca4796bac836dc02ace1ee60a63e904b0edcd456c3b2a5a455e62d5c87f8dba4fd5c9d4620138d3d086a697ab64fc48b441521bb1061f411c8349b2503f02f1c6ed3ce426ad25631c9beaa9f50028adda42689437e50a14ef55aad"}})
syz_usb_control_io$uac1(r0, 0x0, 0x0)

7m38.737129064s ago: executing program 3 (id=1235):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
dup2(r1, r0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r0, 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x204a83, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x82000, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, 'v\x00', "07f217bd74511f465bbbd5de01000000f91800", "0000f600", "8ce63ecbc640735f"}, 0x38)
close(r3)
r4 = fsopen(&(0x7f0000000080)='rpc_pipefs\x00', 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x2, 0x4d, 0xfffffff8, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3e5b, 0x1, 0x45, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x3, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x5, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x4, 0x5, 0x0, 0x1f3, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x0, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0x9, 0xbf, 0x2, 0x3, 0x802, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x8, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0xfffffffd, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000240), 0x88002, 0x0)
ppoll(&(0x7f0000000300)=[{r2}, {0xffffffffffffffff, 0xa000}], 0x2, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='freezer.parent_freezing\x00', 0x275a, 0x0)

7m36.400981639s ago: executing program 1 (id=1239):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000003800010324bd7002fa0000ca07"], 0x14}}, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x7c8})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f00003cd000/0x1000)=nil, 0x1000, 0x8)
mmap$IORING_OFF_SQ_RING(&(0x7f0000843000/0x1000)=nil, 0x1000, 0x1000007, 0x401d071, 0xffffffffffffffff, 0x0)
readv(r2, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/70, 0x20}], 0x1000000000000078)
socket$nl_generic(0x10, 0x3, 0x10)
socket$pppl2tp(0x18, 0x1, 0x1)
socket$inet6_udp(0xa, 0x2, 0x0)
r3 = gettid()
timer_create(0x1, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r3}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r4, &(0x7f0000000000), 0x10)
read(r4, &(0x7f00000017c0)=""/4090, 0xffa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002700)=""/102392, 0x18ff8)
msgget(0x2, 0x316)
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010027bd6000ffdbdf2505000000080009000200000008000c00a80a000008000b00000000000600010007000000"], 0x34}}, 0x20)
r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r1, &(0x7f00000003c0)={0xfffffffffffffffc, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r7, 0x1, 0x70bd26, 0x25dfdbfd}, 0x1c}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)

7m36.378996643s ago: executing program 3 (id=1240):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000495"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
r4 = userfaultfd(0x1)
r5 = openat$sequencer(0xffffffffffffff9c, 0x0, 0x8042, 0x0)
write$P9_RSTATu(r5, &(0x7f0000000580)={0x239, 0x2, 0x0, {{0x500, 0xf8, 0x0, 0x0, {0x0, 0x0, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x1b, '\x04nodev{evoo~\x059\xc6\x00\x05\x00\x007\xd9:\x8b\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00+Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x03\xb4\x94\xe1', 0x1d, '\xd2\x99\x98\x80\x14\x98l\xe9\x82\xcf\xc2m\xd7\xc5\x00\xf0L\xd8_*p\xf5\xe9\x93\x0e\x97\xa5\x9ad', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xe2\x89\xdad\x9a7\x00'}, 0x12c, 'odev/n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x239)
ioctl$SNDCTL_TMR_CONTINUE(0xffffffffffffffff, 0x5404)
close_range(r4, 0xffffffffffffffff, 0x0)
sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x13, 0xa, 0x801, 0x0, 0x0, {0x1, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4004}, 0x20000000)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_mreqsrc(r6, 0x0, 0x26, &(0x7f0000000040)={@loopback, @broadcast, @private}, &(0x7f0000000080)=0xc)

7m35.29073285s ago: executing program 4 (id=1241):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0), 0x780, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
mknod(&(0x7f0000000080)='./file1\x00', 0x0, 0x7)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000000), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}})
write$uinput_user_dev(r2, &(0x7f0000000300)={'syz0\x00', {0x6, 0xab43, 0x76, 0x7}, 0x16, [0x6, 0x5, 0x3, 0x2, 0x4, 0x81, 0x5dd, 0x0, 0x3, 0xc, 0xb, 0x7, 0x9, 0xaf70, 0x727, 0xffff, 0x1, 0x2, 0xc, 0x8, 0x73, 0x1, 0x10000, 0xc1f4, 0x800, 0x8, 0x8, 0x2, 0xa, 0x7, 0x101, 0x9f, 0x9, 0x2, 0x7, 0x1, 0x1, 0x10, 0x0, 0xe3a, 0xd, 0x4, 0x1, 0x6, 0x9, 0x0, 0x80000000, 0x6, 0xffff, 0x63, 0x4, 0x9, 0x5a, 0x0, 0x8000, 0x1, 0x8363, 0x6, 0x7c3c, 0x3, 0x2, 0x7, 0x1, 0x5], [0x9, 0x2, 0x9, 0x1, 0x1, 0xfffffff8, 0x3, 0x7fff, 0x7, 0xa, 0x9, 0x9, 0xd, 0xab, 0x9, 0x2, 0x7f, 0x5, 0x0, 0x1, 0x8, 0x4, 0x5799, 0x1, 0x524, 0x8001, 0x9, 0x8001, 0xba10, 0x7, 0xeed, 0x200, 0xffff, 0x7, 0x2a9d, 0xfffffffe, 0xa0, 0x9, 0x9, 0x400, 0xdac7, 0x9, 0xff, 0x4, 0xfff, 0x2, 0x6, 0xe1, 0x8, 0x3, 0x7, 0x1, 0x7, 0x0, 0x0, 0x1, 0x6, 0x5, 0x4, 0x1, 0xffffffff, 0xdb, 0x401, 0xffffffff], [0x7f, 0x8, 0x800, 0x1, 0x2, 0x7, 0x6, 0x9, 0x52364dfb, 0x6, 0x7, 0x5, 0x5, 0x0, 0x8, 0xf, 0x9, 0x1, 0x6438, 0xda, 0x7ff1, 0x24c, 0x8, 0x3, 0x7, 0x0, 0x6, 0x2, 0x7, 0x6, 0xfffffffc, 0x5, 0x8, 0x7, 0xb, 0x5, 0x6, 0xff, 0x2, 0x101, 0x0, 0x9, 0x8001, 0x6, 0xd58a, 0xfffffffe, 0x7, 0x7, 0xc, 0x4, 0x2, 0x5, 0xa0b, 0x900000, 0x1, 0xfffffffb, 0xb5f, 0x26000000, 0xe00000, 0x5fb, 0x8, 0x4, 0x8, 0x2], [0x4, 0xffffffff, 0x1, 0xb63, 0x8, 0x5, 0x2, 0x1, 0x6, 0x9, 0x73e000, 0x7, 0xffff2f4e, 0x3, 0x80000001, 0x6, 0x7fffffff, 0x3, 0x5, 0x8000000, 0x2, 0x3ff, 0xfffff422, 0x1, 0x0, 0x28, 0x3, 0x9, 0x1, 0x4, 0x100, 0x2, 0xff7, 0x2, 0x2, 0x38, 0x4, 0xf, 0xfffffc00, 0x5e0, 0xffffffff, 0x1, 0x81, 0x2346, 0x8, 0x7, 0x3, 0xfff, 0x3, 0x3, 0x6, 0xfffffffc, 0x101, 0x6, 0x1ff, 0x4, 0x6, 0xa, 0xf2, 0x3ff, 0x6, 0x7, 0x7, 0x8001]}, 0x45c)

7m35.23337605s ago: executing program 3 (id=1242):
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = memfd_create(0x0, 0x3)
write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[], 0x78)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000003c0)={0xc})
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[], 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
fcntl$addseals(r0, 0x409, 0x8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$tun(r2, &(0x7f0000000600)=ANY=[@ANYBLOB="0103ffff0900ffd5"], 0x82)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x12, r3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x1, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], 0x0, 0x0, 0x1, 0x1}}, 0x40)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan0\x00'})
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TLS_RX(r5, 0x6, 0x2, &(0x7f0000000000)=@ccm_128={{0x304}, "1b399373b44f512c", "108a0a7a34b2183379316f64ba2a24bb", "83db4204", "9739ebb775af6a17"}, 0x28)
syz_open_dev$tty1(0xc, 0x4, 0x1)

7m34.010831707s ago: executing program 1 (id=1243):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r1=>r0, {0x9}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {r0}}, './file0\x00'})
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a0b040000000000000000020000054c00048018000180080001006f7366000c000280080001400000000430000180080001006e6174002400028008000140000000010800034000000014080002400000000208000440000000150900010073797a30000000000900020073797a320000000014000000110001"], 0xa0}, 0x1, 0x0, 0x0, 0x850}, 0x0)
close(r0)

7m33.619122581s ago: executing program 2 (id=1244):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(0x0, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x6, 0x200)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000480), 0x8, 0x0)
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(0xffffffffffffffff, 0x21, &(0x7f0000000440)=r3, 0x1)

7m32.064160475s ago: executing program 2 (id=1247):
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = memfd_create(0x0, 0x3)
write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[], 0x78)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000003c0)={0xc})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(0xffffffffffffffff, 0x3ba0, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[], 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
fcntl$addseals(r0, 0x409, 0x8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$tun(r2, &(0x7f0000000600)=ANY=[@ANYBLOB="0103ffff0900ffd5"], 0x82)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x12, r3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x1, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], 0x0, 0x0, 0x1, 0x1}}, 0x40)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan0\x00'})
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TLS_RX(r5, 0x6, 0x2, &(0x7f0000000000)=@ccm_128={{0x304}, "1b399373b44f512c", "108a0a7a34b2183379316f64ba2a24bb", "83db4204", "9739ebb775af6a17"}, 0x28)
syz_open_dev$tty1(0xc, 0x4, 0x1)

7m28.092682207s ago: executing program 1 (id=1249):
sched_setscheduler(0x0, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
creat(&(0x7f00000005c0)='./file0\x00', 0x0)
socket$pppl2tp(0x18, 0x1, 0x1)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_group_source_req(0xffffffffffffffff, 0x29, 0x2e, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x6, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x4}}, {{0xa, 0x0, 0x4, @remote}}}, 0x108)
r3 = syz_open_dev$radio(&(0x7f0000000100), 0x1, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f0000000140)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f909, 0x8000, '\x00', @string=&(0x7f00000000c0)}})

7m28.092115219s ago: executing program 3 (id=1250):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000001c80)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x8, 0x5ac, 0x246, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xf7, 0x80, 0x2, [{{0x9, 0x4, 0x0, 0x1, 0x2, 0x3, 0x1, 0x2, 0xfb, {0x9, 0x21, 0x4, 0x7, 0x1, {0x22, 0xf2}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0xff, 0xb, 0x8}}}}}]}}]}}, &(0x7f0000001d80)={0x0, 0x0, 0x0, 0x0})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x94}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r2 = openat$smackfs_ipv6host(0xffffff9c, &(0x7f0000000040), 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f000001dbc0)=[{{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000400)=[{&(0x7f0000000880)="fb3280faea5b9340fa62b8c1fdec133176209629de411fddbfd07ad77de81800ef84f4b14ab6fd73e91cf726932477b6f62cc524fb7a76d516afe7d5a198b3527bc4e117c7a6e846d812c853099ae88cbc5d01e1fc", 0x55}], 0x1, &(0x7f0000000a40)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32, @ANYBLOB="0000000000000001f2ffbc01000000", @ANYRES32=r2, @ANYRES32=r1, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x70, 0x4040000}}, {{&(0x7f0000000d40)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000002140)=[{&(0x7f0000000e00)="53440da56f4964f981d0077e46e30e357f6054075f26398fda0b3ae577149278f5e5dfa9b7b843", 0x27}, {&(0x7f0000000e40)="f68de94f5680261e1a526fe76d5ec68829ec785ebea14d6818c1a150b350271b3b874dd6fd4c8b93482084d019bcef751620ad6d5c98353588c7dd9f6d3ff5898110f293832f1f9c3588a94ea7aaa48c1d5563eef03ec3869de17e808af8d89bcfb88dba82a41e0f201a9efe1226bda4e5a0c1c85549d7c50662a67a10e337387f76e83171bb808a1be49ef66f8298a8d3ab90c87be3936f2f9bf15a69ac56a7512faa05e5d2e3a065c95f658c07eee45ad9dd18d0890fc2d2a1", 0xba}, {&(0x7f0000000f00)="1c2616823b2fa8903fc3d0146f73041f596f62d00e841cbe1ae96fed1cc4db388f0bfe02a09f6a84f02516362fa0b38c7043d74fa12a7f0b095a14e8560615b9348b40a075f0cef27efb7a8977b5e8e120b0123f67e48adc124a674af4fef942bb10a0da3bc04e847631a0f06e4914a7ed27ee4cedf5ac866427cb26ae4e61290d084a3608ce2bc4d53097cc5dce3b9dab0fb0c55ff4863efcc8f1d609e498e38ba58b798d38d73763709dccd81c70f0ae6c49083d1bd0bbf14e0ee3303436f053cd5e7cf9e92db90ef2b79badbd37e65627a8863d8ed701593eb3428b00914aa5683e4aae6387d298522631c23d48ceafef21455b625bc7afa8d4cd0e77fef51795599983e410f265dfcc429e33473c98254fa9730d17c5b0e302622cfa9d3ae43d91a842fc8e27301f8462da675b751afe17db9216ccc34bfd8c39b26b75692b0fff1b7e884fc808cc1a215f050c675c7d5fcea92e6ce10ed450d384dcf5fa8e911c1c79e4be849bd001b6d1d4fb1c1fb5c0b8cf357f75d7bb3f455fb8ae0d28be2e6c93d103e205c47cd286d487f10319432fad1c61a3baba10408315125d7965063dafaf4a07651ae24346f151f7aa13ce78f1ecf67885cb895f6e29d0c118caa8d15613191d4685962f68014df2e0c9e37e2a6745c6ef447a7e784d2a77dbdfa8b978d0110621f5743cecd9a73bee318693ae9c54c5961ef008af42c741a74abedad316e500e5bfc9ef6b0d8925b3bc7bfa5b4b3a59ca2be52ee918442b73d0a5c592a57fd2453affe600236920d28d103d390a7872bba04e205335d007cbc14f468597fb9ea7eb63569818f77c570f6ad8f99758d8d8cb9fbc9edab8288e73ff9bfe52bfaca4dfe9c04788fb4e6af1622aa196a2d96e0bbd1d7aad0c8b271db7615739ba6f9beef26fe613451e50000dcf9613dc0c3c19add3d89b8ebc7c44b9b8207c0ee09f344487f66cf6330d8ca56d22398c5c52cd64d74240340d074aee0a3840706daa25bcf8a982d1bee8061796c602997d4412ab447eca2a5bfb2b00ec4d552c1bf68610d84db4ead5868ca507adff0f0dcf12cc7d2185bd33e07aab13cb85d4b73633ebc825203376aef153fcf5a3d1d74ef4a3f923a2feddf2113875e38905494b82c692eb20ff9a521c56e25469a6d911f97d8ae6926e0f8911d8bfa1c0dc10c4e2d1115d9b0380f7ec07aaa9e15fab477bb971cd960e0e12b1a9eebd098abeb7a40e3defe517504ede1c73a915176f90a64116bae5c3e08cfc9aa42630bdd3f8f36d9784d52226893ff94a7723fd056d2827a5da5c7d702e501c8c57e6dbe5d9573b0dd9e503ea39dc1363e78c5e1db5ef08c864ec6785c529a81e51e1be272d538336ab3d5c53c2c702bd40b8b54829e96b1cb05790fa7c1673ab67cae49f42c1e4311905bb2e753e5bae08aef8e6d506c694ed6011643b8cc955b6f8077528b256136e737c6747aff29c00c2fe5982bf9359f2f6e14c4156c2a9100ec1185ce4230bfb7194dfa7d69062dd294ff48dc6013fe01697db7afad5ceb26570c8ce853569648ecd5c410fa4865bf585732fb5eb815425ddabcbb6c6dbc18ee1446b106b257f57bbc1cb8eab053af76354e99dd3f75634108b21f3a3af1828e85caa8f8d423a2405966d9c39d3ae9ea279734714c0cd55ddede8d8857fe172c2a5f1d07ec0bed1d8d58099281624b0beb3b17913d9e8910e915e387811b5a73903fc9fb04f515f3bd277275449b4f4ba2d33ea70fee4b8c884717a2859f6fa2751361c59522ff576e0fa8ae60abe44d721b9ef95bdcda7c137732ef67b2a178e981a198ebd00e4931ef1e0faeb8e435459428d899853a38084b235b92bdc702fa87f3fb83cdbc3b4ca5258ed88acaa8b062a0829a1d526cd900aa7c3ddb80944457a9e9e4ef3cbeb1e671f0282cec27340da9b0357ef22c1aed6ec236f0c30acbca71a7d10a1879c8b9c1fb2bc7f92652f380e0a8ec77e34aed203038f8e3f41afd7af30bf1856ce62a777d6f719bf02f955271a73d4a8348ea7465cda938baf675b4558715cd0d6d5d9f0832e60401e0921ab424b57cce0eb862a87e620ae6e7658bfb702be00e15c6f7aac2127cd16c9aa3eb56a341440c7ce11cb7a7972c8b320a082f5d406de51c36bc4a07df40095795ec133aeac66a53016173ef09929b078f4fd6ea3d192fb148692de088935438823e1f2a9686a584899ff4bcc4d6b81adc6c435d6aff7434cb4f3f9e392b85992ea5b68946bbd31e1c60354539149cdc70f3942a7915442ce6555cc8cb1ef1a4c41328cae043027ab3074b97ad5379bf231ae71ca6c8a095ec98923320a892f7c3a736f0783d3dde25ec8c3ca40abc1145c1a05005c5ddc856266e0b8dd34ce75d8ee10d6af31495d7c46895d8987d07f8b917e01a205769e4bccb7d019ffde1c46c6ac97397ba18ca0cb44bd4285891a8cd0c2a3138dab79312fc1dd830358142cb60e37cf8b0250132ac54a0f29c1593781f08f3aaaae6407e47a191beb3bfa34604f4bb2f3c72949eaa6133f99f166f71e80058781e73e592c3beeaf4dda2a8bcde5ffb163f1348c974785418c31e338723252e43ae17f9ce3b43f877a9e6c1ec4a8ed9e3468be750eeaf30be3ef75eb3d8a5e0b4cb7bbc7d0c2982ab202bd5ccd07ea69c9c771c5e180e31a490a33dbfe337141222107a51c03fccf2f79287cc902154bf13c3f17f5659462b3096e34774f33bc4d2636cfe7756d5646d5ca3dfef02bcdec678448401ee9fd23af6c1426e2dcc1ce99685fff144bd1c9626c82e281a1c350dc62c1bbd9e87cd5a6f89957683433c518c03f5c4ad72272be97241b9740d7c260af7cc0be011f32da0844eccf640632327a270b43844c097fe973aa5699c3c852f4c0e27806c883468153a6bc202187cdb8ac774be73148ba9ca843764ce5720811c53f4cea5d26a69ae18e8ce5e10ed36be0adbe159c0b367098a3a74793ab08f34b165d26083a9b3eee1498aeccf0f7d483158bdef3a15d4d371eeb37c5b07dced205c15bc2db2bf7bbcb70d97d64dd4e03a3e909195ed22d15cea89bdb9a6bbb06f0e8506751dd3fecb1a0b10c8e3df03211d8f84cbb45f4ca9d0cbbf0ed2eed3a243a06b6240ee5047fa5818010bbcdd914cccfd91770f19fa0d5e60ce879cadd187aea826cbc931bf4aced2bcdafa5ebe4ede472ac52e06c095eeb0811a8768902278a82e4861ab22a1bf39db347c3155d799b35eda8b2f755c27e964f8fafc0b069cd0b1d890a7bf2abf89e39679ec177b29105a79f8d48ff3df69cc2146d83f1348e6dbb63466d6be689da91eb3a41871dd0edb53ad351efc55c71e45ee696a5f8ce3e5d646ef18932e1f2410f10d7c63079124435d09f3e5f4aa1931a40be2928ca78e507556cb72472b9aceed7fb0ef471a99c05b7c4a0ca213c6e9869e54b282b954b410aa048218cd5bd19079ebb3070cb05bdfb04949f3ee5754db3fe1d05e4db3c31313155fb1708a8a9f6bdfcbc64b9b9e26bb20b6a0e4a488180ae5af8e719e44b4befd21117092df01ee6e1154919fc95395d1d09f8de670cc69a517850977b1b8658bc3c1a382e47775efe6f7ed158aec419a256e9e004379003344776bfe55abcd9d931834d2fb8efaed5fc3a976e890becfc936f497a9c28599b602f67ab9f38e4b03471bbb48353cacec857002b53886204abbe4c3a4068fbff883c03c8be7fbf2054cc8ea35e85f2d92944d8bd47d8184722f6aa4436cff24fccf8fc59c588765c5e80d26f4bc7b80a115a133282b098e20309e4c1beb41648f851975037e7455186ab2f0fda7917a460c436ccbbdaae4790b437deb0651efce138aa6644ac109c436b2edd49d0c889fbf985398969501d8cc0c885777cfc7f587e3fe5b09d3623e4e7732796842498641146eb11601a986eedb174e9f70fcf327c9bf73c82ebfdcf15861c573fd87349c50cdd6fe52364772d08671c829b980525a3df3db243be23d7fa9bd111a5cf03208d2fd6fa5daebf3d6cc6f9960728bf7fa75402a40099eabf3cf820880c477fd2dbb98c0c42429c3c82632b0c55f1594a3c874605b27df8487294fd56c6749bbe2aab7bb5d4819eea1b1e521f365ba6356261c8c2cbc440c13011e2f747a5e1d29f9be60d88b452fa43e7ddcfb8ed987e157679ef1b7f6cde9ad0fb003b3418e607d22388d70badf78f8ef6701e0f729f229b3aad64e02882f647ee872b4e75f47ce036e3ea6fe7e5fe491e08f9f15473df8d8ef520748f466db75d728af0f0021b459c753e004421550b917cd04cc4fa5d88f6b1a93b2444aacb7b87b2403ffd8259f340178a3cb48bd4cf565cdd5825013d0ea13a1f7c80d5b15dd97e58fdbfdf854af0beadcd6e207b1c806c9eb71d04d97bc6cd6fc6c96b5de5df771d72d97b3c8d60c10a91c82649bfbbd98597174df63fe5c87f5dd56bc9db890bc5702aa2ea4b5fa80967d94daa24008a0deb5aa38468548e0605ec19d30d00f432953ea4ec6cb5bf5f34893bcd393c93a7d4487e3fd4cabebc250eaec63aa79d804599aa69fedbf4c63eb818db39f6ffc4701baec551e2a82bd73b9bee14e84a48544a5c697353f587d7d2c72c17e0d7f846724d4268ad4048f0ba544a10d7130b4c67a6613d27d8247e74072c6b73ba83428752522ce2c6c5ab74302f85a8203011fac61863a4f939ef5c225a3099849479ea64c60503dd5af56b92d4a497e058d7dd5e8ba65ebec7e044064d2d5a59d7d73da48f238013a3954096b6004018d0b0fd081639955e3b5c773d5454f5afa9990dd0b7bf785d912018e57e88972f234aa3f5bddc634a40ad653c874c772211ea1309e09d8f1ecbe161751ebccad08e2e7989797fc5034e4472b212691529b4b13c92a6906d4ea91e70825c5546841279b0010a4b170d5af9a772d9d29099f7cb8121f16eb159ed0fb04c1531ff6b9a829ac72a7b26644715f359ed0d4a43f17eb7ac252c3f18364808e4aa245e86b8cae60d3350f161924233a1321ac8c4ab8a62de205159a744021945022ca7a7d369495a76db04ed74bc3b0326a0a4b893cf339601c6c78521bce5a311e25be8fa88f6ca9baaf072c43ff4b4b0dd9e8934ccb66aed81c7d34e0d4dfb63bfb74a49d9f3834004618058c4ea4c2732d18ddcca0d86fec8e3d182800742b9dc0735eea71b66c3f8d6039a45abecb4d4e57587484ce1045f1782c6c183169a61cbd020d0ca9953d05c3deb3a01dd919f286888ab335205404c35c917afcf98f2e1329b8e2d791f065277e07244b941172fcb1c2ac7a741f014966a3064714e63de550a216d6c6c5116bbc0c65c5b7116bb0d56f5251f2f7e092c6a332fc767ee017dd92f23a319daeb9e4cc084d51de7b7055a004826e2fe0fae86a1f1f9dbd9b7490a4534cbddfb4620e5fc1af47ff92b6c18ef180fab58832fc5af5729180eeaec0dde2c9d0a55bc4e5cf48312baf2ba532f6cd5383348ea39637f943ec488f0a9d59c7218a81559eb51c3157967d77a3a8cd12b46b022cb262ccdf51ad1cf53019fd79125e9a2c11cc0dfa3627353619baed80be26cc6d531f805d87f914cb43d4c65a7d888621edf620ac7d044f4baa2a75e7459bcd4e4ffd22cd0b7ded2b7f91886b3498b9b9e8891415504248da18bcba95ee5389864e397f957c242d9475216c01f8483a43a5544d06cecbdc586ef401d2b4e0afb6fe29c223c7b173be74a3bcf7e9f9ef5825870dce541317c18b62e16c1c934862894bcbc42e02b636bca7f0b025372f90b6aa72e14cbcc6c", 0x1000}, {&(0x7f0000001f00)="8c66253a8e55332f964830257e64c6eeb3b7428a", 0x14}, {&(0x7f0000001f40)="45b90945366352db6bc48a52c9496df29764d82d361978721e157a088824aa7d7c9620c6588d4d9c33377b926901bc9eee6a0917a50f7e4ea4d62ba121b4103fe368d01bba7588e7d1d36d93ecb127e3d8a682b444ce3b5b23a4a3a68d5d399a71ecba895c2fd6e90903d094594f366cedb0062a8ffc3f047b9ae1b55e1e553cc4bc78f7eaaf6094c4250cb2126e6c210899840fe02bc29032e71022dd0f9bfe2942e60c97274fce9b63a123e39a270016c7e7074d8895a6bf0ab67f1e66395b1d9dffcd1a40a370f56e", 0xca}, {&(0x7f0000002040)="ea2a4c7020ac7e3412aeb3445b8fe1d087fd0907007684f85a2f87f446b243438790769a0ca0622faac17dd182f8d377514915fa8cf2ba47e18bbabb13d2e6c194fe27fd7480703438e02c0a8e67a32cb4e7b9b21b3af615ee1fd373663c5d0797d3301f6d90fca010d757e16803588eaf21a29a095e8811d17b973ebce6d7faa4e4d6ef3b91e92aa46295c5fe7078e8a8ff84d85cb93da6fe226ac8f8dcd6ef77969d19062b7f114dd9ab857c1b78a9b33b873002296d010a37ccd6a7e191d82a458109b9d64ac73eb1ff6b564bf555d48b2d00abfbf76241c671693eca7d", 0xdf}], 0x6, 0x0, 0x0, 0x40084}}, {{&(0x7f0000002240)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000021c0), 0x0, &(0x7f0000000900)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, r3]}}, @rights={{0x20, 0x1, 0x1, [r2, r3, 0xffffffffffffffff, r2]}}, @rights={{0x28, 0x1, 0x1, [r3, r2, r1, r1, r1, r1]}}, @cred={{0x1c}}], 0x80, 0x24000040}}, {{&(0x7f0000002580)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f000001db40)=[{&(0x7f0000002600)="a082d591f19eafa5500ffda96ec07045885f8e528d699e9d5c86217ef746906463ad1f0355b9f50dd456e84f80eb18f8d36088b3fd03d8796209c35f861222b395a967f4e9536e90f933907b4fbe9dfc0133f3c2e88c072ab6b5d9dc137017d0bd2fa5d9c0fbbb56074fdea0c3133d362f1d95484851d53b6a2261c6e575a9b1a544869b", 0x84}, {&(0x7f000001d740)}, {&(0x7f00000026c0)="fd", 0x1}, {&(0x7f000001d800)="445ce6def1b4b9c8cfa05dee78422a7018b4c629d60b7fb5959422597878581549e09d5171b1197e19a3679570891e5c43cd9f9d2ea0b04c7a47222fe63e3899f3ee2dad437146bdbc1a00350aaa932747a2729de017030aaa71f78f0421eb2db32732cb538991c118b824077735b7f437d20535f4fde179628104d40ffa67ba7e7c72e8a415072667268a5404c11203df30ac1c4f3a777cdd2f07da294b9d3cab41c2cb00c7f7f10bf6974e46bf13e22a1f341a81b63d6190bb9e463628565b", 0xc0}, {&(0x7f000001d8c0)="4eb198533a940f0d889126d86537c2dd9b886930c800e2f25afa57b7fb02597fcba46d1977f4e4d475b198ed42fb1bb010a72d3d26c3ad38652b3f5cddab8d138e0b9a0fc67f0d38f873c85e2d8a829273fbd51037423cbcd084b433a99d2612f6b7f002f14d9a5f0455e8479973cd811f2602a3b72ebef3769219f7decc8956ff2c802e19eb17a4a85064367e2a5752dbcd47c7ffb2c9ef571e5a2a7f3f4076d326931406e223d3015264a7fe5067bcdb324773e530a8b25798f285759233d43928b6e56e808c37baaeec0ed7d24e39a28d7ed602e1bd2ed933a58526411660c9b29782c8", 0xe5}, {&(0x7f0000000980)="2a3bf03113e65de706529ca2da9031e7437e932eb96f3aaeb96297e356bb021ae5366579aaf674e4c20c438612f9cdd48201e511c47102e5d069ed542dd20e2f6a8da94f45057ede30c0f6c4a21babae9e46c146f27ac11466c5fd1b159c94cb34722ac129e352292fe5b5e168f943369e095cf6c7d4098e39f9dc40b96e2d777b563ab153165b4147f4b66ca04c0c6473dd5a405e09826b39ca6708767335eb2025746fbb96", 0xa6}, {&(0x7f000001da80)="b3bbfa3412ddeb114750d90a92493e92e5e219a1d42c247adb1036438f860f969f0fb7679949ca4233056a4cdea549a99a047d4b79ab7af0deedb82e8d4cc68c88973e22e0b64ec84332d102dad8035fb5a3bb1df8e68501c5fffc7d13d43b921ce2f33984c7cccdc8b4b340e1b6a12c3a4aa89f4b271de43a18283b90e45dbb93b4395e783588", 0x87}], 0x7, 0x0, 0x0, 0x8c0}}], 0x4, 0xc0)
read$msr(r3, &(0x7f0000002700)=""/102392, 0x18ff8)
r4 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x9cb5, 0x2)
syz_open_dev$vim2m(&(0x7f00000000c0), 0x9cb5, 0x2)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000440)=@security={'security\x00', 0x4, 0x4, 0x3b8, 0xffffffff, 0xd0, 0x0, 0x1a8, 0xffffffff, 0xffffffff, 0x2e8, 0x2e8, 0x2e8, 0xffffffff, 0x7fffffe, 0x0, {[{{@ipv6={@dev, @ipv4={'\x00', '\xff\xff', @multicast1}, [], [], 'ipvlan1\x00', 'geneve0\x00', {}, {}, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x3}}}, {{@uncond, 0x0, 0xa8, 0xd8}, @common=@unspec=@CONNMARK={0x30}}, {{@ipv6={@private1, @mcast1, [], [], 'geneve1\x00', 'macvlan0\x00'}, 0x0, 0x118, 0x140, 0x0, {}, [@common=@unspec=@helper={{0x48}, {0x0, 'syz0\x00'}}, @common=@ipv6header={{0x28}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x5, 0x3, 0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x418)
ioctl$vim2m_VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f0000000200)={0x0, 0x20, 0x2, {0x1, @raw_data="ab4f50197556377c18ce2ac60148ff4159ec9f2626a3764c477053892bde648477f2412e4e45920efd9e4ed32463224f7c68ec76b27acb196ae1a9d4a2ae3bc8dd9959b57ccb8311438ecc503eceba88237db41267530b5c1a67025ffb48c5dc13f8a0d25774ce731e2ab75945cb7c708ed987e6821b128c6dcb4469b10f6a93e2aaccddf26d49ee6463a3568fe1f80288863c011b865892018f9f79eabbfae3c16db65f7f8ea37925df7c6e13aa93ef0d6523dc472739898e6a91df22e82edafda6a7930ad71aa2"}})
sched_setscheduler(0x0, 0x1, &(0x7f0000000340)=0x4)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r7, 0x0, 0x0)
sendmmsg(r1, &(0x7f0000000180), 0x3ef, 0x0)
r8 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r8, 0x10f, 0x87, &(0x7f0000000100)={0x42, 0x2, 0x1}, 0x10)
syz_open_dev$MSR(&(0x7f0000000100), 0x400, 0x0)

7m28.091745472s ago: executing program 4 (id=1251):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000000), 0x6ffffffffffffffe, 0x0)
read$msr(r0, &(0x7f000001b000)=""/102400, 0x19000)
mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(0xffffffffffffffff, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
getgid()
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000002a40)={{{@in6=@private2, @in6=@local}}, {{@in6=@mcast1}, 0x0, @in6=@remote}}, 0x0)
lstat(&(0x7f0000002b80)='./file0\x00', &(0x7f0000002bc0))
statx(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', 0x6000, 0xbe4e25775499bf45, &(0x7f0000002c80))
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002e80)=[{{&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000000b80)=[{0x0}, {&(0x7f00000003c0)="351094742a2f37ee2ffd31f1ba1dfc2c33a0171213a2b2b7e6232170e9d7e2b2dd20824f2e", 0x25}, {&(0x7f0000000440)}, {&(0x7f00000004c0)="6c93a1356832b2ef767435ae3bb22dd8063adf0231456f6573477a9808e89d934b030a34b319f689229ddfa9c05803a8c3effdfa5e41eb07c09e187e43236ebbf385ad1a9ec4df047b93ae8ca80b7b27748ca99eda2e0ebb2c7924a93853640a91f7a0e42803a15ee0e0c75eabc95807c7b364cd03553e92daa6b41def758821083ee75eae93b6c26a13de5a35b776500eaf9bfa02a3c643464208cbdfff31837335d657e9ef63e4d75d77a96e", 0xad}, {&(0x7f0000000580)}, {&(0x7f0000000640)}, {&(0x7f00000006c0)="24f818e5938dd361415bfd92a3e28b0fad0ca5c2b3080af06eb062b7cc7dacfeea3039402dfaad704c201e8dfdac06574c88c1fc3585fac042399bcfdc5da739b06f0287556102ca2e3d760b467059d14b992cf62e20c5630f10caee32cd05eebba594407c769912f080ff41871131dcf558b91c7ea7c4ec322e8a10588f4797b862215f1aa3f1104564fde92647604735fdac54fd9e177837400beba29d732b7290b9bd98e810fd1d29c0c27893d6c7a23841f6a2f2", 0xb6}, {&(0x7f0000000a40)}, {&(0x7f0000000ac0)="749c048303b3ff658443454249ef0decafadc25875facb2a9aeffb0e7945fc03f971ae69b5af8a7659ff0e6b007b15688760024cc94d0b57aa7d779c4f69facd4a116b72e4b60e07bc2307f11336b4e87d946a374678a81f10103009f8dce409efdc58d01c6b924113bb1e964fa893a9e0c03dbce8b4cf8afa1f10d1ad544bc562558f28d9d4d886ad21fd871f", 0x8d}], 0x9, 0x0, 0x0, 0x8000}}], 0x1, 0x20000000)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x80)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000380)='yeah\x00', 0x5)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x0, 0x2})
dup3(0xffffffffffffffff, r3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="5eaa000000000000791010000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

7m27.980327132s ago: executing program 0 (id=1252):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000495"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
r4 = userfaultfd(0x1)
r5 = openat$sequencer(0xffffffffffffff9c, 0x0, 0x8042, 0x0)
write$P9_RSTATu(r5, 0x0, 0x0)
ioctl$SNDCTL_TMR_CONTINUE(0xffffffffffffffff, 0x5404)
close_range(r4, 0xffffffffffffffff, 0x0)
sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x14, 0x13, 0xa, 0x801, 0x0, 0x0, {0x1, 0x0, 0x4}}, 0x14}, 0x1, 0x0, 0x0, 0x4004}, 0x20000000)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_mreqsrc(r6, 0x0, 0x26, &(0x7f0000000040)={@loopback, @broadcast, @private}, &(0x7f0000000080)=0xc)

7m26.857902087s ago: executing program 1 (id=1253):
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x40000, 0x0)
r1 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r3 = epoll_create(0x5)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000040)={0x10000004})
epoll_wait(r3, &(0x7f00000000c0)=[{}], 0x1, 0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000004500)="d800000016008111e00212ba0d8105040a601100ff0f040b067c55a1bc0009001e0006990300000015000500fe808178a8021500030001400200000901ac04000bd67f6f9400710016277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b116", 0x66}], 0x1}, 0x0)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
r6 = syz_open_procfs$pagemap(0x0, &(0x7f0000000140))
ioctl$PAGEMAP_SCAN(r6, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f000014e000/0x1000)=nil, &(0x7f0000e18000/0x3000)=nil, 0x0, &(0x7f0000000040)=[{0x7, 0x0, 0x3}], 0x1, 0xb2, 0x0, 0x0, 0x0, 0x18})
readv(0xffffffffffffffff, &(0x7f0000000140)=[{0x0}], 0x1)
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000140)={{0x1, 0x1, 0x18, r1}, './file0\x00'})

7m26.073543044s ago: executing program 0 (id=1254):
openat$random(0xffffffffffffff9c, &(0x7f00000003c0), 0x40202, 0x0)
ioprio_set$pid(0x1, 0x0, 0x4007)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', 0xffffffffffffffff, 0x0, 0x100000000000}, 0x18)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0x1}], 0x1)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
r3 = syz_io_uring_setup(0x239, 0x0, &(0x7f0000000180)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_io_uring_submit(r4, r5, 0x0)
io_uring_enter(r3, 0x2ded, 0x4000, 0x42, 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000040)={0x26, 'aead\x00', 0x0, 0x0, 'morus1280\x00'}, 0x58)
r6 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
accept4(r6, 0x0, 0x0, 0x80800)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x20040, 0x0)
r7 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000000)="0f08c744240000000000c7442402cb62eba2c7442406000000000f011424430f01df66b8a1008ec0672e2ef36db9e8090000b859000000ba000000000f3066baf80cb8c4351b8def66bafc0cb080ee6764470f0099fb7b0000b9b80a0000b800800000ba000000000f30420f01c8", 0x6e}], 0x1, 0x94, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0a00000001000000e27f000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x1, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r9}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x36, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

7m25.719164829s ago: executing program 2 (id=1255):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee200090582"], 0x0)
bind$bt_l2cap(0xffffffffffffffff, &(0x7f0000000140), 0xe)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
r2 = creat(0x0, 0xecf86c37d53049cc)
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffefffff6, 0x20031, 0xffffffffffffffff, 0x0)
r3 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000004c0))
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000040)={&(0x7f00000be000/0x4000)=nil, &(0x7f0000a5a000/0x4000)=nil, 0x4000, 0x0, 0x18100})
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000500)={0xae, 0x0, 0x1d, "191bf923da3877d1075712619428c35d795e85a4d853f36f9055b20f7e312e5ec94cb92ef4e63d6cb1572876855a1b81b326db48b13783df94949c10e067a906425e6bc53f201ff4ba9ec1390c9b992023ea7be1992edb3e8415c4bda552bb1b24c0d1c4a6455b3f0266d8e5cf99429d7717a12c8eb0b8e3e82137f2a910e87aafdc2567e64c24c9387b9aeb5146f41499c3327c935563edd3c1b4c823e5afc524ee68781cb918b5efc339fbe8f5"})
setsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0xf, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
r5 = bpf$OBJ_GET_MAP(0x7, &(0x7f00000001c0)=@generic={&(0x7f0000000180)='./file0\x00', 0x0, 0x8}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'wg1\x00', <r6=>0x0})
r7 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb0100180000000000000094000000940000000800000006000000000000090500000001000000000000090300000003000000060000060400000004000000040000000f0000000700000005000000828d00000d00000080f1685e0e000000ffffffff0d0000000700000006000000000000010000000050000e030e000000030000130000000040d10000090000000f00000000800000010000000b000000020000000200000000003000005f5f00"], &(0x7f0000000300)=""/121, 0xb4, 0x79, 0x0, 0x8, 0x0, @void, @value}, 0x28)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="1b00000000000000000000000800000000000000", @ANYRES32=r5, @ANYBLOB="0e00"/20, @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="0500000000100000000000000000000000000000000800"], 0x50)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f00000000c0), 0x404480, 0x0)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000f10d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000be000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xd58495bc, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x42)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r10, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e507646dcef67df33c9e9", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x4c)
read$FUSE(r9, &(0x7f0000000880)={0x2020}, 0x2020)
ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f0000000440)={'wpan1\x00', <r11=>0x0})
r12 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000640), r8)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r8, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000780)={0x2c, r12, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}, @IEEE802154_ATTR_PAN_ID={0x6}, @IEEE802154_ATTR_DEV_INDEX={0x8, 0x2, r11}]}, 0x2c}}, 0x40840)
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f00000028c0)=@ethtool_per_queue_op={0x4b, 0xe, [0xfd55, 0xcf1, 0xffb0, 0x2, 0x58ab, 0x1, 0xffffffff, 0x7, 0x6, 0x7220, 0x45, 0xd, 0x5, 0x8, 0x3, 0xfffffffb, 0x5, 0x6, 0x8, 0x8, 0x200, 0x4, 0xe0000000, 0x7, 0x9, 0x6, 0x54bb8ba6, 0x7fffffff, 0x6, 0x400, 0x36, 0xfffffffa, 0x5, 0x5, 0x2, 0x1ff, 0x9, 0x3, 0x0, 0x4, 0x3, 0x0, 0x10000, 0x7, 0x3, 0x3, 0x7, 0x5, 0x4, 0x2, 0x0, 0xd, 0x31, 0x2, 0xffffffff, 0x8, 0x7, 0x80000000, 0xd0d, 0xe68, 0x10001, 0xf, 0x1d4, 0x8, 0x80000001, 0x3, 0x8, 0x697e, 0x200, 0x9, 0xe3, 0x8000, 0x7, 0x400, 0xf, 0x6, 0x9, 0x800, 0x1, 0xe, 0x80000001, 0xae, 0x0, 0x1, 0x9, 0x4, 0x2, 0xffff8001, 0xffffffff, 0x0, 0xc9e, 0x3, 0xfffffffa, 0x7fff, 0x4, 0x8, 0x87ca, 0x1, 0x3, 0xa1, 0x7, 0x80, 0x5, 0x8, 0x6, 0x7, 0x6, 0x7, 0x2, 0x8000, 0x3, 0x9, 0x7, 0x8, 0x3, 0x7, 0x7, 0xffffffff, 0x7f, 0x3, 0x3, 0xb, 0xad, 0x3, 0x9, 0x2, 0x7, 0x7e], "9c8d50f78d1e4bde05015f1f956718fa80254bbd09c7deb8bcbba3f78ffb54902e5c8cef9c6e76e295c3b148d17b31e9e54a26732513c0a4f4959775d2a68ff743802e743c68c0edc402ab76a9a53210ed92e3519deac8fab3b414e9649208db86849c30b2bc6cc198771890ff98a9d66d152fd38d4a88f54472ede217f6cd8c44ee63bfb6aa4950b9d2ca4796bac836dc02ace1ee60a63e904b0edcd456c3b2a5a455e62d5c87f8dba4fd5c9d4620138d3d086a697ab64fc48b441521bb1061f411c8349b2503f02f1c6ed3ce426ad25631c9beaa9f50028adda42689437e50a14ef55aad"}})
syz_usb_control_io$uac1(r0, 0x0, 0x0)

7m25.596608166s ago: executing program 4 (id=1256):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0x2, 0x4, 0x7d, 0x3ff, 0x8})

7m24.993704628s ago: executing program 4 (id=1257):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mkdir(0x0, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x0)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
syz_open_dev$loop(&(0x7f0000000000), 0x6, 0x200)
r3 = signalfd4(0xffffffffffffffff, &(0x7f0000000480), 0x8, 0x0)
io_uring_register$IORING_REGISTER_EVENTFD_ASYNC(0xffffffffffffffff, 0x21, &(0x7f0000000440)=r3, 0x1)

7m24.406338901s ago: executing program 0 (id=1258):
syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
getpriority(0x2, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000200)=ANY=[@ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB, @ANYRES64=0x0], 0x20)
r2 = syz_open_dev$radio(&(0x7f0000001640), 0x0, 0x2)
r3 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2)
dup2(r3, r3)
preadv(r2, &(0x7f00000033c0)=[{&(0x7f00000031c0)=""/207, 0xcf}], 0x1, 0x6, 0x0)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r4, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r4, &(0x7f00000002c0)="9e", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback, 0xe}, 0x1c)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000ac0)={0x34, 0x3e, 0x107, 0xfffffffe, 0xfffffffc, {0x1, 0x7c}, [@nested={0x8, 0x142, 0x0, 0x1, [@typed={0x4, 0x8}]}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0xc, 0x2, 0x0, 0x1, [@nested={0x6, 0x17, 0x0, 0x1, [@generic="b82f"]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000)
sendmsg$inet(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000540)='`', 0x1}], 0x1}, 0x4010)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x200002, 0x30}, 0xc)
writev(r4, &(0x7f00000006c0)=[{&(0x7f00000005c0)='I', 0x1}], 0x1)
sendmsg$inet6(r4, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)='h', 0x1}], 0x1}, 0x20044800)
writev(r4, &(0x7f00000003c0), 0x0)
ioctl$VIDIOC_S_INPUT(r1, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r1, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x63c, 0x1, 0x3, 0xd59f83, 0x19f5, 0x3f, 0x7, 0x3, 0x6, 0x2800, 0x2800, 0x12, 0xba2, 0x5, 0x3e, {0x8, 0xffffffff}, 0xd0, 0x9}})
getsockopt$inet_buf(0xffffffffffffffff, 0x6, 0x29, 0x0, &(0x7f0000695ffc))

7m23.372979074s ago: executing program 4 (id=1259):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}}, 0x2)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, 0x0, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x11, 0x20000000000001d2, &(0x7f0000000740)=ANY=[@ANYRES16=r3, @ANYRES16=r7, @ANYRESHEX=0x0, @ANYRES32=r0, @ANYRES16, @ANYRES64=r6, @ANYBLOB="480d34156ae0e793df36ff547447d88f4a063d4a8b62d040b427d9f55ce7f3442814cf0e3cefd4aa4410e1981675bcaa4232aa6f555fe06d8e24eb912dc4cdd5ab19f9983861a413e0f74ff229aea0a5725a153a687ebbb73d922ec29b42c8e77679fa5c306f9a6c190181502fdaf08958fc5a3f1f7a66c551585175a9d630e2a47a667fe45784a5f9d6991b2ddaeb5dab83c30d31180d7e8b961ec2cb3967b3099503aa0e35282d92847fdf27275d3541804ad4d2fbb3c66aea825e0269161e90", @ANYBLOB="e155a652fbcabf92d785688262f5e09628c7085d371932a852364a72b9d2f0c53b213215007771bb46b46fcf0872d997f07a4a5d6e9712f4fad9223e12288bebb7661a7de9e3a2624c299c8c13a15a46ea499025846f1d93170c71199ec0a80d249e3d7c38486a1f013ae0b6aa0caf684360afc6d36677bd2b9b6ea162b85dd121a13fe4016894846085b75ec9d7fb1308952b545aeb71a42bd9df220c7f584549c8060f9878d391a56b584137938e713874b11bd8d9d806ac5744e340d6a7464dc979903c", @ANYRES8=r4], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x30, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r8}, 0x10)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="c0000000190001000000000000000000fc020000000000000000000000000000ac1e000100000000000000000000000000000000000000000a00008088000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fdffffffffffffffffffffffffc4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000020000000000000000000000000000000000000000000000000000000000000008000c000f00"/120], 0xc0}}, 0x4004000)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_coalesce={0xf}})
sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x4001, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x1000000, 0x3032, 0xffffffffffffffff, 0x39ff9000)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a580000000b0a0b040000000000000000020000002c0004802800018007000100637400001c00028005000300000000000800014000000001080002400000000c0900010073797a3000000000090002"], 0x80}}, 0x0)

7m21.086605207s ago: executing program 4 (id=1260):
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = memfd_create(0x0, 0x3)
write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[], 0x78)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000003c0)={0xc})
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[], 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
fcntl$addseals(r0, 0x409, 0x8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$tun(r2, &(0x7f0000000600)=ANY=[@ANYBLOB="0103ffff0900ffd5"], 0x82)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x12, r3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x1, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], 0x0, 0x0, 0x1, 0x1}}, 0x40)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan0\x00'})
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TLS_RX(r5, 0x6, 0x2, &(0x7f0000000000)=@ccm_128={{0x304}, "1b399373b44f512c", "108a0a7a34b2183379316f64ba2a24bb", "83db4204", "9739ebb775af6a17"}, 0x28)
syz_open_dev$tty1(0xc, 0x4, 0x1)

7m20.830920429s ago: executing program 3 (id=1261):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0), 0x780, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
mknod(&(0x7f0000000080)='./file1\x00', 0x0, 0x7)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000000), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}})
write$uinput_user_dev(r2, &(0x7f0000000300)={'syz0\x00', {0x6, 0xab43, 0x76, 0x7}, 0x16, [0x6, 0x5, 0x3, 0x2, 0x4, 0x81, 0x5dd, 0x0, 0x3, 0xc, 0xb, 0x7, 0x9, 0xaf70, 0x727, 0xffff, 0x1, 0x2, 0xc, 0x8, 0x73, 0x1, 0x10000, 0xc1f4, 0x800, 0x8, 0x8, 0x2, 0xa, 0x7, 0x101, 0x9f, 0x9, 0x2, 0x7, 0x1, 0x1, 0x10, 0x0, 0xe3a, 0xd, 0x4, 0x1, 0x6, 0x9, 0x0, 0x80000000, 0x6, 0xffff, 0x63, 0x4, 0x9, 0x5a, 0x0, 0x8000, 0x1, 0x8363, 0x6, 0x7c3c, 0x3, 0x2, 0x7, 0x1, 0x5], [0x9, 0x2, 0x9, 0x1, 0x1, 0xfffffff8, 0x3, 0x7fff, 0x7, 0xa, 0x9, 0x9, 0xd, 0xab, 0x9, 0x2, 0x7f, 0x5, 0x0, 0x1, 0x8, 0x4, 0x5799, 0x1, 0x524, 0x8001, 0x9, 0x8001, 0xba10, 0x7, 0xeed, 0x200, 0xffff, 0x7, 0x2a9d, 0xfffffffe, 0xa0, 0x9, 0x9, 0x400, 0xdac7, 0x9, 0xff, 0x4, 0xfff, 0x2, 0x6, 0xe1, 0x8, 0x3, 0x7, 0x1, 0x7, 0x0, 0x0, 0x1, 0x6, 0x5, 0x4, 0x1, 0xffffffff, 0xdb, 0x401, 0xffffffff], [0x7f, 0x8, 0x800, 0x1, 0x2, 0x7, 0x6, 0x9, 0x52364dfb, 0x6, 0x7, 0x5, 0x5, 0x0, 0x8, 0xf, 0x9, 0x1, 0x6438, 0xda, 0x7ff1, 0x24c, 0x8, 0x3, 0x7, 0x0, 0x6, 0x2, 0x7, 0x6, 0xfffffffc, 0x5, 0x8, 0x7, 0xb, 0x5, 0x6, 0xff, 0x2, 0x101, 0x0, 0x9, 0x8001, 0x6, 0xd58a, 0xfffffffe, 0x7, 0x7, 0xc, 0x4, 0x2, 0x5, 0xa0b, 0x900000, 0x1, 0xfffffffb, 0xb5f, 0x26000000, 0xe00000, 0x5fb, 0x8, 0x4, 0x8, 0x2], [0x4, 0xffffffff, 0x1, 0xb63, 0x8, 0x5, 0x2, 0x1, 0x6, 0x9, 0x73e000, 0x7, 0xffff2f4e, 0x3, 0x80000001, 0x6, 0x7fffffff, 0x3, 0x5, 0x8000000, 0x2, 0x3ff, 0xfffff422, 0x1, 0x0, 0x28, 0x3, 0x9, 0x1, 0x4, 0x100, 0x2, 0xff7, 0x2, 0x2, 0x38, 0x4, 0xf, 0xfffffc00, 0x5e0, 0xffffffff, 0x1, 0x81, 0x2346, 0x8, 0x7, 0x3, 0xfff, 0x3, 0x3, 0x6, 0xfffffffc, 0x101, 0x6, 0x1ff, 0x4, 0x6, 0xa, 0xf2, 0x3ff, 0x6, 0x7, 0x7, 0x8001]}, 0x45c)

7m20.813182021s ago: executing program 0 (id=1262):
socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$tipc(r0, &(0x7f00000003c0)={&(0x7f0000000180), 0x10, &(0x7f0000000380)=[{0x0}, {&(0x7f0000000300)='V', 0x1}, {&(0x7f0000001600)="3eed50d0125719a810f88e3f47186fe4dae74182dfd109a2587c4797410c9b8e39bd3d9aa144d5908647c30c8db69b5c17084c9b1bfbb8680737c4f88abcdbc7d294d72ab1b344270915df9ddf5635644c351c22b29d948ac4106bce7107570beed63077cfbc98ef71699eae65d37724d995b553e7a3ade619b522313ab382caf879feb48942878e605ee3ee2872794e3abe22a3f025068b628a5d92468092a5cc649bbbd978b5772e537939432a502122235ced312dafd108c9ffeb0b38cc16da9418ca01d485a6afb5827da4df6e1121ec307de14bb32b6a977608e4576a998182dd93d592ff43e55bfdbbce23ecd501e43b3e93ef8d9d01711dff54c301e299d3801a3cffe6c9883fbd0e47124dc02569f62d48b878fcb58ce99fcffcd2a5166eff3ad93cf1d137274993d86a3b3730d63ded759f6ca88fa449e5575b15321e5a58a1f888eed7466db4976ce35f6d2efb5ad05d99a66482dc607cb5acb24d326803bd337519cc98103f59c63b5962cd72e4497d1b00817d6e09de70270a09b493c2226617b1c9ef9d506be00d6e07f14633a966f04ecca90fb8d2b963ad6f3817935bd6534fa3da1c5dc468789cbf1192f3c0bff3777f1edd2ada5d35f88f12f29e952c44445ce623509d66811c80a9e0f13ad85aba37d86ff0da4dda601d9e8acb264233bc939fb056316612cff687d5c44157be05bcc88b333ff2a40041d98f1acfe6e2231a84e09bd7a54a0442cf87ce3ee8fd8da39da1862862ae40fc3cb3055c8b70e62f243850707341f51426bb3e71c7a4fffefab060db786000618b05eb087a424a2f30f6a232ff44b605f70ceec0a8f70e37907f6e0bbba21e9d5b7ecb6d287742b75c101ba79525918c3473eae38f3c177249dfa8816661c9921f0b0c858d53ab87c8407b97950c842111002edd1d1e80b801b495da28bcd5409bc971e55dab1857e188ac9728efc8f9a4543945f86ade13b445eacecbbf848a96410ac37c57e3e9e8bc8b8fadd559d225c7468639da2b5d1208558b51e94c14faa7947a7c60e81a96bb5d194cc7289adbc02ebb4b49be1f1efc429db2f9b79b5a22919dba0c35341042c5776942c52365367c4bfc95b42be383cca7107161ded7e851d0126da33d581f1e2b08d0c061e86d31e7a83f9b51c79b4034c7deda7697034e1404c6e8e459f76c2efe64350146c7437ef808e04ca14df5f6f500264fd977272bbf8fc096774e8eb61d0963430751ac1425a073f84346b0eba368cba7fa34adc420800d4f99927280eba199f9695cf88124fafc3a2b1226d2f2ab3ea27c69a127650cf5c725b54c02bd8729033cf699ce7f030f9a3442056244da3cfb61a8126dba11377624f39eb009242152fd7b8b88de7dd86057f29bfcb7b7df0e65e7e9ac9eeaa41afa62743698bff03d5b2d51fb6bca2d92294e8e177cfa3661b26f1c040e9bed983b7bc0aa154eb9c92e4ee25091318c53113a1c23ac62d2d71504cba99041f29a4f332133292cf20abec9222a2acca57cac48fa6c0668ee5eecb494741a64d33b011dcca74696d4614c5b45a5d20983b1708d365ed3ffa60f9161972a611c22642c3c259b41f943f6d7a8b60f284d325e38fe76f0645e069ff70cae38850ccf973193b6232c987df26239a574691f7f07fffa6deae1eb0324fe546573c36f2a2c31cd442517a9b036ae6a2a491e7343864693c107a5dc2585820863c146c1ba6caa4fea9b87d567716f4c8ca1a9d2848055cd750512d3b7415d090019dc8a04a1a1d28931093cd8f00e94c407ca1fa2a5ce903d9df26e008c07cd13afa783220e1bd5e6b60645f3dbb6ecb4156fedafa2dd25498c6a99d94f0b38125ea7741b75109dcac9f80635f79f5c8a0483bb9f05a3a5bf721c7541edb252449f8b13e63c370a6146332f03ca1f1b6fe0bed984f13744bb7fa0fe322e83ddf9ffb2083e94f33604a0a199220c450dad94bf154805e7f9e4350ca2d81adf2978c87dcc8a8a7d56297ec124bfef0d28f35777205e973272c87e01070f14f5b14daa3b5104d9ff6b296c4f16ed49eb42d35e7ba3bccb7a26c33a263df88aadd596e9d9de0abbd4d449df11081f2cd62e1d8962b9b9feb25a3b8e03537d61a61c11ac22b7211d12c84e60a6abcc219e558b2513d8c530b3c7a57cdc47de545aafbb2a13c0e6c75b1b92fa241c713c83a09c92b2b61d565120372a9143415583c9596f27a663d4967cd653b08cebd6cb96c1f0dc80d57267ac9a8281d7149bde880828ee27d69a6818db58320db29d1b044eaf6ab8a5108bc522de406990b5393b1f7e7bab71bf6cf8eed1cd59c7607d662e8b313f5c4fce0f59b1027371381011b63dd5b2b09739082c0d62ffad96e30153a395234937d377c32fe7af82aca3a19d0ebc4a5c5fb5ff190f14d5695c703b571fb4bf03756635cafc6cf6267eab836c347a9d07e8089fc105346934cf3364e5be370b3c42b94bc5ae3d17a817398566a2953251eb91697d67278145df9a4b917bcca1bf211780b22f4caacfcb7604c84f943d05f6fdf8edbd258d7d8dbf84f9d99e57472c5b1c2337d749a1f345e662e2536d23c7a63bbbbf00f8b5b0a2106a0342ab27b9a10b82e82668cd49e0cbb09d7be0217645f1dda3be59c8232fa290d34791cda52aa5b5cec6339ab96a2eb3f5328cc7c0e6717c2824344547a2ed518f6b2b4e4fe5b684596aa6a9d3988fc5d5ff4cb46cec99d951b8386b10949a163af974b7543df97b4882a4ed60e927a1deb67c5f814235bef65fea79a2c712815be7403c93a3707fb90d4604ec3a6a3b0928f253f6ab6bd56c958e026c8c58172c4ac2a3efe2ecd5cea70c8313f9ac2d638bc296ba99e2ca86d2fd06b5402cdcddc3f3c9845d5ae77f6f36963b91e8f6cdccd17abe8d40ed02463af4bb0e496344f350097f1cc13313fa1e172b63556ed2b8a8121c01a5fb343ff7767821626fc49b0d6bd522e1c9bf137d5a5bccb4bc8dbb64c83a82ef6c2894f3896c9f6bf0c3764011d53eeb6db9ea9dae22d3ebcca4942d5828c0bca0d9ea37701d5a06c066ac4fe318e11e9c0d6c658ac810fb5d7836cfffe4ccbb0934e5567d74695980a156d4bf1c18861c5a29ccd349999dc20562d00e1f6c1851ae563541086438d60b975c8ceb466414ff60efa0b2dee790fd0659ffa98b92414c13d5a6825368f56c4984412205041cd8e006c7127d4395ecdffb5addf80ef938ce54a367154c4fc286d5f969325c12b13655a9a956dd3b98281f537e837669fc55d8930676e807aa8cd046e0f4583d59f86cb99f3f7a7ddde1fb39111fdec7677d2fee4b8f4814a5def5ebcc67c653384ce80eaffd880405f7edf8fd3ea049f040595df4a75e2f892e7a85e0ba351fb8d263bfff7168bb85017b360fcd2ba89346682a6ea7ccc46afbdb5ab444e3f477238b2ab503bde914d3cf1789539cde9c0621152cd97bff9f235d88a1ef4ea4309db3a05d401af7fb82784b050ef529dab4f1f003eb29710a962f7538c521e617e2f0efac36182d09985e1d725cc38c3833a53742a02f76fb2854a9e45f0febacf3bda83f11183ef5b9fef02ebcdf56d4104b175bad937d8f61964f97d673577cdcbbb48d8eb62b063ee6563b9ff053719baff871bcd83822d865b2f7ef023076425ac5cd71b1f2309de0c6f14cc9c4d3e8fad945f756a7c8a084ea1bfdf5ac6e740043e7f7bdaca06774b084ae314c2636529d4fdcd965c7f8c07156572620b827d694efdc9d2bfc5aa9391220a83765f2c71fcd48d4acaed60afb53d1013fa3b15e948ec4159f7d130ef85b594018346e99034c18738285223ea53a6b1d5cf11a607de2e19608ba03ec970a915b773824261f3fc931dd6d3b934d89f07baf14776314c3eeb8cd0537ef5736f565fbd14e520d4ab2f77ed9597b76ff91f8d1f99ebd6e473efda7accb273975a06944d1037032129992b994ca791a09b4d83980a1e494b0f97098df5f6fb6bbb02722adb11dc319c565c2c363cbd19d9fb3efb4613b62d6584cd53f7bd80e3e89304f444ce9dd1835661e3bb4de02ccf568a2a5daaf0d56898d4286c3fb62e22af62d7ac318685834467f337561dde2e0c1e2827cdffcf42c17728ee64b3ff4ccc0227590badd0bd7e448b8cca0892d6a5e0130d2ac665f47c6b28daa101c1b319869bdd39fa924d6d9ba7d72feda5f21ac78641c7d4801d41c7879721b3be4dab40d9c4a78552440101f373489cc5240b0144a9ce32691a784b6dfe971a21bb5980ff67da2d1bb90b223c9e192a39c1aeadd1f5c790811079c0b51a97105c99b6f95d71bb3ea47c33d9dcb0a53c929c44499e184a3cd722c908d3b0d157e28ffdeb2ed7192e780d96a7a2f0fd5a87bdc973e049da0caf931f26f5a21813e2e602ceb2259997e0205ce48fd9424bd6d4d75dd4301f429ee30745cd839a40dbeab4c3db2f0f10bbaea071ca41d1392385681730a3678a5f60f604dbe19cb9d7dd234337e327451b8cc65394af399432ef7fc3765d055874ebdca14e5999292d6f72f31e92bacf25db5ef8f5212952c1910de06ddbe1687a0e1837922f2228289916ed3aeb7b9cc24da3ae47139e371930afa6d3573df6732c26c0c7ae06d9cedfa77160711bcb06e6553338deae4c5731cf53cc154113096d02f3036d7d9edfcdc331e4bb860c5208489212e904eab70e7f860b0379895cbdecbf7a0b7a25e5b853c7dbe08a4e296a30afec8cf5a9f6ea4aef32a508655d539a770b21e660c9ee1d7688c56abeb7cf1afccc8d59780cf26312589e0c8e1bc00ad7b1325cd9a5dd69246e0b33407c381ea09265154aec297e4ccdf9785a1042a83e77c13d4ce4360782f2428f9916b5cd123b089eb683d30c1e895b9944aa905a1a5b52301d8cc5e4741834ead6ebdb5dc05c9c49c5e883e99d40b9838037beaf876534d747856103e59caf6266fbbe760b6ef83d004634b74f14f8eb4aef93c4cc9cbbd78d83d532c70feef51ea3f170b25d81a6a9b074bfca7e9b3771bf83517e0dd9d0600f70b86b20f61fe36076f8bada334b2390fa954973bc901619a3cfd039349cb328625f495ab288dbdd6dbfd022c2a83f59e0b998619a12e35891b5ae9e83a71765507b4a571cd2241e5885c705244c1022688bef7c5065fbcf219fc01753adb611b3fbc09403dcb10a4f99d788667eff75fa27074ca8481a633530e26163ccf7dada049d23e717e067b6fa5b2f652bc50abda9e7ccdc5f2f3c35ecc2c4431c819c9691be4422e379750774e9f39dae06f26423c8a4278789c9f3111b43f6dd25b0ad47c4cc5fda3f3ed82079c9366e0adced883488f429c1d7e1b351fd0bb204dd7977ef224c4df6d7a5f7697bc6500a7d03a8a914154779fa7092bf1be6bad4092367ce5d295a5d5d0e7c469f372ca2011d612637025e89f178ae9ada0c5b73bcb7d7c034ff595263cd4216e3c76ba5f3d81932a088a90bf8043e877e299c670ef1622a098d5519d9adc4ee7d4cd00e5934a4375fa83fdb81214b892482b31bdde59a70aaf25cb7f417c3a2a91c4e54b48149f6c41d9d396ee6ff13e3028c64a7c9b1f2e7c6e67184a3d52d6f570db3d225c947423c4c6533f22df57d15c5e5a3183422bd378b06fe4732a9401dcb19840fb8fa5c50a0ff497fef362c507753e46b8881d3e767f3b1d893a3805941c94f2efa05ce34b9ea81d716984af6834230d4707a87089d40779503ee6a9bb245d7d997f14acb80e89731c042bbbbe3dcd05177b0ee0eec23455830ef5b65aca357f2b0b887e", 0xffc}, {&(0x7f0000000340)="b768eb20304f2fdc5a9694a4867840d93170ca1a8640", 0x16}], 0x4, 0x0, 0x0, 0x8010}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xc, &(0x7f0000000480)=ANY=[], &(0x7f0000001480)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
r2 = socket$kcm(0x21, 0x2, 0x2)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r3, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(0xffffffffffffffff, 0x0, 0x0)
write(r3, &(0x7f0000000000)="0a000000010001", 0x7)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x0, 0x0, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000001440)={0x1e, 0x3, &(0x7f0000000140)=ANY=[@ANYBLOB="85000000c4000000040000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd1, @void, @value}, 0x94)
ioctl$HCIINQUIRY(r4, 0x400448ca, 0x0)
dup2(r1, r0)
sendmmsg(r0, &(0x7f0000004880)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000011c0)=[{&(0x7f0000001040)="2003d8d1", 0x4}, {&(0x7f0000003840)="e1b25d3c24f84047926f05499342ecc8027a306ddbb8ec14e9c0ba1b00321eccbc6a2d324b99a946dda35040b39544d75eee0519f12ce46eca19cfd4a49694dada98106e407b5aa3022020b5ba92e95112e86fc8b59445d0ecc21cb291cf5d6ef74f70b8b7544fd7520e6990c792ccc29888867e8e2f0bbf4ec714b352a406659036cda374c047825a445d79fbc29332e5fe6ce92ba5aee5c883f835a7a8429853dcbc33b39440f4c1b0d256aa89ead79decdc235627701c8cc581634a6a1e155b573050248baafa639da59a6bb85a39bbe94df1594431b0dc4133a82892d4c77339b43ba0b7b48881e6d434a4d0b2abc0bc4135f7ffb04b0592efc27479ff6ea0fc3d3769ab9d5e0c9823d3cdebbb7a3ba0b8ba87e54e4ccac67ae8cf8419bbc7e0b93f8c90ca89523c6145e13e61800b63249404a108dec62c60478276885850384ba9a8cd60ee2b4191088eeeb9138a1112004a7aa0ef69333c7234620141840890f99574f685e2435a3fbe4063348925aa8cb35dbede0982c551b2bee213837356c42b697fb45fdc59b851e1362f01b844b3d1583a0e636e31896d9089c420d000eb9064136e2d7b0c8d82f7f59bc8109a41382d027b9004ac593207b4c59aed990949ee3f0fffe9e95d736c19cc0b83e7a027b091907e72e9d3c5d69847e5e0fcc3b1d27d4fef1f86e97d7d9ff489b05ca9815e7df639a0ca6a4169a3b5b77fb4a776a61fd989c552eb5b7b8d149742587795c306f32a31a7b2816150bf71f16a24083fa9f193d56f61f40649b9c811d1588c69319727eb3cc1a0f028608df9a1919264192c6b4eae30d9cd864e3684602ef781e7650f2f19634719d59bc5e74e36f88bc1335e6e7ccfb4202b03bcb5756cb18289df469c5e5a71dc0c209eb658f5265da39c8159c278e6f6954001888c47f110d84ace2fb0fe4ee6bb11c81227842e2bfb3c2f8323ec1c57e19cac9098b67fd634ff304a2d9d5de066eceb38c951958705548af99574ebffca4c4e206c273854ae8dd7139c3c0179d1aa02d8275b616e32ecd5dbebe49658097d4651ca286860b845d2e8552d91c015f3d145e30f3ec2523fa70cf774f42c4040a194a30acfe6c3ac9e0b289c567991e86bc8927c0240be6a90d0cc126bdb9a0ba8bfe3c4693aef8633c77e98f4c9cdbcf37d4c721040f2b27efc1fe192539ce91cce2e989042b01fbf5a1023aad93b274b74bbc9da94e0f3fe3303e74e0393103c7ea1d61b46d78cf9d9574c54cddcf3e475f402fd7c0bdc1ca7e23f99d35d1883c34b5c972e3b6ac8e1a144ee6f4ee6794d32341552ff048c5f373fec08f94522da1272ffcf1b646f6bf6584e1d9966a43d892e2a765b16428b89ebdec114ef1295c57cae53650fd64f4b4832ce124dbfa4e59791b8090d6a30ccee1d38a9d262478bf9b49b7d965a076459751f1c294e473c5b8c7ccee5c1df75d825875bdd036b861b3d403de2445366297ca8f2da2e3b9decf90ef5c39588689b096f469c6c5369b92d93d03cdc79a391e903237feca5829597e78adfa5b9b1fb1593be566c4f27ced18e362c524867614a36085468d076a43faf1c39e411466c9e38eed269a4eb518de0870b25a5e684489ec20402a6a3aa15c5386b61693b4c529d87a504b6ce816c2e1433c758698330c133ea112454ddc0b05ba7b877127b1275bd856ad97b29b6fcb80e33a6c27f58c2a4bf2d71100afdc00379d3ec3aaa797a21551b1aaa3bb0b456a1b3a1e5fbc7ebe1b3a66a8bebda52efe66999c7313fc70e14d64cecd6a76a02d73c1b2e1bd4d94971e58accba24afd8ac197ef381b056bcc9b9e6fdbc32c07bff30ef7dd3b98b744616ccbd1ca34394c8dcdac7512947f541fb9a63d541a79ccdd732c56a14da19497494afca285f80a617c75e39eaf28169d1b6ceebf54f2c5dc7fbe643bb2a868f9c505e659023cdde3849bd5b8e8a76aae80bdb468b025cba450cae9ce63021599bfc21ee914b4a18dbf1b8515fe3aa6bc4e56b0ce5054b6b32e0022f1520597a225129dec15fe09230e73afbd6cdaa4fb940bde52071cf1a01c99bbc544d9c08fa", 0x5c1}], 0x2}}], 0x5, 0x200040d1)

7m20.782873022s ago: executing program 1 (id=1263):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000003800010324bd7002fa0000ca07"], 0x14}}, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x7c8})
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000200)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f00003cd000/0x1000)=nil, 0x1000, 0x8)
mmap$IORING_OFF_SQ_RING(&(0x7f0000843000/0x1000)=nil, 0x1000, 0x1000007, 0x401d071, 0xffffffffffffffff, 0x0)
readv(r1, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/70, 0x20}], 0x1000000000000078)

7m18.590274435s ago: executing program 0 (id=1264):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000495"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
r4 = userfaultfd(0x1)
r5 = openat$sequencer(0xffffffffffffff9c, 0x0, 0x8042, 0x0)
write$P9_RSTATu(r5, 0x0, 0x0)
ioctl$SNDCTL_TMR_CONTINUE(0xffffffffffffffff, 0x5404)
close_range(r4, 0xffffffffffffffff, 0x0)
sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, 0x0, 0x20000000)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_mreqsrc(r6, 0x0, 0x26, &(0x7f0000000040)={@loopback, @broadcast, @private}, &(0x7f0000000080)=0xc)

7m18.358130134s ago: executing program 1 (id=1265):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014041, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYRES32=r0, @ANYRESHEX=r1, @ANYBLOB="eeeaffff616d250b50c83b2a6a34000000000000", @ANYRES32=r0, @ANYRES32, @ANYRES8], 0x50)
socket$kcm(0x10, 0x2, 0x0)
syz_open_dev$vim2m(0x0, 0x0, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x10b121)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000280)=0x11)
writev(0xffffffffffffffff, &(0x7f0000000b00), 0x0)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x49be, &(0x7f0000000300)={0x0, 0x37ad, 0x7dc0071a664f01a8, 0xfffffffe, 0x122}, &(0x7f00000001c0), &(0x7f00000003c0))
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x4e20, 0x6, @mcast2, 0xd}}}, 0x88)
syz_emit_ethernet(0xd2, &(0x7f0000000600)={@link_local, @multicast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "04c2ad", 0x9c, 0x11, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @private2, {[], {0x4e21, 0xe22, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "30c7ba1f020c0fde8d20429436f89ce876ebcf8690e56fecc95eb40e6e9bb178", "56bdeb6543fdd17fbccece61d538d7c555597453fd5f26aa43923d92545ba78c4e6ca90f2306d03756d07c0cda00eb54", "44ec0264dee9e45b90062533bd1d53f02d1e448dbef87a05e9a64b7d", {"528ab5e3babd68d80a90c9f07f1e5da7", "f97d9932c3efc0891d0cc8eab292f630"}}}}}}}}, 0x0)
r6 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073794f310000000008000440080000000900010073797a30000000000800034000000001140000001100010000000000000000000700000a"], 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03f50000000000000000020000000900020073797a3100000000080003400000000109"], 0x34}, 0x1, 0x0, 0x0, 0x66df5cfbe53006d1}, 0x0)
sendmmsg(r6, &(0x7f0000001380), 0x3fffffffffffeed, 0xf000000)
ioctl$TIOCSIG(r3, 0x40045436, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000480)={0x3, &(0x7f0000000440)=[{0x8, 0x9, 0x6, 0xfff}, {0x8, 0xf9, 0x81, 0xe}, {0x606, 0x2, 0xb, 0x101}]})
io_uring_enter(r4, 0x2def, 0x4000, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x124942e, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)

7m16.959177894s ago: executing program 0 (id=1266):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000000), 0x6ffffffffffffffe, 0x0)
read$msr(r0, &(0x7f000001b000)=""/102400, 0x19000)
mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(0xffffffffffffffff, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
getgid()
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000002a40)={{{@in6=@private2, @in6=@local}}, {{@in6=@mcast1}, 0x0, @in6=@remote}}, 0x0)
lstat(&(0x7f0000002b80)='./file0\x00', &(0x7f0000002bc0))
statx(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', 0x6000, 0xbe4e25775499bf45, &(0x7f0000002c80))
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002e80)=[{{&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000000b80)=[{0x0}, {&(0x7f00000003c0)="351094742a2f37ee2ffd31f1ba1dfc2c33a0171213a2b2b7e6232170e9d7e2b2dd20824f2e", 0x25}, {&(0x7f0000000440)}, {&(0x7f00000004c0)="6c93a1356832b2ef767435ae3bb22dd8063adf0231456f6573477a9808e89d934b030a34b319f689229ddfa9c05803a8c3effdfa5e41eb07c09e187e43236ebbf385ad1a9ec4df047b93ae8ca80b7b27748ca99eda2e0ebb2c7924a93853640a91f7a0e42803a15ee0e0c75eabc95807c7b364cd03553e92daa6b41def758821083ee75eae93b6c26a13de5a35b776500eaf9bfa02a3c643464208cbdfff31837335d657e9ef63e4d75d77a96e", 0xad}, {&(0x7f0000000580)}, {&(0x7f0000000640)}, {&(0x7f00000006c0)="24f818e5938dd361415bfd92a3e28b0fad0ca5c2b3080af06eb062b7cc7dacfeea3039402dfaad704c201e8dfdac06574c88c1fc3585fac042399bcfdc5da739b06f0287556102ca2e3d760b467059d14b992cf62e20c5630f10caee32cd05eebba594407c769912f080ff41871131dcf558b91c7ea7c4ec322e8a10588f4797b862215f1aa3f1104564fde92647604735fdac54fd9e177837400beba29d732b7290b9bd98e810fd1d29c0c27893d6c7a23841f6a2f2", 0xb6}, {&(0x7f0000000a40)}, {&(0x7f0000000ac0)="749c048303b3ff658443454249ef0decafadc25875facb2a9aeffb0e7945fc03f971ae69b5af8a7659ff0e6b007b15688760024cc94d0b57aa7d779c4f69facd4a116b72e4b60e07bc2307f11336b4e87d946a374678a81f10103009f8dce409efdc58d01c6b924113bb1e964fa893a9e0c03dbce8b4cf8afa1f10d1ad544bc562558f28d9d4d886ad21fd871f", 0x8d}], 0x9, 0x0, 0x0, 0x8000}}], 0x1, 0x20000000)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x80)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000380)='yeah\x00', 0x5)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x0, 0x2})
dup3(0xffffffffffffffff, r3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="5eaa000000000000791010000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

7m16.638599864s ago: executing program 2 (id=1267):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0x2, 0x4, 0x7d, 0x3ff, 0x8})

5m45.297430172s ago: executing program 32 (id=1266):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000000), 0x6ffffffffffffffe, 0x0)
read$msr(r0, &(0x7f000001b000)=""/102400, 0x19000)
mount$fuse(0x0, 0x0, &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(0xffffffffffffffff, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
getgid()
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000002a40)={{{@in6=@private2, @in6=@local}}, {{@in6=@mcast1}, 0x0, @in6=@remote}}, 0x0)
lstat(&(0x7f0000002b80)='./file0\x00', &(0x7f0000002bc0))
statx(0xffffffffffffff9c, &(0x7f0000000840)='./file0\x00', 0x6000, 0xbe4e25775499bf45, &(0x7f0000002c80))
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000002e80)=[{{&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e24}, 0x6e, &(0x7f0000000b80)=[{0x0}, {&(0x7f00000003c0)="351094742a2f37ee2ffd31f1ba1dfc2c33a0171213a2b2b7e6232170e9d7e2b2dd20824f2e", 0x25}, {&(0x7f0000000440)}, {&(0x7f00000004c0)="6c93a1356832b2ef767435ae3bb22dd8063adf0231456f6573477a9808e89d934b030a34b319f689229ddfa9c05803a8c3effdfa5e41eb07c09e187e43236ebbf385ad1a9ec4df047b93ae8ca80b7b27748ca99eda2e0ebb2c7924a93853640a91f7a0e42803a15ee0e0c75eabc95807c7b364cd03553e92daa6b41def758821083ee75eae93b6c26a13de5a35b776500eaf9bfa02a3c643464208cbdfff31837335d657e9ef63e4d75d77a96e", 0xad}, {&(0x7f0000000580)}, {&(0x7f0000000640)}, {&(0x7f00000006c0)="24f818e5938dd361415bfd92a3e28b0fad0ca5c2b3080af06eb062b7cc7dacfeea3039402dfaad704c201e8dfdac06574c88c1fc3585fac042399bcfdc5da739b06f0287556102ca2e3d760b467059d14b992cf62e20c5630f10caee32cd05eebba594407c769912f080ff41871131dcf558b91c7ea7c4ec322e8a10588f4797b862215f1aa3f1104564fde92647604735fdac54fd9e177837400beba29d732b7290b9bd98e810fd1d29c0c27893d6c7a23841f6a2f2", 0xb6}, {&(0x7f0000000a40)}, {&(0x7f0000000ac0)="749c048303b3ff658443454249ef0decafadc25875facb2a9aeffb0e7945fc03f971ae69b5af8a7659ff0e6b007b15688760024cc94d0b57aa7d779c4f69facd4a116b72e4b60e07bc2307f11336b4e87d946a374678a81f10103009f8dce409efdc58d01c6b924113bb1e964fa893a9e0c03dbce8b4cf8afa1f10d1ad544bc562558f28d9d4d886ad21fd871f", 0x8d}], 0x9, 0x0, 0x0, 0x8000}}], 0x1, 0x20000000)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, 0x0, 0x80)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev, 0x6}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000380)='yeah\x00', 0x5)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x0, 0x0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x0, 0x2})
dup3(0xffffffffffffffff, r3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x15, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="5eaa000000000000791010000000000095"], &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)

5m45.128502631s ago: executing program 33 (id=1265):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x2014041, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYRES32=r0, @ANYRESHEX=r1, @ANYBLOB="eeeaffff616d250b50c83b2a6a34000000000000", @ANYRES32=r0, @ANYRES32, @ANYRES8], 0x50)
socket$kcm(0x10, 0x2, 0x0)
syz_open_dev$vim2m(0x0, 0x0, 0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x10b121)
ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000280)=0x11)
writev(0xffffffffffffffff, &(0x7f0000000b00), 0x0)
r3 = dup(r2)
write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c)
r4 = syz_io_uring_setup(0x49be, &(0x7f0000000300)={0x0, 0x37ad, 0x7dc0071a664f01a8, 0xfffffffe, 0x122}, &(0x7f00000001c0), &(0x7f00000003c0))
r5 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r5, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x4e20, 0x6, @mcast2, 0xd}}}, 0x88)
syz_emit_ethernet(0xd2, &(0x7f0000000600)={@link_local, @multicast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "04c2ad", 0x9c, 0x11, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, @private2, {[], {0x4e21, 0xe22, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "30c7ba1f020c0fde8d20429436f89ce876ebcf8690e56fecc95eb40e6e9bb178", "56bdeb6543fdd17fbccece61d538d7c555597453fd5f26aa43923d92545ba78c4e6ca90f2306d03756d07c0cda00eb54", "44ec0264dee9e45b90062533bd1d53f02d1e448dbef87a05e9a64b7d", {"528ab5e3babd68d80a90c9f07f1e5da7", "f97d9932c3efc0891d0cc8eab292f630"}}}}}}}}, 0x0)
r6 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073794f310000000008000440080000000900010073797a30000000000800034000000001140000001100010000000000000000000700000a"], 0x64}, 0x1, 0x0, 0x0, 0x814}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="34000000150a03f50000000000000000020000000900020073797a3100000000080003400000000109"], 0x34}, 0x1, 0x0, 0x0, 0x66df5cfbe53006d1}, 0x0)
sendmmsg(r6, &(0x7f0000001380), 0x3fffffffffffeed, 0xf000000)
ioctl$TIOCSIG(r3, 0x40045436, 0x2e)
prctl$PR_SET_SECCOMP(0x16, 0x0, &(0x7f0000000480)={0x3, &(0x7f0000000440)=[{0x8, 0x9, 0x6, 0xfff}, {0x8, 0xf9, 0x81, 0xe}, {0x606, 0x2, 0xb, 0x101}]})
io_uring_enter(r4, 0x2def, 0x4000, 0x0, 0x0, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x124942e, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)

5m45.008064373s ago: executing program 34 (id=1267):
openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
ioctl$KVM_SET_CLOCK(0xffffffffffffffff, 0x4030ae7b, &(0x7f0000000000)={0x2, 0x4, 0x7d, 0x3ff, 0x8})

5m44.876206312s ago: executing program 35 (id=1261):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0), 0x780, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
mknod(&(0x7f0000000080)='./file1\x00', 0x0, 0x7)
r1 = socket$phonet_pipe(0x23, 0x5, 0x2)
r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000000), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}})
write$uinput_user_dev(r2, &(0x7f0000000300)={'syz0\x00', {0x6, 0xab43, 0x76, 0x7}, 0x16, [0x6, 0x5, 0x3, 0x2, 0x4, 0x81, 0x5dd, 0x0, 0x3, 0xc, 0xb, 0x7, 0x9, 0xaf70, 0x727, 0xffff, 0x1, 0x2, 0xc, 0x8, 0x73, 0x1, 0x10000, 0xc1f4, 0x800, 0x8, 0x8, 0x2, 0xa, 0x7, 0x101, 0x9f, 0x9, 0x2, 0x7, 0x1, 0x1, 0x10, 0x0, 0xe3a, 0xd, 0x4, 0x1, 0x6, 0x9, 0x0, 0x80000000, 0x6, 0xffff, 0x63, 0x4, 0x9, 0x5a, 0x0, 0x8000, 0x1, 0x8363, 0x6, 0x7c3c, 0x3, 0x2, 0x7, 0x1, 0x5], [0x9, 0x2, 0x9, 0x1, 0x1, 0xfffffff8, 0x3, 0x7fff, 0x7, 0xa, 0x9, 0x9, 0xd, 0xab, 0x9, 0x2, 0x7f, 0x5, 0x0, 0x1, 0x8, 0x4, 0x5799, 0x1, 0x524, 0x8001, 0x9, 0x8001, 0xba10, 0x7, 0xeed, 0x200, 0xffff, 0x7, 0x2a9d, 0xfffffffe, 0xa0, 0x9, 0x9, 0x400, 0xdac7, 0x9, 0xff, 0x4, 0xfff, 0x2, 0x6, 0xe1, 0x8, 0x3, 0x7, 0x1, 0x7, 0x0, 0x0, 0x1, 0x6, 0x5, 0x4, 0x1, 0xffffffff, 0xdb, 0x401, 0xffffffff], [0x7f, 0x8, 0x800, 0x1, 0x2, 0x7, 0x6, 0x9, 0x52364dfb, 0x6, 0x7, 0x5, 0x5, 0x0, 0x8, 0xf, 0x9, 0x1, 0x6438, 0xda, 0x7ff1, 0x24c, 0x8, 0x3, 0x7, 0x0, 0x6, 0x2, 0x7, 0x6, 0xfffffffc, 0x5, 0x8, 0x7, 0xb, 0x5, 0x6, 0xff, 0x2, 0x101, 0x0, 0x9, 0x8001, 0x6, 0xd58a, 0xfffffffe, 0x7, 0x7, 0xc, 0x4, 0x2, 0x5, 0xa0b, 0x900000, 0x1, 0xfffffffb, 0xb5f, 0x26000000, 0xe00000, 0x5fb, 0x8, 0x4, 0x8, 0x2], [0x4, 0xffffffff, 0x1, 0xb63, 0x8, 0x5, 0x2, 0x1, 0x6, 0x9, 0x73e000, 0x7, 0xffff2f4e, 0x3, 0x80000001, 0x6, 0x7fffffff, 0x3, 0x5, 0x8000000, 0x2, 0x3ff, 0xfffff422, 0x1, 0x0, 0x28, 0x3, 0x9, 0x1, 0x4, 0x100, 0x2, 0xff7, 0x2, 0x2, 0x38, 0x4, 0xf, 0xfffffc00, 0x5e0, 0xffffffff, 0x1, 0x81, 0x2346, 0x8, 0x7, 0x3, 0xfff, 0x3, 0x3, 0x6, 0xfffffffc, 0x101, 0x6, 0x1ff, 0x4, 0x6, 0xa, 0xf2, 0x3ff, 0x6, 0x7, 0x7, 0x8001]}, 0x45c)

5m44.677842673s ago: executing program 36 (id=1260):
socketpair$unix(0x1, 0x1, 0x0, 0x0)
r0 = memfd_create(0x0, 0x3)
write$binfmt_elf64(r0, &(0x7f0000000180)=ANY=[], 0x78)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f00000003c0)={0xc})
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000180)=ANY=[], 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
fcntl$addseals(r0, 0x409, 0x8)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$tun(r2, &(0x7f0000000600)=ANY=[@ANYBLOB="0103ffff0900ffd5"], 0x82)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x12, r3, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r4, 0x0, 0x30, 0x1, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000004c0)=[0x7], 0x0, 0x0, 0x1, 0x1}}, 0x40)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan0\x00'})
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
setsockopt$inet_tcp_TLS_RX(r5, 0x6, 0x2, &(0x7f0000000000)=@ccm_128={{0x304}, "1b399373b44f512c", "108a0a7a34b2183379316f64ba2a24bb", "83db4204", "9739ebb775af6a17"}, 0x28)
syz_open_dev$tty1(0xc, 0x4, 0x1)

18.325543441s ago: executing program 6 (id=2168):
write$smackfs_change_rule(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[@ANYBLOB], 0x25)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f0000007bc0)=[{{0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000000280)="a9cff351c0016f245d698d8c14cdacc0e4d7fc6a44004aacd85ebc47b5a17462dc6abc5ca3d1a7b99ba8420e05cfc8ac59487a7cb73617b9c2badd825e", 0x3d}, {&(0x7f0000001980)="5fb3450effde69bf04e3e44a973930e0b6f397ee7a964d6dbf627acb2d94", 0x1e}], 0x2}}], 0x1, 0x20000040)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$inet_udplite(0x2, 0x2, 0x88)
r3 = socket$kcm(0x21, 0x2, 0x2)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001500010300000000000000000bbd00"], 0x14}}, 0x0)
sendmsg$NLBL_UNLABEL_C_STATICADD(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0)
r5 = syz_open_dev$video(&(0x7f0000000180), 0x800, 0x0)
syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1)
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r5, 0xc100565c, &(0x7f0000000040)={0x0, 0x5, 0x1, {0xa, @pix_mp={0xaeda, 0x5, 0x42474752, 0x9, 0x3, [{0x74, 0x2d}, {0x8, 0x1}, {0x9, 0x100003}, {0x6, 0x8}, {0xff1, 0x8}, {0xff, 0x1ff}, {0x0, 0x6}, {0x6, 0xffffe59a}], 0x8, 0x4, 0x2, 0x2, 0x7}}})
r6 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="1201410130f56920ac98190272f00102030109021b000100001000090455070103490200090582030004003381"], 0x0)
socket$inet(0x2, 0x3, 0x2)
syz_usb_ep_write$ath9k_ep1(r6, 0x82, 0x40, 0x0)
syz_usb_control_io$cdc_ncm(r6, 0x0, 0x0)
sendmsg$kcm(r3, &(0x7f0000000000)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e22, @empty}}, 0x80, &(0x7f0000000140)=[{0x0}], 0x1, &(0x7f00000003c0)=ANY=[@ANYRESDEC=r1], 0x10b8}, 0xff00)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000000)=0xfe8e, 0x12)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0xffffffffffffffbc, &(0x7f0000000200)={&(0x7f0000000640)=ANY=[@ANYBLOB="7c85b4fe7c454dd01d11aa0beffa4a9a5cf649be90692604f3f8f035e09322603043315ea7e40ee72bad7cd4adb716f462205595e41e66f9e978659077aa5d4206c919ae18603639120cc3c3e422f98bbdbf14cf6c9629b554c565b1e394593c6f35bbb9bdfe95bbc119719999e72039a964e9b53ec0a712b0a3e3b017983d4f2bdb025cc925b2db730948a466a85b2d19eec371042e0b172fd60b3780d0f3b7ee747d8f7281824db9a78603ca94d61d4b3b7114afe27f2f9fd554127ba05fe2422352768d86acb02a004f"], 0x7c}, 0x1, 0x0, 0x0, 0x4004}, 0x14004095)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYRES16], 0x64}, 0x1, 0x0, 0x0, 0x40000}, 0x20000001)

14.879989705s ago: executing program 6 (id=2173):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, 0x0}], 0x1, 0x4e, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000000)="0f080fae04a200400f01c426660f3a15e6160fc76bdbf08666350f2170260fed9c000066b9230b00000f32", 0x2b}], 0x1, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000007600)={&(0x7f0000007580)={0x18, r5, 0x1, 0x70bd2a, 0x25dfdbfc, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4005}, 0x20004880)
r6 = dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r6, 0x0)

9.981749448s ago: executing program 6 (id=2181):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[], 0x1c}}, 0x0)

9.272623146s ago: executing program 6 (id=2183):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
lsetxattr$trusted_overlay_origin(&(0x7f0000000040)='./bus\x00', &(0x7f00000001c0), &(0x7f00000002c0), 0x2, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f00000000c0)='autofs\x00', 0x0, &(0x7f0000000400))
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
utimensat(r0, 0x0, &(0x7f00000000c0)={{0x77359400}, {0x0, 0x3ffffffe}}, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
ioperm(0x0, 0x9, 0x58)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180200000000000000000000000000008500000029000000850000005600000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
syz_io_uring_setup(0x45b4, &(0x7f00000035c0)={0x0, 0xbfd8, 0x20000, 0x0, 0x2000002}, 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
r2 = socket$can_bcm(0x1d, 0x2, 0x2)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
syz_clone3(&(0x7f0000000200)={0x4000000, 0x0, 0x0, 0x0, {0x33}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
r6 = dup(r5)
syz_kvm_setup_cpu$x86(r6, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x6c, 0x0, 0x0)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000240)=ANY=[@ANYBLOB="01000000000000008604"])
connect$can_bcm(r2, &(0x7f0000000140), 0x10)
sendmsg$can_bcm(r2, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000080)={0x1, 0x802, 0x0, {0x0, 0x2710}, {0x0, 0xea60}, {0x0, 0x0, 0x1}, 0x1, @canfd={{}, 0x27, 0x0, 0x0, 0x0, "f33d8e7b847ec8b36f1107e036dd98fc469107485e371bcf5c6b77db54f3d984795c49eca9b92241dc9fc39f976ad52e581942d9fc2178681e6866aa6ef10d06"}}, 0x80}, 0x1, 0x0, 0x0, 0x40084}, 0x20000000)
sendmsg$can_bcm(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)={0x5, 0xc1a, 0x0, {0x0, 0x2710}, {}, {0x0, 0x0, 0x1}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "645b6048a2e4931133f6d9919fd48557d76811cd874f3c107bbfc1c8831026d40798a2be4cc414e02216198977dc3d41ed0880c64c39e5f4059bae641ed15112"}}, 0x80}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYRES32=r1], 0x0, 0x8, 0x28, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r1, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$AUTOFS_IOC_PROTOSUBVER(r1, 0x40049366, &(0x7f0000000180))

8.625538839s ago: executing program 5 (id=2185):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
dup2(r1, r0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r0, 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x204a83, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x82000, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, 'v\x00', "07f217bd74511f465bbbd5de01000000f91800", "0000f600", "8ce63ecbc640735f"}, 0x38)
sendto$inet6(r3, 0x0, 0x0, 0x8000, 0x0, 0x0)
close(r3)
r4 = fsopen(&(0x7f0000000080)='rpc_pipefs\x00', 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x2, 0x4d, 0xfffffff8, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3e5b, 0x1, 0x45, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x3, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x5, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x4, 0x5, 0x0, 0x1f3, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x0, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0x9, 0xbf, 0x2, 0x3, 0x802, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x8, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0xfffffffd, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000240), 0x88002, 0x0)
ppoll(&(0x7f0000000300)=[{r2}, {0xffffffffffffffff, 0xa000}], 0x2, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='freezer.parent_freezing\x00', 0x275a, 0x0)

8.571653324s ago: executing program 9 (id=2186):
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newsa={0xf0, 0x10, 0x20, 0x70bd2b, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x2, 0x1, 0x0, 0x0, 0x2, 0x0, 0x180, 0x84, 0x0, 0xffffffffffffffff}, {@in6=@remote, 0x0, 0x32}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', {0x0, 0x0, 0x8, 0x100000001, 0x6}, {0x0, 0x0, 0x2, 0xfffffffffffffffc}, {0xc}, 0x70bd28, 0x0, 0x2}}, 0xf0}, 0x1, 0x0, 0x0, 0x880}, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000079db8540da0b77010b7d000000010902120001000000000904"], 0x0)
r0 = syz_open_dev$midi(&(0x7f00000000c0), 0x7, 0x429c0)
fcntl$notify(r0, 0x402, 0x28)
mq_unlink(&(0x7f0000000540)='}j\xe5\xf9xFe\xa2^5\f\xaeyS\xc2Qj\xe7B^\xb1\x12\xe0`\xc2\x99\x1c\xe63\x92\xd0\x9d\x87\x0e\xf5\b^\xbb\xbf\x8epA\xb8\xdb\xf6\x17\xeb\xa9\x13\x11\xa4\x8e\xce\x98\xdf\xf6g\x1c\xb6\x1e\x8d\x9a\xde\x99C5$\xd3^\xa6X\x82\t}X\xfe^\xc3\x03\x04\xff\xd8\xbc\xfam\xa6\x04\xf2s\xba\xe4(\x10 \xd5s\xce&\x7fQ\xae{m\xcd\x7fJ\xee&\xf3JM\xf1\xe13>L\xa5\t\x82pH,\x8c\xc5\x8b\xf6\xae\x88K+\x1b=RE\xd6\x87\x89P6\xe6\a\x82<\xa1N\x16[\xa5a^\xe2\x02\x8b\xafE\xdd\x14\xe3\xfe\x93<P\x8a6\xdd>\xb9\x1e\xf5Y<\xb1\x0f\xd7=\xc1\xfd\x8c\x01\xdc\xa4(5(\xf4\x90_pg\xe8\xb7\\\xb38\x92\xe0\xf8\xbf\x15rt\xafr}\x86\x93\\\xa6\xe9\x0f\xfb\x9fl\xe72K\x8f\x82n\xcf\xaa\xe2oH\x0f\xa8\xc1\xbfe+Pr\x9czl\xf7?j\xa3~\xa1\x02\x1b\xca\x97 \xe0\xed\xda\x16G`\xe563b\xe4\"\xec\xbf=S|\xf2\\2{\xd3\xa0\xb1\xa4fwl8\x9a\x1d~\x92\xdf\xb3\xdf,\x0fx\x94\xa0\'~:\x91\xf0\xb1\xad\x85i\x92<x\x19\xd2\x10\x85w\xf1\xa39\xa3\xc0&\x94\x03,\x8et\x05')
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000080)=0x800, 0x4)
setsockopt$packet_int(r2, 0x107, 0xe, &(0x7f0000000040)=0x417f, 0x4)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r3, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="18020000004000000000000000000000850000003d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32=r5, @ANYRES32=r4, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r5, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r3}, 0x20)
sendmmsg$inet6(r3, &(0x7f0000000b00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000ac0)="b0", 0x7ffff000}], 0x11}}], 0x2, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x4)
write(r6, &(0x7f0000005c00)="2700000014000707030e0000120f0a0011000100f5fe0012ff000000078a151f75080039000500", 0x27)
socket(0x2, 0x80805, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f0000000300)={0x2c, 0x0, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8}, @void}}, [@NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8}}]}]}, 0x2c}}, 0x0)

7.566611171s ago: executing program 7 (id=2188):
socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
fcntl$setlease(0xffffffffffffffff, 0x400, 0x1)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
write$binfmt_aout(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xff2e)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000005000100070000000900020073797a310000000014000780050015000c00000008001240000000000500050002000000050004000000000010000300686173683a69702c6d6163"], 0x5c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_FLUSH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x4, 0x6, 0x101, 0x0, 0x0, {0x1, 0x0, 0x5}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0xc40) (fail_nth: 6)

7.552828636s ago: executing program 6 (id=2189):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff}, 0x13f}}, 0x45)
r3 = fcntl$dupfd(r1, 0x0, r1)
write$RDMA_USER_CM_CMD_BIND(r3, &(0x7f0000000080)={0x14, 0x88, 0xfa00, {r2, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000000001"}, 0x500, 0x40420f00}}}, 0x90)
write$RDMA_USER_CM_CMD_LISTEN(r3, &(0x7f0000000140)={0x7, 0x8, 0xfa00, {r2, 0x4}}, 0x10)
ioctl$TIOCSLCKTRMIOS(r3, 0x5457, &(0x7f0000000180))
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000040)={'syztnl2\x00', 0x0, 0x29, 0x80, 0xd, 0x2, 0x10, @ipv4={'\x00', '\xff\xff', @broadcast}, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x7800, 0x10, 0x14853, 0x400000}})
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="00020006000000e62b428cc8e778000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e0030000280080006"], 0x68}, 0x1, 0x0, 0x0, 0x4000810}, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

6.901777568s ago: executing program 7 (id=2191):
syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00'}, 0x10)
r0 = syz_open_procfs(0x0, &(0x7f0000000500)='fd/3\x00')
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0x40044591, 0x0)

6.850946997s ago: executing program 5 (id=2192):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a44, 0x1700)
pipe(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$cgroup_int(r1, &(0x7f0000000000)=0x8, 0x12)
close(r1)
splice(r0, 0x0, r1, &(0x7f00000002c0)=0x87ffffe, 0x6, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d0000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10)
r3 = signalfd4(0xffffffffffffffff, &(0x7f00000008c0), 0x8, 0x0)
ioctl$KVM_CAP_X86_DISABLE_EXITS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000000)={0x8f, 0x0, 0x3})
r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x22400)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x127081)
close(r4)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000040), 0x32980a0, &(0x7f00000003c0)=ANY=[])
unshare(0x400)
signalfd4(r3, &(0x7f0000000080), 0x8, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)={0x0, 0x989680}, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
socket$igmp(0x2, 0x3, 0x2)

6.808882192s ago: executing program 8 (id=2193):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00'})
sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[], 0x1c}}, 0x0)

6.749798518s ago: executing program 6 (id=2194):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
syz_io_uring_setup(0x34b7, &(0x7f0000000000)={0x0, 0x0, 0x30c0}, &(0x7f0000000100), &(0x7f0000000080))
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0x20, &(0x7f00000000c0)={0x0, 0x0, 0x0, &(0x7f00000009c0)=""/4096, 0x1000}}, 0x10)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x12, r1, 0x9988000)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r2, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000400)={0xa, 0x4e23, 0x0, @private2}, 0x1c)

6.722562032s ago: executing program 7 (id=2195):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188)
openat$fuse(0xffffffffffffff9c, &(0x7f0000001180), 0x42, 0x0)
io_setup(0x202, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, 0x0, 0x0)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty}, 0x1c)
syz_open_dev$ttys(0xc, 0x2, 0x0)
r2 = fsopen(0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup\x00', 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@cgroup=r3, r3, 0x8, 0x0, 0x0, @void, @value=0x0}, 0x20)
write$qrtrtun(r3, &(0x7f0000000440)="6181c555471d500c6da5e411775f5ea10141c976cbbc926c5aa7cb84499ffa9725425ded1ff4a61f142ef9840fe5422d44771477b9d0434251f10ab2fe9337bde41cb2ecceafb7287cbb8db5ceb0fb50ee008d710d3044b6c4eca36c8fa06de02e048d60db3ec398b09653c7e9de3823daaac1b280887cf8c0af116e3902e3d277aac8c26e9cb735b4aa54c637ad94243737a7661060", 0x96)
r4 = fsmount(r2, 0x0, 0x0)
ioctl$DRM_IOCTL_VERSION(r4, 0xc0406400, 0x0)
r5 = openat$cgroup_subtree(r4, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000040)={[{0x2b, 'rdma'}, {0x2b, 'cpuset'}]}, 0xe)

5.86497306s ago: executing program 37 (id=2194):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0)
syz_io_uring_setup(0x34b7, &(0x7f0000000000)={0x0, 0x0, 0x30c0}, &(0x7f0000000100), &(0x7f0000000080))
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0x20, &(0x7f00000000c0)={0x0, 0x0, 0x0, &(0x7f00000009c0)=""/4096, 0x1000}}, 0x10)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1, 0x12, r1, 0x9988000)
r2 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r2, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000400)={0xa, 0x4e23, 0x0, @private2}, 0x1c)

5.842495307s ago: executing program 5 (id=2197):
sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x8080}, 0x40)
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, 0x0, 0x0)
bind$tipc(r0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$netlink(0x10, 0x3, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000200), 0x4)
r3 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000240)={'team0\x00', <r4=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r3, @ANYBLOB, @ANYRES32=r4, @ANYBLOB="b400028038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000101000038000100240001006e6f746966795f70656572735f696e74657276616c000000000000000000000005000300030000000800040001"], 0xd0}, 0x1, 0x0, 0x0, 0x24004000}, 0x24044880)
close(0xffffffffffffffff)

5.837163173s ago: executing program 7 (id=2198):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}}, 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, 0x0, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x11, 0x20000000000001d2, &(0x7f0000000740)=ANY=[@ANYRES16=r2, @ANYRES16=r6, @ANYRESHEX=0x0, @ANYRES32, @ANYRES16, @ANYRES64=r5, @ANYBLOB="480d34156ae0e793df36ff547447d88f4a063d4a8b62d040b427d9f55ce7f3442814cf0e3cefd4aa4410e1981675bcaa4232aa6f555fe06d8e24eb912dc4cdd5ab19f9983861a413e0f74ff229aea0a5725a153a687ebbb73d922ec29b42c8e77679fa5c306f9a6c190181502fdaf08958fc5a3f1f7a66c551585175a9d630e2a47a667fe45784a5f9d6991b2ddaeb5dab83c30d31180d7e8b961ec2cb3967b3099503aa0e35282d92847fdf27275d3541804ad4d2fbb3c66aea825e0269161e90", @ANYBLOB="e155a652fbcabf92d785688262f5e09628c7085d371932a852364a72b9d2f0c53b213215007771bb46b46fcf0872d997f07a4a5d6e9712f4fad9223e12288bebb7661a7de9e3a2624c299c8c13a15a46ea499025846f1d93170c71199ec0a80d249e3d7c38486a1f013ae0b6aa0caf684360afc6d36677bd2b9b6ea162b85dd121a13fe4016894846085b75ec9d7fb1308952b545aeb71a42bd9df220c7f584549c8060f9878d391a56b584137938e713874b11bd8d9d806ac5744e340d6a7464dc979903c", @ANYRES8=r3], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x30, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="c0000000190001000000000000000000fc020000000000000000000000000000ac1e000100000000000000000000000000000000000000000a00008088000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fdffffffffffffffffffffffffc4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000020000000000000000000000000000000000000000000000000000000000000008000c000f00"/120], 0xc0}}, 0x4004000)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_coalesce={0xf}})
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x4001, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x1000000, 0x3032, 0xffffffffffffffff, 0x39ff9000)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000100001012651196293911b146e9a33200000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a580000000b0a0b040000000000000000020000002c0004802800018007000100637400001c00028005000300000000000800014000000001080002400000000c0900010073797a3000000000090002"], 0x80}}, 0x0)

5.836859364s ago: executing program 8 (id=2199):
socket$kcm(0x2, 0x200000000000001, 0x106)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000000140))
unshare(0x28000600)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = syz_io_uring_setup(0x10a, &(0x7f00000003c0)={0x0, 0x43c6, 0x0, 0x0, 0x1}, &(0x7f0000000340)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r7, 0x47f9, 0x0, 0x0, 0x0, 0x0)

5.833261392s ago: executing program 9 (id=2200):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f0000003440)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x31a0}})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_PIT2(r1, 0xc048aec8, &(0x7f00000001c0)={0x6})
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mkdir(&(0x7f0000000440)='./file1\x00', 0x1a0)
mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000280)='./file1\x00')
r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x44)
fstat(r2, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
chown(&(0x7f0000000040)='./file1\x00', r3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
mknod$loop(&(0x7f00000017c0)='./file0\x00', 0x2480, 0x1)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x3, 0x16, &(0x7f0000001a00)=ANY=[@ANYBLOB="61156b00000000006113500000000000bfa00000000000001503000008004e002d3501000000000095000000000000006916000000000000bf67000000000000350605000fff07206706000005000000160302000ee60060bf500000000000000f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a81426104000000000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546ccd3f1d5ab2af27546e7c07000000000000009555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc8da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc2300000008ac86d8a297dff0445a15f21dce4de9f29eff65aadc841848c9b562a31e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d55c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67ab93716d20000009f0f53acbb40b4f8e2738270b31562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4d08000000ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43000000207b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000000000bb0d0000000000000000b712c1e47be511fe32fbc90e2364a55e9bb609c64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd4722a11dc3c693962895496d4f6e9cc54db6c7205a6b068fff496d2da7d632bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c835d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710e0254f1b11cced7bc3c8da0c44d2ebf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db88aa3c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fb9fb38f84d9d87b27f8a5d91217b728f13e3ee20e69e0ffb2780b1a7af137ff7b4ff139604faf0a4da65396174b4563d54b52f06c870edf0c5d744b5272b44c23488b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff5af657a67463d7dbf85ae9321fad16ee751cd7dde94ec97549c2b517dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da23c00d9ef418cf19e7a8c4c328be0ce95798adc2dca871073f6bd61dc18402cde8bf377b2eaa45c940aabc86b94f8cbde4d470667bee722a6a2af483ad0d3415ed0f9db059a6cffb92e2a0cfd81434e00000000000000000000d154ba10a8e51489a614e69722bac30000000000000000000000000000c5c4d188ff555285b9743d3aac000583f42d168613151d681a2f71373f20d92c9048407c91fabecfe8b3f2d5454d127edab14ba61ba1cfc4336324c86f3dcb43e9a59a08077e90f6ec1c7ac756f61dcc372cdd30b82507489f0bbfbd3c3f21752e81319c0161e154ceb16e00bc7f5a6962dff317f4d014786e432817064874d69a39cb0da31bcc5f81894d8a5cbb8be3f7741b18007dff12eb95066cc6bc256f0a12282224bb031bbee6d23cef7074f6d718b06ca80b57aa183dd0c3eee45891441f2b89b4c67aa9882281393954972046974f18df232cd7fca610e33f51c2d062020f403d85ff36c26e2f6bd1d82f4d3ceb3472d9a77e0057a3bfe697d9ab7585f4a1b381343d2cf855689232f4fc5135790662dc1419a374be9d7b3e5be2886d23add90d862f1a682ff11c798e338af3e5bb0f9d3952b15bf3e0c618c89d20ca1e18a031397693bf3cfbd8417e5b55e641c898c280356f2da222d5d68919d98158578dcf18efa404e508bcbbb8cfcf70086821ebdf34c9a1dff45af873d0ecdf904c2bdbef81f246d26f4b40df949e12bdac18532f4e11c608cc31d60cb591c40a7b386fa1c753336d7220a35118d4919b45eff32aab684e62c6691de14e97aa7e9dc8ecf0cd50540246d2b746e41e5b4e2c095039dfe0f71db6265f7580d098be40ef36faee5d1695830d4242a23e541e6ce9fa1998d8961cf4fe3c8e8fbb566f148c8befc229614a4b7f80d237b8abc6fd0407de31d6e5532f360d379f20f054e5deb27f7922fe6c14eba96c9af409da03290e4009f872d5aac263dbe239efb1e02dd4fc07f8c5b070e2ddeb4b5afa6df2e7e162962e334d85fa4373d5b569ac3353cc56008ddc8277fa9e8f6684513bfa827686b6fb71259743f55f46fa7e6379312e93213faf275f0441d46bc5690181244c44bea45854ed4ccd99f3fd328110ae22ef1504ec0566652d742ed8a7e202539c6531824f7399b486fbb906a91b77f2a6ba27bf97ebc7482cea32278a7acd9f2210e6ed2defcbd112f29a92401c5a37c58835f870b056186ef3971d3d9effa5661cabc2ff070000cfb030dd4ac0fe54db67510d3e9a5d36b900000074000000000000000000000000006e96ba8f5e7e"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value=0x1800}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001580)=[{&(0x7f0000000280)="db", 0x1}], 0x1}, 0x20048041)
recvmsg(r5, &(0x7f0000000840)={0x0, 0x0, 0x0}, 0x10001)
sendmsg$inet(r6, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="04", 0x1}], 0x1}, 0x1)
recvmsg(r5, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x2)
mount(&(0x7f00000000c0)=@filename='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='ubifs\x00', 0x12, 0x0)

4.31353137s ago: executing program 8 (id=2201):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0305602, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x4, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000000)={0x84, 0x0, 0x609, 0x4, 0xfffc, 0x1, 0x4, 0x7, <r5=>0x0}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=ANY=[@ANYBLOB], 0xdc}}, 0x0)
sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="9c000000190a01020000000000000000000000000900010073797a30000000000c0006400000000000000002240005800800015a0000a23c08000140000000320800024000000007080001aac99f55400000002f0900020073797a300000000020000740d07d45b2ea3eec53a10c6b79cc855cf3348d80c823b4913af25a90a908000a400000000208000a4000000000040005800900010073797a30"], 0x9c}}, 0x4004000)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r4, 0x84, 0x10, &(0x7f00000000c0)=@assoc_value={r5, 0x5}, &(0x7f0000000100)=0x8)
prlimit64(0x0, 0xe, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x400, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
dup(0xffffffffffffffff)
ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000040)=@arm64={0x7, 0x6, 0x81, '\x00', 0x3c})
r8 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r8, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)

4.218732949s ago: executing program 7 (id=2202):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000480)='blkio.throttle.io_serviced\x00', 0x275a, 0x0)
r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
dup2(r1, r0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x200000b, 0x12, r0, 0x0)
openat$dsp(0xffffffffffffff9c, 0x0, 0x204a83, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x82000, 0x0)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_open_dev$sndctrl(0x0, 0x0, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, 'v\x00', "07f217bd74511f465bbbd5de01000000f91800", "0000f600", "8ce63ecbc640735f"}, 0x38)
sendto$inet6(r3, 0x0, 0x0, 0x8000, 0x0, 0x0)
close(r3)
r4 = fsopen(&(0x7f0000000080)='rpc_pipefs\x00', 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x2, 0x4d, 0xfffffff8, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3e5b, 0x1, 0x45, 0xd, 0x1, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x3, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x5, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x4, 0x5, 0x0, 0x1f3, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x0, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0x9, 0xbf, 0x2, 0x3, 0x802, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x8, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0xfffffffd, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
openat$audio1(0xffffffffffffff9c, &(0x7f0000000240), 0x88002, 0x0)
ppoll(&(0x7f0000000300)=[{r2}, {0xffffffffffffffff, 0xa000}], 0x2, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='freezer.parent_freezing\x00', 0x275a, 0x0)

3.642378227s ago: executing program 5 (id=2203):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x3, 0xb, &(0x7f0000000140)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0xffffffff, 0x0, 'queue1\x00', 0x4})
write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)

2.157499996s ago: executing program 8 (id=2204):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff}, 0x13f}}, 0x45)
r3 = fcntl$dupfd(r1, 0x0, r1)
write$RDMA_USER_CM_CMD_BIND(r3, &(0x7f0000000080)={0x14, 0x88, 0xfa00, {r2, 0x30, 0x0, @ib={0x1b, 0x0, 0x0, {"00000000000000000000000000000001"}, 0x500, 0x40420f00}}}, 0x90)
write$RDMA_USER_CM_CMD_LISTEN(r3, &(0x7f0000000140)={0x7, 0x8, 0xfa00, {r2, 0x4}}, 0x10)
ioctl$TIOCSLCKTRMIOS(r3, 0x5457, &(0x7f0000000180))
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'syztnl0\x00', &(0x7f0000000040)={'syztnl2\x00', 0x0, 0x29, 0x80, 0xd, 0x2, 0x10, @ipv4={'\x00', '\xff\xff', @broadcast}, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x7800, 0x10, 0x14853, 0x400000}})
r4 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newtaction={0x48, 0x30, 0x53b, 0x0, 0x0, {0x9}, [{0x34, 0x1, [@m_sample={0x30, 0x1, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc}, {0xc, 0x4, {0x3}}}}]}]}, 0x48}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="00020006000000e62b428cc8e778000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e0030000280080006"], 0x68}, 0x1, 0x0, 0x0, 0x4000810}, 0x0)
sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003f000b05d25a806c8c6394f90324fc60100002000a000300053582c137153e3704020180fc0b09000c00", 0x33fe0}], 0x1}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

1.971235313s ago: executing program 5 (id=2205):
r0 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
fsetxattr$security_ima(r0, &(0x7f0000000040), &(0x7f0000000080)=ANY=[@ANYBLOB="1211"], 0x2, 0x0)
syncfs(r0)
write$binfmt_script(r0, &(0x7f0000002040)={'#! ', './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0'}, 0x1002)
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

1.928337715s ago: executing program 7 (id=2206):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f0000000200)="942a39cd96271abc8e3ff2a49e0d1d0e1b9abfe66b644148cb5ab881e6a7d3743db512fead6f233c1e5dffa41768ed2ee395959fc677fa09a9516a614ae3d78121ea1c28f835bd5e22240fef706456a89bcc8a49d3abaf", 0x57}, {0x0}], 0x2)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000100)={0x0, 0x4, 0x3000, 0x2000, &(0x7f0000fe8000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000001c0)=[@text64={0x40, 0x0}], 0x1, 0x4e, 0x0, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000000300)={'wpan0\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYRES8=r1, @ANYRES16=r7, @ANYBLOB="01002abd7000fddbdf252000000008000300", @ANYRES32=r8, @ANYBLOB="0c002d800500010001000000"], 0x28}, 0x1, 0x0, 0x0, 0x8800}, 0x4040040)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000000)="0f080fae04a200400f01c426660f3a15e6160fc76bdbf08666350f2170260fed9c000066b9230b00000f32", 0x2b}], 0x1, 0x0, 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f0000000040)={0x80a0000, 0x10000, 0x1})
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40840}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58000000160a03020000000000000000020000000900020073797a30000000000900010073797a30000000002c00038008000140000000000800024000000000180003801400010073797a5f74756e00000000000000000014000000110001"], 0x80}}, 0x0)
r10 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000340)={'syz_tun\x00', <r11=>0x0})
sendmsg$nl_route_sched(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r11, {}, {0xe}, {0xfff3}}}, 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

1.915984488s ago: executing program 9 (id=2207):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a44, 0x1700)
pipe(&(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$cgroup_int(r1, &(0x7f0000000000)=0x8, 0x12)
close(r1)
splice(r0, 0x0, r1, &(0x7f00000002c0)=0x87ffffe, 0x6, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r2}, 0x10)
r3 = signalfd4(0xffffffffffffffff, &(0x7f00000008c0), 0x8, 0x0)
ioctl$KVM_CAP_X86_DISABLE_EXITS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000000)={0x8f, 0x0, 0x3})
r4 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x22400)
syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x127081)
close(r4)
mount$9p_fd(0x0, &(0x7f00000003c0)='./file0/file0\x00', &(0x7f0000000040), 0x32980a0, &(0x7f00000003c0)=ANY=[])
unshare(0x400)
signalfd4(r3, &(0x7f0000000080), 0x8, 0x0)
pselect6(0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)={0x0, 0x989680}, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
socket$igmp(0x2, 0x3, 0x2)

1.825378093s ago: executing program 8 (id=2208):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_int(r1, 0x6, 0x7, 0x0, &(0x7f0000000040))
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000100001000000000000000089a000000a20000000000a03000000000000000000070000000900010073797a300000000080000000090a010400000000000000000700000008000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d3c00128014000180090001006c617374000000000400028010000180090001006c61737400000000380001800c000100636f756e74657200040002800800034000000107"], 0xc8}}, 0x20050800)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f00000001c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x108130, 0xffffffffffffffff, 0x8000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x2d)
request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x3}, &(0x7f0000001fee)='R\x10rust\xe3cusg\x91\xdeeH\xe5+\xf0', 0xffffffffffffffff)

1.662750978s ago: executing program 5 (id=2209):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="070000000000fddbdf250800000008000300", @ANYRES32=r2], 0x1c}}, 0x0)

1.572347751s ago: executing program 9 (id=2210):
socket$kcm(0x2, 0x200000000000001, 0x106)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r4, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r4, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r5=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r4, 0xc02064b6, &(0x7f00000001c0)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000000140))
unshare(0x28000600)
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = syz_io_uring_setup(0x10a, &(0x7f00000003c0)={0x0, 0x43c6, 0x0, 0x0, 0x1}, &(0x7f0000000340)=<r8=>0x0, &(0x7f0000000280)=<r9=>0x0)
syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r7, 0x47f9, 0x0, 0x0, 0x0, 0x0)

515.423976ms ago: executing program 8 (id=2211):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000080050005000200000011000300686173683a69702c706f7274"], 0x4c}}, 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, 0x0, &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
readlinkat(0xffffffffffffffff, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x11, 0x20000000000001d2, &(0x7f0000000740)=ANY=[@ANYRES16=r2, @ANYRES16=r6, @ANYRESHEX=0x0, @ANYRES32, @ANYRES16, @ANYRES64=r5, @ANYBLOB="480d34156ae0e793df36ff547447d88f4a063d4a8b62d040b427d9f55ce7f3442814cf0e3cefd4aa4410e1981675bcaa4232aa6f555fe06d8e24eb912dc4cdd5ab19f9983861a413e0f74ff229aea0a5725a153a687ebbb73d922ec29b42c8e77679fa5c306f9a6c190181502fdaf08958fc5a3f1f7a66c551585175a9d630e2a47a667fe45784a5f9d6991b2ddaeb5dab83c30d31180d7e8b961ec2cb3967b3099503aa0e35282d92847fdf27275d3541804ad4d2fbb3c66aea825e0269161e90", @ANYBLOB="e155a652fbcabf92d785688262f5e09628c7085d371932a852364a72b9d2f0c53b213215007771bb46b46fcf0872d997f07a4a5d6e9712f4fad9223e12288bebb7661a7de9e3a2624c299c8c13a15a46ea499025846f1d93170c71199ec0a80d249e3d7c38486a1f013ae0b6aa0caf684360afc6d36677bd2b9b6ea162b85dd121a13fe4016894846085b75ec9d7fb1308952b545aeb71a42bd9df220c7f584549c8060f9878d391a56b584137938e713874b11bd8d9d806ac5744e340d6a7464dc979903c", @ANYRES8=r3], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x30, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10)
setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="c0000000190001000000000000000000fc020000000000000000000000000000ac1e000100000000000000000000000000000000000000000a00008088000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fdffffffffffffffffffffffffc4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000020000000000000000000000000000000000000000000000000000000000000008000c000f00"/120], 0xc0}}, 0x4004000)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000000)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_coalesce={0xf}})
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x4001, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x1000000, 0x3032, 0xffffffffffffffff, 0x39ff9000)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000100001012651196293911b146e9a33200000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a580000000b0a0b040000000000000000020000002c0004802800018007000100637400001c00028005000300000000000800014000000001080002400000000c0900010073797a3000000000090002"], 0x80}}, 0x0)

482.777745ms ago: executing program 9 (id=2212):
sendmsg$NL80211_CMD_START_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x8080}, 0x40)
r0 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r0, 0x0, 0x0)
bind$tipc(r0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$netlink(0x10, 0x3, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbff, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000200), 0x4)
r3 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000240)={'team0\x00', <r4=>0x0})
sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="d0000000", @ANYRES16=r3, @ANYBLOB, @ANYRES32=r4, @ANYBLOB="b400028038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000101000038000100240001006e6f746966795f70656572735f696e74657276616c000000000000000000000005000300030000000800040001"], 0xd0}, 0x1, 0x0, 0x0, 0x24004000}, 0x24044880)
close(0xffffffffffffffff)

0s ago: executing program 9 (id=2213):
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1e000000000000000a000000fbffffff14"], 0x48)

kernel console output (not intermixed with test programs):

 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  923.395410][T12175] netlink: 'syz.9.1725': attribute type 20 has an invalid length.
[  923.404227][T10611] usb 7-1: New USB device found, idVendor=05ac, idProduct=0264, bcdDevice= 0.00
[  923.413780][T10611] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  923.436312][T10611] usb 7-1: config 0 descriptor??
[  923.449348][T10611] input: bcm5974 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input42
[  923.752729][T12180] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  924.030621][   T30] audit: type=1326 audit(1748482557.056:631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12171 comm="syz.8.1724" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa59358e969 code=0x0
[  924.072418][T12182] fuse: Unknown parameter 'fÅ'
[  924.530845][T12189] FAULT_INJECTION: forcing a failure.
[  924.530845][T12189] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  924.579673][T12189] CPU: 0 UID: 0 PID: 12189 Comm: syz.9.1728 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  924.579709][T12189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  924.579724][T12189] Call Trace:
[  924.579734][T12189]  <TASK>
[  924.579745][T12189]  dump_stack_lvl+0x189/0x250
[  924.579786][T12189]  ? __pfx____ratelimit+0x10/0x10
[  924.579819][T12189]  ? __pfx_dump_stack_lvl+0x10/0x10
[  924.579851][T12189]  ? __pfx__printk+0x10/0x10
[  924.579898][T12189]  ? fs_reclaim_acquire+0x7d/0x100
[  924.579934][T12189]  should_fail_ex+0x414/0x560
[  924.579970][T12189]  prepare_alloc_pages+0x213/0x610
[  924.580005][T12189]  __alloc_frozen_pages_noprof+0x123/0x370
[  924.580036][T12189]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  924.580066][T12189]  ? __lock_acquire+0xab9/0xd20
[  924.580096][T12189]  ? policy_nodemask+0x27c/0x720
[  924.580126][T12189]  ? __lock_acquire+0xab9/0xd20
[  924.580157][T12189]  alloc_pages_mpol+0x232/0x4a0
[  924.580197][T12189]  vma_alloc_folio_noprof+0xe4/0x200
[  924.580235][T12189]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[  924.580284][T12189]  folio_prealloc+0x30/0x180
[  924.580322][T12189]  do_wp_page+0x125e/0x57e0
[  924.580351][T12189]  ? __lock_acquire+0xab9/0xd20
[  924.580401][T12189]  ? __pfx_do_wp_page+0x10/0x10
[  924.580427][T12189]  ? do_raw_spin_lock+0x121/0x290
[  924.580465][T12189]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  924.580513][T12189]  __handle_mm_fault+0x1144/0x55e0
[  924.580568][T12189]  ? __pfx___handle_mm_fault+0x10/0x10
[  924.580617][T12189]  ? follow_page_pte+0xe3a/0x13d0
[  924.580662][T12189]  handle_mm_fault+0x2d5/0x7f0
[  924.580693][T12189]  ? vma_is_secretmem+0xd/0x50
[  924.580737][T12189]  __get_user_pages+0x1a78/0x30c0
[  924.580766][T12189]  ? lockdep_hardirqs_on+0x9c/0x150
[  924.580840][T12189]  ? __pfx___get_user_pages+0x10/0x10
[  924.580873][T12189]  ? get_user_pages_unlocked+0xb9/0x740
[  924.580911][T12189]  ? down_read_killable+0x1d1/0x350
[  924.580932][T12189]  ? is_valid_gup_args+0x11f/0x200
[  924.580967][T12189]  get_user_pages_unlocked+0x1e3/0x740
[  924.581013][T12189]  hva_to_pfn+0x313/0xc90
[  924.581057][T12189]  ? __pfx_hva_to_pfn+0x10/0x10
[  924.581099][T12189]  ? xas_start+0x390/0x770
[  924.581131][T12189]  ? xa_load+0x60/0x210
[  924.581175][T12189]  ? kvm_follow_pfn+0x21a/0x3c0
[  924.581211][T12189]  __kvm_faultin_pfn+0xaa/0x100
[  924.581253][T12189]  kvm_mmu_faultin_pfn+0x765/0x1d10
[  924.581309][T12189]  ? __pfx_kvm_mmu_faultin_pfn+0x10/0x10
[  924.581345][T12189]  ? __pfx_fast_page_fault+0x10/0x10
[  924.581380][T12189]  ? __kvm_mmu_topup_memory_cache+0x31a/0x610
[  924.581425][T12189]  kvm_tdp_page_fault+0x273/0x370
[  924.581454][T12189]  kvm_mmu_do_page_fault+0x2c5/0x640
[  924.581479][T12189]  ? vmx_vcpu_run+0xdad/0x2610
[  924.581513][T12189]  ? __pfx_kvm_mmu_do_page_fault+0x10/0x10
[  924.581555][T12189]  ? vmx_handle_exit_irqoff+0x29e/0xad0
[  924.581585][T12189]  ? __pfx_current_save_fsgs+0x10/0x10
[  924.581612][T12189]  kvm_mmu_page_fault+0x22f/0xb70
[  924.581646][T12189]  ? __pfx_handle_ept_violation+0x10/0x10
[  924.581681][T12189]  vmx_handle_exit+0x1093/0x18a0
[  924.581712][T12189]  ? vcpu_run+0x360c/0x6c20
[  924.581763][T12189]  vcpu_run+0x4309/0x6c20
[  924.581811][T12189]  ? vcpu_run+0x360c/0x6c20
[  924.581923][T12189]  ? __pfx_vcpu_run+0x10/0x10
[  924.581964][T12189]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  924.582009][T12189]  ? rcu_is_watching+0x15/0xb0
[  924.582045][T12189]  kvm_arch_vcpu_ioctl_run+0xfc9/0x1940
[  924.582094][T12189]  ? kvm_arch_vcpu_ioctl_run+0x1f3/0x1940
[  924.582128][T12189]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  924.582170][T12189]  ? rcu_is_watching+0x15/0xb0
[  924.582200][T12189]  ? trace_contention_end+0x39/0x120
[  924.582233][T12189]  ? __mutex_lock+0x330/0xe80
[  924.582269][T12189]  ? kasan_quarantine_put+0xdd/0x220
[  924.582304][T12189]  ? kvm_vcpu_ioctl+0x22c/0xe90
[  924.582341][T12189]  ? __pfx___mutex_lock+0x10/0x10
[  924.582376][T12189]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  924.582409][T12189]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[  924.582440][T12189]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  924.582480][T12189]  kvm_vcpu_ioctl+0x95a/0xe90
[  924.582521][T12189]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  924.582552][T12189]  ? __lock_acquire+0xab9/0xd20
[  924.582582][T12189]  ? __asan_memset+0x22/0x50
[  924.582609][T12189]  ? smack_file_ioctl+0x302/0x340
[  924.582639][T12189]  ? __pfx_smack_file_ioctl+0x10/0x10
[  924.582680][T12189]  ? __fget_files+0x2a/0x420
[  924.582712][T12189]  ? __fget_files+0x3a0/0x420
[  924.582745][T12189]  ? __fget_files+0x2a/0x420
[  924.582783][T12189]  ? bpf_lsm_file_ioctl+0x9/0x20
[  924.582808][T12189]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  924.582842][T12189]  __se_sys_ioctl+0xf9/0x170
[  924.582874][T12189]  do_syscall_64+0xfa/0x3b0
[  924.582919][T12189]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  924.582941][T12189]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  924.582965][T12189]  ? clear_bhb_loop+0x60/0xb0
[  924.582994][T12189]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  924.583017][T12189] RIP: 0033:0x7f600658e969
[  924.583038][T12189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  924.583059][T12189] RSP: 002b:00007f6007412038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  924.583083][T12189] RAX: ffffffffffffffda RBX: 00007f60067b5fa0 RCX: 00007f600658e969
[  924.583100][T12189] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  924.583114][T12189] RBP: 00007f6007412090 R08: 0000000000000000 R09: 0000000000000000
[  924.583129][T12189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  924.583143][T12189] R13: 0000000000000000 R14: 00007f60067b5fa0 R15: 00007ffe7a50db18
[  924.583180][T12189]  </TASK>
[  925.214585][T12189] kvm: kvm [12188]: vcpu0, guest rIP: 0x1bf Unhandled WRMSR(0x11e) = 0xb86600a000000000
[  925.572694][ T5174] bcm5974 7-1:0.0: could not read from device
[  925.867716][ T5174] bcm5974 7-1:0.0: could not read from device
[  925.888055][T10611] usb 7-1: USB disconnect, device number 12
[  926.261629][T12197] netlink: 24 bytes leftover after parsing attributes in process `syz.7.1730'.
[  926.329425][ T5891] usb 6-1: new low-speed USB device number 6 using dummy_hcd
[  926.562592][ T5891] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  926.608142][ T5891] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  926.642979][ T5891] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  926.849565][ T5891] usb 6-1: New USB device found, idVendor=05ac, idProduct=0264, bcdDevice= 0.00
[  926.866715][ T5891] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  926.882419][ T5891] usb 6-1: config 0 descriptor??
[  926.899718][T12205] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1733'.
[  926.918442][T12205] vcan0: entered promiscuous mode
[  926.923821][T12205] vcan0: entered allmulticast mode
[  926.952398][ T5891] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input44
[  927.286110][T12208] mmap: syz.6.1732 (12208) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  928.410233][T12216] netlink: 76 bytes leftover after parsing attributes in process `syz.7.1735'.
[  928.421077][T12216] sctp: [Deprecated]: syz.7.1735 (pid 12216) Use of struct sctp_assoc_value in delayed_ack socket option.
[  928.421077][T12216] Use struct sctp_sack_info instead
[  929.049967][T12217] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1734'.
[  929.063700][T12217] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1734'.
[  929.075568][T12217] netlink: 'syz.6.1734': attribute type 20 has an invalid length.
[  929.105615][ T5174] bcm5974 6-1:0.0: could not read from device
[  929.244331][ T5891] usb 6-1: USB disconnect, device number 6
[  930.400291][T12242] lo speed is unknown, defaulting to 1000
[  930.412900][ T5878] usb 7-1: new low-speed USB device number 13 using dummy_hcd
[  930.455627][   T30] audit: type=1326 audit(1748482563.486:632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12241 comm="syz.5.1744" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f469198e969 code=0x0
[  930.603854][ T5878] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  930.619652][T12246] syzkaller1: entered promiscuous mode
[  930.629186][T12246] syzkaller1: entered allmulticast mode
[  930.632679][ T5878] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  930.660893][ T5878] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  930.681204][ T5878] usb 7-1: New USB device found, idVendor=05ac, idProduct=0264, bcdDevice= 0.00
[  930.695830][ T5878] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  930.722535][ T5878] usb 7-1: config 0 descriptor??
[  930.742007][ T5878] input: bcm5974 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input46
[  931.551528][T12254] Invalid ELF header magic: != ELF
[  931.559099][T12254] netlink: 'syz.9.1748': attribute type 1 has an invalid length.
[  931.566899][T12254] netlink: 224 bytes leftover after parsing attributes in process `syz.9.1748'.
[  932.162908][T12259] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1750'.
[  932.188852][T12259] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1750'.
[  932.338991][T12259] netlink: 'syz.5.1750': attribute type 20 has an invalid length.
[  933.456336][ T5174] bcm5974 7-1:0.0: could not read from device
[  933.487467][ T5879] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[  933.517021][ T5174] bcm5974 7-1:0.0: could not read from device
[  933.530044][ T5878] usb 7-1: USB disconnect, device number 13
[  933.545853][ T5174] bcm5974 7-1:0.0: could not read from device
[  933.704832][ T5879] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  933.734416][T12280] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  933.735954][ T5879] usb 10-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  933.782390][ T5879] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  933.815911][ T5879] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  933.849843][   T30] audit: type=1326 audit(1748482566.886:633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12249 comm="syz.8.1747" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa59358e969 code=0x0
[  933.854798][T12272] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  933.878136][    C0] vkms_vblank_simulate: vblank timer overrun
[  933.901424][T12280] fuse: Unknown parameter 'fÅ'
[  933.921976][T12282] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1754'.
[  933.973251][T12282] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1754'.
[  934.050067][ T5879] usb 10-1: Quirk or no altset; falling back to MIDI 1.0
[  934.324703][ T5879] usb 10-1: USB disconnect, device number 13
[  934.990050][T12296] Invalid ELF header magic: != ELF
[  935.002085][T12296] netlink: 'syz.7.1759': attribute type 1 has an invalid length.
[  935.010037][T12296] netlink: 224 bytes leftover after parsing attributes in process `syz.7.1759'.
[  935.815138][T12301] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1761'.
[  935.851001][T12301] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1761'.
[  935.860901][T12302] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1762'.
[  935.891183][T12302] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1762'.
[  935.904824][T12304] loop2: detected capacity change from 0 to 7
[  935.909561][T12302] netlink: 'syz.7.1762': attribute type 20 has an invalid length.
[  935.935373][T12304] Dev loop2: unable to read RDB block 7
[  935.968814][T12304]  loop2: unable to read partition table
[  935.992470][T12304] loop2: partition table beyond EOD, truncated
[  936.031013][T12304] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  937.522397][ T5879] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  937.797576][ T5879] usb 7-1: device descriptor read/64, error -71
[  937.953048][T12323] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1768'.
[  938.067378][ T5879] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  938.227581][ T5879] usb 7-1: device descriptor read/64, error -71
[  938.338240][ T5879] usb usb7-port1: attempt power cycle
[  938.447563][  T978] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  938.536354][T12333] FAULT_INJECTION: forcing a failure.
[  938.536354][T12333] name failslab, interval 1, probability 0, space 0, times 0
[  938.553023][T12333] CPU: 1 UID: 0 PID: 12333 Comm: syz.8.1772 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  938.553056][T12333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  938.553071][T12333] Call Trace:
[  938.553081][T12333]  <TASK>
[  938.553091][T12333]  dump_stack_lvl+0x189/0x250
[  938.553129][T12333]  ? __pfx____ratelimit+0x10/0x10
[  938.553163][T12333]  ? __pfx_dump_stack_lvl+0x10/0x10
[  938.553195][T12333]  ? __pfx__printk+0x10/0x10
[  938.553233][T12333]  ? __pfx___might_resched+0x10/0x10
[  938.553263][T12333]  ? fs_reclaim_acquire+0x7d/0x100
[  938.553292][T12333]  should_fail_ex+0x414/0x560
[  938.553327][T12333]  should_failslab+0xa8/0x100
[  938.553364][T12333]  __kmalloc_noprof+0xcb/0x4f0
[  938.553394][T12333]  ? lockdep_hardirqs_on+0x9c/0x150
[  938.553422][T12333]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  938.553454][T12333]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  938.553487][T12333]  genl_family_rcv_msg_doit+0xb8/0x300
[  938.553519][T12333]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  938.553547][T12333]  ? rcu_is_watching+0x15/0xb0
[  938.553583][T12333]  ? cap_capable+0x11f/0x460
[  938.553612][T12333]  ? safesetid_security_capable+0xa9/0x1a0
[  938.553644][T12333]  ? bpf_lsm_capable+0x9/0x20
[  938.553670][T12333]  ? security_capable+0x7e/0x2e0
[  938.553717][T12333]  genl_rcv_msg+0x60e/0x790
[  938.553760][T12333]  ? __pfx_genl_rcv_msg+0x10/0x10
[  938.553784][T12333]  ? __pfx_ethnl_default_set_doit+0x10/0x10
[  938.553819][T12333]  ? ref_tracker_free+0x63a/0x7d0
[  938.553849][T12333]  ? __copy_skb_header+0xa7/0x550
[  938.553882][T12333]  netlink_rcv_skb+0x21c/0x490
[  938.553914][T12333]  ? __pfx_genl_rcv_msg+0x10/0x10
[  938.553939][T12333]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  938.553997][T12333]  ? down_read+0x1ad/0x2e0
[  938.554021][T12333]  genl_rcv+0x28/0x40
[  938.554042][T12333]  netlink_unicast+0x758/0x8d0
[  938.554082][T12333]  netlink_sendmsg+0x805/0xb30
[  938.554125][T12333]  ? __pfx_netlink_sendmsg+0x10/0x10
[  938.554166][T12333]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  938.554187][T12333]  ? __pfx_netlink_sendmsg+0x10/0x10
[  938.554221][T12333]  __sock_sendmsg+0x219/0x270
[  938.554252][T12333]  ____sys_sendmsg+0x505/0x830
[  938.554295][T12333]  ? __pfx_____sys_sendmsg+0x10/0x10
[  938.554341][T12333]  ? import_iovec+0x74/0xa0
[  938.554370][T12333]  ___sys_sendmsg+0x21f/0x2a0
[  938.554408][T12333]  ? __pfx____sys_sendmsg+0x10/0x10
[  938.554485][T12333]  ? __fget_files+0x2a/0x420
[  938.554518][T12333]  ? __fget_files+0x3a0/0x420
[  938.554564][T12333]  __x64_sys_sendmsg+0x19b/0x260
[  938.554590][T12333]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  938.554624][T12333]  ? __pfx_ksys_write+0x10/0x10
[  938.554651][T12333]  ? rcu_is_watching+0x15/0xb0
[  938.554693][T12333]  ? do_syscall_64+0xbe/0x3b0
[  938.554731][T12333]  do_syscall_64+0xfa/0x3b0
[  938.554763][T12333]  ? lockdep_hardirqs_on+0x9c/0x150
[  938.554795][T12333]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  938.554818][T12333]  ? clear_bhb_loop+0x60/0xb0
[  938.554846][T12333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  938.554869][T12333] RIP: 0033:0x7fa59358e969
[  938.554890][T12333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  938.554910][T12333] RSP: 002b:00007fa59448c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  938.554934][T12333] RAX: ffffffffffffffda RBX: 00007fa5937b5fa0 RCX: 00007fa59358e969
[  938.554951][T12333] RDX: 0000000000000000 RSI: 0000200000000540 RDI: 000000000000000f
[  938.554966][T12333] RBP: 00007fa59448c090 R08: 0000000000000000 R09: 0000000000000000
[  938.554981][T12333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  938.554995][T12333] R13: 0000000000000000 R14: 00007fa5937b5fa0 R15: 00007ffe86a5c468
[  938.555030][T12333]  </TASK>
[  938.669758][  T978] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  938.877951][    C0] vkms_vblank_simulate: vblank timer overrun
[  938.949745][ T5879] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  938.957936][  T978] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  938.967953][  T978] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  938.977043][  T978] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  938.990035][T12327] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22
[  939.002267][  T978] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  939.040424][ T5879] usb 7-1: device descriptor read/8, error -71
[  939.227762][  T978] usb 6-1: USB disconnect, device number 7
[  939.247376][ T9788] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  939.887759][ T9788] usb 9-1: Using ep0 maxpacket: 8
[  939.899503][ T9788] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9
[  939.917643][ T9788] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  939.933783][ T9788] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  939.949046][ T9788] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12336, setting to 1024
[  939.976814][ T9788] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  939.989971][ T9788] usb 9-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  940.004427][ T9788] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  940.019178][ T9788] usb 9-1: config 0 descriptor??
[  940.027132][T12335] raw-gadget.3 gadget.8: fail, usb_ep_enable returned -22
[  940.235105][T12345] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1777'.
[  940.327778][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.334960][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.342261][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.349401][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.356243][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.363289][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.370419][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.379623][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.386871][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.393808][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.400750][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.407687][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.414709][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.421611][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.428509][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.435333][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.442187][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.449358][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.456180][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.463064][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.469947][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.477973][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.484843][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.491723][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.498574][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.505386][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.512280][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.519123][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.525938][T10527] Bluetooth: hci5: Received unexpected HCI Event 0x00
[  940.569601][T12335] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1773'.
[  940.667647][ T5879] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  940.753910][T12355] netlink: 76 bytes leftover after parsing attributes in process `syz.9.1779'.
[  940.764313][T12355] sctp: [Deprecated]: syz.9.1779 (pid 12355) Use of struct sctp_assoc_value in delayed_ack socket option.
[  940.764313][T12355] Use struct sctp_sack_info instead
[  940.888466][ T5879] usb 7-1: Using ep0 maxpacket: 32
[  940.927862][ T5879] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  941.006779][ T5879] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  941.155823][ T5879] usb 7-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  941.268550][ T5879] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  941.371373][ T5879] usb 7-1: Product: syz
[  941.423401][ T5879] usb 7-1: Manufacturer: syz
[  941.488423][ T5879] usb 7-1: SerialNumber: syz
[  941.527663][ T5879] usb 7-1: config 0 descriptor??
[  941.758849][T12364] netlink: 212376 bytes leftover after parsing attributes in process `syz.9.1780'.
[  941.872181][T12366] nfsd: Unknown parameter 'usrquota'
[  941.996793][T12368] netlink: 'syz.9.1782': attribute type 12 has an invalid length.
[  942.066340][ T5891] usb 7-1: USB disconnect, device number 18
[  942.117603][T10611] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  942.187739][ T5823] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  942.346126][T10611] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  942.405576][T10611] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  942.462167][ T5891] usb 9-1: USB disconnect, device number 14
[  942.490640][T10611] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  942.611592][T10611] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  942.790058][T12366] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  942.850168][T10611] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  943.520736][ T5891] usb 6-1: USB disconnect, device number 8
[  943.607359][T10611] usb 10-1: new low-speed USB device number 14 using dummy_hcd
[  944.052267][T10611] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  944.064524][T10611] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  944.074929][T10611] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  944.088230][T10611] usb 10-1: New USB device found, idVendor=05ac, idProduct=0264, bcdDevice= 0.00
[  944.116530][T10611] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  944.137425][T12385] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1781'.
[  944.169260][T10611] usb 10-1: config 0 descriptor??
[  944.179743][T12390] futex_wake_op: syz.8.1787 tries to shift op by -33; fix this program
[  944.213719][T10611] input: bcm5974 as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/input/input49
[  946.457350][ T5174] bcm5974 10-1:0.0: could not read from device
[  946.521597][T10611] usb 10-1: USB disconnect, device number 14
[  946.538419][ T5174] bcm5974 10-1:0.0: could not read from device
[  946.794662][T12426] netlink: 36 bytes leftover after parsing attributes in process `syz.8.1795'.
[  947.168640][T12436] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1797'.
[  948.469636][T12445] netlink: 'syz.8.1799': attribute type 1 has an invalid length.
[  948.580753][T12449] netlink: 76 bytes leftover after parsing attributes in process `syz.6.1801'.
[  948.591998][T12449] sctp: [Deprecated]: syz.6.1801 (pid 12449) Use of struct sctp_assoc_value in delayed_ack socket option.
[  948.591998][T12449] Use struct sctp_sack_info instead
[  949.893303][T12445] 8021q: adding VLAN 0 to HW filter on device bond2
[  949.995359][T12450] bond2: (slave gretap1): making interface the new active one
[  950.198815][T12450] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  951.137683][   T30] audit: type=1400 audit(1748482584.166:634): lsm=SMACK fn=smack_inode_set_acl action=denied subject="w" object="_" requested=w pid=12478 comm="syz.8.1809" name="117" dev="tmpfs" ino=627
[  951.837797][T12484] FAULT_INJECTION: forcing a failure.
[  951.837797][T12484] name failslab, interval 1, probability 0, space 0, times 0
[  951.904125][T12484] CPU: 1 UID: 0 PID: 12484 Comm: syz.7.1810 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  951.904161][T12484] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  951.904176][T12484] Call Trace:
[  951.904187][T12484]  <TASK>
[  951.904197][T12484]  dump_stack_lvl+0x189/0x250
[  951.904235][T12484]  ? __pfx____ratelimit+0x10/0x10
[  951.904268][T12484]  ? __pfx_dump_stack_lvl+0x10/0x10
[  951.904299][T12484]  ? __pfx__printk+0x10/0x10
[  951.904341][T12484]  ? __pfx___might_resched+0x10/0x10
[  951.904375][T12484]  should_fail_ex+0x414/0x560
[  951.904410][T12484]  should_failslab+0xa8/0x100
[  951.904446][T12484]  kmem_cache_alloc_noprof+0x73/0x3c0
[  951.904486][T12484]  ? security_inode_alloc+0x39/0x330
[  951.904515][T12484]  security_inode_alloc+0x39/0x330
[  951.904542][T12484]  inode_init_always_gfp+0x9ed/0xdc0
[  951.904582][T12484]  ? __pfx_sock_alloc_inode+0x10/0x10
[  951.904609][T12484]  alloc_inode+0x82/0x1b0
[  951.904642][T12484]  __sock_create+0x12d/0x9f0
[  951.904682][T12484]  __sys_socketpair+0x23a/0x560
[  951.904720][T12484]  __x64_sys_socketpair+0x9b/0xb0
[  951.904751][T12484]  do_syscall_64+0xfa/0x3b0
[  951.904783][T12484]  ? lockdep_hardirqs_on+0x9c/0x150
[  951.904815][T12484]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  951.904838][T12484]  ? clear_bhb_loop+0x60/0xb0
[  951.904866][T12484]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  951.904888][T12484] RIP: 0033:0x7f8d4518e969
[  951.904908][T12484] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  951.904928][T12484] RSP: 002b:00007f8d45fbc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000035
[  951.904953][T12484] RAX: ffffffffffffffda RBX: 00007f8d453b5fa0 RCX: 00007f8d4518e969
[  951.904971][T12484] RDX: 0000000000000002 RSI: 0000000000000800 RDI: 0000000000000018
[  951.904985][T12484] RBP: 00007f8d45fbc090 R08: 0000000000000000 R09: 0000000000000000
[  951.905000][T12484] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[  951.905014][T12484] R13: 0000000000000000 R14: 00007f8d453b5fa0 R15: 00007ffcdab75078
[  951.905053][T12484]  </TASK>
[  952.129994][T12484] socket: no more sockets
[  952.421267][T12496] netlink: 76 bytes leftover after parsing attributes in process `syz.8.1812'.
[  952.431926][T12496] sctp: [Deprecated]: syz.8.1812 (pid 12496) Use of struct sctp_assoc_value in delayed_ack socket option.
[  952.431926][T12496] Use struct sctp_sack_info instead
[  952.525160][ T5878] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  952.755472][ T5878] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  952.894099][ T5878] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  953.058499][ T5878] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  953.085556][ T5878] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  953.120939][T12489] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  953.179872][ T5878] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  953.439298][ T5878] usb 7-1: USB disconnect, device number 19
[  954.381776][T12512] netlink: 'syz.6.1817': attribute type 1 has an invalid length.
[  954.595291][T12519] bond2: (slave gretap1): making interface the new active one
[  954.629553][T12519] bond2: (slave gretap1): Enslaving as an active interface with an up link
[  954.724944][T12528] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1820'.
[  954.767422][ T5811] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  954.814282][T12528] netlink: 12 bytes leftover after parsing attributes in process `syz.9.1820'.
[  954.935189][T12528] netlink: 'syz.9.1820': attribute type 20 has an invalid length.
[  954.969262][ T5811] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  955.000233][ T5811] usb 9-1: config 0 has no interfaces?
[  955.025223][ T5811] usb 9-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  955.051754][ T5811] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  955.103567][ T5811] usb 9-1: config 0 descriptor??
[  955.299468][T12539] netlink: 'syz.7.1821': attribute type 12 has an invalid length.
[  957.547900][ T5811] usb 9-1: USB disconnect, device number 15
[  957.609495][T12548] netlink: 212376 bytes leftover after parsing attributes in process `syz.5.1823'.
[  958.127596][ T5891] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  958.407680][ T5891] usb 9-1: Using ep0 maxpacket: 32
[  958.495101][ T5891] usb 9-1: config 0 has an invalid interface number: 85 but max is 0
[  958.645562][ T5891] usb 9-1: config 0 has no interface number 0
[  958.770355][ T5891] usb 9-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  958.963334][ T5891] usb 9-1: config 0 interface 85 has no altsetting 0
[  959.126330][ T5891] usb 9-1: New USB device found, idVendor=98ac, idProduct=0219, bcdDevice=f0.72
[  959.271961][ T5891] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  959.379837][ T5891] usb 9-1: Product: syz
[  959.442602][ T5891] usb 9-1: Manufacturer: syz
[  959.503468][ T5891] usb 9-1: SerialNumber: syz
[  959.735404][ T5891] usb 9-1: config 0 descriptor??
[  960.349168][   T43] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  960.705877][   T43] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  960.873067][   T43] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  961.027075][   T43] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  961.192852][   T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  961.232640][T12562] netlink: 'syz.7.1828': attribute type 1 has an invalid length.
[  961.325590][T12559] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[  961.349693][ T5891] usb 9-1: USB disconnect, device number 16
[  961.372994][   T43] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  961.474085][T12562] 8021q: adding VLAN 0 to HW filter on device bond1
[  961.569196][ T5879] usb 7-1: USB disconnect, device number 20
[  962.182179][T12581] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1834'.
[  962.199577][T12581] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1834'.
[  962.216612][T12581] netlink: 'syz.6.1834': attribute type 20 has an invalid length.
[  962.257352][   T43] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  962.477341][   T43] usb 9-1: Using ep0 maxpacket: 8
[  962.501615][   T43] usb 9-1: config 179 has an invalid interface number: 65 but max is 0
[  962.547332][   T43] usb 9-1: config 179 has no interface number 0
[  963.275934][   T43] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  963.307372][   T43] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  963.327321][   T43] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  963.347297][   T43] usb 9-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  963.361431][   T43] usb 9-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  963.374893][   T43] usb 9-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  963.384057][   T43] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  963.549240][T12577] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  963.939007][   T43] input: Generic X-Box pad as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:179.65/input/input50
[  964.492330][ T5811] usb 9-1: USB disconnect, device number 17
[  964.492386][    C1] xpad 9-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  964.506763][    C1] xpad 9-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  964.527253][ T5811] xpad 9-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  965.017883][   T43] usb 7-1: new high-speed USB device number 21 using dummy_hcd
[  965.309014][   T43] usb 7-1: Using ep0 maxpacket: 32
[  965.390800][   T43] usb 7-1: config index 0 descriptor too short (expected 35577, got 27)
[  965.559408][   T43] usb 7-1: config 1 has too many interfaces: 92, using maximum allowed: 32
[  965.580466][   T43] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 92
[  965.589571][   T43] usb 7-1: config 1 has no interface number 0
[  965.595721][   T43] usb 7-1: config 1 interface 1 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  965.607507][   T43] usb 7-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  965.620602][   T43] usb 7-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8
[  965.637300][   T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  965.674636][   T43] snd_usb_pod 7-1:1.1: Line 6 Pocket POD found
[  965.921454][T12603] program syz.6.1839 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  965.934310][T12616] netlink: 'syz.9.1841': attribute type 12 has an invalid length.
[  966.016425][   T43] snd_usb_pod 7-1:1.1: endpoint not available, using fallback values
[  966.051580][   T43] snd_usb_pod 7-1:1.1: invalid control EP
[  966.073203][   T43] snd_usb_pod 7-1:1.1: cannot start listening: -22
[  966.103921][   T43] snd_usb_pod 7-1:1.1: Line 6 Pocket POD now disconnected
[  966.127787][   T43] snd_usb_pod 7-1:1.1: probe with driver snd_usb_pod failed with error -22
[  966.450720][   T43] usb 7-1: USB disconnect, device number 21
[  966.468128][ T5811] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  966.576779][   T30] audit: type=1400 audit(1748482599.586:635): lsm=SMACK fn=smack_file_receive action=denied subject="w" object="_" requested=w pid=12623 comm="syz.7.1845" path="socket:[42328]" dev="sockfs" ino=42328
[  967.169206][ T5811] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  967.217904][ T5811] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  967.238912][ T5811] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  967.254536][ T5811] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  967.268099][T12621] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  967.280712][ T5811] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  967.312993][T12629] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:20002
[  967.500527][ T5811] usb 6-1: USB disconnect, device number 9
[  967.771727][T12639] netlink: 20 bytes leftover after parsing attributes in process `syz.9.1850'.
[  968.077828][ T5811] usb 10-1: new high-speed USB device number 15 using dummy_hcd
[  968.266347][ T5811] usb 10-1: Using ep0 maxpacket: 16
[  968.307001][T12644] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  968.309190][ T5811] usb 10-1: config index 0 descriptor too short (expected 16456, got 72)
[  968.377570][ T5811] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  968.407971][ T5811] usb 10-1: config 0 has 1 interface, different from the descriptor's value: 2
[  968.438463][   T30] audit: type=1326 audit(1748482601.476:636): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12630 comm="syz.7.1847" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8d4518e969 code=0x0
[  968.444533][ T5811] usb 10-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  968.489754][T12644] fuse: Unknown parameter 'fÅ'
[  968.648998][ T5811] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  968.697810][ T5811] usb 10-1: Product: syz
[  968.702169][ T5811] usb 10-1: Manufacturer: syz
[  968.706890][ T5811] usb 10-1: SerialNumber: syz
[  968.744029][ T5811] usb 10-1: config 0 descriptor??
[  969.670795][T10611] usb 10-1: USB disconnect, device number 15
[  971.571353][T12687] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1861'.
[  972.752884][T12697] netlink: 180 bytes leftover after parsing attributes in process `syz.7.1866'.
[  972.897486][   T43] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  973.216308][   T43] usb 6-1: Using ep0 maxpacket: 32
[  973.239451][   T43] usb 6-1: config 0 has an invalid interface number: 247 but max is 0
[  973.377512][T12701] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1867'.
[  973.907321][   T43] usb 6-1: config 0 has no interface number 0
[  974.098162][   T43] usb 6-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b
[  974.107416][   T43] usb 6-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0
[  974.115443][   T43] usb 6-1: Product: syz
[  974.133176][   T43] usb 6-1: Manufacturer: syz
[  974.155417][   T43] usb 6-1: config 0 descriptor??
[  974.517407][ T5811] usb 6-1: USB disconnect, device number 10
[  974.615883][T12708] No such timeout policy "syz1"
[  975.517751][   T43] usb 10-1: new high-speed USB device number 16 using dummy_hcd
[  975.707428][   T43] usb 10-1: Using ep0 maxpacket: 32
[  975.775058][   T43] usb 10-1: config 0 has an invalid interface number: 85 but max is 0
[  975.863562][   T43] usb 10-1: config 0 has no interface number 0
[  975.948954][   T43] usb 10-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  976.069160][   T43] usb 10-1: config 0 interface 85 has no altsetting 0
[  976.084925][T12717] FAULT_INJECTION: forcing a failure.
[  976.084925][T12717] name failslab, interval 1, probability 0, space 0, times 0
[  976.159868][   T43] usb 10-1: New USB device found, idVendor=98ac, idProduct=0219, bcdDevice=f0.72
[  976.209876][T12717] CPU: 1 UID: 0 PID: 12717 Comm: syz.5.1874 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  976.209909][T12717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  976.209923][T12717] Call Trace:
[  976.209932][T12717]  <TASK>
[  976.209943][T12717]  dump_stack_lvl+0x189/0x250
[  976.209979][T12717]  ? __pfx____ratelimit+0x10/0x10
[  976.210010][T12717]  ? __pfx_dump_stack_lvl+0x10/0x10
[  976.210038][T12717]  ? __pfx__printk+0x10/0x10
[  976.210073][T12717]  ? __pfx___might_resched+0x10/0x10
[  976.210108][T12717]  should_fail_ex+0x414/0x560
[  976.210141][T12717]  should_failslab+0xa8/0x100
[  976.210174][T12717]  __kmalloc_noprof+0xcb/0x4f0
[  976.210220][T12717]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  976.210252][T12717]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  976.210285][T12717]  genl_family_rcv_msg_doit+0xb8/0x300
[  976.210317][T12717]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  976.210345][T12717]  ? __pfx_genl_get_cmd+0x10/0x10
[  976.210366][T12717]  ? __pfx_ovs_flow_cmd_get+0x10/0x10
[  976.210397][T12717]  ? __pfx_ovs_flow_cmd_dump+0x10/0x10
[  976.210430][T12717]  ? lockdep_hardirqs_on+0x9c/0x150
[  976.210462][T12717]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  976.210499][T12717]  genl_rcv_msg+0x60e/0x790
[  976.210529][T12717]  ? __pfx_genl_rcv_msg+0x10/0x10
[  976.210552][T12717]  ? __pfx_ovs_flow_cmd_get+0x10/0x10
[  976.210609][T12717]  netlink_rcv_skb+0x21c/0x490
[  976.210641][T12717]  ? __pfx_genl_rcv_msg+0x10/0x10
[  976.210666][T12717]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  976.210722][T12717]  ? down_read+0x1ad/0x2e0
[  976.210745][T12717]  genl_rcv+0x28/0x40
[  976.210765][T12717]  netlink_unicast+0x758/0x8d0
[  976.210805][T12717]  netlink_sendmsg+0x805/0xb30
[  976.210836][T12717]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  976.210874][T12717]  ? __pfx_netlink_sendmsg+0x10/0x10
[  976.210918][T12717]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  976.210939][T12717]  ? __pfx_netlink_sendmsg+0x10/0x10
[  976.210970][T12717]  __sock_sendmsg+0x219/0x270
[  976.211001][T12717]  ____sys_sendmsg+0x505/0x830
[  976.211041][T12717]  ? __pfx_____sys_sendmsg+0x10/0x10
[  976.211086][T12717]  ? import_iovec+0x74/0xa0
[  976.211114][T12717]  ___sys_sendmsg+0x21f/0x2a0
[  976.211152][T12717]  ? __pfx____sys_sendmsg+0x10/0x10
[  976.211226][T12717]  ? __fget_files+0x2a/0x420
[  976.211258][T12717]  ? __fget_files+0x3a0/0x420
[  976.211302][T12717]  __x64_sys_sendmsg+0x19b/0x260
[  976.211327][T12717]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  976.211359][T12717]  ? __pfx_ksys_write+0x10/0x10
[  976.211387][T12717]  ? rcu_is_watching+0x15/0xb0
[  976.211421][T12717]  ? do_syscall_64+0xbe/0x3b0
[  976.211458][T12717]  do_syscall_64+0xfa/0x3b0
[  976.211492][T12717]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  976.211512][T12717]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  976.211534][T12717]  ? clear_bhb_loop+0x60/0xb0
[  976.211561][T12717]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  976.211589][T12717] RIP: 0033:0x7f469198e969
[  976.211609][T12717] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  976.211629][T12717] RSP: 002b:00007f468f7f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  976.211654][T12717] RAX: ffffffffffffffda RBX: 00007f4691bb5fa0 RCX: 00007f469198e969
[  976.211670][T12717] RDX: 000000000000c000 RSI: 0000200000000000 RDI: 0000000000000003
[  976.211685][T12717] RBP: 00007f468f7f6090 R08: 0000000000000000 R09: 0000000000000000
[  976.211699][T12717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  976.211713][T12717] R13: 0000000000000000 R14: 00007f4691bb5fa0 R15: 00007ffd0df7a828
[  976.211747][T12717]  </TASK>
[  976.897342][   T43] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  976.905837][   T43] usb 10-1: Product: syz
[  976.910888][   T43] usb 10-1: Manufacturer: syz
[  976.915652][   T43] usb 10-1: SerialNumber: syz
[  976.935471][   T43] usb 10-1: config 0 descriptor??
[  978.577753][   T43] usb 10-1: USB disconnect, device number 16
[  978.894651][ T5811] usb 9-1: new full-speed USB device number 18 using dummy_hcd
[  979.165388][T12740] usb usb8: usbfs: process 12740 (syz.7.1884) did not claim interface 0 before use
[  979.349508][ T5811] usb 9-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  979.734545][T12748] FAULT_INJECTION: forcing a failure.
[  979.734545][T12748] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  979.826699][T12748] CPU: 1 UID: 0 PID: 12748 Comm: syz.9.1885 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  979.826734][T12748] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  979.826749][T12748] Call Trace:
[  979.826758][T12748]  <TASK>
[  979.826769][T12748]  dump_stack_lvl+0x189/0x250
[  979.826806][T12748]  ? __pfx____ratelimit+0x10/0x10
[  979.826838][T12748]  ? __pfx_dump_stack_lvl+0x10/0x10
[  979.826869][T12748]  ? __pfx__printk+0x10/0x10
[  979.826903][T12748]  ? __might_fault+0xb0/0x130
[  979.826944][T12748]  should_fail_ex+0x414/0x560
[  979.826978][T12748]  _copy_from_user+0x2d/0xb0
[  979.827002][T12748]  ip_tunnel_parm_from_user+0xa2/0x380
[  979.827028][T12748]  ? __mutex_trylock_common+0x153/0x260
[  979.827060][T12748]  ? __pfx_ip_tunnel_parm_from_user+0x10/0x10
[  979.827093][T12748]  ? rcu_is_watching+0x15/0xb0
[  979.827129][T12748]  ip_tunnel_siocdevprivate+0x99/0x180
[  979.827155][T12748]  ? __lock_acquire+0xab9/0xd20
[  979.827184][T12748]  ? __pfx_ip_tunnel_siocdevprivate+0x10/0x10
[  979.827222][T12748]  ? netdev_name_node_lookup+0xdf/0x120
[  979.827252][T12748]  dev_ifsioc+0xb54/0xf00
[  979.827289][T12748]  dev_ioctl+0x84c/0x1150
[  979.827319][T12748]  sock_ioctl+0x719/0x790
[  979.827347][T12748]  ? __pfx_sock_ioctl+0x10/0x10
[  979.827375][T12748]  ? __fget_files+0x3a0/0x420
[  979.827405][T12748]  ? __fget_files+0x2a/0x420
[  979.827440][T12748]  ? bpf_lsm_file_ioctl+0x9/0x20
[  979.827464][T12748]  ? __pfx_sock_ioctl+0x10/0x10
[  979.827488][T12748]  __se_sys_ioctl+0xf9/0x170
[  979.827518][T12748]  do_syscall_64+0xfa/0x3b0
[  979.827551][T12748]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  979.827572][T12748]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  979.827594][T12748]  ? clear_bhb_loop+0x60/0xb0
[  979.827620][T12748]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  979.827642][T12748] RIP: 0033:0x7f600658e969
[  979.827662][T12748] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  979.827682][T12748] RSP: 002b:00007f6007412038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  979.827705][T12748] RAX: ffffffffffffffda RBX: 00007f60067b5fa0 RCX: 00007f600658e969
[  979.827722][T12748] RDX: 00002000000005c0 RSI: 00000000000089f1 RDI: 0000000000000003
[  979.827737][T12748] RBP: 00007f6007412090 R08: 0000000000000000 R09: 0000000000000000
[  979.827750][T12748] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  979.827764][T12748] R13: 0000000000000000 R14: 00007f60067b5fa0 R15: 00007ffe7a50db18
[  979.827798][T12748]  </TASK>
[  981.163498][ T5811] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  981.921445][ T5811] usb 9-1: config 0 descriptor??
[  981.929437][ T5811] ums-realtek 9-1:0.0: USB Mass Storage device detected
[  982.083529][   T43] usb 9-1: USB disconnect, device number 18
[  982.238901][T12760] FAULT_INJECTION: forcing a failure.
[  982.238901][T12760] name failslab, interval 1, probability 0, space 0, times 0
[  982.336402][T12760] CPU: 0 UID: 0 PID: 12760 Comm: syz.7.1888 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[  982.336436][T12760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  982.336450][T12760] Call Trace:
[  982.336459][T12760]  <TASK>
[  982.336468][T12760]  dump_stack_lvl+0x189/0x250
[  982.336501][T12760]  ? __pfx____ratelimit+0x10/0x10
[  982.336528][T12760]  ? __pfx_dump_stack_lvl+0x10/0x10
[  982.336554][T12760]  ? __pfx__printk+0x10/0x10
[  982.336591][T12760]  ? __pfx___might_resched+0x10/0x10
[  982.336622][T12760]  should_fail_ex+0x414/0x560
[  982.336652][T12760]  should_failslab+0xa8/0x100
[  982.336683][T12760]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  982.336712][T12760]  ? __alloc_skb+0x112/0x2d0
[  982.336744][T12760]  __alloc_skb+0x112/0x2d0
[  982.336776][T12760]  netlink_dump+0x245/0xe70
[  982.336803][T12760]  ? trace_contention_end+0x39/0x120
[  982.336832][T12760]  ? __mutex_lock+0x330/0xe80
[  982.336863][T12760]  ? __netlink_lookup+0xbd/0x810
[  982.336891][T12760]  ? __pfx_netlink_dump+0x10/0x10
[  982.336936][T12760]  ? netlink_lookup+0x30/0x200
[  982.336962][T12760]  ? netlink_lookup+0x30/0x200
[  982.336986][T12760]  ? netlink_lookup+0x30/0x200
[  982.337025][T12760]  __netlink_dump_start+0x5cb/0x7e0
[  982.337061][T12760]  rtnetlink_rcv_msg+0x9eb/0xb70
[  982.337088][T12760]  ? __pfx_rtnl_bridge_getlink+0x10/0x10
[  982.337117][T12760]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[  982.337158][T12760]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  982.337182][T12760]  ? __pfx_rtnl_dumpit+0x10/0x10
[  982.337204][T12760]  ? __pfx_rtnl_bridge_getlink+0x10/0x10
[  982.337229][T12760]  ? ref_tracker_free+0x63a/0x7d0
[  982.337252][T12760]  ? __copy_skb_header+0xa7/0x550
[  982.337279][T12760]  netlink_rcv_skb+0x21c/0x490
[  982.337304][T12760]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  982.337331][T12760]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  982.337375][T12760]  ? netlink_deliver_tap+0x2e/0x1b0
[  982.337401][T12760]  ? netlink_deliver_tap+0x2e/0x1b0
[  982.337432][T12760]  netlink_unicast+0x758/0x8d0
[  982.337466][T12760]  netlink_sendmsg+0x805/0xb30
[  982.337502][T12760]  ? __pfx_netlink_sendmsg+0x10/0x10
[  982.337537][T12760]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  982.337554][T12760]  ? __pfx_netlink_sendmsg+0x10/0x10
[  982.337581][T12760]  __sock_sendmsg+0x219/0x270
[  982.337607][T12760]  ____sys_sendmsg+0x505/0x830
[  982.337642][T12760]  ? __pfx_____sys_sendmsg+0x10/0x10
[  982.337680][T12760]  ? import_iovec+0x74/0xa0
[  982.337703][T12760]  ___sys_sendmsg+0x21f/0x2a0
[  982.337734][T12760]  ? __pfx____sys_sendmsg+0x10/0x10
[  982.337819][T12760]  ? __fget_files+0x2a/0x420
[  982.337849][T12760]  ? __fget_files+0x3a0/0x420
[  982.337890][T12760]  __x64_sys_sendmsg+0x19b/0x260
[  982.337913][T12760]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  982.337943][T12760]  ? __pfx_ksys_write+0x10/0x10
[  982.337976][T12760]  ? do_syscall_64+0xbe/0x3b0
[  982.338015][T12760]  do_syscall_64+0xfa/0x3b0
[  982.338044][T12760]  ? lockdep_hardirqs_on+0x9c/0x150
[  982.338090][T12760]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  982.338112][T12760]  ? clear_bhb_loop+0x60/0xb0
[  982.338139][T12760]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  982.338161][T12760] RIP: 0033:0x7f8d4518e969
[  982.338180][T12760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  982.338200][T12760] RSP: 002b:00007f8d45fbc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  982.338222][T12760] RAX: ffffffffffffffda RBX: 00007f8d453b5fa0 RCX: 00007f8d4518e969
[  982.338239][T12760] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  982.338253][T12760] RBP: 00007f8d45fbc090 R08: 0000000000000000 R09: 0000000000000000
[  982.338267][T12760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  982.338280][T12760] R13: 0000000000000000 R14: 00007f8d453b5fa0 R15: 00007ffcdab75078
[  982.338314][T12760]  </TASK>
[  982.457256][T12768] netlink: 180 bytes leftover after parsing attributes in process `syz.8.1894'.
[  982.787385][   T43] usb 7-1: new high-speed USB device number 22 using dummy_hcd
[  982.977287][   T43] usb 7-1: Using ep0 maxpacket: 16
[  982.984608][   T43] usb 7-1: config 0 has an invalid interface number: 1 but max is 0
[  982.996446][   T43] usb 7-1: config 0 has no interface number 0
[  983.019178][   T43] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  983.030625][   T43] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  983.040813][   T43] usb 7-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00
[  983.050215][   T43] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  983.079877][   T43] usb 7-1: config 0 descriptor??
[  983.082894][T12775] netlink: 'syz.7.1895': attribute type 12 has an invalid length.
[  983.169506][T12777] netlink: 212376 bytes leftover after parsing attributes in process `syz.8.1896'.
[  983.332727][T12779] loop2: detected capacity change from 0 to 7
[  983.385450][T12779] Dev loop2: unable to read RDB block 7
[  983.410727][T12779]  loop2: unable to read partition table
[  983.447240][T12779] loop2: partition table beyond EOD, truncated
[  983.459828][T12779] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  983.477515][T12782] usb usb8: usbfs: process 12782 (syz.8.1898) did not claim interface 0 before use
[  983.767460][   T30] audit: type=1326 audit(1748482616.766:637): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12765 comm="syz.6.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e30d8e969 code=0x7ffc0000
[  983.864137][T12767] 9pnet_fd: Insufficient options for proto=fd
[  983.938070][   T30] audit: type=1326 audit(1748482616.776:638): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12765 comm="syz.6.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e30d8e969 code=0x7ffc0000
[  983.963899][ T5811] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[  984.106134][   T30] audit: type=1326 audit(1748482616.776:639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12765 comm="syz.6.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7f8e30d8e969 code=0x7ffc0000
[  984.158386][   T43] uclogic 0003:28BD:0071.000A: pen parameters not found
[  984.165491][   T43] uclogic 0003:28BD:0071.000A: interface is invalid, ignoring
[  984.168661][ T5811] usb 9-1: Using ep0 maxpacket: 32
[  984.249373][ T5811] usb 9-1: config 0 has an invalid interface number: 67 but max is 0
[  984.294950][ T5811] usb 9-1: config 0 has no interface number 0
[  984.321693][   T30] audit: type=1326 audit(1748482616.786:640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12765 comm="syz.6.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e30d8e969 code=0x7ffc0000
[  984.394073][ T5811] usb 9-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  984.459802][ T5811] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  984.502355][   T30] audit: type=1326 audit(1748482616.786:641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12765 comm="syz.6.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e30d8e969 code=0x7ffc0000
[  984.544030][ T5811] usb 9-1: Product: syz
[  984.583398][ T5811] usb 9-1: Manufacturer: syz
[  984.628717][ T5811] usb 9-1: SerialNumber: syz
[  984.756020][ T5811] usb 9-1: config 0 descriptor??
[  984.783570][   T30] audit: type=1326 audit(1748482616.786:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12765 comm="syz.6.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8e30d8e56b code=0x7ffc0000
[  984.883305][ T5811] smsc95xx v2.0.0
[  985.154204][   T30] audit: type=1326 audit(1748482616.796:643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12765 comm="syz.6.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8e30d8e56b code=0x7ffc0000
[  985.278688][ T5811] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  985.512697][ T5811] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  985.628548][   T30] audit: type=1326 audit(1748482616.796:644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12765 comm="syz.6.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e30d8e969 code=0x7ffc0000
[  985.762072][ T5811] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[  985.971611][ T5811] smsc95xx 9-1:0.67: probe with driver smsc95xx failed with error -32
[  986.100192][   T30] audit: type=1326 audit(1748482616.826:645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12765 comm="syz.6.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8e30d8e969 code=0x7ffc0000
[  986.537075][   T30] audit: type=1326 audit(1748482616.826:646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12765 comm="syz.6.1893" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8e30d8d2d0 code=0x7ffc0000
[  986.906736][   T43] usb 7-1: USB disconnect, device number 22
[  987.381839][   T43] usb 6-1: new full-speed USB device number 11 using dummy_hcd
[  987.396426][T12807] Bluetooth: hci0: invalid length 0, exp 2 for type 16
[  987.673863][T12812] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1906'.
[  987.688714][T12812] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1906'.
[  987.828716][T12814] Invalid ELF header magic: != ELF
[  987.841687][T12814] netlink: 'syz.7.1907': attribute type 1 has an invalid length.
[  987.849710][T12814] netlink: 224 bytes leftover after parsing attributes in process `syz.7.1907'.
[  988.386978][   T43] usb 6-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  988.417237][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  988.480902][   T43] usb 6-1: config 0 descriptor??
[  988.501298][   T43] ums-realtek 6-1:0.0: USB Mass Storage device detected
[  988.538018][ T8729] usb 9-1: USB disconnect, device number 19
[  988.571910][T12819] netlink: 212376 bytes leftover after parsing attributes in process `syz.7.1908'.
[  989.081340][T12805] netlink: 'syz.5.1904': attribute type 3 has an invalid length.
[  989.278742][ T5879] usb 6-1: USB disconnect, device number 11
[  990.638391][T12835] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1913'.
[  990.747609][   T43] usb 9-1: new high-speed USB device number 20 using dummy_hcd
[  990.907836][   T43] usb 9-1: device descriptor read/64, error -71
[  991.174744][   T43] usb 9-1: new high-speed USB device number 21 using dummy_hcd
[  991.527357][   T43] usb 9-1: device descriptor read/64, error -71
[  991.700010][   T43] usb usb9-port1: attempt power cycle
[  992.037074][T12858] Invalid ELF header magic: != ELF
[  992.049939][T12858] netlink: 'syz.5.1919': attribute type 1 has an invalid length.
[  992.057786][T12858] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1919'.
[  992.747780][T12860] usb usb8: usbfs: process 12860 (syz.7.1921) did not claim interface 0 before use
[  993.067670][T10527] Bluetooth: hci3: command 0x0c1a tx timeout
[  994.520191][T12862] netlink: 212376 bytes leftover after parsing attributes in process `syz.5.1922'.
[  995.287594][   T24] usb 7-1: new full-speed USB device number 23 using dummy_hcd
[  995.461952][   T24] usb 7-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  995.480547][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  995.495417][   T24] usb 7-1: config 0 descriptor??
[  995.497387][ T5878] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  995.504706][   T24] ums-realtek 7-1:0.0: USB Mass Storage device detected
[  995.665401][ T5878] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  995.685820][ T5878] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  995.696490][ T5878] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  995.713230][ T5878] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  995.730810][ T5878] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  995.754580][T12869] netlink: 'syz.6.1926': attribute type 3 has an invalid length.
[  995.766946][ T5878] usb 6-1: Product: syz
[  995.771402][ T5878] usb 6-1: Manufacturer: syz
[  995.781367][ T5879] usb 7-1: USB disconnect, device number 23
[  995.801687][ T5878] usb 6-1: SerialNumber: syz
[  995.848950][T12890] autofs4:pid:12890:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.4294934529), cmd(0xc0189374)
[  995.918216][T12890] autofs4:pid:12890:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189374)
[  995.948329][ T3527] Bluetooth: hci5: Frame reassembly failed (-84)
[  995.962116][T12891] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  996.084311][ T5878] usblp 6-1:1.0: usblp0: USB Unidirectional printer dev 12 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[  996.552097][T12894] Invalid ELF header magic: != ELF
[  996.560573][T12894] netlink: 'syz.8.1933': attribute type 1 has an invalid length.
[  996.568643][T12894] netlink: 224 bytes leftover after parsing attributes in process `syz.8.1933'.
[  997.061892][T12906] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  997.134611][T12907] fuse: Unknown parameter 'fÅ'
[  997.245848][   T30] kauditd_printk_skb: 9 callbacks suppressed
[  997.245869][   T30] audit: type=1326 audit(1748482630.106:656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12887 comm="syz.7.1931" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8d4518e969 code=0x0
[  998.037631][ T5823] Bluetooth: hci5: command 0x1003 tx timeout
[  998.044018][T10527] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  998.313698][   T24] usb 6-1: USB disconnect, device number 12
[  998.330843][   T24] usblp0: removed
[  999.968184][T12928] usb usb8: usbfs: process 12928 (syz.7.1942) did not claim interface 0 before use
[ 1002.291769][T12938] Invalid ELF header magic: != ELF
[ 1002.304203][T12938] netlink: 'syz.5.1945': attribute type 1 has an invalid length.
[ 1002.312480][T12938] netlink: 224 bytes leftover after parsing attributes in process `syz.5.1945'.
[ 1003.223536][T12946] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1949'.
[ 1003.239147][T12946] netlink: 64 bytes leftover after parsing attributes in process `syz.6.1949'.
[ 1003.260460][T12944] autofs4:pid:12944:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.4294934529), cmd(0xc0189374)
[ 1003.278655][T12946] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1949'.
[ 1003.299335][T12944] autofs4:pid:12944:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189374)
[ 1003.329781][T12950] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[ 1004.566323][T12959] ubi: mtd0 is already attached to ubi31
[ 1004.981717][T12962] No such timeout policy "syz1"
[ 1005.582763][T12964] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1005.601345][   T30] audit: type=1326 audit(1748482638.636:657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12960 comm="syz.9.1953" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f600658e969 code=0x0
[ 1005.623868][T10527] Bluetooth: hci5: command 0x1003 tx timeout
[ 1005.665329][T12965] fuse: Unknown parameter 'fÅ'
[ 1006.344064][ T5823] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1007.733975][T12978] usb usb8: usbfs: process 12978 (syz.7.1959) did not claim interface 0 before use
[ 1007.816534][T12984] netlink: 76 bytes leftover after parsing attributes in process `syz.8.1957'.
[ 1007.826366][T12984] sctp: [Deprecated]: syz.8.1957 (pid 12984) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1007.826366][T12984] Use struct sctp_sack_info instead
[ 1008.185655][T12986] Invalid ELF header magic: != ELF
[ 1008.193240][T12986] netlink: 'syz.6.1956': attribute type 1 has an invalid length.
[ 1008.201071][T12986] netlink: 224 bytes leftover after parsing attributes in process `syz.6.1956'.
[ 1010.911608][T12998] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1964'.
[ 1010.940530][T12998] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1964'.
[ 1010.974277][T13004] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1967'.
[ 1010.983687][T12998] netlink: 'syz.5.1964': attribute type 20 has an invalid length.
[ 1010.999888][T13004] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1967'.
[ 1011.028832][ T5811] usb 10-1: new full-speed USB device number 17 using dummy_hcd
[ 1011.111812][T13004] netlink: 'syz.6.1967': attribute type 20 has an invalid length.
[ 1011.220409][ T5811] usb 10-1: no configurations
[ 1011.225242][ T5811] usb 10-1: can't read configurations, error -22
[ 1011.896237][T13009] ubi: mtd0 is already attached to ubi31
[ 1012.047607][ T5811] usb 10-1: new full-speed USB device number 18 using dummy_hcd
[ 1012.267426][T13014] autofs4:pid:13014:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.4294934529), cmd(0xc0189374)
[ 1012.302295][T13014] autofs4:pid:13014:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189374)
[ 1012.447685][ T5811] usb 10-1: no configurations
[ 1012.452440][ T5811] usb 10-1: can't read configurations, error -22
[ 1012.522155][T13014] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[ 1012.529157][   T13] Bluetooth: hci5: Frame reassembly failed (-84)
[ 1013.087159][ T5811] usb usb10-port1: attempt power cycle
[ 1013.248744][T13024] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1013.687622][T13025] fuse: Unknown parameter 'fÅ'
[ 1013.817518][   T30] audit: type=1326 audit(1748482646.296:658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13015 comm="syz.6.1969" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8e30d8e969 code=0x0
[ 1015.128310][ T5823] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1015.161281][   T43] usb 9-1: new full-speed USB device number 23 using dummy_hcd
[ 1015.187442][ T5811] usb 10-1: new full-speed USB device number 19 using dummy_hcd
[ 1015.465694][ T5811] usb 10-1: device not accepting address 19, error -71
[ 1015.534954][T13033] FAULT_INJECTION: forcing a failure.
[ 1015.534954][T13033] name failslab, interval 1, probability 0, space 0, times 0
[ 1015.576866][T13029] 8021q: adding VLAN 0 to HW filter on device bond2
[ 1015.599039][T13039] FAULT_INJECTION: forcing a failure.
[ 1015.599039][T13039] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1015.615862][T13029] bridge0: port 3(bond2) entered blocking state
[ 1015.847927][T13039] CPU: 1 UID: 0 PID: 13039 Comm: syz.6.1975 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[ 1015.847950][T13039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1015.847959][T13039] Call Trace:
[ 1015.847965][T13039]  <TASK>
[ 1015.847973][T13039]  dump_stack_lvl+0x189/0x250
[ 1015.847999][T13039]  ? __pfx____ratelimit+0x10/0x10
[ 1015.848020][T13039]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1015.848039][T13039]  ? __pfx__printk+0x10/0x10
[ 1015.848064][T13039]  ? fs_reclaim_acquire+0x7d/0x100
[ 1015.848085][T13039]  should_fail_ex+0x414/0x560
[ 1015.848108][T13039]  prepare_alloc_pages+0x213/0x610
[ 1015.848129][T13039]  __alloc_frozen_pages_noprof+0x123/0x370
[ 1015.848148][T13039]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1015.848167][T13039]  ? __lock_acquire+0xab9/0xd20
[ 1015.848192][T13039]  alloc_pages_mpol+0x232/0x4a0
[ 1015.848218][T13039]  alloc_pages_noprof+0xa9/0x190
[ 1015.848241][T13039]  pte_alloc_one+0x1e/0x160
[ 1015.848261][T13039]  __pte_alloc+0x25/0x1a0
[ 1015.848279][T13039]  __handle_mm_fault+0x4b5f/0x55e0
[ 1015.848313][T13039]  ? __pfx___handle_mm_fault+0x10/0x10
[ 1015.848348][T13039]  ? find_vma+0xe7/0x160
[ 1015.848368][T13039]  ? __pfx_find_vma+0x10/0x10
[ 1015.848390][T13039]  handle_mm_fault+0x2d5/0x7f0
[ 1015.848417][T13039]  do_user_addr_fault+0x764/0x1390
[ 1015.848445][T13039]  exc_page_fault+0x76/0xf0
[ 1015.848468][T13039]  asm_exc_page_fault+0x26/0x30
[ 1015.848481][T13039] RIP: 0010:rep_movs_alternative+0xf/0x90
[ 1015.848502][T13039] Code: c4 10 c3 cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 2e
[ 1015.848515][T13039] RSP: 0018:ffffc90012017b78 EFLAGS: 00050202
[ 1015.848528][T13039] RAX: 00007ffffffff001 RBX: 0000000000000004 RCX: 0000000000000004
[ 1015.848539][T13039] RDX: 0000000000000001 RSI: 0000200000000100 RDI: ffffc90012017cd0
[ 1015.848549][T13039] RBP: ffffc90012017d90 R08: 0000000000000003 R09: 0000000000000004
[ 1015.848559][T13039] R10: dffffc0000000000 R11: fffff52002402f9a R12: 0000000000000004
[ 1015.848569][T13039] R13: 1ffff92002402f78 R14: ffffc90012017cd0 R15: 0000200000000100
[ 1015.848593][T13039]  _copy_from_user+0x7a/0xb0
[ 1015.848609][T13039]  packet_setsockopt+0x999/0x12c0
[ 1015.848650][T13039]  ? __pfx_packet_setsockopt+0x10/0x10
[ 1015.848670][T13039]  ? rcu_read_lock_any_held+0xb3/0x120
[ 1015.848691][T13039]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[ 1015.848715][T13039]  ? vfs_write+0x8d8/0xa90
[ 1015.848756][T13039]  ? __lock_acquire+0xab9/0xd20
[ 1015.848784][T13039]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[ 1015.848798][T13039]  ? __pfx_packet_setsockopt+0x10/0x10
[ 1015.848819][T13039]  do_sock_setsockopt+0x25a/0x3e0
[ 1015.848844][T13039]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1015.848869][T13039]  ? __fget_files+0x2a/0x420
[ 1015.848897][T13039]  __x64_sys_setsockopt+0x18b/0x220
[ 1015.848923][T13039]  do_syscall_64+0xfa/0x3b0
[ 1015.848945][T13039]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1015.848964][T13039]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1015.848978][T13039]  ? clear_bhb_loop+0x60/0xb0
[ 1015.848996][T13039]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1015.849010][T13039] RIP: 0033:0x7f8e30d8e969
[ 1015.849022][T13039] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1015.849034][T13039] RSP: 002b:00007f8e31c0f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1015.849048][T13039] RAX: ffffffffffffffda RBX: 00007f8e30fb5fa0 RCX: 00007f8e30d8e969
[ 1015.849058][T13039] RDX: 0000000000000018 RSI: 0000000000000107 RDI: 0000000000000003
[ 1015.849067][T13039] RBP: 00007f8e31c0f090 R08: 0000000000000004 R09: 0000000000000000
[ 1015.849076][T13039] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001
[ 1015.849085][T13039] R13: 0000000000000000 R14: 00007f8e30fb5fa0 R15: 00007ffc22309058
[ 1015.849107][T13039]  </TASK>
[ 1015.870475][T13029] bridge0: port 3(bond2) entered disabled state
[ 1015.878658][T13033] CPU: 1 UID: 0 PID: 13033 Comm: syz.5.1973 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[ 1015.878691][T13033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1015.878705][T13033] Call Trace:
[ 1015.878714][T13033]  <TASK>
[ 1015.878725][T13033]  dump_stack_lvl+0x189/0x250
[ 1015.878761][T13033]  ? __pfx____ratelimit+0x10/0x10
[ 1015.878801][T13033]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1015.878831][T13033]  ? __pfx__printk+0x10/0x10
[ 1015.878872][T13033]  ? __pfx___might_resched+0x10/0x10
[ 1015.878906][T13033]  should_fail_ex+0x414/0x560
[ 1015.878941][T13033]  should_failslab+0xa8/0x100
[ 1015.878975][T13033]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1015.879007][T13033]  ? __alloc_skb+0x112/0x2d0
[ 1015.879042][T13033]  __alloc_skb+0x112/0x2d0
[ 1015.879077][T13033]  netlink_sendmsg+0x5c6/0xb30
[ 1015.879118][T13033]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1015.879156][T13033]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1015.879176][T13033]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1015.879206][T13033]  __sock_sendmsg+0x219/0x270
[ 1015.879236][T13033]  ____sys_sendmsg+0x505/0x830
[ 1015.879275][T13033]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1015.879319][T13033]  ? import_iovec+0x74/0xa0
[ 1015.879344][T13033]  ___sys_sendmsg+0x21f/0x2a0
[ 1015.879380][T13033]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1015.879451][T13033]  ? __fget_files+0x2a/0x420
[ 1015.879482][T13033]  ? __fget_files+0x3a0/0x420
[ 1015.879524][T13033]  __x64_sys_sendmsg+0x19b/0x260
[ 1015.879547][T13033]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1015.879578][T13033]  ? __pfx_ksys_write+0x10/0x10
[ 1015.879603][T13033]  ? rcu_is_watching+0x15/0xb0
[ 1015.879636][T13033]  ? do_syscall_64+0xbe/0x3b0
[ 1015.879671][T13033]  do_syscall_64+0xfa/0x3b0
[ 1015.879700][T13033]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1015.879746][T13033]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1015.879770][T13033]  ? clear_bhb_loop+0x60/0xb0
[ 1015.879807][T13033]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1015.879829][T13033] RIP: 0033:0x7f469198e969
[ 1015.879850][T13033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1015.879871][T13033] RSP: 002b:00007f468f7f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1015.879895][T13033] RAX: ffffffffffffffda RBX: 00007f4691bb5fa0 RCX: 00007f469198e969
[ 1015.879912][T13033] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[ 1015.879928][T13033] RBP: 00007f468f7f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1015.879943][T13033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1015.879957][T13033] R13: 0000000000000000 R14: 00007f4691bb5fa0 R15: 00007ffd0df7a828
[ 1015.879993][T13033]  </TASK>
[ 1017.112379][T13029] bond2: entered allmulticast mode
[ 1017.444455][T13029] bond2: entered promiscuous mode
[ 1017.525306][T13029] bridge0: port 3(bond2) entered blocking state
[ 1017.532167][T13029] bridge0: port 3(bond2) entered forwarding state
[ 1017.644199][T13049] usb usb8: usbfs: process 13049 (syz.5.1977) did not claim interface 0 before use
[ 1017.659479][   T13] bridge0: port 3(bond2) entered disabled state
[ 1017.666411][T13044] netlink: 'syz.9.1974': attribute type 12 has an invalid length.
[ 1019.327565][ T5879] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[ 1019.706758][ T5879] usb 6-1: Using ep0 maxpacket: 32
[ 1019.762925][ T5879] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[ 1019.790677][ T5879] usb 6-1: config 0 has no interface number 0
[ 1019.812725][ T5879] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 1019.839232][ T5879] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1019.867652][ T5879] usb 6-1: Product: syz
[ 1019.871889][ T5879] usb 6-1: Manufacturer: syz
[ 1019.876513][ T5879] usb 6-1: SerialNumber: syz
[ 1019.908687][ T5879] usb 6-1: config 0 descriptor??
[ 1019.929556][ T5879] smsc95xx v2.0.0
[ 1020.068381][ T8729] usb 7-1: new low-speed USB device number 24 using dummy_hcd
[ 1020.251684][ T8729] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1020.539908][ T5879] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 1020.551321][ T8729] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1020.574413][ T5879] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 1020.607057][ T8729] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1020.650063][ T8729] usb 7-1: New USB device found, idVendor=05ac, idProduct=0264, bcdDevice= 0.00
[ 1020.677385][ T8729] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1020.710141][ T8729] usb 7-1: config 0 descriptor??
[ 1020.739217][ T8729] input: bcm5974 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input52
[ 1020.805386][ T5879] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32
[ 1021.813800][ T5879] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -32
[ 1022.237348][ T5891] usb 9-1: new full-speed USB device number 24 using dummy_hcd
[ 1022.429821][ T5891] usb 9-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[ 1022.442560][ T5891] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1022.454272][ T5891] usb 9-1: config 0 descriptor??
[ 1022.461299][ T5891] ums-realtek 9-1:0.0: USB Mass Storage device detected
[ 1022.507831][ T5879] usb 10-1: new high-speed USB device number 21 using dummy_hcd
[ 1022.572881][ T5891] usb 6-1: USB disconnect, device number 13
[ 1022.669960][ T5879] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1022.689530][ T5874] usb 9-1: USB disconnect, device number 24
[ 1022.700672][ T5174] bcm5974 7-1:0.0: could not read from device
[ 1022.703699][ T5879] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 255, changing to 11
[ 1022.729653][ T5879] usb 10-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 59391, setting to 1024
[ 1022.742333][ T5879] usb 10-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1022.745907][ T5174] bcm5974 7-1:0.0: could not read from device
[ 1022.759143][ T8729] usb 7-1: USB disconnect, device number 24
[ 1022.801930][ T5879] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1022.815805][T13080] raw-gadget.4 gadget.9: fail, usb_ep_enable returned -22
[ 1022.826297][ T5879] usb 10-1: Quirk or no altset; falling back to MIDI 1.0
[ 1022.929208][T13092] netlink: 76 bytes leftover after parsing attributes in process `syz.6.1991'.
[ 1022.940400][T13092] sctp: [Deprecated]: syz.6.1991 (pid 13092) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1022.940400][T13092] Use struct sctp_sack_info instead
[ 1023.089019][ T5879] usb 10-1: USB disconnect, device number 21
[ 1023.447539][ T5878] usb 6-1: new full-speed USB device number 14 using dummy_hcd
[ 1023.617571][ T5878] usb 6-1: device descriptor read/64, error -71
[ 1023.783519][T13101] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1993'.
[ 1023.857543][ T5878] usb 6-1: new full-speed USB device number 15 using dummy_hcd
[ 1024.607344][ T5878] usb 6-1: device descriptor read/64, error -71
[ 1024.728353][ T5878] usb usb6-port1: attempt power cycle
[ 1025.107348][ T5878] usb 6-1: new full-speed USB device number 16 using dummy_hcd
[ 1025.207503][ T8729] usb 10-1: new high-speed USB device number 22 using dummy_hcd
[ 1025.552940][T13119] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2000'.
[ 1026.378274][ T8729] usb 10-1: Using ep0 maxpacket: 32
[ 1026.514049][ T8729] usb 10-1: config 0 has an invalid interface number: 85 but max is 0
[ 1026.667890][ T8729] usb 10-1: config 0 has no interface number 0
[ 1026.785539][ T8729] usb 10-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1026.982578][ T8729] usb 10-1: config 0 interface 85 has no altsetting 0
[ 1027.125347][ T8729] usb 10-1: New USB device found, idVendor=98ac, idProduct=0219, bcdDevice=f0.72
[ 1027.259479][ T8729] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1027.377709][ T8729] usb 10-1: Product: syz
[ 1027.454241][ T8729] usb 10-1: Manufacturer: syz
[ 1027.510598][ T5878] usb 6-1: device descriptor read/8, error -71
[ 1027.535457][ T8729] usb 10-1: SerialNumber: syz
[ 1027.759518][ T8729] usb 10-1: config 0 descriptor??
[ 1028.229516][ T8729] usb 10-1: USB disconnect, device number 22
[ 1028.615494][T13145] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2003'.
[ 1028.664595][ T5891] usb 7-1: new low-speed USB device number 25 using dummy_hcd
[ 1028.741015][T13137] netlink: 'syz.5.2003': attribute type 4 has an invalid length.
[ 1029.051557][T13147] FAULT_INJECTION: forcing a failure.
[ 1029.051557][T13147] name failslab, interval 1, probability 0, space 0, times 0
[ 1029.066018][T13147] CPU: 1 UID: 0 PID: 13147 Comm: syz.9.2008 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[ 1029.066049][T13147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1029.066062][T13147] Call Trace:
[ 1029.066070][T13147]  <TASK>
[ 1029.066080][T13147]  dump_stack_lvl+0x189/0x250
[ 1029.066113][T13147]  ? __pfx____ratelimit+0x10/0x10
[ 1029.066140][T13147]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1029.066167][T13147]  ? __pfx__printk+0x10/0x10
[ 1029.066204][T13147]  ? __pfx___might_resched+0x10/0x10
[ 1029.066228][T13147]  ? fs_reclaim_acquire+0x7d/0x100
[ 1029.066254][T13147]  should_fail_ex+0x414/0x560
[ 1029.066284][T13147]  should_failslab+0xa8/0x100
[ 1029.066314][T13147]  __kmalloc_cache_noprof+0x70/0x3d0
[ 1029.066341][T13147]  ? ip_set_create+0x348/0x1940
[ 1029.066365][T13147]  ip_set_create+0x348/0x1940
[ 1029.066394][T13147]  ? trace_contention_end+0x39/0x120
[ 1029.066424][T13147]  ? __pfx_ip_set_create+0x10/0x10
[ 1029.066482][T13147]  nfnetlink_rcv_msg+0xb4a/0x1130
[ 1029.066502][T13147]  ? __kernel_text_address+0xd/0x40
[ 1029.066522][T13147]  ? nfnetlink_rcv_msg+0x20d/0x1130
[ 1029.066561][T13147]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 1029.066633][T13147]  netlink_rcv_skb+0x21c/0x490
[ 1029.066660][T13147]  ? __pfx_nfnetlink_rcv_msg+0x10/0x10
[ 1029.066682][T13147]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1029.066722][T13147]  ? safesetid_security_capable+0xa9/0x1a0
[ 1029.066749][T13147]  ? bpf_lsm_capable+0x9/0x20
[ 1029.066771][T13147]  ? security_capable+0x7e/0x2e0
[ 1029.066808][T13147]  nfnetlink_rcv+0x273/0x2530
[ 1029.066830][T13147]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1029.066850][T13147]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1029.066875][T13147]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1029.066897][T13147]  ? __dev_queue_xmit+0x1cd7/0x3a70
[ 1029.066928][T13147]  ? __dev_queue_xmit+0x27e/0x3a70
[ 1029.066948][T13147]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1029.066972][T13147]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1029.066998][T13147]  ? __pfx___dev_queue_xmit+0x10/0x10
[ 1029.067033][T13147]  ? ref_tracker_free+0x63a/0x7d0
[ 1029.067057][T13147]  ? __copy_skb_header+0xa7/0x550
[ 1029.067078][T13147]  ? __pfx_ref_tracker_free+0x10/0x10
[ 1029.067104][T13147]  ? __skb_clone+0x63/0x7a0
[ 1029.067128][T13147]  ? __skb_clone+0x483/0x7a0
[ 1029.067154][T13147]  ? skb_clone+0x246/0x3a0
[ 1029.067180][T13147]  ? __netlink_deliver_tap+0x807/0x850
[ 1029.067204][T13147]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1029.067236][T13147]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1029.067262][T13147]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1029.067292][T13147]  netlink_unicast+0x758/0x8d0
[ 1029.067327][T13147]  netlink_sendmsg+0x805/0xb30
[ 1029.067364][T13147]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1029.067400][T13147]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1029.067418][T13147]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1029.067445][T13147]  __sock_sendmsg+0x219/0x270
[ 1029.067471][T13147]  ____sys_sendmsg+0x505/0x830
[ 1029.067505][T13147]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1029.067545][T13147]  ? import_iovec+0x74/0xa0
[ 1029.067570][T13147]  ___sys_sendmsg+0x21f/0x2a0
[ 1029.067602][T13147]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1029.067670][T13147]  ? __fget_files+0x2a/0x420
[ 1029.067698][T13147]  ? __fget_files+0x3a0/0x420
[ 1029.067736][T13147]  __x64_sys_sendmsg+0x19b/0x260
[ 1029.067758][T13147]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1029.067787][T13147]  ? __pfx_ksys_write+0x10/0x10
[ 1029.067809][T13147]  ? rcu_is_watching+0x15/0xb0
[ 1029.067839][T13147]  ? do_syscall_64+0xbe/0x3b0
[ 1029.067877][T13147]  do_syscall_64+0xfa/0x3b0
[ 1029.067903][T13147]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1029.067929][T13147]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1029.067949][T13147]  ? clear_bhb_loop+0x60/0xb0
[ 1029.067972][T13147]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1029.067991][T13147] RIP: 0033:0x7f600658e969
[ 1029.068009][T13147] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1029.068026][T13147] RSP: 002b:00007f6007412038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1029.068047][T13147] RAX: ffffffffffffffda RBX: 00007f60067b5fa0 RCX: 00007f600658e969
[ 1029.068061][T13147] RDX: 0000000004004804 RSI: 0000200000000000 RDI: 0000000000000004
[ 1029.068074][T13147] RBP: 00007f6007412090 R08: 0000000000000000 R09: 0000000000000000
[ 1029.068086][T13147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1029.068098][T13147] R13: 0000000000000000 R14: 00007f60067b5fa0 R15: 00007ffe7a50db18
[ 1029.068130][T13147]  </TASK>
[ 1029.743468][ T5891] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[ 1029.754729][ T5891] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1029.764739][ T5891] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 1029.780918][ T5891] usb 7-1: New USB device found, idVendor=05ac, idProduct=0264, bcdDevice= 0.00
[ 1029.790973][ T5891] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1029.805650][ T5891] usb 7-1: config 0 descriptor??
[ 1029.865236][T13154] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1029.930890][ T5891] input: bcm5974 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input54
[ 1029.955049][T13155] fuse: Unknown parameter 'fÅ'
[ 1030.757541][   T30] audit: type=1326 audit(1748482662.916:659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13148 comm="syz.7.2006" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8d4518e969 code=0x0
[ 1031.507492][ T8729] usb 9-1: new high-speed USB device number 25 using dummy_hcd
[ 1031.516308][ T5174] bcm5974 7-1:0.0: could not read from device
[ 1031.530018][ T5891] usb 7-1: USB disconnect, device number 25
[ 1031.707477][ T5174] bcm5974 7-1:0.0: could not read from device
[ 1031.772930][ T8729] usb 9-1: Using ep0 maxpacket: 8
[ 1031.810746][ T8729] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1031.832458][ T8729] usb 9-1: config 0 has 1 interface, different from the descriptor's value: 15
[ 1032.130353][ T8729] usb 9-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8
[ 1032.143792][ T8729] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1032.152019][ T8729] usb 9-1: Product: syz
[ 1032.389776][ T8729] usb 9-1: Manufacturer: syz
[ 1032.394656][ T8729] usb 9-1: SerialNumber: syz
[ 1032.437527][ T8729] usb 9-1: config 0 descriptor??
[ 1032.536128][ T8729] powermate 9-1:0.0: probe with driver powermate failed with error -22
[ 1032.955391][ T9788] usb 9-1: USB disconnect, device number 25
[ 1033.403343][T13184] netlink: 76 bytes leftover after parsing attributes in process `syz.8.2016'.
[ 1033.413743][T13184] sctp: [Deprecated]: syz.8.2016 (pid 13184) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1033.413743][T13184] Use struct sctp_sack_info instead
[ 1033.735988][ T5878] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[ 1033.885294][ T8729] usb 10-1: new full-speed USB device number 23 using dummy_hcd
[ 1033.969638][ T5878] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1033.986472][ T5878] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1033.997683][ T5878] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[ 1034.007823][ T5878] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1034.037352][ T5878] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1034.059314][ T8729] usb 10-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[ 1034.078444][ T8729] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1034.106253][ T8729] usb 10-1: config 0 descriptor??
[ 1034.151509][ T8729] ums-realtek 10-1:0.0: USB Mass Storage device detected
[ 1034.258404][ T5878] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1034.288749][ T5878] usb 7-1: config 0 descriptor??
[ 1035.048577][T13173] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1035.097774][T13173] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1035.292341][ T5891] usb 10-1: USB disconnect, device number 23
[ 1035.429488][ T5878] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving
[ 1035.474065][ T5878] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[ 1036.725502][T13225] FAULT_INJECTION: forcing a failure.
[ 1036.725502][T13225] name failslab, interval 1, probability 0, space 0, times 0
[ 1036.739505][T13225] CPU: 0 UID: 0 PID: 13225 Comm: syz.8.2031 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[ 1036.739536][T13225] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1036.739551][T13225] Call Trace:
[ 1036.739561][T13225]  <TASK>
[ 1036.739571][T13225]  dump_stack_lvl+0x189/0x250
[ 1036.739617][T13225]  ? __pfx____ratelimit+0x10/0x10
[ 1036.739647][T13225]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1036.739676][T13225]  ? __pfx__printk+0x10/0x10
[ 1036.739713][T13225]  ? __pfx___might_resched+0x10/0x10
[ 1036.739739][T13225]  ? fs_reclaim_acquire+0x7d/0x100
[ 1036.739766][T13225]  should_fail_ex+0x414/0x560
[ 1036.739798][T13225]  should_failslab+0xa8/0x100
[ 1036.739830][T13225]  __kmalloc_noprof+0xcb/0x4f0
[ 1036.739857][T13225]  ? kfree+0x4d/0x440
[ 1036.739881][T13225]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1036.739918][T13225]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1036.739951][T13225]  ? tomoyo_domain+0xda/0x130
[ 1036.739976][T13225]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1036.740003][T13225]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1036.740032][T13225]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1036.740061][T13225]  ? rcu_is_watching+0x15/0xb0
[ 1036.740088][T13225]  ? trace_irq_disable+0x37/0x110
[ 1036.740108][T13225]  ? preempt_schedule_irq+0xde/0x150
[ 1036.740142][T13225]  ? __lock_acquire+0xab9/0xd20
[ 1036.740193][T13225]  ? __fget_files+0x2a/0x420
[ 1036.740227][T13225]  ? __fget_files+0x2a/0x420
[ 1036.740256][T13225]  ? __fget_files+0x3a0/0x420
[ 1036.740303][T13225]  ? __fget_files+0x2a/0x420
[ 1036.740338][T13225]  security_file_ioctl+0xcb/0x2d0
[ 1036.740371][T13225]  __se_sys_ioctl+0x47/0x170
[ 1036.740401][T13225]  do_syscall_64+0xfa/0x3b0
[ 1036.740434][T13225]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1036.740455][T13225]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1036.740476][T13225]  ? clear_bhb_loop+0x60/0xb0
[ 1036.740503][T13225]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1036.740525][T13225] RIP: 0033:0x7fa59358e969
[ 1036.740547][T13225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1036.740566][T13225] RSP: 002b:00007fa59446b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1036.740590][T13225] RAX: ffffffffffffffda RBX: 00007fa5937b6080 RCX: 00007fa59358e969
[ 1036.740606][T13225] RDX: 0000200000019580 RSI: 000000009000aea4 RDI: 000000000000000a
[ 1036.740622][T13225] RBP: 00007fa59446b090 R08: 0000000000000000 R09: 0000000000000000
[ 1036.740636][T13225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1036.740649][T13225] R13: 0000000000000000 R14: 00007fa5937b6080 R15: 00007ffe86a5c468
[ 1036.740683][T13225]  </TASK>
[ 1036.740709][T13225] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1037.252416][T13232] netlink: 76 bytes leftover after parsing attributes in process `syz.7.2032'.
[ 1037.263277][T13232] sctp: [Deprecated]: syz.7.2032 (pid 13232) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1037.263277][T13232] Use struct sctp_sack_info instead
[ 1037.301442][ T5878] usb 7-1: reset high-speed USB device number 26 using dummy_hcd
[ 1039.414661][ T5811] usb 7-1: USB disconnect, device number 26
[ 1039.731005][T13247] netlink: 'syz.8.2038': attribute type 21 has an invalid length.
[ 1039.749140][T13247] netlink: 'syz.8.2038': attribute type 6 has an invalid length.
[ 1039.823941][T13247] netlink: 132 bytes leftover after parsing attributes in process `syz.8.2038'.
[ 1039.891311][T13250] netlink: 'syz.8.2038': attribute type 21 has an invalid length.
[ 1039.927486][T13250] netlink: 'syz.8.2038': attribute type 6 has an invalid length.
[ 1039.964624][T13250] netlink: 132 bytes leftover after parsing attributes in process `syz.8.2038'.
[ 1040.147992][T13259] FAULT_INJECTION: forcing a failure.
[ 1040.147992][T13259] name failslab, interval 1, probability 0, space 0, times 0
[ 1040.220598][T13259] CPU: 0 UID: 0 PID: 13259 Comm: syz.7.2044 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[ 1040.220630][T13259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1040.220642][T13259] Call Trace:
[ 1040.220650][T13259]  <TASK>
[ 1040.220660][T13259]  dump_stack_lvl+0x189/0x250
[ 1040.220696][T13259]  ? __pfx____ratelimit+0x10/0x10
[ 1040.220724][T13259]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1040.220752][T13259]  ? __pfx__printk+0x10/0x10
[ 1040.220801][T13259]  ? __pfx___might_resched+0x10/0x10
[ 1040.220828][T13259]  ? fs_reclaim_acquire+0x7d/0x100
[ 1040.220854][T13259]  should_fail_ex+0x414/0x560
[ 1040.220887][T13259]  should_failslab+0xa8/0x100
[ 1040.220919][T13259]  __kmalloc_noprof+0xcb/0x4f0
[ 1040.220948][T13259]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[ 1040.220977][T13259]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[ 1040.221008][T13259]  genl_family_rcv_msg_doit+0xb8/0x300
[ 1040.221038][T13259]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1040.221064][T13259]  ? __pfx_genl_get_cmd+0x10/0x10
[ 1040.221083][T13259]  ? __pfx_nbd_genl_disconnect+0x10/0x10
[ 1040.221120][T13259]  ? stack_depot_save_flags+0x40/0x900
[ 1040.221155][T13259]  genl_rcv_msg+0x60e/0x790
[ 1040.221184][T13259]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1040.221204][T13259]  ? __pfx_nbd_genl_disconnect+0x10/0x10
[ 1040.221251][T13259]  netlink_rcv_skb+0x21c/0x490
[ 1040.221280][T13259]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1040.221303][T13259]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1040.221357][T13259]  ? down_read+0x1ad/0x2e0
[ 1040.221377][T13259]  genl_rcv+0x28/0x40
[ 1040.221396][T13259]  netlink_unicast+0x758/0x8d0
[ 1040.221433][T13259]  netlink_sendmsg+0x805/0xb30
[ 1040.221473][T13259]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1040.221510][T13259]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1040.221528][T13259]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1040.221558][T13259]  __sock_sendmsg+0x219/0x270
[ 1040.221587][T13259]  ____sys_sendmsg+0x505/0x830
[ 1040.221625][T13259]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1040.221670][T13259]  ? import_iovec+0x74/0xa0
[ 1040.221701][T13259]  ___sys_sendmsg+0x21f/0x2a0
[ 1040.221736][T13259]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1040.221808][T13259]  ? __fget_files+0x2a/0x420
[ 1040.221837][T13259]  ? __fget_files+0x3a0/0x420
[ 1040.221879][T13259]  __x64_sys_sendmsg+0x19b/0x260
[ 1040.221902][T13259]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1040.221933][T13259]  ? __pfx_ksys_write+0x10/0x10
[ 1040.221957][T13259]  ? rcu_is_watching+0x15/0xb0
[ 1040.221989][T13259]  ? do_syscall_64+0xbe/0x3b0
[ 1040.222023][T13259]  do_syscall_64+0xfa/0x3b0
[ 1040.222052][T13259]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1040.222079][T13259]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1040.222099][T13259]  ? clear_bhb_loop+0x60/0xb0
[ 1040.222124][T13259]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1040.222143][T13259] RIP: 0033:0x7f8d4518e969
[ 1040.222161][T13259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1040.222178][T13259] RSP: 002b:00007f8d45fbc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1040.222200][T13259] RAX: ffffffffffffffda RBX: 00007f8d453b5fa0 RCX: 00007f8d4518e969
[ 1040.222215][T13259] RDX: 0000000020000004 RSI: 00002000000001c0 RDI: 0000000000000004
[ 1040.222229][T13259] RBP: 00007f8d45fbc090 R08: 0000000000000000 R09: 0000000000000000
[ 1040.222242][T13259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1040.222254][T13259] R13: 0000000000000000 R14: 00007f8d453b5fa0 R15: 00007ffcdab75078
[ 1040.222285][T13259]  </TASK>
[ 1040.772211][T13261] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2043'.
[ 1040.838595][T13269] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2043'.
[ 1041.560599][T13299] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2053'.
[ 1041.570095][T13299] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2053'.
[ 1041.979296][T13302] FAULT_INJECTION: forcing a failure.
[ 1041.979296][T13302] name failslab, interval 1, probability 0, space 0, times 0
[ 1042.208527][T13305] netlink: 12 bytes leftover after parsing attributes in process `syz.9.2055'.
[ 1042.412596][T13302] CPU: 0 UID: 0 PID: 13302 Comm: syz.8.2054 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[ 1042.412632][T13302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1042.412647][T13302] Call Trace:
[ 1042.412657][T13302]  <TASK>
[ 1042.412669][T13302]  dump_stack_lvl+0x189/0x250
[ 1042.412707][T13302]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1042.412741][T13302]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1042.412794][T13302]  should_fail_ex+0x414/0x560
[ 1042.412830][T13302]  should_failslab+0xa8/0x100
[ 1042.412867][T13302]  __kmalloc_noprof+0xcb/0x4f0
[ 1042.412899][T13302]  ? tomoyo_encode+0x28b/0x550
[ 1042.412938][T13302]  tomoyo_encode+0x28b/0x550
[ 1042.412980][T13302]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1042.413030][T13302]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1042.413063][T13302]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1042.413097][T13302]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1042.413147][T13302]  ? __lock_acquire+0xab9/0xd20
[ 1042.413198][T13302]  ? __fget_files+0x2a/0x420
[ 1042.413235][T13302]  ? __fget_files+0x2a/0x420
[ 1042.413267][T13302]  ? __fget_files+0x3a0/0x420
[ 1042.413300][T13302]  ? __fget_files+0x2a/0x420
[ 1042.413338][T13302]  security_file_ioctl+0xcb/0x2d0
[ 1042.413372][T13302]  __se_sys_ioctl+0x47/0x170
[ 1042.413415][T13302]  do_syscall_64+0xfa/0x3b0
[ 1042.413446][T13302]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1042.413476][T13302]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1042.413505][T13302]  ? clear_bhb_loop+0x60/0xb0
[ 1042.413533][T13302]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1042.413554][T13302] RIP: 0033:0x7fa59358e969
[ 1042.413574][T13302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1042.413594][T13302] RSP: 002b:00007fa59448c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1042.413619][T13302] RAX: ffffffffffffffda RBX: 00007fa5937b5fa0 RCX: 00007fa59358e969
[ 1042.413636][T13302] RDX: 0000200000001140 RSI: 000000004058534c RDI: 0000000000000004
[ 1042.413651][T13302] RBP: 00007fa59448c090 R08: 0000000000000000 R09: 0000000000000000
[ 1042.413665][T13302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1042.413678][T13302] R13: 0000000000000000 R14: 00007fa5937b5fa0 R15: 00007ffe86a5c468
[ 1042.413713][T13302]  </TASK>
[ 1042.728157][T13302] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1042.948919][T13310] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2057'.
[ 1043.007325][T13310] netlink: 12 bytes leftover after parsing attributes in process `syz.9.2057'.
[ 1043.091289][T13310] netlink: 'syz.9.2057': attribute type 20 has an invalid length.
[ 1044.702146][T13331] autofs4:pid:13331:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.4294934529), cmd(0xc0189374)
[ 1044.730982][T13331] autofs4:pid:13331:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189374)
[ 1044.772530][ T8307] Bluetooth: hci5: Frame reassembly failed (-84)
[ 1044.786382][T13331] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[ 1045.110739][T13342] openvswitch: netlink: IP tunnel dst address not specified
[ 1045.260396][T13346] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1045.295405][T13348] netlink: 'syz.6.2070': attribute type 3 has an invalid length.
[ 1045.296524][T13346] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1045.520098][ T5811] usb 10-1: new high-speed USB device number 24 using dummy_hcd
[ 1045.603021][T13358] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2073'.
[ 1045.629517][T13358] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2073'.
[ 1045.647282][T13358] netlink: 'syz.5.2073': attribute type 20 has an invalid length.
[ 1046.401898][T13370] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0
[ 1046.735483][   T24] IPVS: starting estimator thread 0...
[ 1046.827697][T10527] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1046.839207][T13385] IPVS: using max 28 ests per chain, 67200 per kthread
[ 1047.011897][T13384] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[ 1047.115755][T13390] FAULT_INJECTION: forcing a failure.
[ 1047.115755][T13390] name failslab, interval 1, probability 0, space 0, times 0
[ 1047.172703][T13390] CPU: 0 UID: 0 PID: 13390 Comm: syz.8.2084 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[ 1047.172739][T13390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1047.172753][T13390] Call Trace:
[ 1047.172763][T13390]  <TASK>
[ 1047.172773][T13390]  dump_stack_lvl+0x189/0x250
[ 1047.172809][T13390]  ? __pfx____ratelimit+0x10/0x10
[ 1047.172841][T13390]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1047.172870][T13390]  ? __pfx__printk+0x10/0x10
[ 1047.172908][T13390]  ? __pfx___might_resched+0x10/0x10
[ 1047.172940][T13390]  should_fail_ex+0x414/0x560
[ 1047.172975][T13390]  should_failslab+0xa8/0x100
[ 1047.173009][T13390]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1047.173042][T13390]  ? __alloc_skb+0x112/0x2d0
[ 1047.173078][T13390]  __alloc_skb+0x112/0x2d0
[ 1047.173112][T13390]  netlink_sendmsg+0x5c6/0xb30
[ 1047.173153][T13390]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1047.173192][T13390]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1047.173212][T13390]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1047.173240][T13390]  __sock_sendmsg+0x219/0x270
[ 1047.173276][T13390]  ____sys_sendmsg+0x505/0x830
[ 1047.173312][T13390]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1047.173366][T13390]  ? import_iovec+0x74/0xa0
[ 1047.173391][T13390]  ___sys_sendmsg+0x21f/0x2a0
[ 1047.173423][T13390]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1047.173485][T13390]  ? __fget_files+0x2a/0x420
[ 1047.173513][T13390]  ? __fget_files+0x3a0/0x420
[ 1047.173550][T13390]  __x64_sys_sendmsg+0x19b/0x260
[ 1047.173572][T13390]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1047.173599][T13390]  ? __pfx_ksys_write+0x10/0x10
[ 1047.173622][T13390]  ? rcu_is_watching+0x15/0xb0
[ 1047.173652][T13390]  ? do_syscall_64+0xbe/0x3b0
[ 1047.173685][T13390]  do_syscall_64+0xfa/0x3b0
[ 1047.173717][T13390]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1047.173743][T13390]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1047.173764][T13390]  ? clear_bhb_loop+0x60/0xb0
[ 1047.173787][T13390]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1047.173804][T13390] RIP: 0033:0x7fa59358e969
[ 1047.173820][T13390] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1047.173836][T13390] RSP: 002b:00007fa59448c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1047.173855][T13390] RAX: ffffffffffffffda RBX: 00007fa5937b5fa0 RCX: 00007fa59358e969
[ 1047.173869][T13390] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[ 1047.173880][T13390] RBP: 00007fa59448c090 R08: 0000000000000000 R09: 0000000000000000
[ 1047.173892][T13390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1047.173903][T13390] R13: 0000000000000000 R14: 00007fa5937b5fa0 R15: 00007ffe86a5c468
[ 1047.173929][T13390]  </TASK>
[ 1047.868029][ T5811] usb 10-1: new high-speed USB device number 25 using dummy_hcd
[ 1047.984838][T13402] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2088'.
[ 1048.027342][ T5811] usb 10-1: Using ep0 maxpacket: 32
[ 1048.060687][ T5811] usb 10-1: config 0 has an invalid interface number: 85 but max is 0
[ 1048.091002][T13402] netlink: 12 bytes leftover after parsing attributes in process `syz.8.2088'.
[ 1048.108788][ T5811] usb 10-1: config 0 has no interface number 0
[ 1048.156033][ T5811] usb 10-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1048.275914][T13402] netlink: 'syz.8.2088': attribute type 20 has an invalid length.
[ 1048.284406][ T5811] usb 10-1: config 0 interface 85 has no altsetting 0
[ 1048.406732][ T5811] usb 10-1: New USB device found, idVendor=98ac, idProduct=0219, bcdDevice=f0.72
[ 1048.530108][ T5811] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1048.638526][ T5811] usb 10-1: Product: syz
[ 1048.701836][ T5811] usb 10-1: Manufacturer: syz
[ 1048.765802][ T5811] usb 10-1: SerialNumber: syz
[ 1050.144247][ T5811] usb 10-1: config 0 descriptor??
[ 1051.290155][ T5811] usb 10-1: USB disconnect, device number 25
[ 1053.506215][T13452] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1053.536730][   T30] audit: type=1326 audit(1748482686.709:660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13446 comm="syz.9.2101" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f600658e969 code=0x0
[ 1053.549571][T13442] ptm ptm1: ldisc open failed (-12), clearing slot 1
[ 1053.601827][T13453] fuse: Unknown parameter 'fÅ'
[ 1055.506552][ T8729] usb 9-1: new high-speed USB device number 26 using dummy_hcd
[ 1056.664695][ T8729] usb 9-1: Using ep0 maxpacket: 8
[ 1056.678048][ T8729] usb 9-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1056.748861][ T8729] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1056.785051][ T8729] usb 9-1: config 0 descriptor??
[ 1057.917220][ T8729] asix 9-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[ 1057.962284][ T8729] asix 9-1:0.0 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9
[ 1058.007996][ T8729] asix 9-1:0.0: probe with driver asix failed with error -71
[ 1058.026512][ T8729] usb 9-1: USB disconnect, device number 26
[ 1058.209737][T13487] netlink: 268 bytes leftover after parsing attributes in process `syz.9.2110'.
[ 1059.811438][T13511] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2113'.
[ 1059.855030][T13510] netlink: 'syz.5.2113': attribute type 4 has an invalid length.
[ 1059.976438][T10611] usb 10-1: new high-speed USB device number 26 using dummy_hcd
[ 1060.593518][T10611] usb 10-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[ 1060.640024][T10611] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1060.688683][T10611] usb 10-1: Product: syz
[ 1060.714099][T10611] usb 10-1: Manufacturer: syz
[ 1060.718893][T10611] usb 10-1: SerialNumber: syz
[ 1060.735398][T13517] FAULT_INJECTION: forcing a failure.
[ 1060.735398][T13517] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1060.807705][T10611] usb 10-1: config 0 descriptor??
[ 1060.838445][T13517] CPU: 1 UID: 0 PID: 13517 Comm: syz.8.2119 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[ 1060.838478][T13517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1060.838493][T13517] Call Trace:
[ 1060.838501][T13517]  <TASK>
[ 1060.838511][T13517]  dump_stack_lvl+0x189/0x250
[ 1060.838547][T13517]  ? __pfx____ratelimit+0x10/0x10
[ 1060.838598][T13517]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1060.838630][T13517]  ? __pfx__printk+0x10/0x10
[ 1060.838665][T13517]  ? __might_fault+0xb0/0x130
[ 1060.838711][T13517]  should_fail_ex+0x414/0x560
[ 1060.838747][T13517]  _copy_to_iter+0x3f5/0x16f0
[ 1060.838794][T13517]  ? __pfx__copy_to_iter+0x10/0x10
[ 1060.838835][T13517]  ? __skb_try_recv_from_queue+0x58f/0x730
[ 1060.838867][T13517]  ? __skb_try_recv_datagram+0x3da/0x4e0
[ 1060.838898][T13517]  __skb_datagram_iter+0xf8/0x990
[ 1060.838924][T13517]  ? __pfx_simple_copy_to_iter+0x10/0x10
[ 1060.838959][T13517]  skb_copy_datagram_iter+0xc5/0x230
[ 1060.838988][T13517]  netlink_recvmsg+0x2c9/0xe00
[ 1060.839020][T13517]  ? __lock_acquire+0xab9/0xd20
[ 1060.839054][T13517]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1060.839097][T13517]  ? __lock_acquire+0xab9/0xd20
[ 1060.839125][T13517]  ? bpf_lsm_socket_recvmsg+0x9/0x20
[ 1060.839147][T13517]  ? __pfx_netlink_recvmsg+0x10/0x10
[ 1060.839178][T13517]  sock_recvmsg_nosec+0x186/0x1c0
[ 1060.839211][T13517]  ____sys_recvmsg+0x3aa/0x460
[ 1060.839243][T13517]  ? __pfx_____sys_recvmsg+0x10/0x10
[ 1060.839283][T13517]  ? import_iovec+0x74/0xa0
[ 1060.839309][T13517]  ___sys_recvmsg+0x1b5/0x510
[ 1060.839337][T13517]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1060.839394][T13517]  ? __might_fault+0xb0/0x130
[ 1060.839430][T13517]  do_recvmmsg+0x307/0x770
[ 1060.839462][T13517]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1060.839498][T13517]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1060.839552][T13517]  __x64_sys_recvmmsg+0x190/0x240
[ 1060.839578][T13517]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1060.839599][T13517]  ? rcu_is_watching+0x15/0xb0
[ 1060.839632][T13517]  ? do_syscall_64+0xbe/0x3b0
[ 1060.839670][T13517]  do_syscall_64+0xfa/0x3b0
[ 1060.839701][T13517]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1060.839731][T13517]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1060.839754][T13517]  ? clear_bhb_loop+0x60/0xb0
[ 1060.839781][T13517]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1060.839803][T13517] RIP: 0033:0x7fa59358e969
[ 1060.839830][T13517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1060.839851][T13517] RSP: 002b:00007fa59448c038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1060.839876][T13517] RAX: ffffffffffffffda RBX: 00007fa5937b5fa0 RCX: 00007fa59358e969
[ 1060.839894][T13517] RDX: 0000000000000005 RSI: 00002000000086c0 RDI: 0000000000000003
[ 1060.839909][T13517] RBP: 00007fa59448c090 R08: 0000000000000000 R09: 0000000000000000
[ 1060.839923][T13517] R10: 0000000000018042 R11: 0000000000000246 R12: 0000000000000001
[ 1060.839938][T13517] R13: 0000000000000000 R14: 00007fa5937b5fa0 R15: 00007ffe86a5c468
[ 1060.839972][T13517]  </TASK>
[ 1061.143965][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1061.640252][T13508] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1061.696960][T13508] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1062.226236][T10611] usb 10-1: Firmware version (0.0) predates our first public release.
[ 1062.615613][T10611] usb 10-1: Please update to version 0.2 or newer
[ 1063.026252][T10611] usb 10-1: USB disconnect, device number 26
[ 1063.170290][T13548] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2126'.
[ 1063.377344][T13543] netlink: 'syz.7.2126': attribute type 4 has an invalid length.
[ 1063.444918][ T5878] usb 9-1: new high-speed USB device number 27 using dummy_hcd
[ 1063.817944][T13555] netlink: 8 bytes leftover after parsing attributes in process `syz.9.2128'.
[ 1063.873014][ T5878] usb 9-1: Using ep0 maxpacket: 8
[ 1063.878759][T13554] netlink: 'syz.9.2128': attribute type 4 has an invalid length.
[ 1063.881362][ T5878] usb 9-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[ 1063.928377][ T5878] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1063.945931][ T5878] usb 9-1: config 0 descriptor??
[ 1063.969000][ T5879] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[ 1064.148918][ T5879] usb 6-1: Using ep0 maxpacket: 16
[ 1064.168543][ T5879] usb 6-1: config 8 has an invalid interface number: 131 but max is 0
[ 1064.200771][ T5878] asix 9-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[ 1064.212694][ T5879] usb 6-1: config 8 has no interface number 0
[ 1064.233651][ T5879] usb 6-1: config 8 interface 131 altsetting 8 bulk endpoint 0x5 has invalid maxpacket 16
[ 1064.253944][T13559] lo speed is unknown, defaulting to 1000
[ 1064.260391][ T5878] asix 9-1:0.0: probe with driver asix failed with error -71
[ 1064.272042][ T5879] usb 6-1: config 8 interface 131 has no altsetting 0
[ 1064.283189][ T5878] usb 9-1: USB disconnect, device number 27
[ 1064.296863][ T5879] usb 6-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=3f.90
[ 1065.018090][ T5879] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1065.026236][ T5879] usb 6-1: Product: syz
[ 1065.057507][ T5879] usb 6-1: Manufacturer: syz
[ 1065.062170][ T5879] usb 6-1: SerialNumber: syz
[ 1065.136681][ T9788] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[ 1065.151306][T13550] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[ 1065.234396][T13568] FAULT_INJECTION: forcing a failure.
[ 1065.234396][T13568] name failslab, interval 1, probability 0, space 0, times 0
[ 1065.270041][T13568] CPU: 0 UID: 0 PID: 13568 Comm: syz.8.2132 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[ 1065.270073][T13568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1065.270087][T13568] Call Trace:
[ 1065.270095][T13568]  <TASK>
[ 1065.270105][T13568]  dump_stack_lvl+0x189/0x250
[ 1065.270139][T13568]  ? __pfx____ratelimit+0x10/0x10
[ 1065.270173][T13568]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1065.270201][T13568]  ? __pfx__printk+0x10/0x10
[ 1065.270236][T13568]  ? __pfx___might_resched+0x10/0x10
[ 1065.270264][T13568]  ? fs_reclaim_acquire+0x7d/0x100
[ 1065.270290][T13568]  should_fail_ex+0x414/0x560
[ 1065.270323][T13568]  should_failslab+0xa8/0x100
[ 1065.270356][T13568]  __kmalloc_noprof+0xcb/0x4f0
[ 1065.270383][T13568]  ? tomoyo_encode+0x28b/0x550
[ 1065.270419][T13568]  tomoyo_encode+0x28b/0x550
[ 1065.270454][T13568]  tomoyo_realpath_from_path+0x58d/0x5d0
[ 1065.270495][T13568]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1065.270521][T13568]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1065.270551][T13568]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1065.270595][T13568]  ? __lock_acquire+0xab9/0xd20
[ 1065.270638][T13568]  ? __fget_files+0x2a/0x420
[ 1065.270678][T13568]  ? __fget_files+0x2a/0x420
[ 1065.270706][T13568]  ? __fget_files+0x3a0/0x420
[ 1065.270734][T13568]  ? __fget_files+0x2a/0x420
[ 1065.270768][T13568]  security_file_ioctl+0xcb/0x2d0
[ 1065.270798][T13568]  __se_sys_ioctl+0x47/0x170
[ 1065.270827][T13568]  do_syscall_64+0xfa/0x3b0
[ 1065.270855][T13568]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1065.270883][T13568]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1065.270904][T13568]  ? clear_bhb_loop+0x60/0xb0
[ 1065.270929][T13568]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1065.270949][T13568] RIP: 0033:0x7fa59358e969
[ 1065.270968][T13568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1065.270985][T13568] RSP: 002b:00007fa59448c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1065.271006][T13568] RAX: ffffffffffffffda RBX: 00007fa5937b5fa0 RCX: 00007fa59358e969
[ 1065.271021][T13568] RDX: 0000200000000a40 RSI: 00000000c4c85512 RDI: 0000000000000005
[ 1065.271034][T13568] RBP: 00007fa59448c090 R08: 0000000000000000 R09: 0000000000000000
[ 1065.271047][T13568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1065.271059][T13568] R13: 0000000000000000 R14: 00007fa5937b5fa0 R15: 00007ffe86a5c468
[ 1065.271091][T13568]  </TASK>
[ 1065.271138][T13568] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1065.543711][ T9788] usb 7-1: Using ep0 maxpacket: 8
[ 1065.551054][ T9788] usb 7-1: config 0 has no interfaces?
[ 1065.560241][ T9788] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0069, bcdDevice=6e.55
[ 1065.569773][ T9788] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1065.578688][ T9788] usb 7-1: Product: syz
[ 1065.694932][ T9788] usb 7-1: Manufacturer: syz
[ 1065.699850][ T9788] usb 7-1: SerialNumber: syz
[ 1065.909789][ T9788] usb 7-1: config 0 descriptor??
[ 1065.930317][ T5878] usb 10-1: new high-speed USB device number 27 using dummy_hcd
[ 1066.096843][ T5878] usb 10-1: Using ep0 maxpacket: 16
[ 1066.228561][ T5878] usb 10-1: config 4 has an invalid interface number: 51 but max is 0
[ 1066.336400][ T5878] usb 10-1: config 4 has no interface number 0
[ 1066.407379][ T5878] usb 10-1: config 4 interface 51 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[ 1066.539653][ T5878] usb 10-1: config 4 interface 51 has no altsetting 0
[ 1066.626276][ T9788] usb 7-1: USB disconnect, device number 27
[ 1066.667008][ T5878] usb 10-1: New USB device found, idVendor=954f, idProduct=4199, bcdDevice= f.76
[ 1066.688261][ T5878] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1066.716488][ T5878] usb 10-1: Product: syz
[ 1066.726277][ T5878] usb 10-1: Manufacturer: syz
[ 1066.731368][ T5878] usb 10-1: SerialNumber: syz
[ 1066.743681][T13577] raw-gadget.2 gadget.9: fail, usb_ep_enable returned -22
[ 1066.763405][ T5878] cdc_eem 10-1:4.51: probe with driver cdc_eem failed with error -22
[ 1067.005340][ T9788] usb 10-1: USB disconnect, device number 27
[ 1067.651291][T13610] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2141'.
[ 1067.710114][T13608] netlink: 'syz.7.2141': attribute type 4 has an invalid length.
[ 1067.969533][ T5879] HFC-S_USB 6-1:8.131: probe with driver HFC-S_USB failed with error -5
[ 1068.073067][ T5879] usb 6-1: USB disconnect, device number 18
[ 1069.903200][T13637] FAULT_INJECTION: forcing a failure.
[ 1069.903200][T13637] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1069.916940][T13637] CPU: 0 UID: 0 PID: 13637 Comm: syz.7.2152 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[ 1069.916971][T13637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1069.916984][T13637] Call Trace:
[ 1069.916992][T13637]  <TASK>
[ 1069.917002][T13637]  dump_stack_lvl+0x189/0x250
[ 1069.917045][T13637]  ? __pfx____ratelimit+0x10/0x10
[ 1069.917074][T13637]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1069.917103][T13637]  ? __pfx__printk+0x10/0x10
[ 1069.917135][T13637]  ? __might_fault+0xb0/0x130
[ 1069.917174][T13637]  should_fail_ex+0x414/0x560
[ 1069.917204][T13637]  _copy_from_user+0x2d/0xb0
[ 1069.917225][T13637]  do_tcp_setsockopt+0x47d/0x1f10
[ 1069.917259][T13637]  ? __pfx_do_tcp_setsockopt+0x10/0x10
[ 1069.917290][T13637]  ? __lock_acquire+0xab9/0xd20
[ 1069.917324][T13637]  ? sock_common_setsockopt+0x36/0xc0
[ 1069.917349][T13637]  ? tcp_setsockopt+0x3d/0xe0
[ 1069.917374][T13637]  ? __pfx_sock_common_setsockopt+0x10/0x10
[ 1069.917403][T13637]  do_sock_setsockopt+0x25a/0x3e0
[ 1069.917436][T13637]  ? __pfx_do_sock_setsockopt+0x10/0x10
[ 1069.917471][T13637]  ? __fget_files+0x2a/0x420
[ 1069.917507][T13637]  __x64_sys_setsockopt+0x18b/0x220
[ 1069.917541][T13637]  do_syscall_64+0xfa/0x3b0
[ 1069.917569][T13637]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1069.917594][T13637]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1069.917612][T13637]  ? clear_bhb_loop+0x60/0xb0
[ 1069.917635][T13637]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1069.917654][T13637] RIP: 0033:0x7f8d4518e969
[ 1069.917672][T13637] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1069.917689][T13637] RSP: 002b:00007f8d45fbc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[ 1069.917711][T13637] RAX: ffffffffffffffda RBX: 00007f8d453b5fa0 RCX: 00007f8d4518e969
[ 1069.917727][T13637] RDX: 000000000000001e RSI: 0000000000000006 RDI: 0000000000000003
[ 1069.917739][T13637] RBP: 00007f8d45fbc090 R08: 0000000000000004 R09: 0000000000000000
[ 1069.917751][T13637] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001
[ 1069.917765][T13637] R13: 0000000000000000 R14: 00007f8d453b5fa0 R15: 00007ffcdab75078
[ 1069.917796][T13637]  </TASK>
[ 1070.137988][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1070.688749][T13647] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2155'.
[ 1070.726440][T13647] netlink: 'syz.7.2155': attribute type 4 has an invalid length.
[ 1070.749627][T13653] syz.5.2156: attempt to access beyond end of device
[ 1070.749627][T13653] nbd5: rw=2048, sector=0, nr_sectors = 8 limit=0
[ 1070.766233][T13653] SQUASHFS error: Failed to read block 0x0: -5
[ 1070.923030][T13653] unable to read squashfs_super_block
[ 1071.069624][T13658] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1071.094880][   T30] audit: type=1326 audit(1748482704.502:661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13651 comm="syz.6.2157" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8e30d8e969 code=0x0
[ 1071.150786][T13660] fuse: Unknown parameter 'fÅ'
[ 1072.655015][T13672] usb usb8: usbfs: process 13672 (syz.7.2163) did not claim interface 0 before use
[ 1075.975311][ T5879] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[ 1076.229864][ T5879] usb 7-1: Using ep0 maxpacket: 32
[ 1076.326615][ T5879] usb 7-1: config 0 has an invalid interface number: 85 but max is 0
[ 1076.421697][ T5879] usb 7-1: config 0 has no interface number 0
[ 1076.483092][ T5879] usb 7-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1076.503846][ T9788] IPVS: starting estimator thread 0...
[ 1077.200813][ T5879] usb 7-1: config 0 interface 85 has no altsetting 0
[ 1077.241226][T13702] IPVS: using max 24 ests per chain, 57600 per kthread
[ 1077.317443][ T5879] usb 7-1: New USB device found, idVendor=98ac, idProduct=0219, bcdDevice=f0.72
[ 1077.413337][ T5879] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1077.503806][ T5879] usb 7-1: Product: syz
[ 1077.542725][ T5879] usb 7-1: Manufacturer: syz
[ 1077.901875][ T5879] usb 7-1: SerialNumber: syz
[ 1078.366442][ T5879] usb 7-1: config 0 descriptor??
[ 1078.955493][ T5879] usb 7-1: USB disconnect, device number 28
[ 1079.126038][T13712] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2171'.
[ 1079.185727][T13710] netlink: 'syz.5.2171': attribute type 4 has an invalid length.
[ 1083.614189][T13727] autofs4:pid:13727:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.4294934529), cmd(0xc0189374)
[ 1083.658648][T13728] netlink: 212376 bytes leftover after parsing attributes in process `syz.5.2178'.
[ 1083.674753][T13727] autofs4:pid:13727:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc0189374)
[ 1083.677215][T13730] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[ 1083.698153][ T2972] Bluetooth: hci5: Frame reassembly failed (-84)
[ 1085.567598][T13758] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2184'.
[ 1085.613686][T13757] netlink: 'syz.7.2184': attribute type 4 has an invalid length.
[ 1085.739914][T10527] Bluetooth: hci5: command 0x1003 tx timeout
[ 1085.751310][ T5823] Bluetooth: hci5: Opcode 0x1003 failed: -110
[ 1085.758185][ T5874] usb 10-1: new full-speed USB device number 28 using dummy_hcd
[ 1086.082370][ T5874] usb 10-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[ 1086.270569][ T5874] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1086.324709][ T5874] usb 10-1: config 0 descriptor??
[ 1086.337176][ T5874] ums-realtek 10-1:0.0: USB Mass Storage device detected
[ 1086.625886][   T24] IPVS: starting estimator thread 0...
[ 1086.825225][T13768] IPVS: using max 27 ests per chain, 64800 per kthread
[ 1087.012195][ T5811] usb 10-1: USB disconnect, device number 28
[ 1087.750178][ T1085] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1087.924481][ T1085] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1088.053351][ T1085] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1089.158977][T13797] netlink: 8 bytes leftover after parsing attributes in process `syz.7.2198'.
[ 1089.247164][T13799] netlink: 'syz.7.2198': attribute type 4 has an invalid length.
[ 1090.075712][T13805] Invalid source name
[ 1090.117444][T13805] UBIFS error (pid: 13805): cannot open "./file0", error -22
[ 1090.869505][T13813] sctp: [Deprecated]: syz.8.2201 (pid 13813) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1090.869505][T13813] Use struct sctp_sack_info instead
[ 1091.505832][ T1085] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1091.765459][T13821] netlink: 212376 bytes leftover after parsing attributes in process `syz.8.2204'.
[ 1092.121321][ T1085] bridge_slave_1: left allmulticast mode
[ 1092.131655][ T1085] bridge_slave_1: left promiscuous mode
[ 1092.138886][ T1085] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1092.160805][ T1085] bridge_slave_0: left allmulticast mode
[ 1092.176064][ T1085] bridge_slave_0: left promiscuous mode
[ 1092.196557][ T1085] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1092.245854][T13834] netlink: 4 bytes leftover after parsing attributes in process `syz.7.2206'.
[ 1092.347697][T10527] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1092.361453][T10527] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1092.371909][T10527] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1092.386122][T10527] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1092.394102][T10527] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1093.660784][T13855] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2211'.
[ 1093.806409][T13852] netlink: 'syz.8.2211': attribute type 4 has an invalid length.
[ 1093.987552][ T1085] bond2 (unregistering): (slave gretap1): Releasing active interface
[ 1094.403525][ T1085] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1094.415929][ T1085] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1094.427070][ T1085] bond0 (unregistering): Released all slaves
[ 1094.448816][ T1085] bond1 (unregistering): Released all slaves
[ 1094.456622][ T5823] Bluetooth: hci2: command tx timeout
[ 1094.486775][ T1085] bond2 (unregistering): Released all slaves
[ 1094.526052][T13834] ==================================================================
[ 1094.534176][T13834] BUG: KASAN: global-out-of-bounds in fib6_clean_node+0x35d/0x590
[ 1094.542036][T13834] Read of size 8 at addr ffffffff99d217e8 by task syz.7.2206/13834
[ 1094.549971][T13834] 
[ 1094.552328][T13834] CPU: 1 UID: 0 PID: 13834 Comm: syz.7.2206 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[ 1094.552362][T13834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1094.552377][T13834] Call Trace:
[ 1094.552387][T13834]  <TASK>
[ 1094.552398][T13834]  dump_stack_lvl+0x189/0x250
[ 1094.552434][T13834]  ? __virt_addr_valid+0x1c8/0x5c0
[ 1094.552468][T13834]  ? rcu_is_watching+0x15/0xb0
[ 1094.552496][T13834]  ? __kasan_check_byte+0x12/0x40
[ 1094.552528][T13834]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1094.552578][T13834]  ? rcu_is_watching+0x15/0xb0
[ 1094.552606][T13834]  ? lock_release+0x4b/0x3e0
[ 1094.552633][T13834]  ? __virt_addr_valid+0x1c8/0x5c0
[ 1094.552667][T13834]  ? __virt_addr_valid+0x4a5/0x5c0
[ 1094.552702][T13834]  print_report+0xd2/0x2b0
[ 1094.552729][T13834]  ? fib6_clean_node+0x35d/0x590
[ 1094.552758][T13834]  kasan_report+0x118/0x150
[ 1094.552793][T13834]  ? fib6_clean_node+0x35d/0x590
[ 1094.552881][T13834]  fib6_clean_node+0x35d/0x590
[ 1094.552924][T13834]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1094.552956][T13834]  ? __lock_acquire+0xab9/0xd20
[ 1094.552986][T13834]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1094.553020][T13834]  fib6_walk_continue+0x67b/0x910
[ 1094.553059][T13834]  fib6_walk+0x149/0x290
[ 1094.553091][T13834]  __fib6_clean_all+0x234/0x380
[ 1094.553121][T13834]  ? __fib6_clean_all+0x9b/0x380
[ 1094.553152][T13834]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1094.553184][T13834]  ? __pfx___fib6_clean_all+0x10/0x10
[ 1094.553218][T13834]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1094.553249][T13834]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1094.553290][T13834]  rt6_disable_ip+0x120/0x720
[ 1094.553328][T13834]  ? rcu_is_watching+0x15/0xb0
[ 1094.553357][T13834]  ? __pfx_rt6_disable_ip+0x10/0x10
[ 1094.553403][T13834]  addrconf_ifdown+0x15d/0x1880
[ 1094.553432][T13834]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1094.553470][T13834]  ? __pfx___mutex_lock+0x10/0x10
[ 1094.553506][T13834]  ? tls_dev_event+0x717/0xec0
[ 1094.553529][T13834]  ? __pfx_addrconf_ifdown+0x10/0x10
[ 1094.553564][T13834]  addrconf_notify+0x1bc/0x1010
[ 1094.553600][T13834]  notifier_call_chain+0x1b6/0x3e0
[ 1094.553637][T13834]  dev_close_many+0x29c/0x410
[ 1094.553671][T13834]  ? __pfx_dev_close_many+0x10/0x10
[ 1094.553712][T13834]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1094.553743][T13834]  unregister_netdevice_many_notify+0x834/0x2330
[ 1094.553773][T13834]  ? __mutex_lock+0xa6d/0xe80
[ 1094.553806][T13834]  ? __mutex_lock+0x51b/0xe80
[ 1094.553855][T13834]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 1094.553885][T13834]  ? rtnl_dellink+0x331/0x710
[ 1094.553919][T13834]  ? unregister_netdevice_queue+0x1b3/0x380
[ 1094.553948][T13834]  ? __nla_parse+0x40/0x60
[ 1094.553984][T13834]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 1094.554008][T13834]  rtnl_dellink+0x488/0x710
[ 1094.554042][T13834]  ? __pfx_rtnl_dellink+0x10/0x10
[ 1094.554119][T13834]  ? __pfx_rtnl_dellink+0x10/0x10
[ 1094.554148][T13834]  rtnetlink_rcv_msg+0x7cf/0xb70
[ 1094.554181][T13834]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1094.554243][T13834]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1094.554276][T13834]  ? ref_tracker_free+0x63a/0x7d0
[ 1094.554306][T13834]  ? __copy_skb_header+0xa7/0x550
[ 1094.554333][T13834]  netlink_rcv_skb+0x21c/0x490
[ 1094.554364][T13834]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1094.554395][T13834]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1094.554436][T13834]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1094.554466][T13834]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1094.554500][T13834]  netlink_unicast+0x758/0x8d0
[ 1094.554533][T13834]  netlink_sendmsg+0x805/0xb30
[ 1094.554571][T13834]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1094.554611][T13834]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1094.554633][T13834]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1094.554665][T13834]  __sock_sendmsg+0x219/0x270
[ 1094.554698][T13834]  ____sys_sendmsg+0x505/0x830
[ 1094.554737][T13834]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1094.554778][T13834]  ? import_iovec+0x74/0xa0
[ 1094.554803][T13834]  ___sys_sendmsg+0x21f/0x2a0
[ 1094.554866][T13834]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1094.554922][T13834]  ? __fget_files+0x2a/0x420
[ 1094.554956][T13834]  ? __fget_files+0x3a0/0x420
[ 1094.554993][T13834]  __x64_sys_sendmsg+0x19b/0x260
[ 1094.555016][T13834]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1094.555047][T13834]  ? do_syscall_64+0xbe/0x3b0
[ 1094.555084][T13834]  do_syscall_64+0xfa/0x3b0
[ 1094.555117][T13834]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1094.555167][T13834]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1094.555192][T13834]  ? clear_bhb_loop+0x60/0xb0
[ 1094.555219][T13834]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1094.555243][T13834] RIP: 0033:0x7f8d4518e969
[ 1094.555265][T13834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1094.555286][T13834] RSP: 002b:00007f8d45f9b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1094.555311][T13834] RAX: ffffffffffffffda RBX: 00007f8d453b6080 RCX: 00007f8d4518e969
[ 1094.555330][T13834] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 000000000000000d
[ 1094.555346][T13834] RBP: 00007f8d45210ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1094.555362][T13834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1094.555378][T13834] R13: 0000000000000000 R14: 00007f8d453b6080 R15: 00007ffcdab75078
[ 1094.555405][T13834]  </TASK>
[ 1094.555415][T13834] 
[ 1095.063505][T13834] The buggy address belongs to the variable:
[ 1095.069497][T13834]  binder_devices+0x8/0x20
[ 1095.073925][T13834] 
[ 1095.076250][T13834] The buggy address belongs to the physical page:
[ 1095.082679][T13834] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x19d21
[ 1095.091450][T13834] flags: 0xfff00000002000(reserved|node=0|zone=1|lastcpupid=0x7ff)
[ 1095.099357][T13834] raw: 00fff00000002000 ffffea0000674848 ffffea0000674848 0000000000000000
[ 1095.107950][T13834] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
[ 1095.116534][T13834] page dumped because: kasan: bad access detected
[ 1095.122966][T13834] page_owner info is not present (never set?)
[ 1095.129123][T13834] 
[ 1095.131455][T13834] Memory state around the buggy address:
[ 1095.137088][T13834]  ffffffff99d21680: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[ 1095.145417][T13834]  ffffffff99d21700: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9
[ 1095.153491][T13834] >ffffffff99d21780: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 00 f9 f9 f9
[ 1095.161561][T13834]                                                           ^
[ 1095.169021][T13834]  ffffffff99d21800: 00 00 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
[ 1095.177088][T13834]  ffffffff99d21880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 1095.185153][T13834] ==================================================================
[ 1095.193363][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1095.199452][T13834] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1095.206691][T13834] CPU: 1 UID: 0 PID: 13834 Comm: syz.7.2206 Not tainted 6.15.0-syzkaller-03589-gfeacb1774bd5 #0 PREEMPT(full) 
[ 1095.218530][T13834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1095.228615][T13834] Call Trace:
[ 1095.231911][T13834]  <TASK>
[ 1095.234858][T13834]  dump_stack_lvl+0x99/0x250
[ 1095.239482][T13834]  ? __asan_memcpy+0x40/0x70
[ 1095.244097][T13834]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1095.249330][T13834]  ? __pfx__printk+0x10/0x10
[ 1095.253964][T13834]  panic+0x2db/0x790
[ 1095.257893][T13834]  ? __pfx_panic+0x10/0x10
[ 1095.262335][T13834]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[ 1095.268278][T13834]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1095.274221][T13834]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1095.280589][T13834]  ? print_memory_metadata+0x314/0x400
[ 1095.286122][T13834]  ? fib6_clean_node+0x35d/0x590
[ 1095.291100][T13834]  check_panic_on_warn+0x89/0xb0
[ 1095.296081][T13834]  ? fib6_clean_node+0x35d/0x590
[ 1095.301062][T13834]  end_report+0x78/0x160
[ 1095.305352][T13834]  kasan_report+0x129/0x150
[ 1095.309891][T13834]  ? fib6_clean_node+0x35d/0x590
[ 1095.314872][T13834]  fib6_clean_node+0x35d/0x590
[ 1095.319669][T13834]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1095.325005][T13834]  ? __lock_acquire+0xab9/0xd20
[ 1095.329900][T13834]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1095.335318][T13834]  fib6_walk_continue+0x67b/0x910
[ 1095.340389][T13834]  fib6_walk+0x149/0x290
[ 1095.344681][T13834]  __fib6_clean_all+0x234/0x380
[ 1095.349572][T13834]  ? __fib6_clean_all+0x9b/0x380
[ 1095.354548][T13834]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1095.359519][T13834]  ? __pfx___fib6_clean_all+0x10/0x10
[ 1095.364928][T13834]  ? __pfx_fib6_clean_node+0x10/0x10
[ 1095.370261][T13834]  ? __pfx_fib6_ifdown+0x10/0x10
[ 1095.375236][T13834]  rt6_disable_ip+0x120/0x720
[ 1095.379949][T13834]  ? rcu_is_watching+0x15/0xb0
[ 1095.384748][T13834]  ? __pfx_rt6_disable_ip+0x10/0x10
[ 1095.389991][T13834]  addrconf_ifdown+0x15d/0x1880
[ 1095.394871][T13834]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1095.400546][T13834]  ? __pfx___mutex_lock+0x10/0x10
[ 1095.405700][T13834]  ? tls_dev_event+0x717/0xec0
[ 1095.410497][T13834]  ? __pfx_addrconf_ifdown+0x10/0x10
[ 1095.415821][T13834]  addrconf_notify+0x1bc/0x1010
[ 1095.420708][T13834]  notifier_call_chain+0x1b6/0x3e0
[ 1095.425876][T13834]  dev_close_many+0x29c/0x410
[ 1095.430625][T13834]  ? __pfx_dev_close_many+0x10/0x10
[ 1095.435886][T13834]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 1095.441803][T13834]  unregister_netdevice_many_notify+0x834/0x2330
[ 1095.448155][T13834]  ? __mutex_lock+0xa6d/0xe80
[ 1095.452852][T13834]  ? __mutex_lock+0x51b/0xe80
[ 1095.457550][T13834]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 1095.464325][T13834]  ? rtnl_dellink+0x331/0x710
[ 1095.469017][T13834]  ? unregister_netdevice_queue+0x1b3/0x380
[ 1095.474921][T13834]  ? __nla_parse+0x40/0x60
[ 1095.479364][T13834]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 1095.485620][T13834]  rtnl_dellink+0x488/0x710
[ 1095.490149][T13834]  ? __pfx_rtnl_dellink+0x10/0x10
[ 1095.495224][T13834]  ? __pfx_rtnl_dellink+0x10/0x10
[ 1095.500262][T13834]  rtnetlink_rcv_msg+0x7cf/0xb70
[ 1095.505211][T13834]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1095.510334][T13834]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1095.515810][T13834]  ? ref_tracker_free+0x63a/0x7d0
[ 1095.520846][T13834]  ? __copy_skb_header+0xa7/0x550
[ 1095.525880][T13834]  netlink_rcv_skb+0x21c/0x490
[ 1095.530658][T13834]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1095.536128][T13834]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1095.541435][T13834]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1095.546651][T13834]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1095.551867][T13834]  netlink_unicast+0x758/0x8d0
[ 1095.556650][T13834]  netlink_sendmsg+0x805/0xb30
[ 1095.561439][T13834]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1095.566747][T13834]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1095.572040][T13834]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1095.577340][T13834]  __sock_sendmsg+0x219/0x270
[ 1095.582028][T13834]  ____sys_sendmsg+0x505/0x830
[ 1095.586814][T13834]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1095.592119][T13834]  ? import_iovec+0x74/0xa0
[ 1095.596653][T13834]  ___sys_sendmsg+0x21f/0x2a0
[ 1095.601346][T13834]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1095.606573][T13834]  ? __fget_files+0x2a/0x420
[ 1095.611174][T13834]  ? __fget_files+0x3a0/0x420
[ 1095.615868][T13834]  __x64_sys_sendmsg+0x19b/0x260
[ 1095.620810][T13834]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1095.626283][T13834]  ? do_syscall_64+0xbe/0x3b0
[ 1095.630988][T13834]  do_syscall_64+0xfa/0x3b0
[ 1095.635506][T13834]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1095.640733][T13834]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1095.646808][T13834]  ? clear_bhb_loop+0x60/0xb0
[ 1095.651488][T13834]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1095.657383][T13834] RIP: 0033:0x7f8d4518e969
[ 1095.661800][T13834] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1095.681414][T13834] RSP: 002b:00007f8d45f9b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1095.689839][T13834] RAX: ffffffffffffffda RBX: 00007f8d453b6080 RCX: 00007f8d4518e969
[ 1095.697814][T13834] RDX: 0000000000000000 RSI: 0000200000000200 RDI: 000000000000000d
[ 1095.705794][T13834] RBP: 00007f8d45210ab1 R08: 0000000000000000 R09: 0000000000000000
[ 1095.713782][T13834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1095.721760][T13834] R13: 0000000000000000 R14: 00007f8d453b6080 R15: 00007ffcdab75078
[ 1095.729746][T13834]  </TASK>
[ 1095.733138][T13834] Kernel Offset: disabled
[ 1095.737477][T13834] Rebooting in 86400 seconds..