last executing test programs:

34m21.256058727s ago: executing program 2 (id=617):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ptrace$ARCH_SHSTK_ENABLE(0x1e, r1, 0x0, 0x5001)
socket$kcm(0x10, 0x2, 0x0)
mincore(&(0x7f0000184000/0x2000)=nil, 0x2000, 0x0)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x2)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
lseek(r4, 0x10000000005, 0x0)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r5, &(0x7f00000001c0)='O', 0x1, 0x80, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c)
shutdown(r5, 0x1)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r5, 0x84, 0x1a, &(0x7f0000000240), &(0x7f0000000140)=0x8)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000040)=@o_path={&(0x7f0000000000)='./file0\x00'}, 0x18)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c920"], 0x17)

34m19.878504403s ago: executing program 2 (id=619):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x20000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRES64=r0], 0x48)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', 0x0, 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r3, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x7fff, 0x2, 0x3, 0x0, 0x6, 0x7fffffff})
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
r4 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r4, &(0x7f0000001600)='./file1\x00', 0x0, 0x1)
chdir(&(0x7f00000003c0)='./bus\x00')
link(&(0x7f0000000480)='./file1\x00', &(0x7f00000004c0)='./file0\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x8, 0x1c, &(0x7f00000005c0)=ANY=[], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

34m17.760097039s ago: executing program 2 (id=625):
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4000800)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x800000000000001, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019640)=""/102392, 0x18ff8)
openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
r1 = socket(0x10, 0x3, 0x0)
write(r1, &(0x7f00000000c0)="1c0000001e005f0214fffffffffffff807000000000000000000000008", 0x1d)

34m14.507748218s ago: executing program 2 (id=630):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ptrace$ARCH_SHSTK_ENABLE(0x1e, r0, 0x0, 0x5001)
socket$kcm(0x10, 0x2, 0x0)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x2)
r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
lseek(r3, 0x10000000005, 0x0)

34m12.096235262s ago: executing program 2 (id=634):
r0 = socket(0x15, 0x5, 0x0)
unshare(0x22020600)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x801)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(0xffffffffffffffff, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, 0x0)
syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00"], 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x181603, 0x0)
getsockopt(r0, 0x200000000114, 0x2718, &(0x7f0000000340)=""/17, &(0x7f0000000000)=0x11)
getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r0, 0x84, 0x8, &(0x7f0000000080), &(0x7f00000000c0)=0x4)

34m7.808370774s ago: executing program 2 (id=645):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
gettid()
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x148, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffe, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0x16}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "09000000002000008f29d158039b90627d7b60f0d5ca47f33eed46409b7c8722ce020df6b24c2e6ac7b97dc04d01be2092874115214b1ebb764511f69cd1e9f6263346363d2c639c76000067af25166c2f0f85f36aa8867406119c010400002e31dea98204000000d560eae59ea49ef95d73202a6e3b5e1eb38244e694e7410d33bc92794ad27031f2a19698b5142ddf36e2a876a4fc871207bf12a84f1d4d132f5bb7edcf2d08d677e6a7268e106b6ced3c7f53df24092ddb9e0fac6a1153c3fc88bfd1404fef22cf3e825a6e19c6a48a5444eabb459ac3ec9a278df4011773d2f2e6529ed0ad424b47ec67522477f979360b76d1008000"}, @TCA_RED_PARMS={0x14, 0x1, {0x3f26, 0x7, 0x81, 0xc, 0xb, 0x14, 0x5}}]}}]}, 0x148}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f00000002c0)=0x2, 0xb, 0x2, &(0x7f0000000300)={0x77359400}, &(0x7f00000004c0)=0x1, 0x2)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x27)
r4 = eventfd2(0x8e8, 0x80001)
setsockopt$MRT6_INIT(0xffffffffffffffff, 0x29, 0xc8, &(0x7f0000000040), 0x4)
ioctl$KVM_HYPERV_EVENTFD(r3, 0x4018aebd, &(0x7f0000000000)={0x4, r4, 0x1})
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r5}, 0x18)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[], 0xa8}}, 0x0)

33m50.783693188s ago: executing program 32 (id=645):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
gettid()
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x148, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffe, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0x16}}, [@qdisc_kind_options=@q_red={{0x8}, {0x11c, 0x2, [@TCA_RED_STAB={0x104, 0x2, "09000000002000008f29d158039b90627d7b60f0d5ca47f33eed46409b7c8722ce020df6b24c2e6ac7b97dc04d01be2092874115214b1ebb764511f69cd1e9f6263346363d2c639c76000067af25166c2f0f85f36aa8867406119c010400002e31dea98204000000d560eae59ea49ef95d73202a6e3b5e1eb38244e694e7410d33bc92794ad27031f2a19698b5142ddf36e2a876a4fc871207bf12a84f1d4d132f5bb7edcf2d08d677e6a7268e106b6ced3c7f53df24092ddb9e0fac6a1153c3fc88bfd1404fef22cf3e825a6e19c6a48a5444eabb459ac3ec9a278df4011773d2f2e6529ed0ad424b47ec67522477f979360b76d1008000"}, @TCA_RED_PARMS={0x14, 0x1, {0x3f26, 0x7, 0x81, 0xc, 0xb, 0x14, 0x5}}]}}]}, 0x148}}, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
futex(&(0x7f00000002c0)=0x2, 0xb, 0x2, &(0x7f0000000300)={0x77359400}, &(0x7f00000004c0)=0x1, 0x2)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x27)
r4 = eventfd2(0x8e8, 0x80001)
setsockopt$MRT6_INIT(0xffffffffffffffff, 0x29, 0xc8, &(0x7f0000000040), 0x4)
ioctl$KVM_HYPERV_EVENTFD(r3, 0x4018aebd, &(0x7f0000000000)={0x4, r4, 0x1})
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r5}, 0x18)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[], 0xa8}}, 0x0)

33m26.44346523s ago: executing program 4 (id=697):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080))
openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000880)=@raw={'raw\x00', 0x3c1, 0x3, 0x330, 0x170, 0x150, 0x150, 0x170, 0x0, 0x260, 0x238, 0x206, 0x260, 0x238, 0x7fffffe, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [], [], 'veth1_to_team\x00', 'xfrm0\x00', {}, {}, 0x6}, 0x0, 0x128, 0x170, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'dummy0\x00', {0x0, 0x0, 0x100, 0x0, 0x0, 0xfffffff7, 0x7}}}, @common=@inet=@ecn={{0x28}, {0x11}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x390)

33m24.563967521s ago: executing program 4 (id=700):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0xaa, &(0x7f0000000ac0)=ANY=[@ANYBLOB="9a70b05e7d2caaaaaaaaa8aa86dd606410a600740000fc020000000000000000000000000000fe8000000000000000000000000000aa223427d5c9a46b9fa14172170a013589317d2af31ba55431762f462a5abc3f46494ee91bfca594d52f8c3785143e92da5d2d81edc09f68f122fbf741257bf1319408347a17c89212dfe27a0fc65362487e5afe673f0954f60d9d08b61276ce0b3aa520b5f30a9f52c4aaaf159b7e6b53fc003f8570383c"], 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, 0x2}, 0x94)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, r3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
recvmmsg(r1, &(0x7f0000001a40), 0x0, 0x40010020, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="580000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="2b03000000000000300012800b00010067656e65766500002000028008"], 0x58}}, 0x0)

33m17.909476225s ago: executing program 4 (id=707):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r0}, 0x18)
r2 = dup(0xffffffffffffffff)
write$binfmt_aout(r2, &(0x7f0000000580)=ANY=[@ANYRES8=r0, @ANYRESHEX, @ANYRES8=r0, @ANYRESDEC=0x0, @ANYRESOCT=r0, @ANYRES16=r1, @ANYRES32=r2], 0xfffffeb7)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
futex(0x0, 0xc, 0x1, 0x0, &(0x7f0000048000)=0x2, 0x0)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r6, 0x400455c8, 0x1000000000000002)

33m14.866716956s ago: executing program 4 (id=713):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x20000000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYRES64=r0], 0x48)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
mknodat$loop(0xffffffffffffffff, &(0x7f0000001600)='./file1\x00', 0x0, 0x1)
chdir(&(0x7f00000003c0)='./bus\x00')
link(&(0x7f0000000480)='./file1\x00', &(0x7f00000004c0)='./file0\x00')
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)

33m13.223125325s ago: executing program 4 (id=715):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_io_uring_setup(0x49a, 0x0, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x0, 0x0, 0x0, 0x7, 0x0, 0x1, 0x4, 0x1})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$TOKEN_CREATE(0x24, 0x0, 0x0)
r3 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000600)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x8, &(0x7f00000004c0)=ANY=[@ANYBLOB="1809000000000000000000000001000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000005c0)={{r3}, &(0x7f0000000540), &(0x7f0000000580)=r4}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000007c0)={r3, 0x0}, 0x20)

33m11.50584459s ago: executing program 4 (id=719):
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4000800)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x800000000000001, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f00000000c0)="1c0000001e005f0214fffffffffffff807000000000000000000000008", 0x1d)

32m55.050726222s ago: executing program 33 (id=719):
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4000800)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x800000000000001, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
openat$nvme_fabrics(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f00000000c0)="1c0000001e005f0214fffffffffffff807000000000000000000000008", 0x1d)

32m44.33185309s ago: executing program 1 (id=754):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bridge0\x00', <r1=>0x0})
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000000)=0xf3f, 0x4)
sendto$packet(r0, &(0x7f0000000100)="3f031c000302140006001e00890000004a1b7880610c0806000088a8000081a8880088a8ffff", 0x71, 0x40891, &(0x7f0000000540)={0xc9, 0x88a8, r1, 0x1, 0x1, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}, 0x14)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000003900)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b07080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf5af51d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa16509945ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a0000000000000000000000000000cf7b6c4ba9bec153d6834bfef080df374703a8ff56a63ec1fe5f2e05a79e3cace7283dd68d41e94420c325fe4dae144fde5ec25a87d625cab20753a77b323fa3783c8b675859b9012647885a242adfee2fe812ecbe5191e0a15142f7349e7627cc39d724e2e34e7a24154f26ae3125b36d0504965295d0453902ac7079b11a3a1e655e482331e3dc35b2e7e4e3ea99064fe5b9c8ae0ca3e5fd653f3286a99d81ce4eba765c38d097391ad4babac38ce5b4344e24a361cd54e5"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r1, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x10}, 0x10}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r2}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000480), 0x2e9, 0xfc)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r5, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r6, 0x400448c8, &(0x7f0000000340)={r5, r5, 0x8, 0x0, 0x0, 0x82, 0x4a, 0x15c2, 0x5886, 0x801, 0x0, 0x8, 'syz1\x00'})
shutdown(r5, 0x1)
r7 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_CREATE_BUFS(r7, 0xc100565c, &(0x7f0000000040)={0x0, 0xfff, 0x2, {0x9, @pix_mp={0xf, 0x5be7, 0x34565348, 0x0, 0xb, [{0x80000004, 0x7}, {0x7ff, 0xb325}, {0x10000001, 0x7}, {0x63d, 0x7fd}, {0x1, 0xb}, {0x4, 0x489aa92e}, {0xc273}, {0xff, 0x3}], 0x3, 0xc, 0x2, 0x1, 0x3}}, 0xfffffffd})
ioctl$sock_bt_hidp_HIDPCONNDEL(r6, 0x400448c9, &(0x7f0000000040)={@fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x1})

32m37.675971776s ago: executing program 1 (id=763):
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
migrate_pages(0x0, 0x4, &(0x7f00000002c0)=0x7f, &(0x7f0000000300)=0xa)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454c9, 0xba98575a95aeb70f)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f00000020c0), 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x5)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000200)=0xc0)
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f0000000180)={0x4000000, {}, {0x2, 0x0, @empty}, {0x2, 0x0, @empty}, 0x2fd, 0x0, 0x0, 0x0, 0x20})
bind$ax25(r1, 0x0, 0x0)
r3 = memfd_secret(0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x56001, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$TUNSETLINK(r4, 0x400454cd, 0x7)
socket$kcm(0x2, 0xa, 0x2)
futimesat(r3, 0x0, 0x0)

32m34.996108197s ago: executing program 1 (id=766):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0)
r5 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000240)={0x0, 0xffffffffffffff4a, &(0x7f0000000200)={&(0x7f0000000080)={0x18, 0x16, 0xa01}, 0x78}}, 0x0)
recvmmsg$unix(r5, &(0x7f0000006b40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x2, 0x0)
r6 = socket(0x10, 0x803, 0x0)
getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000003c0)=0x14)

32m33.764677974s ago: executing program 1 (id=767):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, 0x0, 0x0)
getrlimit(0x4, 0x0)
ioctl$KVM_SIGNAL_MSI(0xffffffffffffffff, 0x4020aea5, 0x0)
pipe2(&(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
read$FUSE(r3, &(0x7f0000002600)={0x2020}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000000400)={0x6f, 0x0, 0x0, {0x7, 0x28, 0x80000001, 0x0, 0x0, 0x0, 0x2, 0x1}}, 0xfffffede)
get_robust_list(0x0, 0x0, 0x0)

32m32.69025899s ago: executing program 1 (id=768):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ptrace$ARCH_SHSTK_ENABLE(0x1e, r1, 0x0, 0x5001)
socket$kcm(0x10, 0x2, 0x0)
mincore(&(0x7f0000184000/0x2000)=nil, 0x2000, 0x0)
ioctl$TCFLSH(0xffffffffffffffff, 0x400455c8, 0x2)
r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
lseek(r4, 0x10000000005, 0x0)
r5 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendto$inet6(r5, &(0x7f00000001c0), 0x0, 0x80, &(0x7f0000000280)={0xa, 0x0, 0x0, @private2}, 0x1c)
shutdown(r5, 0x1)
getsockopt$inet_sctp6_SCTP_PEER_AUTH_CHUNKS(r5, 0x84, 0x1a, &(0x7f0000000240), &(0x7f0000000140)=0x8)
bpf$OBJ_PIN_PROG(0x6, &(0x7f0000000040)=@o_path={&(0x7f0000000000)='./file0\x00'}, 0x18)
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="02c920"], 0x17)

32m30.944361781s ago: executing program 1 (id=770):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000002240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$alg(r1, &(0x7f0000002280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-camellia-asm\x00'}, 0x58)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r4, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x1)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00')
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00')
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
read$FUSE(r5, &(0x7f00000001c0)={0x2020}, 0x2020)
sendmsg$SMC_PNETID_GET(r1, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c0000001000370410000000ffdbdf2500000000", @ANYRES32, @ANYBLOB="83550500010000001c0012800b00010067656e65766500000c00028005000c0001000000"], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0)

32m14.540489933s ago: executing program 34 (id=770):
unshare(0x6a040000)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000002240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$alg(r1, &(0x7f0000002280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr-camellia-asm\x00'}, 0x58)
sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r4, 0xfffffffffffffffd, 0xfffffffffffffffe, 0x1)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='net/igmp\x00')
symlinkat(&(0x7f0000001040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000000640)='./file0\x00')
execve(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)
read$FUSE(r5, &(0x7f00000001c0)={0x2020}, 0x2020)
sendmsg$SMC_PNETID_GET(r1, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c0000001000370410000000ffdbdf2500000000", @ANYRES32, @ANYBLOB="83550500010000001c0012800b00010067656e65766500000c00028005000c0001000000"], 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x0)

7m9.489150167s ago: executing program 6 (id=4419):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000004240)=0x40000006, 0x4)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000600)=ANY=[], 0x8)
recvmmsg(r0, &(0x7f00000011c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=""/135, 0x87}, 0x4}], 0x1, 0x20, 0x0) (fail_nth: 1)
setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000000)=0x7f, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x20000001, &(0x7f0000000300)={0xa, 0x4e20, 0x5, @mcast1}, 0x1c)

7m9.060178669s ago: executing program 6 (id=4421):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000700)={0x0, 0x18, 0xfa00, {0x4000000000000, &(0x7f00000006c0), 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000680)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000400), 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000b80)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000b40), 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000900), 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000380)={0x0, 0x18, 0xfa00, {0x2, &(0x7f0000000340), 0x106, 0x3}}, 0x20)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100), 0x111}}, 0x20)
writev(r1, &(0x7f0000000000)=[{&(0x7f0000000080)}, {&(0x7f0000000100)="06010000246837f73199aee6fdb9291b3091ec1a2d41d2271b00d8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0xff}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e", 0xfc1}], 0x3)

7m8.795989797s ago: executing program 6 (id=4424):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
pipe(0x0)
socket$nl_route(0x10, 0x3, 0x0)
write$char_usb(0xffffffffffffffff, &(0x7f0000000040)="e2", 0x12d8)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, &(0x7f00000001c0)={0x0, 0xb0, 0x3ff, 0x34325241, 0x0, [], [0x2b8, 0x200000], [0x0, 0x9, 0x0, 0x3]})
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
mknod$loop(&(0x7f0000000100)='./file0\x00', 0x8, 0x1)
ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(r5, 0xffffffffffffffff, &(0x7f0000024000/0x18000)=nil, &(0x7f0000000680)=[@text16={0x10, &(0x7f0000000280)="66b9800000c00f326635010000000f3064660f38828e4258660f086766c744240012e93bf96766c7442402010000006766c744240600000000670f011c2466b9800000c00f326635002000000f300f01df66b80500000066b900200000a90a000f01c40f019f09000f01c2", 0x6b}], 0x1, 0x7d, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f0000000300)={[0x7, 0x800, 0x100, 0x0, 0x5700000000000000, 0x401, 0x6, 0xfffffffffffffff7, 0x0, 0x13f, 0x100000001, 0xba25, 0xfff, 0x3, 0xfffffffffffffe00, 0x4], 0xeeef0000, 0x1c0080})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040), 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/ip_tables_names\x00')

7m5.517589746s ago: executing program 6 (id=4440):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f0000000340)='./file0\x00')
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='sysfs\x00', 0x0, 0x0)
mount$bind(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./control\x00', 0x0, 0x2000, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000100)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0)
recvmmsg(r0, &(0x7f0000000340)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=""/62, 0x3e}, 0x2}], 0x1, 0x3, 0x0)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r2 = getpid()
r3 = syz_pidfd_open(r2, 0x0)
pidfd_send_signal(r3, 0xfffffffe, &(0x7f0000000000)={0x2, 0x1, 0x80}, 0x0)
r4 = dup(r1)
mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000006, 0x28011, r4, 0x2f126000)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000500)=@security={'security\x00', 0xe, 0x4, 0x410, 0xffffffff, 0x158, 0x158, 0x258, 0xffffffff, 0xffffffff, 0x378, 0x378, 0x378, 0xffffffff, 0x4, &(0x7f0000000000), {[{{@uncond, 0x0, 0xf8, 0x158, 0x0, {}, [@common=@osf={{0x50}, {'syz1\x00', 0x0, 0x2}}, @common=@unspec=@connbytes={{0x38}, {[{}, {0x80000001}], 0x2, 0x1}}]}, @common=@SET={0x60, 'SET\x00', 0x0, {{0x0, [0x1, 0x3, 0x1, 0x0, 0x9], 0x4, 0x8c254b9a96a1584a}, {0x2, [0x0, 0x0, 0x1, 0x6, 0x4, 0x4], 0x3, 0x4}}}}, {{@uncond, 0x0, 0xa0, 0x100, 0x0, {}, [@common=@ah={{0x30}, {[0x0, 0x7], 0x1}}]}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, 0x3, 0x3, [0x1f, 0x2f, 0x2b, 0xd, 0x0, 0xd, 0x3, 0xe, 0x3a, 0x12, 0x9, 0x20, 0x12, 0x2c, 0x37, 0x5], 0x1, 0x437f, 0x3}}}, {{@ip={@empty, @multicast2, 0xff, 0xff, 'vcan0\x00', 'wg1\x00', {}, {0xff}, 0xff, 0x1, 0x5}, 0x0, 0xc0, 0x120, 0x0, {}, [@common=@ttl={{0x28}, {0x2, 0x2}}, @common=@ttl={{0x28}, {0x2, 0x8}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@dev={0xac, 0x14, 0x14, 0x15}, [0x0, 0xff, 0x0, 0xffffff00], 0x4e23, 0x4e20, 0x4e23, 0x4e22, 0x7ff, 0x4, 0x2, 0x1, 0x7}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x470)

7m4.936317468s ago: executing program 6 (id=4441):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={<r1=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x3ff, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x9}, {0xa, 0x0, 0x7, @private0, 0x1000}, r1}}, 0x48)

7m4.545657331s ago: executing program 6 (id=4443):
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001fc0)={0xc8, 0x0, 0x10, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x5f}}}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0xffffffff}, @NL80211_ATTR_FRAME={0x54, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x2}, @device_a, @broadcast, @from_mac, {0x9}, @value=@ver_80211n={0x0, 0x6, 0x0, 0x3, 0x0, 0x3, 0x0, 0x0, 0x1}}, 0x1012, 0x7, @device_a, {0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x4, [{0x12}, {0xc}, {0xc, 0x1}, {0x9, 0x1}]}, @val={0x2d, 0x1a, {0x300, 0x0, 0x0, 0x0, {0x10001, 0x3, 0x0, 0x259, 0x0, 0x0, 0x1, 0x2, 0x1}, 0x8, 0x800, 0x3}}}}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xef}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x4}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1000}], @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x7e2}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x4}]}, 0xc8}, 0x1, 0x0, 0x0, 0x24011}, 0x404c000)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000880)=@canfd={{0x1, 0x1}, 0x39, 0x0, 0x0, 0x0, "3992ca995e968b0b065f7922b761528f0199602d1e09faf0c0f1c2db040f957a34b2aa413157e3ec06fdcf6128269e6763e9c19b00d4eb026a6375a22b930a64"}, 0x48}, 0x1, 0x0, 0x0, 0x8490}, 0x1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000300)="d8000000180081064e81f782db4cb904021d0800fe067c05e8fe55a10a0005000140020003600e41b0000900ac0006fc1100000004000500014002000000035c3b61c1d67f6f94007174cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001b14d6d930dfe1d9d322fe7c4650b5b9bd6ee6f63f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0adff010000000000000dd6e4edef3d93452a09004b43370e9703890723f97e46bb5c0754", 0xd6}], 0x1}, 0x20004804)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})

7m3.974054233s ago: executing program 35 (id=4443):
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001fc0)={0xc8, 0x0, 0x10, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x5f}}}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0xffffffff}, @NL80211_ATTR_FRAME={0x54, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x2}, @device_a, @broadcast, @from_mac, {0x9}, @value=@ver_80211n={0x0, 0x6, 0x0, 0x3, 0x0, 0x3, 0x0, 0x0, 0x1}}, 0x1012, 0x7, @device_a, {0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x4, [{0x12}, {0xc}, {0xc, 0x1}, {0x9, 0x1}]}, @val={0x2d, 0x1a, {0x300, 0x0, 0x0, 0x0, {0x10001, 0x3, 0x0, 0x259, 0x0, 0x0, 0x1, 0x2, 0x1}, 0x8, 0x800, 0x3}}}}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xef}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x4}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1000}], @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x7e2}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x4}]}, 0xc8}, 0x1, 0x0, 0x0, 0x24011}, 0x404c000)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000880)=@canfd={{0x1, 0x1}, 0x39, 0x0, 0x0, 0x0, "3992ca995e968b0b065f7922b761528f0199602d1e09faf0c0f1c2db040f957a34b2aa413157e3ec06fdcf6128269e6763e9c19b00d4eb026a6375a22b930a64"}, 0x48}, 0x1, 0x0, 0x0, 0x8490}, 0x1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000300)="d8000000180081064e81f782db4cb904021d0800fe067c05e8fe55a10a0005000140020003600e41b0000900ac0006fc1100000004000500014002000000035c3b61c1d67f6f94007174cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001b14d6d930dfe1d9d322fe7c4650b5b9bd6ee6f63f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0adff010000000000000dd6e4edef3d93452a09004b43370e9703890723f97e46bb5c0754", 0xd6}], 0x1}, 0x20004804)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})

6m3.152269719s ago: executing program 7 (id=4664):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r0}, &(0x7f0000000440), &(0x7f0000000480)}, 0x20)
timer_create(0x8, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
getpid()
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000480)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r4}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}, {0x4}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x6, 0xa, 0x9, 0xfff0, 0x110}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x1, 0xb, 0xa, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x9}, {}, {}, {0x18, 0x6, 0x2, 0x0, r3}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

6m1.691720835s ago: executing program 7 (id=4669):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
syz_usb_connect(0x2, 0x35, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000545e0d209904b76b2f680102030109022300010000c0050904970001ff70790008240206210126ff0905", @ANYRES64, @ANYBLOB], 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="140000001000010000000000000000000700000ac4000000090a016e1d071f000000000002000007040009800900010073797a31000000000900010073797a310000000008000a40000000000900020073797a300000000008000540000000250c001040000000000000000263000d40341e9db9497e197626dba0cc592ddd9a71f83624777332993f228c9c15ff71a9ca4333eb0a51a858b8e02aa06a6b0f11896b689ddceb75c011dc5dc516f800e3f35aefc549577f8aeb2a7d55202967e74fff6ba603088024cf4206b44eefe00008000f"], 0xec}, 0x1, 0x0, 0x0, 0x8800}, 0x4080)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000040)={&(0x7f0000000180)={0x1b4, 0x0, 0x1, 0x801, 0x0, 0x0, {0x2, 0x0, 0x2}, [@CTA_TUPLE_ORIG={0x84, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private1}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x1}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010102}, {0x8, 0x2, @remote}}}]}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x3}, @CTA_STATUS_MASK={0x8, 0x1a, 0x1, 0x0, 0x200}, @CTA_LABELS_MASK={0x8, 0x17, [0x7]}, @CTA_NAT_SRC={0x74, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MAXIP={0x14, 0x5, @local}, @CTA_NAT_V6_MINIP={0x14, 0x4, @private2}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, @CTA_NAT_PROTO={0x24, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}, @CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e21}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e21}]}, @CTA_NAT_V6_MAXIP={0x14, 0x5, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @CTA_NAT_V4_MAXIP={0x8, 0x2, @broadcast}]}, @CTA_TUPLE_REPLY={0x70, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x42}}}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}]}, @CTA_MARK_MASK={0x8, 0x15, 0x1, 0x0, 0x3}, @CTA_ID={0x8, 0xc, 0x1, 0x0, 0x4}, @CTA_LABELS={0x10, 0x16, 0x1, 0x0, [0x9, 0x8, 0x3]}]}, 0x1b4}, 0x1, 0x0, 0x0, 0x4000000}, 0x10)

5m58.571706881s ago: executing program 7 (id=4684):
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001fc0)={0x7c, 0x0, 0x10, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x5f}}}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0xffffffff}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xef}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xbb0}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x4}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1000}], @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x7e2}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x4}]}, 0x7c}, 0x1, 0x0, 0x0, 0x24011}, 0x404c000)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000880)=@canfd={{0x1, 0x1}, 0x39, 0x0, 0x0, 0x0, "3992ca995e968b0b065f7922b761528f0199602d1e09faf0c0f1c2db040f957a34b2aa413157e3ec06fdcf6128269e6763e9c19b00d4eb026a6375a22b930a64"}, 0x48}, 0x1, 0x0, 0x0, 0x8490}, 0x1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000300)="d8000000180081064e81f782db4cb904021d0800fe067c05e8fe55a10a0005000140020003600e41b0000900ac0006fc1100000004000500014002000000035c3b61c1d67f6f94007174cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001b14d6d930dfe1d9d322fe7c4650b5b9bd6ee6f63f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0adff010000000000000dd6e4edef3d93452a09004b43370e9703890723f97e46bb5c0754", 0xd6}], 0x1}, 0x20004804)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x321}, {&(0x7f0000000280)=""/85, 0x21}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000580)=""/106, 0x659}, {&(0x7f0000000980)=""/73, 0xd}, {&(0x7f0000000200)=""/77, 0x69}, {&(0x7f00000007c0)=""/141, 0xc4}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}, 0x5}], 0x4000000000003b4, 0x2000, &(0x7f0000003700)={0x77359400})

5m58.396459686s ago: executing program 7 (id=4687):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{r0}, &(0x7f0000000440), &(0x7f0000000480)}, 0x20)
timer_create(0x8, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
getpid()
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x80000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000040)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x15, 0x1c, &(0x7f0000000480)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}, {}, {0x7, 0x0, 0xb, 0x6}, {0x85, 0x0, 0x0, 0x5}, {0x4}}, {{0x5, 0x0, 0x3}}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x6, 0xa, 0x9, 0xfff0, 0x110}, {0x5, 0x0, 0xb, 0x9}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x6, 0x1, 0xb, 0xa, 0x8}, {0x7, 0x0, 0x0, 0x8}, {0x7, 0x1, 0xb, 0x4, 0x9}, {}, {}, {0x18, 0x6, 0x2, 0x0, r5}, {}, {0x46, 0x8, 0xfff0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @sk_reuseport, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

5m57.398125668s ago: executing program 7 (id=4688):
pipe(&(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r2 = getpid()
syz_open_dev$tty1(0xc, 0x4, 0x1)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="040e04e04020"], 0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f0000002540)=@abs, 0x6e)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0)
get_mempolicy(0x0, 0x0, 0x0, &(0x7f0000a88000/0x2000)=nil, 0x3)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
close(r5)
socket$pppl2tp(0x18, 0x1, 0x1)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x7e832, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SET_SECUREBITS(0x1c, 0x7)
setfsuid(0xee00)
close(r1)
r6 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00', <r7=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010000100"/20, @ANYRES32=r7, @ANYBLOB="000024000000000024001200140001006272696467655f736c617665800000000c0005"], 0x3}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
splice(r0, 0x0, r6, 0x0, 0x10d00, 0xf)

5m56.188100174s ago: executing program 7 (id=4697):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x5, &(0x7f0000006680))
getitimer(0x0, &(0x7f0000000100))
r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @multicast1}, "0400000000000000"}}}}}, 0x0) (async)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @multicast1}, "0400000000000000"}}}}}, 0x0)
pipe2$9p(&(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r5)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r5, &(0x7f00000004c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x28, r6, 0x400, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x20000014)
r8 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00')
preadv(r8, &(0x7f0000000100)=[{&(0x7f0000000140)=""/70, 0x46}], 0x1, 0x3c, 0x0) (async)
preadv(r8, &(0x7f0000000100)=[{&(0x7f0000000140)=""/70, 0x46}], 0x1, 0x3c, 0x0)
r9 = syz_open_dev$loop(&(0x7f0000000040), 0x5, 0x80)
ioctl$BLKBSZSET(r9, 0x40081271, &(0x7f00000001c0)=0xfffffffffffffffa) (async)
ioctl$BLKBSZSET(r9, 0x40081271, &(0x7f00000001c0)=0xfffffffffffffffa)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',fscache,cache=none,dfltuid=', @ANYRESHEX=0x0, @ANYRESDEC=0x0]) (async)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',fscache,cache=none,dfltuid=', @ANYRESHEX=0x0, @ANYRESDEC=0x0])

5m41.013979318s ago: executing program 36 (id=4697):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) (async)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x5, &(0x7f0000006680))
getitimer(0x0, &(0x7f0000000100))
r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @multicast1}, "0400000000000000"}}}}}, 0x0) (async)
syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x3, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback, @multicast1}, "0400000000000000"}}}}}, 0x0)
pipe2$9p(&(0x7f00000000c0)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r5)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000380)={'wlan0\x00', <r7=>0x0})
sendmsg$NL80211_CMD_UPDATE_OWE_INFO(r5, &(0x7f00000004c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x28, r6, 0x400, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x20000014)
r8 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00')
preadv(r8, &(0x7f0000000100)=[{&(0x7f0000000140)=""/70, 0x46}], 0x1, 0x3c, 0x0) (async)
preadv(r8, &(0x7f0000000100)=[{&(0x7f0000000140)=""/70, 0x46}], 0x1, 0x3c, 0x0)
r9 = syz_open_dev$loop(&(0x7f0000000040), 0x5, 0x80)
ioctl$BLKBSZSET(r9, 0x40081271, &(0x7f00000001c0)=0xfffffffffffffffa) (async)
ioctl$BLKBSZSET(r9, 0x40081271, &(0x7f00000001c0)=0xfffffffffffffffa)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',fscache,cache=none,dfltuid=', @ANYRESHEX=0x0, @ANYRESDEC=0x0]) (async)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',fscache,cache=none,dfltuid=', @ANYRESHEX=0x0, @ANYRESDEC=0x0])

12.001459593s ago: executing program 9 (id=5678):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/custom1\x00', 0x1802, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000400)={0x2, 0x4e20, @multicast2}, 0x10)
r1 = epoll_create1(0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000080), 0xd5af, 0x2)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0))
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_GET_FEATURES(r3, 0x8008af00, &(0x7f0000000380))
r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000240)='cpuset.sched_load_balance\x00', 0x2, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x10c4, 0x0, 0x0, 0x180000}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x1}})
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0x9, 0x0, 0x0, @binary="38eac21a"}]}, 0x1c}}, 0x20000000)
write$cgroup_int(r4, &(0x7f0000000340)=0x4a6d, 0x12)
r8 = socket$netlink(0x10, 0x3, 0x1)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000006a240a0000000000e60008000a000100000004000b00080047d7d8010000000000040009000800010800d6437deeb0000100000004"], 0x48}, 0x1, 0x0, 0x0, 0x4048000}, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r9, 0x4068aea3, &(0x7f0000000000)={0x79})
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r10, 0x4004ae99, &(0x7f0000000100)=0x4)
r11 = socket(0x10, 0x3, 0x0)
write(r11, &(0x7f0000000140)="140000004e0025000307f4f9002304000aa6c504", 0x14)
socket$inet6_sctp(0xa, 0x1, 0x84)

8.465280373s ago: executing program 8 (id=5683):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv6_newroute={0x30, 0x18, 0x1ef, 0x0, 0x0, {}, [@RTA_GATEWAY={0x14, 0x5, @loopback={0x0, 0x2}}]}, 0x30}, 0x1, 0x11}, 0x0)

8.420762237s ago: executing program 9 (id=5684):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0), 0x10, 0x9}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c80)={&(0x7f0000002140)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000030000005637f880f14ee2dd0000f90e72cd0ea30cee982535"], &(0x7f0000000c40)=""/3, 0x26, 0x3, 0x1, 0x1}, 0x28)

8.390314401s ago: executing program 0 (id=5685):
socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x1, 0x0)
syz_80211_join_ibss(0x0, 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$MAP_CREATE(0x700000000000000, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x9, 0x2, 0x56d, 0x3, 0x2, 0xffffffffffffffff, 0x4}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r1}, 0x38)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), 0x0, 0x1000, r1}, 0x38)

8.107897285s ago: executing program 8 (id=5686):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
chdir(&(0x7f0000000280)='./file0\x00')
creat(&(0x7f0000000440)='./bus\x00', 0x11d)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x0, 0x0, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2000000}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
r3 = open(&(0x7f0000000000)='./file0\x00', 0x143042, 0xfe)
r4 = socket$packet(0x11, 0x3, 0x300)
r5 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x40000)
ioctl$VIDIOC_S_PARM(r5, 0xc0cc5616, &(0x7f0000000080)={0x1, @output={0x1000, 0x1, {0x14, 0xa36}, 0x3411c440, 0x8001}})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', <r6=>0x0})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000011000100000000000000000007000000", @ANYRES32=r6, @ANYBLOB="60a40200080000001c001a8018000580140005800800020000000000080001"], 0x3c}, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x0)
ftruncate(r3, 0x2008002)
sendfile(0xffffffffffffffff, r3, 0x0, 0x80000001)
syz_usb_connect$hid(0x5, 0x3f, 0x0, 0x0)

8.004134623s ago: executing program 0 (id=5687):
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0xe, 0x42032, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f000905", @ANYBLOB="a3ff33"], 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
read$FUSE(0xffffffffffffffff, &(0x7f0000002200)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_STATX(0xffffffffffffffff, &(0x7f0000004240)={0x130, 0x0, r1, {0x7fff, 0x3, 0x0, '\x00', {0x40, 0x2, 0x1, 0xfff, 0x0, 0x0, 0xc000, '\x00', 0x3, 0x9, 0x81, 0x5, {0x4, 0x6}, {0x1, 0x1}, {}, {0x3, 0x8}, 0x1, 0x8, 0x9, 0x59a}}}, 0x130)
sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="02142000110000000040000000000000030005000000000002000000ffffffff0000000000000000080012000000010000000000000000000600000000000027b20e97a6a9ecae000000ee00000000000000000000000000fc020000000000000000000000000000030006000000000002000000e00000010000000000000000010018"], 0x88}}, 0x20000000)
sendmsg$key(r0, &(0x7f0000000040)={0x4000000, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x2, 0xf, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x1, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@empty, @in6=@private2}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x80}}, 0x0)
syz_emit_ethernet(0x376, &(0x7f00000003c0)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0300", 0x340, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af0502"}, {0x0, 0x1, "000005000000000026000400"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a1800c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fed0e94222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x0, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x19, 0x7, "b8a3e10000a3e1030000000900fec0ffff00000000600000ff0bc0fe000000000000000000000000d9a0274400"/55}, {0x19, 0x11, "3f14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e2eeb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05"}]}}}}}}, 0x0)

7.012137081s ago: executing program 3 (id=5688):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x85, &(0x7f0000000000)=""/4102, &(0x7f0000001040)=0x1006)
r1 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'})
socketpair$unix(0x1, 0x5, 0x0, 0x0)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
socket(0x2000000000000021, 0x2, 0x10000000000002)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
socket(0x11, 0x800000003, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$TIPC_NL_NET_SET(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2805}, 0x0)

6.755564775s ago: executing program 3 (id=5689):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000011c0)=@newtaction={0xe98, 0x30, 0x25, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_KEYS_EX={0x30, 0x5, 0x0, 0x1, [{0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_CMD={0x6}, @TCA_PEDIT_KEY_EX_HTYPE={0x6}]}, {0x14, 0x6, 0x0, 0x1, [@TCA_PEDIT_KEY_EX_HTYPE={0x6}, @TCA_PEDIT_KEY_EX_CMD={0x6}]}, {0x4}]}, @TCA_PEDIT_PARMS_EX={0xe20, 0x4, {{{}, 0x2}, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4f8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0xfffffffe}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1dd2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x2}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x9cfd357781fedd80}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x1}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}}, 0x0)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000002c0)={@cgroup, 0xffffffffffffffff, 0x12, 0x0, 0x0, @void, @value=0x0}, 0x20)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/drop_packet\x00', 0x2, 0x0)
write$cgroup_int(r1, &(0x7f0000000180)=0x2, 0x12)
write$FUSE_IOCTL(0xffffffffffffffff, &(0x7f0000000100)={0x20}, 0xfdef)
getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000002280)={{{@in6=@local, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@dev}, 0x0, @in6=@private2}}, &(0x7f0000005700)=0xe8)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0)
r3 = io_uring_setup(0x3547, &(0x7f0000000100))
open(&(0x7f0000000040)='./file0\x00', 0x11, 0x0)
close(r3)
setsockopt$RDS_RECVERR(0xffffffffffffffff, 0x114, 0x5, &(0x7f00000045c0)=0x1, 0x4)
creat(&(0x7f0000000140)='./file0\x00', 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000002380), &(0x7f00000023c0)=0xc)
timer_create(0x0, &(0x7f0000005680)={0x0, 0x18, 0x2, @thr={&(0x7f0000004600)="7daf560241e537b0b0c25f1db7f7cc35899e7831b8be0d15e0e310a121f8ea6b869ac6d6dba34866f925079b7b991770af06520c0eab4e6a26b17e879a7d4897ac4ed7f0fc88b6eece1cc3cd0140dc220f307a7205c904c7d1f9891690e44cd67d962d8326b3d469c4a0968cb679", &(0x7f0000004680)="e27d691849d824e70758714ab38731efd89dd18591c69270ffdb20898dda300d9c5a16740676297c1f401c5b92a473d765c46c09360dfd2de5b2f413a3596db8e04a8d092892e7ab60bd8f70c86a3deeb976506de08c24b32513ac397f89e12f40b0de61ba4cc82c1d5497cbf5d1ad787c860073115f5d8c30a0c3c17aaef288398af039a400bbe187c4f7fed36376bf2c4ed91c5c450d6686899e98a707df274b54730ec935129858f5edd91c5accdaa4f0ecad25f74b1637899403ef50292f76a90ee7e6f7a95cb456195fa2cf30758d0bf0f35cc9b24dd146b085852d0d2839d20a6ffed094d976783548201604c4dd6db9a3b772b5a668fedea140e3095d8d729d60d7a3dca1ff86b97f415cb28a686f01e7d2f569072a4ea34a1a5c709616a0acfed840ad2c01c54afa5dc5cb195c63a5e16bcca81325e3ea1821fbdd20e225eb0bb0d58e733a7331fe2560b75fea6d9e49cfa7b652695bdfa71e3134432c80f4b83caace8205146e2cfa399f91b36e7b11d9c79669668e01e6cbb6c9af9b3b0390b1ebc35df6ae2846d314cbd9924d398624af04c7d2a87137f22c80d29c915b1072183f8c346dc31e432f86fde8c1d9631ab3815fb25aa21b30e8ae5e35b8360e48de6763d7b19e0c76f6afb9695dfd283664b91fe582d5f5c20adc368824bbd938ace50be737276876f3abbd7f3b14f0a7ae81573993302d14569fa23d0f2577b0cd5399b7091fd78cac6aa324634e40a93e9c02a89b025396b10bb8dd747ead363c1c1b85b1e82192b108bf6d069c35b5c60ecaefcec68bd780d4fb94ce696ee6329da29d3c74ce65f879734e654c9fdf199a2f09c729aaa2d10a9add5486e822f38fbeaadaa6932f4f200de1fd05857fce1acd5e269dfb062b463bebcae281880244b6aa83ea938a3e8d2f7408443a9eae19a810eac1cba040ccab241f5662190c5a658461193aa22f1b3949ecfe3c9c96cc64a0e0a743a7255ec6aec72393b0e3e09fb3492698eddd612be4362b476ea66a98049b7318ba687fe9435a97a129f14541e4dd80a85839ca08846141171f46126b9585d0cf6f561bf612f249dd25ba47da4c266c4c87e13044932abc4b6ffce48a224c0d0e27b5dbe14d324a3538539a5158c2faa423c72799c4ce68da76e889ed6136366e4f9fda419278769a0549a084422517e7a1db45b2684d7120e19cd906a07bdeb4b26e5506e6ebc62442bbbb99b6c3466b07545c7209df3c58de8cfab90c4e24c0efa0e537ad8efcdec62cfa1b92a921fbc0d145a29f91ac4e4e30166a9a949b0c8f675e70555f14f4102d22541c41e8e72c58a0b718c369250acf5ec3c16409376cd77347b93da53be66b19d2790e0ca27c47b6123429d8fc5b474d472db52ff14eb68cfd66e8c7dc33310361462ce1462d854211367de0bc502eb917e9551573d5d80c669ae072b3305ed346d958a314fef65404b8eb566490a619f934ee429d35353f66fcca380429d65fbb3cc0588305d76f453e4a5a8199f17280d42db7bdaffffeafbd7fa7a0875cf47125899ead62fa5d597da6681d4987a1d91873522c3d417e82c18ec522ee34359110c0536a601c11796a352c6f63dfbd6335b816dd1d130d39e7878c7295faa7806af56fb672f85f533d49c3b1a5d4f7eaea5934f87c95cdd97108ff9281ecd3b4a70e63000408dbadd6a1fff30eaa5c2c1b46ec8bb936f27e0b9eab8b19998e099e67f739868de45544bfc3240a003977f8170a13cec283a2dd17ab60ff9ffdf7ca1848b92fdce60006aa23658b4dd9144b08f88187f93167318cdff9c8aa933e790390b8a3f0115552991c0e4afcc37327819c4b395dbd02ccdb7e07477146cd435a862f7b9660249d2811a6aa946f6356afd913ec85c0b29fd5eb8473df32565e54d60ff779088210ff97c6e799c789f6f6590e047df16f4bc7838dd79062ed0085c0d90e6e8511ad7dd9341fd2be58dd1dcf7a203cfe5facb56a64c2fe3016262f5d3aa445acd2084f62035b1ee809b6a163be564c3af1cbb4e4c9fb45593a0f0241d6d4c1473626e329e02f5af3743086c3166f5a0fc2989cc641aec94413ef61b1f3df15a9fc5d48f7891714529a58c228e7d96cc491e3409d8951051ccc211a12cbe4136523338965fa91160a988c6524d7218e4d3b601a9f3392ada2f55534ef24d927b1492a9ab2eac9276e54a2823afc8f1638cb93f7d4037a63cf3c8234241892f070f22ca4d8da4e94b87482724cd5e60794c60d640545d7aef5b59038f506992f96f62f80913cb22cf61cac74c8ace803e0a26382b3c725bae0a1e2990a58045882a95ba22b1434f08a96dc4322f50f4ed582dbe582020a7f8efa1836a1d4518f813ca906360456357f0444dded0c39a2f46952aff0e95f4f8f0d93544ec5b9b4a5b79833d12d519c1f71ad612e7f17524409c5eb05181565ec033483f0243281d47af7c40c29206c2d79cb063ecf06ed4f9084eaba8c84bf94bd8fc7799adf39c002dba6f2435e48ef062655128f60b2ecd62c331ce7e764cbb1a6ef6628e0fd3b23dd5f0daeddefdabd3b42bfa85bcca6bde8d625cc8357310cbc9abbc18a736c7c8a571cde04b3dbc7538c47f2da16924d0ad805d8794c8c828cca2c7cb2cc089a7131c99093b1c340be88b97c00ca96c7830f7a5ae6466a701f3d2c6b9cf959323b8091fdc4e92e08237ee444b6c15a4e85daa973857bbdcdf163739d8c707372aaed8c2d9679e3e5aaf2498d5912422112958aa9e3898bdd591aede48641250569e976d78327d98604ec625243aa24f17e1cc1a9beb38a20f66e3b3dee9c63f2869e2025ebd4bdc92003fe116031e0802f6229cf28518353a92940e314b2c057dfe6ed15ab6cc94a5ef386d0e7192b8bb6c070ed89b782ff08672be650a8e913b956144b41dad8fb376a05d682f0bfd4bfa3a1bc782202c91fed359fbe05c80305df603de0d6f289cfe481952d4e054fbd28e06de32080fce166572c054039c6d770d296ee84e418e8b0a24e0bff0769b411645c3e35a61974aeac93a4b114c06236f94381559b0df35a3abb82d4c4ed2a10830c619326b03d4796773426b486f35eb4f8083eef40403e3959a5213781d6af3364dc8b2f731da0f8e3bdf00872a1a4d13dd6daa5385121c6d5e866e488881cb09b9263c8bc1f0f4467aac6547f94aa31f69a484a666419644b8bc31e3fd709a02ba47acfd500c2d850a1e26e898765677f04a756c73196367a86091c1207cfcf4c653b7a5c9eadb93f848cd1c3bf88edc189a929306137e6423995b2aeffbf6e29b02edd0d7f288e3857576ab799cccdc129a69bced05ebd3c8c0d964cedc06be4fd74938250497f61ceed50e0f6b06b3eb5d326a652f4f5b8dff21665f9f457bafbb9358b084fd8834c4722e4c9c1bf424c18f2e25b3357085f4b6ffc9788027d9bb26257a7ae1bc42eee514f4447ee87c03d5a7a3c853a718dc774be5ef8362e4494c07b0a6dbaeb26aebba9b2a040c6159fcceefbd71df9ad53b88c821cfeb883414ac5757d8d63cf429920081a1a7485c06cec3a0453fb290515da593e1db67258163bcad7b6f0bcff35c92d643637a5885f79c84a503262e304801e110f4a089084afe21f7abcbcab0e85fb7da753743fc17e4901fffdeaa87e50df8132ac7414c9209e9d74d4df9d87384d1fe459fd6ef8fe107d39ee6a37d7991ac29bf512acf944f81142d2ee4c647633dbd61651c7bff275d719667bf97907a1669df4f638d22f0d7ddb4661c906cfbb0d3f9994d4b56df50e255b730c1be2886a7d38654ee212cf91d3150d284e74dcf7c6e3538e3b323c29444912333e0f7724b4d1a840393ce194b140b1c68d4c2e318e25b229aca92badbbc5eb2e186fba17fd7ffbbcb8409ca86bc2abc2141bc27b60800d1e4e3d20af381038942fc4308c267b07ab70aa33d17c8721dd8b08380e3625f56198577a03315c12f3800c7960c812c3d4fc7d19c02d0d226b55a624f04ee525aec8d6d1a9f46323a03497a1ab1939b73dfbe18d8e68aac33e2813fa1078ccf4be7b2e3902e80097fedc5f42ed4a89d3cd44f8c1e9cddad1d8c15eff81419f9c69732bdb2e8bc8db0b5f6b4503283b51cb235d9f2e169ef34dbd398f8e28279e20683366f4c014dc1377058f2937f0c772e1359583477db2dec3b4ae552ca7de001db3708ccd6022a3743c3447dcc357e7108c7bbb8b1337631434bfe3636aa4cee68b31d64c9132c82c874085eb8adfe8b4b5f80430080c0d13e13179594998ee9e1374f3b1cb0d1abeaba3c5f9fb336f76f6ec3b7467ff8ae3730b1e14e7b86225ad2f6d43094f969bea006f3c7bb9b5dda3c434ee570bcd9d32adb927ddb18fc2f85537badb60dbf7d7c223a8d2276f733e535f0cc4a5bdc03db1bc209ef9232935e5e18991b0d818815117c7ea240bfa4505f0f3a5ffcdc709c47825ef1233460c42111b30bed658e0700ecc49302119564a56eb4774ea905ae9ed569c7b134a6d5f9f2c0047729d9cbbc13a9c3b674007d0dbc8a0b1644cc5257383355ebf71f2b2cf72b1b58a78dd774a4b3f53d74515c4b25ebcad8719a8180b5e2d8a17d985639522070cb06ab59a5dd85aa277fdf4090c1dad5a3897e794801e7f5e9555a9c31e60a41428f09b4bafb1be987a006ea44808bef35c8e9aa369a84d896fa1b2203084869b3d995b98bff0bc27f29f0641e0adf5d0dce3c91b8f94efa4665f095080fada85233d5749ab3923996acf5fa0c1f9659d75f6ba5322a3b5f076ad94ee8c6f4558d481f0cad83727496acd5c076169ab6e3be15190873dbc4cbd627448374c05987fda406a8c8be8c40eb160cd701e3e9b137c7dd0bff4f1f8f8f7eaff3fb90ee8a881320502260dd976f4d8fcc74aef3f6f8597ad338e2f5bb6967909b9db609e8ec48eb26ffd5702a3b832db80aa448976e8775fb8e9e8a8c7032143507b3ac70cf35fab4047b0f8ae7579b47a331554c9eaf944c284767a0baa64e8ca21fac1d23e2611cc71e5f140caeb2d0a9b1382d8dd9ff178568fbfb52e71fb72a82b626898c3e27f2d00349afb1d6eab43bce9b071583efc2a958b0e7dd0dd8d72e0bdfc63234f061a74d7581b580d808806e799046ed1a3f4d111387d4452518c067f5b209a804c1ed725666c99cf62f36fcf3c488c0fdebff08a6f17fcca4b6bb8420a26e2c0cc02f772296026a9378e58d235b288fa916a3d7787060797874b7e1993ea3ea078911b616c374a4a0c035fcba8e633ee25a0203002acdab98659fac857f1d7af741eb33a56fc9b6afd5edb2e66988806d85f0f8b49affa43f6b1681ae25659852b021909c11d4e772e97ef245866dc4d01ddc2c4431cd418e07b7b87f166a5bb7f5fc0debb127b3fb06ad25e0d97639a9501d0a563327dba9fbb509dfab654e93db7aa6705caf2245a2f55b27c10b1ce41acb7180e1f5fb290b3506d54660cb61757cc0c890287ddfb3bcd1955e4f8a46d8678092d02df766e259c2fd834501d82628c4b12a6228c5b107f620ef6c4032999a846c7188cca54e98fac6897e14cff9ae7e2297659dd78403b9525d4417255bca75dd232b0a7a311147b0f8dfb3333b404a747e6a7c890ece8f3104e3e61442e82910e0026d7ba515b344d99b00b264dea8bfe5fb33c2332c836a9a8815eec316a709dcb44d2b702f75a09a6021492c0241d3daa7c6b61344c7c965f27187a1cfa1200ac1c8d313d8097a68b6cde740eb738b81b189c62d0baea0d8914d949aebb7774341c341b110961229b4a"}}, &(0x7f00000056c0))
mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000004480)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=r2, @ANYBLOB=',group_id=', @ANYRESDEC, @ANYBLOB="2c64656661756c745f7065726d697361707072616973655f747970653d696d617369672c73696c656e742c6d61736b114d41595f415050454e442c736d61636b66737472616e736d7574653d2c00000000000000"])
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x1)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
stat(&(0x7f0000000200)='./file0\x00', 0x0)
read$FUSE(r4, &(0x7f00000021c0)={0x2020, 0x0, <r5=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000000040)={0x50, 0x0, r5, {0x7, 0x1f, 0x0, 0x24010400}}, 0x50)

6.2848911s ago: executing program 9 (id=5691):
r0 = syz_usb_connect(0x2, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000000)={0x1c, &(0x7f0000000080)=ANY=[], 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000001c0)={0x1c, &(0x7f0000000000)=ANY=[], 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000680)={0x34, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000340)={0x2c, &(0x7f0000000200)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)

5.92377126s ago: executing program 5 (id=5693):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/custom1\x00', 0x1802, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000400)={0x2, 0x4e20, @multicast2}, 0x10)
r0 = epoll_create1(0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000080), 0xd5af, 0x2)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f00000000c0))
r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_GET_FEATURES(r2, 0x8008af00, &(0x7f0000000380))
r3 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000240)='cpuset.sched_load_balance\x00', 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x10c4, 0x0, 0x0, 0x180000}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x1}})
r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r7, &(0x7f0000019680)=""/102392, 0x18ff8)
sendmsg$nl_generic(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0x9, 0x0, 0x0, @binary="38eac21a"}]}, 0x1c}}, 0x20000000)
write$cgroup_int(r3, &(0x7f0000000340)=0x4a6d, 0x12)
r8 = socket$netlink(0x10, 0x3, 0x1)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000006a240a0000000000e60008000a000100000004000b00080047d7d8010000000000040009000800010800d6437deeb0000100000004"], 0x48}, 0x1, 0x0, 0x0, 0x4048000}, 0x0)
r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r9, 0x4068aea3, &(0x7f0000000000)={0x79})
ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
r10 = socket(0x10, 0x3, 0x0)
write(r10, &(0x7f0000000140)="140000004e0025000307f4f9002304000aa6c504", 0x14)

5.639280439s ago: executing program 3 (id=5694):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_JOIN_MCAST(r0, &(0x7f00000004c0)={0x16, 0x98, 0xfa00, {0x0, 0x2, 0xffffffffffffffff, 0x1c, 0x1, @in6={0xa, 0x4e23, 0x100, @local, 0xbeb}}}, 0xa0)
r1 = socket$inet(0xa, 0x801, 0x84)
connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10)
listen(r1, 0x8)
r2 = accept4(r1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r2, 0x84, 0x23, &(0x7f0000000040)={0x0, 0x9bb}, 0x8)

5.189107919s ago: executing program 3 (id=5695):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/custom1\x00', 0x1802, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000400)={0x2, 0x4e20, @multicast2}, 0x10)
r1 = epoll_create1(0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000080), 0xd5af, 0x2)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, &(0x7f00000000c0))
r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_GET_FEATURES(r3, 0x8008af00, &(0x7f0000000380))
r4 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000240)='cpuset.sched_load_balance\x00', 0x2, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x10c4, 0x0, 0x0, 0x180000}, &(0x7f0000000340)=<r6=>0x0, &(0x7f0000000280)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x4004, @fd_index=0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x1}})
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x1c, 0x2d, 0x1, 0x70bd26, 0x25dfdbfc, {0x4}, [@typed={0x8, 0x9, 0x0, 0x0, @binary="38eac21a"}]}, 0x1c}}, 0x20000000)
write$cgroup_int(r4, &(0x7f0000000340)=0x4a6d, 0x12)
r8 = socket$netlink(0x10, 0x3, 0x1)
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="480000006a240a0000000000e60008000a000100000004000b00080047d7d8010000000000040009000800010800d6437deeb0000100000004"], 0x48}, 0x1, 0x0, 0x0, 0x4048000}, 0x0)
ioctl$BINDER_THREAD_EXIT(r0, 0x40046208, 0x0)
r9 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CAP_EXIT_HYPERCALL(r9, 0x4068aea3, &(0x7f0000000000)={0x79})
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x2)
ioctl$KVM_SET_MP_STATE(r10, 0x4004ae99, &(0x7f0000000100)=0x4)
r11 = socket(0x10, 0x3, 0x0)
write(r11, &(0x7f0000000140)="140000004e0025000307f4f9002304000aa6c504", 0x14)
socket$inet6_sctp(0xa, 0x1, 0x84)

5.086559292s ago: executing program 5 (id=5696):
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0), 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000d40)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYRESDEC], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4a, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$key(0xf, 0x3, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000c40)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x8000002000000, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407030000060000001d440000000000006b0a20fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)

4.66089503s ago: executing program 3 (id=5697):
socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x1, 0x0)
syz_80211_join_ibss(0x0, 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$MAP_CREATE(0x700000000000000, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x9, 0x2, 0x56d, 0x3, 0x2, 0xffffffffffffffff, 0x4}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r1}, 0x38)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), 0x0, 0x1000, r1}, 0x38)

4.563854431s ago: executing program 0 (id=5698):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000004300)=@newtaction={0x88, 0x30, 0xffff, 0xfffffffc, 0x0, {0x0, 0x0, 0x1300}, [{0x74, 0x1, [@m_mirred={0x70, 0x1, 0x0, 0x0, {{0xb}, {0x44, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x4, {{0x6}}}, @TCA_MIRRED_PARMS={0x20, 0x2, {{0x0, 0x0, 0xffffffffffffffff}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000e40)='ns\x00')
getdents(r2, 0x0, 0x48)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x20000000000000ad, &(0x7f00000001c0)=ANY=[], &(0x7f0000000400)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0xd, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200004}, 0x94)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
pipe(&(0x7f0000000180)={<r5=>0xffffffffffffffff})
r6 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r6, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x1, 0x4, 0x0, @vifc_lcl_addr=@remote, @remote}, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x1ff)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000000)={r4, r3, 0x4, r5}, 0x10)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000040), 0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r7, 0x0)
madvise(&(0x7f000027f000/0x1000)=nil, 0x1000, 0x19)
lseek(r7, 0x0, 0x4)
r8 = getpgrp(0x0)
syz_pidfd_open(r8, 0x0)
write$cgroup_pid(r5, &(0x7f0000000000)=r8, 0x12)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newqdisc={0x14c, 0x24, 0x3fe3aa0262d8c783, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0x6}}, [@qdisc_kind_options=@q_choke={{0xa}, {0x11c, 0x2, [@TCA_CHOKE_PARMS={0x14}, @TCA_CHOKE_STAB={0x104, 0x2, "1cb315f3c5e23d27d29a00dd397b5c11d4cf201c1a0619fc314514ab71788e4079fdbe4f2a0d60b83a7d04c1d709981110401e5e10685abbad9b6f18e303e902c77244658a099a36fa486760c4941ea7df64250af29a4935de76bc6b1c9735ff8243f088e67455ba14975d12e5903ceeb7a23d62ecb5253ad444ef726b58a00f13f22ccc84cc06c9912b621c3ddc5f3229dc84c0880b5c6faefe33413b34a146e592fc15ae234dac030f05bb99eab08dfd2cb5659c6fc21fb7da6c380165ddde4659e75538dc864a53f691e1d785d6e6f73a03abf2120bce67e2d50075fd0700000000000000335bdee19738a0c1fb79b77d00"}]}}]}, 0x14c}}, 0x0)

4.556208731s ago: executing program 5 (id=5699):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x1})
r1 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x1000002, 0x4018831, 0xffffffffffffffff, 0x0)
syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6cbecbf09d6dd7be5a06dfd64563f329c16f799d1836bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffd00fb243c3111dda42112650cc", 0x0, 0xfe2a)
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000/0x1000)=nil, 0x4000}) (fail_nth: 1)

4.444683519s ago: executing program 3 (id=5700):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r2 = creat(&(0x7f00000001c0)='./file0\x00', 0x40)
close(r2)
r3 = syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
clock_getres(0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000002d00090027bd700000000000040000008814d2cac88a4d33c05eda9ddeab6bd70d05d6a68355f71b43a6284fb9fd8eef1c5c2a0660e8b01ec2a0df"], 0x14}}, 0x84)
recvmmsg(r6, 0x0, 0x0, 0x400120a0, 0x0)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f00000000c0)={0x0, 0x104000, 0x800, 0x9, 0x5}, 0x20)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
ioctl$LOOP_CONFIGURE(r3, 0x4c0a, 0x0)
read$FUSE(r2, &(0x7f000000c400)={0x2020}, 0x2020)
r7 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r7, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x1e}, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x20}, {0x0, 0x4, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x4, 0x2}, {0x0, 0xfffffffffffffffc}, 0x0, 0x6e6bb9, 0x1}, {{@in=@broadcast, 0xfffffffc, 0x32}, 0x0, @in=@empty, 0x0, 0x0, 0x2, 0x7, 0x200}}, 0xe8)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=ANY=[@ANYBLOB="38010000160033060000000000000080e0000002000000000000000000000000ff020000000000000100000000000000000a00"/64, @ANYRES32=r0, @ANYRES32=0x0, @ANYBLOB="ac1414bb000000000000000000000000000004d2320000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000050000000000000003000000000000000000000000000000050000000000000004000000000000000000000002000000020000000a000418000000000000000048000200656362286369706865725f6e756c6c2900"/229], 0x138}, 0x1, 0x0, 0x0, 0x4000004}, 0x0)

4.35189902s ago: executing program 0 (id=5701):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0), 0x10, 0x9}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000c80)={&(0x7f0000002140)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000030000005637f880f14ee2dd0000f90e72cd0ea30cee982535"], &(0x7f0000000c40)=""/3, 0x26, 0x3, 0x1, 0x1}, 0x28)

3.931952612s ago: executing program 8 (id=5702):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f0000000000), 0x651, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'sit0\x00'})
symlinkat(&(0x7f0000003040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', 0xffffffffffffff9c, &(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00')
memfd_create(0x0, 0x0)
r1 = syz_init_net_socket$ax25(0x3, 0x2, 0x1)
ioctl$SIOCAX25ADDUID(r1, 0x89e1, &(0x7f0000000080)={0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0xee01})
r2 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000540), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x42031, 0xffffffffffffffff, 0x0)
r4 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x5)
setsockopt$inet_tcp_int(r4, 0x6, 0x19, &(0x7f00000001c0)=0x1, 0x4)
bind$inet(r4, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10)
sendmmsg$inet(r4, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000340)="b9cd14c222ee3c0cb001829a8681ed391da1a71d8d", 0x15}], 0x1}}], 0x1, 0x20008000)
r5 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x54, 0x10, 0x1, 0xffffffff, 0x0, {0x0, 0x0, 0x0, 0x0, {0x1}, {}, {0xe}}, [@TCA_INGRESS_BLOCK={0x8}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}}, 0x0)

3.52197094s ago: executing program 5 (id=5703):
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x5a9200, 0x100)
r0 = socket$kcm(0x23, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000000340)={&(0x7f0000000000)=@phonet, 0x80, &(0x7f0000000380)=[{&(0x7f0000000080)="05", 0x1}, {0x0, 0xea}], 0x2}, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00', <r4=>0x0})
r5 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x0)
ioctl$DRM_IOCTL_GET_MAGIC(r5, 0x80046402, 0x0)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETQUEUE(r6, 0x400454d9, &(0x7f00000000c0)={'netpci0\x00', 0x400})
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f})
ioctl$TUNSETQUEUE(r7, 0x400454d9, &(0x7f0000000280)={'veth1_to_bridge\x00', 0x400})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newqdisc={0x68, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x38, 0x2, {{0x0, 0x200000, 0x0, 0x0, 0xffffffff, 0x8003}, [@TCA_NETEM_LOSS={0x1c, 0x5, 0x0, 0x1, [@NETEM_LOSS_GI={0x18, 0x1, {0x7fffffff, 0x0, 0xfffffffd, 0x100000}}]}]}}}]}, 0x68}}, 0x0)
sendto$packet(r1, 0x0, 0x0, 0x4010, &(0x7f0000000140)={0x11, 0x17, r4, 0x1, 0x7, 0x6, @multicast}, 0x14)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE(r8, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10)
connect$inet(r8, &(0x7f0000000040)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
r9 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCDARP(r9, 0x8953, &(0x7f0000000300)={{0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x1, @remote}, 0x0, {0x2, 0x0, @private}, 'syz_tun\x00'})

3.004436341s ago: executing program 9 (id=5704):
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000240)={{&(0x7f0000400000/0x1000)=nil, 0x20400000}, 0x1})
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0x0, 0x0, 0x4, 0x0, [], [0x8200], 0x1}}})
ioctl$VIDIOC_QBUF(r0, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfe, "8000"}, 0x0, 0x2, {}, 0x20800})
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) (fail_nth: 1)

2.226072851s ago: executing program 0 (id=5705):
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'ipvlan0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="2800000010000100"/20, @ANYRES32=r1, @ANYBLOB='m'], 0x28}}, 0x0)

2.221614565s ago: executing program 8 (id=5706):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socket$nl_netfilter(0x10, 0x3, 0xc)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfffff000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
r4 = socket$l2tp6(0xa, 0x2, 0x73)
setsockopt$inet6_IPV6_RTHDR(r4, 0x29, 0x39, &(0x7f00000000c0)={0x33, 0x4, 0x2, 0x9, 0x0, [@mcast1, @empty]}, 0x28)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000300000000000000", @ANYRES32, @ANYBLOB="09000000000000000000000001eaffffff000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="05000000010000000300"/28], 0x50)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000480)={0x5, <r6=>0x0}, 0x8)
r7 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000004c0)={0x0, 0x6, 0x8}, 0xc)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x6, 0x11, &(0x7f0000000380)=ANY=[@ANYBLOB="1800000004000400000000000200000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000186500000000000000000000ff000000bf91000000000000b7020000010000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000040)='GPL\x00', 0x4, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x5, 0x4}, 0x8, 0x10, 0x0, 0x0, r6, r0, 0x9, &(0x7f0000000580)=[r7, 0xffffffffffffffff], &(0x7f0000000640)=[{0x1, 0x3, 0xe, 0xc}, {0x0, 0x1, 0xf, 0xb}, {0x4, 0x3, 0xb}, {0x3, 0x1, 0x6}, {0x2, 0x5, 0xf, 0xa}, {0x4, 0x2, 0x4, 0x7}, {0x1, 0x3, 0x1, 0xb}, {0x0, 0x2, 0x8, 0x9}, {0x1, 0x2, 0xf, 0x7}], 0x10, 0xfffffff8}, 0x94)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
fsetxattr$security_capability(r3, &(0x7f00000000c0), 0x0, 0x0, 0x2)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000000)='ns/time\x00')
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000005c0)=ANY=[@ANYBLOB="2800000010003b150400"/20, @ANYRES32=0x0, @ANYBLOB="024806000000000008001300", @ANYRES32=0x0, @ANYBLOB="639c2e356a5b02ed1a17e6aab9ca4d8efb92b07a19e3a0f584f7e9a6d90d07c582116b6526ed10770c134e71829c1e9725012baf0688501b69493a4742b13896d3a376df8ca1"], 0x28}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0xffffffffffffff1a, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)

2.143941399s ago: executing program 9 (id=5707):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)={0x1c, 0x0, 0x1, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x48880}, 0x8004)
syz_usb_connect(0x2, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r2)
sendmsg$GTP_CMD_NEWPDP(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x34, r3, 0x1, 0x0, 0x0, {0x3}, [@GTPA_VERSION={0x8}, @GTPA_PEER_ADDRESS={0x8, 0x4, @empty}, @GTPA_MS_ADDRESS={0x8, 0x5, @rand_addr=0x64010102}, @GTPA_LINK={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x805}, 0x4000040)
bind$bt_hci(r1, 0x0, 0x0)
write(r1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x2)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r4, 0x29, 0x2, &(0x7f00000001c0)=0x7, 0x4)
getsockopt$inet6_buf(r4, 0x29, 0x6, 0x0, &(0x7f0000000640))
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8)
mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x81c0, 0x0)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[], 0x7c}}, 0x0)
sendmsg$nl_generic(r0, 0x0, 0x20000090)
sendmsg$NFT_BATCH(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[], 0x6c}}, 0x0)
sendmsg$NFT_MSG_GETOBJ(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)=ANY=[@ANYBLOB="34000000130a03000000000000000000020000060900020073797a"], 0x34}}, 0x0)
execve(&(0x7f0000000140)='./file2\x00', 0x0, 0x0)
r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0)
read$FUSE(r8, 0x0, 0x0)

1.432881535s ago: executing program 0 (id=5708):
bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0xe, 0x42032, 0xffffffffffffffff, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f000905", @ANYBLOB="a3ff33"], 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
read$FUSE(0xffffffffffffffff, &(0x7f0000002200)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_STATX(0xffffffffffffffff, &(0x7f0000004240)={0x130, 0x0, r1, {0x7fff, 0x3, 0x0, '\x00', {0x40, 0x2, 0x1, 0xfff, 0x0, 0x0, 0xc000, '\x00', 0x3, 0x9, 0x81, 0x5, {0x4, 0x6}, {0x1, 0x1}, {}, {0x3, 0x8}, 0x1, 0x8, 0x9, 0x59a}}}, 0x130)
sendmsg$key(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=ANY=[@ANYBLOB="02142000110000000040000000000000030005000000000002000000ffffffff0000000000000000080012000000010000000000000000000600000000000027b20e97a6a9ecae000000ee00000000000000000000000000fc020000000000000000000000000000030006000000000002000000e00000010000000000000000010018"], 0x88}}, 0x20000000)
sendmsg$key(r0, &(0x7f0000000040)={0x4000000, 0x0, &(0x7f0000000000)={&(0x7f0000000380)={0x2, 0xf, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @broadcast}}, @sadb_x_policy={0x8, 0x12, 0x0, 0x1, 0x0, 0x0, 0x0, {0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @in6=@empty, @in6=@private2}}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x80}}, 0x0)
syz_emit_ethernet(0x376, &(0x7f00000003c0)={@link_local, @multicast, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "0300", 0x340, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af0502"}, {0x0, 0x1, "000005000000000026000400"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a1800c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fed0e94222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x0, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x19, 0x7, "b8a3e10000a3e1030000000900fec0ffff00000000600000ff0bc0fe000000000000000000000000d9a0274400"/55}, {0x19, 0x11, "3f14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e2eeb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05"}]}}}}}}, 0x0)

1.388787149s ago: executing program 5 (id=5709):
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000001fc0)={0xdc, 0x0, 0x10, 0x70bd2c, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x5f}}}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0xffffffff}, @NL80211_ATTR_FRAME={0x51, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x2}, @device_a, @broadcast, @from_mac, {0x9}, @value=@ver_80211n={0x0, 0x6, 0x0, 0x3, 0x0, 0x3, 0x0, 0x0, 0x1}}, 0x1012, 0x7, @device_a, {0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0x12}]}, @val={0x2d, 0x1a, {0x300, 0x0, 0x0, 0x0, {0x10001, 0x3, 0x0, 0x259, 0x0, 0x0, 0x1, 0x2, 0x1}, 0x8, 0x800, 0x3}}}}, @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xef}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0xbb0}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x3}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x4}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x2}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x1000}], @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_DURATION={0x8, 0x57, 0x7e2}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x4}]}, 0xdc}, 0x1, 0x0, 0x0, 0x24011}, 0x404c000)
sendmsg$can_raw(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000880)=@canfd={{0x1, 0x1}, 0x39, 0x0, 0x0, 0x0, "3992ca995e968b0b065f7922b761528f0199602d1e09faf0c0f1c2db040f957a34b2aa413157e3ec06fdcf6128269e6763e9c19b00d4eb026a6375a22b930a64"}, 0x48}, 0x1, 0x0, 0x0, 0x8490}, 0x1)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000300)="d8000000180081064e81f782db4cb904021d0800fe067c05e8fe55a10a0005000140020003600e41b0000900ac0006fc1100000004000500014002000000035c3b61c1d67f6f94007174cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001b14d6d930dfe1d9d322fe7c4650b5b9bd6ee6f63f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0adff010000000000000dd6e4edef3d93452a09004b43370e9703890723f97e46bb5c0754", 0xd6}], 0x1}, 0x20004804)
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x2000, &(0x7f0000003700)={0x77359400})

1.24410683s ago: executing program 8 (id=5710):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
getsockopt$IP6T_SO_GET_INFO(r0, 0x29, 0x40, 0x0, &(0x7f0000000040))
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
syz_open_dev$video4linux(0x0, 0x65a, 0x0)
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x42, 0x0)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x1})
ppoll(&(0x7f0000000000)=[{r2, 0x2bc8a8fbcfebe7c6}], 0x1, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r3=>r1}, './file0\x00'})
ioctl$VHOST_SET_VRING_ADDR(r3, 0x4028af11, &(0x7f0000000280)={0x3, 0x0, &(0x7f00000001c0)=""/47, &(0x7f0000000240)=""/22, &(0x7f0000000880)=""/4096, 0xffff1000})
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r5 = userfaultfd(0x801)
ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000040)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00001b1000/0x4000)=nil, 0x400000, 0x2, 0x2})

1.176259854s ago: executing program 5 (id=5711):
socket$nl_generic(0x10, 0x3, 0x10)
socket$unix(0x1, 0x1, 0x0)
syz_80211_join_ibss(0x0, 0x0, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$MAP_CREATE(0x700000000000000, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x9, 0x2, 0x56d, 0x3, 0x2, 0xffffffffffffffff, 0x4}, 0x50)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000600), &(0x7f0000001f80), 0xfffffffb, r1}, 0x38)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), 0x0, 0x1000, r1}, 0x38)

113.926628ms ago: executing program 8 (id=5712):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ptrace$ARCH_SHSTK_STATUS(0x1e, r2, 0x0, 0x5005)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48)
syz_open_dev$sndmidi(&(0x7f00000002c0), 0x2fc, 0x8442)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x10, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000028000000bca30000000000003403000040feffff720af1ff0000000071a4f0ff000000001f030000000000002e0a0200000000002604fdffffff000e61144400000000001d430000000000007a0a00fe0000001f61141c0000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fd79153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdcea26498d26229110b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb7ed9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e2848890522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b6"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2}, 0x48)
sendto$inet6(r0, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @local, 0x9}, 0x1c)

0s ago: executing program 9 (id=5713):
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000000c0), 0x8b000, 0x0)
r1 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)
syz_init_net_socket$llc(0x1a, 0x2, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000002040)={@map, 0xffffffffffffffff, 0x9}, 0x20)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82)

kernel console output (not intermixed with test programs):

3736][T26734]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2247.453757][T26734]  ? clear_bhb_loop+0x60/0xb0
[ 2247.453782][T26734]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2247.453802][T26734] RIP: 0033:0x7fce5018e9a9
[ 2247.453822][T26734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2247.453840][T26734] RSP: 002b:00007fce50f45038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2247.453864][T26734] RAX: ffffffffffffffda RBX: 00007fce503b5fa0 RCX: 00007fce5018e9a9
[ 2247.453880][T26734] RDX: 0000000000002000 RSI: 0000200000000000 RDI: 0000000000000003
[ 2247.453894][T26734] RBP: 00007fce50f45090 R08: 0000000000000000 R09: 0000000000000000
[ 2247.453908][T26734] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2247.453921][T26734] R13: 0000000000000000 R14: 00007fce503b5fa0 R15: 00007ffc7a02ee18
[ 2247.453955][T26734]  </TASK>
[ 2247.568444][T26735] netlink: 'syz.8.5048': attribute type 1 has an invalid length.
[ 2247.688704][T26735] netlink: 193500 bytes leftover after parsing attributes in process `syz.8.5048'.
[ 2247.786742][T26732] sctp: [Deprecated]: syz.8.5048 (pid 26732) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2247.786742][T26732] Use struct sctp_sack_info instead
[ 2249.809426][T18720] Bluetooth: hci5: command 0x0406 tx timeout
[ 2251.724197][T26781] netlink: 72 bytes leftover after parsing attributes in process `syz.5.5067'.
[ 2254.802398][T26804] FAULT_INJECTION: forcing a failure.
[ 2254.802398][T26804] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2254.815762][T26804] CPU: 0 UID: 0 PID: 26804 Comm: syz.8.5072 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2254.815791][T26804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2254.815804][T26804] Call Trace:
[ 2254.815813][T26804]  <TASK>
[ 2254.815823][T26804]  dump_stack_lvl+0x189/0x250
[ 2254.815853][T26804]  ? __pfx____ratelimit+0x10/0x10
[ 2254.815877][T26804]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2254.815901][T26804]  ? __pfx__printk+0x10/0x10
[ 2254.815928][T26804]  ? __might_fault+0xb0/0x130
[ 2254.815963][T26804]  should_fail_ex+0x414/0x560
[ 2254.815991][T26804]  _copy_from_user+0x2d/0xb0
[ 2254.816021][T26804]  ___sys_sendmsg+0x158/0x2a0
[ 2254.816056][T26804]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2254.816128][T26804]  ? __fget_files+0x2a/0x420
[ 2254.816151][T26804]  ? __fget_files+0x3a0/0x420
[ 2254.816185][T26804]  __x64_sys_sendmsg+0x19b/0x260
[ 2254.816237][T26804]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 2254.816279][T26804]  ? __pfx_ksys_write+0x10/0x10
[ 2254.816306][T26804]  ? do_syscall_64+0xbe/0x3b0
[ 2254.816334][T26804]  do_syscall_64+0xfa/0x3b0
[ 2254.816356][T26804]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2254.816379][T26804]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2254.816400][T26804]  ? clear_bhb_loop+0x60/0xb0
[ 2254.816426][T26804]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2254.816447][T26804] RIP: 0033:0x7fb27a78e9a9
[ 2254.816467][T26804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2254.816484][T26804] RSP: 002b:00007fb2785d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2254.816508][T26804] RAX: ffffffffffffffda RBX: 00007fb27a9b6160 RCX: 00007fb27a78e9a9
[ 2254.816523][T26804] RDX: 0000000000000004 RSI: 00002000000003c0 RDI: 0000000000000008
[ 2254.816537][T26804] RBP: 00007fb2785d5090 R08: 0000000000000000 R09: 0000000000000000
[ 2254.816558][T26804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2254.816572][T26804] R13: 0000000000000000 R14: 00007fb27a9b6160 R15: 00007fff0a66dd38
[ 2254.816605][T26804]  </TASK>
[ 2255.347613][T26810] FAULT_INJECTION: forcing a failure.
[ 2255.347613][T26810] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2255.429811][T26810] CPU: 1 UID: 0 PID: 26810 Comm: syz.3.5075 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2255.429847][T26810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2255.429861][T26810] Call Trace:
[ 2255.429869][T26810]  <TASK>
[ 2255.429879][T26810]  dump_stack_lvl+0x189/0x250
[ 2255.429910][T26810]  ? __pfx____ratelimit+0x10/0x10
[ 2255.429934][T26810]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2255.429957][T26810]  ? __pfx__printk+0x10/0x10
[ 2255.429984][T26810]  ? __might_fault+0xb0/0x130
[ 2255.430019][T26810]  should_fail_ex+0x414/0x560
[ 2255.430064][T26810]  _copy_from_user+0x2d/0xb0
[ 2255.430093][T26810]  ___sys_sendmsg+0x158/0x2a0
[ 2255.430127][T26810]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2255.430200][T26810]  ? __fget_files+0x2a/0x420
[ 2255.430222][T26810]  ? __fget_files+0x3a0/0x420
[ 2255.430257][T26810]  __sys_sendmmsg+0x227/0x430
[ 2255.430295][T26810]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 2255.430323][T26810]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 2255.430377][T26810]  ? ksys_write+0x22a/0x250
[ 2255.430401][T26810]  ? __pfx_ksys_write+0x10/0x10
[ 2255.430418][T26810]  ? rcu_is_watching+0x15/0xb0
[ 2255.430448][T26810]  __x64_sys_sendmmsg+0xa0/0xc0
[ 2255.430495][T26810]  do_syscall_64+0xfa/0x3b0
[ 2255.430517][T26810]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2255.430539][T26810]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2255.430559][T26810]  ? clear_bhb_loop+0x60/0xb0
[ 2255.430585][T26810]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2255.430605][T26810] RIP: 0033:0x7fce5018e9a9
[ 2255.430625][T26810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2255.430644][T26810] RSP: 002b:00007fce50f45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2255.430669][T26810] RAX: ffffffffffffffda RBX: 00007fce503b5fa0 RCX: 00007fce5018e9a9
[ 2255.430685][T26810] RDX: 00000000000002e9 RSI: 0000200000000480 RDI: 0000000000000006
[ 2255.430699][T26810] RBP: 00007fce50f45090 R08: 0000000000000000 R09: 0000000000000000
[ 2255.430712][T26810] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2255.430726][T26810] R13: 0000000000000000 R14: 00007fce503b5fa0 R15: 00007ffc7a02ee18
[ 2255.430760][T26810]  </TASK>
[ 2256.814489][T26817] tipc: Started in network mode
[ 2256.830242][T26817] tipc: Node identity ac14140f, cluster identity 4711
[ 2256.870915][T26817] tipc: New replicast peer: 255.255.255.255
[ 2256.890887][T26817] tipc: Enabled bearer <udp:syz2>, priority 10
[ 2256.903120][T26822] FAULT_INJECTION: forcing a failure.
[ 2256.903120][T26822] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2256.978537][T26822] CPU: 1 UID: 0 PID: 26822 Comm: syz.0.5078 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2256.978568][T26822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2256.978581][T26822] Call Trace:
[ 2256.978590][T26822]  <TASK>
[ 2256.978599][T26822]  dump_stack_lvl+0x189/0x250
[ 2256.978628][T26822]  ? __pfx____ratelimit+0x10/0x10
[ 2256.978650][T26822]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2256.978672][T26822]  ? __pfx__printk+0x10/0x10
[ 2256.978698][T26822]  ? __might_fault+0xb0/0x130
[ 2256.978731][T26822]  should_fail_ex+0x414/0x560
[ 2256.978756][T26822]  _copy_from_user+0x2d/0xb0
[ 2256.978784][T26822]  ___sys_sendmsg+0x158/0x2a0
[ 2256.978817][T26822]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2256.978886][T26822]  ? __fget_files+0x2a/0x420
[ 2256.978908][T26822]  ? __fget_files+0x3a0/0x420
[ 2256.978941][T26822]  __x64_sys_sendmsg+0x19b/0x260
[ 2256.978975][T26822]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 2256.979016][T26822]  ? __pfx_ksys_write+0x10/0x10
[ 2256.979032][T26822]  ? rcu_is_watching+0x15/0xb0
[ 2256.979060][T26822]  ? do_syscall_64+0xbe/0x3b0
[ 2256.979086][T26822]  do_syscall_64+0xfa/0x3b0
[ 2256.979106][T26822]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2256.979127][T26822]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2256.979145][T26822]  ? clear_bhb_loop+0x60/0xb0
[ 2256.979169][T26822]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2256.979188][T26822] RIP: 0033:0x7fa846b8e9a9
[ 2256.979207][T26822] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2256.979225][T26822] RSP: 002b:00007fa8449d5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2256.979247][T26822] RAX: ffffffffffffffda RBX: 00007fa846db6080 RCX: 00007fa846b8e9a9
[ 2256.979263][T26822] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003
[ 2256.979276][T26822] RBP: 00007fa8449d5090 R08: 0000000000000000 R09: 0000000000000000
[ 2256.979288][T26822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2256.979300][T26822] R13: 0000000000000000 R14: 00007fa846db6080 R15: 00007ffe12655d98
[ 2256.979332][T26822]  </TASK>
[ 2256.986170][T26820] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5077'.
[ 2257.246289][T26820] tipc: Disabling bearer <udp:syz2>
[ 2259.257944][T26842] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5083'.
[ 2259.928218][T26848] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[ 2259.935898][T26848] IPv6: NLM_F_CREATE should be set when creating new route
[ 2260.258580][T21766] usb 6-1: new high-speed USB device number 77 using dummy_hcd
[ 2260.682862][T21766] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2260.754679][T21766] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[ 2261.323066][T21766] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[ 2261.372465][T21766] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2261.409183][T21766] usb 6-1: config 0 descriptor??
[ 2261.835853][T21766] kovaplus 0003:1E7D:2D50.000C: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.5-1/input0
[ 2262.478724][T26876] random: crng reseeded on system resumption
[ 2262.692073][T21766] kovaplus 0003:1E7D:2D50.000C: couldn't init struct kovaplus_device
[ 2262.712232][T21766] kovaplus 0003:1E7D:2D50.000C: couldn't install mouse
[ 2262.909016][T21766] kovaplus 0003:1E7D:2D50.000C: probe with driver kovaplus failed with error -71
[ 2263.018845][T21766] usb 6-1: USB disconnect, device number 77
[ 2264.867712][T26893] netlink: 60 bytes leftover after parsing attributes in process `syz.5.5096'.
[ 2267.818961][ T5958] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[ 2268.420309][ T5958] usb 10-1: Using ep0 maxpacket: 32
[ 2268.514917][ T5958] usb 10-1: config 0 has an invalid interface number: 184 but max is 0
[ 2268.523513][ T5958] usb 10-1: config 0 has no interface number 0
[ 2268.538715][ T5958] usb 10-1: config 0 interface 184 has no altsetting 0
[ 2268.551460][ T5958] usb 10-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 2268.564627][ T5958] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2268.578904][ T5958] usb 10-1: Product: syz
[ 2268.583204][ T5958] usb 10-1: Manufacturer: syz
[ 2268.610565][ T5958] usb 10-1: SerialNumber: syz
[ 2268.788972][ T5958] usb 10-1: config 0 descriptor??
[ 2268.810577][ T5958] smsc75xx v1.0.0
[ 2268.814277][ T5958] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[ 2269.633447][ T5958] smsc75xx 10-1:0.184: probe with driver smsc75xx failed with error -22
[ 2269.715762][ T5958] usb 10-1: USB disconnect, device number 8
[ 2271.730147][T26954] FAULT_INJECTION: forcing a failure.
[ 2271.730147][T26954] name failslab, interval 1, probability 0, space 0, times 0
[ 2271.777999][T26954] CPU: 0 UID: 0 PID: 26954 Comm: syz.9.5114 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2271.778033][T26954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2271.778045][T26954] Call Trace:
[ 2271.778053][T26954]  <TASK>
[ 2271.778062][T26954]  dump_stack_lvl+0x189/0x250
[ 2271.778091][T26954]  ? __pfx____ratelimit+0x10/0x10
[ 2271.778112][T26954]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2271.778135][T26954]  ? __pfx__printk+0x10/0x10
[ 2271.778166][T26954]  ? __pfx___might_resched+0x10/0x10
[ 2271.778187][T26954]  ? fs_reclaim_acquire+0x7d/0x100
[ 2271.778225][T26954]  should_fail_ex+0x414/0x560
[ 2271.778251][T26954]  should_failslab+0xa8/0x100
[ 2271.778275][T26954]  __kmalloc_noprof+0xcb/0x4f0
[ 2271.778293][T26954]  ? kfree+0x4d/0x440
[ 2271.778324][T26954]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 2271.778356][T26954]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 2271.778383][T26954]  ? tomoyo_domain+0xda/0x130
[ 2271.778415][T26954]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 2271.778436][T26954]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 2271.778460][T26954]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2271.778500][T26954]  ? __lock_acquire+0xab9/0xd20
[ 2271.778541][T26954]  ? __fget_files+0x2a/0x420
[ 2271.778565][T26954]  ? __fget_files+0x2a/0x420
[ 2271.778585][T26954]  ? __fget_files+0x3a0/0x420
[ 2271.778604][T26954]  ? __fget_files+0x2a/0x420
[ 2271.778631][T26954]  security_file_ioctl+0xcb/0x2d0
[ 2271.778658][T26954]  __se_sys_ioctl+0x47/0x170
[ 2271.778692][T26954]  do_syscall_64+0xfa/0x3b0
[ 2271.778715][T26954]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2271.778736][T26954]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2271.778756][T26954]  ? clear_bhb_loop+0x60/0xb0
[ 2271.778782][T26954]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2271.778802][T26954] RIP: 0033:0x7f2dbfb8e9a9
[ 2271.778822][T26954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2271.778841][T26954] RSP: 002b:00007f2dbd9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2271.778867][T26954] RAX: ffffffffffffffda RBX: 00007f2dbfdb5fa0 RCX: 00007f2dbfb8e9a9
[ 2271.778883][T26954] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003
[ 2271.778897][T26954] RBP: 00007f2dbd9f6090 R08: 0000000000000000 R09: 0000000000000000
[ 2271.778910][T26954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2271.778923][T26954] R13: 0000000000000000 R14: 00007f2dbfdb5fa0 R15: 00007ffd09a98d68
[ 2271.778958][T26954]  </TASK>
[ 2272.078891][T24746] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[ 2272.139571][T26954] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2272.277248][T26954] input: syz0 as /devices/virtual/input/input64
acpid: input device has been disconnected, fd 3
[ 2272.468427][T24746] usb 9-1: Using ep0 maxpacket: 32
[ 2272.475390][T24746] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[ 2272.485378][T24746] usb 9-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0
[ 2272.501391][T24746] usb 9-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[ 2272.558502][T24746] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2272.588976][T24746] usb 9-1: Product: syz
[ 2272.595532][T24746] usb 9-1: Manufacturer: syz
[ 2272.748398][T24746] usb 9-1: SerialNumber: syz
[ 2272.764522][T24746] usb 9-1: config 0 descriptor??
[ 2273.004953][T21766] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[ 2273.079089][T26952] FAULT_INJECTION: forcing a failure.
[ 2273.079089][T26952] name failslab, interval 1, probability 0, space 0, times 0
[ 2273.148518][T21766] usb 4-1: device descriptor read/64, error -71
[ 2273.593294][T24746] input: syz syz as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/input/input65
[ 2273.612045][T24746] usbtouchscreen 9-1:0.0: usbtouch_probe - usb_submit_urb failed with result: -90
[ 2273.621835][T26952] CPU: 0 UID: 0 PID: 26952 Comm: syz.8.5115 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2273.621865][T26952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2273.621878][T26952] Call Trace:
[ 2273.621887][T26952]  <TASK>
[ 2273.621897][T26952]  dump_stack_lvl+0x189/0x250
[ 2273.621926][T26952]  ? __pfx____ratelimit+0x10/0x10
[ 2273.621949][T26952]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2273.621972][T26952]  ? __pfx__printk+0x10/0x10
[ 2273.622002][T26952]  ? fs_reclaim_acquire+0x7d/0x100
[ 2273.622035][T26952]  should_fail_ex+0x414/0x560
[ 2273.622061][T26952]  should_failslab+0xa8/0x100
[ 2273.622086][T26952]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 2273.622106][T26952]  ? getname_flags+0xb8/0x540
[ 2273.622136][T26952]  getname_flags+0xb8/0x540
[ 2273.622165][T26952]  do_sys_openat2+0xbc/0x1c0
[ 2273.622195][T26952]  ? __pfx_do_sys_openat2+0x10/0x10
[ 2273.622248][T26952]  __x64_sys_openat+0x138/0x170
[ 2273.622281][T26952]  do_syscall_64+0xfa/0x3b0
[ 2273.622305][T26952]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2273.622325][T26952]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 2273.622344][T26952]  ? clear_bhb_loop+0x60/0xb0
[ 2273.622370][T26952]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2273.622389][T26952] RIP: 0033:0x7fb27a78e9a9
[ 2273.622408][T26952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2273.622427][T26952] RSP: 002b:00007fb27b526038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 2273.622451][T26952] RAX: ffffffffffffffda RBX: 00007fb27a9b5fa0 RCX: 00007fb27a78e9a9
[ 2273.622466][T26952] RDX: 0000000000084000 RSI: 0000200000000040 RDI: ffffffffffffff9c
[ 2273.622479][T26952] RBP: 00007fb27b526090 R08: 0000000000000000 R09: 0000000000000000
[ 2273.622493][T26952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2273.622506][T26952] R13: 0000000000000000 R14: 00007fb27a9b5fa0 R15: 00007fff0a66dd38
[ 2273.622540][T26952]  </TASK>
[ 2273.834285][T26967] 9pnet_fd: Insufficient options for proto=fd
[ 2273.974045][T24746] usbtouchscreen 9-1:0.0: probe with driver usbtouchscreen failed with error -90
[ 2273.976258][T21766] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[ 2273.986365][T24746] usb 9-1: USB disconnect, device number 15
[ 2274.398034][T21766] usb 4-1: device descriptor read/64, error -71
[ 2275.189984][T21766] usb usb4-port1: attempt power cycle
[ 2276.028638][T21766] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[ 2276.165035][T21766] usb 4-1: device descriptor read/8, error -71
[ 2276.331538][T26986] FAULT_INJECTION: forcing a failure.
[ 2276.331538][T26986] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2276.345009][T26986] CPU: 0 UID: 0 PID: 26986 Comm: syz.0.5127 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2276.345038][T26986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2276.345051][T26986] Call Trace:
[ 2276.345060][T26986]  <TASK>
[ 2276.345068][T26986]  dump_stack_lvl+0x189/0x250
[ 2276.345098][T26986]  ? __pfx____ratelimit+0x10/0x10
[ 2276.345121][T26986]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2276.345144][T26986]  ? __pfx__printk+0x10/0x10
[ 2276.345179][T26986]  ? __might_fault+0xb0/0x130
[ 2276.345213][T26986]  should_fail_ex+0x414/0x560
[ 2276.345240][T26986]  _copy_from_user+0x2d/0xb0
[ 2276.345270][T26986]  __se_sys_copy_file_range+0x1b0/0x470
[ 2276.345296][T26986]  ? fput+0xa0/0xd0
[ 2276.345324][T26986]  ? __pfx___se_sys_copy_file_range+0x10/0x10
[ 2276.345348][T26986]  ? __pfx_ksys_write+0x10/0x10
[ 2276.345363][T26986]  ? rcu_is_watching+0x15/0xb0
[ 2276.345390][T26986]  ? __x64_sys_copy_file_range+0x21/0xf0
[ 2276.345418][T26986]  do_syscall_64+0xfa/0x3b0
[ 2276.345439][T26986]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2276.345457][T26986]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2276.345474][T26986]  ? clear_bhb_loop+0x60/0xb0
[ 2276.345497][T26986]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2276.345513][T26986] RIP: 0033:0x7fa846b8e9a9
[ 2276.345531][T26986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2276.345548][T26986] RSP: 002b:00007fa8449f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000146
[ 2276.345570][T26986] RAX: ffffffffffffffda RBX: 00007fa846db5fa0 RCX: 00007fa846b8e9a9
[ 2276.345585][T26986] RDX: 0000000000000003 RSI: 0000000000000000 RDI: 0000000000000003
[ 2276.345597][T26986] RBP: 00007fa8449f6090 R08: 0000000000000009 R09: 0000000000000000
[ 2276.345610][T26986] R10: 00002000000004c0 R11: 0000000000000246 R12: 0000000000000001
[ 2276.345624][T26986] R13: 0000000000000000 R14: 00007fa846db5fa0 R15: 00007ffe12655d98
[ 2276.345657][T26986]  </TASK>
[ 2279.931741][T27021] FAULT_INJECTION: forcing a failure.
[ 2279.931741][T27021] name failslab, interval 1, probability 0, space 0, times 0
[ 2280.340852][T27021] CPU: 1 UID: 0 PID: 27021 Comm: syz.5.5138 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2280.340885][T27021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2280.340898][T27021] Call Trace:
[ 2280.340907][T27021]  <TASK>
[ 2280.340917][T27021]  dump_stack_lvl+0x189/0x250
[ 2280.340946][T27021]  ? __pfx____ratelimit+0x10/0x10
[ 2280.340969][T27021]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2280.340992][T27021]  ? __pfx__printk+0x10/0x10
[ 2280.341021][T27021]  ? __pfx___might_resched+0x10/0x10
[ 2280.341044][T27021]  ? fs_reclaim_acquire+0x7d/0x100
[ 2280.341073][T27021]  should_fail_ex+0x414/0x560
[ 2280.341100][T27021]  should_failslab+0xa8/0x100
[ 2280.341135][T27021]  __kmalloc_cache_noprof+0x70/0x3d0
[ 2280.341156][T27021]  ? resv_map_alloc+0x51/0x2c0
[ 2280.341188][T27021]  resv_map_alloc+0x51/0x2c0
[ 2280.341218][T27021]  hugetlbfs_get_inode+0x68/0x660
[ 2280.341246][T27021]  ? fput+0xa0/0xd0
[ 2280.341276][T27021]  hugetlb_file_setup+0x21d/0x630
[ 2280.341308][T27021]  ksys_mmap_pgoff+0x22f/0x760
[ 2280.341336][T27021]  do_syscall_64+0xfa/0x3b0
[ 2280.341362][T27021]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2280.341382][T27021]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 2280.341403][T27021]  ? clear_bhb_loop+0x60/0xb0
[ 2280.341428][T27021]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2280.341448][T27021] RIP: 0033:0x7f742d38e9a9
[ 2280.341473][T27021] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2280.341492][T27021] RSP: 002b:00007f742e28c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 2280.341516][T27021] RAX: ffffffffffffffda RBX: 00007f742d5b6080 RCX: 00007f742d38e9a9
[ 2280.341532][T27021] RDX: 0000000002000002 RSI: 0000000000ff5000 RDI: 0000200000000000
[ 2280.341546][T27021] RBP: 00007f742e28c090 R08: ffffffffffffffff R09: 0000000000000000
[ 2280.341561][T27021] R10: 000000000004ca31 R11: 0000000000000246 R12: 0000000000000001
[ 2280.341574][T27021] R13: 0000000000000000 R14: 00007f742d5b6080 R15: 00007ffc46515a78
[ 2280.341608][T27021]  </TASK>
[ 2281.081084][T27042] netlink: 'syz.9.5147': attribute type 3 has an invalid length.
[ 2281.098539][T27042] bridge0: entered allmulticast mode
[ 2281.113280][T27042] netlink: 4 bytes leftover after parsing attributes in process `syz.9.5147'.
[ 2281.127522][T27042] bridge_slave_1: left allmulticast mode
[ 2281.207786][T27042] bridge_slave_1: left promiscuous mode
[ 2281.249855][ T5958] usb 6-1: new full-speed USB device number 78 using dummy_hcd
[ 2281.255314][T27042] bridge0: port 2(bridge_slave_1) entered disabled state
[ 2281.380973][T27042] bridge_slave_0: left allmulticast mode
[ 2281.442024][T27042] bridge_slave_0: left promiscuous mode
[ 2281.476650][T27042] bridge0: port 1(bridge_slave_0) entered disabled state
[ 2281.519869][ T5958] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2281.775418][ T5958] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2281.803880][ T5958] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 2281.813316][ T5958] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2281.814492][T27042] bridge0 (unregistering): left allmulticast mode
[ 2281.955449][T27053] vxcan1: entered allmulticast mode
[ 2282.051947][T27037] program syz.5.5146 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 2282.071363][ T5958] usb 6-1: GET_CAPABILITIES returned 0
[ 2282.077937][ T5958] usbtmc 6-1:16.0: can't read capabilities
[ 2282.203633][T27059] tc_dump_action: action bad kind
[ 2282.316892][T27062] netlink: 36 bytes leftover after parsing attributes in process `syz.8.5154'.
[ 2282.334588][ T5958] usb 6-1: USB disconnect, device number 78
[ 2283.107242][T27066] loop7: detected capacity change from 0 to 524255232
[ 2283.334502][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 2283.341554][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 2283.363402][   T30] kauditd_printk_skb: 60 callbacks suppressed
[ 2283.363423][   T30] audit: type=1326 audit(1753389423.950:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27065 comm="syz.8.5155" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb27a78e9a9 code=0x0
[ 2285.170023][T27097] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5165'.
[ 2285.944768][T27099] mkiss: ax0: crc mode is auto.
[ 2289.499576][T27137] ptrace attach of "./syz-executor exec"[22550] was attempted by "./syz-executor exec"[27137]
[ 2289.548136][T27137] batadv1: entered promiscuous mode
[ 2289.558524][T27137] 8021q: adding VLAN 0 to HW filter on device batadv1
[ 2292.568626][ T3419] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[ 2292.868543][ T3419] usb 9-1: Using ep0 maxpacket: 32
[ 2292.896390][ T3419] usb 9-1: config 0 has an invalid interface number: 67 but max is 0
[ 2292.939153][ T3419] usb 9-1: config 0 has no interface number 0
[ 2292.966994][T27173] random: crng reseeded on system resumption
[ 2292.986424][ T3419] usb 9-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 2293.043929][ T3419] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2293.118752][ T3419] usb 9-1: Product: syz
[ 2293.123082][ T3419] usb 9-1: Manufacturer: syz
[ 2293.138394][ T3419] usb 9-1: SerialNumber: syz
[ 2293.169526][ T3419] usb 9-1: config 0 descriptor??
[ 2293.195570][ T3419] smsc95xx v2.0.0
[ 2294.248420][T21766] usb 4-1: new high-speed USB device number 108 using dummy_hcd
[ 2294.335094][ T3419] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[ 2294.639853][ T3419] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[ 2294.687649][ T3419] smsc95xx 9-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61
[ 2294.878510][T27193] netlink: 'syz.9.5193': attribute type 3 has an invalid length.
[ 2294.886841][T27193] netlink: 'syz.9.5193': attribute type 1 has an invalid length.
[ 2294.894955][T27193] netlink: 193500 bytes leftover after parsing attributes in process `syz.9.5193'.
[ 2294.943058][T27193] sctp: [Deprecated]: syz.9.5193 (pid 27193) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2294.943058][T27193] Use struct sctp_sack_info instead
[ 2294.988451][T21766] usb 4-1: Using ep0 maxpacket: 32
[ 2295.577606][ T3419] smsc95xx 9-1:0.67: probe with driver smsc95xx failed with error -61
[ 2295.587575][T21766] usb 4-1: config 0 has an invalid interface number: 184 but max is 0
[ 2295.599334][T21766] usb 4-1: config 0 has no interface number 0
[ 2295.606408][T21766] usb 4-1: config 0 interface 184 has no altsetting 0
[ 2295.618964][T21766] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 2295.628118][T21766] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2295.636215][T21766] usb 4-1: Product: syz
[ 2295.640584][T21766] usb 4-1: Manufacturer: syz
[ 2295.645346][T21766] usb 4-1: SerialNumber: syz
[ 2295.784270][T21766] usb 4-1: config 0 descriptor??
[ 2295.836973][T21766] smsc75xx v1.0.0
[ 2295.876055][T21766] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[ 2295.962680][T21766] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -22
[ 2296.192681][T27209] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains
[ 2296.695811][T24746] usb 9-1: USB disconnect, device number 16
[ 2297.886012][T27220] FAULT_INJECTION: forcing a failure.
[ 2297.886012][T27220] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2297.947795][T27220] CPU: 1 UID: 0 PID: 27220 Comm: syz.8.5202 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2297.947835][T27220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2297.947848][T27220] Call Trace:
[ 2297.947857][T27220]  <TASK>
[ 2297.947866][T27220]  dump_stack_lvl+0x189/0x250
[ 2297.947903][T27220]  ? __pfx____ratelimit+0x10/0x10
[ 2297.947925][T27220]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2297.947948][T27220]  ? __pfx__printk+0x10/0x10
[ 2297.947975][T27220]  ? __might_fault+0xb0/0x130
[ 2297.948007][T27220]  should_fail_ex+0x414/0x560
[ 2297.948035][T27220]  _copy_from_user+0x2d/0xb0
[ 2297.948064][T27220]  ___sys_recvmsg+0x12e/0x510
[ 2297.948091][T27220]  ? __pfx____sys_recvmsg+0x10/0x10
[ 2297.948140][T27220]  ? __fget_files+0x3a0/0x420
[ 2297.948175][T27220]  do_recvmmsg+0x307/0x770
[ 2297.948204][T27220]  ? __pfx_do_recvmmsg+0x10/0x10
[ 2297.948238][T27220]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 2297.948280][T27220]  __x64_sys_recvmmsg+0x190/0x240
[ 2297.948308][T27220]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 2297.948326][T27220]  ? rcu_is_watching+0x15/0xb0
[ 2297.948354][T27220]  ? do_syscall_64+0xbe/0x3b0
[ 2297.948381][T27220]  do_syscall_64+0xfa/0x3b0
[ 2297.948402][T27220]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2297.948423][T27220]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2297.948443][T27220]  ? clear_bhb_loop+0x60/0xb0
[ 2297.948468][T27220]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2297.948488][T27220] RIP: 0033:0x7fb27a78e9a9
[ 2297.948507][T27220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2297.948525][T27220] RSP: 002b:00007fb27b526038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 2297.948548][T27220] RAX: ffffffffffffffda RBX: 00007fb27a9b5fa0 RCX: 00007fb27a78e9a9
[ 2297.948563][T27220] RDX: 0211eedb55b6c795 RSI: 0000200000002440 RDI: 0000000000000004
[ 2297.948578][T27220] RBP: 00007fb27b526090 R08: 0000000000000000 R09: 0000000000000000
[ 2297.948591][T27220] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2297.948604][T27220] R13: 0000000000000000 R14: 00007fb27a9b5fa0 R15: 00007fff0a66dd38
[ 2297.948636][T27220]  </TASK>
[ 2297.958463][ T5958] usb 6-1: new high-speed USB device number 79 using dummy_hcd
[ 2298.298605][T21766] usb 4-1: USB disconnect, device number 108
[ 2299.018458][ T5958] usb 6-1: Using ep0 maxpacket: 16
[ 2299.048388][ T5958] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2299.083350][ T5958] usb 6-1: New USB device found, idVendor=05ac, idProduct=0231, bcdDevice= 0.40
[ 2299.181114][ T5958] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2299.227890][ T5958] usb 6-1: Product: syz
[ 2299.608567][ T5958] usb 6-1: Manufacturer: syz
[ 2299.613239][ T5958] usb 6-1: SerialNumber: syz
[ 2299.667023][ T5958] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input66
[ 2299.785721][ T5191] bcm5974 6-1:1.0: could not read from device
[ 2299.877321][ T5958] usb 6-1: USB disconnect, device number 79
[ 2301.142965][T27255] netlink: 'syz.0.5211': attribute type 3 has an invalid length.
[ 2301.150816][T27255] netlink: 'syz.0.5211': attribute type 1 has an invalid length.
[ 2301.158600][T27255] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.5211'.
[ 2301.170247][T27255] sctp: [Deprecated]: syz.0.5211 (pid 27255) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2301.170247][T27255] Use struct sctp_sack_info instead
[ 2303.080464][T27267] netlink: 20 bytes leftover after parsing attributes in process `syz.8.5216'.
[ 2305.161680][T27295] netlink: 'syz.8.5225': attribute type 3 has an invalid length.
[ 2305.169657][T27295] netlink: 'syz.8.5225': attribute type 1 has an invalid length.
[ 2305.177562][T27295] netlink: 193500 bytes leftover after parsing attributes in process `syz.8.5225'.
[ 2305.203797][T27295] sctp: [Deprecated]: syz.8.5225 (pid 27295) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2305.203797][T27295] Use struct sctp_sack_info instead
[ 2306.943128][T27310] netlink: 64 bytes leftover after parsing attributes in process `syz.0.5224'.
[ 2307.848429][T24746] usb 4-1: new high-speed USB device number 109 using dummy_hcd
[ 2308.040442][T24746] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2308.104058][T24746] usb 4-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice= 0.00
[ 2308.147448][T24746] usb 4-1: New USB device strings: Mfr=3, Product=1, SerialNumber=0
[ 2308.190416][T24746] usb 4-1: Product: syz
[ 2308.194645][T24746] usb 4-1: Manufacturer: syz
[ 2308.249439][T24746] usb 4-1: config 0 descriptor??
[ 2308.281422][T24746] gspca_main: spca501-2.14.0 probing 0000:0000
[ 2308.681495][T27317] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2308.690846][T27317] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2308.799548][T24746] gspca_spca501: reg write: error -71
[ 2308.805079][T24746] spca501 4-1:0.0: Reg write failed for 0x02,0xa048,0x00
[ 2308.832025][T24746] spca501 4-1:0.0: probe with driver spca501 failed with error -22
[ 2308.863934][T24746] usb 4-1: USB disconnect, device number 109
[ 2309.408160][T27346] netlink: 'syz.0.5240': attribute type 3 has an invalid length.
[ 2309.416253][T27346] netlink: 'syz.0.5240': attribute type 1 has an invalid length.
[ 2309.424185][T27346] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.5240'.
[ 2309.451117][T27346] sctp: [Deprecated]: syz.0.5240 (pid 27346) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2309.451117][T27346] Use struct sctp_sack_info instead
[ 2311.584221][T27369] random: crng reseeded on system resumption
[ 2316.648079][T18983] usb 4-1: new high-speed USB device number 110 using dummy_hcd
[ 2317.520905][T18983] usb 4-1: Using ep0 maxpacket: 32
[ 2317.898140][T18983] usb 4-1: config 0 has an invalid interface number: 67 but max is 0
[ 2318.273511][T27440] random: crng reseeded on system resumption
[ 2318.280351][T18983] usb 4-1: config 0 has no interface number 0
[ 2318.298986][T18983] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[ 2318.357949][T18983] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2318.447862][T27446] fuse: Bad value for 'fd'
[ 2318.738554][T18983] usb 4-1: Product: syz
[ 2318.977062][T18983] usb 4-1: Manufacturer: syz
[ 2318.988361][T18983] usb 4-1: SerialNumber: syz
[ 2319.026849][T18983] usb 4-1: config 0 descriptor??
[ 2319.041430][T18983] smsc95xx v2.0.0
[ 2319.215406][T18983] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71
[ 2319.280347][T18983] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71
[ 2319.524271][T18983] usb 4-1: USB disconnect, device number 110
[ 2319.918392][T18983] usb 4-1: new high-speed USB device number 111 using dummy_hcd
[ 2320.159346][T18983] usb 4-1: config 0 has no interfaces?
[ 2320.167220][T18983] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 2320.178523][T18983] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2320.238602][T18983] usb 4-1: Product: syz
[ 2320.248356][T18983] usb 4-1: Manufacturer: syz
[ 2320.262045][T18983] usb 4-1: SerialNumber: syz
[ 2320.291595][T18983] usb 4-1: config 0 descriptor??
[ 2322.639209][T26614] usb 4-1: USB disconnect, device number 111
[ 2324.877666][T27506] FAULT_INJECTION: forcing a failure.
[ 2324.877666][T27506] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2324.918898][   T43] usb 10-1: new full-speed USB device number 9 using dummy_hcd
[ 2325.088776][T27506] CPU: 1 UID: 0 PID: 27506 Comm: syz.5.5287 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2325.088809][T27506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2325.088822][T27506] Call Trace:
[ 2325.088831][T27506]  <TASK>
[ 2325.088841][T27506]  dump_stack_lvl+0x189/0x250
[ 2325.088871][T27506]  ? __pfx____ratelimit+0x10/0x10
[ 2325.088894][T27506]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2325.088917][T27506]  ? __pfx__printk+0x10/0x10
[ 2325.088944][T27506]  ? fs_reclaim_acquire+0x7d/0x100
[ 2325.088975][T27506]  should_fail_ex+0x414/0x560
[ 2325.088997][T27506]  prepare_alloc_pages+0x213/0x610
[ 2325.089024][T27506]  __alloc_frozen_pages_noprof+0x123/0x370
[ 2325.089048][T27506]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 2325.089077][T27506]  ? policy_nodemask+0x27c/0x720
[ 2325.089092][T27506]  ? __lock_acquire+0xab9/0xd20
[ 2325.089112][T27506]  alloc_pages_mpol+0x232/0x4a0
[ 2325.089134][T27506]  vma_alloc_folio_noprof+0xe4/0x200
[ 2325.089154][T27506]  ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 2325.089182][T27506]  folio_prealloc+0x30/0x180
[ 2325.089201][T27506]  __handle_mm_fault+0x2c88/0x5620
[ 2325.089224][T27506]  ? __lock_acquire+0xab9/0xd20
[ 2325.089255][T27506]  ? __pfx___handle_mm_fault+0x10/0x10
[ 2325.089282][T27506]  ? lock_vma_under_rcu+0xf8/0x710
[ 2325.089308][T27506]  ? lock_vma_under_rcu+0xf8/0x710
[ 2325.089325][T27506]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[ 2325.089350][T27506]  handle_mm_fault+0x2d5/0x7f0
[ 2325.089385][T27506]  do_user_addr_fault+0xa81/0x1390
[ 2325.089416][T27506]  ? rcu_is_watching+0x15/0xb0
[ 2325.089434][T27506]  ? trace_page_fault_user+0x84/0x1e0
[ 2325.089465][T27506]  exc_page_fault+0x76/0xf0
[ 2325.089486][T27506]  asm_exc_page_fault+0x26/0x30
[ 2325.089501][T27506] RIP: 0033:0x7f742d25a3ab
[ 2325.089525][T27506] Code: 00 00 00 48 8d 3d 8d 2b 19 00 48 89 c1 31 c0 e8 8b 3c ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d c1 2b 19 00 48 89 34 24 48 8b 14 24 48 8b
[ 2325.089540][T27506] RSP: 002b:00007f742e2abfb0 EFLAGS: 00010202
[ 2325.089557][T27506] RAX: 0000000000000000 RBX: 00007f742d5b5fa0 RCX: 0000000000000000
[ 2325.089568][T27506] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000200000000280
[ 2325.089578][T27506] RBP: 00007f742e2ad090 R08: 0000000000000000 R09: 0000000000000000
[ 2325.089589][T27506] R10: 0000200000000280 R11: 0000000000000000 R12: 0000000000000001
[ 2325.089599][T27506] R13: 0000000000000000 R14: 00007f742d5b5fa0 R15: 00007ffc46515a78
[ 2325.089625][T27506]  </TASK>
[ 2325.089665][T27506] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF
[ 2325.385153][   T43] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[ 2325.417777][   T43] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[ 2325.446765][   T43] usb 10-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 2325.473389][   T43] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2325.617280][   T43] usb 10-1: config 0 descriptor??
[ 2325.881147][T27498] IPv6: addrconf: prefix option has invalid lifetime
[ 2326.283097][   T43] ath6kl: Failed to submit usb control message: -71
[ 2326.317474][   T43] ath6kl: unable to send the bmi data to the device: -71
[ 2326.346374][   T43] ath6kl: Unable to send get target info: -71
[ 2326.408704][   T43] ath6kl: Failed to init ath6kl core: -71
[ 2326.416515][   T43] ath6kl_usb 10-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 2326.457212][   T43] usb 10-1: USB disconnect, device number 9
[ 2328.601216][T27534] netlink: 20 bytes leftover after parsing attributes in process `syz.8.5294'.
[ 2328.742751][T27535] tipc: Started in network mode
[ 2328.751472][T27535] tipc: Node identity aaaaaaaaaa1a, cluster identity 4711
[ 2328.808447][T27535] tipc: Enabled bearer <eth:team0>, priority 0
[ 2329.955338][T24746] tipc: Node number set to 11578026
[ 2330.988363][T24746] usb 9-1: new full-speed USB device number 17 using dummy_hcd
[ 2331.628855][T24746] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[ 2331.667746][T24746] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[ 2331.698535][T24746] usb 9-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 2331.702545][T27563] FAULT_INJECTION: forcing a failure.
[ 2331.702545][T27563] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2331.742052][T24746] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2331.779392][T24746] usb 9-1: config 0 descriptor??
[ 2331.783702][T27563] CPU: 1 UID: 0 PID: 27563 Comm: syz.9.5303 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2331.783729][T27563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2331.783741][T27563] Call Trace:
[ 2331.783749][T27563]  <TASK>
[ 2331.783757][T27563]  dump_stack_lvl+0x189/0x250
[ 2331.783784][T27563]  ? __pfx____ratelimit+0x10/0x10
[ 2331.783805][T27563]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2331.783826][T27563]  ? __pfx__printk+0x10/0x10
[ 2331.783850][T27563]  ? __might_fault+0xb0/0x130
[ 2331.783880][T27563]  should_fail_ex+0x414/0x560
[ 2331.783905][T27563]  _copy_from_user+0x2d/0xb0
[ 2331.783931][T27563]  ___sys_sendmsg+0x158/0x2a0
[ 2331.783962][T27563]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2331.784025][T27563]  ? __fget_files+0x2a/0x420
[ 2331.784045][T27563]  ? __fget_files+0x3a0/0x420
[ 2331.784076][T27563]  __x64_sys_sendmsg+0x19b/0x260
[ 2331.784106][T27563]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 2331.784143][T27563]  ? __pfx_ksys_write+0x10/0x10
[ 2331.784158][T27563]  ? rcu_is_watching+0x15/0xb0
[ 2331.784184][T27563]  ? do_syscall_64+0xbe/0x3b0
[ 2331.784217][T27563]  do_syscall_64+0xfa/0x3b0
[ 2331.784236][T27563]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2331.784255][T27563]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2331.784274][T27563]  ? clear_bhb_loop+0x60/0xb0
[ 2331.784297][T27563]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2331.784315][T27563] RIP: 0033:0x7f2dbfb8e9a9
[ 2331.784332][T27563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2331.784348][T27563] RSP: 002b:00007f2dbd9f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2331.784369][T27563] RAX: ffffffffffffffda RBX: 00007f2dbfdb5fa0 RCX: 00007f2dbfb8e9a9
[ 2331.784383][T27563] RDX: 0000000004000040 RSI: 0000200000000200 RDI: 0000000000000004
[ 2331.784397][T27563] RBP: 00007f2dbd9f6090 R08: 0000000000000000 R09: 0000000000000000
[ 2331.784410][T27563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2331.784422][T27563] R13: 0000000000000000 R14: 00007f2dbfdb5fa0 R15: 00007ffd09a98d68
[ 2331.784459][T27563]  </TASK>
[ 2332.121779][T27568] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 2332.692079][T27554] IPv6: addrconf: prefix option has invalid lifetime
[ 2332.759524][T24746] ath6kl: Failed to submit usb control message: -71
[ 2332.797846][T24746] ath6kl: unable to send the bmi data to the device: -71
[ 2332.838592][T27576] FAULT_INJECTION: forcing a failure.
[ 2332.838592][T27576] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2332.855298][T24746] ath6kl: Unable to send get target info: -71
[ 2332.884126][T27576] CPU: 1 UID: 0 PID: 27576 Comm: syz.3.5307 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2332.884157][T27576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2332.884169][T27576] Call Trace:
[ 2332.884175][T27576]  <TASK>
[ 2332.884181][T27576]  dump_stack_lvl+0x189/0x250
[ 2332.884201][T27576]  ? __pfx____ratelimit+0x10/0x10
[ 2332.884215][T27576]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2332.884228][T27576]  ? __pfx__printk+0x10/0x10
[ 2332.884244][T27576]  ? __might_fault+0xb0/0x130
[ 2332.884270][T27576]  should_fail_ex+0x414/0x560
[ 2332.884287][T27576]  _copy_from_user+0x2d/0xb0
[ 2332.884304][T27576]  ___sys_sendmsg+0x158/0x2a0
[ 2332.884324][T27576]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2332.884364][T27576]  ? __fget_files+0x2a/0x420
[ 2332.884377][T27576]  ? __fget_files+0x3a0/0x420
[ 2332.884397][T27576]  __sys_sendmmsg+0x227/0x430
[ 2332.884419][T27576]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 2332.884435][T27576]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 2332.884471][T27576]  ? ksys_write+0x22a/0x250
[ 2332.884484][T27576]  ? __pfx_ksys_write+0x10/0x10
[ 2332.884494][T27576]  ? rcu_is_watching+0x15/0xb0
[ 2332.884514][T27576]  __x64_sys_sendmmsg+0xa0/0xc0
[ 2332.884534][T27576]  do_syscall_64+0xfa/0x3b0
[ 2332.884547][T27576]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2332.884560][T27576]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2332.884571][T27576]  ? clear_bhb_loop+0x60/0xb0
[ 2332.884586][T27576]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2332.884597][T27576] RIP: 0033:0x7fce5018e9a9
[ 2332.884610][T27576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2332.884622][T27576] RSP: 002b:00007fce50f45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 2332.884637][T27576] RAX: ffffffffffffffda RBX: 00007fce503b5fa0 RCX: 00007fce5018e9a9
[ 2332.884646][T27576] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000012
[ 2332.884655][T27576] RBP: 00007fce50f45090 R08: 0000000000000000 R09: 0000000000000000
[ 2332.884663][T27576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2332.884670][T27576] R13: 0000000000000000 R14: 00007fce503b5fa0 R15: 00007ffc7a02ee18
[ 2332.884688][T27576]  </TASK>
[ 2333.290712][T24746] ath6kl: Failed to init ath6kl core: -71
[ 2333.346784][T24746] ath6kl_usb 9-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 2333.416706][T24746] usb 9-1: USB disconnect, device number 17
[ 2333.706928][T27588] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5310'.
[ 2337.300691][T27618] syzkaller0: entered promiscuous mode
[ 2337.325815][T27618] syzkaller0: entered allmulticast mode
[ 2338.027148][T27640] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5325'.
[ 2338.071748][T27640] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5325'.
[ 2342.178499][T24745] usb 9-1: new full-speed USB device number 18 using dummy_hcd
[ 2342.419992][T24745] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[ 2342.487033][T24745] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[ 2342.526517][T24745] usb 9-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 2342.540110][T24745] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2343.049659][T24745] usb 9-1: config 0 descriptor??
[ 2343.333013][T27697] IPv6: addrconf: prefix option has invalid lifetime
[ 2343.395529][T24745] ath6kl: Failed to submit usb control message: -71
[ 2343.489331][T27715] netlink: 'syz.0.5345': attribute type 20 has an invalid length.
[ 2343.499394][T24745] ath6kl: unable to send the bmi data to the device: -71
[ 2343.509301][T24745] ath6kl: Unable to send get target info: -71
[ 2343.601989][T24745] ath6kl: Failed to init ath6kl core: -71
[ 2343.722279][T24745] ath6kl_usb 9-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 2344.087599][T24745] usb 9-1: USB disconnect, device number 18
[ 2344.759219][T27731] Invalid source name
[ 2344.763306][T27731] UBIFS error (pid: 27731): cannot open "/dev/sg0", error -22
[ 2344.789993][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 2344.805358][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 2347.338605][T24745] usb 6-1: new high-speed USB device number 80 using dummy_hcd
[ 2347.561579][T24745] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 2347.607989][T24745] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 2347.699312][T24745] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 2347.723825][T24745] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2348.245691][T27797] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 2348.257198][T24745] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[ 2348.457207][T24745] usb 6-1: USB disconnect, device number 80
[ 2350.068650][T24745] usb 9-1: new full-speed USB device number 19 using dummy_hcd
[ 2350.169747][T27839] netlink: 'syz.3.5369': attribute type 20 has an invalid length.
[ 2350.363281][T24745] usb 9-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[ 2350.448388][T24745] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2350.489167][T24745] usb 9-1: Product: syz
[ 2350.498413][T24745] usb 9-1: Manufacturer: syz
[ 2350.503901][T24745] usb 9-1: SerialNumber: syz
[ 2350.567598][T24745] usb 9-1: config 0 descriptor??
[ 2350.817524][T24745] usb 9-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[ 2351.779224][T27855] random: crng reseeded on system resumption
[ 2351.806596][T24745] dvb_usb_rtl28xxu 9-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[ 2353.039942][T27889] netlink: zone id is out of range
[ 2353.582274][T18983] usb 9-1: USB disconnect, device number 19
[ 2353.691993][T27889] netlink: zone id is out of range
[ 2353.706489][T27889] netlink: zone id is out of range
[ 2353.711924][T27889] netlink: zone id is out of range
[ 2353.717227][T27889] netlink: zone id is out of range
[ 2353.722710][T27889] netlink: zone id is out of range
[ 2353.727999][T27889] netlink: zone id is out of range
[ 2353.733998][T27889] netlink: zone id is out of range
[ 2353.739599][T27889] netlink: zone id is out of range
[ 2353.744959][T27889] netlink: zone id is out of range
[ 2354.622770][T27896] syz.8.5383 (27896): drop_caches: 1
[ 2354.735148][T27882] syz.3.5382 (27882): drop_caches: 1
[ 2355.894345][T24745] usb 10-1: new full-speed USB device number 10 using dummy_hcd
[ 2356.087395][T24745] usb 10-1: config 0 has an invalid interface number: 11 but max is 0
[ 2356.095701][T24745] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2356.131806][T24745] usb 10-1: config 0 has no interface number 0
[ 2356.148037][T24745] usb 10-1: config 0 interface 11 altsetting 253 endpoint 0x87 has invalid maxpacket 8456, setting to 64
[ 2356.255304][T24745] usb 10-1: config 0 interface 11 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2356.279837][T24745] usb 10-1: config 0 interface 11 has no altsetting 0
[ 2356.324730][T24745] usb 10-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b
[ 2356.357905][T24745] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2356.407586][T24745] usb 10-1: config 0 descriptor??
[ 2356.482637][T24745] keyspan 10-1:0.11: Keyspan 2 port adapter converter detected
[ 2356.501560][T24745] keyspan 10-1:0.11: found no endpoint descriptor for endpoint 7
[ 2356.511185][T24745] keyspan 10-1:0.11: found no endpoint descriptor for endpoint 81
[ 2356.550540][T24745] keyspan 10-1:0.11: found no endpoint descriptor for endpoint 82
[ 2356.789258][T24745] keyspan 10-1:0.11: found no endpoint descriptor for endpoint 1
[ 2356.876202][T24745] keyspan 10-1:0.11: found no endpoint descriptor for endpoint 2
[ 2356.967419][T27922] random: crng reseeded on system resumption
[ 2357.759173][T24745] keyspan 10-1:0.11: found no endpoint descriptor for endpoint 85
[ 2357.767174][T24745] keyspan 10-1:0.11: found no endpoint descriptor for endpoint 5
[ 2357.836787][T24745] usb 10-1: Keyspan 2 port adapter converter now attached to ttyUSB0
[ 2357.997359][T24745] keyspan 10-1:0.11: found no endpoint descriptor for endpoint 83
[ 2358.055345][T27931] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[ 2358.233076][T24745] keyspan 10-1:0.11: found no endpoint descriptor for endpoint 84
[ 2358.253448][T24745] keyspan 10-1:0.11: found no endpoint descriptor for endpoint 3
[ 2358.272015][T24745] keyspan 10-1:0.11: found no endpoint descriptor for endpoint 4
[ 2358.280178][T24745] keyspan 10-1:0.11: found no endpoint descriptor for endpoint 86
[ 2358.288066][T24745] keyspan 10-1:0.11: found no endpoint descriptor for endpoint 6
[ 2358.318699][T24745] usb 10-1: Keyspan 2 port adapter converter now attached to ttyUSB1
[ 2361.363002][T24745] usb 10-1: USB disconnect, device number 10
[ 2361.397530][T24745] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0
[ 2361.416728][T27953] netlink: 48 bytes leftover after parsing attributes in process `syz.5.5397'.
[ 2361.477142][T24745] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1
[ 2361.959448][T24745] keyspan 10-1:0.11: device disconnected
[ 2363.476271][T27977] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method
[ 2364.419727][T27983] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5405'.
[ 2364.479180][T27984] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5405'.
[ 2364.762777][T27991] netlink: 48 bytes leftover after parsing attributes in process `syz.8.5407'.
[ 2366.658408][T26614] usb 4-1: new high-speed USB device number 112 using dummy_hcd
[ 2366.860618][T26614] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 2366.877748][T26614] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 31, changing to 7
[ 2366.925002][T26614] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[ 2366.980142][T26614] usb 4-1: language id specifier not provided by device, defaulting to English
[ 2366.994804][T26614] usb 4-1: New USB device found, idVendor=2013, idProduct=0251, bcdDevice=e8.6e
[ 2367.004573][T26614] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2367.023408][T26614] usb 4-1: Manufacturer: ‰
[ 2367.043789][T26614] usb 4-1: SerialNumber: syz
[ 2367.078770][T26614] usb 4-1: config 0 descriptor??
[ 2367.103568][T26614] em28xx 4-1:0.0: New device ‰  @ 480 Mbps (2013:0251, interface 0, class 0)
[ 2367.158397][T26614] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[ 2367.369570][T26614] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[ 2367.388953][T26614] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[ 2367.447143][T26614] em28xx 4-1:0.0: AC97 chip type couldn't be determined
[ 2367.471306][T26614] em28xx 4-1:0.0: No AC97 audio processor
[ 2367.513741][T26614] usb 4-1: USB disconnect, device number 112
[ 2367.551489][T26614] em28xx 4-1:0.0: Disconnecting em28xx
[ 2367.580386][T26614] em28xx 4-1:0.0: Freeing device
[ 2367.599649][T28011] netlink: 64 bytes leftover after parsing attributes in process `syz.9.5410'.
[ 2368.428725][T24750] usb 6-1: new high-speed USB device number 81 using dummy_hcd
[ 2368.514441][T28031] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5418'.
[ 2369.188616][T24750] usb 6-1: Using ep0 maxpacket: 8
[ 2369.220001][T24750] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[ 2369.285766][T24750] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[ 2369.349852][T24750] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2369.394727][T24750] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2369.439228][T24750] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 2369.461553][T24750] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2369.658484][ T5958] usb 10-1: new full-speed USB device number 11 using dummy_hcd
[ 2369.759462][T24750] usb 6-1: GET_CAPABILITIES returned 0
[ 2369.804786][T24750] usbtmc 6-1:16.0: can't read capabilities
[ 2369.821319][ T5958] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[ 2369.855494][ T5958] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[ 2369.894743][ T5958] usb 10-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 2369.907176][ T5958] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2369.926576][ T5958] usb 10-1: config 0 descriptor??
[ 2370.158415][ T5958] ath6kl: Failed to submit usb control message: -71
[ 2370.165113][ T5958] ath6kl: unable to send the bmi data to the device: -71
[ 2370.172326][ T5958] ath6kl: Unable to send get target info: -71
[ 2370.197457][ T5958] ath6kl: Failed to init ath6kl core: -71
[ 2370.205301][ T5958] ath6kl_usb 10-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 2370.238878][ T5958] usb 10-1: USB disconnect, device number 11
[ 2371.118949][T21766] usb 6-1: USB disconnect, device number 81
[ 2372.086817][T28068] ptrace attach of "./syz-executor exec"[19781] was attempted by "./syz-executor exec"[28068]
[ 2373.868860][T28084] netlink: 2048 bytes leftover after parsing attributes in process `syz.8.5434'.
[ 2373.951455][T28084] netlink: 4 bytes leftover after parsing attributes in process `syz.8.5434'.
[ 2373.991457][T28086] tipc: Started in network mode
[ 2373.996392][T28086] tipc: Node identity a68008fc059e, cluster identity 4711
[ 2374.024219][T28086] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 2374.068712][T28090] syzkaller0: entered promiscuous mode
[ 2374.088443][T28090] syzkaller0: entered allmulticast mode
[ 2374.166692][T28086] FAULT_INJECTION: forcing a failure.
[ 2374.166692][T28086] name failslab, interval 1, probability 0, space 0, times 0
[ 2374.188796][T28086] CPU: 1 UID: 0 PID: 28086 Comm: syz.5.5436 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2374.188829][T28086] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2374.188843][T28086] Call Trace:
[ 2374.188851][T28086]  <TASK>
[ 2374.188862][T28086]  dump_stack_lvl+0x189/0x250
[ 2374.188892][T28086]  ? __pfx____ratelimit+0x10/0x10
[ 2374.188916][T28086]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2374.188939][T28086]  ? __pfx__printk+0x10/0x10
[ 2374.188973][T28086]  ? __pfx___might_resched+0x10/0x10
[ 2374.188994][T28086]  ? fs_reclaim_acquire+0x7d/0x100
[ 2374.189025][T28086]  should_fail_ex+0x414/0x560
[ 2374.189053][T28086]  should_failslab+0xa8/0x100
[ 2374.189078][T28086]  __kmalloc_noprof+0xcb/0x4f0
[ 2374.189097][T28086]  ? kfree+0x4d/0x440
[ 2374.189124][T28086]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 2374.189158][T28086]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 2374.189187][T28086]  ? tomoyo_domain+0xda/0x130
[ 2374.189220][T28086]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 2374.189243][T28086]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 2374.189269][T28086]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2374.189312][T28086]  ? __lock_acquire+0xab9/0xd20
[ 2374.189358][T28086]  ? __fget_files+0x2a/0x420
[ 2374.189386][T28086]  ? __fget_files+0x2a/0x420
[ 2374.189407][T28086]  ? __fget_files+0x3a0/0x420
[ 2374.189434][T28086]  ? __fget_files+0x2a/0x420
[ 2374.189462][T28086]  security_file_ioctl+0xcb/0x2d0
[ 2374.189488][T28086]  __se_sys_ioctl+0x47/0x170
[ 2374.189521][T28086]  do_syscall_64+0xfa/0x3b0
[ 2374.189543][T28086]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2374.189566][T28086]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2374.189595][T28086]  ? clear_bhb_loop+0x60/0xb0
[ 2374.189621][T28086]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2374.189641][T28086] RIP: 0033:0x7f742d38e9a9
[ 2374.189660][T28086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2374.189679][T28086] RSP: 002b:00007f742e2ad038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2374.189704][T28086] RAX: ffffffffffffffda RBX: 00007f742d5b5fa0 RCX: 00007f742d38e9a9
[ 2374.189719][T28086] RDX: 0000200000002280 RSI: 0000000000008922 RDI: 0000000000000005
[ 2374.189734][T28086] RBP: 00007f742e2ad090 R08: 0000000000000000 R09: 0000000000000000
[ 2374.189747][T28086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2374.189760][T28086] R13: 0000000000000000 R14: 00007f742d5b5fa0 R15: 00007ffc46515a78
[ 2374.189796][T28086]  </TASK>
[ 2374.189843][T28086] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2374.449238][T28086] tipc: Resetting bearer <eth:syzkaller0>
[ 2374.459000][T28085] tipc: Resetting bearer <eth:syzkaller0>
[ 2374.493664][T28085] tipc: Disabling bearer <eth:syzkaller0>
[ 2375.168632][ T5958] usb 9-1: new full-speed USB device number 20 using dummy_hcd
[ 2375.298650][T28112] netlink: 'syz.9.5445': attribute type 1 has an invalid length.
[ 2375.331065][ T5958] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[ 2375.366705][ T5958] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[ 2375.381174][ T5958] usb 9-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 2375.400546][ T5958] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2375.401764][T28112] 8021q: adding VLAN 0 to HW filter on device bond1
[ 2375.421503][ T5958] usb 9-1: config 0 descriptor??
[ 2375.458023][T28116] FAULT_INJECTION: forcing a failure.
[ 2375.458023][T28116] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2375.505852][T28114] bond1: (slave gretap1): making interface the new active one
[ 2375.515450][T28114] bond1: (slave gretap1): Enslaving as an active interface with an up link
[ 2375.540575][T28116] CPU: 1 UID: 0 PID: 28116 Comm: syz.9.5445 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2375.540606][T28116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2375.540619][T28116] Call Trace:
[ 2375.540628][T28116]  <TASK>
[ 2375.540637][T28116]  dump_stack_lvl+0x189/0x250
[ 2375.540666][T28116]  ? __pfx____ratelimit+0x10/0x10
[ 2375.540690][T28116]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2375.540712][T28116]  ? __pfx__printk+0x10/0x10
[ 2375.540738][T28116]  ? __might_fault+0xb0/0x130
[ 2375.540771][T28116]  should_fail_ex+0x414/0x560
[ 2375.540798][T28116]  _copy_from_user+0x2d/0xb0
[ 2375.540835][T28116]  ___sys_sendmsg+0x158/0x2a0
[ 2375.540869][T28116]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2375.540937][T28116]  ? __fget_files+0x2a/0x420
[ 2375.540959][T28116]  ? __fget_files+0x3a0/0x420
[ 2375.540992][T28116]  __x64_sys_sendmsg+0x19b/0x260
[ 2375.541025][T28116]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 2375.541065][T28116]  ? __pfx_ksys_write+0x10/0x10
[ 2375.541091][T28116]  ? do_syscall_64+0xbe/0x3b0
[ 2375.541117][T28116]  do_syscall_64+0xfa/0x3b0
[ 2375.541138][T28116]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2375.541160][T28116]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2375.541180][T28116]  ? clear_bhb_loop+0x60/0xb0
[ 2375.541204][T28116]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2375.541223][T28116] RIP: 0033:0x7f2dbfb8e9a9
[ 2375.541241][T28116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2375.541258][T28116] RSP: 002b:00007f2dbd9b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2375.541285][T28116] RAX: ffffffffffffffda RBX: 00007f2dbfdb6160 RCX: 00007f2dbfb8e9a9
[ 2375.541300][T28116] RDX: 0000000000040040 RSI: 0000200000000100 RDI: 0000000000000003
[ 2375.541313][T28116] RBP: 00007f2dbd9b4090 R08: 0000000000000000 R09: 0000000000000000
[ 2375.541325][T28116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2375.541338][T28116] R13: 0000000000000001 R14: 00007f2dbfdb6160 R15: 00007ffd09a98d68
[ 2375.541369][T28116]  </TASK>
[ 2375.671544][T28106] net_ratelimit: 197 callbacks suppressed
[ 2375.671571][T28106] IPv6: addrconf: prefix option has invalid lifetime
[ 2375.846538][ T5958] ath6kl: Failed to submit usb control message: -71
[ 2375.872211][ T5958] ath6kl: unable to send the bmi data to the device: -71
[ 2375.897054][ T5958] ath6kl: Unable to send get target info: -71
[ 2376.056382][ T5958] ath6kl: Failed to init ath6kl core: -71
[ 2376.080344][ T5958] ath6kl_usb 9-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 2376.312430][ T5958] usb 9-1: USB disconnect, device number 20
[ 2378.619135][T28153] netlink: 'syz.3.5454': attribute type 3 has an invalid length.
[ 2378.626982][T28153] netlink: 'syz.3.5454': attribute type 1 has an invalid length.
[ 2378.634864][T28153] netlink: 193500 bytes leftover after parsing attributes in process `syz.3.5454'.
[ 2378.656211][T28153] sctp: [Deprecated]: syz.3.5454 (pid 28153) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2378.656211][T28153] Use struct sctp_sack_info instead
[ 2379.935293][ T5958] usb 4-1: new high-speed USB device number 113 using dummy_hcd
[ 2380.332459][ T5958] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 2380.380395][ T5958] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2380.419183][ T5958] usb 4-1: config 0 descriptor??
[ 2380.451997][ T5958] cp210x 4-1:0.0: cp210x converter detected
[ 2381.051819][ T5958] cp210x 4-1:0.0: failed to get vendor val 0x000e size 678: -71
[ 2381.059665][ T5958] cp210x 4-1:0.0: GPIO initialisation failed: -71
[ 2381.079776][ T5958] usb 4-1: cp210x converter now attached to ttyUSB0
[ 2381.109793][ T5958] usb 4-1: USB disconnect, device number 113
[ 2381.139315][ T5958] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 2381.156038][ T5958] cp210x 4-1:0.0: device disconnected
[ 2381.500550][T28175] netlink: 64 bytes leftover after parsing attributes in process `syz.5.5459'.
[ 2382.668404][ T5958] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[ 2382.834694][ T5958] usb 10-1: Using ep0 maxpacket: 32
[ 2382.859668][ T5958] usb 10-1: config 0 has an invalid interface number: 184 but max is 0
[ 2382.868156][ T5958] usb 10-1: config 0 has no interface number 0
[ 2382.876436][ T5958] usb 10-1: config 0 interface 184 has no altsetting 0
[ 2382.910700][ T5958] usb 10-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[ 2382.938439][ T5958] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2382.971804][ T5958] usb 10-1: Product: syz
[ 2383.004327][ T5958] usb 10-1: Manufacturer: syz
[ 2383.019889][ T5958] usb 10-1: SerialNumber: syz
[ 2383.087346][ T5958] usb 10-1: config 0 descriptor??
[ 2383.111391][ T5958] smsc75xx v1.0.0
[ 2383.115071][ T5958] smsc75xx 10-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22
[ 2383.301294][ T5958] smsc75xx 10-1:0.184: probe with driver smsc75xx failed with error -22
[ 2383.384620][T28195] netlink: 64 bytes leftover after parsing attributes in process `syz.8.5463'.
[ 2383.915236][T28193] FAULT_INJECTION: forcing a failure.
[ 2383.915236][T28193] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2383.948996][T28193] CPU: 0 UID: 0 PID: 28193 Comm: syz.9.5466 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2383.949039][T28193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2383.949051][T28193] Call Trace:
[ 2383.949062][T28193]  <TASK>
[ 2383.949072][T28193]  dump_stack_lvl+0x189/0x250
[ 2383.949102][T28193]  ? __pfx____ratelimit+0x10/0x10
[ 2383.949125][T28193]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2383.949149][T28193]  ? __pfx__printk+0x10/0x10
[ 2383.949177][T28193]  ? __might_fault+0xb0/0x130
[ 2383.949211][T28193]  should_fail_ex+0x414/0x560
[ 2383.949239][T28193]  _copy_from_user+0x2d/0xb0
[ 2383.949269][T28193]  ___sys_sendmsg+0x158/0x2a0
[ 2383.949304][T28193]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2383.949376][T28193]  ? __fget_files+0x2a/0x420
[ 2383.949399][T28193]  ? __fget_files+0x3a0/0x420
[ 2383.949433][T28193]  __x64_sys_sendmsg+0x19b/0x260
[ 2383.949467][T28193]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 2383.949509][T28193]  ? __pfx_ksys_write+0x10/0x10
[ 2383.949525][T28193]  ? rcu_is_watching+0x15/0xb0
[ 2383.949554][T28193]  ? do_syscall_64+0xbe/0x3b0
[ 2383.949582][T28193]  do_syscall_64+0xfa/0x3b0
[ 2383.949603][T28193]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2383.949624][T28193]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2383.949644][T28193]  ? clear_bhb_loop+0x60/0xb0
[ 2383.949670][T28193]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2383.949690][T28193] RIP: 0033:0x7f2dbfb8e9a9
[ 2383.949709][T28193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2383.949728][T28193] RSP: 002b:00007f2dbd9b4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2383.949751][T28193] RAX: ffffffffffffffda RBX: 00007f2dbfdb6160 RCX: 00007f2dbfb8e9a9
[ 2383.949766][T28193] RDX: 0000000000000080 RSI: 00002000000001c0 RDI: 0000000000000009
[ 2383.949787][T28193] RBP: 00007f2dbd9b4090 R08: 0000000000000000 R09: 0000000000000000
[ 2383.949797][T28193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2383.949807][T28193] R13: 0000000000000000 R14: 00007f2dbfdb6160 R15: 00007ffd09a98d68
[ 2383.949832][T28193]  </TASK>
[ 2386.988543][T21766] usb 4-1: new high-speed USB device number 114 using dummy_hcd
[ 2387.158627][T21766] usb 4-1: Using ep0 maxpacket: 32
[ 2387.168949][T21766] usb 4-1: config 0 has an invalid interface number: 131 but max is 0
[ 2387.179628][T21766] usb 4-1: config 0 has no interface number 0
[ 2387.195066][T21766] usb 4-1: New USB device found, idVendor=5ccd, idProduct=0325, bcdDevice=d4.7c
[ 2387.210758][T21766] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2387.227528][T21766] usb 4-1: Product: syz
[ 2387.236788][T21766] usb 4-1: Manufacturer: syz
[ 2387.245774][T21766] usb 4-1: SerialNumber: syz
[ 2387.273152][T21766] usb 4-1: config 0 descriptor??
[ 2387.284295][T21766] usb-storage 4-1:0.131: USB Mass Storage device detected
[ 2387.381828][ T5958] usb 10-1: USB disconnect, device number 12
[ 2387.621333][T21766] usb 4-1: USB disconnect, device number 114
[ 2389.009838][T28255] random: crng reseeded on system resumption
[ 2390.859899][   T43] usb 9-1: new full-speed USB device number 21 using dummy_hcd
[ 2391.086125][   T43] usb 9-1: config 0 has an invalid interface number: 29 but max is 0
[ 2391.094600][   T43] usb 9-1: config 0 has no interface number 0
[ 2391.108568][   T43] usb 9-1: config 0 interface 29 has no altsetting 0
[ 2391.162534][   T43] usb 9-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac
[ 2391.188332][   T43] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2391.327832][   T43] usb 9-1: Product: syz
[ 2391.337007][   T43] usb 9-1: Manufacturer: syz
[ 2391.394333][   T43] usb 9-1: SerialNumber: syz
[ 2391.448032][   T43] usb 9-1: config 0 descriptor??
[ 2392.355536][T21766] usb 4-1: new high-speed USB device number 115 using dummy_hcd
[ 2392.564568][T21766] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 2392.670402][T21766] usb 4-1: config 27 has 0 interfaces, different from the descriptor's value: 1
[ 2392.862262][   T43] peak_usb 9-1:0.29 can0: unable to request usb[type=0 value=1] err=-71
[ 2392.928935][T21766] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 2392.938136][T21766] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2392.949950][   T43] peak_usb 9-1:0.29: unable to read PCAN-USB X6 firmware info (err -71)
[ 2393.067701][T28292] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5490'.
[ 2393.270788][   T43] peak_usb 9-1:0.29: probe with driver peak_usb failed with error -71
[ 2393.354997][   T43] usb 9-1: USB disconnect, device number 21
[ 2394.768453][   T43] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[ 2394.786921][T18983] usb 4-1: USB disconnect, device number 115
[ 2394.800585][T28277] delete_channel: no stack
[ 2394.921153][T28308] IPVS: set_ctl: invalid protocol: 135 224.0.0.1:0
[ 2394.978580][   T43] usb 10-1: Using ep0 maxpacket: 16
[ 2394.986474][   T43] usb 10-1: config 0 has an invalid interface number: 251 but max is 0
[ 2394.995233][   T43] usb 10-1: config 0 has no interface number 0
[ 2395.011493][   T43] usb 10-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[ 2395.024033][   T43] usb 10-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[ 2395.087425][ T5958] usb 9-1: new high-speed USB device number 22 using dummy_hcd
[ 2395.584126][T28318] random: crng reseeded on system resumption
[ 2395.615612][   T43] usb 10-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4
[ 2395.658417][   T43] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2395.688852][   T43] usb 10-1: Product: syz
[ 2395.694975][ T5958] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2395.709622][ T5958] usb 9-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 2395.728917][ T5958] usb 9-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 2395.729175][   T43] usb 10-1: Manufacturer: syz
[ 2395.743908][   T43] usb 10-1: SerialNumber: syz
[ 2395.769808][   T43] usb 10-1: config 0 descriptor??
[ 2395.775135][ T5958] usb 9-1: Product: syz
[ 2395.780310][ T5958] usb 9-1: Manufacturer: syz
[ 2395.785095][ T5958] usb 9-1: SerialNumber: syz
[ 2395.839050][ T5958] usb 9-1: config 0 descriptor??
[ 2395.856520][T28303] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[ 2395.916524][T28303] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[ 2395.964244][ T5958] snd-usb-audio 9-1:0.0: probe with driver snd-usb-audio failed with error -22
[ 2396.109531][ T5958] usb 9-1: USB disconnect, device number 22
[ 2396.141817][T28303] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[ 2396.165455][T28303] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[ 2396.398419][T24745] usb 4-1: new high-speed USB device number 116 using dummy_hcd
[ 2396.703767][T24745] usb 4-1: config 0 has no interfaces?
[ 2397.689577][T24745] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 2397.769039][T24745] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2397.785739][T24745] usb 4-1: Product: syz
[ 2397.811091][T24745] usb 4-1: Manufacturer: syz
[ 2397.817414][T24745] usb 4-1: SerialNumber: syz
[ 2397.979896][T24745] usb 4-1: config 0 descriptor??
[ 2398.261677][T28322] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5498'.
[ 2398.936663][   T43] asix 10-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0002: -71
[ 2398.964885][   T43] asix 10-1:0.251 (unnamed net_device) (uninitialized): Could not register MDIO bus
[ 2398.985466][   T43] asix 10-1:0.251: probe with driver asix failed with error -5
[ 2399.355516][   T43] usb 10-1: USB disconnect, device number 13
[ 2400.268467][   T43] usb 10-1: new high-speed USB device number 14 using dummy_hcd
[ 2400.488358][   T43] usb 10-1: Using ep0 maxpacket: 32
[ 2400.546754][   T43] usb 10-1: config 0 interface 0 altsetting 74 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2400.591636][   T43] usb 10-1: config 0 interface 0 altsetting 74 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2400.638341][   T43] usb 10-1: config 0 interface 0 has no altsetting 0
[ 2400.670930][   T43] usb 10-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00
[ 2400.723103][   T43] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2400.734939][T26614] usb 4-1: USB disconnect, device number 116
[ 2400.769600][   T43] usb 10-1: config 0 descriptor??
[ 2401.191993][   T43] petalynx 0003:18B1:0037.000D: unknown main item tag 0x0
[ 2401.335391][   T43] petalynx 0003:18B1:0037.000D: unknown main item tag 0x0
[ 2401.428470][T28353] netlink: 'syz.9.5509': attribute type 1 has an invalid length.
[ 2401.460514][   T43] petalynx 0003:18B1:0037.000D: unknown main item tag 0x0
[ 2401.530788][T24750] usb 4-1: new full-speed USB device number 117 using dummy_hcd
[ 2401.574259][   T43] petalynx 0003:18B1:0037.000D: hidraw0: USB HID v0.00 Device [HID 18b1:0037] on usb-dummy_hcd.9-1/input0
[ 2401.823124][T28353] 8021q: adding VLAN 0 to HW filter on device bond2
[ 2401.902604][T24750] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[ 2401.941538][T24750] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[ 2401.978444][T24750] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 2401.987558][T24750] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2402.049737][T24750] usb 4-1: config 0 descriptor??
[ 2402.275168][T28372] IPv6: addrconf: prefix option has invalid lifetime
[ 2402.300616][T24750] ath6kl: Failed to submit usb control message: -71
[ 2402.321116][T24750] ath6kl: unable to send the bmi data to the device: -71
[ 2402.337743][T24750] ath6kl: Unable to send get target info: -71
[ 2402.489770][T24750] ath6kl: Failed to init ath6kl core: -71
[ 2402.517548][T24750] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 2402.585958][T24750] usb 4-1: USB disconnect, device number 117
[ 2402.814886][T28381] bond2 (unregistering): Released all slaves
[ 2402.913302][T26614] usb 10-1: USB disconnect, device number 14
[ 2403.031469][T28389] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 2403.040849][T28389] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 2403.282287][T28399] netlink: 'syz.5.5521': attribute type 21 has an invalid length.
[ 2403.318134][T28399] netlink: 'syz.5.5521': attribute type 21 has an invalid length.
[ 2404.584195][T28420] input: syz0 as /devices/virtual/input/input68
[ 2404.590996][T28420] input: failed to attach handler leds to device input68, error: -6
[ 2404.638478][T24745] usb 10-1: new high-speed USB device number 15 using dummy_hcd
[ 2404.744592][T28422] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5528'.
[ 2405.126172][T18720] Bluetooth: hci5: command 0x0406 tx timeout
[ 2405.227862][T24745] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2405.276010][T24745] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 2405.377318][T24745] usb 10-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 2405.436256][T24745] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2405.562430][T24745] usb 10-1: config 0 descriptor??
[ 2405.762136][ T5958] usb 6-1: new high-speed USB device number 82 using dummy_hcd
[ 2405.998515][ T5958] usb 6-1: Using ep0 maxpacket: 16
[ 2406.065757][ T5958] usb 6-1: config 1 has an invalid descriptor of length 140, skipping remainder of the config
[ 2406.128358][ T5958] usb 6-1: config 1 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2406.188046][ T5958] usb 6-1: config 1 interface 0 has no altsetting 0
[ 2406.214737][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 2406.221099][ T1300] ieee802154 phy1 wpan1: encryption failed: -22
[ 2406.265027][ T5958] usb 6-1: string descriptor 0 read error: -22
[ 2406.282111][ T5958] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2406.306994][ T5958] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2406.661070][T28426] FAULT_INJECTION: forcing a failure.
[ 2406.661070][T28426] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2406.674436][T28426] CPU: 0 UID: 0 PID: 28426 Comm: syz.5.5530 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2406.674465][T28426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2406.674476][T28426] Call Trace:
[ 2406.674486][T28426]  <TASK>
[ 2406.674495][T28426]  dump_stack_lvl+0x189/0x250
[ 2406.674526][T28426]  ? __pfx____ratelimit+0x10/0x10
[ 2406.674551][T28426]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2406.674575][T28426]  ? __pfx__printk+0x10/0x10
[ 2406.674603][T28426]  ? __might_fault+0xb0/0x130
[ 2406.674638][T28426]  should_fail_ex+0x414/0x560
[ 2406.674666][T28426]  _copy_from_user+0x2d/0xb0
[ 2406.674696][T28426]  __sys_bpf+0x1ed/0x860
[ 2406.674729][T28426]  ? __pfx___sys_bpf+0x10/0x10
[ 2406.674755][T28426]  ? preempt_schedule_irq+0xde/0x150
[ 2406.674811][T28426]  __x64_sys_bpf+0x7c/0x90
[ 2406.674840][T28426]  do_syscall_64+0xfa/0x3b0
[ 2406.674862][T28426]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2406.674885][T28426]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2406.674902][T28426]  ? clear_bhb_loop+0x60/0xb0
[ 2406.674922][T28426]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2406.674938][T28426] RIP: 0033:0x7f742d38e9a9
[ 2406.674954][T28426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2406.674969][T28426] RSP: 002b:00007f742e26b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 2406.674988][T28426] RAX: ffffffffffffffda RBX: 00007f742d5b6160 RCX: 00007f742d38e9a9
[ 2406.675001][T28426] RDX: 0000000000000048 RSI: 0000200000000140 RDI: 2000000000000000
[ 2406.675013][T28426] RBP: 00007f742e26b090 R08: 0000000000000000 R09: 0000000000000000
[ 2406.675025][T28426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2406.675036][T28426] R13: 0000000000000000 R14: 00007f742d5b6160 R15: 00007ffc46515a78
[ 2406.675062][T28426]  </TASK>
[ 2407.052313][T24745] usb 9-1: new high-speed USB device number 23 using dummy_hcd
[ 2407.059979][T24750] usb 4-1: new high-speed USB device number 118 using dummy_hcd
[ 2407.187008][T18720] Bluetooth: hci5: command 0x0406 tx timeout
[ 2407.224047][T24750] usb 4-1: Using ep0 maxpacket: 16
[ 2407.236997][T24750] usb 4-1: config 1 has an invalid descriptor of length 140, skipping remainder of the config
[ 2407.247768][T24750] usb 4-1: config 1 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2407.304973][T24745] usb 9-1: Using ep0 maxpacket: 16
[ 2407.318945][T24750] usb 4-1: config 1 interface 0 has no altsetting 0
[ 2407.342808][T24750] usb 4-1: string descriptor 0 read error: -22
[ 2407.354679][T24750] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2407.365973][T24745] usb 9-1: config 1 has an invalid descriptor of length 140, skipping remainder of the config
[ 2407.376744][T24745] usb 9-1: config 1 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2407.468695][T20182] usb 10-1: USB disconnect, device number 15
[ 2407.538221][T24750] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2407.564261][T24745] usb 9-1: config 1 interface 0 has no altsetting 0
[ 2407.635892][T24745] usb 9-1: string descriptor 0 read error: -22
[ 2407.662564][T24745] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2407.821466][T24745] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2408.912483][ T3419] usb 6-1: USB disconnect, device number 82
[ 2409.581863][T24745] usb 4-1: USB disconnect, device number 118
[ 2409.948670][T24745] usb 9-1: USB disconnect, device number 23
[ 2409.987741][T28440] delete_channel: no stack
[ 2410.041747][T28470] FAULT_INJECTION: forcing a failure.
[ 2410.041747][T28470] name failslab, interval 1, probability 0, space 0, times 0
[ 2410.065390][T28470] CPU: 1 UID: 0 PID: 28470 Comm: syz.3.5543 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2410.065426][T28470] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2410.065439][T28470] Call Trace:
[ 2410.065448][T28470]  <TASK>
[ 2410.065457][T28470]  dump_stack_lvl+0x189/0x250
[ 2410.065486][T28470]  ? __pfx____ratelimit+0x10/0x10
[ 2410.065510][T28470]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2410.065533][T28470]  ? __pfx__printk+0x10/0x10
[ 2410.065566][T28470]  ? __pfx___might_resched+0x10/0x10
[ 2410.065587][T28470]  ? fs_reclaim_acquire+0x7d/0x100
[ 2410.065618][T28470]  should_fail_ex+0x414/0x560
[ 2410.065646][T28470]  should_failslab+0xa8/0x100
[ 2410.065671][T28470]  __kmalloc_noprof+0xcb/0x4f0
[ 2410.065689][T28470]  ? kfree+0x4d/0x440
[ 2410.065713][T28470]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 2410.065739][T28470]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 2410.065762][T28470]  ? tomoyo_domain+0xda/0x130
[ 2410.065788][T28470]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 2410.065806][T28470]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 2410.065826][T28470]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2410.065859][T28470]  ? __lock_acquire+0xab9/0xd20
[ 2410.065893][T28470]  ? __fget_files+0x2a/0x420
[ 2410.065915][T28470]  ? __fget_files+0x2a/0x420
[ 2410.065931][T28470]  ? __fget_files+0x3a0/0x420
[ 2410.065947][T28470]  ? __fget_files+0x2a/0x420
[ 2410.065969][T28470]  security_file_ioctl+0xcb/0x2d0
[ 2410.065989][T28470]  __se_sys_ioctl+0x47/0x170
[ 2410.066016][T28470]  do_syscall_64+0xfa/0x3b0
[ 2410.066033][T28470]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2410.066050][T28470]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2410.066066][T28470]  ? clear_bhb_loop+0x60/0xb0
[ 2410.066086][T28470]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2410.066101][T28470] RIP: 0033:0x7fce5018e9a9
[ 2410.066117][T28470] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2410.066132][T28470] RSP: 002b:00007fce50f45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2410.066154][T28470] RAX: ffffffffffffffda RBX: 00007fce503b5fa0 RCX: 00007fce5018e9a9
[ 2410.066166][T28470] RDX: 0000000000000000 RSI: 00000000400c4150 RDI: 0000000000000005
[ 2410.066177][T28470] RBP: 00007fce50f45090 R08: 0000000000000000 R09: 0000000000000000
[ 2410.066187][T28470] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2410.066206][T28470] R13: 0000000000000000 R14: 00007fce503b5fa0 R15: 00007ffc7a02ee18
[ 2410.066235][T28470]  </TASK>
[ 2410.066270][T28470] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2410.981149][T28486] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5547'.
[ 2411.937572][T28497] netlink: 120 bytes leftover after parsing attributes in process `syz.0.5552'.
[ 2412.731289][T28506] FAULT_INJECTION: forcing a failure.
[ 2412.731289][T28506] name failslab, interval 1, probability 0, space 0, times 0
[ 2412.792645][T28506] CPU: 1 UID: 0 PID: 28506 Comm: syz.8.5554 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2412.792681][T28506] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2412.792694][T28506] Call Trace:
[ 2412.792703][T28506]  <TASK>
[ 2412.792713][T28506]  dump_stack_lvl+0x189/0x250
[ 2412.792742][T28506]  ? __pfx____ratelimit+0x10/0x10
[ 2412.792765][T28506]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2412.792789][T28506]  ? __pfx__printk+0x10/0x10
[ 2412.792822][T28506]  ? __pfx___might_resched+0x10/0x10
[ 2412.792851][T28506]  should_fail_ex+0x414/0x560
[ 2412.792878][T28506]  should_failslab+0xa8/0x100
[ 2412.792904][T28506]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 2412.792926][T28506]  ? __alloc_skb+0x112/0x2d0
[ 2412.792958][T28506]  __alloc_skb+0x112/0x2d0
[ 2412.792992][T28506]  tcp_stream_alloc_skb+0x3d/0x340
[ 2412.793023][T28506]  tcp_sendmsg_locked+0xf3c/0x5650
[ 2412.793126][T28506]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[ 2412.793148][T28506]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 2412.793175][T28506]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 2412.793213][T28506]  tcp_sendmsg+0x2f/0x50
[ 2412.793237][T28506]  __sock_sendmsg+0xe5/0x270
[ 2412.793265][T28506]  sock_write_iter+0x258/0x330
[ 2412.793291][T28506]  ? __pfx_sock_write_iter+0x10/0x10
[ 2412.793327][T28506]  ? bpf_lsm_file_permission+0x9/0x20
[ 2412.793349][T28506]  ? security_file_permission+0x75/0x290
[ 2412.793382][T28506]  vfs_write+0x548/0xa90
[ 2412.793414][T28506]  ? __pfx_sock_write_iter+0x10/0x10
[ 2412.793437][T28506]  ? __pfx_vfs_write+0x10/0x10
[ 2412.793470][T28506]  ? __fget_files+0x2a/0x420
[ 2412.793504][T28506]  ksys_write+0x145/0x250
[ 2412.793527][T28506]  ? __pfx_ksys_write+0x10/0x10
[ 2412.793543][T28506]  ? rcu_is_watching+0x15/0xb0
[ 2412.793571][T28506]  ? do_syscall_64+0xbe/0x3b0
[ 2412.793600][T28506]  do_syscall_64+0xfa/0x3b0
[ 2412.793620][T28506]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2412.793642][T28506]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2412.793662][T28506]  ? clear_bhb_loop+0x60/0xb0
[ 2412.793688][T28506]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2412.793708][T28506] RIP: 0033:0x7fb27a78e9a9
[ 2412.793726][T28506] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2412.793743][T28506] RSP: 002b:00007fb27b526038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 2412.793765][T28506] RAX: ffffffffffffffda RBX: 00007fb27a9b5fa0 RCX: 00007fb27a78e9a9
[ 2412.793778][T28506] RDX: 0000000000000020 RSI: 0000200000000300 RDI: 0000000000000004
[ 2412.793786][T28506] RBP: 00007fb27b526090 R08: 0000000000000000 R09: 0000000000000000
[ 2412.793795][T28506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2412.793802][T28506] R13: 0000000000000000 R14: 00007fb27a9b5fa0 R15: 00007fff0a66dd38
[ 2412.793822][T28506]  </TASK>
[ 2413.933383][T21766] usb 10-1: new full-speed USB device number 16 using dummy_hcd
[ 2413.999961][T28523] netlink: 'syz.0.5559': attribute type 3 has an invalid length.
[ 2414.007880][T28523] netlink: 'syz.0.5559': attribute type 1 has an invalid length.
[ 2414.015792][T28523] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.5559'.
[ 2414.029500][T28523] sctp: [Deprecated]: syz.0.5559 (pid 28523) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2414.029500][T28523] Use struct sctp_sack_info instead
[ 2414.094525][T28524] netlink: 64 bytes leftover after parsing attributes in process `syz.3.5551'.
[ 2414.170755][T21766] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2414.252266][T21766] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E
[ 2414.324654][T21766] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 10
[ 2414.360506][T21766] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[ 2414.374740][T21766] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[ 2414.406045][T21766] usb 10-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46
[ 2414.450160][T21766] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35
[ 2414.470909][T21766] usb 10-1: Product: syz
[ 2414.475272][T21766] usb 10-1: Manufacturer: syz
[ 2414.480747][T21766] usb 10-1: SerialNumber: syz
[ 2414.488186][T21766] usb 10-1: config 0 descriptor??
[ 2414.731067][T21766] radio-si470x 10-1:0.0: DeviceID=0xc8c8 ChipID=0x0000
[ 2414.758368][T21766] radio-si470x 10-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0.
[ 2414.929737][T21766] radio-si470x 10-1:0.0: software version 200, hardware version 200
[ 2414.988338][T21766] radio-si470x 10-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org
[ 2415.058460][T20182] usb 9-1: new full-speed USB device number 24 using dummy_hcd
[ 2415.082203][T21766] radio-si470x 10-1:0.0: submitting int urb failed (-90)
[ 2415.266655][T28549] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 2415.411225][T20182] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[ 2415.423079][T20182] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[ 2415.493896][T20182] usb 9-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 2415.548662][T20182] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2415.582466][T20182] usb 9-1: config 0 descriptor??
[ 2415.803657][T28535] IPv6: addrconf: prefix option has invalid lifetime
[ 2415.813369][T20182] ath6kl: Failed to submit usb control message: -71
[ 2415.820548][T20182] ath6kl: unable to send the bmi data to the device: -71
[ 2415.827617][T20182] ath6kl: Unable to send get target info: -71
[ 2415.867104][T20182] ath6kl: Failed to init ath6kl core: -71
[ 2415.892282][T20182] ath6kl_usb 9-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 2415.973422][T20182] usb 9-1: USB disconnect, device number 24
[ 2416.455879][   T30] audit: type=1326 audit(1753389557.040:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28551 comm="syz.3.5566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce5018e9a9 code=0x7ffc0000
[ 2416.563836][T21766] usb 10-1: USB disconnect, device number 16
[ 2416.636642][   T30] audit: type=1326 audit(1753389557.060:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28551 comm="syz.3.5566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce5018e9a9 code=0x7ffc0000
[ 2416.723504][   T30] audit: type=1326 audit(1753389557.060:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28551 comm="syz.3.5566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=70 compat=0 ip=0x7fce5018e9a9 code=0x7ffc0000
[ 2416.768461][T18983] usb 4-1: new high-speed USB device number 119 using dummy_hcd
[ 2416.790357][   T30] audit: type=1326 audit(1753389557.060:426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28551 comm="syz.3.5566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce5018e9a9 code=0x7ffc0000
[ 2416.814929][T28562] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 2416.828092][   T30] audit: type=1326 audit(1753389557.060:427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28551 comm="syz.3.5566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce5018e9a9 code=0x7ffc0000
[ 2416.885135][   T30] audit: type=1326 audit(1753389557.110:428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28551 comm="syz.3.5566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7fce5018e9a9 code=0x7ffc0000
[ 2416.918378][T18983] usb 4-1: device descriptor read/64, error -71
[ 2416.964486][   T30] audit: type=1326 audit(1753389557.110:429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28551 comm="syz.3.5566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce5018e9a9 code=0x7ffc0000
[ 2417.017022][T28563] Bluetooth: MGMT ver 1.23
[ 2417.019150][   T30] audit: type=1326 audit(1753389557.110:430): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28551 comm="syz.3.5566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce5018e9a9 code=0x7ffc0000
[ 2417.118014][   T30] audit: type=1326 audit(1753389557.110:431): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28551 comm="syz.3.5566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fce5018e9a9 code=0x7ffc0000
[ 2417.168684][T18983] usb 4-1: new high-speed USB device number 120 using dummy_hcd
[ 2417.223970][   T30] audit: type=1326 audit(1753389557.110:432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=28551 comm="syz.3.5566" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fce5018e9a9 code=0x7ffc0000
[ 2417.245531][    C0] vkms_vblank_simulate: vblank timer overrun
[ 2417.328831][T18983] usb 4-1: device descriptor read/64, error -71
[ 2417.469177][T18983] usb usb4-port1: attempt power cycle
[ 2417.534943][T28568] netlink: 'syz.0.5571': attribute type 3 has an invalid length.
[ 2417.542899][T28568] netlink: 'syz.0.5571': attribute type 1 has an invalid length.
[ 2417.550785][T28568] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.5571'.
[ 2417.563786][T28568] sctp: [Deprecated]: syz.0.5571 (pid 28568) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2417.563786][T28568] Use struct sctp_sack_info instead
[ 2417.838522][T18983] usb 4-1: new high-speed USB device number 121 using dummy_hcd
[ 2417.892843][T18983] usb 4-1: device descriptor read/8, error -71
[ 2418.942372][T18983] usb 4-1: new high-speed USB device number 122 using dummy_hcd
[ 2418.981519][T18983] usb 4-1: device descriptor read/8, error -71
[ 2419.121839][T18983] usb usb4-port1: unable to enumerate USB device
[ 2419.846909][T28595] FAULT_INJECTION: forcing a failure.
[ 2419.846909][T28595] name failslab, interval 1, probability 0, space 0, times 0
[ 2419.873532][T28595] CPU: 1 UID: 0 PID: 28595 Comm: syz.0.5581 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2419.873565][T28595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2419.873577][T28595] Call Trace:
[ 2419.873586][T28595]  <TASK>
[ 2419.873596][T28595]  dump_stack_lvl+0x189/0x250
[ 2419.873625][T28595]  ? __pfx____ratelimit+0x10/0x10
[ 2419.873647][T28595]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2419.873669][T28595]  ? __pfx__printk+0x10/0x10
[ 2419.873702][T28595]  ? __pfx___might_resched+0x10/0x10
[ 2419.873730][T28595]  should_fail_ex+0x414/0x560
[ 2419.873757][T28595]  should_failslab+0xa8/0x100
[ 2419.873782][T28595]  kmem_cache_alloc_noprof+0x73/0x3c0
[ 2419.873802][T28595]  ? getname_flags+0xb8/0x540
[ 2419.873831][T28595]  getname_flags+0xb8/0x540
[ 2419.873859][T28595]  user_path_at+0x24/0x60
[ 2419.873888][T28595]  __se_sys_chroot+0x90/0x3b0
[ 2419.873910][T28595]  ? __pfx___se_sys_chroot+0x10/0x10
[ 2419.873933][T28595]  ? rcu_is_watching+0x15/0xb0
[ 2419.873956][T28595]  ? trace_sys_enter+0x25/0x120
[ 2419.874005][T28595]  do_syscall_64+0xfa/0x3b0
[ 2419.874025][T28595]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2419.874047][T28595]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2419.874067][T28595]  ? clear_bhb_loop+0x60/0xb0
[ 2419.874093][T28595]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2419.874112][T28595] RIP: 0033:0x7fa846b8e9a9
[ 2419.874132][T28595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2419.874150][T28595] RSP: 002b:00007fa8449f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a1
[ 2419.874172][T28595] RAX: ffffffffffffffda RBX: 00007fa846db5fa0 RCX: 00007fa846b8e9a9
[ 2419.874187][T28595] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100
[ 2419.874201][T28595] RBP: 00007fa8449f6090 R08: 0000000000000000 R09: 0000000000000000
[ 2419.874214][T28595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2419.874227][T28595] R13: 0000000000000000 R14: 00007fa846db5fa0 R15: 00007ffe12655d98
[ 2419.874260][T28595]  </TASK>
[ 2420.158783][T18983] usb 10-1: new full-speed USB device number 17 using dummy_hcd
[ 2420.330476][T18983] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[ 2420.342348][T18983] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[ 2420.353566][T18983] usb 10-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 2420.363186][T18983] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2420.441252][T18983] usb 10-1: config 0 descriptor??
[ 2420.792380][T28581] IPv6: addrconf: prefix option has invalid lifetime
[ 2420.850299][T18983] ath6kl: Failed to submit usb control message: -71
[ 2420.858625][T18983] ath6kl: unable to send the bmi data to the device: -71
[ 2420.865851][T18983] ath6kl: Unable to send get target info: -71
[ 2420.879473][T18983] ath6kl: Failed to init ath6kl core: -71
[ 2420.887190][T18983] ath6kl_usb 10-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 2421.023694][T18983] usb 10-1: USB disconnect, device number 17
[ 2425.591911][T28653] netlink: 4 bytes leftover after parsing attributes in process `syz.9.5594'.
[ 2426.159117][T28655] random: crng reseeded on system resumption
[ 2427.668965][T28666] FAULT_INJECTION: forcing a failure.
[ 2427.668965][T28666] name failslab, interval 1, probability 0, space 0, times 0
[ 2427.704802][T28666] CPU: 0 UID: 0 PID: 28666 Comm: syz.0.5601 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2427.704832][T28666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2427.704844][T28666] Call Trace:
[ 2427.704852][T28666]  <TASK>
[ 2427.704861][T28666]  dump_stack_lvl+0x189/0x250
[ 2427.704894][T28666]  ? __pfx____ratelimit+0x10/0x10
[ 2427.704918][T28666]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2427.704940][T28666]  ? __pfx__printk+0x10/0x10
[ 2427.704971][T28666]  ? __pfx___might_resched+0x10/0x10
[ 2427.704992][T28666]  ? fs_reclaim_acquire+0x7d/0x100
[ 2427.705021][T28666]  should_fail_ex+0x414/0x560
[ 2427.705049][T28666]  should_failslab+0xa8/0x100
[ 2427.705073][T28666]  __kmalloc_noprof+0xcb/0x4f0
[ 2427.705092][T28666]  ? kfree+0x4d/0x440
[ 2427.705128][T28666]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 2427.705161][T28666]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 2427.705190][T28666]  ? tomoyo_domain+0xda/0x130
[ 2427.705223][T28666]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 2427.705245][T28666]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 2427.705271][T28666]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2427.705312][T28666]  ? __lock_acquire+0xab9/0xd20
[ 2427.705355][T28666]  ? __fget_files+0x2a/0x420
[ 2427.705382][T28666]  ? __fget_files+0x2a/0x420
[ 2427.705402][T28666]  ? __fget_files+0x3a0/0x420
[ 2427.705422][T28666]  ? __fget_files+0x2a/0x420
[ 2427.705450][T28666]  security_file_ioctl+0xcb/0x2d0
[ 2427.705473][T28666]  __se_sys_ioctl+0x47/0x170
[ 2427.705505][T28666]  do_syscall_64+0xfa/0x3b0
[ 2427.705527][T28666]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2427.705548][T28666]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2427.705566][T28666]  ? clear_bhb_loop+0x60/0xb0
[ 2427.705591][T28666]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2427.705609][T28666] RIP: 0033:0x7fa846b8e9a9
[ 2427.705628][T28666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2427.705647][T28666] RSP: 002b:00007fa8449f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2427.705670][T28666] RAX: ffffffffffffffda RBX: 00007fa846db5fa0 RCX: 00007fa846b8e9a9
[ 2427.705685][T28666] RDX: 0000200000000200 RSI: 000000008050640a RDI: 0000000000000003
[ 2427.705698][T28666] RBP: 00007fa8449f6090 R08: 0000000000000000 R09: 0000000000000000
[ 2427.705712][T28666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2427.705724][T28666] R13: 0000000000000000 R14: 00007fa846db5fa0 R15: 00007ffe12655d98
[ 2427.705758][T28666]  </TASK>
[ 2427.705893][T28666] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2427.968672][T18983] usb 6-1: new high-speed USB device number 83 using dummy_hcd
[ 2428.009262][T28670] netlink: 'syz.3.5602': attribute type 10 has an invalid length.
[ 2428.098687][T20182] usb 9-1: new high-speed USB device number 25 using dummy_hcd
[ 2428.248622][T18983] usb 6-1: Using ep0 maxpacket: 16
[ 2428.255743][T18983] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[ 2428.270120][T18983] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 2428.281725][T18983] usb 6-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[ 2428.388367][T20182] usb 9-1: Using ep0 maxpacket: 16
[ 2429.031987][T18983] usb 6-1: config 1 has no interface number 1
[ 2429.062336][T18983] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[ 2429.079243][T18983] usb 6-1: New USB device found, idVendor=9f6b, idProduct=c643, bcdDevice= 0.9d
[ 2429.091184][T18983] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2429.101255][T18983] usb 6-1: Product: syz
[ 2429.105581][T18983] usb 6-1: Manufacturer: syz
[ 2429.110440][T18983] usb 6-1: SerialNumber: syz
[ 2429.184721][T20182] usb 9-1: config 1 has an invalid descriptor of length 140, skipping remainder of the config
[ 2429.202242][T20182] usb 9-1: config 1 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 2429.339061][T20182] usb 9-1: config 1 interface 0 has no altsetting 0
[ 2429.366210][T20182] usb 9-1: string descriptor 0 read error: -22
[ 2429.374804][T20182] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 2429.383975][T20182] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2429.558070][T28671] netlink: 32 bytes leftover after parsing attributes in process `syz.5.5603'.
[ 2430.264502][T28690] random: crng reseeded on system resumption
[ 2430.473398][T28698] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5608'.
[ 2431.161435][T28697] FAULT_INJECTION: forcing a failure.
[ 2431.161435][T28697] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2431.194093][T28697] CPU: 0 UID: 0 PID: 28697 Comm: syz.3.5609 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2431.194125][T28697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2431.194139][T28697] Call Trace:
[ 2431.194148][T28697]  <TASK>
[ 2431.194157][T28697]  dump_stack_lvl+0x189/0x250
[ 2431.194187][T28697]  ? __pfx____ratelimit+0x10/0x10
[ 2431.194209][T28697]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2431.194231][T28697]  ? __pfx__printk+0x10/0x10
[ 2431.194258][T28697]  ? __might_fault+0xb0/0x130
[ 2431.194292][T28697]  should_fail_ex+0x414/0x560
[ 2431.194320][T28697]  _copy_to_iter+0x1db/0x16f0
[ 2431.194355][T28697]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[ 2431.194377][T28697]  ? __pfx__copy_to_iter+0x10/0x10
[ 2431.194401][T28697]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[ 2431.194421][T28697]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 2431.194455][T28697]  signalfd_read_iter+0x793/0x980
[ 2431.194484][T28697]  ? signalfd_read_iter+0x337/0x980
[ 2431.194511][T28697]  ? __pfx_signalfd_read_iter+0x10/0x10
[ 2431.194556][T28697]  ? __pfx_default_wake_function+0x10/0x10
[ 2431.194591][T28697]  ? rcu_read_lock_any_held+0xb3/0x120
[ 2431.194622][T28697]  ? bpf_lsm_file_permission+0x9/0x20
[ 2431.194642][T28697]  ? security_file_permission+0x75/0x290
[ 2431.194676][T28697]  vfs_read+0x4cd/0x980
[ 2431.194717][T28697]  ? __pfx_vfs_read+0x10/0x10
[ 2431.194760][T28697]  ? __fget_files+0x2a/0x420
[ 2431.194792][T28697]  ksys_read+0x145/0x250
[ 2431.194824][T28697]  ? __pfx_ksys_read+0x10/0x10
[ 2431.194839][T28697]  ? rcu_is_watching+0x15/0xb0
[ 2431.194868][T28697]  ? do_syscall_64+0xbe/0x3b0
[ 2431.194895][T28697]  do_syscall_64+0xfa/0x3b0
[ 2431.194915][T28697]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2431.194936][T28697]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2431.194956][T28697]  ? clear_bhb_loop+0x60/0xb0
[ 2431.194981][T28697]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2431.195001][T28697] RIP: 0033:0x7fce5018e9a9
[ 2431.195019][T28697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2431.195037][T28697] RSP: 002b:00007fce50f45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2431.195061][T28697] RAX: ffffffffffffffda RBX: 00007fce503b5fa0 RCX: 00007fce5018e9a9
[ 2431.195081][T28697] RDX: 00000000fffffef0 RSI: 00002000000008c0 RDI: 0000000000000003
[ 2431.195094][T28697] RBP: 00007fce50f45090 R08: 0000000000000000 R09: 0000000000000000
[ 2431.195107][T28697] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2431.195120][T28697] R13: 0000000000000000 R14: 00007fce503b5fa0 R15: 00007ffc7a02ee18
[ 2431.195154][T28697]  </TASK>
[ 2431.726097][T20182] usb 9-1: USB disconnect, device number 25
[ 2431.976496][T28703] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[ 2431.994863][T18983] usb 6-1: cannot find UAC_HEADER
[ 2432.019094][T28705] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) !
[ 2432.071594][T18983] snd-usb-audio 6-1:1.2: probe with driver snd-usb-audio failed with error -22
[ 2432.132030][T18983] usb 6-1: USB disconnect, device number 83
[ 2433.096161][T28718] usb usb8: usbfs: process 28718 (syz.3.5616) did not claim interface 0 before use
[ 2433.394057][T28723] netlink: 'syz.0.5614': attribute type 3 has an invalid length.
[ 2433.401951][T28723] netlink: 'syz.0.5614': attribute type 1 has an invalid length.
[ 2433.409762][T28723] netlink: 193500 bytes leftover after parsing attributes in process `syz.0.5614'.
[ 2433.421289][T28723] sctp: [Deprecated]: syz.0.5614 (pid 28723) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2433.421289][T28723] Use struct sctp_sack_info instead
[ 2434.645672][T28736] mac80211_hwsim hwsim74 syzkaller0: Caught tx_queue_len zero misconfig
[ 2434.665732][T28736] input: syz1 as /devices/virtual/input/input69
[ 2434.684775][T28736] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 2436.134521][T28761] random: crng reseeded on system resumption
[ 2438.338509][T28773] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2438.656499][T28777] random: crng reseeded on system resumption
[ 2439.512312][   T43] usb 6-1: new full-speed USB device number 84 using dummy_hcd
[ 2439.701521][   T43] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[ 2439.994127][   T43] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[ 2440.253253][   T43] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 2440.460342][   T43] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2440.501819][   T43] usb 6-1: config 0 descriptor??
[ 2440.924468][T28781] IPv6: addrconf: prefix option has invalid lifetime
[ 2441.070768][   T43] ath6kl: Failed to submit usb control message: -71
[ 2441.084557][   T43] ath6kl: unable to send the bmi data to the device: -71
[ 2441.348299][   T43] ath6kl: Unable to send get target info: -71
[ 2441.430127][T28806] netlink: 20 bytes leftover after parsing attributes in process `syz.9.5639'.
[ 2441.844780][   T43] ath6kl: Failed to init ath6kl core: -71
[ 2441.890155][   T43] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 2441.988978][   T43] usb 6-1: USB disconnect, device number 84
[ 2442.311418][T28821] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5645'.
[ 2447.185316][T28864] netlink: 20 bytes leftover after parsing attributes in process `syz.9.5658'.
[ 2448.176877][T28875] 8021q: adding VLAN 0 to HW filter on device bond0
[ 2448.252195][T28878] FAULT_INJECTION: forcing a failure.
[ 2448.252195][T28878] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2448.388441][T28878] CPU: 1 UID: 0 PID: 28878 Comm: syz.0.5661 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2448.388474][T28878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2448.388487][T28878] Call Trace:
[ 2448.388496][T28878]  <TASK>
[ 2448.388505][T28878]  dump_stack_lvl+0x189/0x250
[ 2448.388535][T28878]  ? __pfx____ratelimit+0x10/0x10
[ 2448.388559][T28878]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2448.388581][T28878]  ? __pfx__printk+0x10/0x10
[ 2448.388607][T28878]  ? __might_fault+0xb0/0x130
[ 2448.388639][T28878]  should_fail_ex+0x414/0x560
[ 2448.388666][T28878]  _copy_from_user+0x2d/0xb0
[ 2448.388694][T28878]  __sys_bind+0x199/0x3e0
[ 2448.388722][T28878]  ? __pfx___sys_bind+0x10/0x10
[ 2448.388762][T28878]  ? __pfx_ksys_write+0x10/0x10
[ 2448.388779][T28878]  ? rcu_is_watching+0x15/0xb0
[ 2448.388810][T28878]  __x64_sys_bind+0x7a/0x90
[ 2448.388836][T28878]  do_syscall_64+0xfa/0x3b0
[ 2448.388858][T28878]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2448.388880][T28878]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2448.388908][T28878]  ? clear_bhb_loop+0x60/0xb0
[ 2448.388933][T28878]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2448.388953][T28878] RIP: 0033:0x7fa846b8e9a9
[ 2448.388971][T28878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2448.388990][T28878] RSP: 002b:00007fa8449d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031
[ 2448.389013][T28878] RAX: ffffffffffffffda RBX: 00007fa846db6080 RCX: 00007fa846b8e9a9
[ 2448.389028][T28878] RDX: 0000000000000040 RSI: 00002000000000c0 RDI: 0000000000000005
[ 2448.389042][T28878] RBP: 00007fa8449d5090 R08: 0000000000000000 R09: 0000000000000000
[ 2448.389054][T28878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2448.389066][T28878] R13: 0000000000000000 R14: 00007fa846db6080 R15: 00007ffe12655d98
[ 2448.389100][T28878]  </TASK>
[ 2448.392097][T28875] bond0: (slave rose0): Enslaving as an active interface with an up link
[ 2449.838393][ T5958] usb 9-1: new high-speed USB device number 26 using dummy_hcd
[ 2449.990908][ T5958] usb 9-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 2450.010591][ T5958] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2450.031694][ T5958] usb 9-1: config 0 descriptor??
[ 2450.038633][ T3419] usb 6-1: new full-speed USB device number 85 using dummy_hcd
[ 2450.047277][ T5958] gspca_main: cpia1-2.14.0 probing 0813:0001
[ 2450.215342][ T3419] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA3, changing to 0x83
[ 2450.266024][ T3419] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[ 2450.301438][ T3419] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[ 2450.326669][ T3419] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2450.388575][ T3419] usb 6-1: config 0 descriptor??
[ 2450.403009][T28893] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5666'.
[ 2451.090270][ T5958] gspca_cpia1: usb_control_msg 05, error -110
[ 2451.130903][ T5958] gspca_cpia1: usb_control_msg 01, error -32
[ 2451.157234][ T5958] gspca_cpia1: usb_control_msg 01, error -32
[ 2451.197036][T28887] IPv6: addrconf: prefix option has invalid lifetime
[ 2451.213171][ T5958] gspca_cpia1: usb_control_msg 01, error -32
[ 2451.247465][ T5958] gspca_cpia1: usb_control_msg 01, error -32
[ 2451.269874][ T5958] cpia1 9-1:0.0: only firmware version 1 is supported (got: 0)
[ 2451.329137][ T5958] usb 9-1: USB disconnect, device number 26
[ 2451.443037][ T3419] ath6kl: Failed to submit usb control message: -71
[ 2451.450430][ T3419] ath6kl: unable to send the bmi data to the device: -71
[ 2451.459721][ T3419] ath6kl: Unable to send get target info: -71
[ 2451.480760][ T3419] ath6kl: Failed to init ath6kl core: -71
[ 2451.488218][ T3419] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -71
[ 2451.553738][ T3419] usb 6-1: USB disconnect, device number 85
[ 2451.880117][T28904] fuse: Unknown parameter 'ro}tmode'
[ 2451.988429][T21766] usb 9-1: new high-speed USB device number 27 using dummy_hcd
[ 2452.188984][T21766] usb 9-1: Using ep0 maxpacket: 32
[ 2452.205361][T21766] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 2452.358653][T21766] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2452.375017][T21766] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[ 2452.401445][T21766] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2452.421994][T21766] usb 9-1: config 0 descriptor??
[ 2452.437057][T21766] hub 9-1:0.0: USB hub found
[ 2452.462392][T28923] netlink: 20 bytes leftover after parsing attributes in process `syz.5.5675'.
[ 2452.648702][T21766] hub 9-1:0.0: 1 port detected
[ 2454.175585][ T3419] hub 9-1:0.0: hub_ext_port_status failed (err = 0)
[ 2456.719743][ T5958] usb 9-1: USB disconnect, device number 27
[ 2456.892328][T28960] IPv6: NLM_F_REPLACE set, but no existing node found!
[ 2456.909310][T21766] usb 6-1: new high-speed USB device number 86 using dummy_hcd
[ 2457.108375][T21766] usb 6-1: Using ep0 maxpacket: 8
[ 2457.130166][T21766] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[ 2457.153994][T21766] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2457.194580][T21766] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 2457.225354][T21766] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[ 2457.263115][T21766] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2457.386373][T21766] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 2458.011581][T21766] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2458.170235][T27772] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2458.189525][T27772] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2458.232815][T21766] usb 6-1: GET_CAPABILITIES returned 0
[ 2458.238857][T21766] usbtmc 6-1:16.0: can't read capabilities
[ 2458.434480][T21766] usb 6-1: USB disconnect, device number 86
[ 2458.816840][T28986] FAULT_INJECTION: forcing a failure.
[ 2458.816840][T28986] name failslab, interval 1, probability 0, space 0, times 0
[ 2458.833493][T28986] CPU: 0 UID: 0 PID: 28986 Comm: syz.5.5690 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2458.833524][T28986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2458.833537][T28986] Call Trace:
[ 2458.833547][T28986]  <TASK>
[ 2458.833556][T28986]  dump_stack_lvl+0x189/0x250
[ 2458.833598][T28986]  ? __pfx____ratelimit+0x10/0x10
[ 2458.833623][T28986]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2458.833645][T28986]  ? __pfx__printk+0x10/0x10
[ 2458.833677][T28986]  ? __pfx___might_resched+0x10/0x10
[ 2458.833699][T28986]  ? fs_reclaim_acquire+0x7d/0x100
[ 2458.833738][T28986]  should_fail_ex+0x414/0x560
[ 2458.833765][T28986]  should_failslab+0xa8/0x100
[ 2458.833790][T28986]  __kmalloc_noprof+0xcb/0x4f0
[ 2458.833808][T28986]  ? kfree+0x4d/0x440
[ 2458.833834][T28986]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 2458.833867][T28986]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 2458.833895][T28986]  ? tomoyo_domain+0xda/0x130
[ 2458.833927][T28986]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 2458.833949][T28986]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 2458.833973][T28986]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2458.834012][T28986]  ? __lock_acquire+0xab9/0xd20
[ 2458.834057][T28986]  ? __fget_files+0x2a/0x420
[ 2458.834084][T28986]  ? __fget_files+0x2a/0x420
[ 2458.834103][T28986]  ? __fget_files+0x3a0/0x420
[ 2458.834124][T28986]  ? __fget_files+0x2a/0x420
[ 2458.834151][T28986]  security_file_ioctl+0xcb/0x2d0
[ 2458.834177][T28986]  __se_sys_ioctl+0x47/0x170
[ 2458.834210][T28986]  do_syscall_64+0xfa/0x3b0
[ 2458.834232][T28986]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2458.834254][T28986]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2458.834275][T28986]  ? clear_bhb_loop+0x60/0xb0
[ 2458.834301][T28986]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2458.834321][T28986] RIP: 0033:0x7f742d38e9a9
[ 2458.834341][T28986] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2458.834359][T28986] RSP: 002b:00007f742e28c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2458.834383][T28986] RAX: ffffffffffffffda RBX: 00007f742d5b6080 RCX: 00007f742d38e9a9
[ 2458.834397][T28986] RDX: 0000000000000000 RSI: 000000000000541b RDI: 0000000000000006
[ 2458.834410][T28986] RBP: 00007f742e28c090 R08: 0000000000000000 R09: 0000000000000000
[ 2458.834423][T28986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2458.834436][T28986] R13: 0000000000000001 R14: 00007f742d5b6080 R15: 00007ffc46515a78
[ 2458.834470][T28986]  </TASK>
[ 2458.834479][T28986] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2459.169058][T21766] usb 10-1: new full-speed USB device number 18 using dummy_hcd
[ 2459.308920][T21766] usb 10-1: device descriptor read/64, error -71
[ 2459.740732][T21766] usb 10-1: new full-speed USB device number 19 using dummy_hcd
[ 2459.988493][T21766] usb 10-1: device descriptor read/64, error -71
[ 2460.399166][T21766] usb usb10-port1: attempt power cycle
[ 2460.651045][T29011] netlink: 'syz.0.5698': attribute type 4 has an invalid length.
[ 2460.687018][T29011] dvmrp0: entered allmulticast mode
[ 2460.739218][T29016] FAULT_INJECTION: forcing a failure.
[ 2460.739218][T29016] name failslab, interval 1, probability 0, space 0, times 0
[ 2460.778609][T21766] usb 10-1: new full-speed USB device number 20 using dummy_hcd
[ 2460.794023][T29016] CPU: 0 UID: 0 PID: 29016 Comm: syz.5.5699 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2460.794059][T29016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2460.794072][T29016] Call Trace:
[ 2460.794082][T29016]  <TASK>
[ 2460.794091][T29016]  dump_stack_lvl+0x189/0x250
[ 2460.794123][T29016]  ? __pfx____ratelimit+0x10/0x10
[ 2460.794146][T29016]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2460.794170][T29016]  ? __pfx__printk+0x10/0x10
[ 2460.794203][T29016]  ? __pfx___might_resched+0x10/0x10
[ 2460.794234][T29016]  ? fs_reclaim_acquire+0x7d/0x100
[ 2460.794266][T29016]  should_fail_ex+0x414/0x560
[ 2460.794294][T29016]  should_failslab+0xa8/0x100
[ 2460.794319][T29016]  __kmalloc_noprof+0xcb/0x4f0
[ 2460.794338][T29016]  ? kfree+0x4d/0x440
[ 2460.794364][T29016]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 2460.794396][T29016]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 2460.794425][T29016]  ? tomoyo_domain+0xda/0x130
[ 2460.794466][T29016]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 2460.794490][T29016]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 2460.794516][T29016]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 2460.794560][T29016]  ? __lock_acquire+0xab9/0xd20
[ 2460.794605][T29016]  ? __fget_files+0x2a/0x420
[ 2460.794633][T29016]  ? __fget_files+0x2a/0x420
[ 2460.794654][T29016]  ? __fget_files+0x3a0/0x420
[ 2460.794676][T29016]  ? __fget_files+0x2a/0x420
[ 2460.794703][T29016]  security_file_ioctl+0xcb/0x2d0
[ 2460.794730][T29016]  __se_sys_ioctl+0x47/0x170
[ 2460.794764][T29016]  do_syscall_64+0xfa/0x3b0
[ 2460.794786][T29016]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2460.794808][T29016]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2460.794829][T29016]  ? clear_bhb_loop+0x60/0xb0
[ 2460.794855][T29016]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2460.794875][T29016] RIP: 0033:0x7f742d38e9a9
[ 2460.794896][T29016] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2460.794916][T29016] RSP: 002b:00007f742e28c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2460.794941][T29016] RAX: ffffffffffffffda RBX: 00007f742d5b6080 RCX: 00007f742d38e9a9
[ 2460.794956][T29016] RDX: 0000200000000040 RSI: 00000000c028aa05 RDI: 0000000000000003
[ 2460.794969][T29016] RBP: 00007f742e28c090 R08: 0000000000000000 R09: 0000000000000000
[ 2460.794983][T29016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2460.794996][T29016] R13: 0000000000000001 R14: 00007f742d5b6080 R15: 00007ffc46515a78
[ 2460.795029][T29016]  </TASK>
[ 2460.795039][T29016] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 2460.819059][T21766] usb 10-1: device descriptor read/8, error -71
[ 2461.328569][T21766] usb 10-1: new full-speed USB device number 21 using dummy_hcd
[ 2461.408839][T21766] usb 10-1: device descriptor read/8, error -71
[ 2461.566646][T21766] usb usb10-port1: unable to enumerate USB device
[ 2462.261482][T29024] netlink: 64 bytes leftover after parsing attributes in process `syz.3.5700'.
[ 2462.273538][T29023] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 2462.319231][T29034] FAULT_INJECTION: forcing a failure.
[ 2462.319231][T29034] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 2462.354648][T29034] CPU: 1 UID: 0 PID: 29034 Comm: syz.9.5704 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2462.354671][T29034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2462.354679][T29034] Call Trace:
[ 2462.354685][T29034]  <TASK>
[ 2462.354692][T29034]  dump_stack_lvl+0x189/0x250
[ 2462.354712][T29034]  ? __pfx____ratelimit+0x10/0x10
[ 2462.354726][T29034]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2462.354740][T29034]  ? __pfx__printk+0x10/0x10
[ 2462.354757][T29034]  ? fs_reclaim_acquire+0x7d/0x100
[ 2462.354776][T29034]  should_fail_ex+0x414/0x560
[ 2462.354792][T29034]  prepare_alloc_pages+0x213/0x610
[ 2462.354812][T29034]  __alloc_frozen_pages_noprof+0x123/0x370
[ 2462.354830][T29034]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 2462.354850][T29034]  ? policy_nodemask+0x27c/0x720
[ 2462.354873][T29034]  alloc_pages_mpol+0x232/0x4a0
[ 2462.354890][T29034]  alloc_migration_target_by_mpol+0x2e6/0x590
[ 2462.354911][T29034]  migrate_pages_batch+0x79d/0x2830
[ 2462.354940][T29034]  ? __pfx_alloc_migration_target_by_mpol+0x10/0x10
[ 2462.354957][T29034]  ? __pfx_migrate_pages_batch+0x10/0x10
[ 2462.354987][T29034]  migrate_pages+0x1bcc/0x2930
[ 2462.355012][T29034]  ? __pfx_alloc_migration_target_by_mpol+0x10/0x10
[ 2462.355033][T29034]  ? __pfx_migrate_pages+0x10/0x10
[ 2462.355047][T29034]  ? __pfx_walk_page_range_mm+0x10/0x10
[ 2462.355079][T29034]  ? mas_next_slot+0xc20/0xcf0
[ 2462.355121][T29034]  ? up_write+0x1c4/0x420
[ 2462.355147][T29034]  __se_sys_mbind+0xa3e/0xc30
[ 2462.355166][T29034]  ? __pfx_vfs_write+0x10/0x10
[ 2462.355179][T29034]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 2462.355194][T29034]  ? __pfx___se_sys_mbind+0x10/0x10
[ 2462.355224][T29034]  ? rcu_is_watching+0x15/0xb0
[ 2462.355241][T29034]  ? __x64_sys_mbind+0x21/0xf0
[ 2462.355261][T29034]  do_syscall_64+0xfa/0x3b0
[ 2462.355274][T29034]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2462.355287][T29034]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2462.355299][T29034]  ? clear_bhb_loop+0x60/0xb0
[ 2462.355323][T29034]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2462.355343][T29034] RIP: 0033:0x7f2dbfb8e9a9
[ 2462.355369][T29034] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2462.355404][T29034] RSP: 002b:00007f2dbd9f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[ 2462.355426][T29034] RAX: ffffffffffffffda RBX: 00007f2dbfdb5fa0 RCX: 00007f2dbfb8e9a9
[ 2462.355440][T29034] RDX: 0000000000000000 RSI: 0000000000c00000 RDI: 0000200000000000
[ 2462.355453][T29034] RBP: 00007f2dbd9f6090 R08: 0000000000000000 R09: 0000000000000002
[ 2462.355465][T29034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2462.355477][T29034] R13: 0000000000000000 R14: 00007f2dbfdb5fa0 R15: 00007ffd09a98d68
[ 2462.355508][T29034]  </TASK>
[ 2462.948936][T29038] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5705'.
[ 2463.097505][T29042] netlink: 20 bytes leftover after parsing attributes in process `syz.9.5707'.
[ 2465.316865][T29059] 
[ 2465.319254][T29059] ======================================================
[ 2465.326299][T29059] WARNING: possible circular locking dependency detected
[ 2465.333515][T29059] 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 Not tainted
[ 2465.340631][T29059] ------------------------------------------------------
[ 2465.347652][T29059] syz.9.5713/29059 is trying to acquire lock:
[ 2465.353718][T29059] ffff888143373358 (&disk->open_mutex){+.+.}-{4:4}, at: __del_gendisk+0x129/0x9e0
[ 2465.362968][T29059] 
[ 2465.362968][T29059] but task is already holding lock:
[ 2465.370337][T29059] ffff888143372368 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160
[ 2465.379929][T29059] 
[ 2465.379929][T29059] which lock already depends on the new lock.
[ 2465.379929][T29059] 
[ 2465.390337][T29059] 
[ 2465.390337][T29059] the existing dependency chain (in reverse order) is:
[ 2465.399620][T29059] 
[ 2465.399620][T29059] -> #2 (&set->update_nr_hwq_lock){++++}-{4:4}:
[ 2465.408065][T29059]        lock_acquire+0x120/0x360
[ 2465.413098][T29059]        down_write+0x96/0x1f0
[ 2465.417871][T29059]        blk_mq_update_nr_hw_queues+0x3b/0x14c0
[ 2465.424122][T29059]        nbd_start_device+0x16c/0xac0
[ 2465.429503][T29059]        nbd_ioctl+0x636/0xeb0
[ 2465.434272][T29059]        blkdev_ioctl+0x5a5/0x6d0
[ 2465.439331][T29059]        __se_sys_ioctl+0xf9/0x170
[ 2465.444477][T29059]        do_syscall_64+0xfa/0x3b0
[ 2465.449507][T29059]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2465.455931][T29059] 
[ 2465.455931][T29059] -> #1 (&nbd->config_lock){+.+.}-{4:4}:
[ 2465.463763][T29059]        lock_acquire+0x120/0x360
[ 2465.468796][T29059]        __mutex_lock+0x182/0xe80
[ 2465.473830][T29059]        refcount_dec_and_mutex_lock+0x30/0xa0
[ 2465.479994][T29059]        nbd_config_put+0x2c/0x790
[ 2465.485118][T29059]        nbd_release+0xfe/0x140
[ 2465.489980][T29059]        bdev_release+0x533/0x650
[ 2465.495017][T29059]        blkdev_release+0x15/0x20
[ 2465.500055][T29059]        __fput+0x44c/0xa70
[ 2465.504569][T29059]        fput_close_sync+0x119/0x200
[ 2465.509863][T29059]        __x64_sys_close+0x7f/0x110
[ 2465.515073][T29059]        do_syscall_64+0xfa/0x3b0
[ 2465.520111][T29059]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2465.526533][T29059] 
[ 2465.526533][T29059] -> #0 (&disk->open_mutex){+.+.}-{4:4}:
[ 2465.534374][T29059]        validate_chain+0xb9b/0x2140
[ 2465.539666][T29059]        __lock_acquire+0xab9/0xd20
[ 2465.544866][T29059]        lock_acquire+0x120/0x360
[ 2465.549893][T29059]        __mutex_lock+0x182/0xe80
[ 2465.554951][T29059]        __del_gendisk+0x129/0x9e0
[ 2465.560093][T29059]        del_gendisk+0xe8/0x160
[ 2465.564971][T29059]        loop_remove+0x42/0xc0
[ 2465.569755][T29059]        loop_control_ioctl+0x4ac/0x5a0
[ 2465.575311][T29059]        __se_sys_ioctl+0xf9/0x170
[ 2465.580451][T29059]        do_syscall_64+0xfa/0x3b0
[ 2465.585495][T29059]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2465.591923][T29059] 
[ 2465.591923][T29059] other info that might help us debug this:
[ 2465.591923][T29059] 
[ 2465.602155][T29059] Chain exists of:
[ 2465.602155][T29059]   &disk->open_mutex --> &nbd->config_lock --> &set->update_nr_hwq_lock
[ 2465.602155][T29059] 
[ 2465.616341][T29059]  Possible unsafe locking scenario:
[ 2465.616341][T29059] 
[ 2465.623797][T29059]        CPU0                    CPU1
[ 2465.629163][T29059]        ----                    ----
[ 2465.634538][T29059]   rlock(&set->update_nr_hwq_lock);
[ 2465.639829][T29059]                                lock(&nbd->config_lock);
[ 2465.646965][T29059]                                lock(&set->update_nr_hwq_lock);
[ 2465.654695][T29059]   lock(&disk->open_mutex);
[ 2465.659298][T29059] 
[ 2465.659298][T29059]  *** DEADLOCK ***
[ 2465.659298][T29059] 
[ 2465.667449][T29059] 1 lock held by syz.9.5713/29059:
[ 2465.672570][T29059]  #0: ffff888143372368 (&set->update_nr_hwq_lock){++++}-{4:4}, at: del_gendisk+0xe0/0x160
[ 2465.682611][T29059] 
[ 2465.682611][T29059] stack backtrace:
[ 2465.688508][T29059] CPU: 1 UID: 0 PID: 29059 Comm: syz.9.5713 Not tainted 6.16.0-rc7-syzkaller-00034-g25fae0b93d1d #0 PREEMPT(full) 
[ 2465.688530][T29059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[ 2465.688541][T29059] Call Trace:
[ 2465.688548][T29059]  <TASK>
[ 2465.688555][T29059]  dump_stack_lvl+0x189/0x250
[ 2465.688577][T29059]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2465.688596][T29059]  ? __pfx__printk+0x10/0x10
[ 2465.688617][T29059]  ? print_lock_name+0xde/0x100
[ 2465.688639][T29059]  print_circular_bug+0x2ee/0x310
[ 2465.688661][T29059]  check_noncircular+0x134/0x160
[ 2465.688683][T29059]  validate_chain+0xb9b/0x2140
[ 2465.688705][T29059]  ? __lock_acquire+0xab9/0xd20
[ 2465.688725][T29059]  __lock_acquire+0xab9/0xd20
[ 2465.688742][T29059]  ? __del_gendisk+0x129/0x9e0
[ 2465.688761][T29059]  lock_acquire+0x120/0x360
[ 2465.688774][T29059]  ? __del_gendisk+0x129/0x9e0
[ 2465.688796][T29059]  ? lockdep_unlock+0x89/0x120
[ 2465.688820][T29059]  __mutex_lock+0x182/0xe80
[ 2465.688837][T29059]  ? __del_gendisk+0x129/0x9e0
[ 2465.688859][T29059]  ? __del_gendisk+0x129/0x9e0
[ 2465.688878][T29059]  ? __pfx___mutex_lock+0x10/0x10
[ 2465.688896][T29059]  ? __pfx___might_resched+0x10/0x10
[ 2465.688915][T29059]  ? __lock_acquire+0xab9/0xd20
[ 2465.688929][T29059]  ? disk_del_events+0xb5/0x210
[ 2465.688949][T29059]  ? __del_gendisk+0xc1/0x9e0
[ 2465.688969][T29059]  __del_gendisk+0x129/0x9e0
[ 2465.688989][T29059]  ? del_gendisk+0xe0/0x160
[ 2465.689010][T29059]  ? __pfx___del_gendisk+0x10/0x10
[ 2465.689032][T29059]  ? down_read+0x1ad/0x2e0
[ 2465.689052][T29059]  del_gendisk+0xe8/0x160
[ 2465.689073][T29059]  loop_remove+0x42/0xc0
[ 2465.689097][T29059]  loop_control_ioctl+0x4ac/0x5a0
[ 2465.689114][T29059]  ? __pfx_loop_control_ioctl+0x10/0x10
[ 2465.689127][T29059]  ? __fget_files+0x2a/0x420
[ 2465.689146][T29059]  ? bpf_lsm_file_ioctl+0x9/0x20
[ 2465.689165][T29059]  ? __pfx_loop_control_ioctl+0x10/0x10
[ 2465.689179][T29059]  __se_sys_ioctl+0xf9/0x170
[ 2465.689202][T29059]  do_syscall_64+0xfa/0x3b0
[ 2465.689220][T29059]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2465.689236][T29059]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2465.689251][T29059]  ? clear_bhb_loop+0x60/0xb0
[ 2465.689268][T29059]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2465.689282][T29059] RIP: 0033:0x7f2dbfb8e9a9
[ 2465.689297][T29059] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 2465.689311][T29059] RSP: 002b:00007f2dbd9f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 2465.689329][T29059] RAX: ffffffffffffffda RBX: 00007f2dbfdb5fa0 RCX: 00007f2dbfb8e9a9
[ 2465.689342][T29059] RDX: 0000000000000000 RSI: 0000000000004c81 RDI: 0000000000000003
[ 2465.689353][T29059] RBP: 00007f2dbfc10d69 R08: 0000000000000000 R09: 0000000000000000
[ 2465.689364][T29059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2465.689374][T29059] R13: 0000000000000000 R14: 00007f2dbfdb5fa0 R15: 00007ffd09a98d68
[ 2465.689400][T29059]  </TASK>
[ 2467.650825][ T1300] ieee802154 phy0 wpan0: encryption failed: -22
[ 2467.657164][ T1300] ieee802154 phy1 wpan1: encryption failed: -22