last executing test programs:

11m49.533336136s ago: executing program 1 (id=1374):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x4, <r5=>r3})
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000380)={0x24, 0x2b, 0xb, 0x0, 0x0, {0x8}, [@typed={0x4, 0x3}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @pid}]}]}, 0x24}}, 0xc00)
r7 = syz_open_dev$dri(&(0x7f0000000040), 0x1ff, 0x80000)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f00000000c0)={0x0, 0x0, r5})
ioctl$DMA_BUF_IOCTL_SYNC(r5, 0x40086200, &(0x7f0000000080)=0x1)
r8 = socket(0x15, 0x5, 0x0)
getsockopt(r8, 0x200000000114, 0x271b, 0x0, &(0x7f0000000000))
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000180)={'ip_vti0\x00', 0x0})

11m48.504181222s ago: executing program 1 (id=1376):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="5c0000000206030000000000000000000000000014000780080008400000000008001240ffffffe80500010006000000050005000200000005000400000000000900020073797a31000000000d000300686173683a6e6574"], 0x5c}}, 0x0)
r1 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x7, 0x2)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r1, 0xc10c5541, &(0x7f00000001c0)={0x100, 0x5, 0x1})

11m47.784868419s ago: executing program 1 (id=1377):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_mount_image$udf(&(0x7f0000000180), &(0x7f0000000100)='./bus\x00', 0x1014494, &(0x7f0000001540)={[{@iocharset={'iocharset', 0x3d, 'iso8859-6'}}, {@partition={'partition', 0x3d, 0x6}}, {@gid_forget}, {@session={'session', 0x3d, 0xfe7}}, {@iocharset={'iocharset', 0x3d, 'macromanian'}}, {@anchor}, {@uid_forget}]}, 0xfe, 0xc2d, &(0x7f0000003140)="$eJzs3UFsHNd9B+D/Gy5FSm4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmCIJkmpkI63pXnroIUBR9JATgdYokKKB0RRBj2zrAsnFhyKnnogWNoKiB7YIkJOxxcy+lZY0ZcmmKFH299nUb3fmvd333ixnJIJvXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEb/34vmTz6QH3QoA4H66OPX1k6dc/wHgU+WSf/8DAAAAAAAAAAAAAMBBl6KIRyPF0sWtNFM97xq+0F64fmN6fGL3aodTVXOgKl9+DT9z6vSZrzw7draXH17/Xns8Xp66dL7+wuK1peXWykprrj690J5dnGvd9Svstf5Oo9UA1K+9cn3uypWV+qmnT2/bfWPkvaFHjo2cG3vyxBO9stPjExNTfWVqgx/73T/gdjM8DkURJyLFU9//aWpGRBF7H4s7fHb22+GqE6NVJ6bHJ6qOzLebC6vlzsneQBQR9b5Kjd4Y3YdjsSeNiLWy+WWDR8vuTS01l5uX51v1yebyanu1vbgwmbqtLftTjyLOpoj1iNgc+uDLDUYRtUjx3aNb6XJEDPTG4cvVxODbt6PYxz7ehbKd9cGI9eIhOGYH2FAU8VKk+NnbRcyWY5a/4ksRL5X5w4g3y3w+IpUfjDMR7+7yOeLhVIsi/rw8/ue20lx1PuidVy58o/61hSuLfWV755WH/vpwPx3wc9NwFNGszvhb6eP/ZQcAAAAAAAAAAAAAAACAe+1wFPF4pHjx3/+omlcc1bz0o+fGfn/kF/vnjD92h9cpyz4dEWvF3c3JPZSnEE+myZQe8FziT7PhKOKP8/y/Nx50YwAAAAAAAAAAAAAAAAAAAD7lfhIpnnvneFqP/jXF2wtX65eal+e7q8L21v7trZne6XQ69dTNRs6ZnGs513Nu5NzMGUWun7ORcybnWs71nBs5N3PGQK6fs5FzJudazvWcGzk3c0Yt18/ZyDmTcy3nes6NnJs544Cs3QsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8ElSRBHvR4rvfGsrRYqIRsRMdHNjqFcGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHiQhlIRP4gU9T9o3NxWi4hU/d91vPzjTDQOlfnZaIyV+Xw0zudsVllrvPEA2s/eDKYifhwphobfunnA8/Ef7D67+TGIN79969mv1Lo50Ns58t7QI8eOnhub+LXHbvc47daA0Qvthes36tPjExNTfZtr+d0/27dtJL9vcW+6TkSsvPraK835+dbyp+ZBEQeiGQ/qQa37oBYHpD3360E+X8Uuu4qD8F3QOCgD1XvwgE9M3Bfl9f/dSPHb7/xH74Lfu/7/QvfZzSt8/PxPbl3/n9v5Qvt0/X+0b9tz+W8jg7WI4dVrS4PHIoZXXn3tRPta82rramvhzMmTXx0b++rpk4OHIoavtOdbfY/2PFQAAAAAAAAAAAAAAAAA91cq4ncjRfPHW6keETeq+Voj58aePPHEQAxU8622zdt6eerS+foLi9eWllsrK625+vRCe3ZxrnW3bzdcTfeaHp/Yl87c0eF9bv/h4RcWl15dbl/9w9Vd9x8ZPn95ZXW5Obv77jgcRUSjf8to1eDp8Ymq0fPt5kJVdXLXyXQf3WAq4j8jxeyZ+qHetjz/b+cM/23z/9d2vtA+zf/7TN+28j1TKuLnkeK3/uKx+GLVziPxgTHL5f4mUoye/UIuF4fKcr02dO8r0J0ZWJb930jxD+9vL9ubD/norbLP3O24PizK4380Uvzgz74Xv563bb//w+7H/8jOF9qn4/+5vm1Htt2vYM9dJx//E5Hi+Uffit/I2z7s/h9FdDqd1yOO58I378+xT8f/833bRqL7vr9577oPAAAAAAAAAADw0BpMRfxtpHhiopaezdvu5vf/5na+0D79/tcv922b6//9v94vZ+7D8id7GlAAAAAAOEAGUxE/iRRXV9+6OYd6+/zvvvmfv3Nr7fXxtGNv9XO+X6ruG3Avf/7XbyS/78zeuw0AAAAAAAAAAAAAAAAAAAAHSkpFPJvXU5+5w3rqG5Hixf9+KpdLx8pyvXXgR6o/hy8uLpw4Pz+/ONtcbV6eb9WnlpqzrbLu5yLF1l9/IdctqvXVv5jrdtd4H+701mJfjhQTf9cr212Lvbc2eXc98O5a7GXZz0SK//r77WV761h//lbZU2XZv4oU3/yn3cseu1X2dFn2e5HiR9+s98oeKcv27o/avSfpcC3mW0/PLs5/4FaoAAAAAAAAAAAAAAAAAAAA8FENpiL+NFL8z7X1WKum/b9xc1fOWm/Dm9/uW+9/hxvVOv8j1fr/t3v8cdb/H7knvQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIdLiiJeixRLF7fSxlD5vGv4Qnvh+o3p8Yndqx1OVc2Bqnz5NfzMqdNnvvLs2Nlefnj9e+3xeHnq0vn6C4vXlpZbKyutufr0Qnt2ca5116+w1/q3hq5rtBqA+rVXrs9dubJSP/X06W27b4y8N/TIsZFzY0+eeKJXdnp8YmKqr0xt8CO8+0dq3C2Hooi/jBRPff+n6Z+HIorY+1jc4bOz3w5XnRitOjE9PlF1ZL7dXFgtd072BqKIqPdVavTG6D4ciz1pRKyVzS8bPFp2b2qpudy8PN+qTzaXV9ur7cWFydRtbdmfehRxNkWsR8TmUP8LHcpZxCuR4rtHt9K/DEUM9Mbhyxenvn7y1O3bUexrL+/g9aqd9cGI9eIhOGYH2FAU8Y+R4mdvH49/HYqoRfcrvhTxUpk/jHizzOcjUvnBOBPx7tCDbjX3Si2K+L/y+J/bSm8PRVTfMtV55cI36l9buLLYV7Z3Xtl5fehExEN1fbifDvi5aTiK+FF1xt9K/+b7GgAAAAAAAAAAAAAAAOAAKeJXO53O6+8cT9X84JtzitsLV+uXmpfnu9P6enP/enOmO51Op5662cg5k3Mt53rOjZybOaPI9XM2cs7kXMu5nnMj52bOGMj1czZyzuRcy7mecyPnZs6o5fo5Gzlncq7lXM+5kXMzZxyQuXsAAAAAAAAAAAAAAAAAAMAnS1H9l+I739pKnaHu+tIz0c0N64F+4v1/AAAA//9TMfu7")
sendto$inet6(r0, &(0x7f0000000e40)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c)
readv(r0, &(0x7f0000000240)=[{&(0x7f0000000380)=""/132, 0x84}], 0x1)

11m44.844967983s ago: executing program 1 (id=1383):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000340)={'ip6tnl0\x00', &(0x7f00000002c0)=@ethtool_cmd={0x4f, 0x5, 0x8, 0x4fec, 0x4, 0x8, 0x1, 0x4, 0x2, 0x3, 0x95, 0x400, 0xfff7, 0x8, 0x6, 0xc3, [0x1, 0x9]}})
setgroups(0x0, 0x0)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0)

11m43.430268784s ago: executing program 1 (id=1388):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0xfc5cd7921c2c19c4, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x220)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40000, 0x120)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000), 0x888000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r2=>r0}, './file0\x00'})
r3 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r3, 0x0, 0x0)
syz_usb_control_io$uac1(r3, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_DELRULE={0x60, 0x8, 0xa, 0x0, 0x0, 0x0, {0xa, 0x0, 0x3}, [@NFTA_RULE_ID={0x8}, @NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x4}, @NFTA_RULE_COMPAT={0x3c, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x16}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x33}, @NFTA_RULE_COMPAT_PROTO_IPV6={0x8, 0x1, 0x1, 0x0, 0x2e}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x4}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x89}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_RULE_COMPAT_PROTO_IPV4={0x8, 0x1, 0x1, 0x0, 0x6c}]}]}, @NFT_MSG_DELSETELEM={0x20, 0xe, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x5}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xa8}, 0x1, 0x0, 0x0, 0x4c054}, 0x4000010)
syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000440)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB="2000000000001e1f6d037490ec3d5dd5f5cb22275134201e412a4978af3ca0714ae04438a29c7326e81d2767400197b22a53d2fd667b7ed15ccd2be5"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

11m38.342207163s ago: executing program 1 (id=1400):
unshare(0x22020600)
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_HANDLE(r0, 0x113, 0x3, 0x0, 0x0)
getsockopt$PNPIPE_HANDLE(r0, 0x113, 0x3, 0x0, &(0x7f0000000240))
openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x90, r2, 0x1, 0x70bd2b, 0xfffffffd, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x2}, @NLBL_CIPSOV4_A_MLSCATLST={0x6c, 0xc, 0x0, 0x1, [{0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49001082}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1378627a}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2b168f3c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41a1ede6}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5cbc}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6c912164}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30b63c73}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa52a}, @NLBL_CIPSOV4_A_MLSCATLOC={0xfffffffffffffd47, 0x9, 0x472668e2}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x43ea9ace}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x344a9267}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x177bf8c2}]}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x90}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x6, [@enum={0x0, 0x1, 0x0, 0x6, 0x4, [{0x1, 0xa}]}]}, {0x0, [0x61, 0x0, 0x0, 0x61]}}, &(0x7f00000000c0)=""/158, 0x32, 0x9e, 0x1}, 0x28)
openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1000008, 0x4000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_TIMERSLACK(0x1d, 0x3)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0xffffffc2)
r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$kcm(0x1e, 0x5, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0)
io_setup(0x202, &(0x7f0000000200)=<r6=>0x0)
io_submit(r6, 0x2, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r5, &(0x7f00000000c0)='!', 0xb7f40, 0x3000000000000000}])
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
recvmsg(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f00000000c0)=""/217, 0xd9}], 0x1}, 0x40002022)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000c80)=ANY=[@ANYBLOB="4c00ed0000120a", @ANYRES32=0x0, @ANYBLOB="802100000000000014000300776c616e300000000000000000000000180016801400018010000200ffffffffc50e000001000000"], 0x4c}}, 0x0)

11m22.477048805s ago: executing program 32 (id=1400):
unshare(0x22020600)
r0 = socket$phonet_pipe(0x23, 0x5, 0x2)
setsockopt$PNPIPE_HANDLE(r0, 0x113, 0x3, 0x0, 0x0)
getsockopt$PNPIPE_HANDLE(r0, 0x113, 0x3, 0x0, &(0x7f0000000240))
openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r1)
sendmsg$NLBL_CIPSOV4_C_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x90, r2, 0x1, 0x70bd2b, 0xfffffffd, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x2}, @NLBL_CIPSOV4_A_MLSCATLST={0x6c, 0xc, 0x0, 0x1, [{0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49001082}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1378627a}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2b168f3c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41a1ede6}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5cbc}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6c912164}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30b63c73}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa52a}, @NLBL_CIPSOV4_A_MLSCATLOC={0xfffffffffffffd47, 0x9, 0x472668e2}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x43ea9ace}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x344a9267}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x177bf8c2}]}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x90}}, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x6, [@enum={0x0, 0x1, 0x0, 0x6, 0x4, [{0x1, 0xa}]}]}, {0x0, [0x61, 0x0, 0x0, 0x61]}}, &(0x7f00000000c0)=""/158, 0x32, 0x9e, 0x1}, 0x28)
openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1000008, 0x4000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prctl$PR_SET_TIMERSLACK(0x1d, 0x3)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0xffffffc2)
r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$kcm(0x1e, 0x5, 0x0)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0)
io_setup(0x202, &(0x7f0000000200)=<r6=>0x0)
io_submit(r6, 0x2, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r5, &(0x7f00000000c0)='!', 0xb7f40, 0x3000000000000000}])
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
recvmsg(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f00000000c0)=""/217, 0xd9}], 0x1}, 0x40002022)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000c80)=ANY=[@ANYBLOB="4c00ed0000120a", @ANYRES32=0x0, @ANYBLOB="802100000000000014000300776c616e300000000000000000000000180016801400018010000200ffffffffc50e000001000000"], 0x4c}}, 0x0)

9m59.940073791s ago: executing program 2 (id=1652):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
r2 = add_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000100)={'syz', 0x3}, &(0x7f0000000080)="f8", 0x1, 0xfffffffffffffffe)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, r1, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r2, r1, 0x4)
r3 = add_key$keyring(0x0, &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffff9)
keyctl$KEYCTL_MOVE(0x1e, r2, r3, 0x0, 0x1)
r4 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_ADDFB(r4, 0xc01c64ae, &(0x7f00000001c0)={0x0, 0x8001, 0x8e, 0x7, 0x40, 0x0, 0x400})
syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r0)
ioctl$TCSETA(0xffffffffffffffff, 0x5406, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0)
write(r5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r7, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4)
recvmmsg(r7, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x10022, 0x0)
r8 = socket$packet(0x11, 0x2, 0x300)
syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x34, &(0x7f0000000140)=ANY=[@ANYBLOB="d7fbed92884d47fe274f03418400"], 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)={0x20, 0x0, 0x1, 0xf0}})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'geneve0\x00', <r9=>0x0})
sendto$packet(r8, &(0x7f00000000c0)="10", 0x1, 0x0, &(0x7f0000000200)={0x11, 0x8100, r9, 0x1, 0x1, 0x6, @multicast}, 0x14)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r10=>0xffffffffffffffff, <r11=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r11, 0x1, 0x1a, &(0x7f0000000040)={0x3, &(0x7f0000000340)=[{0x20, 0xc, 0x7b, 0xfffff038}, {0x28, 0x0, 0xdb}, {0x6, 0x0, 0x0, 0xfffffffe}]}, 0x10)
sendmmsg(r10, &(0x7f0000001c00), 0x400000000000159, 0x40840)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

9m57.670674713s ago: executing program 2 (id=1661):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
unshare(0x2c060000)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0/..\x00', &(0x7f0000000080)={0x200000, 0x0, 0x10}, 0x18)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r1, 0x0, 0xa}, 0x18)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407030000060000001d440000000000006b0a20fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf71126233cb8791c3c"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48)

9m56.652961547s ago: executing program 2 (id=1662):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000200))
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000340)=0x7)
ioctl$TIOCSSOFTCAR(r0, 0x541a, &(0x7f0000000000))
ioctl$TCSETAW(r0, 0x5407, &(0x7f0000000240)={0x1ff, 0x6, 0xfffc, 0xffff, 0x19, "0e0d708c113cf96c"})

9m55.454959747s ago: executing program 2 (id=1663):
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x2bc3c1f, 0xffffffffffffffff, 0x7, 0x0, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(0xffffffffffffffff, 0x84, 0x65, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000004c0)={{0xffffffffffffffff, <r0=>0xffffffffffffffff}, &(0x7f0000000440), &(0x7f0000000480)}, 0x20)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000580)={'ip_vti0\x00', &(0x7f0000000500)={'syztnl0\x00', <r1=>0x0, 0x8, 0x700, 0x0, 0x8e, {{0x5, 0x4, 0x1, 0x5, 0x14, 0x68, 0x123c, 0x70, 0x29, 0x0, @loopback, @rand_addr=0x64010102}}}})
r2 = bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000cc0)=@base={0x13, 0x3, 0xa4, 0x40d64601, 0x1, r0, 0x3077, '\x00', r1, r2, 0x5, 0x1, 0x5}, 0x50)
r3 = openat$full(0xffffffffffffff9c, 0x0, 0x210040, 0x0)
getsockopt$inet6_IPV6_IPSEC_POLICY(r3, 0x29, 0x22, &(0x7f0000000fc0)={{{@in=@local, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{}, 0x0, @in6=@ipv4={""/10, ""/2, @empty}}}, &(0x7f0000000800)=0xe8)
sendmsg$nl_xfrm(r3, &(0x7f0000000040)={&(0x7f00000007c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000ac0)={&(0x7f0000000940)=@migrate={0x160, 0x21, 0x800, 0x5, 0x25dfdbfc, {{@in=@local, @in6=@mcast2, 0x4e20, 0x82, 0x4e20, 0x0, 0xa, 0x80, 0xa0, 0xff, r1, 0xee01}, 0x6e6bb6, 0x2}, [@replay_esn_val={0x2c, 0x17, {0x4, 0x70bd2a, 0x70bd2d, 0x70bd29, 0x70bd25, 0xf08e, [0x3ff, 0x2, 0x1d63, 0x6]}}, @sa={0xe4, 0x6, {{@in6=@private1={0xfc, 0x1, '\x00', 0x1}, @in6=@rand_addr=' \x01\x00', 0x4e21, 0x7, 0x4e22, 0xfffa, 0x2, 0x20, 0xc0, 0x33, r1, r4}, {@in=@local, 0x4d6, 0x3c}, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, {0xc, 0x7, 0x8000000000000001, 0xaf1a, 0x3, 0x2, 0x3, 0x1c}, {0xc6, 0x3, 0x3ff, 0xd6}, {0x5, 0x1, 0x3}, 0x70bd26, 0x3504, 0x2, 0x2, 0x7, 0x80}}]}, 0x160}, 0x1, 0x0, 0x0, 0x844}, 0x4048040)
bind$xdp(r3, &(0x7f0000000b40)={0x2c, 0x2, r1, 0x2e}, 0x10)
r5 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000c40), 0x20880, 0x0)
r6 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000c80)={&(0x7f0000000c00)='mm_compaction_kcompactd_sleep\x00', r5, 0x0, 0x5}, 0x18)
r7 = fanotify_init(0x200, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
fanotify_mark(r7, 0x161, 0x40000867, r8, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000809, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000200)='./bus\x00', &(0x7f0000000b80), 0x204008, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000380)='./bus\x00', 0x322020, &(0x7f0000000140)=ANY=[], 0x1, 0x0, 0x0)
r9 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x143042, 0x80)
pwritev2(r9, &(0x7f0000000100)=[{&(0x7f0000000140)="ff", 0x1}], 0x1, 0x5405, 0x0, 0x0)
syz_genetlink_get_family_id$gtp(&(0x7f0000000d40), r3)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000f40)={@cgroup=r3, 0x37, 0x1, 0x5, &(0x7f0000000e40)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000ec0)=[0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0], <r10=>0x0}, 0x40)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000600)=ANY=[@ANYRES32=r1, @ANYRES32=r3, @ANYBLOB="0500000002000000252f3e825d03f8fc940ec1ff67b88210477043a3de4f3363b196785d7bad6b871b0f27dce024f84c636126e34131bafd0bde2f837f775ce2b634aed8d5511daef224055a729ca2e230ee46129ac44d4a302eeb19e130afea330f7aa50636d8ffd4a34ec5659e7646e571a44ed8a628d5cf7cc795599842d39fb83e4d4ae9679c2ec311913f375043fe44dce0ecccb16919b5f804c8a836e629aae8938aa5e686c307c516a4", @ANYRES32=r0, @ANYBLOB, @ANYRES32=r6, @ANYBLOB, @ANYRES64=r10], 0x20)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0xfffffffc}, 0x50)

9m55.148735333s ago: executing program 2 (id=1665):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000002c0)={0x0, <r0=>0x0})
ptrace(0x4208, r0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8)
ioctl$SOUND_MIXER_READ_VOLUME(0xffffffffffffffff, 0x81044d03, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x3a)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e24, 0xfffffffc, @local, 0x2}, 0x1c)
r3 = syz_open_procfs(0x0, &(0x7f0000000480)='uid_map\x00')
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x50)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, 0x0, &(0x7f0000000140))
ioctl$BLKGETSIZE64(0xffffffffffffffff, 0x80081272, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x2d, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
inotify_init1(0x800)
r5 = syz_open_dev$video(0x0, 0x2, 0x80000)
ioctl$VIDIOC_S_FMT(r5, 0xc0d05640, &(0x7f0000000180)={0xc, @pix={0x7, 0x0, 0x20343059, 0x7daaa475a089a0cb, 0xffffffff, 0x0, 0x5, 0x9, 0x0, 0x2, 0x0, 0x5}})
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, 0x0, 0x1)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x20, 0x0, @fd_index=0x5, 0x0, &(0x7f00000001c0)=[{0x0}], 0x1, 0x0, 0x1})
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)

9m54.593038931s ago: executing program 2 (id=1667):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000002c0)={0x0, <r0=>0x0})
ptrace(0x4208, r0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8)
ioctl$SOUND_MIXER_READ_VOLUME(0xffffffffffffffff, 0x81044d03, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x3a)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e24, 0xfffffffc, @local, 0x2}, 0x1c)
r3 = syz_open_procfs(0x0, &(0x7f0000000480)='uid_map\x00')
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x50)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) (fail_nth: 1)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, 0x0, &(0x7f0000000140))
ioctl$BLKGETSIZE64(0xffffffffffffffff, 0x80081272, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x2d, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
inotify_init1(0x800)
r5 = syz_open_dev$video(0x0, 0x2, 0x80000)
ioctl$VIDIOC_S_FMT(r5, 0xc0d05640, &(0x7f0000000180)={0xc, @pix={0x7, 0x0, 0x20343059, 0x7daaa475a089a0cb, 0xffffffff, 0x0, 0x5, 0x9, 0x0, 0x2, 0x0, 0x5}})
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, 0x0, 0x1)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x20, 0x0, @fd_index=0x5, 0x0, &(0x7f00000001c0)=[{0x0}], 0x1, 0x0, 0x1})
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)

9m53.976590821s ago: executing program 33 (id=1667):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000002c0)={0x0, <r0=>0x0})
ptrace(0x4208, r0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f000001b700)=""/102392, 0x18ff8)
ioctl$SOUND_MIXER_READ_VOLUME(0xffffffffffffffff, 0x81044d03, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x3a)
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x4e24, 0xfffffffc, @local, 0x2}, 0x1c)
r3 = syz_open_procfs(0x0, &(0x7f0000000480)='uid_map\x00')
bpf$MAP_CREATE(0x0, &(0x7f0000000380)=ANY=[], 0x50)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000000c0)=[@in6={0xa, 0x0, 0x0, @private2}]}, &(0x7f0000000180)=0x10) (fail_nth: 1)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r3, 0x84, 0x6, 0x0, &(0x7f0000000140))
ioctl$BLKGETSIZE64(0xffffffffffffffff, 0x80081272, 0x0)
ioctl$KVM_PRE_FAULT_MEMORY(r3, 0xc040aed5, &(0x7f0000000040))
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, 0x0, &(0x7f0000000780)='GPL\x00', 0xfffffffe, 0x0, 0x0, 0x41000, 0x1, '\x00', 0x0, @fallback=0x2d, r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x20000000}, 0x94)
socket$nl_generic(0x10, 0x3, 0x10)
inotify_init1(0x800)
r5 = syz_open_dev$video(0x0, 0x2, 0x80000)
ioctl$VIDIOC_S_FMT(r5, 0xc0d05640, &(0x7f0000000180)={0xc, @pix={0x7, 0x0, 0x20343059, 0x7daaa475a089a0cb, 0xffffffff, 0x0, 0x5, 0x9, 0x0, 0x2, 0x0, 0x5}})
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x16, 0x0, 0x1)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x20, 0x0, @fd_index=0x5, 0x0, &(0x7f00000001c0)=[{0x0}], 0x1, 0x0, 0x1})
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)

1m15.7090089s ago: executing program 6 (id=2843):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
mkdirat(0xffffffffffffff9c, 0x0, 0x20)
sched_setaffinity(0x0, 0xfffffffffffffd58, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x40440c4, 0x0, 0x0)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_lsm={0x18, 0x7, 0x0, &(0x7f00000000c0)='GPL\x00'}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r2, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001680)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeca, 0x10, 0x8, 0x0, 0x0}}, 0x10)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r4}, 0x18)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x63}]}, 0x10)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000c80)="e8", 0x6200, 0x12000000, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="58000000020601080000000000000000000000040900020073797a3100000000050004000000000011000300686173683a6e65742c6e6550df9312000c0007800800124000000002050005000a0000000500010006000000"], 0x58}}, 0x0)
sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000040601020000000000000000020000020500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4)
r6 = socket(0x10, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r6, 0x89f1, 0x0)

1m9.4169643s ago: executing program 6 (id=2849):
unshare(0x20000400)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)=@newtaction={0x64, 0x30, 0xffffffffffffffff, 0x0, 0x2000000, {}, [{0x50, 0x1, [@m_bpf={0x4c, 0x1, 0x0, 0x0, {{0x8}, {0x24, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x1}}, @TCA_ACT_BPF_FD={0x8}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)

1m9.204933899s ago: executing program 6 (id=2851):
sched_setscheduler(0x0, 0x1, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a00000500060000000000080001000000000018002580140004004d2906d0880fc8acc30fe2020f984967500002"], 0x270}, 0x1, 0x0, 0x0, 0x8015}, 0x4)
syz_io_uring_setup(0x111, &(0x7f00000000c0)={0x0, 0x24ad, 0x10000, 0x1, 0x1de}, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000000000), 0x400000000000235, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x432, @loopback, 0xb}, 0x1c)
setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000040)=ANY=[], 0x40)
sendto$inet6(0xffffffffffffffff, &(0x7f0000000080)="800037bb", 0x4, 0x0, 0x0, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$bt_l2cap_L2CAP_OPTIONS(r3, 0x6, 0x1, 0x0, 0x0)
r4 = syz_open_dev$usbfs(&(0x7f0000000000), 0x12, 0x141341)
mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x5)
lseek(r4, 0x5, 0x2)
r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2)
ioctl$VIDIOC_S_INPUT(r5, 0xc0045627, &(0x7f0000000100)=0x3)
ioctl$VIDIOC_SUBDEV_S_DV_TIMINGS(r5, 0xc0845657, &(0x7f0000000040)={0x0, @bt={0xa00, 0x63c, 0x1, 0x3, 0xd59f83, 0x19f5, 0x79eb, 0x7, 0x3, 0x6, 0x82800, 0x2800, 0x7da6, 0xba2, 0x5, 0x2a, {0x8, 0x200}, 0xd0, 0x29}})
ioctl$USBDEVFS_BULK(r4, 0xc0185502, &(0x7f0000000100)={{{0x1, 0x1}}, 0x3f00, 0x4, 0x0})

1m8.381911918s ago: executing program 6 (id=2856):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
unshare(0x2c060000)
unshare(0x24020400)
symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00')
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0/..\x00', &(0x7f0000000080)={0x200000, 0x0, 0x10}, 0x18)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', 0xffffffffffffffff, 0x0, 0xa}, 0x18)
sched_rr_get_interval(r0, &(0x7f00000000c0))
openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16])
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703000000feffff720a00fef8ffffff71a400fe0000000071101000000000001d300200000000004704000001ed030407030000060000001d440000000000006b0a20fe0000000072030000000a0000e500f9ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616276fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a26048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdec86f9b1eb93d491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f806694d461b76a58d88cf0f520310a1e80dc18cde9ad662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a090f3b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c91024cf7112623"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)

1m7.246884343s ago: executing program 6 (id=2857):
mknodat(0xffffffffffffffff, &(0x7f00000003c0)='./file1\x00', 0x8, 0x103)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000004c0)='./file0/file0\x00', 0xe4080, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x6001, &(0x7f0000000900)={[{@workdir={'workdir', 0x3d, './file0/file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@redirect_dir_nofollow}, {@userxattr}], [{@obj_type={'obj_type', 0x3d, 'workdir'}}, {@pcr={'pcr', 0x3d, 0x7}}, {@obj_role={'obj_role', 0x3d, 'lowerdir'}}, {@audit}, {@dont_appraise}, {@uid_gt}]})
setxattr$security_capability(&(0x7f0000000240)='./file0/file1\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)
syz_mount_image$erofs(&(0x7f00000002c0), &(0x7f0000000140)='./file0\x00', 0x1040863, &(0x7f0000000080)=ANY=[@ANYRES16=0x0, @ANYRESDEC, @ANYRESOCT, @ANYRES32], 0x0, 0x1cd, &(0x7f0000000640)="$eJzsmT2vEkEUht+Z3QvcG2NiY2GjiTfxmsCyu6ihscBfYAJ+dRJZCbqAgS2AxILY2Pgz/AsWVBZ2drZaqImJhZTWa2Y4sCPfRIkm9zwJs+/snPk4ZzdvwYJhmFPL1y8/P7+6VaxkAZzBMdJ0/7uVxEgj/lOGxMfX71pnn4/m1xMA4nj7/W0Ab0sWIurH8e+zj+lagZzpO5C4SvoeBBzSDyFxl3QAgQeknxi6fUgiDJxH7bD2uBEGrmo81fiqKcyfbzwUqAHI0PmEMd7tD55WwzDozIuDeLrPwtCuYkP97HFJ4qZRP/W87r98MVT9aW1co34eJDzSBQiUSReRhuM4SUmM/C/YyfrWNvn/D+Jcbl1M9m/uReXBv06ZxWYhjDuHSgjzwZ0fj94vzvq2z4Nd2m/KIM9eGPpw9Gcrp+ilXxqT+Key3CuGP9mwZ/6Rj5rP8t3+INdoVutBPWj5fuGGe811r/t5bUSTdo3/ZbQ/HRnrH6yITYkUetUo6ng9IOp4s74/aQ3HLb9p/9BzpPY/iZPLkzXUq6LTTi/fQ9BP6qtSJ9bKwzMMwzAMwzAMwzAMwzAMw+zERQj9Lyh9qIpX4N/W0b8CAAD//0drYWQ=")
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a0000000200"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r0, 0x0, 0x0, 0x80800)
sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002f00)=@delchain={0x24, 0x65, 0x200, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xd, 0xb}, {0xd, 0x7}, {0xfff1, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0xc050)
recvmsg$can_raw(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000ac0)=""/4096, 0x1000}], 0x1}, 0x40)

1m6.143000832s ago: executing program 6 (id=2860):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
mkdirat(0xffffffffffffff9c, 0x0, 0x20)
sched_setaffinity(0x0, 0xfffffffffffffd58, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x40440c4, 0x0, 0x0)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_lsm={0x18, 0x7, 0x0, &(0x7f00000000c0)='GPL\x00'}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r2, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001680)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeca, 0x10, 0x8, 0x0, 0x0}}, 0x10)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r4}, 0x18)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x63}]}, 0x10)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000c80)="e8", 0x6200, 0x12000000, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="58000000020601080000000000000000000000040900020073797a3100000000050004000000000011000300686173683a6e65742c6e6550df9312000c0007800800124000000002050005000a0000000500010006000000"], 0x58}}, 0x0)
sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000040601020000000000000000020000020500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4)
r6 = socket(0x10, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r6, 0x89f1, 0x0)

51.903749629s ago: executing program 34 (id=2860):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
mkdirat(0xffffffffffffff9c, 0x0, 0x20)
sched_setaffinity(0x0, 0xfffffffffffffd58, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x40440c4, 0x0, 0x0)
r2 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_lsm={0x18, 0x7, 0x0, &(0x7f00000000c0)='GPL\x00'}, 0x94)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={r2, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001680)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffeca, 0x10, 0x8, 0x0, 0x0}}, 0x10)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008fd8850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kmem_cache_free\x00', r4}, 0x18)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x63}]}, 0x10)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000c80)="e8", 0x6200, 0x12000000, 0x0, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="58000000020601080000000000000000000000040900020073797a3100000000050004000000000011000300686173683a6e65742c6e6550df9312000c0007800800124000000002050005000a0000000500010006000000"], 0x58}}, 0x0)
sendmsg$IPSET_CMD_FLUSH(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c000000040601020000000000000000020000020500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4)
r6 = socket(0x10, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r6, 0x89f1, 0x0)

40.435534434s ago: executing program 4 (id=2912):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x40, 0x16, 0xa, 0x1, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x14, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x6}]}]}, @NFT_MSG_DELFLOWTABLE={0x2c, 0x18, 0xa, 0x120, 0xb00, 0x0, {0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}]}], {0x14, 0x10}}, 0xb4}}, 0x0)

40.209144251s ago: executing program 4 (id=2914):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000300)=[@in={0x2, 0x4e24, @rand_addr=0x64010101}]}, &(0x7f0000000180)=0x10)
unshare(0x22020400)
r1 = socket(0x1d, 0x2, 0x6)
bind$llc(r1, &(0x7f0000000480)={0x1a, 0x30a, 0x5, 0x9e, 0x7, 0xa}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0xc, 0x4, 0x4, 0x9, 0x0, r2}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xd, 0x6, 0x4, 0x1, 0x1, r3, 0xfffffffc}, 0x63)
setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f00000000c0), 0x4)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000200)={0x1, [<r4=>0x0]}, &(0x7f0000000080)=0x8)
r5 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x2002)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
readv(r5, &(0x7f00000000c0)=[{&(0x7f0000001000)=""/4096, 0x1000}], 0x1)
write$evdev(r5, &(0x7f0000000040)=[{{}, 0x0, 0x2}], 0x37)
getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f00000005c0)={r4, 0x10, "cec67c8aaa16174c386cd6344a2ce7d1"}, &(0x7f0000000340)=0x18)

38.54084089s ago: executing program 4 (id=2918):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, @in6={0xa, 0x4e23, 0x7fff, @remote, 0x2}, @in={0x2, 0x4e20, @empty}], 0x3c)
r1 = socket$can_raw(0x1d, 0x3, 0x1)
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$inet_int(r2, 0x0, 0x31, &(0x7f0000007180), 0x3)
setsockopt$CAN_RAW_FILTER(r1, 0x65, 0x1, &(0x7f0000000140)=[{{0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}, {{0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x1}}], 0x10)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
sched_setscheduler(r3, 0x73685a6e1043495d, &(0x7f0000000000)=0x7)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x84}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
socket$nl_netfilter(0x10, 0x3, 0xc)
r8 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r8, &(0x7f00000002c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5", 0x4)

37.54626068s ago: executing program 4 (id=2919):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socket$can_j1939(0x1d, 0x2, 0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r2)
ptrace$getregset(0x4204, r2, 0x2, &(0x7f0000000740)={0x0})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x0, 0x0, &(0x7f0000000080)='GPL\x00', 0xa, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x101}, 0x10}, 0x94)
r5 = socket$inet6_udplite(0xa, 0x2, 0x88)
sigaltstack(&(0x7f0000001000)={&(0x7f0000000000)=""/4088, 0x0, 0xff54}, 0x0)
sigaltstack(0x0, &(0x7f0000001280)={0x0})
ioctl$sock_inet6_SIOCDELRT(r5, 0x890c, &(0x7f0000000640)={@remote, @dev={0xfe, 0x80, '\x00', 0x10}, @empty, 0x9, 0x3f, 0x8000, 0x100, 0x0, 0x110227})
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20040768, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto(r0, &(0x7f0000000780)="7057dacba22e", 0x6, 0x24000011, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000700)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba1e9bb7ec30de54e3d82d4e023f9a336ec7e55fefd0d3c8f30eea40e40a6e32d6873837bb90f2fafc91", 0xffffffffffffff29, 0x80, 0x0, 0x0)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000001240)=@base={0x12, 0x4, 0x8, 0x1}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000012c0)={0xe, 0xe, &(0x7f0000001440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000001800000000000000000000000000000095"], &(0x7f0000000200)='syzkaller\x00', 0x6, 0xff2, &(0x7f0000000240)=""/4082}, 0x94)

36.474849176s ago: executing program 4 (id=2921):
r0 = io_uring_setup(0x3185, &(0x7f0000000100)={0x0, 0x134e, 0x40, 0x3, 0x3f})
syz_io_uring_setup(0x7388, &(0x7f0000000240)={0x0, 0x87c9, 0x1000, 0x0, 0x79, 0x0, r0}, &(0x7f0000000180), &(0x7f00000002c0))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x4, &(0x7f00000001c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xa2}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[], 0x18}}, 0x400c0)
syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
recvmmsg(r1, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x2b, 0x0}, 0x10003}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f0000000780)=""/260, 0x104}, {&(0x7f0000000000)=""/32, 0x20}, {&(0x7f0000002900)=""/4103, 0x1007}, {&(0x7f00000017c0)=""/220, 0xdc}, {&(0x7f0000000f40)=""/218, 0xda}, {&(0x7f00000005c0)=""/146, 0x92}, {&(0x7f0000000400)=""/123, 0x7b}], 0x7}, 0x80000002}], 0x4, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x40030, r0, 0x0)

32.628812699s ago: executing program 4 (id=2929):
syz_usb_connect(0x3, 0x2d, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
execve(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0)
ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000010c0)=""/49)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r4, 0x0)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(r5, 0x89b0, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000000)={@empty}})

13.7579483s ago: executing program 5 (id=2978):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0x10, &(0x7f0000000300)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb}, 0x94)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3, 0x1}, 0x18, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000180), 0xfea7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x202, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r6, 0x4068aea3, &(0x7f0000000240)={0xc1, 0x0, 0x3})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
connect$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e23, 0x802c, @mcast2, 0x5}, 0x1c)
r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000007580), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16, @ANYBLOB="2d01620000000900509072fb60cb08000300"], 0x2c}}, 0x0)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000007680)={0x0, 0x0, &(0x7f0000007640)={&(0x7f0000000000)=ANY=[@ANYBLOB="46040000", @ANYRES16=r8, @ANYBLOB="ff830500000700ffffff", @ANYRES8=r2], 0x4}}, 0x0)
sendfile(r7, r3, 0x0, 0x100000000)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000880)={0x14, 0x3a, 0x229, 0x0, 0x0, {0x2}}, 0x14}}, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r1, 0xfffff000, 0xe, 0x0, &(0x7f0000000000)="619ff1e3c70400d5721ff59fe864", 0x0, 0x0, 0x7000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

12.972792985s ago: executing program 7 (id=2981):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
close(0x3)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$inet(0x2, 0x2, 0x1)
bind$inet(r5, &(0x7f0000000000)={0x2, 0x6e24, @empty}, 0x10)
flock(0xffffffffffffffff, 0x2)
ioctl$NBD_SET_SOCK(0xffffffffffffffff, 0xab00, 0xffffffffffffffff)
socket$inet(0x2, 0x2, 0x1)
setsockopt$sock_int(r5, 0x1, 0x2, &(0x7f0000000080), 0x4)
r6 = socket(0x2, 0x2, 0x1)
bind$unix(r6, 0x0, 0x0)
inotify_init()
r7 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f00000000c0)={'veth0_to_batadv\x00', &(0x7f0000000280)=@ethtool_pauseparam={0x13, 0xa4e, 0x9, 0xffffffff}})
ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_cmd={0x2c, 0x4, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}})
ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x8914, &(0x7f0000000040)={'veth0_to_team\x00', 0x800})
io_uring_register$IORING_REGISTER_PBUF_RING(0xffffffffffffffff, 0x22, &(0x7f0000000380)={0x0}, 0x1)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000001a40)=[@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x12}}, @in={0x2, 0x0, @dev}, @in={0x2, 0x0, @local}, @in={0x2, 0x0, @multicast1}], 0x40)
sendto$inet(r0, &(0x7f0000000300)="faab32", 0x3, 0x44054, &(0x7f0000000100)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x14}}, 0x10)

12.966832361s ago: executing program 5 (id=2982):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8)
setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f00000000c0)={0x1, [0x3]}, 0x6)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000000000010ac05310240000102030109022400010100000009040000000321020009"], 0x0)

11.052701599s ago: executing program 5 (id=2986):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000840)={0x18, 0x3, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x39}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000009780)={0x2020}, 0x2020)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
timer_create(0x0, 0x0, &(0x7f0000bbdffc))
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x2208004, 0x0)
sched_getattr(0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
mount$cgroup(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f00000001c0), 0x2010042, &(0x7f0000000000)={[{@subsystem='hugetlb'}, {@subsystem='memory'}, {@subsystem='cpuacct'}, {@xattr}]})
mount(0x0, &(0x7f00000000c0)='./cgroup\x00', 0x0, 0x40078, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$HCIINQUIRY(r3, 0x400448ca, 0x0)
sendto$inet(0xffffffffffffffff, &(0x7f0000000040)="e5", 0xffffffe4, 0x0, 0x0, 0x0)
unshare(0x40020000)
openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002040), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000002080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='L\x00\x00', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00'])

10.329901494s ago: executing program 0 (id=2987):
r0 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r0, 0x7cb, 0x0)
openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, 0x0, 0x0)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$sock(r7, &(0x7f0000000cc0)=[{{&(0x7f0000000100)=@nfc_llcp={0x27, 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x4, "b0d5b301d1f8337291bd9c59c55dc059097d659cfe0320cadd0901cd3b14689e1c77bcf683e35c68f0455930ab19ce80052e1b4d478fc7c371bd292e05a810", 0x3a}, 0x80, 0x0}}], 0x1, 0x48094)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x2, 0x8, 0x0, 0x3}, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f0000000780)={0x2, {{0xa, 0x4e22, 0x1, @mcast2}}}, 0x90)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

10.32914896s ago: executing program 7 (id=2988):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x6d, &(0x7f0000000400)={0x0, 0x1c, "c7b238f5b621fd3802842b6557fc6a38cb1d2a389e9b8faa383e5841"}, &(0x7f00000004c0)=0x24)

10.192800582s ago: executing program 7 (id=2989):
sendmsg$AUDIT_USER(0xffffffffffffffff, 0x0, 0x4000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f00000018c0)=""/102400, 0x19000)
socket(0x2, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000006c0)=@newchain={0x24, 0x64, 0x200, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0x8, 0x9}, {0x8, 0x7}, {0xe, 0xfff1}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=@newtaction={0x64, 0x30, 0x1, 0x0, 0x25dfdbf9, {}, [{0x50, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x4, 0x0, 0x7}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0)
landlock_create_ruleset(&(0x7f0000000040)={0x8201, 0x3}, 0x18, 0x0)
syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x0, &(0x7f0000000340)={[{@usrquota}]})
r1 = openat(0xffffffffffffff9c, 0x0, 0x351142, 0x1cd)
quotactl_fd$Q_GETQUOTA(r1, 0xffffffff80000701, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)={0x34, r3, 0x1, 0x0, 0x0, {0x7}, [@ETHTOOL_A_LINKMODES_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x34}}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r5=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001800)={0x6, 0x3, &(0x7f00000006c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}}, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r5}, 0x94)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={&(0x7f0000000000)={0x4c, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x44}, [@nested={0x38, 0xe, 0x0, 0x1, [@nested={0x34, 0x151, 0x0, 0x1, [@typed={0xc, 0x120, 0x0, 0x0, @u64}, @generic="1a68a05c264ea8272f8444b4f5333a24baa53ca02def59ea2d799f9d6db9aa3515d38a4b"]}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000)

8.66196414s ago: executing program 3 (id=2990):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1200000005000000080000000900000000000000", @ANYRES32, @ANYBLOB="000000000000d3a20000000000003500000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/14], 0x50)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x5000, 0x1000, &(0x7f0000b0f000/0x1000)=nil})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000008850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r3}, 0x10)
r4 = signalfd4(0xffffffffffffffff, &(0x7f0000000180)={[0x4000000000]}, 0x8, 0x0)
faccessat2(r4, &(0x7f0000000040)='\x00', 0x2, 0x1200)
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0)
ioctl$KVM_SET_FPU(r2, 0x41a0ae8d, &(0x7f0000000240)={'\x00', 0x4, 0x9, 0x99, 0x0, 0x0, 0x10000, 0x2, '\x00', 0xc94})
setrlimit(0xf, &(0x7f0000000440)={0x3, 0x2})
ioctl$KVM_RUN(r5, 0xae80, 0x0)

8.509946233s ago: executing program 0 (id=2991):
openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)={0x90, r1, 0x1, 0x70bd2c, 0xfffffffd, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x2}, @NLBL_CIPSOV4_A_MLSCATLST={0x6c, 0xc, 0x0, 0x1, [{0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x49001082}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x1378627a}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2b168f3c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x41a1ede6}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x5cbc}]}, {0x3c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x6c912164}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x30b63c73}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x280bd4dd}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x472668e2}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x43ea9ace}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x344a9267}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x177bf8c2}]}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}]}, 0x90}}, 0x0)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000240)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x14, 0x14, 0x6, [@enum={0x0, 0x1, 0x0, 0x6, 0x4, [{0x1, 0xa}]}]}, {0x0, [0x61, 0x0, 0x0, 0x61]}}, &(0x7f00000000c0)=""/158, 0x32, 0x9e, 0x1}, 0x28)
openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x1000008, 0x4000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(r2, 0xc0286405, &(0x7f0000000000)={0x4, 0x400, {<r3=>0xffffffffffffffff}, {0xffffffffffffffff}, 0x7, 0xb})
process_vm_readv(r3, &(0x7f00000009c0)=[{&(0x7f0000000300)=""/184, 0xb8}, {&(0x7f0000000500)=""/222, 0xde}, {&(0x7f0000000600)=""/132, 0x84}, {&(0x7f00000006c0)=""/171, 0xab}, {&(0x7f0000000780)}, {&(0x7f00000007c0)=""/81, 0x51}, {&(0x7f0000000900)=""/167, 0xa7}, {&(0x7f0000000840)=""/10, 0xa}, {&(0x7f0000000880)=""/41, 0x29}], 0x9, &(0x7f0000000c40)=[{&(0x7f0000000a80)=""/171, 0xab}, {&(0x7f0000000b40)=""/229, 0xe5}], 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = socket$kcm(0x1e, 0x5, 0x0)
recvmsg(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f00000000c0)=""/217, 0xd9}], 0x1}, 0x40002022)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000c80)=@newlink={0x4c, 0x10, 0x1, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2180}, [@IFLA_IFNAME={0x14, 0x3, 'wlan0\x00'}, @IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN={0x10, 0x2, {0xffffffff, 0xec5, 0x1}}]}]}]}, 0x4c}}, 0x0)

7.764845566s ago: executing program 3 (id=2992):
syz_usb_connect(0x3, 0x2d, 0x0, 0x0)
socket$alg(0x26, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
execve(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0)
ioctl$EVIOCGKEYCODE(0xffffffffffffffff, 0x80084504, &(0x7f00000010c0)=""/49)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r4, 0x0)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCADD6RD(r5, 0x89b0, &(0x7f0000000040)={'sit0\x00', &(0x7f0000000000)={@empty}})

6.671681902s ago: executing program 5 (id=2993):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_SB_PORT_POOL_GET(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000005c0)={0x4c, r2, 0x1, 0x0, 0x0, {0x4e}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xab}}, {0x8}, {0x6}}]}, 0x4c}}, 0x0)
ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000340)={{0x2, 0x4e23, @empty}, {0x0, @link_local}, 0xa, {0x2, 0x0, @multicast2}, 'lo\x00'})
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
setreuid(0xee01, 0xee01)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a})

6.663793531s ago: executing program 0 (id=2994):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[], 0xa0}}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'geneve0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="5800000010000300"/20, @ANYRES32=r2, @ANYBLOB="00000000000000001c0012800b00010067656e65766500000c00028005000c00010000001c001a8018000a80140007"], 0x58}, 0x1, 0x2}, 0x0)
sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) (fail_nth: 9)

6.165392907s ago: executing program 0 (id=2995):
ioperm(0x0, 0x2, 0x7e)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYRESOCT=r0, @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r5 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x2081)
ioctl$SNDRV_PCM_IOCTL_TTSTAMP(r5, 0x40044103, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
symlink(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f0000000000)='./file0\x00')
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
socket$kcm(0x2, 0x1, 0x84)
recvmmsg$unix(r3, &(0x7f0000005380)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000003c0)=""/118, 0x76}, {&(0x7f0000000440)=""/212, 0xd4}, {&(0x7f0000000040)=""/27, 0x1b}], 0x3, &(0x7f0000000740)}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000009c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x10}}], 0x88}}, {{&(0x7f0000000a80), 0x6e, 0x0, 0x0, &(0x7f0000000ec0)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x10}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0xd8}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f00000016c0)=""/200, 0xc8}], 0x1}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000056c0), 0x0, &(0x7f0000001e00)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x10}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xf8}}, {{&(0x7f0000001f40), 0x6e, &(0x7f0000001fc0)=[{&(0x7f0000004040)=""/4096, 0x1000}, {&(0x7f0000005040)=""/183, 0xb7}, {&(0x7f0000005100)=""/135, 0x87}, {&(0x7f00000051c0)=""/202, 0xca}, {&(0x7f00000052c0)=""/142, 0x8e}], 0x5}}], 0x8, 0x10062, &(0x7f0000001d80)={0x0, 0x989680})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ipvlan1\x00', <r6=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x1, r6, 0x1, 0x8}, 0x14)
openat$ptp0(0xffffffffffffff9c, &(0x7f00000001c0), 0x840, 0x0)

6.012873168s ago: executing program 5 (id=2996):
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000005c0)={[{@barrier_val={'barrier', 0x3d, 0x101}}, {@errors_remount}]}, 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==")
prctl$PR_GET_CHILD_SUBREAPER(0x25)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000140)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x4, 0x7fff7ffc}]})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
mount_setattr(r0, &(0x7f0000001d80)='.\x00', 0x8100, &(0x7f0000006100)={0x83, 0x2}, 0x20)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x800, 0x0, 0x103, 0x1}, 0x20)
setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x80000, @dev={0xfe, 0x80, '\x00', 0x13}, 0x101}, 0x1c)
rename(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./bus\x00')
syz_usb_connect(0x5, 0x6d, &(0x7f00000005c0)=ANY=[@ANYBLOB="1201410190791e206d04f0081b5e01020301090245c6c2147ff627455b0001010310000904cc07000101b500052406000005240001000d240f019300000001800f20080c241bff030fce0102010001052401000104240202052406000105240004000d240f01060000000e0000"], 0x0)
r2 = shmget(0x2, 0x2000, 0x200, &(0x7f0000ffc000/0x2000)=nil)
shmctl$IPC_INFO(r2, 0x3, &(0x7f0000000100)=""/23)
r3 = semget(0x3, 0x3, 0x695)
semtimedop(r3, &(0x7f0000000280)=[{0x0, 0x7, 0x3800}], 0x1, 0x0)
semop(r3, &(0x7f0000000040)=[{0x1, 0x0, 0x1800}], 0x12)
semop(0x0, &(0x7f0000000080)=[{0x1, 0x8001, 0x1000}], 0x1)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r4=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r4, 0x8b26, &(0x7f0000000000)={'wlan1\x00'})

5.076724502s ago: executing program 0 (id=2997):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000c18000), 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x3, 0x300)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'lo\x00', <r5=>0x0})
getpeername$packet(r3, &(0x7f0000000280), &(0x7f00000002c0)=0x14)
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x40000, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x6, 0x9, 0x80, 0x0, 0xffffffff, 0x91b1}}}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000400}, 0x0)
r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0)
r7 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/tcp_sack\x00', 0x1, 0x0)
sendfile(r7, r6, 0x0, 0x100000500)
r8 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r8, &(0x7f0000000080)={0x2, 0x4e21, @multicast2}, 0x10)
connect$inet(r8, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r8, &(0x7f0000000000), 0xffffffffffffff94, 0x400000000000000, 0x0, 0x0)
recvfrom$inet(r8, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x720, 0x0, 0xfffffffffffffd25)
pwritev(0xffffffffffffffff, &(0x7f0000000240)=[{&(0x7f0000000400)="84f7a14071fd3740e41d8d615944261b55c84a73abae3b172b62650707ed26e0992d40a63b1e00928343776d0f064ae1e154fe9c9b30b24d943305922d254c6b2b23fd347d1be73f51942df38f46e658365ba942d892818a8947885a7155d394498461872ddb8c7ae6f5d8ecb0dbd293d93bb9bbf1da1febf42d9a14a4ef1bb4b1327807ad", 0x85}], 0x1, 0xfffff801, 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0x4020ae46, &(0x7f0000000080)={0x0, 0x3, 0x0, 0x3d70000000, &(0x7f0000ffe000/0x2000)=nil})

4.828372706s ago: executing program 7 (id=2998):
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f0000000400)={0x0, 0x1c, "c7b238f5b621fd3802842b6557fc6a38cb1d2a389e9b8faa383e5841"}, &(0x7f00000004c0)=0x24)

4.672766581s ago: executing program 7 (id=2999):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r0, 0x7cb, 0x0)
openat$vim2m(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, 0x0, 0x0)
r6 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r7 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$sock(r7, &(0x7f0000000cc0)=[{{&(0x7f0000000100)=@nfc_llcp={0x27, 0x0, 0xffffffffffffffff, 0x5, 0x3, 0x4, "b0d5b301d1f8337291bd9c59c55dc059097d659cfe0320cadd0901cd3b14689e1c77bcf683e35c68f0455930ab19ce80052e1b4d478fc7c371bd292e05a810", 0x3a}, 0x80, 0x0}}], 0x1, 0x48094)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x2, 0x8, 0x0, 0x3}, 0x0)
setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f0000000780)={0x2, {{0xa, 0x4e22, 0x1, @mcast2}}}, 0x90)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
read$msr(0xffffffffffffffff, 0x0, 0x0)

3.995875073s ago: executing program 3 (id=3000):
mknodat(0xffffffffffffffff, &(0x7f00000003c0)='./file1\x00', 0x8, 0x103)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000004c0)='./file0/file0\x00', 0xe4080, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x6001, &(0x7f0000000900)={[{@workdir={'workdir', 0x3d, './file0/file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@redirect_dir_nofollow}, {@userxattr}], [{@obj_type={'obj_type', 0x3d, 'workdir'}}, {@pcr={'pcr', 0x3d, 0x7}}, {@obj_role={'obj_role', 0x3d, 'lowerdir'}}, {@audit}, {@dont_appraise}, {@uid_gt}]})
setxattr$security_capability(&(0x7f0000000240)='./file0/file1\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)
syz_mount_image$erofs(&(0x7f00000002c0), &(0x7f0000000140)='./file0\x00', 0x1040863, &(0x7f0000000080)=ANY=[@ANYRES16=0x0, @ANYRESDEC, @ANYRESOCT, @ANYRES32], 0x0, 0x1cd, &(0x7f0000000640)="$eJzsmT2vEkEUht+Z3QvcG2NiY2GjiTfxmsCyu6ihscBfYAJ+dRJZCbqAgS2AxILY2Pgz/AsWVBZ2drZaqImJhZTWa2Y4sCPfRIkm9zwJs+/snPk4ZzdvwYJhmFPL1y8/P7+6VaxkAZzBMdJ0/7uVxEgj/lOGxMfX71pnn4/m1xMA4nj7/W0Ab0sWIurH8e+zj+lagZzpO5C4SvoeBBzSDyFxl3QAgQeknxi6fUgiDJxH7bD2uBEGrmo81fiqKcyfbzwUqAHI0PmEMd7tD55WwzDozIuDeLrPwtCuYkP97HFJ4qZRP/W87r98MVT9aW1co34eJDzSBQiUSReRhuM4SUmM/C/YyfrWNvn/D+Jcbl1M9m/uReXBv06ZxWYhjDuHSgjzwZ0fj94vzvq2z4Nd2m/KIM9eGPpw9Gcrp+ilXxqT+Key3CuGP9mwZ/6Rj5rP8t3+INdoVutBPWj5fuGGe811r/t5bUSTdo3/ZbQ/HRnrH6yITYkUetUo6ng9IOp4s74/aQ3HLb9p/9BzpPY/iZPLkzXUq6LTTi/fQ9BP6qtSJ9bKwzMMwzAMwzAMwzAMwzAMw+zERQj9Lyh9qIpX4N/W0b8CAAD//0drYWQ=")
bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a0000000200"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000540)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58)
openat2$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000300)={0x200000, 0x1, 0x9}, 0x18)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x18)
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r4 = accept4(r0, 0x0, 0x0, 0x80800)
sendmsg$nl_route_sched(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000002f00)=@delchain={0x24, 0x65, 0x200, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, {0xd, 0xb}, {0xd, 0x7}, {0xfff1, 0xd}}}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0xc050)
recvmsg$can_raw(r4, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000ac0)=""/4096, 0x1000}], 0x1}, 0x40)

2.162608042s ago: executing program 3 (id=3001):
ioperm(0x0, 0x2, 0x7e)
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYRESOCT=r0, @ANYRES32, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r5 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x2081)
ioctl$SNDRV_PCM_IOCTL_TTSTAMP(r5, 0x40044103, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, r4}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x81c0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0)
symlink(&(0x7f0000002040)='./file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f0000000000)='./file0\x00')
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0)
socket$kcm(0x2, 0x1, 0x84)
recvmmsg$unix(r3, &(0x7f0000005380)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000003c0)=""/118, 0x76}, {&(0x7f0000000440)=""/212, 0xd4}, {&(0x7f0000000040)=""/27, 0x1b}], 0x3, &(0x7f0000000740)}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000009c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x10}}], 0x88}}, {{&(0x7f0000000a80), 0x6e, 0x0, 0x0, &(0x7f0000000ec0)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x10}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0xd8}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f00000016c0)=""/200, 0xc8}], 0x1}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000056c0), 0x0, &(0x7f0000001e00)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x10}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xf8}}, {{&(0x7f0000001f40), 0x6e, &(0x7f0000001fc0)=[{&(0x7f0000004040)=""/4096, 0x1000}, {&(0x7f0000005040)=""/183, 0xb7}, {&(0x7f0000005100)=""/135, 0x87}, {&(0x7f00000051c0)=""/202, 0xca}, {&(0x7f00000052c0)=""/142, 0x8e}], 0x5}}], 0x8, 0x10062, &(0x7f0000001d80)={0x0, 0x989680})
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'ipvlan1\x00', <r6=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x1, r6, 0x1, 0x8}, 0x14)
openat$ptp0(0xffffffffffffff9c, &(0x7f00000001c0), 0x840, 0x0)

2.095303622s ago: executing program 7 (id=3002):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x10, 0x16, 0x0, 0x0, 0x5}, 0x94)
timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
r0 = semget$private(0x0, 0x7, 0x191)
semtimedop(r0, &(0x7f0000000200)=[{0x4, 0xffff, 0x2000}, {0x3, 0x3, 0x1800}], 0x2, 0x0)
semop(r0, &(0x7f0000000180)=[{0x2, 0x2, 0x800}], 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x0)
mount(0x0, 0x0, 0x0, 0x1214040, 0x0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0x0)
write$P9_RREADDIR(0xffffffffffffffff, &(0x7f00000000c0)={0x2a, 0x29, 0x1, {0x4, [{{0x20, 0x3, 0x8}, 0x5, 0x0, 0x7, './file0'}]}}, 0x2a)
getdents64(r1, &(0x7f0000000500)=""/179, 0xb3)
semop(r0, &(0x7f0000000140)=[{0x2, 0xce97, 0x800}, {0x1, 0x5, 0x1000}], 0x2)
semctl$GETZCNT(r0, 0x0, 0xf, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'syz_tun\x00', <r4=>0x0})
bind$packet(r2, &(0x7f0000000300)={0x11, 0x63dcbf62d8600606, r4, 0x1, 0x8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x32}}, 0x14)
setsockopt$packet_add_memb(r2, 0x107, 0x1, &(0x7f00000001c0)={r4, 0x1, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x10)
bind$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x7, r4}, 0x14)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f5, &(0x7f0000000480)={'gretap0\x00', 0x0})
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000340)={'syz_tun\x00'})
socket(0x2a, 0x2, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000e2790000000001200009014c030109021200010000000009040000004d2f9c00c49ece4f1dfd7a0bbadb8043b7c4491d2bacc5232c3da92cee05ae993c53b58f227b1184dfb6247771"], 0x0)
getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000001000)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x0)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000006a00)=@newtfilter={0x38, 0x2c, 0x605, 0x70bd2a, 0x3, {0x0, 0x0, 0x0, r7, {0x0, 0x4}, {}, {0x5, 0x2}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}}, 0x20004084)
socket$kcm(0x29, 0x7, 0x0)

1.072903803s ago: executing program 3 (id=3003):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[], 0x54}, 0x1, 0x0, 0x0, 0x48004}, 0x20000000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs={0x0, 0x0, 0x40}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f00000003c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000b40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$TIPC_NL_KEY_SET(r4, &(0x7f0000000100)={0x0, 0x500, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r5, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x2, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x40000)

736.564132ms ago: executing program 5 (id=3004):
syz_open_dev$ttys(0xc, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x9, 0x6, 0xdd}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0xe, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r4}, 0x10)
memfd_create(&(0x7f0000000d00)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93<u\xbe\xeag\xd2\x04e\xf2s\xde}o#\x90\xda\x9cs,r\xfd:\xcb\xc7\vTmPZJ\xac\x8b\xd0\xc0\xbcRK\xcb\x1e8\xce\xbd[N\xb0\xb4<\xeb\x86[\xec\x8f\x14\n\x83\x9e&\\\xb7!\xed\xa0\xc3,\x90m\x0f\x00\x00\x00\x00\x00\x00\xff\xd0\xb3\x94\x00\x00\x00\x00\x00\x00\x00\x9dH\xf8\xffRo\xa3W\xe1\xed\x8eS\xaeX\x93\x7f\xd3\xb9\x84Q\x9c\"\xd9\xf5\xe4e\xf9\xcam\xe3\x03\xe4\xad\xd5&A\x02\xc8\xa9\xfe\xcb\x87\xd9\xd3\x8c\f\xc08T~\xc4\xbd\x90?\x1f\x9c\x9b0\x19 \x9f\xd1p`\xc0/\x00u\x19\x1d\xac\xe8%\xb7\t\x9f4\xbb\x89\xe9\xc1\x81\xb0\xd6\xf7\x90\x1f\x94\x01M.\x16\x05\x16\xb9\xe9\xdc~\xd3-s\xe6;\x94\x1c^\x06\xdav;\xccD\x95sj\xe0\xd5\xbeS\xac\xe5N\xea\x9eyl[[\xce5\xee\x05\x9c\x96\xabJ^c\xf7\x19\xb4\xd8\xe4\x87\x9dp\xea?/\xcb\x9a\xaa5\'Q\fuG\x81\x8a@\x97M=v\xfe\a\xabp\xf3\x93\x9d\x7f@9\xc0\xd2\xf1\x00\x10\x00\x00\x00\x00\x00\x00\x82\x13\xb2\xa9\xef\xa5\xf8\x8bk\xb3\x9ev\x92\x0e\xd1\x1f\x17Dx[\xad\xb0\x9d/\x96\xe42mO\x9fh\xea\xf3\x14\xcd\x96\x89_)\x1b\xe2\xd6\b\x94b\xaf;\x92T\xafz\x94\x9fG\xfb\xfd|$k\x03\xd7;\x9ay\xee\xf9W?\xb3\xf9\xf8I.E4\xc3eWq\xfa\":$\xd0\x17Q\x94\xf5\xe5mk\x8e&\xf1;#z\xef*\xce\x99\x04\xb9\x90\xbc\xc9#-\x8di\xae\xc5\xdf\x13\xd2K\x8b\xf5\f\xb2x\xdd\xd5\xb4\xa9^~O<\x12\xe3\xc3P|7\xc4\xc8\xb1r0Z\x98\x87^\xc8C\x1b\x96\xb4lsyF\xc5\xbc\xffOE\xe9\xd70\xe7\xfep\x83\xa7\xa1\xd9\xe4\xba\x92\x17\xbf\xe0\xe1\x01\xb7\x8b\x18j\x19n\xc8\xff\xe9\xf4\xf4\xcf a\xd7_w\x0f\x9dF\xae\xccA-/\x83\xabU\xd5\xbf8\xa4O\xb4\xef\xc8\xccH\xd1=\xbe\xbex\xb5-\x05\x01\x11\xfa\xcf\x1dm\xb5X\xe9\xb5O\x15\xc7;Lb\xce\x1a\xcc\x98\xe8\xe9e\xe0\xc2N\xe7\xd7\x1d\x92\x87F8\x9e\xf7\xdd\xdaW\xf5X\x80\xa0f\xceo\xd8\x7f\xc0\x96\bSB\xce&\x04$\xc3\xe31U\x84\x82\xf0{i\x1d\x02\x10\xc6C\x01^\xcf\x93?w\x01\x84\xa0\xd6\xa2\x10\xa4\xfcG\xabD\xd6dGZ\xb2Cx\x1b\xfdD9\x17\xe6\xcauM\xe3\x05)\xe2\x03\xe2j$F1n@\xde\n9t.[\xad\xb5\f<o\xdb\xa4\x90\xc4\xd0I\xa6\x96\xa1\x00\xbb\xdd\x94\x00t/1YekG\x7f\xbdrI\x1e\x8a4=\xa2\xe9\x82<\x9e|\xf5\xa4\x05#\x7f\xa8\x01\x00\x82ih\xf9?\x03Q\xf5\xc4\x95\x99 \xa7v~:$\x02O\xe3\xaa\x1f\x00\xebh\'\xd2q\x10\x1e\x94n\xd7w\xb1\xc8G\x89\xf4\x8ct\xf9R\x85\x1b8OE\x04\x9a\xd8\x80\x10x\xbf\n0\b,r\xc6r\xf7=\xfe\xc1\x16\xe6\xee\xbb:-h\xba\x8b\x14\x9a?\x8e\x03;\xe5\x04\xd8\xa9\x9a\xd3\x05(\x7f|\xadU\xafe\x87V.i4$6U,R\x9b\n{\'\xfe1\xc4\xb09\x96{\xc0e\xa1\xe7\xa9\xb4\x1a\n\xf5\xd7zuvz\x972\xd4\xfb\x13u2\xab\x18\x01~r\xbbcW!)\xf4\x9b\x1dI\x9ex;\xb2\xe3I\xbd\x16T\xb75\xa6\a\xb7\xa1\x8d\xc9\x12\xb1\xbd\xbc\xd9c\xe9\xe6k\xee\x06\x83\xf4\xab\x18\x038\x8f\xc9^\x0f\xab\xea&P\b\xef#\xf6\xc3\xfc\xd4\xa0\xfd\x15N\xd3\xa0\x80\x9f\bU\xa63\xf6\xc9\xecZ`\xa4\xa0(\xf9\x98B\xaf\xde*\x91\xddk\xa1`d\xf0\x97\xc9e\xc1\"EC\x9a?x\x89\x8d\xb3\xfaF}\x82D\xf8\f\xf1`\x90D\xd1|%(\xd8\t\xea\x00C\xce\x7fo+?v\xee\xc6bL\x1d\xbe\x84p\x8d\xa3\xec\xf7\xe0\xfe\x8c=<\xf2\x1f@\xe66E\xa7\x9c\xd3\xb6\xf5\xe0\x14\xb8\xd4`\x85\xe3;\x8c\xf8\xf2\xd9)\x0e\xd0\xff\xa5K\xf3\xf1\xc4\x18\xf4Z\xdci\x91\x84\xe8\xb7\x10\x90\xbc\xect\x14\xdfR\xe2\x80\xf8a\x92\xb2R\xdf0\xcaQ\xdf\x87\xbdjp\x1ch3h\xcf<\x82\x97\xa5s/m\xb2\x1dd\xf7\xfc\xf5\xa9\x1d\xd34{\xcc\x1f\t,i\x16\x82\xad\x8e\xb6\x17\x0f\xaa\x85^/w\xbb~\xff\xce\x92\x90\x83\n\xe5\x14\x95\x92|\xfe-S%\x91i\xafh\x97z\x00@K\xbb\xc2\fcD\xff\xdcl\xa1\xfaR\xbc\xd0k\\\x92\x19a6Sv\x05%{\xe2\xe9\xf1\xddRB$8\xb0q9\xa1g&\x17\xe5P\xef\xb1<\xb6\xe2\xb2\xc06^\x0f4\xba\x10\xba\x00\x00\x00\x00\x00\x00\x00\x00\xef\xba\"\xb7\xc7~T\xc4Ei\xfdk\xa9\"F\xa9C\xa0\xd3\xa0\x1b\xbf\x13\xfb\x14S<\xa6\n5\x86\x9e\xb2=8\'g`\x8f\xa8\x027\xbd\xb5s\xe9dti\xc0\xbd\\H\xe5v\xdd\x0fP\x8b+-\x02i\x8eZU\xa8YB\xfc\xc2R7\xe9\x11\x06\x1aRd\xa93\xa1\\\xf4_s\xf7\xe8+\xbdg\x13\xaea\x04\xd8\x82\xf6\x90\xaf1\x86b\x81J\xb7E\xb0\xe2\xd6\x93S\xb3\x98\xcb\xf9\xde=\xd6T\x8d\xea\xab\xa9Z!\xd3-\xa6_\xc4\xa4\xb6+\x89\xdc]O<g\x06~\x12W\x86\x06\xba\x15#\xa7Q\xffa\x926>\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea', 0xe)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x3, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}}, &(0x7f0000000280)='GPL\x00', 0x5}, 0x94)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', <r6=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="200000006800e9780200000000355a000a00040000000000080005005cc46018e1e15adb97b03db1589cbe3f5b679c86964a200d83cca671bb1e1229b3d8c2cb35882e76eb7e3d8a4735152ea1d5e8a44efd25eb0c57", @ANYRES32=r6, @ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x4}, 0x24044800)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, 0x0, 0x4000)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0xe79b04dd2a128718, 0x0, 0x0)
r11 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r11, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20)
connect$l2tp6(r11, &(0x7f0000000340)={0xa, 0x0, 0xe, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x4}, 0x20)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000000)="0f080fae04a200400f01c426660f3a15e6160fc76bdbf08666350f2170260fed9c000066b9230b00000f32", 0x2b}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_RUN(r10, 0xae80, 0x0)

40.691784ms ago: executing program 3 (id=3005):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
close(0xffffffffffffffff)
mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000340)=ANY=[])
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r3 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x800, 0x0, 0x1, 0x1}, 0x26)

0s ago: executing program 0 (id=3006):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
ioctl$SNDCTL_MIDI_INFO(0xffffffffffffffff, 0xc074510c, &(0x7f0000000240)={"a7d5de86fda2fa7f839454c1760f0f35580b4c522fd74b442182e604582d", 0x6, 0x8, 0x5, [0x3, 0x9, 0x0, 0xc2, 0x1000, 0xef30, 0x0, 0xffffffff, 0x34d, 0xffed, 0x4, 0x4, 0x80000001, 0x101, 0x7f, 0x10, 0xeb3, 0x80]})
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
setsockopt$bt_BT_SECURITY(r3, 0x112, 0x4, &(0x7f0000000440)={0x3, 0xb}, 0x2)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180), 0x200, 0x0)
bind$bt_l2cap(r3, &(0x7f00000002c0)={0x1f, 0x0, @any, 0xfffa}, 0xe)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
r4 = add_key(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r5=>0xffffffffffffffff}, 0x80)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r5, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r4, r5, 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
epoll_create(0x3f)
memfd_create(&(0x7f0000000800)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x94\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00B\a\xfe\x10R\xe8\xda;MSZ\x8f\xea\xf1I\xdc\xb5\x99F\xd64c\xcfK,N\x00\xae\x17\xb0\x8f\xd4\xbc\x9c\xf5\x9d\xe7\x87\xff:I\xdf\x10X\xe8\x8c^\x02\xa8SERs\xebi\xb7V\xee\x99\xe2\xf0\xc8\xaf\xd1*L\v\xf0\xdd\xc5vb\x18\x91\x9ay\xfc\x81\xa2#\xf8J\x82\x7f\xb9\x94\xbcz\xa0\xe8\x8f\x81\x81\x1b\xc0\xecv\x1e@\xb9\x98\x83\xd9\x0f\'u\xe0\xea(\xfdK55\xdf\xa5X~\xca\x99\xd4\xd0\nO\xcd1\xf3\vzt\x1b\x80\xd4\xf6\x90\xbf\x00\xe1\xe1\t\x8f\tY\xde\xdfB\xf7v\xc3%b\xde=~\x88M#\x8c\x9ay1J\x83`#\xee#-\x1b\\\xcb<\x9cv\xae\x91H\xc9`\xfe\x1eK\xf5\xba\x86R\xcb\xc8H\x8d\x02\xb6\x95\x05\xbd\xfeJ\xf1\x97\xc2\xaeM=X\xd6~\xe5[\xb3|\x8fh\x9e\x90|\x99\xb3\xf5\xe8lN\xcd>\x90\\\xbe\xcd.!\x8a\xe5c\xb6\x04x\xb4H\xb14\x9fm8U\xc5Z\x1f\xfd\x1c\x06S\xbc\x8f>O#t\xa4\xb3\xd3\xc4\xb1\b\x1d\xeb?\x19\xff\xfb\xc7\xf4\x7f\xca\xe9l\xe9\xef\xe0\xaeqo\x95\xcf4\x80\x81\xca\x10\xcec\xe2<\x94\x00\xcf,\x91MZN\xb9\xda&3\x81\x1a\x1eq\x8f\xdc\xf0\xa6W\r\x02\xa9U\x00YtE\xa9\xbd\x11t5\xee\x92.M^\xbb\xb4\xf1\xe8', 0x4)
r6 = socket$inet6(0xa, 0x80002, 0x88)
setsockopt$inet6_udp_int(r6, 0x11, 0xa, &(0x7f0000000080)=0x6, 0x4)
sendmmsg$inet(r6, &(0x7f0000000b00)=[{{&(0x7f0000000100)={0x2, 0x4e20, @local}, 0x10, 0x0}}], 0x1, 0x0)
socket(0x2c, 0x3, 0x7)
r7 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r7, 0x0, 0x2, &(0x7f0000000000)=0x3fa, 0x4)
mmap(&(0x7f00008f1000/0x1000)=nil, 0x1000, 0x6, 0x11, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

F-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[ 1027.046256][T14925] I/O error, dev loop6, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1027.056172][T14925] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=512, location=512
[ 1027.065931][T14925] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found
[ 1027.073740][T14925] UDF-fs: Scanning with blocksize 1024 failed
[ 1027.083600][T14925] I/O error, dev loop6, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1027.097509][T14925] I/O error, dev loop6, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1027.107444][T14925] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[ 1027.118109][T14925] I/O error, dev loop6, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1027.128149][T14925] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=512, location=512
[ 1027.137885][T14925] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found
[ 1027.145681][T14925] UDF-fs: Scanning with blocksize 2048 failed
[ 1027.154698][T14925] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[ 1027.165542][T14925] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=512, location=512
[ 1027.175286][T14925] UDF-fs: warning (device loop6): udf_load_vrs: No anchor found
[ 1027.183073][T14925] UDF-fs: Scanning with blocksize 4096 failed
[ 1027.189254][T14925] UDF-fs: warning (device loop6): udf_fill_super: No partition found (1)
[ 1027.203098][T14919] FAULT_INJECTION: forcing a failure.
[ 1027.203098][T14919] name failslab, interval 1, probability 0, space 0, times 0
[ 1027.291552][T14919] CPU: 1 UID: 0 PID: 14919 Comm: syz.4.2278 Not tainted syzkaller #0 PREEMPT(full) 
[ 1027.291586][T14919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1027.291599][T14919] Call Trace:
[ 1027.291607][T14919]  <TASK>
[ 1027.291616][T14919]  dump_stack_lvl+0x189/0x250
[ 1027.291647][T14919]  ? __pfx____ratelimit+0x10/0x10
[ 1027.291674][T14919]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1027.291698][T14919]  ? __pfx__printk+0x10/0x10
[ 1027.291731][T14919]  ? __pfx___might_resched+0x10/0x10
[ 1027.291758][T14919]  ? fs_reclaim_acquire+0x7d/0x100
[ 1027.291782][T14919]  should_fail_ex+0x414/0x560
[ 1027.291812][T14919]  should_failslab+0xa8/0x100
[ 1027.291838][T14919]  __kvmalloc_node_noprof+0x158/0x910
[ 1027.291867][T14919]  ? aa_file_perm+0x13a/0x1550
[ 1027.291892][T14919]  ? seq_read_iter+0x202/0xe20
[ 1027.291925][T14919]  seq_read_iter+0x202/0xe20
[ 1027.291947][T14919]  ? look_up_lock_class+0x74/0x170
[ 1027.291998][T14919]  ? __asan_memset+0x22/0x50
[ 1027.292028][T14919]  seq_read+0x369/0x480
[ 1027.292061][T14919]  ? __pfx_seq_read+0x10/0x10
[ 1027.292096][T14919]  ? rw_verify_area+0x2a6/0x4d0
[ 1027.292119][T14919]  ? __lock_acquire+0xab9/0xd20
[ 1027.292141][T14919]  ? __pfx_seq_read+0x10/0x10
[ 1027.292165][T14919]  vfs_read+0x200/0xa30
[ 1027.292189][T14919]  ? fdget_pos+0x247/0x320
[ 1027.292211][T14919]  ? __pfx___mutex_lock+0x10/0x10
[ 1027.292239][T14919]  ? __pfx_vfs_read+0x10/0x10
[ 1027.292265][T14919]  ? __fget_files+0x2a/0x420
[ 1027.292287][T14919]  ? __fget_files+0x3a0/0x420
[ 1027.292303][T14919]  ? __fget_files+0x2a/0x420
[ 1027.292328][T14919]  ksys_read+0x145/0x250
[ 1027.292357][T14919]  ? __pfx_ksys_read+0x10/0x10
[ 1027.292385][T14919]  ? do_syscall_64+0xbe/0xfa0
[ 1027.292414][T14919]  do_syscall_64+0xfa/0xfa0
[ 1027.292440][T14919]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1027.292457][T14919]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1027.292482][T14919]  ? clear_bhb_loop+0x60/0xb0
[ 1027.292504][T14919]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1027.292522][T14919] RIP: 0033:0x7f50ae58eba9
[ 1027.292539][T14919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1027.292555][T14919] RSP: 002b:00007f50af3d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1027.292574][T14919] RAX: ffffffffffffffda RBX: 00007f50ae7d5fa0 RCX: 00007f50ae58eba9
[ 1027.292587][T14919] RDX: 0000000000002020 RSI: 0000200000004180 RDI: 0000000000000003
[ 1027.292598][T14919] RBP: 00007f50af3d8090 R08: 0000000000000000 R09: 0000000000000000
[ 1027.292609][T14919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1027.292620][T14919] R13: 00007f50ae7d6038 R14: 00007f50ae7d5fa0 R15: 00007fff370cb7b8
[ 1027.292651][T14919]  </TASK>
[ 1027.557264][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1028.295024][T14934] overlayfs: failed to resolve './file0': -2
[ 1030.059391][T14943] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 1031.956717][T14954] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1033.685207][T14974] binder: 14973:14974 unknown command 0
[ 1033.690813][T14974] binder: 14973:14974 ioctl c0306201 200000000080 returned -22
[ 1034.207423][T14977] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2291'.
[ 1034.346974][T14977] netlink: 'syz.3.2291': attribute type 30 has an invalid length.
[ 1034.357456][T14978] blk_print_req_error: 3 callbacks suppressed
[ 1034.357473][T14978] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 1
[ 1034.374043][T14978] XFS (loop6): SB validate failed with error -5.
[ 1037.435880][T15009] xt_time: invalid argument - start or stop time greater than 23:59:59
[ 1038.449157][T15013] I/O error, dev loop3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1038.460455][T15013] I/O error, dev loop3, sector 256 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1038.470968][T15013] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[ 1038.482027][T15013] I/O error, dev loop3, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1038.491710][T15013] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[ 1038.501344][T15013] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[ 1038.509059][T15013] UDF-fs: Scanning with blocksize 512 failed
[ 1038.518728][T15013] I/O error, dev loop3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1038.534528][T15013] I/O error, dev loop3, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1038.544356][T15013] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[ 1038.555434][T15013] I/O error, dev loop3, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1038.568801][T15013] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[ 1038.578528][T15013] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[ 1038.586333][T15013] UDF-fs: Scanning with blocksize 1024 failed
[ 1038.595833][T15013] I/O error, dev loop3, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1038.606800][T15013] I/O error, dev loop3, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1038.616739][T15013] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[ 1038.627254][T15013] I/O error, dev loop3, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1038.637055][T15013] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[ 1038.646703][T15013] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[ 1038.654487][T15013] UDF-fs: Scanning with blocksize 2048 failed
[ 1038.665679][T15013] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256
[ 1038.677158][T15013] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512
[ 1038.686928][T15013] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[ 1038.695115][T15013] UDF-fs: Scanning with blocksize 4096 failed
[ 1038.701300][T15013] UDF-fs: warning (device loop3): udf_fill_super: No partition found (1)
[ 1040.382407][T15020] 9pnet_fd: Insufficient options for proto=fd
[ 1043.760104][T15049] xt_time: invalid argument - start or stop time greater than 23:59:59
[ 1048.876059][   T24] usb 1-1: new high-speed USB device number 54 using dummy_hcd
[ 1049.082141][   T24] usb 1-1: config 164 has too many interfaces: 252, using maximum allowed: 32
[ 1049.120211][   T24] usb 1-1: config 164 has an invalid descriptor of length 35, skipping remainder of the config
[ 1049.140517][   T24] usb 1-1: config 164 has 0 interfaces, different from the descriptor's value: 252
[ 1049.339546][   T24] usb 1-1: New USB device found, idVendor=0582, idProduct=b9d5, bcdDevice=73.f7
[ 1050.009111][   T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1052.248204][   T24] usb 1-1: string descriptor 0 read error: -71
[ 1052.274339][   T24] usb 1-1: USB disconnect, device number 54
[ 1053.417283][T15092] netlink: 52 bytes leftover after parsing attributes in process `syz.5.2319'.
[ 1053.912902][ T5886] usb 7-1: new low-speed USB device number 9 using dummy_hcd
[ 1054.075644][ T5886] usb 7-1: config 3 has an invalid interface number: 4 but max is 0
[ 1054.117147][ T5886] usb 7-1: config 3 has no interface number 0
[ 1054.139915][ T5886] usb 7-1: config 3 interface 4 has no altsetting 0
[ 1056.254164][T15115] XFS (loop5): Invalid device [./bus], error=-15
[ 1056.566349][ T5886] usb 7-1: string descriptor 0 read error: -71
[ 1056.572816][ T5886] usb 7-1: New USB device found, idVendor=2019, idProduct=ab2a, bcdDevice=bb.df
[ 1056.581991][ T5886] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1056.616576][ T5886] usb 7-1: can't set config #3, error -71
[ 1056.705743][ T5886] usb 7-1: USB disconnect, device number 9
[ 1057.883358][ T6023] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[ 1058.225330][ T6023] usb 6-1: config 164 has too many interfaces: 252, using maximum allowed: 32
[ 1058.329912][ T6023] usb 6-1: config 164 has an invalid descriptor of length 35, skipping remainder of the config
[ 1058.608267][ T6023] usb 6-1: config 164 has 0 interfaces, different from the descriptor's value: 252
[ 1059.262286][ T6023] usb 6-1: New USB device found, idVendor=0582, idProduct=b9d5, bcdDevice=73.f7
[ 1059.289956][ T6023] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1062.472606][ T6023] usb 6-1: string descriptor 0 read error: -71
[ 1062.502815][ T6023] usb 6-1: USB disconnect, device number 13
[ 1065.249738][T15180] netlink: 'syz.4.2340': attribute type 1 has an invalid length.
[ 1065.974150][T15183] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4)
[ 1065.980812][T15183] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1066.007195][T15183] vhci_hcd vhci_hcd.0: Device attached
[ 1066.036265][T15183] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1066.071558][T15183] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1066.093315][T15183] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1066.102032][T15193] sp0: Synchronizing with TNC
[ 1066.182889][T11245] vhci_hcd: vhci_device speed not set
[ 1066.687501][T15183] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1066.724319][T15183] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1067.224069][T11245] usb 39-1: new full-speed USB device number 2 using vhci_hcd
[ 1067.261664][T15198] vhci_hcd vhci_hcd.0: pdev(3) rhport(6) sockfd(20)
[ 1067.268308][T15198] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1067.298255][T15198] vhci_hcd vhci_hcd.0: Device attached
[ 1068.111514][T15183] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1068.248245][T15183] vhci_hcd vhci_hcd.0: port 0 already used
[ 1068.311648][T15199] vhci_hcd: connection closed
[ 1068.335988][T15185] vhci_hcd: connection reset by peer
[ 1068.353371][ T6382] vhci_hcd: stop threads
[ 1068.378775][ T6382] vhci_hcd: release socket
[ 1068.592514][ T6382] vhci_hcd: disconnect device
[ 1068.949181][T15214] xt_time: invalid argument - start or stop time greater than 23:59:59
[ 1069.267136][ T6382] vhci_hcd: stop threads
[ 1069.271453][ T6382] vhci_hcd: release socket
[ 1069.296583][ T6382] vhci_hcd: disconnect device
[ 1069.445772][T15220] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2348'.
[ 1071.159786][T15224] XFS (loop4): Invalid device [./bus], error=-15
[ 1071.533580][T15182] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1071.727626][T15231] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2350'.
[ 1072.402523][T11245] vhci_hcd: vhci_device speed not set
[ 1072.936142][T15248] netlink: 'syz.4.2354': attribute type 1 has an invalid length.
[ 1074.979377][T15262] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2358'.
[ 1075.203827][T15261] FAULT_INJECTION: forcing a failure.
[ 1075.203827][T15261] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1075.245997][T15263] MTD: Attempt to mount non-MTD device "/dev/loop5"
[ 1075.300568][T15261] CPU: 1 UID: 0 PID: 15261 Comm: syz.6.2357 Not tainted syzkaller #0 PREEMPT(full) 
[ 1075.300591][T15261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1075.300603][T15261] Call Trace:
[ 1075.300609][T15261]  <TASK>
[ 1075.300616][T15261]  dump_stack_lvl+0x189/0x250
[ 1075.300640][T15261]  ? __pfx____ratelimit+0x10/0x10
[ 1075.300667][T15261]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1075.300686][T15261]  ? __pfx__printk+0x10/0x10
[ 1075.300710][T15261]  ? __might_fault+0xb0/0x130
[ 1075.300766][T15261]  should_fail_ex+0x414/0x560
[ 1075.300792][T15261]  _copy_from_iter+0x1de/0x1790
[ 1075.300824][T15261]  ? rcu_is_watching+0x15/0xb0
[ 1075.300856][T15261]  ? kmalloc_reserve+0xbd/0x290
[ 1075.300885][T15261]  ? __pfx__copy_from_iter+0x10/0x10
[ 1075.300912][T15261]  ? __build_skb_around+0x262/0x3f0
[ 1075.300942][T15261]  ? netlink_sendmsg+0x642/0xb30
[ 1075.300968][T15261]  ? skb_put+0x11b/0x210
[ 1075.300987][T15261]  netlink_sendmsg+0x6b2/0xb30
[ 1075.301023][T15261]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1075.301054][T15261]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1075.301079][T15261]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1075.301097][T15261]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1075.301125][T15261]  __sock_sendmsg+0x21c/0x270
[ 1075.301150][T15261]  ____sys_sendmsg+0x52d/0x830
[ 1075.301175][T15261]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1075.301203][T15261]  ? import_iovec+0x74/0xa0
[ 1075.301223][T15261]  ___sys_sendmsg+0x21f/0x2a0
[ 1075.301244][T15261]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1075.301305][T15261]  ? __might_fault+0xb0/0x130
[ 1075.301335][T15261]  __sys_sendmmsg+0x227/0x430
[ 1075.301358][T15261]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1075.301386][T15261]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1075.301440][T15261]  ? ksys_write+0x22a/0x250
[ 1075.301490][T15261]  ? __pfx_ksys_write+0x10/0x10
[ 1075.301524][T15261]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1075.301548][T15261]  do_syscall_64+0xfa/0xfa0
[ 1075.301574][T15261]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1075.301601][T15261]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1075.301622][T15261]  ? clear_bhb_loop+0x60/0xb0
[ 1075.301646][T15261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1075.301666][T15261] RIP: 0033:0x7fb91df8eba9
[ 1075.301684][T15261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1075.301702][T15261] RSP: 002b:00007fb91eeb8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1075.301724][T15261] RAX: ffffffffffffffda RBX: 00007fb91e1d6090 RCX: 00007fb91df8eba9
[ 1075.301739][T15261] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000003
[ 1075.301752][T15261] RBP: 00007fb91eeb8090 R08: 0000000000000000 R09: 0000000000000000
[ 1075.301764][T15261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1075.301775][T15261] R13: 00007fb91e1d6128 R14: 00007fb91e1d6090 R15: 00007ffc545aa428
[ 1075.301808][T15261]  </TASK>
[ 1075.581949][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1075.844050][T15263] cramfs: wrong magic
[ 1075.939216][T15267] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2360'.
[ 1076.466124][T15272] afs: Bad value for 'source'
[ 1078.541568][T15284] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(4)
[ 1078.548133][T15284] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1078.632163][T15284] vhci_hcd vhci_hcd.0: Device attached
[ 1078.660204][T15290] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1078.823623][ T7791] vhci_hcd: vhci_device speed not set
[ 1079.164285][T15284] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1079.291731][ T7791] usb 43-1: new full-speed USB device number 2 using vhci_hcd
[ 1079.299898][T15284] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1079.420312][T15290] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1079.463256][T15284] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1079.539145][T15284] vhci_hcd vhci_hcd.0: pdev(5) rhport(6) sockfd(19)
[ 1079.545801][T15284] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1079.631089][T15284] vhci_hcd vhci_hcd.0: Device attached
[ 1079.664080][T15290] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1080.560086][T15284] vhci_hcd vhci_hcd.0: port 0 already used
[ 1080.714825][T15283] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1080.876502][T15285] vhci_hcd: connection reset by peer
[ 1080.890075][T15301] vhci_hcd: connection closed
[ 1080.892671][   T36] vhci_hcd: stop threads
[ 1080.902149][   T36] vhci_hcd: release socket
[ 1080.909670][   T36] vhci_hcd: disconnect device
[ 1080.916099][   T36] vhci_hcd: stop threads
[ 1080.920821][   T36] vhci_hcd: release socket
[ 1080.961766][   T36] vhci_hcd: disconnect device
[ 1083.602928][T15344] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2378'.
[ 1083.679623][T15344] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2378'.
[ 1083.729779][T15344] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2378'.
[ 1084.468766][T15369] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2384'.
[ 1084.477986][ T7791] vhci_hcd: vhci_device speed not set
[ 1084.858070][T15372] xt_time: invalid argument - start or stop time greater than 23:59:59
[ 1085.686616][T15380] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(4)
[ 1085.693204][T15380] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[ 1085.705820][T15380] vhci_hcd vhci_hcd.0: Device attached
[ 1085.751508][T15380] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1085.763713][T15380] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1085.804100][T15380] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1085.820290][T15380] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1085.829834][T15380] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1085.848121][T15380] vhci_hcd vhci_hcd.0: pdev(6) rhport(6) sockfd(19)
[ 1085.854729][T15380] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[ 1085.909074][ T5886] vhci_hcd: vhci_device speed not set
[ 1085.948753][T15380] vhci_hcd vhci_hcd.0: Device attached
[ 1085.963625][T15388] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[ 1085.964005][T15387] cgroup: Invalid name
[ 1086.102043][T15392] FAULT_INJECTION: forcing a failure.
[ 1086.102043][T15392] name failslab, interval 1, probability 0, space 0, times 0
[ 1086.114998][T15392] CPU: 0 UID: 0 PID: 15392 Comm: syz.3.2390 Not tainted syzkaller #0 PREEMPT(full) 
[ 1086.115022][T15392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1086.115036][T15392] Call Trace:
[ 1086.115042][T15392]  <TASK>
[ 1086.115048][T15392]  dump_stack_lvl+0x189/0x250
[ 1086.115071][T15392]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1086.115087][T15392]  ? __pfx__printk+0x10/0x10
[ 1086.115109][T15392]  ? fs_reclaim_acquire+0x7d/0x100
[ 1086.115127][T15392]  should_fail_ex+0x414/0x560
[ 1086.115147][T15392]  should_failslab+0xa8/0x100
[ 1086.115177][T15392]  kmem_cache_alloc_noprof+0x74/0x6e0
[ 1086.115195][T15392]  ? alloc_empty_file+0x55/0x1d0
[ 1086.115209][T15392]  ? kernel_text_address+0xa5/0xe0
[ 1086.115227][T15392]  alloc_empty_file+0x55/0x1d0
[ 1086.115242][T15392]  path_openat+0x107/0x3830
[ 1086.115265][T15392]  ? stack_trace_save+0x9c/0xe0
[ 1086.115280][T15392]  ? stack_depot_save_flags+0x40/0x860
[ 1086.115301][T15392]  ? kasan_save_track+0x4f/0x80
[ 1086.115319][T15392]  ? getname_flags+0xb8/0x540
[ 1086.115330][T15392]  ? do_sys_openat2+0xbc/0x1c0
[ 1086.115344][T15392]  ? __x64_sys_open+0x11e/0x150
[ 1086.115357][T15392]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1086.115371][T15392]  ? __pfx_path_openat+0x10/0x10
[ 1086.115398][T15392]  do_filp_open+0x1fa/0x410
[ 1086.115413][T15392]  ? __lock_acquire+0xab9/0xd20
[ 1086.115432][T15392]  ? __pfx_do_filp_open+0x10/0x10
[ 1086.115461][T15392]  ? _raw_spin_unlock+0x28/0x50
[ 1086.115477][T15392]  ? alloc_fd+0x64c/0x6c0
[ 1086.115503][T15392]  do_sys_openat2+0x121/0x1c0
[ 1086.115524][T15392]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1086.115546][T15392]  __x64_sys_open+0x11e/0x150
[ 1086.115563][T15392]  do_syscall_64+0xfa/0xfa0
[ 1086.115581][T15392]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1086.115598][T15392]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1086.115610][T15392]  ? clear_bhb_loop+0x60/0xb0
[ 1086.115629][T15392]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1086.115641][T15392] RIP: 0033:0x7f702578eba9
[ 1086.115652][T15392] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1086.115664][T15392] RSP: 002b:00007f70239b4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[ 1086.115677][T15392] RAX: ffffffffffffffda RBX: 00007f70259d6180 RCX: 00007f702578eba9
[ 1086.115686][T15392] RDX: 0000000000000000 RSI: 0000000000606701 RDI: 0000200000000240
[ 1086.115695][T15392] RBP: 00007f70239b4090 R08: 0000000000000000 R09: 0000000000000000
[ 1086.115703][T15392] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1086.115710][T15392] R13: 00007f70259d6218 R14: 00007f70259d6180 R15: 00007ffd6c8e5f78
[ 1086.115730][T15392]  </TASK>
[ 1086.381204][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1086.673053][ T5886] usb 45-1: new full-speed USB device number 2 using vhci_hcd
[ 1086.714449][T15393] vhci_hcd vhci_hcd.0: port 0 already used
[ 1086.729855][T15384] vhci_hcd: connection closed
[ 1086.832479][T15381] vhci_hcd: connection reset by peer
[ 1086.843064][T11606] vhci_hcd: stop threads
[ 1086.847386][T11606] vhci_hcd: release socket
[ 1086.865378][T11606] vhci_hcd: disconnect device
[ 1086.944634][T10694] vhci_hcd: stop threads
[ 1086.955553][T10694] vhci_hcd: release socket
[ 1086.980453][T10694] vhci_hcd: disconnect device
[ 1087.850017][T15380] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1088.058873][T15406] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2394'.
[ 1089.401275][T15416] blk_print_req_error: 3 callbacks suppressed
[ 1089.401289][T15416] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1089.416818][T15416] FAT-fs (loop6): unable to read boot sector
[ 1090.143440][T15425] sp0: Synchronizing with TNC
[ 1091.857273][T15446] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2403'.
[ 1091.943032][ T5886] vhci_hcd: vhci_device speed not set
[ 1092.155681][T15440] netlink: 'syz.5.2403': attribute type 10 has an invalid length.
[ 1092.165359][T15440] netlink: 40 bytes leftover after parsing attributes in process `syz.5.2403'.
[ 1092.181530][T15440] batadv0: entered promiscuous mode
[ 1092.202658][T15440] batadv0: entered allmulticast mode
[ 1092.208897][T15440] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[ 1093.065927][T15468] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1093.075219][T15468] FAT-fs (loop0): unable to read boot sector
[ 1094.086520][T15473] sp0: Synchronizing with TNC
[ 1094.717199][T15476] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 1
[ 1094.726896][T15476] XFS (loop0): SB validate failed with error -5.
[ 1095.997906][   T30] audit: type=1326 audit(1758174412.473:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15482 comm="syz.3.2414" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f702578eba9 code=0x0
[ 1096.837500][T15489] ntfs3(loop6): try to read out of volume at offset 0x0
[ 1097.398293][T15503] erofs (device loop6): cannot find valid erofs superblock
[ 1097.574232][T15509] xt_time: invalid argument - start or stop time greater than 23:59:59
[ 1097.937303][T15503] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2415'.
[ 1099.369734][T15528] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1099.379039][T15528] FAT-fs (loop0): unable to read boot sector
[ 1100.388140][T15532] sp0: Synchronizing with TNC
[ 1101.586343][   T30] audit: type=1800 audit(1758174417.633:122): pid=15541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2427" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=54773 res=0 errno=0
[ 1102.259240][T15542] block nbd0: Attempted send on invalid socket
[ 1102.265732][T15542] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1103.651078][T15556] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2428'.
[ 1103.704542][T15561] PM: Enabling pm_trace changes system date and time during resume.
[ 1103.704542][T15561] PM: Correct system time has to be restored manually after resume.
[ 1105.526994][T15574] sp0: Synchronizing with TNC
[ 1106.058005][T15592] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2440'.
[ 1106.084341][T15593] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2440'.
[ 1106.106310][T15590] comedi: No check for data length of config insn id 131 is implemented
[ 1106.130643][T15590] comedi: Add a check to check_insn_config_length in drivers/comedi/comedi_fops.c
[ 1106.178388][T15590] comedi: Assuming n=15 is correct
[ 1109.149704][T15605] ntfs3: Unknown parameter '˙˙˙˙'
[ 1109.377548][T15605] I/O error, dev loop0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1109.476578][T15615] fuse: Bad value for 'fd'
[ 1109.495780][T15615] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22)
[ 1110.825033][T15627] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2448'.
[ 1111.387150][T15624] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2446'.
[ 1111.433785][T15627] openvswitch: netlink: Flow key attr not present in new flow.
[ 1112.581505][T15640] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2450'.
[ 1112.940342][T15652] ntfs3(loop4): try to read out of volume at offset 0x0
[ 1113.772871][T15655] erofs (device loop4): cannot find valid erofs superblock
[ 1114.030492][T15655] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2456'.
[ 1115.504217][ T5886] usb 7-1: new full-speed USB device number 10 using dummy_hcd
[ 1115.665210][ T5886] usb 7-1: config 2 has an invalid interface number: 42 but max is 0
[ 1115.674516][ T5886] usb 7-1: config 2 has an invalid descriptor of length 1, skipping remainder of the config
[ 1115.685231][ T5886] usb 7-1: config 2 has no interface number 0
[ 1115.691387][ T5886] usb 7-1: config 2 interface 42 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 11
[ 1115.705031][ T5886] usb 7-1: config 2 interface 42 has no altsetting 0
[ 1115.715394][ T5886] usb 7-1: New USB device found, idVendor=0403, idProduct=eee8, bcdDevice=22.f4
[ 1115.725299][ T5886] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1115.735147][ T5886] usb 7-1: Product: syz
[ 1115.739509][ T5886] usb 7-1: Manufacturer: syz
[ 1115.744428][ T5886] usb 7-1: SerialNumber: syz
[ 1115.765801][ T5886] ftdi_sio 7-1:2.42: FTDI USB Serial Device converter detected
[ 1115.781563][ T5886] ftdi_sio ttyUSB0: unknown device type: 0x22f4
[ 1115.788183][ T6023] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[ 1115.944863][ T6023] usb 4-1: config index 0 descriptor too short (expected 39, got 27)
[ 1115.962511][ T6023] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1115.977765][ T6023] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[ 1115.990197][ T6023] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[ 1115.999858][ T6023] usb 4-1: Product: syz
[ 1116.005160][ T6023] usb 4-1: Manufacturer: syz
[ 1116.010087][ T6023] usb 4-1: SerialNumber: syz
[ 1116.018409][ T6023] usb 4-1: config 0 descriptor??
[ 1116.036464][ T6023] hub 4-1:0.0: bad descriptor, ignoring hub
[ 1116.057065][ T6023] hub 4-1:0.0: probe with driver hub failed with error -5
[ 1116.157124][ T6023] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -22
[ 1116.190025][T15235] udevd[15235]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1117.110935][T15669] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1117.120276][T15669] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1117.470255][T15678] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1117.483107][T15678] I/O error, dev loop0, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[ 1117.498522][T15678] EXT4-fs (loop0): unable to read superblock
[ 1118.497543][ T6023] usb 7-1: USB disconnect, device number 10
[ 1118.505367][ T6023] ftdi_sio 7-1:2.42: device disconnected
[ 1118.518731][T15686] FAULT_INJECTION: forcing a failure.
[ 1118.518731][T15686] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1118.699174][T15686] CPU: 1 UID: 0 PID: 15686 Comm: syz.4.2464 Not tainted syzkaller #0 PREEMPT(full) 
[ 1118.699198][T15686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1118.699209][T15686] Call Trace:
[ 1118.699215][T15686]  <TASK>
[ 1118.699221][T15686]  dump_stack_lvl+0x189/0x250
[ 1118.699241][T15686]  ? __pfx____ratelimit+0x10/0x10
[ 1118.699260][T15686]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1118.699284][T15686]  ? __pfx__printk+0x10/0x10
[ 1118.699311][T15686]  should_fail_ex+0x414/0x560
[ 1118.699331][T15686]  _copy_to_user+0x31/0xb0
[ 1118.699346][T15686]  simple_read_from_buffer+0xe1/0x170
[ 1118.699371][T15686]  proc_fail_nth_read+0x1b3/0x220
[ 1118.699391][T15686]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1118.699409][T15686]  ? rw_verify_area+0x2a6/0x4d0
[ 1118.699427][T15686]  ? __lock_acquire+0xab9/0xd20
[ 1118.699445][T15686]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1118.699462][T15686]  vfs_read+0x200/0xa30
[ 1118.699480][T15686]  ? fdget_pos+0x247/0x320
[ 1118.699496][T15686]  ? __pfx___mutex_lock+0x10/0x10
[ 1118.699516][T15686]  ? __pfx_vfs_read+0x10/0x10
[ 1118.699537][T15686]  ? __fget_files+0x2a/0x420
[ 1118.699552][T15686]  ? __fget_files+0x3a0/0x420
[ 1118.699564][T15686]  ? __fget_files+0x2a/0x420
[ 1118.699582][T15686]  ksys_read+0x145/0x250
[ 1118.699602][T15686]  ? __pfx_ksys_read+0x10/0x10
[ 1118.699623][T15686]  ? do_syscall_64+0xbe/0xfa0
[ 1118.699644][T15686]  do_syscall_64+0xfa/0xfa0
[ 1118.699663][T15686]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1118.699676][T15686]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1118.699689][T15686]  ? clear_bhb_loop+0x60/0xb0
[ 1118.699706][T15686]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1118.699719][T15686] RIP: 0033:0x7f50ae58d5bc
[ 1118.699731][T15686] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1118.699743][T15686] RSP: 002b:00007f50af3d8030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1118.699757][T15686] RAX: ffffffffffffffda RBX: 00007f50ae7d5fa0 RCX: 00007f50ae58d5bc
[ 1118.699767][T15686] RDX: 000000000000000f RSI: 00007f50af3d80a0 RDI: 0000000000000005
[ 1118.699776][T15686] RBP: 00007f50af3d8090 R08: 0000000000000000 R09: 0000000000000000
[ 1118.699784][T15686] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001
[ 1118.699793][T15686] R13: 00007f50ae7d6038 R14: 00007f50ae7d5fa0 R15: 00007fff370cb7b8
[ 1118.699814][T15686]  </TASK>
[ 1118.957627][ T5981] usb 4-1: USB disconnect, device number 37
[ 1120.521093][T15708] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2471'.
[ 1120.881811][T15704] ntfs3(loop6): try to read out of volume at offset 0x0
[ 1122.655812][T15745] overlay: Unknown parameter 'subj_role'
[ 1122.773627][T15746] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1125.201122][T15768] fuse: Unknown parameter '0x00000000000000080x000000000000000c'
[ 1125.501713][T15772] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2486'.
[ 1127.166925][T15805] FAULT_INJECTION: forcing a failure.
[ 1127.166925][T15805] name failslab, interval 1, probability 0, space 0, times 0
[ 1127.180039][T15805] CPU: 0 UID: 0 PID: 15805 Comm: syz.0.2493 Not tainted syzkaller #0 PREEMPT(full) 
[ 1127.180068][T15805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1127.180082][T15805] Call Trace:
[ 1127.180091][T15805]  <TASK>
[ 1127.180100][T15805]  dump_stack_lvl+0x189/0x250
[ 1127.180131][T15805]  ? __pfx____ratelimit+0x10/0x10
[ 1127.180160][T15805]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1127.180186][T15805]  ? __pfx__printk+0x10/0x10
[ 1127.180221][T15805]  ? __pfx___might_resched+0x10/0x10
[ 1127.180250][T15805]  ? fs_reclaim_acquire+0x7d/0x100
[ 1127.180277][T15805]  should_fail_ex+0x414/0x560
[ 1127.180308][T15805]  should_failslab+0xa8/0x100
[ 1127.180332][T15805]  kmem_cache_alloc_node_noprof+0x77/0x710
[ 1127.180363][T15805]  ? __alloc_skb+0x112/0x2d0
[ 1127.180394][T15805]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 1127.180419][T15805]  __alloc_skb+0x112/0x2d0
[ 1127.180455][T15805]  netlink_dump+0x1b7/0xe90
[ 1127.180492][T15805]  ? __netlink_lookup+0xbd/0x810
[ 1127.180516][T15805]  ? __pfx_netlink_dump+0x10/0x10
[ 1127.180544][T15805]  ? __netlink_lookup+0x752/0x810
[ 1127.180581][T15805]  ? netlink_lookup+0x30/0x200
[ 1127.180610][T15805]  ? netlink_lookup+0x30/0x200
[ 1127.180637][T15805]  ? netlink_lookup+0x30/0x200
[ 1127.180673][T15805]  __netlink_dump_start+0x5cb/0x7e0
[ 1127.180721][T15805]  rtnetlink_rcv_msg+0x9eb/0xb70
[ 1127.180753][T15805]  ? __pfx_tc_dump_tclass+0x10/0x10
[ 1127.180779][T15805]  ? rtnetlink_rcv_msg+0x1ab/0xb70
[ 1127.180808][T15805]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1127.180836][T15805]  ? ref_tracker_free+0x63a/0x7d0
[ 1127.180861][T15805]  ? __pfx_rtnl_dumpit+0x10/0x10
[ 1127.180890][T15805]  ? __pfx_tc_dump_tclass+0x10/0x10
[ 1127.180929][T15805]  netlink_rcv_skb+0x208/0x470
[ 1127.180966][T15805]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1127.180998][T15805]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1127.181042][T15805]  ? netlink_deliver_tap+0x2e/0x1b0
[ 1127.181083][T15805]  netlink_unicast+0x82f/0x9e0
[ 1127.181121][T15805]  ? __pfx_netlink_unicast+0x10/0x10
[ 1127.181152][T15805]  ? netlink_sendmsg+0x642/0xb30
[ 1127.181180][T15805]  ? skb_put+0x11b/0x210
[ 1127.181204][T15805]  netlink_sendmsg+0x805/0xb30
[ 1127.181246][T15805]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1127.181282][T15805]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1127.181311][T15805]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1127.181332][T15805]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1127.181365][T15805]  __sock_sendmsg+0x21c/0x270
[ 1127.181395][T15805]  ____sys_sendmsg+0x505/0x830
[ 1127.181424][T15805]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1127.181457][T15805]  ? import_iovec+0x74/0xa0
[ 1127.181482][T15805]  ___sys_sendmsg+0x21f/0x2a0
[ 1127.181507][T15805]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1127.181570][T15805]  ? __fget_files+0x2a/0x420
[ 1127.181590][T15805]  ? __fget_files+0x3a0/0x420
[ 1127.181622][T15805]  __x64_sys_sendmsg+0x19b/0x260
[ 1127.181647][T15805]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1127.181687][T15805]  ? __pfx_ksys_write+0x10/0x10
[ 1127.181721][T15805]  ? do_syscall_64+0xbe/0xfa0
[ 1127.181755][T15805]  do_syscall_64+0xfa/0xfa0
[ 1127.181783][T15805]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1127.181811][T15805]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1127.181833][T15805]  ? clear_bhb_loop+0x60/0xb0
[ 1127.181859][T15805]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1127.181879][T15805] RIP: 0033:0x7fdc9bb8eba9
[ 1127.181899][T15805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1127.181918][T15805] RSP: 002b:00007fdc9ca37038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1127.181941][T15805] RAX: ffffffffffffffda RBX: 00007fdc9bdd5fa0 RCX: 00007fdc9bb8eba9
[ 1127.181957][T15805] RDX: 0000000000040004 RSI: 0000200000000280 RDI: 0000000000000007
[ 1127.181971][T15805] RBP: 00007fdc9ca37090 R08: 0000000000000000 R09: 0000000000000000
[ 1127.181984][T15805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1127.181997][T15805] R13: 00007fdc9bdd6038 R14: 00007fdc9bdd5fa0 R15: 00007ffc124f30f8
[ 1127.182032][T15805]  </TASK>
[ 1129.743428][ T5886] kernel write not supported for file /snd/midiC2D0 (pid: 5886 comm: kworker/0:3)
[ 1129.851633][T15833] mac80211_hwsim hwsim5 syzkaller0: entered allmulticast mode
[ 1129.914522][T15833] tipc: Started in network mode
[ 1129.927055][T15833] tipc: Node identity 080211000001, cluster identity 4711
[ 1129.943776][T15833] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1130.984680][T15849] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2506'.
[ 1131.062661][T15495] tipc: Node number set to 134418688
[ 1132.192439][T15854] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2506'.
[ 1135.180460][T15869] XFS (loop3): Invalid device [./bus], error=-15
[ 1135.411557][T15866] ntfs3(loop0): try to read out of volume at offset 0x0
[ 1135.957880][T15874] erofs (device loop0): cannot find valid erofs superblock
[ 1136.231046][T15874] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2511'.
[ 1137.132971][  T875] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[ 1137.324082][T15888] iso9660: Unknown parameter 'unh'
[ 1137.338833][  T875] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1137.498006][ T7791] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[ 1137.769994][  T875] usb 4-1: New USB device found, idVendor=5543, idProduct=006e, bcdDevice= 0.00
[ 1137.797766][  T875] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1137.822337][  T875] usb 4-1: config 0 descriptor??
[ 1137.904189][ T7791] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[ 1137.922764][ T7791] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[ 1137.945588][ T7791] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 36224, setting to 1024
[ 1137.997632][ T7791] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 1024
[ 1138.320681][ T7791] usb 7-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[ 1139.011495][ T7791] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1139.020834][  T875] usb 4-1: string descriptor 0 read error: -71
[ 1139.063223][  T875] uclogic 0003:5543:006E.000C: failed retrieving string descriptor #200: -71
[ 1139.065716][ T7791] usb 7-1: config 0 descriptor??
[ 1139.089842][  T875] uclogic 0003:5543:006E.000C: failed retrieving pen parameters: -71
[ 1139.098521][T15882] raw-gadget.1 gadget.6: fail, usb_ep_enable returned -22
[ 1139.136992][  T875] uclogic 0003:5543:006E.000C: failed probing pen v2 parameters: -71
[ 1139.157474][  T875] uclogic 0003:5543:006E.000C: failed probing parameters: -71
[ 1139.177959][  T875] uclogic 0003:5543:006E.000C: probe with driver uclogic failed with error -71
[ 1139.205136][  T875] usb 4-1: USB disconnect, device number 38
[ 1139.300093][T15901] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2521'.
[ 1139.317237][T15901] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2521'.
[ 1139.798567][T15898] I/O error, dev loop4, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1139.812598][T15898] isofs_fill_super: bread failed, dev=loop4, iso_blknum=16, block=32
[ 1140.536219][ T7791] hdpvr 7-1:0.0: unexpected answer of status request, len -71
[ 1140.544337][ T7791] hdpvr 7-1:0.0: device init failed
[ 1140.550224][ T7791] hdpvr 7-1:0.0: probe with driver hdpvr failed with error -12
[ 1140.579766][ T7791] usb 7-1: USB disconnect, device number 11
[ 1141.754786][T15917] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2525'.
[ 1141.812723][T15917] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2525'.
[ 1143.272935][   T30] audit: type=1326 audit(1758174459.263:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15929 comm="syz.5.2529" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fefa538eba9 code=0x0
[ 1143.355497][T15937] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2530'.
[ 1146.088372][T15971] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2540'.
[ 1146.500753][T15968] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2539'.
[ 1146.538247][T15968] netlink: 'syz.5.2539': attribute type 30 has an invalid length.
[ 1146.745659][T15980] overlayfs: statfs failed on './file0'
[ 1150.298263][   T30] audit: type=1400 audit(1758174466.863:124): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=2626200D3A950D02494F07333A pid=15997 comm="syz.4.2548"
[ 1150.391030][T16008] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1150.402029][T16008] FAT-fs (loop0): unable to read boot sector
[ 1151.412789][T16022] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2553'.
[ 1152.246032][T16039] I/O error, dev loop3, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1152.255632][T16039] hfsplus: unable to find HFS+ superblock
[ 1154.591366][T16047] XFS (loop0): Invalid device [./bus], error=-15
[ 1154.799095][T16043] sp0: Synchronizing with TNC
[ 1155.891452][T16059] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1155.900775][T16059] FAT-fs (loop0): unable to read boot sector
[ 1157.085192][T15495] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[ 1157.931443][T11245] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0
[ 1158.081237][T15495] usb 6-1: device descriptor read/64, error -71
[ 1158.109990][T16084] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2570'.
[ 1158.123715][T16084] netlink: 'syz.4.2570': attribute type 30 has an invalid length.
[ 1158.127263][T11245] hid-generic 0000:0000:0000.000D: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[ 1158.750060][T16088] fido_id[16088]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[ 1158.803506][T15495] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[ 1159.002504][T15495] usb 6-1: device descriptor read/64, error -71
[ 1159.008899][ T5981] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[ 1159.018719][T16100] sp0: Synchronizing with TNC
[ 1159.146555][T15495] usb usb6-port1: attempt power cycle
[ 1160.272648][ T5981] usb 4-1: config 0 has an invalid interface number: 135 but max is 0
[ 1160.298886][ T5981] usb 4-1: config 0 has no interface number 0
[ 1160.327634][ T5981] usb 4-1: config 0 interface 135 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 32
[ 1160.343101][T15495] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[ 1160.356009][ T5981] usb 4-1: config 0 interface 135 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8
[ 1160.371756][ T5981] usb 4-1: New USB device found, idVendor=05ac, idProduct=1402, bcdDevice=45.65
[ 1160.387815][ T5981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1160.396331][ T5981] usb 4-1: Product: syz
[ 1160.433716][T15495] usb 6-1: device descriptor read/8, error -71
[ 1160.454218][ T5981] usb 4-1: Manufacturer: syz
[ 1160.458833][ T5981] usb 4-1: SerialNumber: syz
[ 1160.503770][ T5981] usb 4-1: config 0 descriptor??
[ 1160.514683][T16092] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1160.532967][T16092] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1160.580810][T16113] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1160.590135][T16113] FAT-fs (loop5): unable to read boot sector
[ 1160.651983][T16112] hfsplus: Unknown parameter '|/Í@'
[ 1160.787050][T16092] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1160.821740][T16092] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1161.337342][T16126] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1161.493159][T16126] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1161.506638][ T5981] asix 4-1:0.135 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[ 1161.528160][ T5981] asix 4-1:0.135: probe with driver asix failed with error -71
[ 1161.575536][ T5981] usb 4-1: USB disconnect, device number 39
[ 1162.315890][T16137] I/O error, dev loop6, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1162.325996][T16137] I/O error, dev loop6, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1162.335591][T16137] Mount JFS Failure: -5
[ 1162.340030][T16137] jfs_mount failed w/return code = -5
[ 1162.600516][T16137] JFS: discard option not supported on device
[ 1162.607370][T16137] I/O error, dev loop6, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1162.617419][T16137] I/O error, dev loop6, sector 120 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1162.626878][T16137] Mount JFS Failure: -5
[ 1162.888169][T16142] netlink: 'syz.6.2584': attribute type 1 has an invalid length.
[ 1162.896311][T16142] netlink: 236 bytes leftover after parsing attributes in process `syz.6.2584'.
[ 1162.984750][T16142] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[ 1163.518395][T16147] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2585'.
[ 1163.542662][T16147] netlink: 'syz.5.2585': attribute type 30 has an invalid length.
[ 1163.946383][T16146] ntfs3(loop6): try to read out of volume at offset 0x0
[ 1164.079704][  T875] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[ 1164.392462][  T875] usb 4-1: device descriptor read/64, error -71
[ 1164.565339][T16157] erofs (device loop6): cannot find valid erofs superblock
[ 1164.632454][  T875] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[ 1164.663017][T16157] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2586'.
[ 1164.824999][  T875] usb 4-1: device descriptor read/64, error -71
[ 1164.936225][  T875] usb usb4-port1: attempt power cycle
[ 1165.302480][  T875] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[ 1165.483224][  T875] usb 4-1: device descriptor read/8, error -71
[ 1165.822457][  T875] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[ 1166.117153][  T875] usb 4-1: device descriptor read/8, error -71
[ 1166.234788][  T875] usb usb4-port1: unable to enumerate USB device
[ 1166.790944][T16188] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2599'.
[ 1166.803325][T16188] netlink: 'syz.3.2599': attribute type 30 has an invalid length.
[ 1166.932811][ T5981] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[ 1167.343607][T16198] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2600'.
[ 1167.887378][ T5981] usb 5-1: device descriptor read/64, error -71
[ 1168.352459][ T5981] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[ 1168.727671][ T5981] usb 5-1: device descriptor read/64, error -71
[ 1168.858755][T16204] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1168.868215][T16204] exFAT-fs (loop3): unable to read boot sector
[ 1168.874587][T16204] exFAT-fs (loop3): failed to read boot sector
[ 1168.881147][T16204] exFAT-fs (loop3): failed to recognize exfat type
[ 1168.892790][ T5981] usb usb5-port1: attempt power cycle
[ 1169.037775][T16207] input: syz1 as /devices/virtual/input/input36
[ 1169.252437][ T5981] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[ 1169.299435][ T5981] usb 5-1: device descriptor read/8, error -71
[ 1169.603297][ T5981] usb 5-1: new high-speed USB device number 36 using dummy_hcd
[ 1169.820712][ T5981] usb 5-1: device descriptor read/8, error -71
[ 1169.947955][ T5981] usb usb5-port1: unable to enumerate USB device
[ 1170.232603][T16224] netlink: 24 bytes leftover after parsing attributes in process `syz.6.2605'.
[ 1170.468330][T16215] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2604'.
[ 1170.502216][T16228] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2606'.
[ 1170.767232][T16237] tipc: Can't bind to reserved service type 0
[ 1171.213362][    T9] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[ 1171.373172][    T9] usb 6-1: device descriptor read/64, error -71
[ 1171.493017][ T5981] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[ 1171.841504][ T5981] usb 7-1: config 164 has too many interfaces: 252, using maximum allowed: 32
[ 1171.860721][ T5981] usb 7-1: config 164 has an invalid descriptor of length 35, skipping remainder of the config
[ 1171.881527][ T5981] usb 7-1: config 164 has 0 interfaces, different from the descriptor's value: 252
[ 1171.997627][    T9] usb 6-1: new high-speed USB device number 19 using dummy_hcd
[ 1172.027475][ T5981] usb 7-1: New USB device found, idVendor=0582, idProduct=b9d5, bcdDevice=73.f7
[ 1172.049980][ T5981] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1172.645362][    T9] usb 6-1: device descriptor read/64, error -71
[ 1172.815057][    T9] usb usb6-port1: attempt power cycle
[ 1173.725860][    T9] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[ 1174.058536][    T9] usb 6-1: device descriptor read/8, error -71
[ 1174.255847][T16274] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2619'.
[ 1174.314191][T16275] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1174.324184][T16275] FAT-fs (loop5): unable to read boot sector
[ 1175.280339][ T5981] usb 7-1: string descriptor 0 read error: -71
[ 1175.519061][ T5981] usb 7-1: USB disconnect, device number 12
[ 1175.563828][T16281] EXT4-fs: Ignoring removed nomblk_io_submit option
[ 1175.571403][T16281] I/O error, dev loop5, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[ 1175.656446][T16281] EXT4-fs (loop5): unable to read superblock
[ 1178.446550][T16288] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2624'.
[ 1179.108072][T16293] I/O error, dev loop5, sector 2 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2
[ 1179.194562][T16293] hfsplus: unable to find HFS+ superblock
[ 1179.213773][T16296] FAULT_INJECTION: forcing a failure.
[ 1179.213773][T16296] name failslab, interval 1, probability 0, space 0, times 0
[ 1179.228890][T16296] CPU: 0 UID: 0 PID: 16296 Comm: syz.3.2627 Not tainted syzkaller #0 PREEMPT(full) 
[ 1179.228921][T16296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1179.228933][T16296] Call Trace:
[ 1179.228942][T16296]  <TASK>
[ 1179.228952][T16296]  dump_stack_lvl+0x189/0x250
[ 1179.228988][T16296]  ? __pfx____ratelimit+0x10/0x10
[ 1179.229027][T16296]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1179.229050][T16296]  ? __pfx__printk+0x10/0x10
[ 1179.229082][T16296]  ? __pfx___might_resched+0x10/0x10
[ 1179.229115][T16296]  should_fail_ex+0x414/0x560
[ 1179.229143][T16296]  should_failslab+0xa8/0x100
[ 1179.229165][T16296]  __kmalloc_noprof+0xcb/0x7f0
[ 1179.229191][T16296]  ? kfree+0x4d/0x6d0
[ 1179.229212][T16296]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1179.229243][T16296]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1179.229270][T16296]  ? tomoyo_domain+0xd9/0x130
[ 1179.229301][T16296]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1179.229321][T16296]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1179.229344][T16296]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1179.229402][T16296]  ? __fget_files+0x2a/0x420
[ 1179.229426][T16296]  ? __fget_files+0x3a0/0x420
[ 1179.229442][T16296]  ? __fget_files+0x2a/0x420
[ 1179.229464][T16296]  security_file_ioctl+0xcb/0x2d0
[ 1179.229484][T16296]  __se_sys_ioctl+0x47/0x170
[ 1179.229511][T16296]  do_syscall_64+0xfa/0xfa0
[ 1179.229535][T16296]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1179.229560][T16296]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1179.229579][T16296]  ? clear_bhb_loop+0x60/0xb0
[ 1179.229602][T16296]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1179.229621][T16296] RIP: 0033:0x7f702578eba9
[ 1179.229638][T16296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1179.229655][T16296] RSP: 002b:00007f70239f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1179.229674][T16296] RAX: ffffffffffffffda RBX: 00007f70259d5fa0 RCX: 00007f702578eba9
[ 1179.229689][T16296] RDX: 0000000000000000 RSI: 00000000c0403d15 RDI: 0000000000000003
[ 1179.229701][T16296] RBP: 00007f70239f6090 R08: 0000000000000000 R09: 0000000000000000
[ 1179.229713][T16296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1179.229724][T16296] R13: 00007f70259d6038 R14: 00007f70259d5fa0 R15: 00007ffd6c8e5f78
[ 1179.229756][T16296]  </TASK>
[ 1179.229786][T16296] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1179.591510][T16300] xt_time: invalid argument - start or stop time greater than 23:59:59
[ 1180.015473][   T30] audit: type=1326 audit(1758174496.593:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16306 comm="syz.3.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f702578eba9 code=0x7ffc0000
[ 1180.044684][   T30] audit: type=1326 audit(1758174496.593:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16306 comm="syz.3.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f702578eba9 code=0x7ffc0000
[ 1180.092445][   T30] audit: type=1326 audit(1758174496.663:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16306 comm="syz.3.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=51 compat=0 ip=0x7f702578eba9 code=0x7ffc0000
[ 1180.173686][   T30] audit: type=1326 audit(1758174496.663:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16306 comm="syz.3.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f702578eba9 code=0x7ffc0000
[ 1180.204343][   T30] audit: type=1326 audit(1758174496.663:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16306 comm="syz.3.2630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f702578eba9 code=0x7ffc0000
[ 1181.018690][T16317] input: syz1 as /devices/virtual/input/input37
[ 1182.145938][T16330] I/O error, dev loop0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1182.205274][T16330] hfs: can't find a HFS filesystem on dev loop0
[ 1184.513176][T16348] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2638'.
[ 1184.527054][T16330] ntfs3: Unknown parameter '
'
[ 1184.613462][T16349] 9pnet_fd: Insufficient options for proto=fd
[ 1184.695716][T16356] EXT4-fs: quotafile must be on filesystem root
[ 1184.777969][T16354] I/O error, dev loop6, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[ 1184.799560][T16354] EXT4-fs (loop6): unable to read superblock
[ 1184.856124][T16351] netlink: 36 bytes leftover after parsing attributes in process `syz.6.2640'.
[ 1185.959899][T16374] netlink: 27 bytes leftover after parsing attributes in process `syz.6.2646'.
[ 1186.058428][T16374] kernel profiling enabled (shift: 63)
[ 1186.297696][T16374] profiling shift: 63 too large
[ 1187.784486][T16391] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2649'.
[ 1188.133347][T16393] sp0: Synchronizing with TNC
[ 1188.722682][  T875] usb 6-1: new high-speed USB device number 22 using dummy_hcd
[ 1188.872467][  T875] usb 6-1: device descriptor read/64, error -71
[ 1189.195886][T16412] netlink: 'syz.4.2656': attribute type 1 has an invalid length.
[ 1189.203815][T16412] netlink: 'syz.4.2656': attribute type 2 has an invalid length.
[ 1189.912493][    T9] usb 1-1: new high-speed USB device number 55 using dummy_hcd
[ 1189.925957][  T875] usb 6-1: new high-speed USB device number 23 using dummy_hcd
[ 1190.215994][    T9] usb 1-1: device descriptor read/64, error -71
[ 1190.294220][  T875] usb 6-1: device descriptor read/64, error -71
[ 1190.342962][T16418] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2658'.
[ 1190.415501][  T875] usb usb6-port1: attempt power cycle
[ 1190.652448][    T9] usb 1-1: new high-speed USB device number 56 using dummy_hcd
[ 1190.902461][  T875] usb 6-1: new high-speed USB device number 24 using dummy_hcd
[ 1190.992624][    T9] usb 1-1: device descriptor read/64, error -71
[ 1191.000547][  T875] usb 6-1: device descriptor read/8, error -71
[ 1191.110000][    T9] usb usb1-port1: attempt power cycle
[ 1191.337524][  T875] usb 6-1: new high-speed USB device number 25 using dummy_hcd
[ 1191.579735][T11245] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[ 1191.652472][    T9] usb 1-1: new high-speed USB device number 57 using dummy_hcd
[ 1191.746614][T11245] usb 4-1: config 4 has an invalid interface number: 39 but max is 1
[ 1191.760140][T11245] usb 4-1: config 4 has an invalid interface number: 49 but max is 1
[ 1191.768797][T11245] usb 4-1: config 4 has no interface number 0
[ 1191.776156][T11245] usb 4-1: config 4 has no interface number 1
[ 1191.782610][T11245] usb 4-1: config 4 interface 39 has no altsetting 0
[ 1191.789544][T11245] usb 4-1: config 4 interface 49 has no altsetting 0
[ 1191.801147][T11245] usb 4-1: New USB device found, idVendor=05e3, idProduct=0503, bcdDevice=25.79
[ 1191.810650][T11245] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1191.819182][T11245] usb 4-1: Product: syz
[ 1191.823692][T11245] usb 4-1: Manufacturer: syz
[ 1191.828556][T11245] usb 4-1: SerialNumber: syz
[ 1192.124336][  T875] usb 6-1: device descriptor read/8, error -71
[ 1192.276502][  T875] usb usb6-port1: unable to enumerate USB device
[ 1193.324315][T16443] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2663'.
[ 1194.062941][T16454] I/O error, dev loop6, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1194.072610][T16454] hfs: can't find a HFS filesystem on dev loop6
[ 1195.439475][T11245] usb 4-1: USB disconnect, device number 44
[ 1195.469465][    T9] usb 1-1: device descriptor read/8, error -71
[ 1195.560478][T16465] I/O error, dev loop5, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[ 1195.603055][T16465] EXT4-fs (loop5): unable to read superblock
[ 1195.629762][   T30] audit: type=1326 audit(1758174512.203:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16463 comm="syz.0.2669" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdc9bb8eba9 code=0x0
[ 1196.311899][T16474] 9pnet_fd: Insufficient options for proto=fd
[ 1196.992651][ T5954] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[ 1197.650018][T16486] ntfs3(loop0): try to read out of volume at offset 0x0
[ 1197.782583][ T5954] usb 7-1: device descriptor read/64, error -71
[ 1198.025471][ T5954] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[ 1198.158643][T16493] erofs (device loop0): cannot find valid erofs superblock
[ 1198.568008][ T5954] usb 7-1: device descriptor read/64, error -71
[ 1198.614333][T16493] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2676'.
[ 1198.710600][ T5954] usb usb7-port1: attempt power cycle
[ 1199.340039][ T5954] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[ 1199.832998][T16508] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2682'.
[ 1199.996151][ T5954] usb 7-1: device descriptor read/8, error -71
[ 1200.194041][T16523] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2686'.
[ 1200.266622][T16521] udf: Unknown parameter ''id'
[ 1201.159033][   T30] audit: type=1326 audit(1758174517.653:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16532 comm="syz.4.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ae58eba9 code=0x7ffc0000
[ 1201.277912][T16540] new mount options do not match the existing superblock, will be ignored
[ 1201.474658][   T30] audit: type=1326 audit(1758174517.653:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16532 comm="syz.4.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ae58eba9 code=0x7ffc0000
[ 1201.654509][T16536] fuse: Unknown parameter 'L'
[ 1201.689724][   T30] audit: type=1326 audit(1758174517.653:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16532 comm="syz.4.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f50ae58eba9 code=0x7ffc0000
[ 1201.848614][T16540] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1201.875929][   T30] audit: type=1326 audit(1758174518.343:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16532 comm="syz.4.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ae58eba9 code=0x7ffc0000
[ 1201.969949][   T30] audit: type=1326 audit(1758174518.343:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16532 comm="syz.4.2692" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ae58eba9 code=0x7ffc0000
[ 1203.542440][ T5886] usb 4-1: new high-speed USB device number 45 using dummy_hcd
[ 1203.702537][ T5886] usb 4-1: device descriptor read/64, error -71
[ 1203.964236][ T5886] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[ 1204.162503][ T5886] usb 4-1: device descriptor read/64, error -71
[ 1204.312980][ T5886] usb usb4-port1: attempt power cycle
[ 1204.592504][T11245] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[ 1204.622524][    T9] usb 5-1: new high-speed USB device number 37 using dummy_hcd
[ 1204.662833][ T5886] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[ 1204.683199][ T5886] usb 4-1: device descriptor read/8, error -71
[ 1204.744704][T11245] usb 1-1: Using ep0 maxpacket: 16
[ 1204.753343][T11245] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1204.767053][T11245] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1204.780768][T11245] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[ 1204.803743][T11245] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[ 1204.815000][T11245] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1204.835772][T11245] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[ 1204.854484][T11245] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[ 1204.866003][T11245] usb 1-1: Manufacturer: syz
[ 1204.877158][T11245] usb 1-1: config 0 descriptor??
[ 1204.922530][ T5886] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[ 1204.962305][ T5886] usb 4-1: device descriptor read/8, error -71
[ 1205.085993][ T5886] usb usb4-port1: unable to enumerate USB device
[ 1205.222542][T11245] rc_core: IR keymap rc-hauppauge not found
[ 1205.238774][T11245] Registered IR keymap rc-empty
[ 1205.257538][T11245] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1205.282900][T11245] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1205.337855][T11245] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0
[ 1205.360074][T11245] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input38
[ 1205.384640][T11245] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1205.422745][T11245] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1205.453769][T11245] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1205.473699][T11245] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1205.512595][T11245] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1205.535662][T11245] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1205.562481][T11245] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1205.592630][T11245] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1205.612509][T11245] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1205.632658][T11245] mceusb 1-1:0.0: Error: mce write submit urb error = -90
[ 1205.687788][T11245] mceusb 1-1:0.0: Registered  with mce emulator interface version 1
[ 1205.714687][T11245] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[ 1205.746520][T11245] usb 1-1: USB disconnect, device number 59
[ 1206.036396][T16608] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2711'.
[ 1206.863761][T16615] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2713'.
[ 1206.944397][T16615] netlink: 'syz.5.2713': attribute type 30 has an invalid length.
[ 1208.720986][T16631] XFS (loop6): Invalid device [./bus], error=-15
[ 1209.055005][T16635] netlink: 'syz.3.2720': attribute type 7 has an invalid length.
[ 1212.273720][T16671] new mount options do not match the existing superblock, will be ignored
[ 1212.837569][   T30] audit: type=1326 audit(1758174528.753:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16667 comm="syz.6.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb91df8eba9 code=0x7ffc0000
[ 1212.861780][   T30] audit: type=1326 audit(1758174528.763:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16667 comm="syz.6.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb91df8eba9 code=0x7ffc0000
[ 1212.892444][   T30] audit: type=1326 audit(1758174528.763:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16667 comm="syz.6.2728" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fb91df8eba9 code=0x7ffc0000
[ 1213.288303][T16675] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2729'.
[ 1216.161517][T16689] XFS (loop5): Invalid device [./bus], error=-15
[ 1216.698447][T16702] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2736'.
[ 1218.751685][T16719] FAULT_INJECTION: forcing a failure.
[ 1218.751685][T16719] name failslab, interval 1, probability 0, space 0, times 0
[ 1218.770811][T16719] CPU: 0 UID: 0 PID: 16719 Comm: syz.5.2741 Not tainted syzkaller #0 PREEMPT(full) 
[ 1218.770837][T16719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1218.770850][T16719] Call Trace:
[ 1218.770858][T16719]  <TASK>
[ 1218.770866][T16719]  dump_stack_lvl+0x189/0x250
[ 1218.770894][T16719]  ? __pfx____ratelimit+0x10/0x10
[ 1218.770924][T16719]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1218.770947][T16719]  ? __pfx__printk+0x10/0x10
[ 1218.770980][T16719]  ? __pfx___might_resched+0x10/0x10
[ 1218.771012][T16719]  should_fail_ex+0x414/0x560
[ 1218.771040][T16719]  should_failslab+0xa8/0x100
[ 1218.771061][T16719]  __kmalloc_noprof+0xcb/0x7f0
[ 1218.771087][T16719]  ? kfree+0x4d/0x6d0
[ 1218.771107][T16719]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1218.771139][T16719]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1218.771165][T16719]  ? tomoyo_domain+0xd9/0x130
[ 1218.771196][T16719]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1218.771217][T16719]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1218.771240][T16719]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1218.771298][T16719]  ? __fget_files+0x2a/0x420
[ 1218.771322][T16719]  ? __fget_files+0x3a0/0x420
[ 1218.771338][T16719]  ? __fget_files+0x2a/0x420
[ 1218.771361][T16719]  security_file_ioctl+0xcb/0x2d0
[ 1218.771388][T16719]  __se_sys_ioctl+0x47/0x170
[ 1218.771416][T16719]  do_syscall_64+0xfa/0xfa0
[ 1218.771442][T16719]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1218.771468][T16719]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1218.771487][T16719]  ? clear_bhb_loop+0x60/0xb0
[ 1218.771511][T16719]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1218.771530][T16719] RIP: 0033:0x7fefa538eba9
[ 1218.771548][T16719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1218.771564][T16719] RSP: 002b:00007fefa62cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1218.771584][T16719] RAX: ffffffffffffffda RBX: 00007fefa55d5fa0 RCX: 00007fefa538eba9
[ 1218.771599][T16719] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[ 1218.771611][T16719] RBP: 00007fefa62cc090 R08: 0000000000000000 R09: 0000000000000000
[ 1218.771623][T16719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1218.771634][T16719] R13: 00007fefa55d6038 R14: 00007fefa55d5fa0 R15: 00007ffd5e353248
[ 1218.771667][T16719]  </TASK>
[ 1218.771695][T16719] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1220.266188][T16743] usb usb8: usbfs: process 16743 (syz.5.2746) did not claim interface 0 before use
[ 1223.418889][   T30] audit: type=1400 audit(1758174539.841:139): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=2626200D3A950D02494F07333A pid=16762 comm="syz.5.2752"
[ 1224.679148][ T5871] Bluetooth: hci5: unexpected event for opcode 0x0c7a
[ 1224.810020][T16781] vivid-001: =================  START STATUS  =================
[ 1224.864493][T16781] vivid-001: Radio HW Seek Mode: Bounded
[ 1224.872501][T16794] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2760'.
[ 1224.891877][T16794] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1224.956675][T16781] vivid-001: Radio Programmable HW Seek: false
[ 1224.970684][T16781] vivid-001: RDS Rx I/O Mode: Block I/O
[ 1224.976455][T16781] vivid-001: Generate RBDS Instead of RDS: false
[ 1224.982868][T16781] vivid-001: RDS Reception: true
[ 1224.995627][T16781] vivid-001: RDS Program Type: 0 inactive
[ 1225.003924][T16781] vivid-001: RDS PS Name:  inactive
[ 1225.009236][T16781] vivid-001: RDS Radio Text:  inactive
[ 1225.014883][T16781] vivid-001: RDS Traffic Announcement: false inactive
[ 1225.024073][T16781] vivid-001: RDS Traffic Program: false inactive
[ 1225.344307][T16781] vivid-001: RDS Music: false inactive
[ 1225.349950][T16781] vivid-001: ==================  END STATUS  ==================
[ 1225.941444][T16794] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1226.185834][  T875] usb 6-1: new high-speed USB device number 26 using dummy_hcd
[ 1226.344406][  T875] usb 6-1: Using ep0 maxpacket: 32
[ 1227.562343][   T30] audit: type=1400 audit(1758174544.251:140): apparmor="DENIED" operation="change_profile" class="file" info="label not found" error=-2 profile="unconfined" name=2626200D3A950D02494F07333A pid=16811 comm="syz.3.2765"
[ 1227.688558][  T875] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[ 1227.720070][  T875] usb 6-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[ 1227.736803][  T875] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1227.761185][  T875] usb 6-1: Product: syz
[ 1227.770379][  T875] usb 6-1: Manufacturer: syz
[ 1227.775141][  T875] usb 6-1: SerialNumber: syz
[ 1227.796749][  T875] usb 6-1: config 0 descriptor??
[ 1227.803841][T16803] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[ 1227.820518][  T875] input: syz syz as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/input/input42
[ 1228.093397][ T5981] usb 6-1: USB disconnect, device number 26
[ 1228.093466][    C0] usbtouchscreen 6-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[ 1228.539853][T16831] I/O error, dev loop4, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[ 1228.587393][T16831] EXT4-fs (loop4): unable to read superblock
[ 1228.935368][T11245] usb 5-1: new high-speed USB device number 38 using dummy_hcd
[ 1229.087386][T11245] usb 5-1: Using ep0 maxpacket: 32
[ 1229.115627][T11245] usb 5-1: config index 0 descriptor too short (expected 50757, got 91)
[ 1229.136563][T11245] usb 5-1: config 20 has too many interfaces: 194, using maximum allowed: 32
[ 1229.161901][T11245] usb 5-1: config 20 has an invalid descriptor of length 15, skipping remainder of the config
[ 1229.200726][T11245] usb 5-1: config 20 has 0 interfaces, different from the descriptor's value: 194
[ 1229.242044][T11245] usb 5-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=5e.1b
[ 1229.275918][T11245] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1229.361704][T11245] usb 5-1: Product: syz
[ 1229.383663][T11245] usb 5-1: Manufacturer: syz
[ 1229.400677][T16835] ntfs3: Unknown parameter 'discardRÀéNdows_names'
[ 1229.407343][T11245] usb 5-1: SerialNumber: syz
[ 1229.414461][T16847] lo speed is unknown, defaulting to 1000
[ 1229.420631][T16847] lo speed is unknown, defaulting to 1000
[ 1229.428191][T16847] lo speed is unknown, defaulting to 1000
[ 1229.437991][T16847] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[ 1229.451854][T16847] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[ 1229.478885][T16847] lo speed is unknown, defaulting to 1000
[ 1229.486265][T16847] lo speed is unknown, defaulting to 1000
[ 1229.493210][T16847] lo speed is unknown, defaulting to 1000
[ 1229.500365][T16847] lo speed is unknown, defaulting to 1000
[ 1229.507814][T16847] lo speed is unknown, defaulting to 1000
[ 1231.486522][T11245] usb 5-1: USB disconnect, device number 38
[ 1232.452665][T16886] netlink: 33912 bytes leftover after parsing attributes in process `syz.3.2784'.
[ 1232.513892][T16886] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2784'.
[ 1232.526740][T16895] FAULT_INJECTION: forcing a failure.
[ 1232.526740][T16895] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1232.536819][T16896] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1232.556161][T16895] CPU: 0 UID: 0 PID: 16895 Comm: syz.5.2786 Not tainted syzkaller #0 PREEMPT(full) 
[ 1232.556188][T16895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1232.556201][T16895] Call Trace:
[ 1232.556209][T16895]  <TASK>
[ 1232.556218][T16895]  dump_stack_lvl+0x189/0x250
[ 1232.556249][T16895]  ? __pfx____ratelimit+0x10/0x10
[ 1232.556277][T16895]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1232.556301][T16895]  ? __pfx__printk+0x10/0x10
[ 1232.556342][T16895]  should_fail_ex+0x414/0x560
[ 1232.556372][T16895]  _copy_to_user+0x31/0xb0
[ 1232.556395][T16895]  simple_read_from_buffer+0xe1/0x170
[ 1232.556431][T16895]  proc_fail_nth_read+0x1b3/0x220
[ 1232.556460][T16895]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1232.556489][T16895]  ? rw_verify_area+0x2a6/0x4d0
[ 1232.556515][T16895]  ? __lock_acquire+0xab9/0xd20
[ 1232.556540][T16895]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1232.556567][T16895]  vfs_read+0x200/0xa30
[ 1232.556594][T16895]  ? fdget_pos+0x247/0x320
[ 1232.556635][T16895]  ? __pfx___mutex_lock+0x10/0x10
[ 1232.556663][T16895]  ? __pfx_vfs_read+0x10/0x10
[ 1232.556691][T16895]  ? __fget_files+0x2a/0x420
[ 1232.556713][T16895]  ? __fget_files+0x3a0/0x420
[ 1232.556729][T16895]  ? __fget_files+0x2a/0x420
[ 1232.556756][T16895]  ksys_read+0x145/0x250
[ 1232.556784][T16895]  ? __pfx_ksys_read+0x10/0x10
[ 1232.556814][T16895]  ? do_syscall_64+0xbe/0xfa0
[ 1232.556844][T16895]  do_syscall_64+0xfa/0xfa0
[ 1232.556868][T16895]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1232.556898][T16895]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1232.556917][T16895]  ? clear_bhb_loop+0x60/0xb0
[ 1232.556940][T16895]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1232.556959][T16895] RIP: 0033:0x7fefa538d5bc
[ 1232.556976][T16895] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1232.556993][T16895] RSP: 002b:00007fefa62cc030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1232.557013][T16895] RAX: ffffffffffffffda RBX: 00007fefa55d5fa0 RCX: 00007fefa538d5bc
[ 1232.557028][T16895] RDX: 000000000000000f RSI: 00007fefa62cc0a0 RDI: 0000000000000004
[ 1232.557040][T16895] RBP: 00007fefa62cc090 R08: 0000000000000000 R09: 0000000000000000
[ 1232.557053][T16895] R10: 0000000000004000 R11: 0000000000000246 R12: 0000000000000001
[ 1232.557064][T16895] R13: 00007fefa55d6038 R14: 00007fefa55d5fa0 R15: 00007ffd5e353248
[ 1232.557097][T16895]  </TASK>
[ 1232.638699][T16899] sp0: Synchronizing with TNC
[ 1235.605458][T16933] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2797'.
[ 1235.977328][T16938] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2796'.
[ 1236.672443][T16925] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1239.246449][T16961] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2804'.
[ 1239.415832][T16965] block nbd4: not configured, cannot reconfigure
[ 1241.057585][T16984] FAULT_INJECTION: forcing a failure.
[ 1241.057585][T16984] name failslab, interval 1, probability 0, space 0, times 0
[ 1241.509410][T16984] CPU: 1 UID: 0 PID: 16984 Comm: syz.6.2808 Not tainted syzkaller #0 PREEMPT(full) 
[ 1241.509442][T16984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1241.509455][T16984] Call Trace:
[ 1241.509464][T16984]  <TASK>
[ 1241.509474][T16984]  dump_stack_lvl+0x189/0x250
[ 1241.509505][T16984]  ? __pfx____ratelimit+0x10/0x10
[ 1241.509532][T16984]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1241.509557][T16984]  ? __pfx__printk+0x10/0x10
[ 1241.509591][T16984]  ? __pfx___might_resched+0x10/0x10
[ 1241.509625][T16984]  should_fail_ex+0x414/0x560
[ 1241.509656][T16984]  should_failslab+0xa8/0x100
[ 1241.509679][T16984]  __kmalloc_noprof+0xcb/0x7f0
[ 1241.509708][T16984]  ? kernfs_fop_write_iter+0x158/0x540
[ 1241.509746][T16984]  kernfs_fop_write_iter+0x158/0x540
[ 1241.509791][T16984]  vfs_write+0x5c9/0xb30
[ 1241.509825][T16984]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[ 1241.509858][T16984]  ? __pfx_vfs_write+0x10/0x10
[ 1241.509898][T16984]  ? __fget_files+0x2a/0x420
[ 1241.509927][T16984]  ksys_write+0x145/0x250
[ 1241.509958][T16984]  ? __pfx_ksys_write+0x10/0x10
[ 1241.509990][T16984]  ? do_syscall_64+0xbe/0xfa0
[ 1241.510022][T16984]  do_syscall_64+0xfa/0xfa0
[ 1241.510064][T16984]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1241.510082][T16984]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1241.510100][T16984]  ? clear_bhb_loop+0x60/0xb0
[ 1241.510123][T16984]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1241.510141][T16984] RIP: 0033:0x7fb91df8eba9
[ 1241.510159][T16984] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1241.510175][T16984] RSP: 002b:00007fb91eed9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1241.510196][T16984] RAX: ffffffffffffffda RBX: 00007fb91e1d5fa0 RCX: 00007fb91df8eba9
[ 1241.510210][T16984] RDX: 0000000000001006 RSI: 0000200000000b80 RDI: 0000000000000003
[ 1241.510222][T16984] RBP: 00007fb91eed9090 R08: 0000000000000000 R09: 0000000000000000
[ 1241.510234][T16984] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1241.510246][T16984] R13: 00007fb91e1d6038 R14: 00007fb91e1d5fa0 R15: 00007ffc545aa428
[ 1241.510278][T16984]  </TASK>
[ 1243.409542][T17006] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1243.420960][T17006] FAT-fs (loop3): unable to read boot sector
[ 1281.552942][T17022] new mount options do not match the existing superblock, will be ignored
[ 1281.627075][   T30] audit: type=1326 audit(1758174602.220:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17009 comm="syz.6.2817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb91df8eba9 code=0x7ffc0000
[ 1281.678735][T17024] lo speed is unknown, defaulting to 1000
[ 1282.023098][T17026] fuse: Unknown parameter 'L'
[ 1282.133146][T17022] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1282.293742][   T30] audit: type=1326 audit(1758174602.220:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17009 comm="syz.6.2817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb91df8eba9 code=0x7ffc0000
[ 1282.412609][T17029] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2818'.
[ 1282.417390][   T30] audit: type=1326 audit(1758174602.220:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17009 comm="syz.6.2817" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fb91df8eba9 code=0x7ffc0000
[ 1283.097142][T17040] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2820'.
[ 1283.400659][T17042] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2821'.
[ 1283.963487][T17046] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1284.019947][T17046] FAT-fs (loop6): unable to read boot sector
[ 1284.797065][T17055] NILFS (loop4): device size too small
[ 1285.053341][T17053] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1285.062850][T17053] FAT-fs (loop3): unable to read boot sector
[ 1285.363679][T17066] FAULT_INJECTION: forcing a failure.
[ 1285.363679][T17066] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1285.432208][T17059] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[ 1285.507665][T17066] CPU: 1 UID: 0 PID: 17066 Comm: syz.5.2829 Not tainted syzkaller #0 PREEMPT(full) 
[ 1285.507694][T17066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1285.507707][T17066] Call Trace:
[ 1285.507716][T17066]  <TASK>
[ 1285.507726][T17066]  dump_stack_lvl+0x189/0x250
[ 1285.507756][T17066]  ? __pfx____ratelimit+0x10/0x10
[ 1285.507784][T17066]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1285.507809][T17066]  ? __pfx__printk+0x10/0x10
[ 1285.507838][T17066]  ? __might_fault+0xb0/0x130
[ 1285.507879][T17066]  should_fail_ex+0x414/0x560
[ 1285.507911][T17066]  _copy_from_user+0x2d/0xb0
[ 1285.507933][T17066]  snd_pcm_oss_write+0x84f/0x1190
[ 1285.507959][T17066]  ? get_pid_task+0x20/0x1f0
[ 1285.508000][T17066]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[ 1285.508028][T17066]  ? bpf_lsm_file_permission+0x9/0x20
[ 1285.508051][T17066]  ? security_file_permission+0x75/0x290
[ 1285.508086][T17066]  ? rw_verify_area+0x255/0x4d0
[ 1285.508112][T17066]  ? __lock_acquire+0xab9/0xd20
[ 1285.508138][T17066]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[ 1285.508165][T17066]  vfs_write+0x27e/0xb30
[ 1285.508204][T17066]  ? __pfx_vfs_write+0x10/0x10
[ 1285.508235][T17066]  ? __fget_files+0x2a/0x420
[ 1285.508258][T17066]  ? __fget_files+0x2a/0x420
[ 1285.508276][T17066]  ? __fget_files+0x3a0/0x420
[ 1285.508294][T17066]  ? __fget_files+0x2a/0x420
[ 1285.508332][T17066]  ksys_write+0x145/0x250
[ 1285.508364][T17066]  ? __pfx_ksys_write+0x10/0x10
[ 1285.508397][T17066]  ? do_syscall_64+0xbe/0xfa0
[ 1285.508432][T17066]  do_syscall_64+0xfa/0xfa0
[ 1285.508459][T17066]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1285.508486][T17066]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1285.508507][T17066]  ? clear_bhb_loop+0x60/0xb0
[ 1285.508533][T17066]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1285.508553][T17066] RIP: 0033:0x7fefa538eba9
[ 1285.508572][T17066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1285.508589][T17066] RSP: 002b:00007fefa62cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1285.508612][T17066] RAX: ffffffffffffffda RBX: 00007fefa55d5fa0 RCX: 00007fefa538eba9
[ 1285.508627][T17066] RDX: 0000000000004000 RSI: 00002000000012c0 RDI: 0000000000000003
[ 1285.508640][T17066] RBP: 00007fefa62cc090 R08: 0000000000000000 R09: 0000000000000000
[ 1285.508653][T17066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1285.508665][T17066] R13: 00007fefa55d6038 R14: 00007fefa55d5fa0 R15: 00007ffd5e353248
[ 1285.508700][T17066]  </TASK>
[ 1286.056639][T17059] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[ 1289.427383][T17089] new mount options do not match the existing superblock, will be ignored
[ 1289.646563][T17090] lo speed is unknown, defaulting to 1000
[ 1289.917961][   T30] audit: type=1326 audit(1758174610.921:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17085 comm="syz.3.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f702578eba9 code=0x7ffc0000
[ 1289.943866][T17087] fuse: Unknown parameter 'L'
[ 1290.019319][   T30] audit: type=1326 audit(1758174610.921:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17085 comm="syz.3.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f702578eba9 code=0x7ffc0000
[ 1290.047334][T17089] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1290.225196][   T30] audit: type=1326 audit(1758174610.932:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17085 comm="syz.3.2834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f702578eba9 code=0x7ffc0000
[ 1290.780058][T17097] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2835'.
[ 1291.646216][T17103] xt_time: invalid argument - start or stop time greater than 23:59:59
[ 1292.396930][T17111] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2838'.
[ 1293.467694][  T875] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[ 1293.813958][  T875] usb 4-1: config 164 has too many interfaces: 252, using maximum allowed: 32
[ 1293.860428][  T875] usb 4-1: config 164 has an invalid descriptor of length 35, skipping remainder of the config
[ 1293.894867][  T875] usb 4-1: config 164 has 0 interfaces, different from the descriptor's value: 252
[ 1293.906400][  T875] usb 4-1: New USB device found, idVendor=0582, idProduct=b9d5, bcdDevice=73.f7
[ 1293.916015][  T875] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1294.215304][   T30] audit: type=1326 audit(1758174616.178:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17123 comm="syz.4.2841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ae58eba9 code=0x7ffc0000
[ 1294.282822][T17133] new mount options do not match the existing superblock, will be ignored
[ 1294.458887][T17134] lo speed is unknown, defaulting to 1000
[ 1294.930537][T17133] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1294.994104][   T30] audit: type=1326 audit(1758174616.178:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17123 comm="syz.4.2841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f50ae58eba9 code=0x7ffc0000
[ 1295.097852][   T30] audit: type=1326 audit(1758174616.189:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17123 comm="syz.4.2841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f50ae58eba9 code=0x7ffc0000
[ 1296.655749][T17143] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[ 1296.665047][T17143] FAT-fs (loop4): unable to read boot sector
[ 1296.999340][  T875] usb 4-1: string descriptor 0 read error: -71
[ 1297.080884][  T875] usb 4-1: USB disconnect, device number 49
[ 1298.724501][T17151] XFS (loop3): Invalid device [./bus], error=-15
[ 1299.268924][T17153] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2846'.
[ 1299.278168][T17153] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2846'.
[ 1300.333686][T17164] netlink: 216 bytes leftover after parsing attributes in process `syz.4.2850'.
[ 1300.620103][T17170] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2852'.
[ 1300.922526][T17167] usb usb8: usbfs: process 17167 (syz.6.2851) did not claim interface 0 before use
[ 1301.112260][T17178] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2853'.
[ 1301.183524][T17180] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1301.193224][T17180] FAT-fs (loop4): unable to read boot sector
[ 1301.272014][ T6023] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[ 1301.601229][ T6023] usb 1-1: too many configurations: 225, using maximum allowed: 8
[ 1301.611305][ T6023] usb 1-1: config 0 has an invalid interface number: 163 but max is 0
[ 1302.188300][ T6023] usb 1-1: config 0 has no interface number 0
[ 1302.286566][ T6023] usb 1-1: config 0 has an invalid interface number: 163 but max is 0
[ 1302.390456][ T6023] usb 1-1: config 0 has no interface number 0
[ 1302.400319][ T6023] usb 1-1: config 0 has an invalid interface number: 163 but max is 0
[ 1302.408818][ T6023] usb 1-1: config 0 has no interface number 0
[ 1302.429669][ T6023] usb 1-1: config 0 has an invalid interface number: 163 but max is 0
[ 1302.443566][ T6023] usb 1-1: config 0 has no interface number 0
[ 1302.452684][ T6023] usb 1-1: config 0 has an invalid interface number: 163 but max is 0
[ 1302.462270][ T6023] usb 1-1: config 0 has no interface number 0
[ 1303.406856][ T6023] usb 1-1: config 0 has an invalid interface number: 163 but max is 0
[ 1303.415104][ T6023] usb 1-1: config 0 has no interface number 0
[ 1303.456032][ T6023] usb 1-1: config 0 has an invalid interface number: 163 but max is 0
[ 1303.471635][ T6023] usb 1-1: config 0 has no interface number 0
[ 1303.488461][ T6023] usb 1-1: config 0 has an invalid interface number: 163 but max is 0
[ 1303.521676][ T6023] usb 1-1: config 0 has no interface number 0
[ 1303.542341][ T6023] usb 1-1: New USB device found, idVendor=0403, idProduct=7aa5, bcdDevice=1a.5d
[ 1303.574199][ T6023] usb 1-1: New USB device strings: Mfr=254, Product=213, SerialNumber=209
[ 1303.582937][ T6023] usb 1-1: Product: syz
[ 1303.601955][ T6023] usb 1-1: Manufacturer: syz
[ 1303.643144][ T6023] usb 1-1: SerialNumber: syz
[ 1303.661237][ T6023] usb 1-1: config 0 descriptor??
[ 1304.024036][T17204] xt_time: invalid argument - start or stop time greater than 23:59:59
[ 1306.123476][ T6023] usb 1-1: USB disconnect, device number 60
[ 1306.381100][T17212] block nbd0: not configured, cannot reconfigure
[ 1306.580764][T17215] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2865'.
[ 1311.238178][T17243] XFS (loop4): Invalid device [./bus], error=-15
[ 1311.281290][T17246] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2873'.
[ 1311.325363][T17246] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2873'.
[ 1311.624678][T17252] I/O error, dev loop4, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[ 1311.682344][T17252] EXT4-fs (loop4): unable to read superblock
[ 1313.142914][T17252] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2875'.
[ 1313.173623][T17271] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2879'.
[ 1313.184260][T17252] netlink: 'syz.4.2875': attribute type 6 has an invalid length.
[ 1313.212061][T17252] netlink: 'syz.4.2875': attribute type 5 has an invalid length.
[ 1313.219885][T17252] netlink: 'syz.4.2875': attribute type 4 has an invalid length.
[ 1314.676005][T17282] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2883'.
[ 1317.384231][T17297] XFS (loop5): Invalid device [./bus], error=-15
[ 1320.520186][T11439] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1320.571969][T11439] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1320.580619][T11439] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1320.590413][T11439] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1320.598811][T11439] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1320.768797][T17320] lo speed is unknown, defaulting to 1000
[ 1321.100487][T17333] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2897'.
[ 1322.522192][T17353] FAULT_INJECTION: forcing a failure.
[ 1322.522192][T17353] name failslab, interval 1, probability 0, space 0, times 0
[ 1322.535640][T17353] CPU: 0 UID: 0 PID: 17353 Comm: syz.5.2899 Not tainted syzkaller #0 PREEMPT(full) 
[ 1322.535667][T17353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1322.535680][T17353] Call Trace:
[ 1322.535689][T17353]  <TASK>
[ 1322.535697][T17353]  dump_stack_lvl+0x189/0x250
[ 1322.535745][T17353]  ? __pfx____ratelimit+0x10/0x10
[ 1322.535773][T17353]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1322.535798][T17353]  ? __pfx__printk+0x10/0x10
[ 1322.535832][T17353]  ? __pfx___might_resched+0x10/0x10
[ 1322.535867][T17353]  should_fail_ex+0x414/0x560
[ 1322.535898][T17353]  should_failslab+0xa8/0x100
[ 1322.535920][T17353]  __kmalloc_noprof+0xcb/0x7f0
[ 1322.535948][T17353]  ? kfree+0x4d/0x6d0
[ 1322.535971][T17353]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1322.536005][T17353]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1322.536033][T17353]  ? tomoyo_domain+0xd9/0x130
[ 1322.536066][T17353]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1322.536088][T17353]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1322.536112][T17353]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1322.536133][T17353]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1322.536178][T17353]  ? hook_file_ioctl+0xec/0x530
[ 1322.536222][T17353]  ? __fget_files+0x2a/0x420
[ 1322.536247][T17353]  ? __fget_files+0x3a0/0x420
[ 1322.536265][T17353]  ? __fget_files+0x2a/0x420
[ 1322.536289][T17353]  security_file_ioctl+0xcb/0x2d0
[ 1322.536312][T17353]  __se_sys_ioctl+0x47/0x170
[ 1322.536340][T17353]  do_syscall_64+0xfa/0xfa0
[ 1322.536370][T17353]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1322.536390][T17353]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1322.536409][T17353]  ? clear_bhb_loop+0x60/0xb0
[ 1322.536434][T17353]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1322.536454][T17353] RIP: 0033:0x7fefa538eba9
[ 1322.536472][T17353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1322.536490][T17353] RSP: 002b:00007fefa628a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1322.536511][T17353] RAX: ffffffffffffffda RBX: 00007fefa55d6180 RCX: 00007fefa538eba9
[ 1322.536526][T17353] RDX: 0000200000000000 RSI: 0000000000008b18 RDI: 0000000000000006
[ 1322.536540][T17353] RBP: 00007fefa628a090 R08: 0000000000000000 R09: 0000000000000000
[ 1322.536553][T17353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1322.536565][T17353] R13: 00007fefa55d6218 R14: 00007fefa55d6180 R15: 00007ffd5e353248
[ 1322.536600][T17353]  </TASK>
[ 1322.536633][T17353] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1322.785086][ T5871] Bluetooth: hci4: command tx timeout
[ 1323.955783][T17320] chnl_net:caif_netlink_parms(): no params data found
[ 1324.811069][T11439] Bluetooth: hci4: command tx timeout
[ 1326.020875][T17320] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1326.059485][T17320] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1326.100582][T17320] bridge_slave_0: entered allmulticast mode
[ 1326.111225][T11521] usb 6-1: new high-speed USB device number 27 using dummy_hcd
[ 1326.148170][T17320] bridge_slave_0: entered promiscuous mode
[ 1326.185418][T17320] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1326.239802][T17320] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1326.249806][T17320] bridge_slave_1: entered allmulticast mode
[ 1326.279319][T17320] bridge_slave_1: entered promiscuous mode
[ 1326.294762][T11521] usb 6-1: Using ep0 maxpacket: 8
[ 1326.306431][T11521] usb 6-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[ 1326.333300][T11521] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1326.371223][T11521] usb 6-1: config 0 descriptor??
[ 1326.403591][T17320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1326.430779][T17320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1326.565837][T17320] team0: Port device team_slave_0 added
[ 1326.592177][T17320] team0: Port device team_slave_1 added
[ 1326.686305][T17320] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1326.693682][T17320] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1326.721442][T11439] Bluetooth: hci4: command tx timeout
[ 1326.727230][T17320] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1326.740812][T17320] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1326.747848][T17320] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1326.774086][T17320] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1328.203191][T11521] prodikeys 0003:041E:2801.000E: item fetching failed at offset 4/5
[ 1328.230353][T17390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1328.251407][T11521] prodikeys 0003:041E:2801.000E: hid parse failed
[ 1328.299454][T17390] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1328.317375][T11521] prodikeys 0003:041E:2801.000E: probe with driver prodikeys failed with error -22
[ 1328.586391][T11521] usb 6-1: USB disconnect, device number 27
[ 1328.655771][T11439] Bluetooth: hci4: command tx timeout
[ 1329.153933][T17320] hsr_slave_0: entered promiscuous mode
[ 1329.214849][T17320] hsr_slave_1: entered promiscuous mode
[ 1329.240528][T17320] debugfs: 'hsr0' already exists in 'hsr'
[ 1329.263999][T17320] Cannot create hsr debugfs directory
[ 1329.662591][T17397] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2911'.
[ 1329.673922][T17397] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2911'.
[ 1331.220734][T17421] sp0: Synchronizing with TNC
[ 1332.442899][T17320] netdevsim netdevsim7 netdevsim0: renamed from eth0
[ 1333.133319][T17320] netdevsim netdevsim7 netdevsim1: renamed from eth1
[ 1333.618105][T17320] netdevsim netdevsim7 netdevsim2: renamed from eth2
[ 1333.661516][T17320] netdevsim netdevsim7 netdevsim3: renamed from eth3
[ 1333.693774][T17441] I/O error, dev loop5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1333.714221][T17441] FAT-fs (loop5): unable to read boot sector
[ 1333.856788][T17425] usb 5-1: new high-speed USB device number 39 using dummy_hcd
[ 1334.190427][T17425] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1334.201896][T17425] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1334.260283][T17425] usb 5-1: Product: syz
[ 1334.283623][T17425] usb 5-1: Manufacturer: syz
[ 1334.300291][T17425] usb 5-1: SerialNumber: syz
[ 1334.340778][T17425] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1334.370125][    T9] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1334.382477][T17320] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1334.418260][T17320] 8021q: adding VLAN 0 to HW filter on device team0
[ 1334.437617][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1334.444794][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1334.643768][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1334.651010][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1334.709836][T17455] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2924'.
[ 1335.717538][    T9] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive
[ 1335.733057][    T9] ath9k_htc: Failed to initialize the device
[ 1335.792322][    T9] usb 5-1: ath9k_htc: USB layer deinitialized
[ 1336.098740][   T30] audit: type=1326 audit(1758174661.122:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17460 comm="syz.5.2926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa538eba9 code=0x7ffc0000
[ 1336.170327][T17467] new mount options do not match the existing superblock, will be ignored
[ 1336.273036][T17463] bridge0: the hash_elasticity option has been deprecated and is always 16
[ 1336.332611][T17469] fuse: Unknown parameter 'L'
[ 1336.486918][T17468] lo speed is unknown, defaulting to 1000
[ 1336.728511][T17467] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1336.748819][   T30] audit: type=1326 audit(1758174661.122:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17460 comm="syz.5.2926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa538eba9 code=0x7ffc0000
[ 1336.762074][  T875] usb 5-1: USB disconnect, device number 39
[ 1336.777291][   T30] audit: type=1326 audit(1758174661.122:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17460 comm="syz.5.2926" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fefa538eba9 code=0x7ffc0000
[ 1337.076964][T17479] vfat: Unknown parameter 'nnonumtail'
[ 1337.858486][T17320] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1337.904163][T17486] FAULT_INJECTION: forcing a failure.
[ 1337.904163][T17486] name failslab, interval 1, probability 0, space 0, times 0
[ 1337.936345][T17486] CPU: 0 UID: 0 PID: 17486 Comm: syz.5.2931 Not tainted syzkaller #0 PREEMPT(full) 
[ 1337.936372][T17486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1337.936384][T17486] Call Trace:
[ 1337.936393][T17486]  <TASK>
[ 1337.936402][T17486]  dump_stack_lvl+0x189/0x250
[ 1337.936432][T17486]  ? __pfx____ratelimit+0x10/0x10
[ 1337.936459][T17486]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1337.936483][T17486]  ? __pfx__printk+0x10/0x10
[ 1337.936518][T17486]  ? __pfx___might_resched+0x10/0x10
[ 1337.936552][T17486]  should_fail_ex+0x414/0x560
[ 1337.936583][T17486]  should_failslab+0xa8/0x100
[ 1337.936606][T17486]  __kmalloc_noprof+0xcb/0x7f0
[ 1337.936649][T17486]  ? snd_pcm_hw_refine+0x967/0x1640
[ 1337.936678][T17486]  snd_pcm_hw_refine+0x967/0x1640
[ 1337.936714][T17486]  ? __pfx_snd_pcm_hw_refine+0x10/0x10
[ 1337.936762][T17486]  ? snd_pcm_hw_param_near+0x7f/0x500
[ 1337.936797][T17486]  ? __kmalloc_cache_noprof+0x3d5/0x6f0
[ 1337.936824][T17486]  ? _snd_pcm_hw_param_set+0x354/0x530
[ 1337.936850][T17486]  ? _snd_pcm_hw_param_min+0x2f5/0x540
[ 1337.936882][T17486]  snd_pcm_hw_param_near+0xfd/0x500
[ 1337.936907][T17486]  ? __asan_memset+0x22/0x50
[ 1337.936941][T17486]  snd_pcm_oss_change_params_locked+0x2135/0x3e40
[ 1337.937003][T17486]  ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10
[ 1337.937030][T17486]  ? aa_file_perm+0x44d/0x1550
[ 1337.937085][T17486]  ? __lock_acquire+0xab9/0xd20
[ 1337.937114][T17486]  ? __pfx_aa_file_perm+0x10/0x10
[ 1337.937143][T17486]  snd_pcm_oss_write+0x2fb/0x1190
[ 1337.937165][T17486]  ? get_pid_task+0x20/0x1f0
[ 1337.937203][T17486]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[ 1337.937228][T17486]  ? bpf_lsm_file_permission+0x9/0x20
[ 1337.937249][T17486]  ? security_file_permission+0x75/0x290
[ 1337.937281][T17486]  ? rw_verify_area+0x255/0x4d0
[ 1337.937305][T17486]  ? __lock_acquire+0xab9/0xd20
[ 1337.937328][T17486]  ? __pfx_snd_pcm_oss_write+0x10/0x10
[ 1337.937353][T17486]  vfs_write+0x27e/0xb30
[ 1337.937388][T17486]  ? __pfx_vfs_write+0x10/0x10
[ 1337.937417][T17486]  ? __fget_files+0x2a/0x420
[ 1337.937438][T17486]  ? __fget_files+0x2a/0x420
[ 1337.937454][T17486]  ? __fget_files+0x3a0/0x420
[ 1337.937472][T17486]  ? __fget_files+0x2a/0x420
[ 1337.937498][T17486]  ksys_write+0x145/0x250
[ 1337.937527][T17486]  ? __pfx_ksys_write+0x10/0x10
[ 1337.937557][T17486]  ? do_syscall_64+0xbe/0xfa0
[ 1337.937587][T17486]  do_syscall_64+0xfa/0xfa0
[ 1337.937612][T17486]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1337.937646][T17486]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1337.937665][T17486]  ? clear_bhb_loop+0x60/0xb0
[ 1337.937689][T17486]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1337.937707][T17486] RIP: 0033:0x7fefa538eba9
[ 1337.937724][T17486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1337.937741][T17486] RSP: 002b:00007fefa62cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1337.937761][T17486] RAX: ffffffffffffffda RBX: 00007fefa55d5fa0 RCX: 00007fefa538eba9
[ 1337.937776][T17486] RDX: 0000000000000001 RSI: 0000200000002200 RDI: 0000000000000003
[ 1337.937788][T17486] RBP: 00007fefa62cc090 R08: 0000000000000000 R09: 0000000000000000
[ 1337.937800][T17486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1337.937812][T17486] R13: 00007fefa55d6038 R14: 00007fefa55d5fa0 R15: 00007ffd5e353248
[ 1337.937844][T17486]  </TASK>
[ 1338.322809][ T5954] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[ 1338.486745][ T5954] usb 1-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config
[ 1338.502965][ T5954] usb 1-1: config 168 has 0 interfaces, different from the descriptor's value: 1
[ 1338.517674][ T5954] usb 1-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00
[ 1338.526930][ T5981] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[ 1338.544215][ T5954] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1338.630651][T17320] veth0_vlan: entered promiscuous mode
[ 1338.650132][T17320] veth1_vlan: entered promiscuous mode
[ 1338.657091][ T5981] usb 4-1: device descriptor read/64, error -71
[ 1338.753279][T17320] veth0_macvtap: entered promiscuous mode
[ 1338.770500][T17320] veth1_macvtap: entered promiscuous mode
[ 1338.802017][T17320] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1338.817189][T17320] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1338.889912][ T5981] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[ 1338.958416][ T5954] usb 1-1: string descriptor 0 read error: -71
[ 1338.967037][ T5954] usb 1-1: USB disconnect, device number 61
[ 1339.020533][ T5981] usb 4-1: device descriptor read/64, error -71
[ 1339.049379][T11606] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1339.070711][T11606] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1339.097865][ T7367] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1339.124218][ T5981] usb usb4-port1: attempt power cycle
[ 1339.144926][ T7367] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1339.156928][T11606] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1339.166861][ T7367] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1339.171928][T11606] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1339.178542][ T7367] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1339.192120][T17501] netlink: 'syz.5.2934': attribute type 14 has an invalid length.
[ 1339.250792][T17503] netlink: 'syz.5.2934': attribute type 1 has an invalid length.
[ 1339.259551][T17503] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2934'.
[ 1339.458361][ T5981] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[ 1339.487874][ T5981] usb 4-1: device descriptor read/8, error -71
[ 1339.729930][ T5981] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[ 1339.788494][ T5981] usb 4-1: device descriptor read/8, error -71
[ 1339.904633][ T5981] usb usb4-port1: unable to enumerate USB device
[ 1342.025819][   T30] audit: type=1326 audit(1758174667.474:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17527 comm="syz.3.2941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f702578eba9 code=0x7ffc0000
[ 1342.098299][T17533] new mount options do not match the existing superblock, will be ignored
[ 1342.314721][T17534] lo speed is unknown, defaulting to 1000
[ 1342.552966][T17530] fuse: Unknown parameter 'L'
[ 1342.576366][   T30] audit: type=1326 audit(1758174667.474:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17527 comm="syz.3.2941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f702578eba9 code=0x7ffc0000
[ 1342.600706][   T30] audit: type=1326 audit(1758174667.484:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17527 comm="syz.3.2941" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f702578eba9 code=0x7ffc0000
[ 1342.660067][T17533] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1343.154363][   T36] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1343.170103][   T36] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1343.403313][T17544] I/O error, dev loop5, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[ 1343.419733][T17544] MINIX-fs: unable to read superblock
[ 1343.598500][   T36] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1343.632505][   T36] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1343.657649][T17539] program syz.5.2944 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1344.193580][ T5871] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1344.217772][ T5871] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1344.229610][ T5871] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1344.248408][ T5871] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1344.266808][ T5871] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1344.381673][   T36] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1344.407621][ T5954] usb 4-1: new high-speed USB device number 54 using dummy_hcd
[ 1344.435411][   T36] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1344.610242][ T5954] usb 4-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1344.626034][T17555] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2948'.
[ 1344.650942][ T5954] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1344.668223][ T5954] usb 4-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1344.684871][ T5954] usb 4-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1344.694850][ T5954] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1344.839019][T17548] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[ 1345.201167][   T36] netdevsim netdevsim6 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1345.212596][   T36] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1345.233503][T17564] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2950'.
[ 1345.241790][T17549] lo speed is unknown, defaulting to 1000
[ 1346.178599][T11439] Bluetooth: hci2: command tx timeout
[ 1346.525380][   T30] audit: type=1326 audit(1758174672.302:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17571 comm="syz.7.2954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ebdb8eba9 code=0x7ffc0000
[ 1346.616180][T17578] new mount options do not match the existing superblock, will be ignored
[ 1346.828855][T17578] lo speed is unknown, defaulting to 1000
[ 1347.026675][T17575] fuse: Unknown parameter 'L'
[ 1347.045225][   T30] audit: type=1326 audit(1758174672.302:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17571 comm="syz.7.2954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1ebdb8eba9 code=0x7ffc0000
[ 1347.087516][   T30] audit: type=1326 audit(1758174672.302:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17571 comm="syz.7.2954" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f1ebdb8eba9 code=0x7ffc0000
[ 1347.327845][ T5954] aiptek 4-1:17.0: Aiptek using 400 ms programming speed
[ 1347.357841][ T5954] input: Aiptek as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.0/input/input45
[ 1347.657245][ T5954] usb 4-1: USB disconnect, device number 54
[ 1347.663347][    C1] aiptek 4-1:17.0: aiptek_irq - usb_submit_urb failed with result -19
acpid: input device has been disconnected, fd 10
[ 1348.117794][T11439] Bluetooth: hci2: command tx timeout
[ 1350.080549][T11439] Bluetooth: hci2: command tx timeout
[ 1351.497796][   T30] audit: type=1326 audit(1758174677.645:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17618 comm="syz.3.2965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f702578eba9 code=0x7ffc0000
[ 1351.550115][T17624] new mount options do not match the existing superblock, will be ignored
[ 1351.648786][T17626] fuse: Unknown parameter 'L'
[ 1351.817306][   T30] audit: type=1326 audit(1758174677.645:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17618 comm="syz.3.2965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f702578eba9 code=0x7ffc0000
[ 1351.840869][   T30] audit: type=1326 audit(1758174677.645:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17618 comm="syz.3.2965" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f702578eba9 code=0x7ffc0000
[ 1351.863210][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1352.069366][T11439] Bluetooth: hci2: command tx timeout
[ 1352.111533][T17632] netlink: 24 bytes leftover after parsing attributes in process `syz.5.2967'.
[ 1352.153454][T17628] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2966'.
[ 1352.424664][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1352.571487][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1352.696124][   T36] bond0 (unregistering): Released all slaves
[ 1352.988845][T17624] lo speed is unknown, defaulting to 1000
[ 1353.396292][T17549] chnl_net:caif_netlink_parms(): no params data found
[ 1353.420084][T17642] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2969'.
[ 1354.298090][T17650] program syz.0.2971 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1354.529263][T17549] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1354.539702][T17549] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1354.550874][T17549] bridge_slave_0: entered allmulticast mode
[ 1354.561879][T17549] bridge_slave_0: entered promiscuous mode
[ 1354.593750][   T36] hsr_slave_0: left promiscuous mode
[ 1354.600171][   T36] hsr_slave_1: left promiscuous mode
[ 1354.606471][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1354.614081][   T36] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1354.674853][   T36] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1354.682605][   T36] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1354.714594][   T36] veth1_macvtap: left promiscuous mode
[ 1354.720433][   T36] veth0_macvtap: left promiscuous mode
[ 1354.726227][   T36] veth1_vlan: left promiscuous mode
[ 1354.732582][   T36] veth0_vlan: left promiscuous mode
[ 1355.149729][T17661] xt_time: invalid argument - start or stop time greater than 23:59:59
[ 1356.953030][    T9] usb 1-1: new full-speed USB device number 62 using dummy_hcd
[ 1357.076940][ T5981] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[ 1357.152701][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1357.178532][    T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1357.202579][    T9] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[ 1357.221452][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1357.245129][    T9] usb 1-1: config 0 descriptor??
[ 1357.265655][    T9] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[ 1357.283160][ T5981] usb 6-1: Using ep0 maxpacket: 16
[ 1357.290865][    T9] dvb-usb: bulk message failed: -22 (3/0)
[ 1357.308855][ T5981] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1357.316274][    T9] dvb-usb: will use the device's hardware PID filter (table count: 16).
[ 1357.342615][ T5981] usb 6-1: New USB device found, idVendor=05ac, idProduct=0231, bcdDevice= 0.40
[ 1357.352047][ T5981] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1357.355851][    T9] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[ 1357.361941][ T5981] usb 6-1: Product: syz
[ 1357.389017][    T9] usb 1-1: media controller created
[ 1357.392924][ T5981] usb 6-1: Manufacturer: syz
[ 1357.403984][ T5981] usb 6-1: SerialNumber: syz
[ 1357.409669][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1357.431531][ T5981] input: bcm5974 as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/input/input48
[ 1357.445053][    T9] dvb-usb: bulk message failed: -22 (6/0)
[ 1357.461007][    T9] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[ 1357.511268][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input49
[ 1357.551814][    T9] dvb-usb: schedule remote query interval to 150 msecs.
[ 1357.562389][   T36] team0 (unregistering): Port device team_slave_1 removed
[ 1357.567249][    T9] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[ 1357.590217][    T9] usb 1-1: USB disconnect, device number 62
[ 1357.624806][   T36] team0 (unregistering): Port device team_slave_0 removed
[ 1357.638386][    T9] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[ 1357.647081][ T5217] bcm5974 6-1:1.0: could not read from device
[ 1357.655302][ T5981] usb 6-1: USB disconnect, device number 28
[ 1357.673687][ T5217] bcm5974 6-1:1.0: could not read from device
[ 1358.063188][T17549] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1358.070571][T17549] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1358.077679][T17549] bridge_slave_1: entered allmulticast mode
[ 1358.085085][T17549] bridge_slave_1: entered promiscuous mode
[ 1358.092725][T17684] mac80211_hwsim hwsim5 syzkaller0: entered promiscuous mode
[ 1358.193597][T17549] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1358.216301][T17549] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1359.279751][T17549] team0: Port device team_slave_0 added
[ 1359.302465][T17549] team0: Port device team_slave_1 added
[ 1360.263692][T17711] new mount options do not match the existing superblock, will be ignored
[ 1360.376660][T17712] fuse: Unknown parameter 'L'
[ 1360.635245][   T30] audit: type=1326 audit(1758174686.142:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17697 comm="syz.5.2986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa538eba9 code=0x7ffc0000
[ 1360.784204][   T30] audit: type=1326 audit(1758174686.142:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17697 comm="syz.5.2986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefa538eba9 code=0x7ffc0000
[ 1360.807124][T17549] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1360.869406][T17549] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1360.947153][   T30] audit: type=1326 audit(1758174686.142:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17697 comm="syz.5.2986" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fefa538eba9 code=0x7ffc0000
[ 1360.969624][T17549] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1361.053013][T17711] lo speed is unknown, defaulting to 1000
[ 1361.142854][T17549] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1361.164166][T17549] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1361.645892][T17549] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1361.692450][T17723] mac80211_hwsim hwsim10 wlan0: entered promiscuous mode
[ 1361.998596][   T36] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1362.009586][   T36] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1362.751827][T17549] hsr_slave_0: entered promiscuous mode
[ 1362.762893][T17549] hsr_slave_1: entered promiscuous mode
[ 1362.769275][T17549] debugfs: 'hsr0' already exists in 'hsr'
[ 1362.775794][T17549] Cannot create hsr debugfs directory
[ 1362.951448][   T36] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1362.962464][   T36] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1363.003452][T17729] binder: BINDER_SET_CONTEXT_MGR bad uid 60929 != 0
[ 1363.011532][T17731] FAULT_INJECTION: forcing a failure.
[ 1363.011532][T17731] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1363.028775][T17729] binder: 17728:17729 ioctl 4018620d 200000000040 returned -1
[ 1363.029476][T17731] CPU: 1 UID: 0 PID: 17731 Comm: syz.0.2994 Not tainted syzkaller #0 PREEMPT(full) 
[ 1363.029501][T17731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1363.029515][T17731] Call Trace:
[ 1363.029523][T17731]  <TASK>
[ 1363.029534][T17731]  dump_stack_lvl+0x189/0x250
[ 1363.029562][T17731]  ? __pfx____ratelimit+0x10/0x10
[ 1363.029609][T17731]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1363.029634][T17731]  ? __pfx__printk+0x10/0x10
[ 1363.029665][T17731]  ? __might_fault+0xb0/0x130
[ 1363.029706][T17731]  should_fail_ex+0x414/0x560
[ 1363.029738][T17731]  _copy_from_iter+0x1de/0x1790
[ 1363.029774][T17731]  ? rcu_is_watching+0x15/0xb0
[ 1363.029811][T17731]  ? kmalloc_reserve+0xbd/0x290
[ 1363.029843][T17731]  ? __pfx__copy_from_iter+0x10/0x10
[ 1363.029876][T17731]  ? __build_skb_around+0x262/0x3f0
[ 1363.029911][T17731]  ? netlink_sendmsg+0x642/0xb30
[ 1363.029941][T17731]  ? skb_put+0x11b/0x210
[ 1363.029965][T17731]  netlink_sendmsg+0x6b2/0xb30
[ 1363.030006][T17731]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1363.030041][T17731]  ? aa_sock_msg_perm+0xf1/0x1d0
[ 1363.030069][T17731]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[ 1363.030091][T17731]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1363.030124][T17731]  __sock_sendmsg+0x21c/0x270
[ 1363.030155][T17731]  ____sys_sendmsg+0x52d/0x830
[ 1363.030183][T17731]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1363.030215][T17731]  ? import_iovec+0x74/0xa0
[ 1363.030240][T17731]  ___sys_sendmsg+0x21f/0x2a0
[ 1363.030264][T17731]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1363.030343][T17731]  ? __might_fault+0xb0/0x130
[ 1363.030379][T17731]  __sys_sendmmsg+0x227/0x430
[ 1363.030408][T17731]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1363.030440][T17731]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1363.030490][T17731]  ? ksys_write+0x22a/0x250
[ 1363.030523][T17731]  ? __pfx_ksys_write+0x10/0x10
[ 1363.030558][T17731]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1363.030583][T17731]  do_syscall_64+0xfa/0xfa0
[ 1363.030611][T17731]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1363.030639][T17731]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1363.030661][T17731]  ? clear_bhb_loop+0x60/0xb0
[ 1363.030687][T17731]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1363.030708][T17731] RIP: 0033:0x7fdc9bb8eba9
[ 1363.030728][T17731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1363.030747][T17731] RSP: 002b:00007fdc9ca37038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1363.030769][T17731] RAX: ffffffffffffffda RBX: 00007fdc9bdd5fa0 RCX: 00007fdc9bb8eba9
[ 1363.030784][T17731] RDX: 04000000000001f2 RSI: 0000200000000000 RDI: 0000000000000003
[ 1363.030799][T17731] RBP: 00007fdc9ca37090 R08: 0000000000000000 R09: 0000000000000000
[ 1363.030813][T17731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1363.030825][T17731] R13: 00007fdc9bdd6038 R14: 00007fdc9bdd5fa0 R15: 00007ffc124f30f8
[ 1363.030859][T17731]  </TASK>
[ 1363.378558][   T36] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1363.389159][   T36] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1363.546432][T17735] I/O error, dev loop5, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2
[ 1363.559685][T17735] EXT4-fs (loop5): unable to read superblock
[ 1363.596671][   T36] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1363.607189][   T36] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1364.440484][  T875] usb 6-1: new high-speed USB device number 29 using dummy_hcd
[ 1364.625474][  T875] usb 6-1: Using ep0 maxpacket: 32
[ 1364.634783][  T875] usb 6-1: config index 0 descriptor too short (expected 50757, got 91)
[ 1364.662635][  T875] usb 6-1: config 20 has too many interfaces: 194, using maximum allowed: 32
[ 1364.680667][  T875] usb 6-1: config 20 has an invalid descriptor of length 15, skipping remainder of the config
[ 1364.707966][  T875] usb 6-1: config 20 has 0 interfaces, different from the descriptor's value: 194
[ 1364.720464][  T875] usb 6-1: New USB device found, idVendor=046d, idProduct=08f0, bcdDevice=5e.1b
[ 1364.729736][  T875] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1364.745891][  T875] usb 6-1: Product: syz
[ 1364.777884][  T875] usb 6-1: Manufacturer: syz
[ 1364.809230][  T875] usb 6-1: SerialNumber: syz
[ 1367.589397][T17762] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant.
[ 1367.589397][T17762] The task syz.7.3002 (17762) triggered the difference, watch for misbehavior.
[ 1368.500223][   T36] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1368.512615][   T36] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1368.524953][   T36] bond0 (unregistering): (slave wlan1): Releasing backup interface
[ 1368.551582][   T36] bond0 (unregistering): Released all slaves
[ 1368.746671][  T875] usb 6-1: USB disconnect, device number 29
[ 1368.864042][T17778] tipc: New replicast peer: 255.255.255.255
[ 1368.872392][T17778] tipc: Enabled bearer <udp:syz2>, priority 10
[ 1369.512335][   T36] tipc: Left network mode
[ 1369.993813][   T30] audit: type=1326 audit(1758174695.338:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17784 comm="syz.0.3006" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdc9bb8eba9 code=0x0
[ 1370.073125][   T36] ------------[ cut here ]------------
[ 1370.079432][   T36] wlan1: Failed check-sdata-in-driver check, flags: 0x0
[ 1370.092525][   T36] WARNING: net/mac80211/driver-ops.c:366 at drv_unassign_vif_chanctx+0x50b/0x7e0, CPU#1: kworker/u8:2/36
[ 1370.103893][   T36] Modules linked in:
[ 1370.108760][   T36] CPU: 1 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) 
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1370.118310][   T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1370.128656][   T36] Workqueue: netns cleanup_net
[ 1370.135567][   T36] RIP: 0010:drv_unassign_vif_chanctx+0x50b/0x7e0
[ 1370.142370][   T36] Code: 8d 8d b8 09 00 00 48 85 c0 48 0f 44 f1 43 0f b6 04 3e 84 c0 0f 85 6b 02 00 00 8b 55 00 48 c7 c7 40 66 d0 8c e8 76 68 91 f6 90 <0f> 0b 90 90 e9 ee fc ff ff e8 57 fa cd f6 90 0f 0b 90 42 80 7c 3d
[ 1370.162446][   T36] RSP: 0018:ffffc90000ac7220 EFLAGS: 00010246
[ 1370.168890][   T36] RAX: 18e1d218a3036500 RBX: 0000000000000000 RCX: ffff888140ad1e40
[ 1370.177245][   T36] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[ 1370.186495][   T36] RBP: ffff8880585dd728 R08: 0000000000000003 R09: 0000000000000004
[ 1370.194814][   T36] R10: dffffc0000000000 R11: fffffbfff1c3a668 R12: ffff8880585de9d8
[ 1370.203569][   T36] R13: ffff8880585dcd80 R14: 1ffff1100b0bbae5 R15: dffffc0000000000
[ 1370.212356][   T36] FS:  0000000000000000(0000) GS:ffff888125ae1000(0000) knlGS:0000000000000000
[ 1370.221552][   T36] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1370.228404][   T36] CR2: 00002000000cb030 CR3: 00000000673f0000 CR4: 00000000003526f0
[ 1370.236645][   T36] Call Trace:
[ 1370.240134][   T36]  <TASK>
[ 1370.243272][   T36]  ieee80211_assign_link_chanctx+0x1ec/0xd70
[ 1370.249584][   T36]  __ieee80211_link_release_channel+0x33b/0x4a0
[ 1370.256182][   T36]  ? __pfx_ieee80211_uninit+0x10/0x10
[ 1370.261874][   T36]  unregister_netdevice_many_notify+0x1953/0x1ff0
[ 1370.268678][   T36]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 1370.275683][   T36]  ? __pfx_call_rcu+0x10/0x10
[ 1370.280594][   T36]  unregister_netdevice_queue+0x33c/0x380
[ 1370.286580][   T36]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 1370.293183][   T36]  _cfg80211_unregister_wdev+0x165/0x590
[ 1370.299101][   T36]  ieee80211_remove_interfaces+0x49a/0x6e0
[ 1370.305409][   T36]  ? __pfx_synchronize_rcu+0x10/0x10
[ 1370.311176][   T36]  ? __pfx_ieee80211_remove_interfaces+0x10/0x10
[ 1370.317587][   T36]  ? rcu_is_watching+0x15/0xb0
[ 1370.322429][   T36]  ieee80211_unregister_hw+0x5d/0x2c0
[ 1370.327830][   T36]  mac80211_hwsim_del_radio+0x275/0x460
[ 1370.333431][   T36]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[ 1370.339533][   T36]  hwsim_exit_net+0xef4/0xfb0
[ 1370.344272][   T36]  ? hwsim_exit_net+0x333/0xfb0
[ 1370.349154][   T36]  ? __pfx_hwsim_exit_net+0x10/0x10
[ 1370.354423][   T36]  ? __ip_vs_dev_cleanup_batch+0x238/0x260
[ 1370.360279][   T36]  ops_undo_list+0x49a/0x990
[ 1370.364999][   T36]  ? __pfx_ops_undo_list+0x10/0x10
[ 1370.370146][   T36]  ? do_raw_spin_unlock+0x122/0x240
[ 1370.375453][   T36]  cleanup_net+0x4d8/0x810
[ 1370.379903][   T36]  ? __pfx_cleanup_net+0x10/0x10
[ 1370.384938][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1370.390181][   T36]  ? process_scheduled_works+0x9ef/0x17b0
[ 1370.396048][   T36]  ? process_scheduled_works+0x9ef/0x17b0
[ 1370.401804][   T36]  process_scheduled_works+0xae1/0x17b0
[ 1370.407996][   T36]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1370.414529][   T36]  worker_thread+0x8a0/0xda0
[ 1370.419239][   T36]  kthread+0x711/0x8a0
[ 1370.423341][   T36]  ? __pfx_worker_thread+0x10/0x10
[ 1370.428535][   T36]  ? __pfx_kthread+0x10/0x10
[ 1370.433154][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1370.438405][   T36]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1370.443631][   T36]  ? __pfx_kthread+0x10/0x10
[ 1370.448525][   T36]  ret_from_fork+0x4bc/0x870
[ 1370.453166][   T36]  ? __pfx_ret_from_fork+0x10/0x10
[ 1370.458327][   T36]  ? __switch_to_asm+0x39/0x70
[ 1370.463165][   T36]  ? __switch_to_asm+0x33/0x70
[ 1370.467960][   T36]  ? __pfx_kthread+0x10/0x10
[ 1370.472930][   T36]  ret_from_fork_asm+0x1a/0x30
[ 1370.477751][   T36]  </TASK>
[ 1370.480860][   T36] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1370.488143][   T36] CPU: 1 UID: 0 PID: 36 Comm: kworker/u8:2 Not tainted syzkaller #0 PREEMPT(full) 
[ 1370.497424][   T36] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025
[ 1370.507469][   T36] Workqueue: netns cleanup_net
[ 1370.512237][   T36] Call Trace:
[ 1370.515512][   T36]  <TASK>
[ 1370.518449][   T36]  dump_stack_lvl+0x99/0x250
[ 1370.523042][   T36]  ? __asan_memcpy+0x40/0x70
[ 1370.527651][   T36]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1370.532848][   T36]  ? __pfx__printk+0x10/0x10
[ 1370.537450][   T36]  vpanic+0x237/0x6d0
[ 1370.541434][   T36]  ? __pfx_vpanic+0x10/0x10
[ 1370.545929][   T36]  ? is_bpf_text_address+0x292/0x2b0
[ 1370.551217][   T36]  ? is_bpf_text_address+0x26/0x2b0
[ 1370.556434][   T36]  panic+0xb9/0xc0
[ 1370.560153][   T36]  ? __pfx_panic+0x10/0x10
[ 1370.564578][   T36]  __warn+0x334/0x4c0
[ 1370.568585][   T36]  ? drv_unassign_vif_chanctx+0x50b/0x7e0
[ 1370.574328][   T36]  ? drv_unassign_vif_chanctx+0x50b/0x7e0
[ 1370.580065][   T36]  report_bug+0x2be/0x4f0
[ 1370.584390][   T36]  ? drv_unassign_vif_chanctx+0x50b/0x7e0
[ 1370.590106][   T36]  ? drv_unassign_vif_chanctx+0x50b/0x7e0
[ 1370.595824][   T36]  ? drv_unassign_vif_chanctx+0x50d/0x7e0
[ 1370.601565][   T36]  handle_bug+0x84/0x160
[ 1370.605807][   T36]  exc_invalid_op+0x1a/0x50
[ 1370.610304][   T36]  asm_exc_invalid_op+0x1a/0x20
[ 1370.615147][   T36] RIP: 0010:drv_unassign_vif_chanctx+0x50b/0x7e0
[ 1370.621485][   T36] Code: 8d 8d b8 09 00 00 48 85 c0 48 0f 44 f1 43 0f b6 04 3e 84 c0 0f 85 6b 02 00 00 8b 55 00 48 c7 c7 40 66 d0 8c e8 76 68 91 f6 90 <0f> 0b 90 90 e9 ee fc ff ff e8 57 fa cd f6 90 0f 0b 90 42 80 7c 3d
[ 1370.641091][   T36] RSP: 0018:ffffc90000ac7220 EFLAGS: 00010246
[ 1370.647169][   T36] RAX: 18e1d218a3036500 RBX: 0000000000000000 RCX: ffff888140ad1e40
[ 1370.655138][   T36] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[ 1370.663107][   T36] RBP: ffff8880585dd728 R08: 0000000000000003 R09: 0000000000000004
[ 1370.671075][   T36] R10: dffffc0000000000 R11: fffffbfff1c3a668 R12: ffff8880585de9d8
[ 1370.679046][   T36] R13: ffff8880585dcd80 R14: 1ffff1100b0bbae5 R15: dffffc0000000000
[ 1370.687042][   T36]  ieee80211_assign_link_chanctx+0x1ec/0xd70
[ 1370.693046][   T36]  __ieee80211_link_release_channel+0x33b/0x4a0
[ 1370.699296][   T36]  ? __pfx_ieee80211_uninit+0x10/0x10
[ 1370.704673][   T36]  unregister_netdevice_many_notify+0x1953/0x1ff0
[ 1370.711192][   T36]  ? __pfx_unregister_netdevice_many_notify+0x10/0x10
[ 1370.717962][   T36]  ? __pfx_call_rcu+0x10/0x10
[ 1370.722650][   T36]  unregister_netdevice_queue+0x33c/0x380
[ 1370.728394][   T36]  ? __pfx_unregister_netdevice_queue+0x10/0x10
[ 1370.734656][   T36]  _cfg80211_unregister_wdev+0x165/0x590
[ 1370.740298][   T36]  ieee80211_remove_interfaces+0x49a/0x6e0
[ 1370.746108][   T36]  ? __pfx_synchronize_rcu+0x10/0x10
[ 1370.751392][   T36]  ? __pfx_ieee80211_remove_interfaces+0x10/0x10
[ 1370.757726][   T36]  ? rcu_is_watching+0x15/0xb0
[ 1370.762502][   T36]  ieee80211_unregister_hw+0x5d/0x2c0
[ 1370.767874][   T36]  mac80211_hwsim_del_radio+0x275/0x460
[ 1370.773418][   T36]  ? __pfx_mac80211_hwsim_del_radio+0x10/0x10
[ 1370.779494][   T36]  hwsim_exit_net+0xef4/0xfb0
[ 1370.784173][   T36]  ? hwsim_exit_net+0x333/0xfb0
[ 1370.789031][   T36]  ? __pfx_hwsim_exit_net+0x10/0x10
[ 1370.794244][   T36]  ? __ip_vs_dev_cleanup_batch+0x238/0x260
[ 1370.800054][   T36]  ops_undo_list+0x49a/0x990
[ 1370.804649][   T36]  ? __pfx_ops_undo_list+0x10/0x10
[ 1370.809764][   T36]  ? do_raw_spin_unlock+0x122/0x240
[ 1370.814983][   T36]  cleanup_net+0x4d8/0x810
[ 1370.819412][   T36]  ? __pfx_cleanup_net+0x10/0x10
[ 1370.824353][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1370.829565][   T36]  ? process_scheduled_works+0x9ef/0x17b0
[ 1370.835288][   T36]  ? process_scheduled_works+0x9ef/0x17b0
[ 1370.841031][   T36]  process_scheduled_works+0xae1/0x17b0
[ 1370.846614][   T36]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1370.852619][   T36]  worker_thread+0x8a0/0xda0
[ 1370.857236][   T36]  kthread+0x711/0x8a0
[ 1370.861304][   T36]  ? __pfx_worker_thread+0x10/0x10
[ 1370.866441][   T36]  ? __pfx_kthread+0x10/0x10
[ 1370.871033][   T36]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1370.876231][   T36]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1370.881433][   T36]  ? __pfx_kthread+0x10/0x10
[ 1370.886021][   T36]  ret_from_fork+0x4bc/0x870
[ 1370.890615][   T36]  ? __pfx_ret_from_fork+0x10/0x10
[ 1370.895731][   T36]  ? __switch_to_asm+0x39/0x70
[ 1370.900491][   T36]  ? __switch_to_asm+0x33/0x70
[ 1370.905249][   T36]  ? __pfx_kthread+0x10/0x10
[ 1370.909833][   T36]  ret_from_fork_asm+0x1a/0x30
[ 1370.914608][   T36]  </TASK>
[ 1370.917951][   T36] Kernel Offset: disabled
[ 1370.922289][   T36] Rebooting in 86400 seconds..