last executing test programs:

31m2.106461454s ago: executing program 2 (id=216):
r0 = socket$kcm(0xf, 0x3, 0x2)
sendmsg$inet(r0, 0x0, 0x400c010)

31m1.922770246s ago: executing program 2 (id=217):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000c07850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000001140)='ext4_allocate_inode\x00', r0}, 0x10)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="09000000040000000110000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r3 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000400)='ext4_allocate_inode\x00', r2}, 0x10)
close(0x4)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
close(r3)

31m1.581215733s ago: executing program 2 (id=221):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00'}, 0x10)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r0, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/96, 0x2329000, 0x1800}, 0x20)
mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x200000006c832, 0xffffffffffffffff, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r1, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000140)=0x2, 0x4)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(r1, &(0x7f00000004c0)="3ce2de4d8d957a8de4e490b6cd03b988d4edef164bd3377aa381b5f50b7ca414516489f78cd7208982e9bde22b2b7c1c7606d565477f3db9d2b077283644c0f27ab52a863a42863e06944e40a0b3c5d21c8cbe102e7f726263f28aef1bc12a069063d4c30e8f329fdb36859be727fbef4314161e5fb5f01ae00a2634d5cdecca2089c62e32f4c919886b2b88d237e287318739bec0364caf15889f38a312ef6621c0f21709a4bf2b16274cf933f6ad8fcc9c2024bc1b4713f650e860f93ae93b2361956b3e80c38c5fd29b5c1b5d7ce67edc856a8dc0ba54cee53de9a48c131389426bd06ec7c695add357934fc0321f0d3d7982e4fe5a0039decc491a663afd02facb08dd9695f854c7b031d9af8bd7350897996b5208b23030cc0feb84570730eaf24b9f2ac05d0feb3be07a29f887095f36f3c8f0e77e45509acd14a5be4a1572dd4cd1231087b830fa03e071571d4abd694710ef140469cf6df8a59839aafe046a5bffb97e5247be901789eafd726ba090337a2c49207e6b900c7e982472e6aac70e5d52ca2c1bab47b1f6d00f9601e2281686c21f770ae96e0ffec4b30496d012fa00958f794cdbd721bd155cae87", 0x109e8, 0x805, 0x0, 0x6)
recvmmsg(r1, &(0x7f00000031c0)=[{{0x0, 0x0, &(0x7f0000000a40)=[{&(0x7f00000008c0)=""/135, 0x87}], 0x1}}, {{0x0, 0x0, &(0x7f0000000d00)=[{&(0x7f0000000980)=""/146, 0x92}, {&(0x7f0000000080)=""/43, 0x2b}, {&(0x7f0000000a80)=""/242, 0xf2}, {&(0x7f0000000b80)=""/143, 0x8f}], 0x4}, 0x2}], 0x400000000000300, 0x22, 0x0)

31m0.547232712s ago: executing program 2 (id=230):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000580)={0x28, r0, 0x801, 0x0, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_IDX={0x5, 0x2, 0x4}]}]}, 0x28}}, 0x0)

31m0.265451566s ago: executing program 2 (id=235):
r0 = socket(0x40000000015, 0x5, 0x0)
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x30, 0x0, 0x0, 0x8000}]}, 0x10)
sendmmsg$inet(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000400)="2cc0a469", 0x4}], 0x1}}], 0x1, 0x14)

30m59.989667365s ago: executing program 2 (id=239):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)

30m44.414961633s ago: executing program 32 (id=239):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4c000000020681010000000000000000000000000500050002000000050001000700000005000400030000000900020073797a310000000011000300686173683a6e65742c6e6574"], 0x4c}, 0x1, 0x0, 0x0, 0x4040000}, 0x800)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x50, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @rand_addr=0x64010101}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)

14m1.14824648s ago: executing program 5 (id=3932):
syz_init_net_socket$rose(0xb, 0x5, 0x0)
syz_open_dev$vim2m(0x0, 0x801, 0x2)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="020000000400000008001200000000000000000012a4ace8301bfe4aa35ee8752a82babfc5b756c1a90ffa00ca7d2fb4da98", @ANYRES32=0x1, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000169b2a5d6192000f00"/34], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r5, &(0x7f00000012c0), 0x10)
sendmsg$can_bcm(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000500)=ANY=[@ANYBLOB="050000000300000000a9de51", @ANYRES64=0x0, @ANYBLOB="0000000001"], 0x48}}, 0x0)
ioctl$SIOCGSTAMPNS(r5, 0x8907, 0x0)
recvmmsg(r5, &(0x7f0000004900)=[{{0x0, 0x0, 0x0}, 0xfb}], 0x1, 0x0, 0x0)
r6 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000040), 0x2, 0x0)
write$cgroup_subtree(r6, &(0x7f00000005c0)=ANY=[@ANYBLOB="2d706572665f6576656e74202b6e65745f636c73202b68756765746c62202d6e6574202d6e65d2736d3f696f202b626c6b696f202d637075202b72646d61202b6e65745f636c732028a457c846a7970b3ed08c247861f1e25d8a2522b9b9cb4b05f080"], 0x48)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r4)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r7 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="020000000400000008000000010000008000000024e1aa9de7ab5dd4cdded735ee1b01c457dce1f440c6744ca22a2d2e4e03144430d028f67ebf1b316adbb6e783d2ad51be9625e4d539d5e9709bd863edcfdde6d50a817cd753810980df1c16a139a2a3293e7ea4018dcfbfa0115220707281f30ddbb35efb671feca2f62da15286f68e2846f0f2baeb75be7db44f70350689f1b8eb885f3e5948b853a7bba8f94bbf1a0ab282d7eff521095f50cc1b803ff467b457415cba7268790b68da471ad34573a76117069d0443527dc094ad8677ce675d1dac45b47a1843013d23de956c3ce56f2ee7575ef39e31c9d25bc748c4177881dfa24f2e39f1987a014f701feb1f51f1fa40daedbd45ca6dd733de4365b97402050d02f742b3013e6507e40e33983418cf045f061f9acc7ea995151a548918af0c65563092043383bcd27eea188b2c95845706cb14789eff7edd3e07f73ed662b55777933a50edea7ef55cb8d1f49a4dc172ca0603d51a8c492c5ab8b9916084e89acd378dbc84e05ff1d0d9f8e023dfa4b1e6c5a495bba26d1e0e888312c5608b2860694d733f4cb8aca3003fb0745bd2418b3f1f9e4f40a01f35ae89b0fffcf9bad3fbb115be2f42a16a0106c53ecba67b26812ea391b0117af5bbab512cf2a7a1aebc090e1eab7936", @ANYRES32=r0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000400"/28], 0x50)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_tracing={0x1a, 0xb, &(0x7f0000000900)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x40000000}, [@tail_call, @generic={0xa, 0xa, 0x1, 0x7, 0x9}, @map_idx={0x18, 0x6}]}, &(0x7f00000004c0)='syzkaller\x00', 0x9, 0x46, &(0x7f0000000980)=""/70, 0x40f00, 0x2c, '\x00', 0x0, 0x17, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000a80)={0x3, 0xf, 0x4, 0x3}, 0x10, 0x29cff, 0xffffffffffffffff, 0x4, &(0x7f0000000ac0)=[r7, 0xffffffffffffffff, r0, r0], &(0x7f0000000b00)=[{0x0, 0x4, 0x10, 0x1a}, {0x4, 0x1, 0xb, 0x3}, {0x0, 0x3, 0x2, 0xb}, {0x5, 0x5, 0x6, 0x4}], 0x10, 0x45, @void, @value}, 0x94)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r0, <r8=>0xffffffffffffffff}, &(0x7f0000000180), &(0x7f0000000680)='%pi6   \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000380)={r8}, 0x4)

14m0.053102725s ago: executing program 5 (id=3935):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000004000000080000000a"], 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000500000000000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd66, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

13m59.403997919s ago: executing program 5 (id=3940):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x23, 0x0, &(0x7f00000001c0))
sendmsg$RDMA_NLDEV_CMD_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYRES32=r1], 0x10}, 0x1, 0x0, 0x0, 0x40080}, 0xddcbc9d09c87b7cd)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r2)
sendmsg$NLBL_MGMT_C_ADDDEF(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000000000000000040000001400050003030000000a0000005dc00000000001080002000500000014000600ff01000a00f2f3f31f000a0000000001060001"], 0x4c}, 0x1, 0x0, 0x0, 0x8004}, 0x4040000)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4b, &(0x7f0000000180)=0xfffffff7, 0x4)
sendmsg$NLBL_MGMT_C_ADDDEF(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x24008000}, 0x4040000)

13m58.148146416s ago: executing program 5 (id=3942):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000007c0)={0x3, 0x0, [{0x10000, 0xe1, &(0x7f0000000c80)=""/225}, {0xd000, 0x24, &(0x7f00000003c0)=""/36}, {0x0, 0x88, &(0x7f0000000700)=""/136}]})
openat(0xffffffffffffff9c, 0x0, 0x501483, 0x0)
r5 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="74010000", @ANYRES16=r5, @ANYBLOB="11060000000000000000010000000800050001000000200108803c0000801400040002000000ac1e00010000000000000000240001000000000000000000000000000000000000000000000000000000000000000000e0000080a400098028000080060001000a0000001400020020010000000000000000000000000001050003000100000028000080060001000a00000014000200ff0100000000000000000000000000010500030001000000280000"], 0x174}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x205000, 0x0)
openat$dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x3, &(0x7f0000006680))
syz_io_uring_setup(0x109, &(0x7f0000000140)={0x0, 0x114df, 0x100, 0x1, 0x89}, &(0x7f00000001c0), &(0x7f0000000440))

13m51.488296181s ago: executing program 5 (id=3956):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
bpf$MAP_CREATE(0x700000000000000, &(0x7f0000000180)=@base={0x1d, 0x4, 0x2, 0x0, 0x201, 0xffffffffffffffff, 0x5, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x50, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x137b}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x40000, 0x100a8}}}}}}, @IFLA_NUM_TX_QUEUES={0x8, 0x1f, 0x5}]}, 0x50}}, 0x40080)

13m48.607492722s ago: executing program 5 (id=3961):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9)
fdatasync(r0)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
setresuid(0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000008ec0)=[{{&(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000180)="231436615f219dd6e50cfa90d6de18e66161f09d20673d9714d676eac97e", 0x1e}, {&(0x7f0000000440)="ec8e2d6dfd4dfccaa1ffc4b135b3217e48bb98175c7f8ee86510abe586a5d4bcef8fa71aa291023c922e044db0a8513de835a5dc262d3ccef503258537479a1d9d78b3674407055a759cfc34105e4448388bca0fc77fa6c73956bcb968d0f8815019", 0x62}], 0x2, &(0x7f0000000b80)=[@cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r1, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x10}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, r1, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r2, 0xffffffffffffffff, r1, 0xffffffffffffffff, r2]}}, @cred={{0x1c}}], 0x130, 0x885}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0)
r3 = epoll_create1(0x0)
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xfffeffff, 0x0, 0x443c000000000000)
epoll_pwait(r3, &(0x7f00000000c0)=[{}], 0x1, 0x101, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081140000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071184a00000000001d300500000000004704000001ed00000f030000000000001d44020000000000620a00fe040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a8641aa05a1336b3b4c4becea710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343cccc953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c9102"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0xf}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r4, 0x40182103, &(0x7f0000000240)={0x0, 0x0, r4})

13m33.479508262s ago: executing program 33 (id=3961):
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000840)=@abs={0x0, 0x0, 0x4e20}, 0x9)
fdatasync(r0)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
setresuid(0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000008ec0)=[{{&(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000280)=[{&(0x7f0000000180)="231436615f219dd6e50cfa90d6de18e66161f09d20673d9714d676eac97e", 0x1e}, {&(0x7f0000000440)="ec8e2d6dfd4dfccaa1ffc4b135b3217e48bb98175c7f8ee86510abe586a5d4bcef8fa71aa291023c922e044db0a8513de835a5dc262d3ccef503258537479a1d9d78b3674407055a759cfc34105e4448388bca0fc77fa6c73956bcb968d0f8815019", 0x62}], 0x2, &(0x7f0000000b80)=[@cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r1, r1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x10}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, r1, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r2, 0xffffffffffffffff, r1, 0xffffffffffffffff, r2]}}, @cred={{0x1c}}], 0x130, 0x885}}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14}}, {{0x0, 0x0, 0x0}}], 0x3, 0x0)
r3 = epoll_create1(0x0)
epoll_pwait(r3, &(0x7f0000000100)=[{}], 0x1, 0xfffeffff, 0x0, 0x443c000000000000)
epoll_pwait(r3, &(0x7f00000000c0)=[{}], 0x1, 0x101, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000081140000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff0000000071184a00000000001d300500000000004704000001ed00000f030000000000001d44020000000000620a00fe040400007203000000000000b500f7ff000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a8641aa05a1336b3b4c4becea710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fe51bef7af9aa0d7d600c095199fe3380d28e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51bf900000000000000d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343cccc953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93020000000000000080e69db384ac7eeedcf2ba3a9508f9d6aba582a896a9f1e096df6ecea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840bd2951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00e10000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f6f096753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e9673560000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d490cba8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e1461173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b583cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd84990453f006694d461b76a58d88cf0f520310a1e80dc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e8262395174328f2482d14008de83070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6032399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c00000000000000f59dd19e8d525206c0a728cfd42193abe8130bc01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ed1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef67cf0216e2d81e6127bd9d7fab28800eaab2355992f8ce4cd38add4b272c0bee4076ca4847ffa691cf78fb7ec212bad3bef29f577ea7159b7f3025b3d977ff7c9102"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0xf}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r4, 0x40182103, &(0x7f0000000240)={0x0, 0x0, r4})

4m17.813550681s ago: executing program 4 (id=6188):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000180)=@abs, 0x11)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = socket$key(0xf, 0x3, 0x2)
recvmmsg(r2, &(0x7f0000000440), 0x0, 0x2, 0x0)
sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)

4m15.445696035s ago: executing program 4 (id=6192):
r0 = syz_open_dev$usbfs(0x0, 0x205, 0x2581)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/10, @ANYBLOB], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=@framed={{0x35, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x28}, [@initr0]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
r1 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xffd, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r5}, 0x10)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x670, 0x2e0, 0xd0, 0x2e0, 0xd0, 0xd0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x5}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x11}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0x100, 0x128, 0x0, {}, [@common=@unspec=@connmark={{0x30}}, @common=@inet=@socket1={{0x28}}]}, @common=@unspec=@MARK={0x28}}, {{@uncond, 0x0, 0x120, 0x148, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}}]}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0x138, 0x178, 0x0, {}, [@common=@dst={{0x48}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6d0)
r7 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r7, 0x0, 0x0)
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r8 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000c80)={'lo\x00'})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
fcntl$dupfd(r0, 0x0, r0)

4m14.494407181s ago: executing program 4 (id=6193):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_PASTESEL(r2, 0x541c, &(0x7f0000000180))
ioctl$TIOCSIG(r2, 0x40045436, 0x15)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x80842, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r3, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
readv(r4, &(0x7f0000000080)=[{&(0x7f00000028c0)=""/4098, 0x1052}], 0x2)
r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x10b301)
ioctl$USBDEVFS_CONNECTINFO(r5, 0x80045518, &(0x7f0000002a40))
r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r6, 0x4090ae82, 0x0)

4m14.364503095s ago: executing program 4 (id=6194):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_DELETE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=ANY=[@ANYBLOB='\x00 '], 0x28}}, 0x48000)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00'}, 0x18)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x1}, 0x240008c0)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYRES8=r0], 0x80}}, 0x0)
syz_emit_ethernet(0x6e, &(0x7f0000000440)=ANY=[@ANYRES16=r0, @ANYRES8=r0, @ANYRESDEC=r1, @ANYRES32=r1, @ANYBLOB="692eaffdb06a5f36e083a3897274cae125c828911f359a5034a0a1162ce1be06d6d12df9ac3edcf14156db8b4879bf20467b536aaa099cbe4d99505b916de747e858e0e23cd36b2d77e1932c5e7602371ed248dc7d1cb0e5aa52fceb7af1ba00e8b6e3b0781b20e1ced74b8681d20af48614fa37a11a3d6d27a68f1f1ee6082587dd54513400c6ce877d865606e04be0883326318a641a6d220cad5961844a158bb4d4c4432a5ec5d05a3dd21ad6706d46f50620386bca9099"], 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x30, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(r2, 0x1, &(0x7f0000000000)=0x6)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)=ANY=[@ANYBLOB="300000003d0007010000000000000000047c0000040008800c00018006000600800ad0d30c000280050019"], 0x30}}, 0xc000)
r6 = fsopen(&(0x7f0000000000)='sysfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
r7 = syz_open_procfs(0x0, &(0x7f00000002c0)='task\x00')
fchdir(r7)
r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x2228c1, 0x2a)
lseek(r8, 0xffdfffffffffbffc, 0x1)
r9 = fsmount(r6, 0x1, 0x0)
fchdir(r9)
r10 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r10, &(0x7f0000001fc0)=""/184, 0xb8)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)

4m14.213883927s ago: executing program 4 (id=6195):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0500000004000000080000000a"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa10000000000000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000500000000000000000000850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000007"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffd66, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

4m14.196734553s ago: executing program 4 (id=6196):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = fsopen(&(0x7f0000000040)='nsfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x8, 0x0, 0x0, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=r0, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000380)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x84000)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r8}, 0x10)
r9 = dup(r7)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r9])
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xf, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
dup(r3)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r12=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="01628bac1500f6ffffffffffffff4fd50300", @ANYRES32=r12, @ANYBLOB="080026006c09000008002700120000000800b70075000000"], 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r13 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
close(r13)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r14=>0xffffffffffffffff})
r15 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x13, 0x4, &(0x7f0000000c00)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, r9, 0x8, &(0x7f0000000180)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x0, 0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r16 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000900)=ANY=[@ANYBLOB="c81c538432924b9d803c0593b841564e4c542dfaa13ad5ac9fe98e44f25f3c723b6a882ecff5ad74d0f0e32611b70ab28c817050ab97ebf8df0f1d43964039be37afe6a0aabe20e861fb86723e7fcf9eb098233c7ee6236f1561ee1aa89d6d52dd3b8a628e96080fe627bb929a560fc9bd723dae6828c5164fc76b4205c67d6ef2a3c4d9b8c3f14217fdf910c11dd1650cc05972535143dd36148900849cafaf30bc47d7592d5f5f6843cce329839ed7833ce3052e943303e654e80fcab94b4aace1ab2211f7e33e4a83c73a1ab99c3fde5f851a346d2412a75f78e7fdecb8eb1dbbd8eb697f340723c4df5d777d55a5fb78db9602eefc1e837b9b7cc9558e", @ANYRES32=r15, @ANYBLOB='&'], 0x10)
sendmsg$inet(r14, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000780)='}', 0x1}], 0x1}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r16}, &(0x7f0000000000), &(0x7f00000002c0)=r13}, 0x20)

3m58.607491575s ago: executing program 34 (id=6196):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = fsopen(&(0x7f0000000040)='nsfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x8, 0x0, 0x0, 0x0)
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRESDEC=r0, @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000380)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff}, 0x84000)
r8 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='writeback_bdi_register\x00', r8}, 0x10)
r9 = dup(r7)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r9])
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xf, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
dup(r3)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r12=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="01628bac1500f6ffffffffffffff4fd50300", @ANYRES32=r12, @ANYBLOB="080026006c09000008002700120000000800b70075000000"], 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r13 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
close(r13)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, <r14=>0xffffffffffffffff})
r15 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x13, 0x4, &(0x7f0000000c00)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, r9, 0x8, &(0x7f0000000180)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x0, 0x5}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r16 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000900)=ANY=[@ANYBLOB="c81c538432924b9d803c0593b841564e4c542dfaa13ad5ac9fe98e44f25f3c723b6a882ecff5ad74d0f0e32611b70ab28c817050ab97ebf8df0f1d43964039be37afe6a0aabe20e861fb86723e7fcf9eb098233c7ee6236f1561ee1aa89d6d52dd3b8a628e96080fe627bb929a560fc9bd723dae6828c5164fc76b4205c67d6ef2a3c4d9b8c3f14217fdf910c11dd1650cc05972535143dd36148900849cafaf30bc47d7592d5f5f6843cce329839ed7833ce3052e943303e654e80fcab94b4aace1ab2211f7e33e4a83c73a1ab99c3fde5f851a346d2412a75f78e7fdecb8eb1dbbd8eb697f340723c4df5d777d55a5fb78db9602eefc1e837b9b7cc9558e", @ANYRES32=r15, @ANYBLOB='&'], 0x10)
sendmsg$inet(r14, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000780)='}', 0x1}], 0x1}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r16}, &(0x7f0000000000), &(0x7f00000002c0)=r13}, 0x20)

13.948917979s ago: executing program 7 (id=7235):
pipe(&(0x7f0000000380))
io_setup(0x8, &(0x7f0000004200))
socket$vsock_stream(0x28, 0x1, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x503, 0x2070bd2d, 0x4000000, {0x0, 0x0, 0x0, 0x0, 0x40004}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_REMOTE={0x14, 0x7, @mcast2}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x2004c012}, 0x0)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x8, 0x0, &(0x7f0000000200))
r1 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402505a8a4410001020b0109021b00010100c000090400000207010100090501020002"], 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0xfffffd66, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}}, 0x0)
close(r2)
syz_usb_control_io$printer(r1, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}})
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_io_uring_setup(0x12ab, &(0x7f0000000140)={0x0, 0x7495, 0x0, 0x2, 0x1f7}, &(0x7f0000000380)=<r4=>0x0, &(0x7f0000000340))
syz_clone(0x2400, &(0x7f00000003c0)="a6ee4c53b1e95a910e79c2a0c4bbfc27078fb3bc2f61a74db991addefc9bd0fba5075d7680a1dc3905210a75fe9eb1f31d5fcfa995568561fbe85469e684f031d022dab2c3930f2896d35f3c02b131d67fa69b4fd55e70882bf1e6e75cefdbf9056958e336c4907742", 0x69, &(0x7f00000001c0), &(0x7f0000000300), &(0x7f00000007c0)="37771c51d8f479ad3202346827a0e009a07177fa80203c39dffabfa90cc56cdb946c6c10f6560e4f9fd2a346f3b039b35cc43eadc343ed239d72e646c262ff5aa8817a23d9e5254cacef9aa635b134e8beffc7d530c341d7d7dd2c9e74a10f3d155c273746ae25a12ac75a084dc565825fdca755240f2b7302f728a64c4b668da8499c87a5b14eaff5fe15ebafd5975d1714cc05ef61a8d15c08b9dca53438315c64927900ed28bf71c4ccb98ce2cb8cb07211ace0d46acbdc896e4da06a7c7bb29541c8519a2dffd0f3d4e1937044dcd6071d486834fe8ea31643e5fbfda9e4320f16")
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, 0x0, 0x0, 0x4)
pwritev2(r3, &(0x7f00000015c0)=[{&(0x7f0000000040)="5f16bf67e82bb96fa08d0122", 0xc}], 0x1, 0xfffff, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r5}, 0xc)
timer_settime(0x0, 0x0, 0x0, 0x0)

10.949705806s ago: executing program 6 (id=7241):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r0}, 0xc)

10.710619618s ago: executing program 6 (id=7244):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000080000000800000000000000", @ANYRES32, @ANYBLOB="10fd9b2712000000000046597afa9c172e291c00", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000000000000000000000000000000000000000004151391991cd652fc07a320053a966830f655e6c0f224e3f674da9e4852691119148ad99059839bc69dc1661ff74afaaceed8f762ecc9aa20e7d5b7a97e0109c6a4445eaa7ffb1"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[@ANYBLOB="500000ffff00000000000000000000edff000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001c001280090001007866726d000000000c0002800800020002000000140003007866726d3000"/56], 0x50}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x4, 0x0, &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
sched_setaffinity(0x0, 0x0, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000380)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
getgroups(0x2, &(0x7f0000001080)=[0xee01, 0xffffffffffffffff])
chdir(&(0x7f0000000480)='./cgroup\x00')
r2 = openat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x0, 0x0)
open_by_handle_at(r2, &(0x7f0000000000)=ANY=[@ANYBLOB="08000000fe0001009c"], 0x0)
setgroups(0x40000000000002e6, &(0x7f0000000140)=[0x0])
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r3, &(0x7f0000032680)=""/102400, 0x19000)
prctl$PR_SET_THP_DISABLE(0x44, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r4, 0x6, 0x21, &(0x7f0000000180)="e4d79b3b828024b59aa49c257addff4e", 0x20)
getsockopt$inet6_tcp_buf(r4, 0x6, 0x21, 0x0, &(0x7f0000000140))
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0xc, &(0x7f0000000000)=0x7, 0x4)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000380)='rpc_pipefs\x00', 0x18642, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20}, 0x881)
r5 = dup(0xffffffffffffffff)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf6ed4a7fd1ce5562, 0x13, r5, 0xbc7e9000)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)

10.319336332s ago: executing program 7 (id=7248):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000006c0)=ANY=[@ANYBLOB="140000ab820f5d0000000000000000000100000a5c000000060a010400000000000064f2d252974dddf104802c0001800c0001007061796c6f61641c00028008000440000000000800000340000000000900010073797a30000000f953e18b647269d6d4c56bec000900020073797a3200000000140004001100010000000000000000000020000a00000000000000e767f10116305292"], 0x84}}, 0x4000)
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000080)={<r3=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x0, @rand_addr=0x64010100}]}, &(0x7f0000000180)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000000c0)={r3, @in={{0x2, 0x0, @rand_addr=0x64010100}}, 0x0, 0x0, 0x0, 0x0, 0xce03d4}, 0x9c)
setsockopt$inet_sctp6_SCTP_RTOINFO(r2, 0x84, 0x0, &(0x7f0000000040)={r3, 0x0, 0x4, 0x800}, 0x10)
ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0x5)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000200)=0xdc)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r6 = accept4(r5, 0x0, 0x0, 0x800)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b800000019000100000000f7ffffff00e0000002"], 0xb8}}, 0x4004)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x11}, 0x80)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYRES16=r7, @ANYRES32], 0x54}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
setsockopt$inet_tcp_int(r6, 0x6, 0x11, &(0x7f0000000540)=0x8, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00', @ANYBLOB="0100000000000000000044000000080003", @ANYRES32, @ANYBLOB="08002700851600000a001800"], 0x4c}}, 0x4000804)
sendmmsg$alg(r6, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r6, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r8, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r9, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)
socket$inet_smc(0x2b, 0x1, 0x0)

8.167029181s ago: executing program 6 (id=7254):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000000)={r0}, 0xc)

8.010289715s ago: executing program 6 (id=7256):
r0 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000140)=0xfb)
ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000000)={0x3, 0x0, 0x9, 0xa, 0x5, "00120df500001e2000ff0100"})
ioctl$TIOCL_GETMOUSEREPORTING(r0, 0x5412, &(0x7f0000000040)=0xd)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0x2, &(0x7f0000006680))
syz_open_dev$dri(0x0, 0x8, 0xa0000)
mq_notify(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0xd, 0x0, @thr={0x0, &(0x7f0000000400)}})
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0xa)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x2, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x14, 0x0, &(0x7f0000000240)=[@acquire_done], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000480)={0x4, 0x0, &(0x7f0000000340)=[@enter_looper], 0x0, 0x1000000, 0x0})
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x3, 0xc, &(0x7f0000000500)=ANY=[@ANYBLOB="1802000002000000000000000000000085000000870000001801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000009b0000009500"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x1e00, 0xa, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r4, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="280000001e004b05000000000000000007", @ANYBLOB], 0x28}}, 0x0)

7.804824318s ago: executing program 7 (id=7257):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x8, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x53, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, 0x0, 0x0)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0x8, 0x4)
recvmmsg(r0, 0x0, 0x0, 0x2, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCFLSH(r1, 0x5411, 0x7ffffffffffffffe)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
bpf$PROG_LOAD(0x5, &(0x7f0000001700)={0x1c, 0xf, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000080000000000200000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x80000000, 0x0, 0x0, 0x41100, 0x44, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_int(r3, 0x29, 0x4e, &(0x7f0000000180)=0xfff, 0x4)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002400000095"], &(0x7f0000000240)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r4}, 0x18)
ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f00000001c0)={0x0, 'pimreg0\x00', {0x4}, 0xfff1})
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="640000000206010100000000000000000000000005000400000000000900020073797a30000000000500010007000000050005000a000000140007800800114000000000080012400000ffff16000300686173683a6e6574"], 0x64}}, 0x0)

7.015735181s ago: executing program 6 (id=7258):
pipe(&(0x7f0000000380))
io_setup(0x8, &(0x7f0000004200))
socket$vsock_stream(0x28, 0x1, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@newlink={0x50, 0x10, 0x503, 0x2070bd2d, 0x4000000, {0x0, 0x0, 0x0, 0x0, 0x40004}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_REMOTE={0x14, 0x7, @mcast2}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x2004c012}, 0x0)
getsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x8, 0x0, &(0x7f0000000200))
r1 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000402505a8a4410001020b0109021b00010100c000090400000207010100090501020002"], 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0xfffffd66, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}}, 0x0)
close(r2)
syz_usb_control_io$printer(r1, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}})
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_io_uring_setup(0x12ab, &(0x7f0000000140)={0x0, 0x7495, 0x0, 0x2, 0x1f7}, &(0x7f0000000380)=<r4=>0x0, &(0x7f0000000340))
syz_clone(0x2400, &(0x7f00000003c0)="a6ee4c53b1e95a910e79c2a0c4bbfc27078fb3bc2f61a74db991addefc9bd0fba5075d7680a1dc3905210a75fe9eb1f31d5fcfa995568561fbe85469e684f031d022dab2c3930f2896d35f3c02b131d67fa69b4fd55e70882bf1e6e75cefdbf9056958e336c4907742", 0x69, &(0x7f00000001c0), &(0x7f0000000300), &(0x7f00000007c0)="37771c51d8f479ad3202346827a0e009a07177fa80203c39dffabfa90cc56cdb946c6c10f6560e4f9fd2a346f3b039b35cc43eadc343ed239d72e646c262ff5aa8817a23d9e5254cacef9aa635b134e8beffc7d530c341d7d7dd2c9e74a10f3d155c273746ae25a12ac75a084dc565825fdca755240f2b7302f728a64c4b668da8499c87a5b14eaff5fe15ebafd5975d1714cc05ef61a8d15c08b9dca53438315c64927900ed28bf71c4ccb98ce2cb8cb07211ace0d46acbdc896e4da06a7c7bb29541c8519a2dffd0f3d4e1937044dcd6071d486834fe8ea31643e5fbfda9e4320f16")
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, 0x0, 0x0, 0x4)
pwritev2(r3, &(0x7f00000015c0)=[{&(0x7f0000000040)="5f16bf67e82bb96fa08d0122", 0xc}], 0x1, 0xfffff, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=@framed={{}, [@tail_call={{}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r5}, 0xc)
timer_settime(0x0, 0x0, 0x0, 0x0)

6.926968249s ago: executing program 7 (id=7259):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$igmp6(0xa, 0x3, 0x2)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_SIOCGIFCONF(r3, 0x8912, &(0x7f0000000180)=@req={0x28, &(0x7f0000000100)={'veth1\x00', @ifru_data=&(0x7f00000000c0)="0685454a9631894704eca29a7ec71a9fe3a4b22deab9f20efa56455f08034bfe"}})
socket$netlink(0x10, 0x3, 0x4)

6.700520075s ago: executing program 1 (id=7263):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x44e, 0x120b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x4, [{{0x9, 0x4, 0x0, 0xd, 0x2, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x3}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0xee, 0x5, 0x1}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000d40)={0x2c, &(0x7f0000000080)={0x40, 0x31, 0x3, {0x3, 0x3, "96"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

5.728003494s ago: executing program 7 (id=7265):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000004c0)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, <r2=>0xffffffffffffffff, 0x1})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r3}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8295aac7ea61552c}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000ff9f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00feffc0000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/685], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000)
syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r6)
syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r6)
recvmmsg(r6, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000001b40)=""/153, 0x99}, {&(0x7f0000001c40)=""/4096, 0x1000}, {&(0x7f0000002c40)=""/187, 0xbb}], 0x3}, 0x6}, {{0x0, 0x0, 0x0}, 0xa}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/179, 0xb3}, {&(0x7f00000001c0)=""/230, 0xe6}, {&(0x7f0000000340)=""/45, 0x2d}, {&(0x7f0000000840)=""/81, 0x51}, {&(0x7f0000002fc0)=""/4091, 0xffb}, {&(0x7f0000000100)=""/68, 0x44}, {&(0x7f00000006c0)=""/243, 0xf3}], 0x7}, 0x80000000}, {{0x0, 0x0, 0x0}, 0x27}], 0x5, 0x20, 0x0)
r7 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x40000, 0x0)
ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r7, 0x3ba0, &(0x7f0000000400)={0x48, 0x7, r2, 0x0, 0x10000, 0x0, 0xc, 0x258bd5, 0x2e7883})

5.469502523s ago: executing program 0 (id=7267):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0xffffffffffffff7c, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_open_procfs$userns(r2, &(0x7f0000000000))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000007c0)={0x3, 0x0, [{0x10000, 0xe1, &(0x7f0000000c80)=""/225}, {0xd000, 0x24, &(0x7f00000003c0)=""/36}, {0x0, 0x88, &(0x7f0000000700)=""/136}]})
syz_genetlink_get_family_id$wireguard(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r5, 0x10e, 0x2, &(0x7f0000000140)=0x12, 0x4)

4.33950021s ago: executing program 0 (id=7269):
r0 = openat$smackfs_revoke_subject(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0)
readv(r0, &(0x7f0000002e80)=[{&(0x7f0000001e00)=""/4096, 0x1000}, {0x0}], 0x2)
ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r0, 0x8040942d, &(0x7f0000000080))
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f00000001c0)={0x5813}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="7dd605bc207d6ab0ac2d1da9c05b115493e146111bcb40851cfee41cc04eb6fbff0eee2323c6", @ANYRES32=0x0, @ANYBLOB="753fa7b8763c479849947ffe26cb87ecca2cdfb63a36fa19c9b8319375b7ccfbc5907715def8517562cc3264899ffb2fb3e8465a1c30d9b81aeb90ba483d8fc0b3ff5a642e78e13b10c56950f04efc95cb9c123b3f572f3fd2071f05795422df0ff3adc21ee9b188142567704bd0aae7703043274edcedc9829ef66660bfb871456071ecd6c3de8668bdfca43a0176904832628e165319a887"], 0x5c}, 0x1, 0x0, 0x0, 0x10}, 0x5005)

4.174272812s ago: executing program 0 (id=7271):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000680))
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
write(0xffffffffffffffff, &(0x7f0000000080)="08008edf77", 0x5)
r3 = epoll_create1(0x80000)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000100)={0x10000000})
socket(0x1e, 0x1, 0x0)
socket$packet(0x11, 0x2, 0x300)
r4 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4)
bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r4, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
setsockopt$inet_tcp_TCP_CONGESTION(r4, 0x6, 0xd, &(0x7f0000000040)='veno\x00', 0x5)
sendmmsg$inet(r4, &(0x7f0000001900)=[{{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000500)="93bffce623851797a8dc79018d7716840ffc6941c667f6d345b18bc896d8f016f5f206bb2b0eb2fe32d2f0048678cd35ef833c35225ff91765770a6845b091e69f243dea0d601c54e9c93ee3568b89a3427c84262ff67b679ccac30538beb5d3ad7830b5cea1dcd151d7bb5754603b6b0e362d8041bdc61529260e554046d55927c96dcce1609b9c4f8424b9da760270a470f95b99ebb6c7ffbe2876ad8d2f34d612e47b86630000", 0xa8}, {&(0x7f0000000480)="029993440c7a0c95d3bb8cf353fd63c588ffa39f0ff0fca247d0822475", 0x1d}], 0x2}}], 0x1, 0x40c0)
sendto$inet(r4, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000000)={0x2, 0x4e23, @dev}, 0x10, 0x0, 0x0, 0x0, 0x20}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000180)={'syz_tun\x00'})
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r8 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0xe, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r8, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)

3.338243826s ago: executing program 3 (id=7273):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b800000019"], 0xb8}}, 0x4004)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x11}, 0x80)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYRES16=r3, @ANYRES32], 0x54}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x11, &(0x7f0000000540)=0x8, 0x4)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="a800000000010904000500000000000002000000240001801400018008000100e000000108000200ac1e01010c000280050001000000090024000280"], 0xa8}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x4000804)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

3.254376342s ago: executing program 1 (id=7274):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71c103e1fdcb1934fd1d28b4916abe2c44e26ea72be426c27052e816212096000155788943b846746c", 0xed}, {&(0x7f00000003c0)="5453b4b759f9d4f4f33bda880b70e0dadde06223919f4585429ef69078a4956f646ea03bfd4c090a003c01f32b1a175baf38c1eb4572c8b372a4cf9128062e58ff575546876a2804144c3aea98c4a3533396f87e860de8c66bceb0e6b387ec853b7e91c57587d38436637e702ae18eeccefdcd7a3cdd7bfc327b5d619b57d56afe1628b65e2948af5ee0e3f52746a5aff58bb7c6d253a58bf745584d1bc19fe5e42b5534eab9e9d2587b413e81f68b60f56130f82b327f5fe900e3e107bc6b783d1d23a056426d6502133386b51e657046c1c43a2a2c4a7611ee6592a5ee08700d24d832163b3def1f", 0xe9}, {&(0x7f0000000640)="d48c8225ddfdf2c06c27763617468581389d34126760ba3dd0fe077a7c2ce378dd62cafeeb4ba1493766d09fd561d69a5bf8109ffcd3e43d8c16b9c3fa92d4439c5af1fa4775d01dcf0748a24ab51b52fbe75287a4b9aaa18fd479bdd154b4efe531a242d90a1ca2799c242bfd4ddd8271448d3415bd3a907ad340dc2fa2471393212d02eb25242808cffdc4e7a646211c18ac8602f5fc1e4f82b72871a8d42f37988365ff226c1523bf01617976641421438e16378094c94f2e55a44150d9a358d92606afb12f21a63daadbb143d6ccdae88d53521b9fe51ffabb08ff67cb98266eeb1fbf81ec1e06", 0xe9}, {&(0x7f0000000040)="f96be6c391f1f8b23ae44a70a75f4a5ed0e013f80882907ab089ee65d16a6c6f5c666dad31257fb48b66d940a3819d0809971ea8274a65901b", 0x39}, {&(0x7f0000000740)="f52ec22aafecc37a6d9995f1afb5c1727f223f9b84451a110b1dfbf19cc7ed183ba93f6d55645001887fc999262b9c938e22ef5ec46b4b1b535060dcca5cff1f0e5a1d9b32cef2b6e0a61af7968dc1759c4d901867d7d6e9f2521f6a1578e1cc2fbf58837a2633c0b8299192718c61227412dafd01e899723b33735bbec3e1429117362acc4139fc3565f183bd5568f47f4bc416adb360fdd9c497c2ad2ffe1ad738f4c073f1378d2b455e61844076a4a97ac1e13e2fb300ae69d55c501f96dcc39bf7ed835cc866f0fbd8e936e8374a484f111919dc610e0a36a0ee3df2ab1dc34cea42a4292e2fbaa8", 0xea}, {&(0x7f0000000200)="057322e18609ed78266492c2a2ae3f0c0f3f6394c53de2727898d209dcb274efec9fc9995189ead7bf00148d091675fa045479985e4f644d258d0aa4a69618eb08ba045907a549ed83b88863c73d859acf1d16d599c71547d018", 0x5a}], 0x6}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)="acc870bde54caaeacb0000108cef4fa7bf44702b284b2e80cb32d33a86853c8c28797cd14c72c87f849f6ccbf3198d11a0b1ef000000000200000088e0e022b04dbd50d36f3c028c27ba0000000000000000000000000033", 0x58}, {&(0x7f0000000840)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc48755381c71590cd542e796cc2669e2af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e461725b5e437323385b88c368f8bb5b933aa9169f5f7b51dd5319b8016623d1863d70581691a79a6678db1e5e7fa1c98c5b9e4a87272e9c4a1bd98dbb2ab76919ba5c1020e80bd06", 0xb3}], 0x2}}], 0x2, 0xc0)

2.957509037s ago: executing program 0 (id=7275):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
ioctl$sock_SIOCGIFCONF(r3, 0x8912, &(0x7f0000000180)=@req={0x28, &(0x7f0000000100)={'veth1\x00', @ifru_data=&(0x7f00000000c0)="0685454a9631894704eca29a7ec71a9fe3a4b22deab9f20efa56455f08034bfe"}})
socket$netlink(0x10, 0x3, 0x4)

2.886745416s ago: executing program 3 (id=7276):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000011c0)={&(0x7f0000000ec0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x38, 0x38, 0x9, [@func={0x6, 0x0, 0x0, 0xc, 0x3}, @var={0x7, 0x0, 0x0, 0xe, 0x3}, @func_proto={0x0, 0x2, 0x0, 0xd, 0x0, [{}, {}]}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x5f, 0x61]}}, 0x0, 0x59, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20)
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x200)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r1, 0xc08c5335, &(0x7f0000000080)={0x90, 0x8, 0x0, 'queue1\x00', 0x56b})
r2 = syz_open_dev$video4linux(&(0x7f0000000000), 0x998f, 0x580202)
ioctl$VIDIOC_S_SELECTION(r2, 0xc040565f, &(0x7f0000000040)={0x8, 0x2, 0x4, {0x8, 0x0, 0x0, 0x9}})
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)={{0x14}, [@NFT_MSG_NEWSET={0x3c, 0x12, 0xa, 0x9, 0x0, 0x0, {0x2}, [@NFTA_SET_NAME={0xfffffffffffffcd8, 0x2, 'syz1\x00'}, @NFTA_SET_KEY_TYPE={0xfffffffffffffe3b, 0x4, 0x1, 0x0, 0x2000000}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_USERDATA={0x0, 0xd, 0x1, 0x0, "978cd1e7586368757098084d3b2edafc3342fc1bd946f56b1f4e97f81f6fc7e064db38272b1e666eee2e00d6dbbc26813c4c284dc9e44aee92a07fa67a4d94365bef98eb4312d4bf13327dc34a203e5febb05965bce23ba4d51f0a0ef6309bad2e995a80169fe000d4ed2ea8ca92beab0865cab8bf286fa38ed4765b09b42bbbade5"}]}], {0x14}}, 0x64}, 0x1, 0x0, 0x0, 0x20040000}, 0x2001c880)

2.780017617s ago: executing program 1 (id=7277):
socket$inet_tcp(0x2, 0x1, 0x0)
pipe2$watch_queue(&(0x7f00000000c0), 0x80)
eventfd(0x8)
socket$inet6_tcp(0xa, 0x1, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
socket$nl_audit(0x10, 0x3, 0x9)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$packet(0x11, 0x3, 0x300)
socket$kcm(0x11, 0x200000000000002, 0x300)
socket$kcm(0x10, 0x2, 0x4)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[], 0x20)

2.779171579s ago: executing program 6 (id=7278):
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x8, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0x2000000000001]}})
syz_usb_connect(0x2, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100002d3d6a08c6050592ac29000000010902240003000000000904020000ff4f9b000904b000003a3846000904"], 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
r3 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r3, &(0x7f0000000040), 0x10)
sendmsg$netlink(r3, &(0x7f0000005d80)={&(0x7f0000000440)=@kern={0x1d, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000005cc0)=[{&(0x7f0000000540)=ANY=[], 0x10}, {&(0x7f0000001f40)={0x218, 0x11, 0x400, 0x70bd2a, 0x25dfdbfc, "", [@generic="96d5ca4ec94685d95d02fccda06116c423d3b58b840614f40d8101799566ba8464c489e4a3dbc83f68f0b28329cbf13d4c93f169197e12a996a5c644121dfa7dd2805cc13b4ad5b84c9cdf07f9d0effd1372e12940", @generic="e77bef1fd3d83bd72f4247750a75beafd891e81ac47308521fb3fef4a6cc58d644aa093743e2f5042e64ec55ba1eb4cf23319d4cd440746e61d6bf8ad177358bbf0e29026fb7c78db08b8f4d1a592db0f9abc1daada3221ac7375e24f4e29d06b6714f2cbb4d139291f558e8c19a7f082361c5a42eb8b2cf30cefaac2da61e3a35751ca34eedad720c99b5ef07ae56ba5a3d8ee9c9e727b96339c74a692e8fdab3166eb092d63730a88feed54720808e440f233f4a3641b647b3c514a7000182235473bf39b3b4d8", @nested={0xe5, 0x125, 0x0, 0x1, [@generic="875b5b7bbbac75018120d98241b28822f70a4dc56f2880f60f58193e3dee0259883547a2b12d558c57731bae34b81cc58bce9865cb0ea90a0ea8fe941c7ed56911e969963804af86a49f74e7671bb3c3817fddc01149d23f2838d846d8985136cf81d5289176b68b489ef7ea73c492deedfcfd6353c17a5b423a01f1f9f9cf3d26b95dac2b71140a93493d97c8323cdf5ee61f7a04ba568518c7e32373c4af02f373b3bf5cfde40157e547c470c4956124dd43e70534cbf752c2c6573eb7b7832da544e7fc64a32672", @typed={0xa, 0xbe, 0x0, 0x0, @str='/,W\\%\x00'}, @nested={0x4, 0xf0}, @nested={0x4, 0x46}, @nested={0x4, 0x130}]}]}, 0x218}, {&(0x7f0000000480)=ANY=[@ANYBLOB="cc0100003700010026bd7000fedbdf25fbb58747a83c3f4f21536bc0082d6e2653d94aae67c9c176725914eecb2d0ffe519dc120aacb94665f574baf67d8e55c94e48e231285ba4dcff618558f4c328d3052bc3a426bf9f2583a791c10aa9164f16189d647e2694e87acb8c62b4973a7831c9f545047748c5852baa5e0ef820a8e7caec980a2c822d114217bacc75a485d9ba8ebc0a0b9fe9e0a1720e00d85fd304011ccd88503c3cf35c1b9da5aac537fbed816bcad3846b3e9f21dba6890e49f13bcee327b706250ffdaab07aa5101b35c67ea18201453f835d9011133720f6235bcb3b65fcc61b32ab24c00936b89c7f78915debc371432d5c4228c36915fb5aec7cbef3ebfc41df75890eda2bd51c2a79acaa6e9a518f07b94b7c2d8194caa2619f3ecd0d319d3b1306a84b0ebbae2abec4d16b24fcb93f1e1cedbd6dcb31777a7b83df23b2217ecd7095689d45c4e64827c526f6a3ba0b81a516bb3b0ef690b9eb27f72d7ed0b8c0800ec80040024800800f600", @ANYRES32=0x0, @ANYBLOB="fd57eaabc453f25452ef57006cc8e52741e52fde82a193350033800400a0800400eb8067ff172d2e5e4d8970e6658c503f8085b8e9b43039e9ec980e722e1b3ff6835146e08e1ef917a1b66200000000111cf27ffb40ab0000"], 0x1cc}, {0x0}], 0x4, 0x0, 0x0, 0x44011}, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x2)
bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[], 0x50)
r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000002100))
sendmsg$TIPC_NL_BEARER_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, 0x0, 0x1, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x48c05}, 0x4040140)
ioctl$VHOST_GET_VRING_ENDIAN(r4, 0x4028af11, &(0x7f00000001c0))
getsockopt$bt_rfcomm_RFCOMM_LM(r1, 0x12, 0x3, &(0x7f0000000080), &(0x7f0000000140)=0x4)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x7)
ioctl$TIOCVHANGUP(r2, 0x5437, 0x2)

2.471815987s ago: executing program 3 (id=7279):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0xffffffffffffff7c, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
syz_open_procfs$userns(r2, &(0x7f0000000000))
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000007c0)={0x3, 0x0, [{0x10000, 0xe1, &(0x7f0000000c80)=""/225}, {0xd000, 0x24, &(0x7f00000003c0)=""/36}, {0x0, 0x88, &(0x7f0000000700)=""/136}]})
syz_genetlink_get_family_id$wireguard(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r0, 0x0, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r5, 0x10e, 0x2, &(0x7f0000000140)=0x12, 0x4)

1.87431056s ago: executing program 1 (id=7280):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b800000019000100000000f7ffffff00e0000002"], 0xb8}}, 0x4004)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x11}, 0x80)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYRES16=r3, @ANYRES32], 0x54}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x11, &(0x7f0000000540)=0x8, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES32, @ANYBLOB="08002700851600000a0018"], 0x4c}}, 0x4000804)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

1.830062488s ago: executing program 0 (id=7281):
r0 = socket(0x40000000015, 0x5, 0x0)
bind$inet(r0, 0x0, 0x0)
io_setup(0xcb, &(0x7f0000000000))
eventfd(0x3c)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000bfe000/0x400000)=nil)
sendmsg$inet_sctp(r0, &(0x7f0000000200)={&(0x7f00000000c0)=@in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0xfe, 0x0}}, 0x10, &(0x7f00000001c0)=[{&(0x7f0000000340)="f192e297312a2ee16cf3e7d6a18d5c366c4d7578ae005053f24b6950de11321909182b215082e4cc9b258924dd416e88d8d2e533b0a0ee708c5e3fc4c980d4e11d17a3d50cf10fc8efe0d284d6ae14867fc93f1446b25b35a0593298923fb7c7e1de16ccbfedc7be0279d4ead70783e70fb933f7592ed78a27d450bccccb90f0a394444c7cf791f623a28976f112e05f5d646fa62fd803bc2d9fd5669bbe8c2fafd1b3000000000000b42b76753f5ff60624d90c0d476f6d5e989015741dab8cab2fd9", 0xc3}], 0x1, &(0x7f0000000280)=[@dstaddrv4={0x18, 0x84, 0x7, @private=0xa010100}], 0x18, 0x4000}, 0x240408c1)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r2, 0x4020aed2, &(0x7f0000000080)={0x100000, 0x388000, 0x8})
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x42042, 0x0)
eventfd(0x67)
migrate_pages(0x0, 0x3, &(0x7f00000002c0)=0x7f, &(0x7f0000000300)=0xa)

1.605899505s ago: executing program 1 (id=7282):
r0 = socket$kcm(0x10, 0x2, 0x10)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r2 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x2, 0x9, 0xfa, 0x0, 0x4, 0x0, 0x70bd25, 0x25dfdbfe, [@sadb_x_sec_ctx={0x1, 0x18, 0x7, 0xff}, @sadb_x_nat_t_type={0x1, 0x14, 0x57}]}, 0x20}}, 0x24000800)
setsockopt$sock_int(r1, 0x1, 0x10, &(0x7f0000000080)=0x9, 0x4)
bind$bt_hci(r1, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
recvmmsg(r1, &(0x7f0000000000)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000700)=""/176, 0xb0}}], 0x1, 0x0, 0x0)
accept4(r0, &(0x7f00000000c0)=@ax25={{0x3, @rose}, [@netrom, @bcast, @netrom, @rose, @rose, @rose, @bcast]}, &(0x7f0000000080)=0x80, 0x80000)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000800)="3504000030000511d25a80648c63940d0324fc60040035400c0002000200002037153e373f04018006041000450055d64a12f76710989a119052acaa1100da3e813fa6ba1eb693d93f699e37af0d43f908fa7d995a8feb85d6a4e1b691276cd9561767309099f86f8e9e71fa51bde29f19b06fb9b3ba96da0e93d5a4024c1747fff68092705b44bb48dd2db4f3127aab13b4af0554957da6c0e03db227b65d459fa5c1232d7b62f12b65354b7e7fd32998da02ae0dc28942ec82d97191d0b68697bac278c34b2972ca8ed35b61ee6831c78af85ccd687694ce3835a98387fcdb8616524ea04449dbedb3250fb366740d6b96307e1d2f0d85dd592ca2d8c2730ad1d16eb4d87cbb48d2f7c4eb7a490aee048c9a8eb2ec9ed353d79ed29ffed1e48bf370bfb8af11085997d38210601155ec361cd6f3577da98c0a528a4d24ce75fbe297cb75f4b36719edd354ee6312c5527de7ea1a4233b96d27f7fb1e0989", 0x15f}, {&(0x7f0000000a40)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc2261c238a5159ea98db9c00aeef644ae98a8cb8da3ff3b7ba14d7971910b559623af829524d83bf19f18628464076329140e0203fc75859185ccd019302afb784e41e16cf2d31db7aba83d0f500ce25fc2d7f524a04cfaa0015ea8a297477a5517f8a4ac167083a321c78070974afc897fb738fbcfeac369844fd7fc11fff502c02b7607007ead2007a18006a6ca8dc2d0119f01d7083c2ab5760ac7b24d7bf26b9030cf455a08385f9e662cbe0c3ca6e6fd4ac0c8566c0fca986c68ef7016a11d3e44253b6f2d07d53505ed58b8ad410f89425046321b4a9b27b5e767bdfa0ebf7abf3d91b319129c48853d8e5cbc4a2c5c560b007eafe03e3332f6017f3164c7f602180aad23dfe5e770fe8855f45925e342b7dfd7ddaa68b65065465cdf4d5b8d995d6e6a7042ebea3d139c6a616232eb4efd1a50d0e6db3188a8e98375fda2a7ebd4cd59b9ea626c13685b05e6cf4d484e32869fd7c7167dbfa48b1529e5dd5f5a02673ccc7dbedfd75e34f3f9eb3c7833734a59acada6dd2ff364475e03f2219deedb5d0c941f2177a23167adcc5a15f4e5441ed537f26a1620df057aeb55b2ad3a00a77e23d304ed6034dd5ec9b2cfe777ca21ec4f48abdafa0d66a78d653068ef871b", 0x2d5}], 0x2}, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18010000120000000000000000000000850000006d000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000280)='contention_end\x00', r3, 0x0, 0x3}, 0x18)
r4 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r4, &(0x7f0000000080)={0x1a, 0x0, 0x0, 0x0, 0xa}, 0x10)
sendmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{&(0x7f0000000000)=@l2tp={0x2, 0x0, @local, 0x2}, 0x80, 0x0}}], 0x1, 0x844)
r5 = socket$inet6_sctp(0xa, 0x5, 0x84)
r6 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r7=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r5, 0x84, 0x10, &(0x7f0000000000)=@assoc_value={r7}, 0x8)
listen(r4, 0x0)
accept4(r4, 0x0, 0x0, 0x80800)
sendmmsg(r4, 0x0, 0x0, 0x20000000)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.self_freezing\x00', 0x275a, 0x0)
setsockopt$inet6_IPV6_PKTINFO(r8, 0x29, 0x32, &(0x7f0000000300)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0x14)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000100)=[@in6={0xa, 0x4e23, 0x4, @dev={0xfe, 0x80, '\x00', 0x38}, 0x9}]}, &(0x7f0000000040)=0x10)
shutdown(r9, 0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r8, 0x0)
bpf$ITER_CREATE(0x21, &(0x7f0000000140)={r8}, 0x8)

917.618964ms ago: executing program 3 (id=7283):
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f0000000140)={0x24, &(0x7f00000001c0)={0x40, 0x6, 0x20, {0x20, 0x21, "3a0ecfd66159505bc1cecc84d8493d65e2acb5b779e9a02bc3ce036a079d"}}, 0x0, 0x0, 0x0}, &(0x7f0000000440)={0x2c, &(0x7f00000002c0)={0x40, 0xe, 0x42, "ea6780a9baf06f001e26446ab8e4d6e3c60d9d5f22c4813540f3bcf6cb9915a131ffddf12516a78396de7a15c77bb38ebbb232fb83426d9c39702fba83ec5f0e66cb"}, &(0x7f0000000340)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000380)={0x0, 0x8, 0x1, 0x3}, &(0x7f00000003c0)={0x20, 0x1, 0x8, "4d7e84b39091aacb"}, &(0x7f0000000400)={0x20, 0x3, 0x1, 0x7}})
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="043e110b07"], 0xec)

793.870318ms ago: executing program 7 (id=7284):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)={0x34, r0, 0x4, 0x70bd2d, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1464}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x12}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8, 0xb7, 0x75}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r3, &(0x7f0000000200)='m', 0x1)
r4 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x801)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000100))
r5 = syz_open_dev$sndpcmp(&(0x7f0000001200), 0x0, 0xa2c65)
write$snddsp(r5, &(0x7f0000000200)="a3", 0x1)
ioctl$SNDRV_PCM_IOCTL_DRAIN(r5, 0x4144, 0x0)
r6 = syz_io_uring_setup(0x9ee, &(0x7f00000003c0)={0x0, 0xc95c, 0x100, 0x3, 0xfffffffe}, &(0x7f00000000c0)=<r7=>0x0, &(0x7f0000000280)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r6, 0xdb4, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDCTL_DSP_GETODELAY(r3, 0x80045017, &(0x7f0000000040))
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000240)={0x1, &(0x7f0000000140)=[{0x6, 0x5, 0x3, 0x7fff0000}]})
r10 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$UI_SET_EVBIT(r10, 0x40045564, 0x1)
ioctl$UI_DEV_SETUP(r10, 0x405c5503, &(0x7f0000000480)={{0x2e, 0xffff, 0x6, 0x7}, 'syz0\x00', 0x2})
ioctl$UI_SET_KEYBIT(r10, 0x40045565, 0xee)
ioctl$UI_DEV_CREATE(r10, 0x5501)
close_range(r9, 0xffffffffffffffff, 0x0)

574.36224ms ago: executing program 0 (id=7285):
r0 = syz_open_dev$video4linux(&(0x7f0000000240), 0x0, 0x20b00)
ioctl$VIDIOC_ENUM_DV_TIMINGS(r0, 0xc0945662, &(0x7f0000000100)={0x6, 0x0, '\x00', {0x0, @reserved}})
landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x18, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r2 = openat$sequencer2(0xffffff9c, &(0x7f0000000080), 0xc41, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$SNDCTL_SEQ_NRMIDIS(r2, 0x8004510b, &(0x7f00000000c0))
bpf$MAP_CREATE(0x0, 0x0, 0x50)
syz_usb_connect(0x3, 0x367, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000ef87ab08b4040210b4cd0102030109021d070300090000090467090920ef8b0009050701000200050209050e00000409d72ec40ec1dc52252ea7f077451ea7031d60a5e4b51a9e2102a105a98d21f58e8aaf542247f49978dc77719772dde944db913b7c979acb7f91f2306bf3f47da1b039b5d2fe03d85c78cf3b08a6d58e34cdaebb6d8f0e9f728b51beeb36ded235ecab20365c3cc031d22f1bb85e5f6f2427fcb797129f1361b09257c2274867ad04bd2894b9ae0539e2e7b50e9bb694e483c66661e7a68545f2835363356260d8bdbdebbb4b94b03558c006762c95be9c456b34c2c833fba72f61621cd3bdd07d0500ff7a41d4090509000800090f07072501810800000905080c400006020209050c01ff030804010905040040000e0509072501030908000905010300040efe09e20b1edb037387b5fc16aaba86735a0b45687ae681e8c97a56a4f2b448f14d197065be41f7ca366a5d9a5093ad45531dab348e6efadbbcc78a80ccf7151eeeeaa21cc68d75bd864c5d548ae8d45167bc7e555e0f0544b483f4fb38ab2ffefaa027006be172c96de3f71a5c919236a81f25b15b05e2d7178d86cdc319c6f59cf698c04aa2b7ffe8c957a55c5caffefa390fe03f0b5b463f5c51654d7dd0c3de61a3a1e4235bccb458d7c973c8f71c84d447864da3f054d39e75f22b776497588ac9cbd46532ea2667283178e39936291c4a07f47ac52d49a3839df5882dac368116e60725018006135e0905080008000303090905040000049db64007250181090100072501024c04000904"], 0x0)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_SET_PIT(r3, 0x8048ae66, &(0x7f0000000000)={[{0x80000000, 0x1, 0x3, 0xe, 0x2, 0x2, 0x6, 0x8, 0x0, 0x3, 0xfa, 0x7, 0x1}, {0x2, 0xac7e, 0x6, 0x8, 0x3, 0x7, 0xa, 0xc, 0x4, 0xfd, 0x0, 0x2, 0xeb}, {0x8000, 0x7fff, 0x11, 0x9, 0x9, 0x8, 0x0, 0x4, 0x5e, 0x3, 0x9, 0xb}], 0x8})

135.550022ms ago: executing program 3 (id=7286):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x800)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="b800000019"], 0xb8}}, 0x4004)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x11}, 0x80)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_IBSS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=ANY=[@ANYRES16=r3, @ANYRES32], 0x54}, 0x1, 0x0, 0x0, 0x4010}, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x11, &(0x7f0000000540)=0x8, 0x4)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="a800000000010904000500000000000002000000240001801400018008000100e000000108000200ac1e01010c000280050001000000090024000280"], 0xa8}}, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x4000804)
sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

122.974646ms ago: executing program 1 (id=7287):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000cc0)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000002c0)="68377863ac6ea61666eaa696435a75f1626fe3a3acedcaf71527ff51d446daac757559d2d6fc2b90952355ec6c61d718c91784312b1b4771888a0811895b02ffb658934b0bbd6466c9cc04cc7252f1f1deea5a8b9c6797c8f1263db526cf88899f7ecab544662eb34743cefb660a78cb9468d2900b3cda4cca9d89ab6d341d145acf249276dda272407bc98d9e5431316d468b9e4750f2316589dc4de3157592d27fd723a512c85b08035842b75ec422346f9696f4bb3226b0ca75d135ebd8cae46fb83b71c103e1fdcb1934fd1d28b4916abe2c44e26ea72be426c27052e816212096000155788943b846746c", 0xed}, {&(0x7f00000003c0)="5453b4b759f9d4f4f33bda880b70e0dadde06223919f4585429ef69078a4956f646ea03bfd4c090a003c01f32b1a175baf38c1eb4572c8b372a4cf9128062e58ff575546876a2804144c3aea98c4a3533396f87e860de8c66bceb0e6b387ec853b7e91c57587d38436637e702ae18eeccefdcd7a3cdd7bfc327b5d619b57d56afe1628b65e2948af5ee0e3f52746a5aff58bb7c6d253a58bf745584d1bc19fe5e42b5534eab9e9d2587b413e81f68b60f56130f82b327f5fe900e3e107bc6b783d1d23a056426d6502133386b51e657046c1c43a2a2c4a7611ee6592a5ee08700d24d832163b3def1f", 0xe9}, {&(0x7f0000000640)="d48c8225ddfdf2c06c27763617468581389d34126760ba3dd0fe077a7c2ce378dd62cafeeb4ba1493766d09fd561d69a5bf8109ffcd3e43d8c16b9c3fa92d4439c5af1fa4775d01dcf0748a24ab51b52fbe75287a4b9aaa18fd479bdd154b4efe531a242d90a1ca2799c242bfd4ddd8271448d3415bd3a907ad340dc2fa2471393212d02eb25242808cffdc4e7a646211c18ac8602f5fc1e4f82b72871a8d42f37988365ff226c1523bf01617976641421438e16378094c94f2e55a44150d9a358d92606afb12f21a63daadbb143d6ccdae88d53521b9fe51ffabb08ff67cb98266eeb1fbf81ec1e06", 0xe9}, {&(0x7f0000000040)="f96be6c391f1f8b23ae44a70a75f4a5ed0e013f80882907ab089ee65d16a6c6f5c666dad31257fb48b66d940a3819d0809971ea8274a65901b", 0x39}, {&(0x7f0000000740)="f52ec22aafecc37a6d9995f1afb5c1727f223f9b84451a110b1dfbf19cc7ed183ba93f6d55645001887fc999262b9c938e22ef5ec46b4b1b535060dcca5cff1f0e5a1d9b32cef2b6e0a61af7968dc1759c4d901867d7d6e9f2521f6a1578e1cc2fbf58837a2633c0b8299192718c61227412dafd01e899723b33735bbec3e1429117362acc4139fc3565f183bd5568f47f4bc416adb360fdd9c497c2ad2ffe1ad738f4c073f1378d2b455e61844076a4a97ac1e13e2fb300ae69d55c501f96dcc39bf7ed835cc866f0fbd8e936e8374a484f111919dc610e0a36a0ee3df2ab1dc34cea42a4292e2fbaa8", 0xea}, {&(0x7f0000000200)="057322e18609ed78266492c2a2ae3f0c0f3f6394c53de2727898d209dcb274efec9fc9995189ead7bf00148d091675fa045479985e4f644d258d0aa4a69618eb08ba045907a549ed83b88863c73d859acf1d16d599c71547d018", 0x5a}], 0x6}}, {{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)="acc870bde54caaeacb0000108cef4fa7bf44702b284b2e80cb32d33a86853c8c28797cd14c72c87f849f6ccbf3198d11a0b1ef000000000200000088e0e022b04dbd50d36f3c028c27ba0000000000000000000000000033", 0x58}, {&(0x7f0000000840)="b1f56ee29c433328d3b2a83bd97e37007087acae7568edff43ed556d76770122635aea1dc48755381c71590cd542e796cc2669e2af442a03760c5cdfc691b3da35ad6a8d2ef9c2baa53a8dec36a2e434d46e643a1277b1dd932f3ef2cf46c257d6a19523b8b789ef34b46e461725b5e437323385b88c368f8bb5b933aa9169f5f7b51dd5319b8016623d1863d70581691a79a6678db1e5e7fa1c98c5b9e4a87272e9c4a1bd98dbb2ab76919ba5c1020e80bd06", 0xb3}], 0x2}}], 0x2, 0xc0)

0s ago: executing program 3 (id=7288):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
memfd_create(&(0x7f0000000280)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecw)$\x04\x13\x87\x8bvi{\x96U', 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB="38010000100033060000000000000000ffffffff000000000000000000000000ac141400"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000010000000032000000fe88000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000044800"], 0x138}}, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="b00000000002010400000000000000000700000608000940ffffffff080004400000008108000840000000032000018006"], 0xb0}, 0x1, 0x0, 0x0, 0x8004}, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c00178018"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c00000211000300686173683a69702c6d61726b1a000000d205000100070000000900020073797a30000000007038e3a50a8b3a120500050000000000"], 0x4c}, 0x1, 0x0, 0x0, 0x2002c0c4}, 0x4000000)
r2 = memfd_create(&(0x7f0000001240)='[\v\xdbX\xae[\x1a\xad\xd1md\xc8\x85HX\xa9%\f\x1a,\xe2\x9c\xb4\xd7\xbc\xf1\xb3\x86\xe2/Op\xd0\xa2\x82\x1eb;(\xb5\xe1j\xc8\f\xe5\x89\x17\xee|J\x90=5\xed\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q%\x8a\xda\x05\x00f\xe3j%\x00\x00\x1c#\xc6\xd8\xdbD\x92P\xe16W\x10\xdau\xc7\x8f\xaa\x8d\xa9\x97\x9d\xcb\x1e\x80\xe7\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\xbdD\xcc\'\xa2\xaf`\xf6L\x0e\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecM\xe4H\xb7\xaf\xa8\x96dh\xa9\xab > \xac\x00O^\x14\xcbv\x17Hkb\xe7\xcb\x9d;\xd2\x9f\x05\xd1\x00\x8b\xd3\x9f\a\x99^v\xf7\xfa\xe5\xf0h\x87l\xd9\x15\xd2\x87~?\xb1\x9d\xc1\x92`\x8a\r\xfc\xeb\x14\xd1\x94\fv\x8a\xe3\x1d\x0fj}\x9f\xedsc\xd3\xee\xe6cXw\xa1\xbc\xd0o\xf9\x9cJ\b\x00\xd8;\\ik0+\xc8\xf2\x87\xdf\t\x97\x9dB\xc1\xa0\xa71\xf25GU|]A\x1eel \x8ff\xc6\nt\xd0\x91\x9d\x8c\xa4\xe5\xde\x06\x00\xffE\xf4\x96#\x92-9\xe5\xa7\xf8%\xb0I\xd4\x91r\xbf\x1bOS\xee}\x16\x87\x05\xf2\xb9\x81\x14\xe2NZ\\I\xd0[\xc4\xf2\"\x87\xf5\xb8\x95.M\xb1S\xbd\xe4i\x00\xc1b\t]?}0\t\xebV\xbci\xa5\x05\xca\xb6\xc22\x7fL\x89&\xa0\xcfMULr0rs\xb4\n\xa6)\xe23\xf0\x8d\x9dO\xb9\xc9\x83\xabS\x013\"\x1b\x97K\x17\x16\x89\a\xee\xc903\xad\x15\x1cH\xd2\x95\x91\xb4$\x1b\xbf\xaf\xf5\x9b\xc2\x85\xe7[\xe5\xfb}\x1d@f2\x11\x13Y\x98\xa4\xecWEE\x9eI\x05\v\x11\xad\x93!^T\xe5N\xf6LI\x9a6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbf\x1a\xc9(a\x06>g\xe5\x00:\x9au\xef\x14\t\x1f8E\x86\xcb\xd0e\x17\xfb\xc1', 0x1)
pipe2(&(0x7f0000000240)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x4800)
ppoll(&(0x7f00000000c0)=[{r3, 0x1007}], 0x1, 0x0, 0x0, 0x0)
close_range(r4, 0xffffffffffffffff, 0x0)
fsetxattr$security_ima(r2, &(0x7f0000000080), &(0x7f0000000540)=@v2={0x3, 0x2, 0x14, 0xb0f, 0x1, "ec"}, 0xa, 0x0)

kernel console output (not intermixed with test programs):

oogle Compute Engine, BIOS Google 05/07/2025
[ 1861.437015][T27441] Call Trace:
[ 1861.437023][T27441]  <TASK>
[ 1861.437031][T27441]  dump_stack_lvl+0x189/0x250
[ 1861.437061][T27441]  ? __pfx____ratelimit+0x10/0x10
[ 1861.437083][T27441]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1861.437109][T27441]  ? __pfx__printk+0x10/0x10
[ 1861.437138][T27441]  ? __might_fault+0xb0/0x130
[ 1861.437180][T27441]  should_fail_ex+0x414/0x560
[ 1861.437209][T27441]  _copy_from_user+0x2d/0xb0
[ 1861.437229][T27441]  ___sys_recvmsg+0x12e/0x510
[ 1861.437260][T27441]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1861.437309][T27441]  ? __fget_files+0x3a0/0x420
[ 1861.437347][T27441]  do_recvmmsg+0x307/0x770
[ 1861.437381][T27441]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1861.437418][T27441]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1861.437459][T27441]  __x64_sys_recvmmsg+0x190/0x240
[ 1861.437488][T27441]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1861.437512][T27441]  ? rcu_is_watching+0x15/0xb0
[ 1861.437540][T27441]  ? do_syscall_64+0xbe/0x3b0
[ 1861.437567][T27441]  do_syscall_64+0xfa/0x3b0
[ 1861.437606][T27441]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1861.437628][T27441]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1861.437648][T27441]  ? clear_bhb_loop+0x60/0xb0
[ 1861.437672][T27441]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1861.437692][T27441] RIP: 0033:0x7ff2dbd8e969
[ 1861.437709][T27441] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1861.437728][T27441] RSP: 002b:00007ff2dcb1c038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1861.437749][T27441] RAX: ffffffffffffffda RBX: 00007ff2dbfb5fa0 RCX: 00007ff2dbd8e969
[ 1861.437764][T27441] RDX: 0000000000000001 RSI: 0000200000000480 RDI: 0000000000000003
[ 1861.437776][T27441] RBP: 00007ff2dcb1c090 R08: 0000000000000000 R09: 0000000000000000
[ 1861.437789][T27441] R10: 0000000000010022 R11: 0000000000000246 R12: 0000000000000001
[ 1861.437801][T27441] R13: 0000000000000000 R14: 00007ff2dbfb5fa0 R15: 00007ffec2385268
[ 1861.437832][T27441]  </TASK>
[ 1862.248030][T27468] netlink: 'syz.7.6610': attribute type 4 has an invalid length.
[ 1862.292919][T24736] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[ 1862.463509][T27470] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[ 1862.541849][T24736] usb 1-1: Using ep0 maxpacket: 32
[ 1862.568487][T24736] usb 1-1: config index 0 descriptor too short (expected 36, got 16)
[ 1862.606804][T24736] usb 1-1: config 0 has an invalid descriptor of length 9, skipping remainder of the config
[ 1862.659016][T24736] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1862.710116][T24736] usb 1-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00
[ 1862.793601][T24736] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1863.046483][T24736] usb 1-1: config 0 descriptor??
[ 1863.390898][T22597] usb 1-1: USB disconnect, device number 63
[ 1863.962073][T27499] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[ 1865.321980][ T5915] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[ 1865.501794][ T5915] usb 1-1: Using ep0 maxpacket: 32
[ 1865.519503][ T5915] usb 1-1: config 202 has an invalid descriptor of length 0, skipping remainder of the config
[ 1865.539002][ T5915] usb 1-1: config 202 has 0 interfaces, different from the descriptor's value: 1
[ 1865.558755][ T5915] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[ 1865.579445][ T5915] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1866.467038][T27508] input: syz1 as /devices/virtual/input/input20
[ 1869.167067][T27549] FAULT_INJECTION: forcing a failure.
[ 1869.167067][T27549] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1869.205634][T27549] CPU: 1 UID: 0 PID: 27549 Comm: syz.7.6641 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1869.205663][T27549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1869.205676][T27549] Call Trace:
[ 1869.205683][T27549]  <TASK>
[ 1869.205692][T27549]  dump_stack_lvl+0x189/0x250
[ 1869.205722][T27549]  ? __pfx____ratelimit+0x10/0x10
[ 1869.205745][T27549]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1869.205771][T27549]  ? __pfx__printk+0x10/0x10
[ 1869.205800][T27549]  ? __might_fault+0xb0/0x130
[ 1869.205837][T27549]  should_fail_ex+0x414/0x560
[ 1869.205866][T27549]  _copy_from_user+0x2d/0xb0
[ 1869.205886][T27549]  ___sys_recvmsg+0x12e/0x510
[ 1869.205917][T27549]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1869.205966][T27549]  ? __fget_files+0x3a0/0x420
[ 1869.206004][T27549]  do_recvmmsg+0x307/0x770
[ 1869.206037][T27549]  ? __pfx_do_recvmmsg+0x10/0x10
[ 1869.206074][T27549]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1869.206115][T27549]  __x64_sys_recvmmsg+0x190/0x240
[ 1869.206144][T27549]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[ 1869.206168][T27549]  ? rcu_is_watching+0x15/0xb0
[ 1869.206196][T27549]  ? do_syscall_64+0xbe/0x3b0
[ 1869.206221][T27549]  do_syscall_64+0xfa/0x3b0
[ 1869.206242][T27549]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1869.206263][T27549]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1869.206281][T27549]  ? clear_bhb_loop+0x60/0xb0
[ 1869.206304][T27549]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1869.206321][T27549] RIP: 0033:0x7fca48f8e969
[ 1869.206338][T27549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1869.206355][T27549] RSP: 002b:00007fca49e8f038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1869.206375][T27549] RAX: ffffffffffffffda RBX: 00007fca491b5fa0 RCX: 00007fca48f8e969
[ 1869.206389][T27549] RDX: 040000000000012d RSI: 0000200000000080 RDI: 0000000000000003
[ 1869.206403][T27549] RBP: 00007fca49e8f090 R08: 0000000000000000 R09: 0000000000000000
[ 1869.206415][T27549] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000001
[ 1869.206429][T27549] R13: 0000000000000000 R14: 00007fca491b5fa0 R15: 00007ffc37e91d48
[ 1869.206466][T27549]  </TASK>
[ 1869.826140][ T5915] usb 1-1: string descriptor 0 read error: -71
[ 1869.864310][ T5915] usb 1-1: USB disconnect, device number 64
[ 1869.913673][T27564] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6646'.
[ 1870.736673][T17395] Bluetooth: hci1: command 0x0406 tx timeout
[ 1871.198165][T27595] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6660'.
[ 1871.278909][T17395] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1871.290061][T17395] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1871.299056][T17395] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1871.307782][T17395] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1871.315753][T17395] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1871.683993][T27467] bridge0: port 1(syz_tun) entered disabled state
[ 1871.802335][T27611] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6665'.
[ 1871.811420][T27611] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6665'.
[ 1871.934118][T27467] syz_tun (unregistering): left allmulticast mode
[ 1871.971675][T27467] syz_tun (unregistering): left promiscuous mode
[ 1872.592053][T27467] bridge0: port 1(syz_tun) entered disabled state
[ 1873.076542][T27630] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6671'.
[ 1873.129298][T27629] FAULT_INJECTION: forcing a failure.
[ 1873.129298][T27629] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1873.201278][T27629] CPU: 1 UID: 0 PID: 27629 Comm: syz.1.6670 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1873.201318][T27629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1873.201336][T27629] Call Trace:
[ 1873.201350][T27629]  <TASK>
[ 1873.201364][T27629]  dump_stack_lvl+0x189/0x250
[ 1873.201409][T27629]  ? __pfx____ratelimit+0x10/0x10
[ 1873.201445][T27629]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1873.201486][T27629]  ? __pfx__printk+0x10/0x10
[ 1873.201527][T27629]  ? __might_fault+0xb0/0x130
[ 1873.201564][T27629]  should_fail_ex+0x414/0x560
[ 1873.201594][T27629]  _copy_from_user+0x2d/0xb0
[ 1873.201613][T27629]  __sys_connect+0x123/0x440
[ 1873.201635][T27629]  ? __fget_files+0x3a0/0x420
[ 1873.201663][T27629]  ? __pfx___sys_connect+0x10/0x10
[ 1873.201695][T27629]  ? __pfx_ksys_write+0x10/0x10
[ 1873.201717][T27629]  ? rcu_is_watching+0x15/0xb0
[ 1873.201748][T27629]  __x64_sys_connect+0x7a/0x90
[ 1873.201771][T27629]  do_syscall_64+0xfa/0x3b0
[ 1873.201793][T27629]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1873.201814][T27629]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1873.201832][T27629]  ? clear_bhb_loop+0x60/0xb0
[ 1873.201855][T27629]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1873.201873][T27629] RIP: 0033:0x7ff2dbd8e969
[ 1873.201890][T27629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1873.201906][T27629] RSP: 002b:00007ff2dcb1c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a
[ 1873.201926][T27629] RAX: ffffffffffffffda RBX: 00007ff2dbfb5fa0 RCX: 00007ff2dbd8e969
[ 1873.201940][T27629] RDX: 0000000000000010 RSI: 0000200000000340 RDI: 0000000000000003
[ 1873.201952][T27629] RBP: 00007ff2dcb1c090 R08: 0000000000000000 R09: 0000000000000000
[ 1873.201964][T27629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1873.201975][T27629] R13: 0000000000000000 R14: 00007ff2dbfb5fa0 R15: 00007ffec2385268
[ 1873.202003][T27629]  </TASK>
[ 1873.416413][T24666] Bluetooth: hci6: command tx timeout
[ 1873.787830][ T9221] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1873.838847][T27599] chnl_net:caif_netlink_parms(): no params data found
[ 1873.861773][T27384] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[ 1874.024752][T27384] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1874.037999][ T9221] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1874.065280][T27384] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1874.081614][T27384] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1874.089771][T27384] usb 1-1: Product: syz
[ 1874.101928][T27384] usb 1-1: Manufacturer: syz
[ 1874.106548][T27384] usb 1-1: SerialNumber: syz
[ 1874.300124][T27648] hsr0: entered promiscuous mode
[ 1874.309879][T27648] macsec1: entered promiscuous mode
[ 1874.330329][T27648] macsec1: entered allmulticast mode
[ 1874.335779][T27648] hsr0: entered allmulticast mode
[ 1874.340944][T27648] hsr_slave_0: entered allmulticast mode
[ 1874.349040][T27384] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 65 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1874.361139][T27648] hsr_slave_1: entered allmulticast mode
[ 1874.374630][T27648] hsr0: left allmulticast mode
[ 1874.380023][T27648] hsr_slave_0: left allmulticast mode
[ 1874.388567][T27648] hsr_slave_1: left allmulticast mode
[ 1874.462822][ T9221] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1874.743635][ T9221] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1875.475934][T24666] Bluetooth: hci6: command tx timeout
[ 1875.505681][T27599] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1875.518551][T27599] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1875.527619][T27599] bridge_slave_0: entered allmulticast mode
[ 1875.537563][T27599] bridge_slave_0: entered promiscuous mode
[ 1875.544705][T27668] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6683'.
[ 1875.546993][T27599] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1875.562803][T27599] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1875.573720][T27599] bridge_slave_1: entered allmulticast mode
[ 1875.581353][T27599] bridge_slave_1: entered promiscuous mode
[ 1876.136936][T27599] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1876.149792][T27599] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1876.632512][T16945] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[ 1877.073910][T16945] usb 8-1: Using ep0 maxpacket: 8
[ 1877.121911][T16945] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1877.157322][T16945] usb 8-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[ 1877.179619][T27683] FAULT_INJECTION: forcing a failure.
[ 1877.179619][T27683] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1877.213315][T16945] usb 8-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[ 1877.226861][T16945] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1877.239321][T27599] team0: Port device team_slave_0 added
[ 1877.243331][T27683] CPU: 1 UID: 0 PID: 27683 Comm: syz.1.6690 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1877.243358][T27683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1877.243372][T27683] Call Trace:
[ 1877.243380][T27683]  <TASK>
[ 1877.243389][T27683]  dump_stack_lvl+0x189/0x250
[ 1877.243424][T27683]  ? __pfx____ratelimit+0x10/0x10
[ 1877.243448][T27683]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1877.243476][T27683]  ? __pfx__printk+0x10/0x10
[ 1877.243507][T27683]  ? __might_fault+0xb0/0x130
[ 1877.243551][T27683]  should_fail_ex+0x414/0x560
[ 1877.243581][T27683]  _copy_from_user+0x2d/0xb0
[ 1877.243602][T27683]  __sys_bpf+0x1ed/0x860
[ 1877.243631][T27683]  ? __pfx___sys_bpf+0x10/0x10
[ 1877.243664][T27683]  ? ksys_write+0x22a/0x250
[ 1877.243693][T27683]  ? __pfx_ksys_write+0x10/0x10
[ 1877.243717][T27683]  ? rcu_is_watching+0x15/0xb0
[ 1877.243751][T27683]  __x64_sys_bpf+0x7c/0x90
[ 1877.243791][T27683]  do_syscall_64+0xfa/0x3b0
[ 1877.243814][T27683]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1877.243837][T27683]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1877.243857][T27683]  ? clear_bhb_loop+0x60/0xb0
[ 1877.243881][T27683]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1877.243901][T27683] RIP: 0033:0x7ff2dbd8e969
[ 1877.243919][T27683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1877.243937][T27683] RSP: 002b:00007ff2dcb1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1877.243958][T27683] RAX: ffffffffffffffda RBX: 00007ff2dbfb5fa0 RCX: 00007ff2dbd8e969
[ 1877.243974][T27683] RDX: 0000000000000094 RSI: 0000200000000440 RDI: 0000000000000005
[ 1877.243988][T27683] RBP: 00007ff2dcb1c090 R08: 0000000000000000 R09: 0000000000000000
[ 1877.244000][T27683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1877.244013][T27683] R13: 0000000000000000 R14: 00007ff2dbfb5fa0 R15: 00007ffec2385268
[ 1877.244043][T27683]  </TASK>
[ 1877.254238][T16945] usb 8-1: Product: syz
[ 1877.269820][T27599] team0: Port device team_slave_1 added
[ 1877.308833][T16945] usb 8-1: Manufacturer: syz
[ 1877.457969][T16945] usb 8-1: SerialNumber: syz
[ 1877.551683][T24666] Bluetooth: hci6: command tx timeout
[ 1877.600869][T16945] usb 8-1: config 0 descriptor??
[ 1878.206607][T27698] netlink: 'syz.3.6695': attribute type 4 has an invalid length.
[ 1878.756307][T24666] Bluetooth: hci3: unknown advertising packet type: 0xa4
[ 1878.756376][T24666] Bluetooth: hci3: unknown advertising packet type: 0x49
[ 1878.764170][T24666] Bluetooth: hci3: unknown advertising packet type: 0x9d
[ 1878.912806][ T9221] batman_adv: batadv0: Interface deactivated: macsec2
[ 1878.945384][ T9221] batman_adv: batadv0: Removing interface: macsec2
[ 1879.093654][ T9221] bond0 (unregistering): Released all slaves
[ 1879.252773][T27599] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1879.259842][T27599] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1879.291487][T27599] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1879.313205][ T9221] tipc: Left network mode
[ 1879.319287][T27599] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1879.332873][T27599] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1879.371229][T27599] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1879.439297][T27710] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6698'.
[ 1879.479187][T27712] FAULT_INJECTION: forcing a failure.
[ 1879.479187][T27712] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1879.497214][T27712] CPU: 0 UID: 0 PID: 27712 Comm: syz.1.6699 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1879.497243][T27712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1879.497256][T27712] Call Trace:
[ 1879.497264][T27712]  <TASK>
[ 1879.497273][T27712]  dump_stack_lvl+0x189/0x250
[ 1879.497305][T27712]  ? __pfx____ratelimit+0x10/0x10
[ 1879.497328][T27712]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1879.497354][T27712]  ? __pfx__printk+0x10/0x10
[ 1879.497383][T27712]  ? __might_fault+0xb0/0x130
[ 1879.497420][T27712]  should_fail_ex+0x414/0x560
[ 1879.497449][T27712]  _copy_from_user+0x2d/0xb0
[ 1879.497469][T27712]  __sys_bpf+0x1ed/0x860
[ 1879.497492][T27712]  ? __pfx___sys_bpf+0x10/0x10
[ 1879.497522][T27712]  ? ksys_write+0x22a/0x250
[ 1879.497548][T27712]  ? __pfx_ksys_write+0x10/0x10
[ 1879.497576][T27712]  ? rcu_is_watching+0x15/0xb0
[ 1879.497607][T27712]  __x64_sys_bpf+0x7c/0x90
[ 1879.497636][T27712]  do_syscall_64+0xfa/0x3b0
[ 1879.497657][T27712]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1879.497679][T27712]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1879.497698][T27712]  ? clear_bhb_loop+0x60/0xb0
[ 1879.497720][T27712]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1879.497737][T27712] RIP: 0033:0x7ff2dbd8e969
[ 1879.497754][T27712] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1879.497770][T27712] RSP: 002b:00007ff2dcb1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1879.497789][T27712] RAX: ffffffffffffffda RBX: 00007ff2dbfb5fa0 RCX: 00007ff2dbd8e969
[ 1879.497804][T27712] RDX: 0000000000000094 RSI: 0000200000000180 RDI: 0000000000000005
[ 1879.497816][T27712] RBP: 00007ff2dcb1c090 R08: 0000000000000000 R09: 0000000000000000
[ 1879.497828][T27712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1879.497839][T27712] R13: 0000000000000001 R14: 00007ff2dbfb5fa0 R15: 00007ffec2385268
[ 1879.497867][T27712]  </TASK>
[ 1879.694672][T24666] Bluetooth: hci6: command tx timeout
[ 1879.809301][T24736] usb 8-1: USB disconnect, device number 4
[ 1879.862408][T27599] hsr_slave_0: entered promiscuous mode
[ 1879.869989][T27599] hsr_slave_1: entered promiscuous mode
[ 1879.877792][T27599] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1879.885736][T27599] Cannot create hsr debugfs directory
[ 1879.981837][T16945] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[ 1880.090473][ T9221] hsr_slave_0: left promiscuous mode
[ 1880.104859][ T9221] hsr_slave_1: left promiscuous mode
[ 1880.163822][ T9221] veth1_macvtap: left promiscuous mode
[ 1880.165424][T16945] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[ 1880.169504][ T9221] veth0_macvtap: left promiscuous mode
[ 1880.204931][T16945] usb 2-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[ 1880.222547][ T9221] veth1_vlan: left promiscuous mode
[ 1880.228029][ T9221] veth0_vlan: left promiscuous mode
[ 1880.231640][T16945] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1880.284792][T16945] usb 2-1: config 0 descriptor??
[ 1880.524674][T27715] netlink: 'syz.1.6701': attribute type 29 has an invalid length.
[ 1880.565001][T27715] netlink: 'syz.1.6701': attribute type 3 has an invalid length.
[ 1880.607112][T27715] netlink: 76 bytes leftover after parsing attributes in process `syz.1.6701'.
[ 1880.672831][T16945] usb 2-1: USB disconnect, device number 52
[ 1881.484420][T27740] netlink: 'syz.3.6706': attribute type 4 has an invalid length.
[ 1881.578049][T16945] usb 1-1: USB disconnect, device number 65
[ 1881.607222][T16945] usblp0: removed
[ 1882.124472][T27750] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1882.133406][T27750] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null.
[ 1882.144600][T27750] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1883.045049][T27764] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6712'.
[ 1884.164232][   T30] audit: type=1804 audit(1748401453.455:741): pid=27770 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.0.6714" name="/newroot/135/file0" dev="tmpfs" ino=714 res=1 errno=0
[ 1884.189209][T27770] ref_ctr increment failed for inode: 0x2ca offset: 0x7 ref_ctr_offset: 0x2 of mm: 0xffff888028381500
[ 1884.207356][T27769] uprobe: syz.0.6714:27769 failed to unregister, leaking uprobe
[ 1886.696645][T27792] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1887.162154][T22597] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[ 1887.331853][T27813] FAULT_INJECTION: forcing a failure.
[ 1887.331853][T27813] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1887.382031][T22597] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1887.442093][T27813] CPU: 0 UID: 0 PID: 27813 Comm: syz.0.6725 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1887.442121][T27813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1887.442133][T27813] Call Trace:
[ 1887.442140][T27813]  <TASK>
[ 1887.442149][T27813]  dump_stack_lvl+0x189/0x250
[ 1887.442180][T27813]  ? __pfx____ratelimit+0x10/0x10
[ 1887.442202][T27813]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1887.442227][T27813]  ? __pfx__printk+0x10/0x10
[ 1887.442256][T27813]  ? __might_fault+0xb0/0x130
[ 1887.442293][T27813]  should_fail_ex+0x414/0x560
[ 1887.442321][T27813]  _copy_from_user+0x2d/0xb0
[ 1887.442341][T27813]  __sys_sendto+0x25c/0x520
[ 1887.442367][T27813]  ? __pfx___sys_sendto+0x10/0x10
[ 1887.442385][T27813]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1887.442420][T27813]  ? __fget_files+0x3a0/0x420
[ 1887.442474][T27813]  ? ksys_write+0x22a/0x250
[ 1887.442501][T27813]  ? __pfx_ksys_write+0x10/0x10
[ 1887.442524][T27813]  ? rcu_is_watching+0x15/0xb0
[ 1887.442554][T27813]  __x64_sys_sendto+0xde/0x100
[ 1887.442581][T27813]  do_syscall_64+0xfa/0x3b0
[ 1887.442604][T27813]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1887.442633][T27813]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1887.442653][T27813]  ? clear_bhb_loop+0x60/0xb0
[ 1887.442677][T27813]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1887.442706][T27813] RIP: 0033:0x7f709f18e969
[ 1887.442723][T27813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1887.442739][T27813] RSP: 002b:00007f70a00cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1887.442759][T27813] RAX: ffffffffffffffda RBX: 00007f709f3b5fa0 RCX: 00007f709f18e969
[ 1887.442773][T27813] RDX: 000000000000ff4b RSI: 0000200000000040 RDI: 0000000000000004
[ 1887.442785][T27813] RBP: 00007f70a00cf090 R08: 0000200000000000 R09: 0000000000000014
[ 1887.442797][T27813] R10: 0000000004000050 R11: 0000000000000246 R12: 0000000000000001
[ 1887.442809][T27813] R13: 0000000000000000 R14: 00007f709f3b5fa0 R15: 00007ffe9c1fd788
[ 1887.442837][T27813]  </TASK>
[ 1887.466796][T22597] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1887.583442][T27817] vivid-002: disconnect
[ 1887.696433][T27820] netlink: 'syz.3.6724': attribute type 4 has an invalid length.
[ 1888.004738][T27599] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1888.074488][T22597] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1888.083360][T22597] usb 8-1: Product: syz
[ 1888.094544][T22597] usb 8-1: Manufacturer: syz
[ 1888.099163][T22597] usb 8-1: SerialNumber: syz
[ 1888.511032][T22597] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1888.909944][T27599] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1888.944028][T27817] vivid-002: reconnect
[ 1888.987358][T27599] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1889.013440][T27599] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1889.191976][T24736] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[ 1889.235087][T27599] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1889.400231][T24736] usb 1-1: device descriptor read/64, error -71
[ 1889.635977][T27599] 8021q: adding VLAN 0 to HW filter on device team0
[ 1889.641899][T24736] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[ 1889.669852][T23301] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1889.677154][T23301] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1889.718442][T23301] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1889.725734][T23301] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1889.821704][T24736] usb 1-1: device descriptor read/64, error -71
[ 1889.827449][T27599] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1889.962388][T24736] usb usb1-port1: attempt power cycle
[ 1890.208059][T27384] usb 8-1: USB disconnect, device number 5
[ 1890.266992][T27384] usblp0: removed
[ 1890.323009][T24736] usb 1-1: new high-speed USB device number 68 using dummy_hcd
[ 1890.386410][T24736] usb 1-1: device descriptor read/8, error -71
[ 1890.428094][T27864] FAULT_INJECTION: forcing a failure.
[ 1890.428094][T27864] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1890.435801][T27599] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1890.467056][T27864] CPU: 1 UID: 0 PID: 27864 Comm: syz.1.6735 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1890.467082][T27864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1890.467094][T27864] Call Trace:
[ 1890.467101][T27864]  <TASK>
[ 1890.467110][T27864]  dump_stack_lvl+0x189/0x250
[ 1890.467141][T27864]  ? __pfx____ratelimit+0x10/0x10
[ 1890.467162][T27864]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1890.467188][T27864]  ? __pfx__printk+0x10/0x10
[ 1890.467217][T27864]  ? __might_fault+0xb0/0x130
[ 1890.467254][T27864]  should_fail_ex+0x414/0x560
[ 1890.467283][T27864]  _copy_from_user+0x2d/0xb0
[ 1890.467303][T27864]  do_sock_getsockopt+0x1cd/0x650
[ 1890.467329][T27864]  ? __pfx_do_sock_getsockopt+0x10/0x10
[ 1890.467353][T27864]  ? write_ibpb+0x10/0x40
[ 1890.467381][T27864]  ? __fget_files+0x3a0/0x420
[ 1890.467407][T27864]  ? __fget_files+0x2a/0x420
[ 1890.467441][T27864]  __x64_sys_getsockopt+0x1a5/0x250
[ 1890.467464][T27864]  ? write_ibpb+0x10/0x40
[ 1890.467487][T27864]  ? write_ibpb+0x10/0x40
[ 1890.467512][T27864]  do_syscall_64+0xfa/0x3b0
[ 1890.467533][T27864]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1890.467555][T27864]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1890.467573][T27864]  ? clear_bhb_loop+0x60/0xb0
[ 1890.467596][T27864]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1890.467620][T27864] RIP: 0033:0x7ff2dbd8e969
[ 1890.467636][T27864] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1890.467653][T27864] RSP: 002b:00007ff2dcb1c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037
[ 1890.467671][T27864] RAX: ffffffffffffffda RBX: 00007ff2dbfb5fa0 RCX: 00007ff2dbd8e969
[ 1890.467685][T27864] RDX: 0000000000000080 RSI: 0000000000000084 RDI: 0000000000000003
[ 1890.467696][T27864] RBP: 00007ff2dcb1c090 R08: 0000200000000000 R09: 0000000000000000
[ 1890.467709][T27864] R10: 0000200000002100 R11: 0000000000000246 R12: 0000000000000001
[ 1890.467721][T27864] R13: 0000000000000000 R14: 00007ff2dbfb5fa0 R15: 00007ffec2385268
[ 1890.467749][T27864]  </TASK>
[ 1890.977172][T24736] usb 1-1: new high-speed USB device number 69 using dummy_hcd
[ 1891.012064][T24736] usb 1-1: device descriptor read/8, error -71
[ 1891.098582][T27879] netlink: 'syz.1.6737': attribute type 4 has an invalid length.
[ 1891.341030][T24736] usb usb1-port1: unable to enumerate USB device
[ 1891.610565][T27894] __vm_enough_memory: pid: 27894, comm: syz.7.6740, bytes: 4503599627366400 not enough memory for the allocation
[ 1891.883876][T27599] veth0_vlan: entered promiscuous mode
[ 1891.909085][T27599] veth1_vlan: entered promiscuous mode
[ 1891.975604][T27599] veth0_macvtap: entered promiscuous mode
[ 1892.003666][T27599] veth1_macvtap: entered promiscuous mode
[ 1892.029572][T27599] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1892.065797][T27599] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1892.241492][T27599] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1892.292218][T27599] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1892.352520][T27599] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1892.530341][T27599] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1892.934832][T27909] sctp: [Deprecated]: syz.7.6745 (pid 27909) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1892.934832][T27909] Use struct sctp_sack_info instead
[ 1893.009830][ T5929] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1893.010615][T23301] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1893.017715][ T5929] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1893.031591][T22597] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[ 1893.147136][T23301] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1894.245492][T22597] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1894.293003][T22597] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1894.317946][T22597] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1894.339682][T22597] usb 2-1: Product: syz
[ 1894.351463][T22597] usb 2-1: Manufacturer: syz
[ 1894.374552][T22597] usb 2-1: SerialNumber: syz
[ 1894.642481][T22597] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 53 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1894.668274][T27949] FAULT_INJECTION: forcing a failure.
[ 1894.668274][T27949] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1894.765523][T27949] CPU: 1 UID: 0 PID: 27949 Comm: syz.6.6753 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1894.765552][T27949] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1894.765563][T27949] Call Trace:
[ 1894.765569][T27949]  <TASK>
[ 1894.765577][T27949]  dump_stack_lvl+0x189/0x250
[ 1894.765604][T27949]  ? __pfx____ratelimit+0x10/0x10
[ 1894.765623][T27949]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1894.765644][T27949]  ? __pfx__printk+0x10/0x10
[ 1894.765667][T27949]  ? __might_fault+0xb0/0x130
[ 1894.765696][T27949]  should_fail_ex+0x414/0x560
[ 1894.765719][T27949]  _copy_from_user+0x2d/0xb0
[ 1894.765735][T27949]  ___sys_sendmsg+0x158/0x2a0
[ 1894.765758][T27949]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1894.765806][T27949]  ? __fget_files+0x2a/0x420
[ 1894.765827][T27949]  ? __fget_files+0x3a0/0x420
[ 1894.765857][T27949]  __x64_sys_sendmsg+0x19b/0x260
[ 1894.765878][T27949]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1894.765904][T27949]  ? __pfx_ksys_write+0x10/0x10
[ 1894.765921][T27949]  ? rcu_is_watching+0x15/0xb0
[ 1894.765944][T27949]  ? do_syscall_64+0xbe/0x3b0
[ 1894.765984][T27949]  do_syscall_64+0xfa/0x3b0
[ 1894.766013][T27949]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1894.766035][T27949]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1894.766053][T27949]  ? clear_bhb_loop+0x60/0xb0
[ 1894.766076][T27949]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1894.766093][T27949] RIP: 0033:0x7f9616d8e969
[ 1894.766111][T27949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1894.766127][T27949] RSP: 002b:00007f9617c04038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1894.766148][T27949] RAX: ffffffffffffffda RBX: 00007f9616fb5fa0 RCX: 00007f9616d8e969
[ 1894.766161][T27949] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003
[ 1894.766173][T27949] RBP: 00007f9617c04090 R08: 0000000000000000 R09: 0000000000000000
[ 1894.766202][T27949] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1894.766213][T27949] R13: 0000000000000000 R14: 00007f9616fb5fa0 R15: 00007ffeb9224688
[ 1894.766243][T27949]  </TASK>
[ 1895.037193][T27952] netlink: 'syz.3.6752': attribute type 4 has an invalid length.
[ 1896.761775][   T10] usb 2-1: USB disconnect, device number 53
[ 1896.862630][   T10] usblp0: removed
[ 1897.441650][T27384] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[ 1897.607623][T27384] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1897.637375][T27384] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[ 1897.669256][T27384] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1897.737159][T27384] usb 2-1: config 0 descriptor??
[ 1898.202533][T27384] lg-g15 0003:046D:C222.0005: hidraw0: USB HID v10.00 Device [HID 046d:c222] on usb-dummy_hcd.1-1/input0
[ 1898.385068][T16945] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[ 1899.333340][T16945] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1900.098935][T24736] usb 2-1: USB disconnect, device number 54
[ 1900.116253][T16945] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1900.132778][T16945] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1900.141419][T16945] usb 7-1: Product: syz
[ 1900.145976][T16945] usb 7-1: Manufacturer: syz
[ 1900.150591][T16945] usb 7-1: SerialNumber: syz
[ 1900.394469][T16945] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1900.560857][T24666] Bluetooth: hci4: unexpected cc 0x203e length: 2 > 1
[ 1900.568391][T24666] Bluetooth: hci4: unexpected event for opcode 0x203e
[ 1901.724116][T28081] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6792'.
[ 1902.337971][T22597] usb 7-1: USB disconnect, device number 2
[ 1902.581974][T22597] usblp0: removed
[ 1902.740886][T28103] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[ 1906.191980][   T24] usb 8-1: new full-speed USB device number 6 using dummy_hcd
[ 1906.363412][   T24] usb 8-1: config 0 has an invalid interface number: 176 but max is 2
[ 1906.372005][   T24] usb 8-1: config 0 has no interface number 1
[ 1906.380447][   T24] usb 8-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[ 1906.389694][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1906.400140][   T24] usb 8-1: config 0 descriptor??
[ 1906.461734][T16945] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[ 1906.469775][T22597] usb 1-1: new high-speed USB device number 70 using dummy_hcd
[ 1906.623395][T28127] sp0: Synchronizing with TNC
[ 1906.643433][T22597] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1906.678877][T16945] usb 7-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[ 1906.697457][T16945] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1906.709668][T22597] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1906.729166][T16945] usb 7-1: Product: syz
[ 1906.740382][T16945] usb 7-1: Manufacturer: syz
[ 1906.745269][T22597] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1906.753799][T16945] usb 7-1: SerialNumber: syz
[ 1906.765523][T22597] usb 1-1: Product: syz
[ 1906.772735][T22597] usb 1-1: Manufacturer: syz
[ 1906.777526][T22597] usb 1-1: SerialNumber: syz
[ 1906.782592][   T24] usb 8-1: Could not set interface, error -71
[ 1906.796778][T16945] usb 7-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[ 1906.828781][T26211] usb 7-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[ 1906.868598][   T24] usb 8-1: USB disconnect, device number 6
[ 1907.075189][T22597] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 70 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1907.166014][T28149] bond_slave_0: entered promiscuous mode
[ 1907.172113][T28149] bond_slave_1: entered promiscuous mode
[ 1907.188480][T28149] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1907.199750][T28149] team0: Port device macvlan2 added
[ 1907.584515][T24666] Bluetooth: hci4: unexpected event for opcode 0x0c7b
[ 1907.941763][T26211] ath9k_htc 7-1:1.0: ath9k_htc: Target is unresponsive
[ 1907.960134][T26211] ath9k_htc: Failed to initialize the device
[ 1908.482094][T26211] usb 7-1: ath9k_htc: USB layer deinitialized
[ 1908.639578][T28153] vimc link validate: Sensor B:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 1:snk:640x480 (0x33424752, 8, 0, 0, 0)
[ 1909.688568][T28178] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1910.005198][T27384] usb 7-1: USB disconnect, device number 3
[ 1910.249460][T28136] uprobe: syz.6.6811:28136 failed to unregister, leaking uprobe
[ 1910.268525][T28180] bridge_slave_0: left allmulticast mode
[ 1910.283390][T28136] uprobe: syz.6.6811:28136 failed to unregister, leaking uprobe
[ 1910.307163][T28182] FAULT_INJECTION: forcing a failure.
[ 1910.307163][T28182] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1910.320523][T28180] bridge_slave_0: left promiscuous mode
[ 1910.331605][T28180] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1910.362521][T28180] bridge_slave_1: left allmulticast mode
[ 1910.369460][T28180] bridge_slave_1: left promiscuous mode
[ 1910.401706][T28182] CPU: 1 UID: 0 PID: 28182 Comm: syz.7.6827 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1910.401735][T28182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1910.401749][T28182] Call Trace:
[ 1910.401757][T28182]  <TASK>
[ 1910.401767][T28182]  dump_stack_lvl+0x189/0x250
[ 1910.401803][T28182]  ? __pfx____ratelimit+0x10/0x10
[ 1910.401827][T28182]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1910.401855][T28182]  ? __pfx__printk+0x10/0x10
[ 1910.401887][T28182]  ? __might_fault+0xb0/0x130
[ 1910.401932][T28182]  should_fail_ex+0x414/0x560
[ 1910.401964][T28182]  _copy_from_user+0x2d/0xb0
[ 1910.401986][T28182]  ___sys_sendmsg+0x158/0x2a0
[ 1910.402017][T28182]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1910.402080][T28182]  ? __fget_files+0x2a/0x420
[ 1910.402109][T28182]  ? __fget_files+0x3a0/0x420
[ 1910.402149][T28182]  __sys_sendmmsg+0x227/0x430
[ 1910.402182][T28182]  ? __pfx___sys_sendmmsg+0x10/0x10
[ 1910.402206][T28182]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1910.402258][T28182]  ? ksys_write+0x22a/0x250
[ 1910.402286][T28182]  ? __pfx_ksys_write+0x10/0x10
[ 1910.402309][T28182]  ? rcu_is_watching+0x15/0xb0
[ 1910.402342][T28182]  __x64_sys_sendmmsg+0xa0/0xc0
[ 1910.402371][T28182]  do_syscall_64+0xfa/0x3b0
[ 1910.402394][T28182]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1910.402417][T28182]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1910.402437][T28182]  ? clear_bhb_loop+0x60/0xb0
[ 1910.402462][T28182]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1910.402482][T28182] RIP: 0033:0x7fca48f8e969
[ 1910.402500][T28182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1910.402517][T28182] RSP: 002b:00007fca49e8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[ 1910.402539][T28182] RAX: ffffffffffffffda RBX: 00007fca491b5fa0 RCX: 00007fca48f8e969
[ 1910.402554][T28182] RDX: 000000000000fdef RSI: 00002000000020c0 RDI: 0000000000000004
[ 1910.402567][T28182] RBP: 00007fca49e8f090 R08: 0000000000000000 R09: 0000000000000000
[ 1910.402580][T28182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1910.402593][T28182] R13: 0000000000000000 R14: 00007fca491b5fa0 R15: 00007ffc37e91d48
[ 1910.402623][T28182]  </TASK>
[ 1910.651697][T28180] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1910.825617][T28180] bond0: (slave bond_slave_0): Releasing backup interface
[ 1910.848015][T28180] bond0: (slave bond_slave_1): Releasing backup interface
[ 1910.949110][T28180] team0: Port device team_slave_0 removed
[ 1910.968051][T28180] team0: Port device team_slave_1 removed
[ 1910.979051][T28180] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1910.988442][T28180] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1911.003335][T28180] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1911.015687][T28180] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1911.132273][T26211] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[ 1911.173498][T28175] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1911.316165][T26211] usb 7-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[ 1911.329588][T26211] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1911.346639][T26211] usb 7-1: config 0 descriptor??
[ 1911.370097][T26211] gspca_main: spca508-2.14.0 probing 8086:0110
[ 1911.564886][T26211] gspca_spca508: reg_read err -32
[ 1911.570866][T26211] gspca_spca508: reg_read err -32
[ 1911.784892][T28188] ieee802154 phy0 wpan0: encryption failed: -22
[ 1911.836847][T28188] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6829'.
[ 1911.928422][T26211] gspca_spca508: reg_read err -71
[ 1911.962027][T26211] gspca_spca508: reg_read err -71
[ 1911.975618][T26211] gspca_spca508: reg write: error -71
[ 1911.987874][T26211] spca508 7-1:0.0: probe with driver spca508 failed with error -71
[ 1912.120948][T26211] usb 7-1: USB disconnect, device number 4
[ 1913.342185][T28217] FAULT_INJECTION: forcing a failure.
[ 1913.342185][T28217] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1913.461297][T28217] CPU: 0 UID: 0 PID: 28217 Comm: syz.1.6839 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1913.461329][T28217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1913.461344][T28217] Call Trace:
[ 1913.461353][T28217]  <TASK>
[ 1913.461363][T28217]  dump_stack_lvl+0x189/0x250
[ 1913.461400][T28217]  ? __pfx____ratelimit+0x10/0x10
[ 1913.461434][T28217]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1913.461464][T28217]  ? __pfx__printk+0x10/0x10
[ 1913.461500][T28217]  ? __might_fault+0xb0/0x130
[ 1913.461543][T28217]  should_fail_ex+0x414/0x560
[ 1913.461576][T28217]  _copy_from_user+0x2d/0xb0
[ 1913.461598][T28217]  ___sys_sendmsg+0x158/0x2a0
[ 1913.461629][T28217]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1913.461706][T28217]  ? __fget_files+0x2a/0x420
[ 1913.461734][T28217]  ? __fget_files+0x3a0/0x420
[ 1913.461772][T28217]  __x64_sys_sendmsg+0x19b/0x260
[ 1913.461802][T28217]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1913.461838][T28217]  ? __pfx_ksys_write+0x10/0x10
[ 1913.461860][T28217]  ? rcu_is_watching+0x15/0xb0
[ 1913.461889][T28217]  ? do_syscall_64+0xbe/0x3b0
[ 1913.461917][T28217]  do_syscall_64+0xfa/0x3b0
[ 1913.461940][T28217]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1913.461962][T28217]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1913.461982][T28217]  ? clear_bhb_loop+0x60/0xb0
[ 1913.462006][T28217]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1913.462025][T28217] RIP: 0033:0x7ff2dbd8e969
[ 1913.462043][T28217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1913.462059][T28217] RSP: 002b:00007ff2dcb1c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1913.462081][T28217] RAX: ffffffffffffffda RBX: 00007ff2dbfb5fa0 RCX: 00007ff2dbd8e969
[ 1913.462097][T28217] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003
[ 1913.462110][T28217] RBP: 00007ff2dcb1c090 R08: 0000000000000000 R09: 0000000000000000
[ 1913.462123][T28217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1913.462135][T28217] R13: 0000000000000000 R14: 00007ff2dbfb5fa0 R15: 00007ffec2385268
[ 1913.462165][T28217]  </TASK>
[ 1913.702315][T24666] Bluetooth: hci4: command 0x0406 tx timeout
[ 1914.387164][T27384] usb 1-1: USB disconnect, device number 70
[ 1914.422355][T27384] usblp0: removed
[ 1914.822512][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1914.908153][T28233] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[ 1915.032007][ T5915] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[ 1915.766101][ T5915] usb 8-1: config 0 has an invalid interface number: 51 but max is 0
[ 1915.786173][ T5915] usb 8-1: config 0 has no interface number 0
[ 1915.805696][ T5915] usb 8-1: config 0 interface 51 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[ 1915.868152][ T5915] usb 8-1: New USB device found, idVendor=12d1, idProduct=8869, bcdDevice=3b.15
[ 1915.911639][ T5915] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1915.931043][ T5915] usb 8-1: Product: syz
[ 1915.941387][ T5915] usb 8-1: Manufacturer: syz
[ 1915.958235][ T5915] usb 8-1: SerialNumber: syz
[ 1916.161924][ T5915] usb 8-1: config 0 descriptor??
[ 1916.173779][ T5915] usbhid 8-1:0.51: couldn't find an input interrupt endpoint
[ 1916.864179][T28223] usb usb1: usbfs: process 28223 (syz.7.6840) did not claim interface 0 before use
[ 1917.021819][T22597] usb 8-1: USB disconnect, device number 7
[ 1917.271800][ T5915] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[ 1917.303021][T28258] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6852'.
[ 1917.527838][ T5915] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1917.563203][T28267] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1918.001561][T28269] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[ 1918.889714][ T5915] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1918.913568][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1918.925432][ T5915] usb 2-1: Product: syz
[ 1918.929627][ T5915] usb 2-1: Manufacturer: syz
[ 1918.935374][ T5915] usb 2-1: SerialNumber: syz
[ 1919.235962][ T5915] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 55 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1920.556303][T28310] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[ 1921.546400][ T5915] usb 2-1: USB disconnect, device number 55
[ 1921.573299][ T5915] usblp0: removed
[ 1922.171585][T28338] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6880'.
[ 1922.943724][T28330] FAULT_INJECTION: forcing a failure.
[ 1922.943724][T28330] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1922.996983][T28330] CPU: 0 UID: 0 PID: 28330 Comm: syz.7.6879 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1922.997012][T28330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1922.997024][T28330] Call Trace:
[ 1922.997032][T28330]  <TASK>
[ 1922.997040][T28330]  dump_stack_lvl+0x189/0x250
[ 1922.997070][T28330]  ? __pfx____ratelimit+0x10/0x10
[ 1922.997093][T28330]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1922.997119][T28330]  ? __pfx__printk+0x10/0x10
[ 1922.997148][T28330]  ? __might_fault+0xb0/0x130
[ 1922.997185][T28330]  should_fail_ex+0x414/0x560
[ 1922.997213][T28330]  _copy_from_user+0x2d/0xb0
[ 1922.997233][T28330]  ___sys_sendmsg+0x158/0x2a0
[ 1922.997261][T28330]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1922.997319][T28330]  ? __fget_files+0x2a/0x420
[ 1922.997345][T28330]  ? __fget_files+0x3a0/0x420
[ 1922.997382][T28330]  __x64_sys_sendmsg+0x19b/0x260
[ 1922.997410][T28330]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1922.997444][T28330]  ? __pfx_ksys_write+0x10/0x10
[ 1922.997466][T28330]  ? rcu_is_watching+0x15/0xb0
[ 1922.997494][T28330]  ? do_syscall_64+0xbe/0x3b0
[ 1922.997520][T28330]  do_syscall_64+0xfa/0x3b0
[ 1922.997541][T28330]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1922.997563][T28330]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1922.997581][T28330]  ? clear_bhb_loop+0x60/0xb0
[ 1922.997604][T28330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1922.997622][T28330] RIP: 0033:0x7fca48f8e969
[ 1922.997639][T28330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1922.997655][T28330] RSP: 002b:00007fca49e8f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1922.997675][T28330] RAX: ffffffffffffffda RBX: 00007fca491b5fa0 RCX: 00007fca48f8e969
[ 1922.997689][T28330] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003
[ 1922.997701][T28330] RBP: 00007fca49e8f090 R08: 0000000000000000 R09: 0000000000000000
[ 1922.997713][T28330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1922.997725][T28330] R13: 0000000000000000 R14: 00007fca491b5fa0 R15: 00007ffc37e91d48
[ 1922.997753][T28330]  </TASK>
[ 1923.234725][T28357] sctp: [Deprecated]: syz.6.6888 (pid 28357) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1923.234725][T28357] Use struct sctp_sack_info instead
[ 1923.240890][T28359] FAULT_INJECTION: forcing a failure.
[ 1923.240890][T28359] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1923.346857][T28359] CPU: 1 UID: 0 PID: 28359 Comm: syz.0.6887 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1923.346886][T28359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1923.346898][T28359] Call Trace:
[ 1923.346905][T28359]  <TASK>
[ 1923.346914][T28359]  dump_stack_lvl+0x189/0x250
[ 1923.346946][T28359]  ? __pfx____ratelimit+0x10/0x10
[ 1923.346969][T28359]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1923.346996][T28359]  ? __pfx__printk+0x10/0x10
[ 1923.347025][T28359]  ? __might_fault+0xb0/0x130
[ 1923.347062][T28359]  should_fail_ex+0x414/0x560
[ 1923.347091][T28359]  _copy_from_user+0x2d/0xb0
[ 1923.347111][T28359]  ___sys_sendmsg+0x158/0x2a0
[ 1923.347139][T28359]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1923.347199][T28359]  ? __fget_files+0x2a/0x420
[ 1923.347226][T28359]  ? __fget_files+0x3a0/0x420
[ 1923.347263][T28359]  __x64_sys_sendmsg+0x19b/0x260
[ 1923.347290][T28359]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1923.347325][T28359]  ? __pfx_ksys_write+0x10/0x10
[ 1923.347346][T28359]  ? rcu_is_watching+0x15/0xb0
[ 1923.347375][T28359]  ? do_syscall_64+0xbe/0x3b0
[ 1923.347402][T28359]  do_syscall_64+0xfa/0x3b0
[ 1923.347423][T28359]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1923.347444][T28359]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1923.347463][T28359]  ? clear_bhb_loop+0x60/0xb0
[ 1923.347485][T28359]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1923.347503][T28359] RIP: 0033:0x7f709f18e969
[ 1923.347520][T28359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1923.347537][T28359] RSP: 002b:00007f70a00cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1923.347558][T28359] RAX: ffffffffffffffda RBX: 00007f709f3b5fa0 RCX: 00007f709f18e969
[ 1923.347572][T28359] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000005
[ 1923.347584][T28359] RBP: 00007f70a00cf090 R08: 0000000000000000 R09: 0000000000000000
[ 1923.347602][T28359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1923.347613][T28359] R13: 0000000000000000 R14: 00007f709f3b5fa0 R15: 00007ffe9c1fd788
[ 1923.347642][T28359]  </TASK>
[ 1924.488228][    C1] vcan0: j1939_tp_rxtimer: 0xffff88806975b800: rx timeout, send abort
[ 1924.498082][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805c886400: rx timeout, send abort
[ 1924.931035][T28386] netlink: 'syz.1.6897': attribute type 1 has an invalid length.
[ 1924.996536][    C1] vcan0: j1939_tp_rxtimer: 0xffff88806975b800: abort rx timeout. Force session deactivation
[ 1925.010098][    C1] vcan0: j1939_tp_rxtimer: 0xffff88805c886400: abort rx timeout. Force session deactivation
[ 1925.028098][T28382] pim6reg: entered allmulticast mode
[ 1925.037097][T28382] pim6reg: left allmulticast mode
[ 1925.054178][T28386] netlink: 184 bytes leftover after parsing attributes in process `syz.1.6897'.
[ 1925.095320][T28386] netlink: 'syz.1.6897': attribute type 1 has an invalid length.
[ 1925.142498][T28392] F2FS-fs (loop14): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 1925.150604][T28392] F2FS-fs (loop14): Can't find valid F2FS filesystem in 1th superblock
[ 1925.159492][T28392] F2FS-fs (loop14): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[ 1925.167428][T28392] F2FS-fs (loop14): Can't find valid F2FS filesystem in 2th superblock
[ 1926.344417][T28404] FAULT_INJECTION: forcing a failure.
[ 1926.344417][T28404] name failslab, interval 1, probability 0, space 0, times 0
[ 1926.663194][T28404] CPU: 1 UID: 0 PID: 28404 Comm: syz.7.6903 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1926.663223][T28404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1926.663235][T28404] Call Trace:
[ 1926.663242][T28404]  <TASK>
[ 1926.663250][T28404]  dump_stack_lvl+0x189/0x250
[ 1926.663281][T28404]  ? __pfx____ratelimit+0x10/0x10
[ 1926.663304][T28404]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1926.663330][T28404]  ? __pfx__printk+0x10/0x10
[ 1926.663362][T28404]  ? __pfx___might_resched+0x10/0x10
[ 1926.663387][T28404]  ? fs_reclaim_acquire+0x7d/0x100
[ 1926.663410][T28404]  should_fail_ex+0x414/0x560
[ 1926.663440][T28404]  should_failslab+0xa8/0x100
[ 1926.663469][T28404]  __kmalloc_noprof+0xcb/0x4f0
[ 1926.663502][T28404]  ? iovec_from_user+0x87/0x250
[ 1926.663524][T28404]  iovec_from_user+0x87/0x250
[ 1926.663542][T28404]  ? get_pid_task+0x20/0x1f0
[ 1926.663574][T28404]  __import_iovec+0x163/0x7f0
[ 1926.663603][T28404]  import_iovec+0x74/0xa0
[ 1926.663626][T28404]  vfs_readv+0x185/0x840
[ 1926.663649][T28404]  ? __pfx_vfs_readv+0x10/0x10
[ 1926.663680][T28404]  ? __fget_files+0x2a/0x420
[ 1926.663712][T28404]  ? __fget_files+0x3a0/0x420
[ 1926.663738][T28404]  ? __fget_files+0x2a/0x420
[ 1926.663773][T28404]  do_readv+0x14d/0x2d0
[ 1926.663792][T28404]  ? __pfx_do_readv+0x10/0x10
[ 1926.663807][T28404]  ? rcu_is_watching+0x15/0xb0
[ 1926.663835][T28404]  ? do_syscall_64+0xbe/0x3b0
[ 1926.663862][T28404]  do_syscall_64+0xfa/0x3b0
[ 1926.663884][T28404]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1926.663909][T28404]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1926.663928][T28404]  ? clear_bhb_loop+0x60/0xb0
[ 1926.663951][T28404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1926.663969][T28404] RIP: 0033:0x7fca48f8e969
[ 1926.663987][T28404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1926.664004][T28404] RSP: 002b:00007fca49e8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000013
[ 1926.664024][T28404] RAX: ffffffffffffffda RBX: 00007fca491b5fa0 RCX: 00007fca48f8e969
[ 1926.664038][T28404] RDX: 0000000000000057 RSI: 0000200000000500 RDI: 0000000000000003
[ 1926.664051][T28404] RBP: 00007fca49e8f090 R08: 0000000000000000 R09: 0000000000000000
[ 1926.664063][T28404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1926.664074][T28404] R13: 0000000000000000 R14: 00007fca491b5fa0 R15: 00007ffc37e91d48
[ 1926.664103][T28404]  </TASK>
[ 1927.377959][T28419] capability: warning: `syz.7.6908' uses 32-bit capabilities (legacy support in use)
[ 1927.402736][T28417] sctp: [Deprecated]: syz.6.6909 (pid 28417) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1927.402736][T28417] Use struct sctp_sack_info instead
[ 1928.684828][T28442] FAULT_INJECTION: forcing a failure.
[ 1928.684828][T28442] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1928.702824][T28442] CPU: 0 UID: 0 PID: 28442 Comm: syz.0.6917 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1928.702852][T28442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1928.702864][T28442] Call Trace:
[ 1928.702872][T28442]  <TASK>
[ 1928.702880][T28442]  dump_stack_lvl+0x189/0x250
[ 1928.702911][T28442]  ? __pfx____ratelimit+0x10/0x10
[ 1928.702935][T28442]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1928.702961][T28442]  ? __pfx__printk+0x10/0x10
[ 1928.702989][T28442]  ? __might_fault+0xb0/0x130
[ 1928.703026][T28442]  should_fail_ex+0x414/0x560
[ 1928.703055][T28442]  _copy_from_user+0x2d/0xb0
[ 1928.703076][T28442]  ___sys_sendmsg+0x158/0x2a0
[ 1928.703105][T28442]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1928.703163][T28442]  ? __fget_files+0x2a/0x420
[ 1928.703189][T28442]  ? __fget_files+0x3a0/0x420
[ 1928.703226][T28442]  __x64_sys_sendmsg+0x19b/0x260
[ 1928.703254][T28442]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1928.703295][T28442]  ? __pfx_ksys_write+0x10/0x10
[ 1928.703319][T28442]  ? rcu_is_watching+0x15/0xb0
[ 1928.703348][T28442]  ? do_syscall_64+0xbe/0x3b0
[ 1928.703374][T28442]  do_syscall_64+0xfa/0x3b0
[ 1928.703396][T28442]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1928.703418][T28442]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1928.703437][T28442]  ? clear_bhb_loop+0x60/0xb0
[ 1928.703460][T28442]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1928.703478][T28442] RIP: 0033:0x7f709f18e969
[ 1928.703494][T28442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1928.703511][T28442] RSP: 002b:00007f70a00cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1928.703532][T28442] RAX: ffffffffffffffda RBX: 00007f709f3b5fa0 RCX: 00007f709f18e969
[ 1928.703545][T28442] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000006
[ 1928.703557][T28442] RBP: 00007f70a00cf090 R08: 0000000000000000 R09: 0000000000000000
[ 1928.703569][T28442] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1928.703580][T28442] R13: 0000000000000000 R14: 00007f709f3b5fa0 R15: 00007ffe9c1fd788
[ 1928.703609][T28442]  </TASK>
[ 1930.080021][T28466] FAULT_INJECTION: forcing a failure.
[ 1930.080021][T28466] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1930.107371][T28466] CPU: 1 UID: 0 PID: 28466 Comm: syz.6.6924 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1930.107398][T28466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1930.107410][T28466] Call Trace:
[ 1930.107417][T28466]  <TASK>
[ 1930.107426][T28466]  dump_stack_lvl+0x189/0x250
[ 1930.107456][T28466]  ? __pfx____ratelimit+0x10/0x10
[ 1930.107477][T28466]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1930.107502][T28466]  ? __pfx__printk+0x10/0x10
[ 1930.107528][T28466]  ? __might_fault+0xb0/0x130
[ 1930.107562][T28466]  should_fail_ex+0x414/0x560
[ 1930.107589][T28466]  _copy_from_user+0x2d/0xb0
[ 1930.107607][T28466]  __sys_bpf+0x1ed/0x860
[ 1930.107628][T28466]  ? __pfx___sys_bpf+0x10/0x10
[ 1930.107657][T28466]  ? ksys_write+0x22a/0x250
[ 1930.107683][T28466]  ? __pfx_ksys_write+0x10/0x10
[ 1930.107704][T28466]  ? rcu_is_watching+0x15/0xb0
[ 1930.107733][T28466]  __x64_sys_bpf+0x7c/0x90
[ 1930.107761][T28466]  do_syscall_64+0xfa/0x3b0
[ 1930.107784][T28466]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1930.107806][T28466]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1930.107825][T28466]  ? clear_bhb_loop+0x60/0xb0
[ 1930.107848][T28466]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1930.107866][T28466] RIP: 0033:0x7f9616d8e969
[ 1930.107884][T28466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1930.107901][T28466] RSP: 002b:00007f9617c04038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[ 1930.107921][T28466] RAX: ffffffffffffffda RBX: 00007f9616fb5fa0 RCX: 00007f9616d8e969
[ 1930.107935][T28466] RDX: 000000000000001c RSI: 0000200000000080 RDI: 0000000000000001
[ 1930.107947][T28466] RBP: 00007f9617c04090 R08: 0000000000000000 R09: 0000000000000000
[ 1930.107957][T28466] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1930.107967][T28466] R13: 0000000000000000 R14: 00007f9616fb5fa0 R15: 00007ffeb9224688
[ 1930.107996][T28466]  </TASK>
[ 1930.463653][T28472] fuse: Unknown parameter 'fsmagic'
[ 1930.871629][T27384] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[ 1931.043579][T27384] usb 2-1: config 0 has an invalid interface number: 98 but max is 0
[ 1931.053578][T19807] usb 8-1: new full-speed USB device number 8 using dummy_hcd
[ 1931.061098][T27384] usb 2-1: config 0 has no interface number 0
[ 1931.082577][   T24] usb 7-1: new full-speed USB device number 5 using dummy_hcd
[ 1931.088482][T27384] usb 2-1: config 0 interface 98 has no altsetting 0
[ 1931.103917][T27384] usb 2-1: New USB device found, idVendor=1110, idProduct=9024, bcdDevice=db.24
[ 1931.114366][T27384] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1931.123942][T27384] usb 2-1: Product: syz
[ 1931.128208][T27384] usb 2-1: Manufacturer: syz
[ 1931.205837][T27384] usb 2-1: SerialNumber: syz
[ 1931.235592][T27384] usb 2-1: config 0 descriptor??
[ 1931.273916][T19807] usb 8-1: config 0 has an invalid interface number: 176 but max is 2
[ 1931.274244][   T24] usb 7-1: config 0 has an invalid interface number: 176 but max is 2
[ 1931.296233][   T24] usb 7-1: config 0 has no interface number 1
[ 1931.301678][T19807] usb 8-1: config 0 has no interface number 1
[ 1931.308663][T19807] usb 8-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[ 1931.308808][   T24] usb 7-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[ 1931.398025][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1931.413612][T19807] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1931.425176][   T24] usb 7-1: config 0 descriptor??
[ 1931.436359][T19807] usb 8-1: config 0 descriptor??
[ 1931.652947][T28487] sp0: Synchronizing with TNC
[ 1931.728929][T28485] sp0: Synchronizing with TNC
[ 1931.756554][T28481] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1931.807217][   T24] usb 7-1: Could not set interface, error -71
[ 1931.816305][T28481] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1931.885591][   T24] usb 7-1: USB disconnect, device number 5
[ 1931.908000][T27384] usb 2-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9024) Rev (0XDB24): Eagle II
[ 1931.926259][T28493] sp0: Synchronizing with TNC
[ 1932.822669][T27384] usb 2-1: [ueagle-atm] pre-firmware device, uploading firmware
[ 1932.845865][T27384] usb 2-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw
[ 1932.866896][   T10] usb 2-1: Direct firmware load for ueagle-atm/eagleII.fw failed with error -2
[ 1932.893755][   T10] usb 2-1: Falling back to sysfs fallback for: ueagle-atm/eagleII.fw
[ 1932.915819][T27384] usb 2-1: USB disconnect, device number 56
[ 1933.070167][T19807] usb 8-1: Could not set interface, error -71
[ 1933.117744][T19807] usb 8-1: USB disconnect, device number 8
[ 1934.431908][T28517] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1934.726622][T24736] usb 1-1: new full-speed USB device number 71 using dummy_hcd
[ 1935.115298][T24736] usb 1-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[ 1935.140612][T24736] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1935.145903][T28531] FAULT_INJECTION: forcing a failure.
[ 1935.145903][T28531] name failslab, interval 1, probability 0, space 0, times 0
[ 1935.160951][T24736] usb 1-1: Product: syz
[ 1935.171818][T24736] usb 1-1: Manufacturer: syz
[ 1935.176466][T24736] usb 1-1: SerialNumber: syz
[ 1935.181932][T28531] CPU: 1 UID: 0 PID: 28531 Comm: syz.6.6947 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1935.181961][T28531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1935.181975][T28531] Call Trace:
[ 1935.181984][T28531]  <TASK>
[ 1935.181993][T28531]  dump_stack_lvl+0x189/0x250
[ 1935.182028][T28531]  ? __pfx____ratelimit+0x10/0x10
[ 1935.182054][T28531]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1935.182084][T28531]  ? __pfx__printk+0x10/0x10
[ 1935.182124][T28531]  ? __pfx___might_resched+0x10/0x10
[ 1935.182157][T28531]  should_fail_ex+0x414/0x560
[ 1935.182190][T28531]  should_failslab+0xa8/0x100
[ 1935.182224][T28531]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[ 1935.182255][T28531]  ? __alloc_skb+0x112/0x2d0
[ 1935.182287][T28531]  __alloc_skb+0x112/0x2d0
[ 1935.182316][T28531]  tcp_stream_alloc_skb+0x3d/0x340
[ 1935.182353][T28531]  tcp_sendmsg_locked+0xd65/0x4f10
[ 1935.182386][T28531]  ? __lock_acquire+0xab9/0xd20
[ 1935.182423][T28531]  ? __might_fault+0xb0/0x130
[ 1935.182493][T28531]  ? __pfx_tcp_sendmsg_locked+0x10/0x10
[ 1935.182531][T28531]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1935.182570][T28531]  ? __local_bh_enable_ip+0x12d/0x1c0
[ 1935.182613][T28531]  tcp_sendmsg+0x2f/0x50
[ 1935.182645][T28531]  __sock_sendmsg+0x19c/0x270
[ 1935.182670][T28531]  __sys_sendto+0x3bd/0x520
[ 1935.182699][T28531]  ? __pfx___sys_sendto+0x10/0x10
[ 1935.182722][T28531]  ? __mutex_unlock_slowpath+0x1cd/0x700
[ 1935.182769][T28531]  ? __fget_files+0x3a0/0x420
[ 1935.182881][T28531]  ? ksys_write+0x22a/0x250
[ 1935.182915][T28531]  ? __pfx_ksys_write+0x10/0x10
[ 1935.182941][T28531]  ? rcu_is_watching+0x15/0xb0
[ 1935.182975][T28531]  __x64_sys_sendto+0xde/0x100
[ 1935.183008][T28531]  do_syscall_64+0xfa/0x3b0
[ 1935.183034][T28531]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1935.183060][T28531]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1935.183082][T28531]  ? clear_bhb_loop+0x60/0xb0
[ 1935.183110][T28531]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1935.183132][T28531] RIP: 0033:0x7f9616d8e969
[ 1935.183152][T28531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1935.183172][T28531] RSP: 002b:00007f9617c04038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1935.183195][T28531] RAX: ffffffffffffffda RBX: 00007f9616fb5fa0 RCX: 00007f9616d8e969
[ 1935.183212][T28531] RDX: 0000000000000003 RSI: 00002000000004c0 RDI: 0000000000000003
[ 1935.183226][T28531] RBP: 00007f9617c04090 R08: 0000000000000000 R09: 0000000000000000
[ 1935.183241][T28531] R10: 0000000000000805 R11: 0000000000000246 R12: 0000000000000001
[ 1935.183255][T28531] R13: 0000000000000000 R14: 00007f9616fb5fa0 R15: 00007ffeb9224688
[ 1935.183290][T28531]  </TASK>
[ 1935.453286][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1935.479436][T24736] usb 1-1: config 0 descriptor??
[ 1935.657907][T28540] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1935.673388][T28540] batadv_slave_1: entered promiscuous mode
[ 1935.892975][T16945] usb 8-1: new full-speed USB device number 9 using dummy_hcd
[ 1935.903447][T24736] airspy 1-1:0.0: Board ID: 00
[ 1935.908319][T24736] airspy 1-1:0.0: Firmware version: 
[ 1936.843617][T28552] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1936.974010][T16945] usb 8-1: config 0 has no interfaces?
[ 1937.480781][T16945] usb 8-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1937.502109][T16945] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1937.515189][T16945] usb 8-1: Product: syz
[ 1937.519411][T16945] usb 8-1: Manufacturer: syz
[ 1937.547266][T16945] usb 8-1: SerialNumber: syz
[ 1937.612167][T24736] airspy 1-1:0.0: usb_control_msg() failed -110 request 0f
[ 1937.619488][T16945] usb 8-1: config 0 descriptor??
[ 1937.802616][T24736] airspy 1-1:0.0: Registered as swradio24
[ 1937.859352][T24736] airspy 1-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[ 1938.271990][ T5187] udevd[5187]: worker [26879] terminated by signal 33 (Unknown signal 33)
[ 1938.280600][ T5187] udevd[5187]: worker [26879] failed while handling '/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/video4linux/swradio24'
[ 1939.099336][ T5915] usb 1-1: USB disconnect, device number 71
[ 1940.295156][   T24] usb 8-1: USB disconnect, device number 9
[ 1940.493513][T28588] FAULT_INJECTION: forcing a failure.
[ 1940.493513][T28588] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1940.530241][T28588] CPU: 1 UID: 0 PID: 28588 Comm: syz.7.6963 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1940.530268][T28588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1940.530280][T28588] Call Trace:
[ 1940.530288][T28588]  <TASK>
[ 1940.530298][T28588]  dump_stack_lvl+0x189/0x250
[ 1940.530329][T28588]  ? __pfx____ratelimit+0x10/0x10
[ 1940.530351][T28588]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1940.530377][T28588]  ? __pfx__printk+0x10/0x10
[ 1940.530405][T28588]  ? __might_fault+0xb0/0x130
[ 1940.530441][T28588]  should_fail_ex+0x414/0x560
[ 1940.530469][T28588]  _copy_from_user+0x2d/0xb0
[ 1940.530489][T28588]  ___sys_recvmsg+0x12e/0x510
[ 1940.530520][T28588]  ? __pfx____sys_recvmsg+0x10/0x10
[ 1940.530568][T28588]  ? __fget_files+0x3a0/0x420
[ 1940.530605][T28588]  __x64_sys_recvmsg+0x198/0x260
[ 1940.530632][T28588]  ? __pfx___x64_sys_recvmsg+0x10/0x10
[ 1940.530665][T28588]  ? __pfx_ksys_write+0x10/0x10
[ 1940.530686][T28588]  ? rcu_is_watching+0x15/0xb0
[ 1940.530713][T28588]  ? do_syscall_64+0xbe/0x3b0
[ 1940.530739][T28588]  do_syscall_64+0xfa/0x3b0
[ 1940.530760][T28588]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1940.530781][T28588]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1940.530800][T28588]  ? clear_bhb_loop+0x60/0xb0
[ 1940.530822][T28588]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1940.530840][T28588] RIP: 0033:0x7fca48f8e969
[ 1940.530858][T28588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1940.530875][T28588] RSP: 002b:00007fca49e8f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f
[ 1940.530895][T28588] RAX: ffffffffffffffda RBX: 00007fca491b5fa0 RCX: 00007fca48f8e969
[ 1940.530909][T28588] RDX: 0000000000000000 RSI: 0000200000000840 RDI: 0000000000000004
[ 1940.530921][T28588] RBP: 00007fca49e8f090 R08: 0000000000000000 R09: 0000000000000000
[ 1940.530933][T28588] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1940.530944][T28588] R13: 0000000000000000 R14: 00007fca491b5fa0 R15: 00007ffc37e91d48
[ 1940.530972][T28588]  </TASK>
[ 1941.999853][T28604] ptm ptm0: ldisc open failed (-12), clearing slot 0
[ 1942.141639][T28602] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1942.502998][T28620] netlink: 'syz.0.6972': attribute type 4 has an invalid length.
[ 1942.534277][T28619] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6974'.
[ 1942.611933][ T5915] usb 2-1: new full-speed USB device number 57 using dummy_hcd
[ 1942.630163][T28619] sch_tbf: burst 5 is lower than device bridge1 mtu (1514) !
[ 1942.785371][ T5915] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[ 1942.831789][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1942.871627][ T5915] usb 2-1: Product: syz
[ 1942.892175][ T5915] usb 2-1: Manufacturer: syz
[ 1942.900643][ T5915] usb 2-1: SerialNumber: syz
[ 1942.990038][ T5915] usb 2-1: config 0 descriptor??
[ 1942.998327][T28633] FAULT_INJECTION: forcing a failure.
[ 1942.998327][T28633] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1943.025684][T28633] CPU: 1 UID: 0 PID: 28633 Comm: syz.7.6978 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1943.025710][T28633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1943.025722][T28633] Call Trace:
[ 1943.025736][T28633]  <TASK>
[ 1943.025744][T28633]  dump_stack_lvl+0x189/0x250
[ 1943.025776][T28633]  ? __pfx____ratelimit+0x10/0x10
[ 1943.025800][T28633]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1943.025833][T28633]  ? __pfx__printk+0x10/0x10
[ 1943.025863][T28633]  ? __might_fault+0xb0/0x130
[ 1943.025901][T28633]  should_fail_ex+0x414/0x560
[ 1943.025931][T28633]  _copy_from_user+0x2d/0xb0
[ 1943.025952][T28633]  do_fcntl+0x934/0x1910
[ 1943.025973][T28633]  ? smack_file_fcntl+0x261/0x2f0
[ 1943.025994][T28633]  ? do_sys_openat2+0x154/0x1c0
[ 1943.026015][T28633]  ? __pfx_do_fcntl+0x10/0x10
[ 1943.026046][T28633]  ? ksys_write+0x1e1/0x250
[ 1943.026076][T28633]  ? bpf_lsm_file_fcntl+0x9/0x20
[ 1943.026101][T28633]  __se_sys_fcntl+0xc8/0x150
[ 1943.026124][T28633]  do_syscall_64+0xfa/0x3b0
[ 1943.026146][T28633]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1943.026168][T28633]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1943.026191][T28633]  ? clear_bhb_loop+0x60/0xb0
[ 1943.026214][T28633]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1943.026233][T28633] RIP: 0033:0x7fca48f8e969
[ 1943.026250][T28633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1943.026267][T28633] RSP: 002b:00007fca49e6e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048
[ 1943.026287][T28633] RAX: ffffffffffffffda RBX: 00007fca491b6080 RCX: 00007fca48f8e969
[ 1943.026302][T28633] RDX: 0000200000000280 RSI: 0000000000000007 RDI: 0000000000000006
[ 1943.026314][T28633] RBP: 00007fca49e6e090 R08: 0000000000000000 R09: 0000000000000000
[ 1943.026327][T28633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1943.026338][T28633] R13: 0000000000000000 R14: 00007fca491b6080 R15: 00007ffc37e91d48
[ 1943.026367][T28633]  </TASK>
[ 1943.676980][ T5915] airspy 2-1:0.0: Board ID: 00
[ 1943.682471][ T5915] airspy 2-1:0.0: Firmware version: 
[ 1943.907933][T28643] netlink: 12 bytes leftover after parsing attributes in process `syz.7.6981'.
[ 1944.610361][T28651] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1945.298225][ T5915] airspy 2-1:0.0: usb_control_msg() failed -110 request 0f
[ 1945.311008][ T5915] airspy 2-1:0.0: Registered as swradio24
[ 1945.338271][ T5915] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[ 1945.495296][ T5187] udevd[5187]: worker [26790] terminated by signal 33 (Unknown signal 33)
[ 1945.510660][ T5187] udevd[5187]: worker [26790] failed while handling '/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/video4linux/swradio24'
[ 1945.721756][T26211] usb 1-1: new full-speed USB device number 72 using dummy_hcd
[ 1945.816842][T24736] usb 2-1: USB disconnect, device number 57
[ 1945.914591][T26211] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1945.933256][T26211] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 1945.949765][T26211] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[ 1945.959966][T26211] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1946.379205][T28677] bond_slave_0: entered promiscuous mode
[ 1946.385167][T28677] bond_slave_1: entered promiscuous mode
[ 1946.397013][T28677] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1946.401687][T26211] usb 1-1: GET_CAPABILITIES returned 0
[ 1946.406347][T28677] team0: Port device macvlan2 added
[ 1946.518216][T26211] usbtmc 1-1:16.0: can't read capabilities
[ 1946.604440][T26211] usb 1-1: USB disconnect, device number 72
[ 1947.086018][T22597] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[ 1947.254580][T22597] usb 7-1: device descriptor read/64, error -71
[ 1947.302556][T28695] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1947.501756][T22597] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[ 1947.711799][T22597] usb 7-1: device descriptor read/64, error -71
[ 1947.882793][T22597] usb usb7-port1: attempt power cycle
[ 1947.902272][T28702] FAULT_INJECTION: forcing a failure.
[ 1947.902272][T28702] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1947.915705][T28702] CPU: 1 UID: 0 PID: 28702 Comm: syz.0.7003 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1947.915731][T28702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1947.915744][T28702] Call Trace:
[ 1947.915752][T28702]  <TASK>
[ 1947.915761][T28702]  dump_stack_lvl+0x189/0x250
[ 1947.915794][T28702]  ? __pfx____ratelimit+0x10/0x10
[ 1947.915817][T28702]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1947.915845][T28702]  ? __pfx__printk+0x10/0x10
[ 1947.915888][T28702]  should_fail_ex+0x414/0x560
[ 1947.915918][T28702]  _copy_to_user+0x31/0xb0
[ 1947.915941][T28702]  simple_read_from_buffer+0xe1/0x170
[ 1947.915973][T28702]  proc_fail_nth_read+0x1df/0x250
[ 1947.915996][T28702]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1947.916019][T28702]  ? rw_verify_area+0x258/0x650
[ 1947.916042][T28702]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1947.916063][T28702]  vfs_read+0x200/0x980
[ 1947.916093][T28702]  ? __pfx___mutex_lock+0x10/0x10
[ 1947.916117][T28702]  ? __pfx_vfs_read+0x10/0x10
[ 1947.916143][T28702]  ? __fget_files+0x2a/0x420
[ 1947.916176][T28702]  ? __fget_files+0x3a0/0x420
[ 1947.916203][T28702]  ? __fget_files+0x2a/0x420
[ 1947.916241][T28702]  ksys_read+0x145/0x250
[ 1947.916269][T28702]  ? __pfx_ksys_read+0x10/0x10
[ 1947.916290][T28702]  ? rcu_is_watching+0x15/0xb0
[ 1947.916321][T28702]  ? do_syscall_64+0xbe/0x3b0
[ 1947.916350][T28702]  do_syscall_64+0xfa/0x3b0
[ 1947.916372][T28702]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1947.916394][T28702]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1947.916414][T28702]  ? clear_bhb_loop+0x60/0xb0
[ 1947.916444][T28702]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1947.916464][T28702] RIP: 0033:0x7f709f18d37c
[ 1947.916482][T28702] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1947.916500][T28702] RSP: 002b:00007f70a00cf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1947.916520][T28702] RAX: ffffffffffffffda RBX: 00007f709f3b5fa0 RCX: 00007f709f18d37c
[ 1947.916535][T28702] RDX: 000000000000000f RSI: 00007f70a00cf0a0 RDI: 0000000000000004
[ 1947.916547][T28702] RBP: 00007f70a00cf090 R08: 0000000000000000 R09: 0000000000000000
[ 1947.916560][T28702] R10: 00000000c9100120 R11: 0000000000000246 R12: 0000000000000001
[ 1947.916573][T28702] R13: 0000000000000000 R14: 00007f709f3b5fa0 R15: 00007ffe9c1fd788
[ 1947.916604][T28702]  </TASK>
[ 1948.897028][T22597] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[ 1948.932312][T22597] usb 7-1: device descriptor read/8, error -71
[ 1949.274797][T28721] FAULT_INJECTION: forcing a failure.
[ 1949.274797][T28721] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1949.288800][T28721] CPU: 0 UID: 0 PID: 28721 Comm: syz.0.7009 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1949.288826][T28721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1949.288837][T28721] Call Trace:
[ 1949.288844][T28721]  <TASK>
[ 1949.288852][T28721]  dump_stack_lvl+0x189/0x250
[ 1949.288882][T28721]  ? __pfx____ratelimit+0x10/0x10
[ 1949.288903][T28721]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1949.288928][T28721]  ? __pfx__printk+0x10/0x10
[ 1949.288957][T28721]  ? __might_fault+0xb0/0x130
[ 1949.288991][T28721]  should_fail_ex+0x414/0x560
[ 1949.289019][T28721]  _copy_from_user+0x2d/0xb0
[ 1949.289039][T28721]  ___sys_sendmsg+0x158/0x2a0
[ 1949.289065][T28721]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1949.289119][T28721]  ? __fget_files+0x2a/0x420
[ 1949.289146][T28721]  ? __fget_files+0x3a0/0x420
[ 1949.289182][T28721]  __x64_sys_sendmsg+0x19b/0x260
[ 1949.289208][T28721]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1949.289243][T28721]  ? __pfx_ksys_write+0x10/0x10
[ 1949.289264][T28721]  ? rcu_is_watching+0x15/0xb0
[ 1949.289293][T28721]  ? do_syscall_64+0xbe/0x3b0
[ 1949.289320][T28721]  do_syscall_64+0xfa/0x3b0
[ 1949.289341][T28721]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1949.289362][T28721]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1949.289381][T28721]  ? clear_bhb_loop+0x60/0xb0
[ 1949.289403][T28721]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1949.289421][T28721] RIP: 0033:0x7f709f18e969
[ 1949.289438][T28721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1949.289454][T28721] RSP: 002b:00007f70a00cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1949.289474][T28721] RAX: ffffffffffffffda RBX: 00007f709f3b5fa0 RCX: 00007f709f18e969
[ 1949.289488][T28721] RDX: 0000000000000060 RSI: 0000200000000080 RDI: 0000000000000003
[ 1949.289500][T28721] RBP: 00007f70a00cf090 R08: 0000000000000000 R09: 0000000000000000
[ 1949.289511][T28721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1949.289522][T28721] R13: 0000000000000000 R14: 00007f709f3b5fa0 R15: 00007ffe9c1fd788
[ 1949.289550][T28721]  </TASK>
[ 1949.498198][T22597] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[ 1950.049582][T22597] usb 7-1: device descriptor read/8, error -71
[ 1950.162155][T22597] usb usb7-port1: unable to enumerate USB device
[ 1950.497044][T28742] xt_CT: No such helper "snmp"
[ 1951.497120][T28759] FAULT_INJECTION: forcing a failure.
[ 1951.497120][T28759] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1951.510274][T28759] CPU: 1 UID: 0 PID: 28759 Comm: syz.0.7019 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1951.510300][T28759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1951.510312][T28759] Call Trace:
[ 1951.510320][T28759]  <TASK>
[ 1951.510329][T28759]  dump_stack_lvl+0x189/0x250
[ 1951.510360][T28759]  ? __pfx____ratelimit+0x10/0x10
[ 1951.510389][T28759]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1951.510414][T28759]  ? __pfx__printk+0x10/0x10
[ 1951.510444][T28759]  ? __might_fault+0xb0/0x130
[ 1951.510482][T28759]  should_fail_ex+0x414/0x560
[ 1951.510511][T28759]  _copy_from_user+0x2d/0xb0
[ 1951.510549][T28759]  __se_sys_io_uring_setup+0x15b/0x270
[ 1951.510574][T28759]  ? __pfx___se_sys_io_uring_setup+0x10/0x10
[ 1951.510624][T28759]  do_syscall_64+0xfa/0x3b0
[ 1951.510651][T28759]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1951.510669][T28759]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1951.510689][T28759]  ? clear_bhb_loop+0x60/0xb0
[ 1951.510714][T28759]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1951.510733][T28759] RIP: 0033:0x7f709f18e969
[ 1951.510751][T28759] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1951.510769][T28759] RSP: 002b:00007f70a008cfc8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9
[ 1951.510790][T28759] RAX: ffffffffffffffda RBX: 00007f709f3b6160 RCX: 00007f709f18e969
[ 1951.510805][T28759] RDX: 0000200000000440 RSI: 0000200000000140 RDI: 0000000000000109
[ 1951.510819][T28759] RBP: 0000200000000140 R08: 0000000000000000 R09: 0000200000000440
[ 1951.510832][T28759] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001
[ 1951.510845][T28759] R13: 00002000000001c0 R14: 0000000000000109 R15: 0000200000000440
[ 1951.510876][T28759]  </TASK>
[ 1951.851748][T16945] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[ 1951.889481][T28764] sg_write: data in/out 209152/4 bytes for SCSI command 0x89-- guessing data in;
[ 1951.889481][T28764]    program syz.6.7022 not setting count and/or reply_len properly
[ 1951.983901][T28767] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7024'.
[ 1952.011827][T16945] usb 8-1: device descriptor read/64, error -71
[ 1952.261700][T16945] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[ 1952.471687][T16945] usb 8-1: device descriptor read/64, error -71
[ 1952.594354][T16945] usb usb8-port1: attempt power cycle
[ 1952.648705][T28786] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7031'.
[ 1953.091871][T16945] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[ 1953.267774][T16945] usb 8-1: device descriptor read/8, error -71
[ 1954.169554][T28816] FAULT_INJECTION: forcing a failure.
[ 1954.169554][T28816] name failslab, interval 1, probability 0, space 0, times 0
[ 1954.324708][T28816] CPU: 0 UID: 0 PID: 28816 Comm: syz.7.7042 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1954.324740][T28816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1954.324754][T28816] Call Trace:
[ 1954.324762][T28816]  <TASK>
[ 1954.324771][T28816]  dump_stack_lvl+0x189/0x250
[ 1954.324806][T28816]  ? __pfx____ratelimit+0x10/0x10
[ 1954.324837][T28816]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1954.324865][T28816]  ? __pfx__printk+0x10/0x10
[ 1954.324929][T28816]  ? __pfx___might_resched+0x10/0x10
[ 1954.324953][T28816]  ? fs_reclaim_acquire+0x7d/0x100
[ 1954.324978][T28816]  should_fail_ex+0x414/0x560
[ 1954.325009][T28816]  should_failslab+0xa8/0x100
[ 1954.325041][T28816]  __kmalloc_noprof+0xcb/0x4f0
[ 1954.325067][T28816]  ? kfree+0x4d/0x440
[ 1954.325089][T28816]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1954.325126][T28816]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1954.325158][T28816]  ? tomoyo_domain+0xda/0x130
[ 1954.325194][T28816]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1954.325220][T28816]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1954.325249][T28816]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1954.325292][T28816]  ? __lock_acquire+0xab9/0xd20
[ 1954.325336][T28816]  ? __fget_files+0x2a/0x420
[ 1954.325367][T28816]  ? __fget_files+0x2a/0x420
[ 1954.325395][T28816]  ? __fget_files+0x3a0/0x420
[ 1954.325422][T28816]  ? __fget_files+0x2a/0x420
[ 1954.325455][T28816]  security_file_ioctl+0xcb/0x2d0
[ 1954.325489][T28816]  __se_sys_ioctl+0x47/0x170
[ 1954.325516][T28816]  do_syscall_64+0xfa/0x3b0
[ 1954.325539][T28816]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1954.325562][T28816]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1954.325581][T28816]  ? clear_bhb_loop+0x60/0xb0
[ 1954.325606][T28816]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1954.325626][T28816] RIP: 0033:0x7fca48f8e969
[ 1954.325644][T28816] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1954.325662][T28816] RSP: 002b:00007fca49e8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1954.325684][T28816] RAX: ffffffffffffffda RBX: 00007fca491b5fa0 RCX: 00007fca48f8e969
[ 1954.325699][T28816] RDX: 00002000000002c0 RSI: 000000000000890b RDI: 0000000000000003
[ 1954.325713][T28816] RBP: 00007fca49e8f090 R08: 0000000000000000 R09: 0000000000000000
[ 1954.325726][T28816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1954.325738][T28816] R13: 0000000000000000 R14: 00007fca491b5fa0 R15: 00007ffc37e91d48
[ 1954.325770][T28816]  </TASK>
[ 1954.569256][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1954.959573][T28816] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1955.436069][T28832] netlink: 40 bytes leftover after parsing attributes in process `syz.6.7045'.
[ 1956.544922][   T24] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[ 1956.711872][   T24] usb 7-1: Using ep0 maxpacket: 32
[ 1956.731439][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1956.756854][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1956.773154][T28862] bond_slave_0: entered promiscuous mode
[ 1956.779796][T28862] bond_slave_1: entered promiscuous mode
[ 1956.780212][   T24] usb 7-1: New USB device found, idVendor=0c70, idProduct=f0b6, bcdDevice= 0.00
[ 1956.810776][T28862] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1956.813348][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1956.839497][   T24] usb 7-1: config 0 descriptor??
[ 1956.867000][T28862] team0: Port device macvlan2 added
[ 1957.285011][   T24] usbhid 7-1:0.0: can't add hid device: -71
[ 1957.443709][   T24] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[ 1957.850252][   T24] usb 7-1: USB disconnect, device number 10
[ 1958.153037][T28888] FAULT_INJECTION: forcing a failure.
[ 1958.153037][T28888] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1958.170899][T28888] CPU: 1 UID: 0 PID: 28888 Comm: syz.0.7071 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1958.170925][T28888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1958.170937][T28888] Call Trace:
[ 1958.170945][T28888]  <TASK>
[ 1958.170953][T28888]  dump_stack_lvl+0x189/0x250
[ 1958.170983][T28888]  ? __pfx____ratelimit+0x10/0x10
[ 1958.171004][T28888]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1958.171029][T28888]  ? __pfx__printk+0x10/0x10
[ 1958.171057][T28888]  ? __might_fault+0xb0/0x130
[ 1958.171093][T28888]  should_fail_ex+0x414/0x560
[ 1958.171121][T28888]  _copy_from_user+0x2d/0xb0
[ 1958.171141][T28888]  ___sys_sendmsg+0x158/0x2a0
[ 1958.171168][T28888]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1958.171225][T28888]  ? __fget_files+0x2a/0x420
[ 1958.171251][T28888]  ? __fget_files+0x3a0/0x420
[ 1958.171287][T28888]  __x64_sys_sendmsg+0x19b/0x260
[ 1958.171314][T28888]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1958.171348][T28888]  ? __pfx_ksys_write+0x10/0x10
[ 1958.171369][T28888]  ? rcu_is_watching+0x15/0xb0
[ 1958.171398][T28888]  ? do_syscall_64+0xbe/0x3b0
[ 1958.171425][T28888]  do_syscall_64+0xfa/0x3b0
[ 1958.171446][T28888]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1958.171467][T28888]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1958.171490][T28888]  ? clear_bhb_loop+0x60/0xb0
[ 1958.171513][T28888]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1958.171531][T28888] RIP: 0033:0x7f709f18e969
[ 1958.171547][T28888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1958.171563][T28888] RSP: 002b:00007f70a00cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1958.171582][T28888] RAX: ffffffffffffffda RBX: 00007f709f3b5fa0 RCX: 00007f709f18e969
[ 1958.171596][T28888] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[ 1958.171607][T28888] RBP: 00007f70a00cf090 R08: 0000000000000000 R09: 0000000000000000
[ 1958.171619][T28888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1958.171630][T28888] R13: 0000000000000000 R14: 00007f709f3b5fa0 R15: 00007ffe9c1fd788
[ 1958.171659][T28888]  </TASK>
[ 1959.145158][T28895] 8021q: adding VLAN 0 to HW filter on device macvlan2
[ 1959.155102][T28895] team0: Port device macvlan2 added
[ 1959.511752][T28917] sctp: [Deprecated]: syz.3.7083 (pid 28917) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1959.511752][T28917] Use struct sctp_sack_info instead
[ 1959.607529][T26211] usb 8-1: new high-speed USB device number 14 using dummy_hcd
[ 1959.783373][T26211] usb 8-1: Using ep0 maxpacket: 8
[ 1959.812108][T26211] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[ 1959.845492][T26211] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1960.357853][T26211] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1960.369739][T26211] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1960.380957][T26211] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1960.547864][T26211] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[ 1960.623062][T26211] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1960.809296][T26211] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1960.813089][T27384] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[ 1960.827900][T26211] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1960.840488][T26211] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1960.858955][T26211] usb 8-1: config 168 descriptor has 1 excess byte, ignoring
[ 1960.866815][T26211] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[ 1960.878279][T26211] usb 8-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[ 1960.890406][T26211] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[ 1960.903064][T26211] usb 8-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[ 1960.917280][T26211] usb 8-1: string descriptor 0 read error: -22
[ 1960.923743][T26211] usb 8-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[ 1960.932893][T26211] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1960.973788][T26211] adutux 8-1:168.0: ADU100  now attached to /dev/usb/adutux0
[ 1960.999401][T28937] 8021q: VLANs not supported on sit0
[ 1961.046825][T27384] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1961.162294][T27384] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1961.217734][T28937] overlayfs: failed to clone upperpath
[ 1961.259111][T27384] usb 7-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1961.428248][T27384] usb 7-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5
[ 1961.500672][T27384] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1961.560906][T27384] usb 7-1: Product: syz
[ 1961.616102][T27384] usb 7-1: Manufacturer: syz
[ 1961.662901][T27384] usb 7-1: SerialNumber: syz
[ 1961.912616][T27384] usb 7-1: config 0 descriptor??
[ 1961.984205][T27384] usb 7-1: Found UVC 34.00 device syz (8086:0b5b)
[ 1961.990699][T27384] usb 7-1: No valid video chain found.
[ 1962.152748][T28928] FAULT_INJECTION: forcing a failure.
[ 1962.152748][T28928] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1962.197858][T28928] CPU: 0 UID: 0 PID: 28928 Comm: syz.6.7087 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1962.197886][T28928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1962.197898][T28928] Call Trace:
[ 1962.197906][T28928]  <TASK>
[ 1962.197915][T28928]  dump_stack_lvl+0x189/0x250
[ 1962.197947][T28928]  ? __pfx____ratelimit+0x10/0x10
[ 1962.197970][T28928]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1962.197995][T28928]  ? __pfx__printk+0x10/0x10
[ 1962.198025][T28928]  ? __might_fault+0xb0/0x130
[ 1962.198063][T28928]  should_fail_ex+0x414/0x560
[ 1962.198092][T28928]  _copy_from_user+0x2d/0xb0
[ 1962.198111][T28928]  ___sys_sendmsg+0x158/0x2a0
[ 1962.198138][T28928]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1962.198198][T28928]  ? __fget_files+0x2a/0x420
[ 1962.198225][T28928]  ? __fget_files+0x3a0/0x420
[ 1962.198273][T28928]  __x64_sys_sendmsg+0x19b/0x260
[ 1962.198301][T28928]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1962.198336][T28928]  ? __pfx_ksys_write+0x10/0x10
[ 1962.198358][T28928]  ? rcu_is_watching+0x15/0xb0
[ 1962.198386][T28928]  ? do_syscall_64+0xbe/0x3b0
[ 1962.198413][T28928]  do_syscall_64+0xfa/0x3b0
[ 1962.198437][T28928]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1962.198455][T28928]  ? asm_sysvec_call_function_single+0x1a/0x20
[ 1962.198474][T28928]  ? clear_bhb_loop+0x60/0xb0
[ 1962.198496][T28928]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1962.198515][T28928] RIP: 0033:0x7f9616d8e969
[ 1962.198531][T28928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1962.198548][T28928] RSP: 002b:00007f9617c04038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1962.198567][T28928] RAX: ffffffffffffffda RBX: 00007f9616fb5fa0 RCX: 00007f9616d8e969
[ 1962.198581][T28928] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[ 1962.198593][T28928] RBP: 00007f9617c04090 R08: 0000000000000000 R09: 0000000000000000
[ 1962.198605][T28928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1962.198615][T28928] R13: 0000000000000000 R14: 00007f9616fb5fa0 R15: 00007ffeb9224688
[ 1962.198644][T28928]  </TASK>
[ 1962.199645][T24736] usb 7-1: USB disconnect, device number 11
[ 1962.892484][T24666] Bluetooth: hci3: command 0x0406 tx timeout
[ 1964.094733][T22597] usb 8-1: USB disconnect, device number 14
[ 1964.965090][T28981] 8021q: VLANs not supported on sit0
[ 1968.125594][T29019] 8021q: VLANs not supported on sit0
[ 1968.322207][T29022] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1969.168234][T29031] fuse: Bad value for 'fd'
[ 1969.194088][T29033] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1969.455001][T29031] program syz.6.7121 is using a deprecated SCSI ioctl, please convert it to SG_IO
[ 1969.931996][T26211] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[ 1970.241604][T26211] usb 7-1: Using ep0 maxpacket: 8
[ 1970.255094][T26211] usb 7-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[ 1970.264586][T26211] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1970.282061][T26211] usb 7-1: Product: syz
[ 1970.286331][T26211] usb 7-1: Manufacturer: syz
[ 1970.291142][T26211] usb 7-1: SerialNumber: syz
[ 1970.330675][T26211] usb 7-1: config 0 descriptor??
[ 1970.391144][T26211] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[ 1970.450786][T26211] usb 7-1: setting power ON
[ 1970.563492][T26211] dvb-usb: bulk message failed: -22 (2/0)
[ 1970.847086][T26211] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1970.982001][T26211] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[ 1970.997143][T26211] usb 7-1: media controller created
[ 1971.021717][T26211] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1971.080713][T26211] usb 7-1: selecting invalid altsetting 6
[ 1971.117960][T26211] usb 7-1: digital interface selection failed (-22)
[ 1971.135778][T26211] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[ 1971.159095][T26211] usb 7-1: setting power OFF
[ 1971.170983][T26211] dvb-usb: bulk message failed: -22 (2/0)
[ 1971.185488][T26211] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[ 1971.241635][T26211] (NULL device *): no alternate interface
[ 1971.548920][T26211] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[ 1971.788175][T26211] usb 7-1: USB disconnect, device number 12
[ 1973.560695][T29086] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7140'.
[ 1973.586086][T29086] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7140'.
[ 1973.616116][T29086] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7140'.
[ 1973.639794][T29088] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7140'.
[ 1973.818847][T29093] netlink: 'syz.3.7142': attribute type 1 has an invalid length.
[ 1973.906918][T29093] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1974.171260][T29093] bond1: (slave gretap1): making interface the new active one
[ 1974.181445][T29093] bond1: (slave gretap1): Enslaving as an active interface with an up link
[ 1974.462987][T24736] usb 1-1: new high-speed USB device number 73 using dummy_hcd
[ 1974.727692][T24736] usb 1-1: Using ep0 maxpacket: 32
[ 1974.738196][T24736] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.c0
[ 1974.750969][T24736] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1975.518899][T24736] usb 1-1: config 0 descriptor??
[ 1975.713951][   T24] usb 2-1: new high-speed USB device number 58 using dummy_hcd
[ 1975.890533][   T24] usb 2-1: device descriptor read/64, error -71
[ 1976.064501][T29099] FAULT_INJECTION: forcing a failure.
[ 1976.064501][T29099] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1976.231637][T24736] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[ 1976.251976][T29099] CPU: 0 UID: 0 PID: 29099 Comm: syz.0.7144 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1976.252002][T29099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1976.252015][T29099] Call Trace:
[ 1976.252022][T29099]  <TASK>
[ 1976.252031][T29099]  dump_stack_lvl+0x189/0x250
[ 1976.252080][T29099]  ? __pfx____ratelimit+0x10/0x10
[ 1976.252104][T29099]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1976.252131][T29099]  ? __pfx__printk+0x10/0x10
[ 1976.252176][T29099]  should_fail_ex+0x414/0x560
[ 1976.252208][T29099]  _copy_to_user+0x31/0xb0
[ 1976.252231][T29099]  simple_read_from_buffer+0xe1/0x170
[ 1976.252265][T29099]  proc_fail_nth_read+0x1df/0x250
[ 1976.252288][T29099]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1976.252312][T29099]  ? rw_verify_area+0x258/0x650
[ 1976.252336][T29099]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1976.252357][T29099]  vfs_read+0x200/0x980
[ 1976.252389][T29099]  ? __pfx___mutex_lock+0x10/0x10
[ 1976.252414][T29099]  ? __pfx_vfs_read+0x10/0x10
[ 1976.252440][T29099]  ? __fget_files+0x2a/0x420
[ 1976.252474][T29099]  ? __fget_files+0x3a0/0x420
[ 1976.252502][T29099]  ? __fget_files+0x2a/0x420
[ 1976.252541][T29099]  ksys_read+0x145/0x250
[ 1976.252569][T29099]  ? __pfx_ksys_read+0x10/0x10
[ 1976.252607][T29099]  do_syscall_64+0xfa/0x3b0
[ 1976.252633][T29099]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1976.252652][T29099]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[ 1976.252671][T29099]  ? clear_bhb_loop+0x60/0xb0
[ 1976.252696][T29099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1976.252716][T29099] RIP: 0033:0x7f709f18d37c
[ 1976.252734][T29099] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[ 1976.252751][T29099] RSP: 002b:00007f70a00cf030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1976.252772][T29099] RAX: ffffffffffffffda RBX: 00007f709f3b5fa0 RCX: 00007f709f18d37c
[ 1976.252787][T29099] RDX: 000000000000000f RSI: 00007f70a00cf0a0 RDI: 0000000000000004
[ 1976.252800][T29099] RBP: 00007f70a00cf090 R08: 0000000000000000 R09: 0000000000000000
[ 1976.252812][T29099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1976.252835][T29099] R13: 0000000000000000 R14: 00007f709f3b5fa0 R15: 00007ffe9c1fd788
[ 1976.252864][T29099]  </TASK>
[ 1976.394621][   T24] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[ 1976.421589][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[ 1976.506854][T24736] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[ 1976.519226][T24736] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[ 1976.528416][T24736] usb 1-1: media controller created
[ 1977.140729][T24736] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[ 1977.198627][T24736] az6027: usb out operation failed. (-71)
[ 1977.212522][T24736] az6027: usb out operation failed. (-71)
[ 1977.218341][T24736] stb0899_attach: Driver disabled by Kconfig
[ 1977.228212][T24736] az6027: no front-end attached
[ 1977.228212][T24736] 
[ 1977.238750][T24736] az6027: usb out operation failed. (-71)
[ 1977.244956][T24736] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[ 1977.255053][T24736] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input21
[ 1977.317448][T24736] dvb-usb: schedule remote query interval to 400 msecs.
[ 1977.364575][T24736] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[ 1977.393295][T24736] usb 1-1: USB disconnect, device number 73
[ 1977.581630][T29131] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7152'.
[ 1977.623411][T24736] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[ 1977.624475][   T24] usb 2-1: device descriptor read/64, error -71
[ 1977.762026][   T24] usb usb2-port1: attempt power cycle
[ 1978.338395][T29157] FAULT_INJECTION: forcing a failure.
[ 1978.338395][T29157] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1978.353829][T29157] CPU: 0 UID: 0 PID: 29157 Comm: syz.0.7161 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1978.353856][T29157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1978.353869][T29157] Call Trace:
[ 1978.353877][T29157]  <TASK>
[ 1978.353886][T29157]  dump_stack_lvl+0x189/0x250
[ 1978.353922][T29157]  ? __pfx____ratelimit+0x10/0x10
[ 1978.353946][T29157]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1978.353974][T29157]  ? __pfx__printk+0x10/0x10
[ 1978.354006][T29157]  ? __might_fault+0xb0/0x130
[ 1978.354046][T29157]  should_fail_ex+0x414/0x560
[ 1978.354078][T29157]  _copy_from_user+0x2d/0xb0
[ 1978.354099][T29157]  ___sys_sendmsg+0x158/0x2a0
[ 1978.354129][T29157]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1978.354192][T29157]  ? __fget_files+0x2a/0x420
[ 1978.354221][T29157]  ? __fget_files+0x3a0/0x420
[ 1978.354261][T29157]  __x64_sys_sendmsg+0x19b/0x260
[ 1978.354292][T29157]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[ 1978.354329][T29157]  ? __pfx_ksys_write+0x10/0x10
[ 1978.354353][T29157]  ? rcu_is_watching+0x15/0xb0
[ 1978.354383][T29157]  ? do_syscall_64+0xbe/0x3b0
[ 1978.354412][T29157]  do_syscall_64+0xfa/0x3b0
[ 1978.354435][T29157]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1978.354457][T29157]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1978.354478][T29157]  ? clear_bhb_loop+0x60/0xb0
[ 1978.354502][T29157]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1978.354522][T29157] RIP: 0033:0x7f709f18e969
[ 1978.354539][T29157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1978.354557][T29157] RSP: 002b:00007f70a00cf038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1978.354578][T29157] RAX: ffffffffffffffda RBX: 00007f709f3b5fa0 RCX: 00007f709f18e969
[ 1978.354593][T29157] RDX: 0000000004004000 RSI: 0000200000000100 RDI: 0000000000000003
[ 1978.354606][T29157] RBP: 00007f70a00cf090 R08: 0000000000000000 R09: 0000000000000000
[ 1978.354619][T29157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1978.354632][T29157] R13: 0000000000000000 R14: 00007f709f3b5fa0 R15: 00007ffe9c1fd788
[ 1978.354664][T29157]  </TASK>
[ 1978.411636][   T24] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[ 1979.166159][T29158] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7159'.
[ 1979.437516][   T24] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1979.630821][   T24] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1980.339729][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1980.436006][   T24] usb 2-1: Product: syz
[ 1980.440715][   T24] usb 2-1: Manufacturer: syz
[ 1980.451229][   T24] usb 2-1: SerialNumber: syz
[ 1980.691958][   T24] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 60 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1980.992136][T29181] netlink: 'syz.7.7169': attribute type 1 has an invalid length.
[ 1981.042631][T29181] netlink: 830 bytes leftover after parsing attributes in process `syz.7.7169'.
[ 1981.375070][T29190] ptrace attach of "./syz-executor exec"[27599] was attempted by ""[29190]
[ 1982.813404][T17395] Bluetooth: hci3: unknown advertising packet type: 0x49
[ 1983.374936][T29203] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7174'.
[ 1983.828180][T29208] 8021q: VLANs not supported on sit0
[ 1984.006476][T29208] overlayfs: failed to clone upperpath
[ 1984.060143][   T24] usb 2-1: USB disconnect, device number 60
[ 1984.092166][   T24] usblp0: removed
[ 1984.275732][T29215] netlink: 'syz.7.7180': attribute type 72 has an invalid length.
[ 1984.724027][T29229] i2c i2c-0: Invalid block write size 34
[ 1984.741376][T29229] netlink: 'syz.0.7185': attribute type 1 has an invalid length.
[ 1984.989754][T29229] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1985.922013][T29242] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7189'.
[ 1986.007296][T29243] FAULT_INJECTION: forcing a failure.
[ 1986.007296][T29243] name failslab, interval 1, probability 0, space 0, times 0
[ 1986.052203][T17395] Bluetooth: hci0: unknown advertising packet type: 0x49
[ 1986.081570][T29243] CPU: 0 UID: 0 PID: 29243 Comm: syz.1.7188 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1986.081599][T29243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1986.081613][T29243] Call Trace:
[ 1986.081621][T29243]  <TASK>
[ 1986.081631][T29243]  dump_stack_lvl+0x189/0x250
[ 1986.081664][T29243]  ? __pfx____ratelimit+0x10/0x10
[ 1986.081688][T29243]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1986.081716][T29243]  ? __pfx__printk+0x10/0x10
[ 1986.081757][T29243]  ? __pfx___might_resched+0x10/0x10
[ 1986.081783][T29243]  ? fs_reclaim_acquire+0x7d/0x100
[ 1986.081808][T29243]  should_fail_ex+0x414/0x560
[ 1986.081839][T29243]  should_failslab+0xa8/0x100
[ 1986.081869][T29243]  __kmalloc_noprof+0xcb/0x4f0
[ 1986.081895][T29243]  ? kfree+0x4d/0x440
[ 1986.081917][T29243]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1986.081953][T29243]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1986.081985][T29243]  ? tomoyo_domain+0xda/0x130
[ 1986.082021][T29243]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1986.082046][T29243]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1986.082075][T29243]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1986.082125][T29243]  ? __lock_acquire+0xab9/0xd20
[ 1986.082168][T29243]  ? __fget_files+0x2a/0x420
[ 1986.082200][T29243]  ? __fget_files+0x2a/0x420
[ 1986.082228][T29243]  ? __fget_files+0x3a0/0x420
[ 1986.082256][T29243]  ? __fget_files+0x2a/0x420
[ 1986.082289][T29243]  security_file_ioctl+0xcb/0x2d0
[ 1986.082319][T29243]  __se_sys_ioctl+0x47/0x170
[ 1986.082346][T29243]  do_syscall_64+0xfa/0x3b0
[ 1986.082370][T29243]  ? lockdep_hardirqs_on+0x9c/0x150
[ 1986.082392][T29243]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1986.082413][T29243]  ? clear_bhb_loop+0x60/0xb0
[ 1986.082437][T29243]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1986.082456][T29243] RIP: 0033:0x7ff2dbd8e969
[ 1986.082473][T29243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1986.082491][T29243] RSP: 002b:00007ff2d9bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1986.082512][T29243] RAX: ffffffffffffffda RBX: 00007ff2dbfb6080 RCX: 00007ff2dbd8e969
[ 1986.082528][T29243] RDX: 0000200000000200 RSI: 00000000c0045627 RDI: 0000000000000005
[ 1986.082541][T29243] RBP: 00007ff2d9bf6090 R08: 0000000000000000 R09: 0000000000000000
[ 1986.082553][T29243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1986.082566][T29243] R13: 0000000000000000 R14: 00007ff2dbfb6080 R15: 00007ffec2385268
[ 1986.082597][T29243]  </TASK>
[ 1986.082682][T29243] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1986.535664][T29250] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7192'.
[ 1986.878375][T17395] Bluetooth: hci0: unexpected event for opcode 0x6c61
[ 1987.367313][T29256] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[ 1987.637818][T29260] 8021q: VLANs not supported on sit0
[ 1987.765736][T29262] __vm_enough_memory: pid: 29262, comm: syz.6.7197, bytes: 4503599627366400 not enough memory for the allocation
[ 1988.242493][   T30] audit: type=1800 audit(1748401557.535:742): pid=29269 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.7198" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[ 1988.392432][T27384] usb 8-1: new high-speed USB device number 15 using dummy_hcd
[ 1988.411196][T19807] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[ 1988.561564][T27384] usb 8-1: device descriptor read/64, error -71
[ 1988.574091][T19807] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1988.584497][T19807] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2
[ 1988.624021][T19807] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[ 1988.829942][T19807] usb 2-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5
[ 1988.843087][T19807] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1988.851198][T19807] usb 2-1: Product: syz
[ 1988.868568][T19807] usb 2-1: Manufacturer: syz
[ 1988.873311][T19807] usb 2-1: SerialNumber: syz
[ 1988.881587][T27384] usb 8-1: new high-speed USB device number 16 using dummy_hcd
[ 1988.948388][T19807] usb 2-1: config 0 descriptor??
[ 1988.968957][T19807] usb 2-1: Found UVC 34.00 device syz (8086:0b5b)
[ 1989.118140][T27384] usb 8-1: device descriptor read/64, error -71
[ 1989.141716][T19807] usb 2-1: No valid video chain found.
[ 1989.762532][T27384] usb usb8-port1: attempt power cycle
[ 1990.205666][T29287] No control pipe specified
[ 1990.271743][T27384] usb 8-1: new high-speed USB device number 17 using dummy_hcd
[ 1991.121214][T29289] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7205'.
[ 1991.235915][T27384] usb 8-1: device descriptor read/8, error -71
[ 1991.803026][T29298] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7208'.
[ 1992.186925][T29310] tipc: Started in network mode
[ 1992.192471][T29310] tipc: Node identity 2a88546f60c, cluster identity 4711
[ 1992.200466][T29310] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[ 1992.215459][T29310] syzkaller0: entered promiscuous mode
[ 1992.221421][T29310] syzkaller0: entered allmulticast mode
[ 1992.233913][T29310] FAULT_INJECTION: forcing a failure.
[ 1992.233913][T29310] name failslab, interval 1, probability 0, space 0, times 0
[ 1992.247745][T29310] CPU: 1 UID: 0 PID: 29310 Comm: syz.7.7214 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 1992.247770][T29310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1992.247783][T29310] Call Trace:
[ 1992.247791][T29310]  <TASK>
[ 1992.247799][T29310]  dump_stack_lvl+0x189/0x250
[ 1992.247831][T29310]  ? __pfx____ratelimit+0x10/0x10
[ 1992.247853][T29310]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1992.247879][T29310]  ? __pfx__printk+0x10/0x10
[ 1992.247915][T29310]  ? __pfx___might_resched+0x10/0x10
[ 1992.247942][T29310]  ? fs_reclaim_acquire+0x7d/0x100
[ 1992.247967][T29310]  should_fail_ex+0x414/0x560
[ 1992.247997][T29310]  should_failslab+0xa8/0x100
[ 1992.248027][T29310]  __kmalloc_noprof+0xcb/0x4f0
[ 1992.248052][T29310]  ? kfree+0x4d/0x440
[ 1992.248073][T29310]  ? tomoyo_realpath_from_path+0xe3/0x5d0
[ 1992.248107][T29310]  tomoyo_realpath_from_path+0xe3/0x5d0
[ 1992.248138][T29310]  ? tomoyo_domain+0xda/0x130
[ 1992.248172][T29310]  ? tomoyo_path_number_perm+0x1bc/0x5a0
[ 1992.248197][T29310]  tomoyo_path_number_perm+0x1e8/0x5a0
[ 1992.248224][T29310]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1992.248265][T29310]  ? __lock_acquire+0xab9/0xd20
[ 1992.248307][T29310]  ? __fget_files+0x2a/0x420
[ 1992.248338][T29310]  ? __fget_files+0x2a/0x420
[ 1992.248364][T29310]  ? __fget_files+0x3a0/0x420
[ 1992.248390][T29310]  ? __fget_files+0x2a/0x420
[ 1992.248422][T29310]  security_file_ioctl+0xcb/0x2d0
[ 1992.248450][T29310]  __se_sys_ioctl+0x47/0x170
[ 1992.248476][T29310]  do_syscall_64+0xfa/0x3b0
[ 1992.248501][T29310]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1992.248519][T29310]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1992.248537][T29310]  ? clear_bhb_loop+0x60/0xb0
[ 1992.248561][T29310]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1992.248578][T29310] RIP: 0033:0x7fca48f8e969
[ 1992.248595][T29310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1992.248620][T29310] RSP: 002b:00007fca49e8f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1992.248640][T29310] RAX: ffffffffffffffda RBX: 00007fca491b5fa0 RCX: 00007fca48f8e969
[ 1992.248654][T29310] RDX: 0000200000002280 RSI: 0000000000008922 RDI: 0000000000000005
[ 1992.248666][T29310] RBP: 00007fca49e8f090 R08: 0000000000000000 R09: 0000000000000000
[ 1992.248679][T29310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1992.248690][T29310] R13: 0000000000000000 R14: 00007fca491b5fa0 R15: 00007ffc37e91d48
[ 1992.248720][T29310]  </TASK>
[ 1992.249047][T29310] ERROR: Out of memory at tomoyo_realpath_from_path.
[ 1992.629688][T24736] usb 2-1: USB disconnect, device number 61
[ 1993.052702][T29309] tipc: Resetting bearer <eth:syzkaller0>
[ 1993.059504][T17395] Bluetooth: hci6: unexpected event for opcode 0x6c3e
[ 1994.021720][T27384] tipc: Node number set to 1246254191
[ 1994.239915][T29309] tipc: Disabling bearer <eth:syzkaller0>
[ 1996.932474][   T10] usb 2-1: [UEAGLE-ATM] firmware is not available
[ 1997.563586][T29362] cgroup: Invalid name
[ 1997.736363][T24666] Bluetooth: hci0: unexpected event for opcode 0x6c3e
[ 1997.979422][T16945] usb 2-1: new high-speed USB device number 62 using dummy_hcd
[ 1998.110207][T29378] xt_SECMARK: invalid mode: 2
[ 1998.185838][T16945] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1998.493907][T16945] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[ 1998.673344][T16945] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1998.683363][T16945] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1998.691453][T16945] usb 2-1: Product: syz
[ 1998.695711][T16945] usb 2-1: Manufacturer: syz
[ 1998.700378][T16945] usb 2-1: SerialNumber: syz
[ 1998.891596][   T10] usb 8-1: new high-speed USB device number 19 using dummy_hcd
[ 1998.947501][T29359] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1998.987467][T29359] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1998.992009][T16945] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[ 1999.007419][T16945] usb 2-1: USB disconnect, device number 62
[ 1999.041187][T29383] xt_SECMARK: invalid mode: 2
[ 1999.055705][   T10] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1999.597288][   T10] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 1999.627103][   T10] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 1999.759236][   T10] usb 8-1: Product: syz
[ 1999.766415][   T10] usb 8-1: Manufacturer: syz
[ 1999.771049][   T10] usb 8-1: SerialNumber: syz
[ 1999.871795][T27384] usb 1-1: new full-speed USB device number 74 using dummy_hcd
[ 1999.931694][T16945] usb 2-1: new high-speed USB device number 63 using dummy_hcd
[ 1999.993704][   T10] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 19 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 2000.036175][T27384] usb 1-1: not running at top speed; connect to a high speed hub
[ 2000.051348][T27384] usb 1-1: config 5 has an invalid interface number: 148 but max is 0
[ 2000.067764][T27384] usb 1-1: config 5 has no interface number 0
[ 2000.088739][T27384] usb 1-1: config 5 interface 148 altsetting 1 endpoint 0xC has an invalid bInterval 250, changing to 4
[ 2000.102563][T27384] usb 1-1: config 5 interface 148 altsetting 1 endpoint 0xD has invalid wMaxPacketSize 0
[ 2000.106199][T16945] usb 2-1: Using ep0 maxpacket: 8
[ 2000.112680][T27384] usb 1-1: config 5 interface 148 has no altsetting 0
[ 2000.126834][T27384] usb 1-1: New USB device found, idVendor=05ac, idProduct=d181, bcdDevice=b4.a2
[ 2000.129255][T16945] usb 2-1: config index 0 descriptor too short (expected 301, got 72)
[ 2000.136296][T27384] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2000.136319][T27384] usb 1-1: Product: syz
[ 2000.136334][T27384] usb 1-1: Manufacturer: syz
[ 2000.136349][T27384] usb 1-1: SerialNumber: syz
[ 2000.176968][T16945] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[ 2000.188974][T16945] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[ 2000.235148][T16945] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[ 2000.247878][T16945] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[ 2000.261788][T16945] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[ 2000.291263][T16945] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[ 2000.300836][T16945] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2000.374589][T29390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 2000.405087][T29390] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 2000.451415][   T30] audit: type=1326 audit(1748401569.745:743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=29389 comm="syz.0.7237" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f709f18e969 code=0x0
[ 2000.722777][T16945] usb 2-1: usb_control_msg returned -71
[ 2000.729147][T16945] usbtmc 2-1:16.0: can't read capabilities
[ 2000.752355][T16945] usb 2-1: USB disconnect, device number 63
[ 2001.559421][T29411] warning: `syz.3.7243' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[ 2001.838782][   T10] usb 8-1: USB disconnect, device number 19
[ 2002.519613][   T10] usblp0: removed
[ 2003.007676][T27384] ipheth 1-1:5.148: Unable to find endpoints
[ 2003.071818][T27384] usb 1-1: USB disconnect, device number 74
[ 2003.948047][T29437] mkiss: ax0: crc mode is auto.
[ 2003.967204][T29438] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7251'.
[ 2004.180772][T24666] Bluetooth: hci0: unknown advertising packet type: 0x49
[ 2004.180803][T24666] Bluetooth: hci0: unknown advertising packet type: 0x9d
[ 2005.231350][T29452] netlink: 8 bytes leftover after parsing attributes in process `syz.6.7256'.
[ 2005.442779][T29447] syz.3.7255 (29447) used greatest stack depth: 18120 bytes left
[ 2006.212834][   T10] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[ 2006.271753][T16945] usb 2-1: new high-speed USB device number 64 using dummy_hcd
[ 2006.681675][T16945] usb 2-1: Using ep0 maxpacket: 16
[ 2006.717767][T16945] usb 2-1: config 0 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 238, changing to 11
[ 2006.761521][T16945] usb 2-1: config 0 interface 0 altsetting 13 endpoint 0x81 has invalid wMaxPacketSize 0
[ 2006.929714][T16945] usb 2-1: config 0 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2006.944633][T16945] usb 2-1: config 0 interface 0 has no altsetting 0
[ 2006.951357][T16945] usb 2-1: New USB device found, idVendor=044e, idProduct=120b, bcdDevice= 0.00
[ 2006.960907][T16945] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2006.993149][   T10] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 2007.026141][   T10] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[ 2007.052006][   T10] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[ 2007.070356][   T10] usb 7-1: Product: syz
[ 2007.076137][   T10] usb 7-1: Manufacturer: syz
[ 2007.084213][   T10] usb 7-1: SerialNumber: syz
[ 2007.172204][T16945] usb 2-1: config 0 descriptor??
[ 2007.907635][   T10] usblp 7-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 2008.085051][T16945] hid-alps 0003:044E:120B.0006: item fetching failed at offset 0/3
[ 2008.107175][T16945] hid-alps 0003:044E:120B.0006: parse failed
[ 2008.121726][T16945] hid-alps 0003:044E:120B.0006: probe with driver hid-alps failed with error -22
[ 2008.153835][T24666] Bluetooth: hci4: unknown advertising packet type: 0x49
[ 2008.153891][T24666] Bluetooth: hci4: unknown advertising packet type: 0x9d
[ 2008.325473][   T10] usb 2-1: USB disconnect, device number 64
[ 2009.471352][T16945] usb 7-1: USB disconnect, device number 13
[ 2009.493215][T16945] usblp0: removed
[ 2009.641709][T29507] netlink: 40 bytes leftover after parsing attributes in process `syz.3.7276'.
[ 2011.335601][T29524] sctp: [Deprecated]: syz.1.7282 (pid 29524) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 2011.335601][T29524] Use struct sctp_sack_info instead
[ 2011.561831][T27384] usb 7-1: new full-speed USB device number 14 using dummy_hcd
[ 2011.622929][T24666] Bluetooth: hci4: unknown advertising packet type: 0x49
[ 2011.622959][T24666] Bluetooth: hci4: unknown advertising packet type: 0x9d
[ 2011.790409][T27384] usb 7-1: config 0 has an invalid interface number: 176 but max is 2
[ 2011.888530][T27384] usb 7-1: config 0 has no interface number 1
[ 2011.930393][T27384] usb 7-1: New USB device found, idVendor=05c6, idProduct=9205, bcdDevice=29.ac
[ 2011.999721][T27384] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 2012.076831][T27384] usb 7-1: config 0 descriptor??
[ 2012.129020][T29533] input: syz0 as /devices/virtual/input/input22
[ 2012.333839][T29520] sp0: Synchronizing with TNC
[ 2012.383169][T19598] 
[ 2012.385497][T19598] =====================================================
[ 2012.392409][T19598] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
[ 2012.399854][T19598] 6.15.0-syzkaller-02443-g015a99fa7665 #0 Not tainted
[ 2012.406594][T19598] -----------------------------------------------------
[ 2012.413506][T19598] kworker/u8:5/19598 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[ 2012.421379][T19598] ffffffff8ead8098 (disc_data_lock#3){.?.+}-{3:3}, at: sixpack_write_wakeup+0x30/0x480
[ 2012.431041][T19598] 
[ 2012.431041][T19598] and this task is already holding:
[ 2012.438384][T19598] ffffffff99b53518 (&port_lock_key){-.-.}-{3:3}, at: uart_write+0xfa/0xa40
[ 2012.446987][T19598] which would create a new lock dependency:
[ 2012.452856][T19598]  (&port_lock_key){-.-.}-{3:3} -> (disc_data_lock#3){.?.+}-{3:3}
[ 2012.460687][T19598] 
[ 2012.460687][T19598] but this new dependency connects a HARDIRQ-irq-safe lock:
[ 2012.470114][T19598]  (&port_lock_key){-.-.}-{3:3}
[ 2012.470134][T19598] 
[ 2012.470134][T19598] ... which became HARDIRQ-irq-safe at:
[ 2012.482646][T19598]   lock_acquire+0x120/0x360
[ 2012.487219][T19598]   _raw_spin_lock_irqsave+0xa7/0xf0
[ 2012.492486][T19598]   serial8250_handle_irq+0x6b/0xbb0
[ 2012.497761][T19598]   serial8250_default_handle_irq+0xbf/0x1b0
[ 2012.503724][T19598]   serial8250_interrupt+0xa5/0x1d0
[ 2012.508916][T19598]   __handle_irq_event_percpu+0x28c/0x980
[ 2012.514630][T19598]   handle_irq_event+0x8b/0x1e0
[ 2012.519466][T19598]   handle_edge_irq+0x267/0x9c0
[ 2012.524301][T19598]   __common_interrupt+0x140/0x250
[ 2012.529396][T19598]   common_interrupt+0xb6/0xe0
[ 2012.534147][T19598]   asm_common_interrupt+0x26/0x40
[ 2012.539241][T19598]   pv_native_safe_halt+0x13/0x20
[ 2012.544250][T19598]   default_idle+0x13/0x20
[ 2012.548650][T19598]   default_idle_call+0x74/0xb0
[ 2012.553506][T19598]   do_idle+0x1e8/0x510
[ 2012.557649][T19598]   cpu_startup_entry+0x44/0x60
[ 2012.562485][T19598]   rest_init+0x2de/0x300
[ 2012.566806][T19598]   start_kernel+0x478/0x500
[ 2012.571382][T19598]   x86_64_start_reservations+0x24/0x30
[ 2012.576933][T19598]   x86_64_start_kernel+0x143/0x1c0
[ 2012.582120][T19598]   common_startup_64+0x13e/0x147
[ 2012.587151][T19598] 
[ 2012.587151][T19598] to a HARDIRQ-irq-unsafe lock:
[ 2012.594147][T19598]  (disc_data_lock#3){.?.+}-{3:3}
[ 2012.594175][T19598] 
[ 2012.594175][T19598] ... which became HARDIRQ-irq-unsafe at:
[ 2012.607026][T19598] ...
[ 2012.607032][T19598]   lock_acquire+0x120/0x360
[ 2012.614160][T19598]   _raw_read_lock+0x36/0x50
[ 2012.618733][T19598]   sixpack_write_wakeup+0x30/0x480
[ 2012.623923][T19598]   tty_wakeup+0xbe/0x100
[ 2012.628243][T19598]   tty_port_default_wakeup+0xa2/0xf0
[ 2012.633597][T19598]   tty_ldisc_hangup+0xdd/0x4b0
[ 2012.638439][T19598]   __tty_hangup+0x3df/0x650
[ 2012.643020][T19598]   tty_ioctl+0x757/0xde0
[ 2012.647337][T19598]   __se_sys_ioctl+0xf9/0x170
[ 2012.651998][T19598]   do_syscall_64+0xfa/0x3b0
[ 2012.656573][T19598]   entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2012.662533][T19598] 
[ 2012.662533][T19598] other info that might help us debug this:
[ 2012.662533][T19598] 
[ 2012.672743][T19598]  Possible interrupt unsafe locking scenario:
[ 2012.672743][T19598] 
[ 2012.681043][T19598]        CPU0                    CPU1
[ 2012.686400][T19598]        ----                    ----
[ 2012.691765][T19598]   lock(disc_data_lock#3);
[ 2012.696275][T19598]                                local_irq_disable();
[ 2012.703014][T19598]                                lock(&port_lock_key);
[ 2012.709852][T19598]                                lock(disc_data_lock#3);
[ 2012.716869][T19598]   <Interrupt>
[ 2012.720308][T19598]     lock(&port_lock_key);
[ 2012.724803][T19598] 
[ 2012.724803][T19598]  *** DEADLOCK ***
[ 2012.724803][T19598] 
[ 2012.732929][T19598] 6 locks held by kworker/u8:5/19598:
[ 2012.738280][T19598]  #0: ffff88801a089148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0
[ 2012.749925][T19598]  #1: ffffc9000b17fbc0 ((work_completion)(&buf->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0
[ 2012.761619][T19598]  #2: ffff8880244a8ca0 (&buf->lock){+.+.}-{4:4}, at: flush_to_ldisc+0x38/0x810
[ 2012.770654][T19598]  #3: ffff8880273160a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x90
[ 2012.779976][T19598]  #4: ffffffff99b53518 (&port_lock_key){-.-.}-{3:3}, at: uart_write+0xfa/0xa40
[ 2012.789031][T19598]  #5: ffff8880273160a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x1c/0x90
[ 2012.798340][T19598] 
[ 2012.798340][T19598] the dependencies between HARDIRQ-irq-safe lock and the holding lock:
[ 2012.808728][T19598] -> (&port_lock_key){-.-.}-{3:3} {
[ 2012.813930][T19598]    IN-HARDIRQ-W at:
[ 2012.817894][T19598]                     lock_acquire+0x120/0x360
[ 2012.824032][T19598]                     _raw_spin_lock_irqsave+0xa7/0xf0
[ 2012.830864][T19598]                     serial8250_handle_irq+0x6b/0xbb0
[ 2012.837706][T19598]                     serial8250_default_handle_irq+0xbf/0x1b0
[ 2012.845234][T19598]                     serial8250_interrupt+0xa5/0x1d0
[ 2012.851985][T19598]                     __handle_irq_event_percpu+0x28c/0x980
[ 2012.859260][T19598]                     handle_irq_event+0x8b/0x1e0
[ 2012.865667][T19598]                     handle_edge_irq+0x267/0x9c0
[ 2012.872081][T19598]                     __common_interrupt+0x140/0x250
[ 2012.878746][T19598]                     common_interrupt+0xb6/0xe0
[ 2012.885065][T19598]                     asm_common_interrupt+0x26/0x40
[ 2012.891727][T19598]                     pv_native_safe_halt+0x13/0x20
[ 2012.898299][T19598]                     default_idle+0x13/0x20
[ 2012.904265][T19598]                     default_idle_call+0x74/0xb0
[ 2012.910670][T19598]                     do_idle+0x1e8/0x510
[ 2012.916402][T19598]                     cpu_startup_entry+0x44/0x60
[ 2012.922823][T19598]                     rest_init+0x2de/0x300
[ 2012.928733][T19598]                     start_kernel+0x478/0x500
[ 2012.934870][T19598]                     x86_64_start_reservations+0x24/0x30
[ 2012.941970][T19598]                     x86_64_start_kernel+0x143/0x1c0
[ 2012.948900][T19598]                     common_startup_64+0x13e/0x147
[ 2012.955490][T19598]    IN-SOFTIRQ-W at:
[ 2012.959472][T19598]                     lock_acquire+0x120/0x360
[ 2012.965611][T19598]                     _raw_spin_lock_irqsave+0xa7/0xf0
[ 2012.972453][T19598]                     serial8250_handle_irq+0x6b/0xbb0
[ 2012.979289][T19598]                     serial8250_default_handle_irq+0xbf/0x1b0
[ 2012.986820][T19598]                     serial8250_interrupt+0xa5/0x1d0
[ 2012.993570][T19598]                     __handle_irq_event_percpu+0x28c/0x980
[ 2013.000855][T19598]                     handle_irq_event+0x8b/0x1e0
[ 2013.007259][T19598]                     handle_edge_irq+0x267/0x9c0
[ 2013.013669][T19598]                     __common_interrupt+0x140/0x250
[ 2013.020326][T19598]                     common_interrupt+0x5e/0xe0
[ 2013.026644][T19598]                     asm_common_interrupt+0x26/0x40
[ 2013.033302][T19598]                     rcu_is_watching+0x5a/0xb0
[ 2013.039549][T19598]                     unwind_next_frame+0xd4/0x2390
[ 2013.046127][T19598]                     arch_stack_walk+0x11c/0x150
[ 2013.052538][T19598]                     stack_trace_save+0x9c/0xe0
[ 2013.058851][T19598]                     kasan_save_track+0x3e/0x80
[ 2013.065162][T19598]                     kasan_save_free_info+0x46/0x50
[ 2013.071817][T19598]                     __kasan_slab_free+0x62/0x70
[ 2013.078218][T19598]                     kmem_cache_free+0x18f/0x400
[ 2013.084619][T19598]                     rcu_core+0xca8/0x1710
[ 2013.090497][T19598]                     handle_softirqs+0x283/0x870
[ 2013.096900][T19598]                     __irq_exit_rcu+0xca/0x1f0
[ 2013.103127][T19598]                     irq_exit_rcu+0x9/0x30
[ 2013.109034][T19598]                     sysvec_apic_timer_interrupt+0xa6/0xc0
[ 2013.116311][T19598]                     asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 2013.123923][T19598]                     lock_acquire+0x175/0x360
[ 2013.130059][T19598]                     unwind_next_frame+0xc2/0x2390
[ 2013.136655][T19598]                     arch_stack_walk+0x11c/0x150
[ 2013.143058][T19598]                     stack_trace_save+0x9c/0xe0
[ 2013.149377][T19598]                     kasan_save_track+0x3e/0x80
[ 2013.155693][T19598]                     __kasan_kmalloc+0x93/0xb0
[ 2013.161925][T19598]                     __kmalloc_noprof+0x27a/0x4f0
[ 2013.168415][T19598]                     tomoyo_get_name+0x20c/0x590
[ 2013.174819][T19598]                     tomoyo_parse_name_union+0xd9/0x130
[ 2013.181827][T19598]                     tomoyo_write_file+0x359/0xbb0
[ 2013.188398][T19598]                     tomoyo_supervisor+0x116a/0x1480
[ 2013.195154][T19598]                     tomoyo_path_permission+0x25a/0x380
[ 2013.202160][T19598]                     tomoyo_path_perm+0x392/0x4b0
[ 2013.208656][T19598]                     security_inode_getattr+0x12f/0x330
[ 2013.215660][T19598]                     vfs_statx+0x18e/0x550
[ 2013.221545][T19598]                     vfs_fstatat+0x118/0x170
[ 2013.227597][T19598]                     __x64_sys_newfstatat+0x116/0x190
[ 2013.234427][T19598]                     do_syscall_64+0xfa/0x3b0
[ 2013.240562][T19598]                     entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2013.248085][T19598]    INITIAL USE at:
[ 2013.251976][T19598]                    lock_acquire+0x120/0x360
[ 2013.258028][T19598]                    _raw_spin_lock_irqsave+0xa7/0xf0
[ 2013.264777][T19598]                    serial8250_do_set_termios+0x4bb/0x1c20
[ 2013.272055][T19598]                    uart_set_options+0x3c2/0x5b0
[ 2013.278451][T19598]                    serial8250_console_setup+0x2f4/0x3c0
[ 2013.285538][T19598]                    univ8250_console_setup+0x43a/0x540
[ 2013.292469][T19598]                    try_enable_preferred_console+0x4e4/0x650
[ 2013.299932][T19598]                    register_console+0x551/0xf90
[ 2013.306339][T19598]                    univ8250_console_init+0x52/0x90
[ 2013.313009][T19598]                    console_init+0x1a1/0x670
[ 2013.319062][T19598]                    start_kernel+0x2cc/0x500
[ 2013.325116][T19598]                    x86_64_start_reservations+0x24/0x30
[ 2013.332127][T19598]                    x86_64_start_kernel+0x143/0x1c0
[ 2013.338795][T19598]                    common_startup_64+0x13e/0x147
[ 2013.345281][T19598]  }
[ 2013.347765][T19598]  ... key      at: [<ffffffff99b528e0>] port_lock_key+0x0/0x20
[ 2013.355386][T19598] 
[ 2013.355386][T19598] the dependencies between the lock to be acquired
[ 2013.355395][T19598]  and HARDIRQ-irq-unsafe lock:
[ 2013.368874][T19598] -> (disc_data_lock#3){.?.+}-{3:3} {
[ 2013.374250][T19598]    IN-HARDIRQ-R at:
[ 2013.378212][T19598]                     lock_acquire+0x120/0x360
[ 2013.384347][T19598]                     _raw_read_lock+0x36/0x50
[ 2013.390481][T19598]                     sixpack_write_wakeup+0x30/0x480
[ 2013.397229][T19598]                     tty_wakeup+0xbe/0x100
[ 2013.403106][T19598]                     tty_port_default_wakeup+0xa2/0xf0
[ 2013.410034][T19598]                     serial8250_tx_chars+0x72e/0x970
[ 2013.416790][T19598]                     serial8250_handle_irq+0x633/0xbb0
[ 2013.423716][T19598]                     serial8250_default_handle_irq+0xbf/0x1b0
[ 2013.431242][T19598]                     serial8250_interrupt+0xa5/0x1d0
[ 2013.437986][T19598]                     __handle_irq_event_percpu+0x28c/0x980
[ 2013.445252][T19598]                     handle_irq_event+0x8b/0x1e0
[ 2013.451650][T19598]                     handle_edge_irq+0x267/0x9c0
[ 2013.458048][T19598]                     __common_interrupt+0x140/0x250
[ 2013.464704][T19598]                     common_interrupt+0xb6/0xe0
[ 2013.471016][T19598]                     asm_common_interrupt+0x26/0x40
[ 2013.477670][T19598]                     kasan_check_range+0x89/0x2c0
[ 2013.484155][T19598]                     do_raw_spin_lock+0x121/0x290
[ 2013.490647][T19598]                     wg_ratelimiter_gc_entries+0x5d/0x450
[ 2013.497834][T19598]                     process_scheduled_works+0xadb/0x17a0
[ 2013.505015][T19598]                     worker_thread+0x8a0/0xda0
[ 2013.511240][T19598]                     kthread+0x711/0x8a0
[ 2013.516937][T19598]                     ret_from_fork+0x3fc/0x770
[ 2013.523160][T19598]                     ret_from_fork_asm+0x1a/0x30
[ 2013.529555][T19598]    HARDIRQ-ON-R at:
[ 2013.533524][T19598]                     lock_acquire+0x120/0x360
[ 2013.539662][T19598]                     _raw_read_lock+0x36/0x50
[ 2013.545799][T19598]                     sixpack_write_wakeup+0x30/0x480
[ 2013.552545][T19598]                     tty_wakeup+0xbe/0x100
[ 2013.558421][T19598]                     tty_port_default_wakeup+0xa2/0xf0
[ 2013.565336][T19598]                     tty_ldisc_hangup+0xdd/0x4b0
[ 2013.571735][T19598]                     __tty_hangup+0x3df/0x650
[ 2013.577881][T19598]                     tty_ioctl+0x757/0xde0
[ 2013.583764][T19598]                     __se_sys_ioctl+0xf9/0x170
[ 2013.589988][T19598]                     do_syscall_64+0xfa/0x3b0
[ 2013.596131][T19598]                     entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2013.603666][T19598]    SOFTIRQ-ON-R at:
[ 2013.607628][T19598]                     lock_acquire+0x120/0x360
[ 2013.613783][T19598]                     _raw_read_lock+0x36/0x50
[ 2013.619917][T19598]                     sixpack_write_wakeup+0x30/0x480
[ 2013.626666][T19598]                     tty_wakeup+0xbe/0x100
[ 2013.632546][T19598]                     tty_port_default_wakeup+0xa2/0xf0
[ 2013.639466][T19598]                     tty_ldisc_hangup+0xdd/0x4b0
[ 2013.645869][T19598]                     __tty_hangup+0x3df/0x650
[ 2013.652010][T19598]                     tty_ioctl+0x757/0xde0
[ 2013.657890][T19598]                     __se_sys_ioctl+0xf9/0x170
[ 2013.664112][T19598]                     do_syscall_64+0xfa/0x3b0
[ 2013.670251][T19598]                     entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2013.677773][T19598]    INITIAL USE at:
[ 2013.681650][T19598]                    lock_acquire+0x120/0x360
[ 2013.687698][T19598]                    _raw_write_lock_irq+0xa2/0xf0
[ 2013.694179][T19598]                    sixpack_close+0x2c/0x280
[ 2013.700235][T19598]                    tty_ldisc_kill+0xa3/0x1a0
[ 2013.706377][T19598]                    tty_ldisc_hangup+0x3a2/0x4b0
[ 2013.712801][T19598]                    __tty_hangup+0x3df/0x650
[ 2013.718875][T19598]                    tty_ioctl+0x757/0xde0
[ 2013.724672][T19598]                    __se_sys_ioctl+0xf9/0x170
[ 2013.730810][T19598]                    do_syscall_64+0xfa/0x3b0
[ 2013.736863][T19598]                    entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2013.744300][T19598]    INITIAL READ USE at:
[ 2013.748609][T19598]                         lock_acquire+0x120/0x360
[ 2013.755090][T19598]                         _raw_read_lock+0x36/0x50
[ 2013.761574][T19598]                         sixpack_write_wakeup+0x30/0x480
[ 2013.768679][T19598]                         tty_wakeup+0xbe/0x100
[ 2013.774904][T19598]                         tty_port_default_wakeup+0xa2/0xf0
[ 2013.782180][T19598]                         tty_ldisc_hangup+0xdd/0x4b0
[ 2013.788940][T19598]                         __tty_hangup+0x3df/0x650
[ 2013.795427][T19598]                         tty_ioctl+0x757/0xde0
[ 2013.801655][T19598]                         __se_sys_ioctl+0xf9/0x170
[ 2013.808226][T19598]                         do_syscall_64+0xfa/0x3b0
[ 2013.814715][T19598]                         entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2013.822608][T19598]  }
[ 2013.825128][T19598]  ... key      at: [<ffffffff8ead8098>] disc_data_lock+0x18/0x100
[ 2013.833008][T19598]  ... acquired at:
[ 2013.836797][T19598]    lock_acquire+0x120/0x360
[ 2013.841471][T19598]    _raw_read_lock+0x36/0x50
[ 2013.846139][T19598]    sixpack_write_wakeup+0x30/0x480
[ 2013.851411][T19598]    tty_wakeup+0xbe/0x100
[ 2013.855815][T19598]    tty_port_default_wakeup+0xa2/0xf0
[ 2013.861262][T19598]    serial8250_tx_chars+0x72e/0x970
[ 2013.866534][T19598]    __start_tx+0x33b/0x480
[ 2013.871023][T19598]    __uart_start+0x23f/0x440
[ 2013.875722][T19598]    uart_write+0x278/0xa40
[ 2013.880217][T19598]    sixpack_receive_buf+0x447/0x1450
[ 2013.885587][T19598]    tty_ldisc_receive_buf+0x119/0x160
[ 2013.891035][T19598]    tty_port_default_receive_buf+0x6e/0xa0
[ 2013.896914][T19598]    flush_to_ldisc+0x2c2/0x810
[ 2013.901747][T19598]    process_scheduled_works+0xadb/0x17a0
[ 2013.907464][T19598]    worker_thread+0x8a0/0xda0
[ 2013.912229][T19598]    kthread+0x711/0x8a0
[ 2013.916460][T19598]    ret_from_fork+0x3fc/0x770
[ 2013.921301][T19598]    ret_from_fork_asm+0x1a/0x30
[ 2013.926221][T19598] 
[ 2013.928530][T19598] 
[ 2013.928530][T19598] stack backtrace:
[ 2013.934410][T19598] CPU: 0 UID: 0 PID: 19598 Comm: kworker/u8:5 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) 
[ 2013.934426][T19598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 2013.934437][T19598] Workqueue: events_unbound flush_to_ldisc
[ 2013.934450][T19598] Call Trace:
[ 2013.934458][T19598]  <TASK>
[ 2013.934465][T19598]  dump_stack_lvl+0x189/0x250
[ 2013.934485][T19598]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 2013.934503][T19598]  ? __pfx__printk+0x10/0x10
[ 2013.934527][T19598]  validate_chain+0x1f05/0x2140
[ 2013.934553][T19598]  __lock_acquire+0xab9/0xd20
[ 2013.934569][T19598]  ? sixpack_write_wakeup+0x30/0x480
[ 2013.934588][T19598]  lock_acquire+0x120/0x360
[ 2013.934601][T19598]  ? sixpack_write_wakeup+0x30/0x480
[ 2013.934622][T19598]  ? ldsem_down_read_trylock+0x137/0x1a0
[ 2013.934636][T19598]  ? tty_ldisc_ref+0x1c/0x90
[ 2013.934653][T19598]  ? __pfx_ldsem_down_read_trylock+0x10/0x10
[ 2013.934677][T19598]  _raw_read_lock+0x36/0x50
[ 2013.934689][T19598]  ? sixpack_write_wakeup+0x30/0x480
[ 2013.934708][T19598]  sixpack_write_wakeup+0x30/0x480
[ 2013.934728][T19598]  ? __pfx_sixpack_write_wakeup+0x10/0x10
[ 2013.934747][T19598]  tty_wakeup+0xbe/0x100
[ 2013.934764][T19598]  tty_port_default_wakeup+0xa2/0xf0
[ 2013.934778][T19598]  serial8250_tx_chars+0x72e/0x970
[ 2013.934803][T19598]  __start_tx+0x33b/0x480
[ 2013.934815][T19598]  __uart_start+0x23f/0x440
[ 2013.934834][T19598]  uart_write+0x278/0xa40
[ 2013.934853][T19598]  sixpack_receive_buf+0x447/0x1450
[ 2013.934876][T19598]  ? ldsem_down_read_trylock+0x137/0x1a0
[ 2013.934891][T19598]  ? __pfx_ldsem_down_read_trylock+0x10/0x10
[ 2013.934908][T19598]  ? __pfx_sixpack_receive_buf+0x10/0x10
[ 2013.934927][T19598]  tty_ldisc_receive_buf+0x119/0x160
[ 2013.934940][T19598]  tty_port_default_receive_buf+0x6e/0xa0
[ 2013.934953][T19598]  flush_to_ldisc+0x2c2/0x810
[ 2013.934967][T19598]  ? process_scheduled_works+0x9ec/0x17a0
[ 2013.934984][T19598]  process_scheduled_works+0xadb/0x17a0
[ 2013.935009][T19598]  ? __pfx_process_scheduled_works+0x10/0x10
[ 2013.935030][T19598]  worker_thread+0x8a0/0xda0
[ 2013.935047][T19598]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 2013.935064][T19598]  ? __kthread_parkme+0x7b/0x200
[ 2013.935084][T19598]  kthread+0x711/0x8a0
[ 2013.935095][T19598]  ? __pfx_worker_thread+0x10/0x10
[ 2013.935111][T19598]  ? __pfx_kthread+0x10/0x10
[ 2013.935122][T19598]  ? _raw_spin_unlock_irq+0x23/0x50
[ 2013.935134][T19598]  ? lockdep_hardirqs_on+0x9c/0x150
[ 2013.935148][T19598]  ? __pfx_kthread+0x10/0x10
[ 2013.935159][T19598]  ret_from_fork+0x3fc/0x770
[ 2013.935174][T19598]  ? __pfx_ret_from_fork+0x10/0x10
[ 2013.935190][T19598]  ? __switch_to_asm+0x39/0x70
[ 2013.935200][T19598]  ? __switch_to_asm+0x33/0x70
[ 2013.935210][T19598]  ? __pfx_kthread+0x10/0x10
[ 2013.935221][T19598]  ret_from_fork_asm+0x1a/0x30
[ 2013.935237][T19598]  </TASK>
[ 2014.219210][T16945] usb 1-1: new high-speed USB device number 75 using dummy_hcd
[ 2014.246016][T29542] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 2014.330970][T27384] usb 7-1: Could not set interface, error -71
[ 2014.359194][T27384] usb 7-1: USB disconnect, device number 14
[ 2014.411691][T16945] usb 1-1: Using ep0 maxpacket: 8
[ 2014.422458][T16945] usb 1-1: config index 0 descriptor too short (expected 1821, got 853)
[ 2014.430846][T16945] usb 1-1: config 0 has an invalid interface number: 103 but max is 2
[ 2014.445622][T16945] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 2014.455808][T16945] usb 1-1: config 0 has 2 interfaces, different from the descriptor's value: 3
[ 2014.464801][T16945] usb 1-1: config 0 has no interface number 1
[ 2014.470902][T16945] usb 1-1: config 0 interface 103 altsetting 9 endpoint 0x7 has an invalid bInterval 0, changing to 7
[ 2014.481937][T16945] usb 1-1: config 0 interface 103 altsetting 9 endpoint 0xE has invalid maxpacket 1024, setting to 64
[ 2014.493069][T16945] usb 1-1: config 0 interface 103 altsetting 9 has a duplicate endpoint with address 0x8, skipping
[ 2014.504052][T16945] usb 1-1: config 0 interface 103 altsetting 9 has a duplicate endpoint with address 0x4, skipping
[ 2014.515910][T16945] usb 1-1: config 0 interface 103 has no altsetting 0
[ 2014.524648][T16945] usb 1-1: New USB device found, idVendor=04b4, idProduct=1002, bcdDevice=cd.b4
[ 2014.533922][T16945] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 2014.544118][T16945] usb 1-1: Product: syz
[ 2014.548295][T16945] usb 1-1: Manufacturer: syz
[ 2014.554285][T16945] usb 1-1: SerialNumber: syz
[ 2014.560640][T16945] usb 1-1: config 0 descriptor??
[ 2014.780213][T16945] videodev: could not get a free minor
[ 2014.785761][T16945] dsbr100 1-1:0.0: couldn't register video device
[ 2014.792546][T16945] dsbr100 1-1:0.0: probe with driver dsbr100 failed with error -23
[ 2014.802113][T16945] usb 1-1: USB disconnect, device number 75