last executing test programs:

7m13.969156279s ago: executing program 32 (id=14):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x8200, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f0000000140)={0x79, 0x0, 0x1})
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r4, 0xc008ae88, &(0x7f0000000040)=ANY=[@ANYBLOB="01000000000000e0710000"])

6m29.334229255s ago: executing program 33 (id=121):
sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x40800)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
mknod$loop(0x0, 0x0, 0x1)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
write$dsp(0xffffffffffffffff, &(0x7f00000001c0), 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYRES32=r0], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffeff, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0)
ioctl$SNDCTL_DSP_RESET(0xffffffffffffffff, 0x5000, 0x0)
r2 = getpid()
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x7d, &(0x7f00000000c0)={0x0, @in6={{0xa, 0x4e20, 0xfffffe01, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x3}}, 0x8, 0x8003, 0x5, 0x2, 0x4, 0x94}, &(0x7f00000001c0)=0x9c)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x5)
syz_clone(0x0, 0x0, 0xfffffe55, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xa)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000240))
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
userfaultfd(0x801)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
r4 = gettid()
r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
listen(r5, 0x0)
accept4$x25(r5, 0x0, 0x0, 0x80800)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r4}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f00000002c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)

6m25.295498883s ago: executing program 34 (id=135):
r0 = socket$inet6(0xa, 0x806, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c)
listen(r0, 0x3)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
connect$inet(r1, &(0x7f0000772000)={0x2, 0x4e23}, 0x10)
r2 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg(r2, &(0x7f0000001180), 0x0, 0x80d4)

6m25.247381997s ago: executing program 35 (id=134):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_socket_connect_nvme_tcp()
socket$inet6_udplite(0xa, 0x2, 0x88)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000040000000500000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB='\x00'/25], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
open(&(0x7f0000000180)='./file0\x00', 0x408040, 0xb2)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffe3, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_UIE_ON(r6, 0x7003)
ioctl$RTC_SET_TIME(r6, 0x4024700a, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x17, 0x0, 0x4f})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)

6m23.101046778s ago: executing program 36 (id=144):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x10000, &(0x7f0000000100)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
r4 = socket(0x1e, 0x4, 0x0)
r5 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r6 = dup3(r5, r4, 0x0)
recvmmsg$unix(r6, &(0x7f0000000980)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001700)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000005700)=[{&(0x7f0000003100)=""/4090, 0xffa}], 0x1}}, {{0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000001200)=""/213, 0xd5}], 0x1}}, {{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f0000000200)=""/114, 0x72}], 0x1}}], 0x4, 0x400021c0, 0x0)
ioctl$EVIOCGSND(r6, 0x8040451a, &(0x7f0000002080)=""/4096)
mknodat$loop(r3, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000040)='./bus\x00')
unlink(&(0x7f0000000180)='./bus\x00')

5m55.113945774s ago: executing program 5 (id=209):
syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa11000001"], 0x0)
syz_emit_ethernet(0x52, &(0x7f0000000100)=ANY=[@ANYBLOB="ffffffffffffaaaaaaaaaaaa86dd608a27f2f9fffffffe8000000000000000000000800000bbfe800000000000000000000000aa0000000e0000000080000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
socket$packet(0x11, 0x2, 0x300)
syz_io_uring_setup(0x10d, 0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x400, 0x0)
syz_emit_ethernet(0x4a, &(0x7f00000003c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x8, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fd7000/0x18000)=nil, &(0x7f0000005700)=[@text64={0x40, 0x0}], 0x1, 0x40, 0x0, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x17da, 0x10100, 0x0, 0x368}, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19)
write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c)

5m53.73532026s ago: executing program 5 (id=215):
socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, r2, 0x2)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_socket_connect_nvme_tcp()
socket$inet6_udplite(0xa, 0x2, 0x88)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000040000000500000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
open(&(0x7f0000000180)='./file0\x00', 0x408040, 0xb2)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffe3, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_UIE_ON(r6, 0x7003)
ioctl$RTC_SET_TIME(r6, 0x4024700a, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x17, 0x0, 0x4f})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)

5m52.74974672s ago: executing program 5 (id=216):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
close_range(0xffffffffffffffff, r3, 0x2)
syz_socket_connect_nvme_tcp()
socket$inet6_udplite(0xa, 0x2, 0x88)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
open(&(0x7f0000000180)='./file0\x00', 0x408040, 0xb2)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffe3, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r6}, 0x10)
r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_UIE_ON(r7, 0x7003)
ioctl$RTC_SET_TIME(r7, 0x4024700a, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x17, 0x0, 0x4f})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)

5m51.584994888s ago: executing program 5 (id=219):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
umount2(&(0x7f00000000c0)='./file0/file0\x00', 0x8)

5m51.430652672s ago: executing program 5 (id=221):
write$cgroup_devices(0xffffffffffffffff, 0x0, 0xffdd)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000e00)={0xffffffffffffffff, 0x8, 0x10}, 0xc)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000003"], 0x54}}, 0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x9)
ioctl$sock_netdev_private(r3, 0x8924, &(0x7f0000000000))

5m51.182173939s ago: executing program 5 (id=222):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x10000, &(0x7f0000000100)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
r4 = socket(0x1e, 0x4, 0x0)
r5 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r6 = dup3(r5, r4, 0x0)
recvmmsg$unix(r6, &(0x7f0000000980)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001700)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000005700)=[{&(0x7f0000003100)=""/4090, 0xffa}], 0x1}}, {{0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000001200)=""/213, 0xd5}], 0x1}}, {{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f0000000200)=""/114, 0x72}], 0x1}}], 0x4, 0x400021c0, 0x0)
ioctl$EVIOCGSND(r6, 0x8040451a, &(0x7f0000002080)=""/4096)
mknodat$loop(r3, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000040)='./bus\x00')
unlink(&(0x7f0000000180)='./bus\x00')

5m51.071822055s ago: executing program 37 (id=222):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x10000, &(0x7f0000000100)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
r4 = socket(0x1e, 0x4, 0x0)
r5 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10)
sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r6 = dup3(r5, r4, 0x0)
recvmmsg$unix(r6, &(0x7f0000000980)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001700)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000005700)=[{&(0x7f0000003100)=""/4090, 0xffa}], 0x1}}, {{0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000001200)=""/213, 0xd5}], 0x1}}, {{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f0000000200)=""/114, 0x72}], 0x1}}], 0x4, 0x400021c0, 0x0)
ioctl$EVIOCGSND(r6, 0x8040451a, &(0x7f0000002080)=""/4096)
mknodat$loop(r3, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000040)='./bus\x00')
unlink(&(0x7f0000000180)='./bus\x00')

5m24.496347016s ago: executing program 1 (id=223):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x10000, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
r4 = socket(0x1e, 0x4, 0x0)
r5 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r5, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, 0x0, 0x0)
sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
r6 = dup3(r5, r4, 0x0)
recvmmsg$unix(r6, &(0x7f0000000980)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000001700)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, &(0x7f0000005700)=[{&(0x7f0000003100)=""/4090, 0xffa}], 0x1}}, {{0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000001200)=""/213, 0xd5}], 0x1}}, {{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f0000000200)=""/114, 0x72}], 0x1}}], 0x4, 0x400021c0, 0x0)
ioctl$EVIOCGSND(r6, 0x8040451a, &(0x7f0000002080)=""/4096)
mknodat$loop(r3, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000040)='./bus\x00')
unlink(&(0x7f0000000180)='./bus\x00')

5m23.454895421s ago: executing program 1 (id=285):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x59, 0x77, 0xc, 0x40, 0x9c0, 0x203, 0xd332, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xfa, 0x10, 0xc9}}]}}]}}, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
syz_emit_ethernet(0x14, &(0x7f0000001500)={@local, @local, @void, {@generic={0x8863, "5aa772f37902"}}}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
accept4(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f00000002c0)=ANY=[@ANYBLOB="000101000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x51}, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000340)={0x34, &(0x7f0000000380)={0xfb492b52ef24f3a9, 0x3, 0x7b, "615f8ff0f0676980f1b743a944f707996f7d02b716c8ad82cd4a159ec754759fea6172be722a3e006a12faff0c1fdd6d89e576e2a5516acfb5bc597f89fdd6ed1c09a5de078ea9522749e6bef93279f071028f5808f71322ec29178cb6e9f12d0df60a40bb50d683e266c10cb0fda2f22846c173428630d4c9a3aa"}, 0x0, 0x0, 0x0, 0x0, 0x0})

5m18.750416298s ago: executing program 1 (id=297):
bind$unix(0xffffffffffffffff, 0x0, 0x0)
creat(&(0x7f0000000100)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006380)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, r1, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000041c0)="412e450a2a7b9586d1e6e9de257afc4fd60c8de430c0d6348b2cf1db8d070a539de9c1e91a178f9240dbcfe303566018f6c20c55d643a2ed46aaacf49ca491ee2f06184bdb548778a2c56e56f6b40b994419428bbbb9dfa5f9593511ca8ae1c088fb0ee5da72f505000000000000002c04754204f194ae6ceff4570d44496eeffe619998eafc7167d22e1c6aa73e89ad19224e35130a37cf68d5c41ccafe59b4b753a26e06c4306d31d78de6cede97c06e3ca2cc4af66b7548268efa91621ffca2655d2c8f1a9bb019b88fa729cb3d32f72c098c44898d42c42f39feb4faead93980726c236129acdf31c01f1cabb5ca3ec4e45eb5e6e59912792b4976e3f2b560c861d49b539d8e1870040a8cf190a8a767ec067a8048aac53336b44669d3d425843ae80681a7c02a5d5a3d90f355fd4a6ac277e75230d558f0df20cb323cc65e9b5a258cdd669c8a9534e4aff09a8fe89b124748c9e756c28789c2152a5142bc0bb205e339d43bb980b3f04a3c1a424a2a093966b20600a5410e0528fb35937c998eea19f01eaf2f39e16d85563a6737ddab3213ca1832f0afdf891e34a582f6a4ac81fda70ebc3fedac2fb3a492fdb40b91021e5d371d990064cd1f7c2c1a6472dec7505f9a4940057a3e57fd53aa3cd2eb914e073a19b6e925f8553e6875c093c7d19de25861fd9640f0eca4cda0467f12126daa2e0c6df7d4e4babe5a6e59e8391be7700790315b6b8a8aa74cd6d3f054aceaeda79430676b67fe25c9029e0894b413377fc4d8300d9f9338fadd07e4c80cac08113df8971a868458c47c06fff0c1c4bfd48ea583e9e76ef103d42c233b6de10b30612cdbeb6b60a6a4dbbe2da63cc2dd4fb93cac65af3c1279274f4af0e2c5b96e6068aa5b41f7548fb72b0c142351f64446db7425115b89132b5589ee642ebbde655adb2d7d1117456a6e4f2886879b42baf85e05d53e2aceea9c3830673bdc4d081675fe76b994651af9c3f16b7513834fce4654f84558a8308fa677d05bffcc893d9813bf87c5ec520cd66ad58dc06f0c47d253cd36dfec82980fc8dbdcd4b1c037c2b30bef455984f3e8ed19d69e185fe4fbdda2c2517ec9abfbb4841252e650b6bf56fdeca9a4ee3c311de3c6859ec14cc00e95323c57c02fa894d83ea17944f3112fc19a7e11335d7951ec6dd5b4f06fb9b637313a230341ea5da6a7a959e707d0cd5fca60a6649c8df8d6c17e9a49d230e5775df14e4b43aa3420bd0b8814ec7360ab1910e69fab8932f7646d7998bdc2e8ec354c52da21ed83fb7582cb9d37bb95f144974f72c7b0ae7b42945768fa8ec0dd6daba72d05809670506ef1054282201b00906c8af64e3e13a10f180688c96549b2d3d6b04403fd571e7b132891dd4b7cf37aec25ca1e9190c17aaefbc31e059915c12c232fb7097e9fa6f35fbb265c7102db62e2264590c583ea90f1aee3f166af81430d9084eb0c760ebbb16049c9fd1fee6ce33c8ac205e3ac9c275531feadfa4054e0c027c26beb009f54aa72b864d39bb11753f77931bb960276db33021c65671e57b3708bbf979be222e8439d71f58ca87cec7a054517af398a42735b580717377a54f139e2c46813cbb03d98e49c26f4ed54d75e48573cd06145f913f4e313eeee837496dfff75aa722fd8486c45f9c959da12ae48ba4a10712120a203e2476c7b96031d8f8773f68344e6fa21831287655aabbd594e9f272eb1a7315d2d79b8bcd5e63004cd106f80b1e40a5d9e428a01bc58264f4d63c2ee9db6efa70607a642aeb883bf4b9fe009d7f09c16b05a2c9b73573e9019e161ebbdc1fc9b9cd0c5fe1b57adcba2d0f3a767ad59aafa159b3dd181f0601ff95e8af8b5410e56c81ffb8ab35b1e04af35dabf69f08572e69260b72bfd502c5a0de627fd3fee44bf1d4a261bd356056c5739398e3ff161beec1240a089625daffbc61dc5e660c274565477a0ff1797fefff04a98704802ab0674ab72d400686229608cbfd2ca20f4e62495e8b09de9d180c47375bbad72f4474b67d56104b4b466192be60f7aa668fd0a4338b856f114311842ee806d6488ab09098ed9de0e21bcc8b42a5d5713d15eca108fcc7a65d6b414a112524a6e1418644508dd957147a92d4399d13faaf01cacef40549cd11900f9aa32a8333f55796ef25d33c554a308da9797cd0ac25888311b0ac88eff0be7a36ddedcfc2b095abb4d5a6a4edbbad67b70cdf60c7ed0c5e040ced90edb3322ef684332358942ede9191b431c99b3abf8f9c50206479f0ac118c0a99df61fb9c90d846f41caa6a2448fb7e15640965e051c2af4ee72a5cc7c962bacff7019615c10e6c3054e2e5792df3aa6e2c33425552148466a88568cc79b6edebf0107b7d3d24423a665d20c3a1c0f1a6b34eb475bf875912115914cfabcf394f8a096d64e5dc95705074fe5e985497dcf052b9f748b9d4688859c0200fa43719e4722ed6c064c0efa7e07beb2a26fd724b63537fa0eb506365d5c029cd8dce7dd0a1cb9d9058c061739734af6be9e880fe7e28a211a4c368a7babd1107110ecbb384b274cc092b9511c4abde2ddd863162e2739984a9f3c0a76e3c530a27d5e385f4a3b87607b2a944e09d28239661d27719e22c0a657ea383c30859ca29cdb8fbc79bc83e995dcb361743a7e195650c37e570b768a0a1f0b118fa5be9b3c838326343ec5b376d5ee040ee29dfd868cccf9cfa4591151f519cd6e2ae1453a58aa92f90ee5be11ceb8511ab743f399be0a190eeddfd112336866831c3255ef6520d88b2581ea3767f3df01a38d9b4656f2a89c5df41443291a795da45c8a846015cd041bea0dfbe648348b10ae73ce43d9017182792cd9172eee642c549a530cc1f537f9aa70ca63792ba4a86a713ae09b917136e5bf1506ad7f367d8d2f77f47a2318facd109bba9b1327b5db9e4aeffbdcf414db761eeacc227a15cd72aa52c8ede33bdbab9de9aa1e8f470a388013d07f08777e2131bbd4856ab5c1c38d03ef407197ccf24e8b2a8db69e78f9d6623033c453541bb79f9e0be9a55588e2e54fce65fb785467064a146c4bf218068b5e3efdafaf93a98253becaef226cd79468ff1bbe0c9d43877f5cbb5844fd8957f15d3ef208aac11816585cdccf039c36b429d3d7fb634054fd0f09c8abea3746a6b7379142abde26d998ac7e39b94746c60c09f86ddbd7497849d1ef839730672449f35a3c3253666e9fc053ac1c518e44e0b84555be507f7c00fa9e4864b4bf40ac3d93f12001eb780a779e655d0633803268c094ae161a0efd652003d6ac47f9a6c28d866b56233f371627b01e0fe9361dca611a28841968d4e12cb73d49ce08fe25de4a90b2d34607202b20e71f5e1eed38e17d0a2748f548cf61735f4c9cead1cb93b11929d906d65fc60f88e6919b7b5a1014e6d408bce9c8cc832eecf9147708fe451891717d2ed99dee70773feaa97985102abd3dd05c904c28898afe060621db6564887bc4afe158fbe1d819136a1ac1dc9d8674798a93daf5255460b50c34496205834c668db4c764e76ebb6cdaf5fc44b881cc2ae87b4a7cc045143f96b1620abfd0f116e673b335beefdafa1e58d9194e010cb78956044646da5ba853ce981667f2b8e5001c2df437c9d597ccd2be7d2887f5cb7aad0539abb3f9db1c8f5cd4d7d831946ba1c1aa8737c114fec1ac9a82519f57cb48c49b7f62e9eaa89f448df33fb307cd0036c70b490ac340f7d04e14f32bfeebb08a9d5bc7bbef8f231ea09311d4c82cc55c90eb53c6c003cc98a34dd3c4ec2d8b3a655a78e16e908f368733d0a02b36fe963e2d80b5e6f7b2e3aae3013c900c76e4d56e8348bef221f8a642e692c23b12520fb68c793e789eeeceb4efb2097a4d5952d144094cd7be6edc933d257f6230e962d70ba42e1b07ad9eca0ccd60d3d9a6e06b73ccf96a8aa490ed3bd58bf4d79db65355ae145b54be004e464f4dd23fb8b1bf15e13838116083da67186513652608e37c8f847b2bcafb57bcefc7efc8c8182c7d708cce5d14695b4e618e77f8e7be81f27a05e415fd37ac21507a665b2558daee5c0b0859fedfede8c03f181ef5e0ec0da6caa3edf402dd73bcb4026c489a7cca8ab700d3e9f050006c36768a16e8a48e48ed5750b8cdb7ad1fd12d4cc8333d324d6c83905303fa7013fc02553b587544affe38f1a95e0c4c39740d63b6d387fc89b30bd5fd745cb64844b13897ccf5cca135f7d39e03ce8adcda919d86b25b52764b0a0c4f07f88df68868415de13863df84a7e8d355b09cf90e482eb4174fd01f1b371a4dc52f3c89fc3a70c71657aa5d7573ef9acf4d2b0b321c41ff2640515bb43637ba2288ca0bff2e2a3a998ad8294c52f9edfe0a4ee0a3f8ed5b4b5c43319bb9c58dd07ea3237d7bb62cb086e7ea4a81cba2cdeb28794a09c275a704963110b64720bd089e3737ee1a91e348b5e97b63e1724de1fa9f49961d653bbb47b6fa993b035cf59659bcd0306180645162568abf51127845cbe6e37cc3c19b9d69657db4258fa5e8428a73eff6506bff474c2e302ad5559ac8de44c6f0baba5e2e579e7d7f9d9ebf540674432ac11d92bfc9abdc24126888b533f43bd6f293b0bc315915743114a35308a0ee2e710522137918a2b09ddbbc7a2313a2a6b85a1ad26f14dd70072651c8300ddf6de29704b716ce1bc431c66ccc96731f46359a9f6850976c96dcb5e0ee47446f50b6b3ba90d45224066e123ad3854d877c0cdd9325000ac0d6813c30cd43d3e150335601724ca3666458dc4c04f6562296982353e155d5255c9008c0b46d21a678c8fcb3aa8d6574476e0458eb0a76a6cb50f929ed218cc4654cb4f95fb3afbc2548b74acc312563375a19e55d488599488dfed4dd31b39f29ad61dad343dfca3b45b316a34e7a7bebd2b0f562a9e69848d13fc80a4fa52d0f17bd15d9e1fd39a7dcc86128d14493805d105a745673bddea68ca74ac09d95cc7412d5be2cbd0a247a81dc9e148111e22cdf3375805469226ca3538f960a6ba6aa0eeeb87c784ffb1bfc09180a61be3c7c535fc6d593c3b3f4de21b8c3eccc9021e80fb07dce0aeb3b023bd55f24356f646791ba80e5ca21ac092a069ae0a22cfefc08c23cc7aa69b570bd17cce9de15871d363f167288f99f04761caa67f12c949466493f661d39ee4280c955446ff5a9bb14f2d1ae21cdb91a5868e0c52097cf380f571935b140562922763f1b79c3709b949c57a00b08828ce9e685f6b234b5fe3c62d9feb249ce75e81f5efd556c14d5da24dc0554723fdbe52659969a39f470e82c50c4777c908628436e31177af1125d5f70ff627462247e5bc20c47ef75f369174586d43d42f7eefdd47fefa745badebca2a881ccc018ea411cc8a7a0881422bee8704bb98e6bea9fbec63441fb45d7ccfd436909b57a2b60b788e15bda3ca7663b19bd84d0879deb639f10def9a99d42a4b9a4fd7fecbf6d2e7598678307ba9a5b6f143c27cf1ca41e3c904007bb762cd5df6e63c4cf422c2ba959e53bd8e5664cf5df6a91a4bc8cebc52b22f30060fcbc5ead53d38eabd160c1da4cab8aa95c3640ffd78074aa2cbb05cb8ea90a0c95a4a1b2be1ee94f238000f1faffa069d87039f13f5f84ff368aec5a0b10020232b9fc954a6c22573ef48459e574d48a4845837e1d6ef386738ccedd093d4d5bf3a3f790c875ba7449d03397642feb71100f2c25ab2cadf0b0802544a2095a51b19cdece623b17d420b173a99c081f8e229b6de3c680d6bb39bb98b479517d77cca581b81cf856753a44ebd64cff111fb8ca37ea45d217a3fca44a083e6c35b0fed9f8f7631178d15e88f86c85f1ce68c900afdd1f7e5b8bd4ef3f58c447b77d3befc49180df7a5eb2ae8ae33b4ef573f3a425da8a60cde84d8eeae6d6399b9fbbfa0fa8d448b25c7f79b7554d0b02b0decbc74ae8560f630af596313fb33d442a410061ace0aa7a440d5e31ca8bb2cc495c4f0b672edb011b0c5f16781836df7f4af8329143d5a1a99d7b18ef9f774c4199d635848cedebac82637a03a189c65bf667503737c75b6639ac65ad424ca475285437e6f19830b36549f607ffc387c8b11a34a838159376a6335afaa045bd2bb04e279dd72436331d07dfbd72e2436b27f0df23a266fd15cf56d1a9e93aaac8901cfe49a3219ae36c5c65c75e5c708fb82cac4d6a50726509ec3a7d32d54cf584ae353a5bff75a6de77a0b240cf8a0a72817c9d37699ca89c96e0e0d96a7665ac3a7d1febca1a1d79e2cbde8025c271360e2f90048b2d9fd56f45c013e001dad4b7785be69dc01f8a954ef7a84455986fc5c9d5167d91808efdb4476ed79f99563d887cfd4e99809d9e388501dea228cbb3cf3770082dc566455251fd9c2c742963c33500618c6ec99e0bef007408a0462a081237be4c6e5db0258d4be5fc9cf63fd1ace1f4166c053b0fb84fe24917da1255cf40bbb1b45644f6a7699cf802a35a932c374b1d62013e6afca3787627469994c02f622ab877ed5491fc2a89eea60e4e1628da89e3ad600ff6442e4ebf20e47304176b6a1703c094b3cf6d7fbbddd8d8fa5a00f28b4d8f43d88487e9d4531071512f2027198714a8d1cef126775547fc74f2a35840510f325e50361be76557767560055e084f2ecaefa0dd8ca8215301a7a887d2eaddaeb1f5c3dfdbd2cc1ba5f02d4426b98c0f861c5f724405758f442560ea6cd1d953456cc4aac6642ad61c03dbaffc2364d8ec2ef9f483c70355139d1fbd9617ab3c7eedf0b8963c1cfdab769180db43c416a90d9fdf3fd0eb2f81187642b4e2a09d6462d27527fdfda31f7b262501749dcfc6c184983f9923424131d05cc811cacf5c2c87e8e6f135349e68cde0e8997bf1dde248e5124d5dca2681abdbe58d327a8edd585821f03fdd4515728f1336495ba25c9bba56a3f706d60c35cbd0b40d0ac0583a981f9af08510ed8ed0a726e5472f8995af3837fbf1e89587633d2ef944868a153919165778e963710872af12faf96c0919c638e5affa97104471ba6e178d27602f96b9546ebe52190d91be245be08742b96389080676a566d3229e593e4f56a76ae4c58113c6adc1088703b1b92dafe32a5600e14ac1e71df829dfef425911f16a2b91f693599ecabf93065c6c4f5fefca8d4ed095599113529f65d9120d5252f577af95b404979508c343df54e4d239720e7d3a861f1dcabfa69e12d655c8a026c10a4df279b139fd222e561d205ac9b45c1054f8699eca594fb23886e0de565186597766dd5e40f74a423d5708dac254f4172f1089270988fb18715813f13ee4d131b64dd517c7e77f27f804b229f5339ac2f483b14739ac33a9645044d3010bd77ed18fb117f7b11bb51c4ed683b59e28bf25a58f123dfbeb1f0f21f03d9b57d8e61d59b311037a5b757b03ca5c95e0eb73922c6918530c99de4d6733640f2b8d13bebce31d4f5e27aab201101e48cde23a0d7e87b9511949d812e3187ee5ff11bc5858c022ed7b00790eba32f9ef7e134ce5f73a01269ca971b40e62133eca9d596a768686d6390b2c74602f6dc597faec3ed9d9658102d99c9624c1a97d00d63853578afaccc7e30a77fe054ebc23eec45f608f996fd015cd6bd50a111360f0790eff6ffb1ea59d13c8e29480bd96217188f97e53a1f5d9eae0a2badb4fea52f2bb4f8cb04d0afd99e7371a978a7d7ef473f77ea6738ff84af655313a12db24cff692ec7e282245ae9a42338db814593448f7115df3dc3f4e2faa2c2fdbd68f679d6aba01a15031347bb17d8bf8f1fad0ecf365e9dcd32e69803c5c05f4b47adbf8a21af7e9fb327f267df1c914486389a9820edf0a03bde6ef388c255761e439b2f7e1f9c1c3c95bd30c502197ab37f76b52f0d0675f366e919be19329853767bba34a540fb75bcdcc9596a4cda254a660e11bed5af9d8646ac4b7d6d7aa5d7c0005879b6d08058a56c3d3a4d3d401b883153fa7f2f6a6d34dd010f6b9e7b4e457b9ff5a5802d7723abb35f9dca0afc10f6791824dbe0a7725d534e7753445b7268d90145b6438b93fc475f44d5d678d79da6c5770f3a9106f3cffbabe4b88cbe7eda9b8a495be4f6717b0fbee6fec78c86031b6d878d47e357b2089de3e6dd19a265552553d1f7da53884ef84d0eebe782791c48a9c68a28d8ea3bb70c922b01dc20b2cd05cfb276e326651398f766f5faaea54a41da597cf6b50f3d5ebc634185b99069126b8d935c6bc42c47f2109de42091ef4ade3d87cc44aeb78709255501e64f34ac2d4b2725cf7777315f8ca9424bc9d61a896a93500faa6cf5a5aee1fb888e17b47a38a667be2ffa3bae46afa88bfd8b5b6e1186d6e41b9a4e490591043372c23f36fb48d80caff74cc349adc92bb25f701738c809ccf74c47afa193795ee67bc58ea7fd85542fa7e70218490fff212163401cfde016df2f42496bae403d5391e53fe200f758bbcdead0fe72c77861889b9632a257229c35bdfe8fa78375b4f5c768b9c60cafbde1f00aff6ca1879f6472f28001f5f13d4d9d6c3a90e04d8df09873550daa8262d39efbe96a79c697fbcc9a7f27c9f6d782d5d5f6d024b291376e9cc40d902f809072e1f0f2c2ab88ce3d074e88461f5971853e7be749943ab6e25e25e8afa5042dd73407f49b50841c7782c54eece62ec2beef1f16caf1ca5989427bd2726ca0fee33e303702e9892e4382e92c3f3a03a6188f39762db81819c7e12b424be8fd964dcdbfbac00139e8c5a6200506f13f484ac34ef3d26e7cadd53cf402117419c1618205bfa5382486094bd55448f2b1aa4dbec2289189b601b1bbf5792b2a641c6f5dd19cf24abc72fc5264cf11f6b44a4929267a02cd1de1b602b9de65a6c06640aa0f76109baa90d66eeb17295b1711365b7d6835a2dd55b7fe868c59453613240643c847a5b48d27897a58dda63e579c1bba58350550e147b190f0a2c9a5ce719d627ce3302028b4b6801bbfa8cd74874ffba35817c0eca034d19210950796807125fe6065dcd47d7c870ed2db5c00cff235e4154e2d89ec2a09a87551f9b7ca25d519b5603c0c33d2cf72878199ffab567fc5e093529b89d1163587f3564ba8291d2d96cf9762e7f568e786ea90849f6312c1a10f45d61600cd45c48e6870a7d76c913f9c4497374fc04401cbd11f7710740148234fe8f041f24d0278fcfd48846e6aa49f05016fc332dc5d46b4a26574fed5c0751cebb9f7ab4cdbc1ee011d82d6ef95c52c9df8eedac3ab5cf30805f23d88d4f707601f8e6c606b58f2fe234e948d6756d430a5c4ec76a33874886c8fb484059b47a9bd198a61a1896419288a9e81d0969dec778a53e8233f0f63bd0134e5f29825e7817e7c8ccb7d9acd8f86ac9d3af78c43df3036d7934dd294f2bb12063bee52c547d27a218145befb0ca96cbfaabd39fa245b51c39f4cd4cf8db105f9dc46a7aaa8f7d06fa208120ce1ac49326179618fa2c8596c44e174eb7a141056b1d17689c10dee089c8b0867b8a757ae12251bbd68db5fba2be341275fb6ee379309f5cde9b31242b0b2bac44da74776fac141936bd96e3177161f057c820a8c22cca8cce29b158eb55aed0260253fbee70a6dd281d9fca23e0b0a38d46c76a95e1262f1cafcf0fc37b52e649a1ba1e2c0f97d10bbf4d2b5632cf340bce56736071d5885ec9b4e17910744d3e63e2ca6deb21e43fc21e89c6865d3ad424ef4a14efe8843ff3168c99ee395400dcc8755719d290c567c95a5e7d28ec1190ceee240084d444265cc801cd960f69b368359bbf06b8a4ec23b47c7bf9d4b16c701a1c4fb9e81abb55bf49d450b566ce03de939fc6f5c51291380086f8c995cdd4fa15a325601c4846a69f15c77f55c900270bc9ea5f406480cb0e3e89bc869fe8b7cec4fbef7e76283d50c25ab1b4d34d093a7df062990a925a9c44aa2661abd7d381a4d6cdb64821ef624dd51b72e99af914bca2f80c25b82ac6945df7c7582e6d0ce2cd073e35f1fc120a68ba210410db64592a9aa319b30f2b818c495750e1cea0610e27d52be31e52e501a3bd51b501bc51c2ec8592f679b6e55b9aa58d513fd2bebadc83ba76eb45e5676f130193e9a666b8c8132c9f5141681fbab324b555c5c890d488ac2dd00feead0a20fbd8a46391438e3193edc6fb89161cd864fca98f4f39a2893c933dcd13bc8c5d5a548d24862e8161c0fad7f33aca8c86791d620815fe3f0daddb5defd933d0c10097a7a98e67625420b6c0db7c3e17ab07ea64e6f0f53fdc670799e06a2e3a871d6be363a2639e35339361311e0f528cc433eacea4f79bf217108c7b1d657840253ffdea18bdd1f93cdee63e7a9b8dbcb4ee06162b253e09ea0641f2771bd9823dd210905e9ea495f43194bb471cdeb690e8890b03b50835d53dde1b572dd123ccc8507bb57a45e46c0efb8fb3d5596bddf9782d86dd911636eae2cf64b5829cf8893faf789be3fa22859accf688f5b5da6c29cacc96d477e23b63cc934f685b6e42e1655c9a9b94d6d78402de22b8d9776e3915391aa258e57467d770d65480ba2f6a94b0337965a8c659c42b4e90b14da4697d0c0a6d74774c94c52d8ecb694eee747bdaa6c3a6d60739db18c6446090eebba72e62ab88b0e8b88e728ba8cb133d8524eda89a2bff1c8414da3edfa6f83788331c8a7e5a8af2dd3682d4752190a3c689949abdad8350111373e7fb46151f54a10f79d91940e37efb05f9f157bddcfacf018b65a38ab614807c34a2786af4a1d48c4d1c1abd31815715f9d1b103992207fc664f12c82fd923c57d8e7cfb9f4af55182318d055c704865cf484206d60e34cf7fe9b6ce60b1772c5c7cdacb6695227d80da18ec1f98a434b1aaf9c6b6d082f5663aed2bf267e559dca6b93d3ce34273846fc677f529690482df0a8f782b8ad7269f344f5f2b4d320a7ce2d2fa02284f8db634dc930c3e2b9a629245364acf35d41e9a14c88efde4e742ef1ea4b43d0caf2e70d4a617278823e6403934524debbd933e7676e441a48f630dc8bcccd55d9032d6bf3dea97d1669c39fb865b0e619eeb3f5461e517000f5aee3ef2abdb87d3a76b88e140eb4644a9fbddbdc9e20972cdfacf00bffa3a1ca5f84122c2ebc54067cdaa23967eaeb7bbbfe44e5843382b834fae1f62a066688595e4ee67c7ff9858672355abf7893ebeb4bcf88a62b2237c6e6cec9aebe3f28bfc310ced3a590e88d4bd0f53289206deb9addbf6f3c02115ce4980dadfc112683ae250c2d438fd9c0f2a090dbf122a0072828db798bdb868dcd47384dd3f5eeebc0307a5b268683cd51f312e8f02b5a7746b11a97ac43287d9b9765f03c720503cfe6e0117660a4c00d67895224c4d42b032000a10d7a743054758a8f54941fd5eaf72498b678d1579b3de4e5518f90f1e3d32517d09d7f5da9d180215e66218e9dd64036819cf12638ce82712a6cc79a9ddb36e86814b797d72c2bc58b18ba439e99965f745b4fb7de2878e3186e3e7b835c746b0935f6c67e92e3770bd8d5eb4f66d8175ceb7850e418c55e574db891639aa77fc62bc45dcb734681ede8484d4d4109a9adb8c3d00", 0x2000, &(0x7f0000000e40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000500)={0x20, 0x0, 0x0, {0x0, 0x9}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c01, 0x0)
io_setup(0x202, &(0x7f0000000200)=<r3=>0x0)
io_submit(r3, 0x2, &(0x7f0000000780)=[&(0x7f0000000440)={0xfffffffe, 0x20011004, 0x4, 0x1, 0x0, r2, &(0x7f00000000c0)='!', 0xb7f40}])
r4 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x11, r4, 0x0)
dup3(r2, r0, 0x0)

5m17.332859264s ago: executing program 1 (id=302):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
umount2(&(0x7f00000000c0)='./file0/file0\x00', 0x8)

5m16.42537962s ago: executing program 1 (id=305):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = io_uring_setup(0xaab, &(0x7f0000000340)={0x0, 0x40000001})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000040)=0x7)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000a00)={'wlan0\x00'})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(0x0, r7)
sendmsg$NL80211_CMD_RADAR_DETECT(r7, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002040)={&(0x7f0000002000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="010029bd7000ffdbdf255e000000", @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x20000800)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r9=>0xffffffffffffffff, <r10=>0xffffffffffffffff})
connect$unix(r9, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r10, &(0x7f0000000000), 0x651, 0x0)
kcmp$KCMP_EPOLL_TFD(r5, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x0)
recvmmsg(r9, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r11 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write(r11, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
r12 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r12, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x40, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, &(0x7f0000000100)="3e0f017d0066ba4000b8e3000000ef0f017e00f30fb65ffd0fc75b9f0f20d835080000000f22d8c4e3a90c6925fac4c1637db2dbcf4a72d9ea0f01c8", 0x3c}], 0x1, 0x0, 0x0, 0x0)

5m16.058037534s ago: executing program 1 (id=307):
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x20)
mmap$dsp(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x100000f, 0x11, r0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x800000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$packet(0x11, 0x2, 0x300)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
utimes(0x0, &(0x7f00000002c0)={{0x0, 0x2710}, {0x77359400}})
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r2)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$ETHTOOL_MSG_RINGS_SET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="09db00004bde829e9b7bfca8846e37a749710539804ebe48bbdf8501d0d958216a0414ca43ece2d917dc4628a3c55c91794fe3240e4acbb3554002db380da0cdd9bd8a4c7de6152eea4de2a63ea98b3afac7e826339fd0dc8b1c819cee00"/104, @ANYRES16=r4, @ANYBLOB="00022abd7000fbdbdf251000000008000900000100000800090000000000080009000b000000"], 0x2c}}, 0x80)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000040)=0x91, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000240), 0x48040, 0x0)
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
listen(r5, 0x0)
io_uring_setup(0x177f, &(0x7f0000000140)={0x0, 0x0, 0x800})
socket(0x2b, 0x1, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4)

5m14.917880627s ago: executing program 38 (id=307):
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000000)=0x20)
mmap$dsp(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x100000f, 0x11, r0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x800000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$packet(0x11, 0x2, 0x300)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
utimes(0x0, &(0x7f00000002c0)={{0x0, 0x2710}, {0x77359400}})
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), r2)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$ETHTOOL_MSG_RINGS_SET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=ANY=[@ANYBLOB="09db00004bde829e9b7bfca8846e37a749710539804ebe48bbdf8501d0d958216a0414ca43ece2d917dc4628a3c55c91794fe3240e4acbb3554002db380da0cdd9bd8a4c7de6152eea4de2a63ea98b3afac7e826339fd0dc8b1c819cee00"/104, @ANYRES16=r4, @ANYBLOB="00022abd7000fbdbdf251000000008000900000100000800090000000000080009000b000000"], 0x2c}}, 0x80)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000040)=0x91, 0x4)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$hwrng(0xffffffffffffff9c, &(0x7f0000000240), 0x48040, 0x0)
mlock(&(0x7f0000ff9000/0x4000)=nil, 0x4000)
mremap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
listen(r5, 0x0)
io_uring_setup(0x177f, &(0x7f0000000140)={0x0, 0x0, 0x800})
socket(0x2b, 0x1, 0x1)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f00000000c0)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340), 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0xe1}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
r6 = getpid()
sched_setscheduler(r6, 0x2, &(0x7f0000000200)=0x4)

5m12.49635164s ago: executing program 9 (id=313):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(0x0, &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
umount2(&(0x7f00000000c0)='./file0/file0\x00', 0x8)

5m11.608752692s ago: executing program 9 (id=316):
write$cgroup_devices(0xffffffffffffffff, 0x0, 0xffdd)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000e00)={0xffffffffffffffff, 0x8, 0x10}, 0xc)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000003"], 0x54}}, 0x0)
r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0x9)
ioctl$sock_netdev_private(r3, 0x8924, &(0x7f0000000000))

5m8.17630311s ago: executing program 9 (id=324):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000000e00)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000180)="ae1d4b178f10911a2dab191193b809cf9294262aa07902937575ee00b79dde347c0e6b2970ac6c8aa4d76a09fbd96643ee0877b3d0badfdcef5d45ff3c02cbf632464c24039086f74548ccae132a1bafbfef8cc1860c4aad820da4977e44f7b489cfccac766c51391bfcdb9f5510c7770582516cb7d41772001624e5905bba54f08547a4485b5a2a98b5f5c690d0a825161e3d7e4b39365b43b2701c68b167bbdce33c013a9b89c9a7b823ec5ecd432f12dc063ddaa7431a3385e29d0c7ac17389308b450e1d06ab9388183e9828783f6a23183986257098262af4ba197ca5e4499ec85fd8c1f1c7a122ff", 0xeb}, {&(0x7f00000002c0)="7f2f58967d9a6924bf6fed7467470b436ce6b9060056d5096e3c4efeec82e9e3e6446a274bca12243a4965600d3e1843baccebbad5e427aeaff4e1431a4569bfdc0a70ca0e6c7bbd4dbaaae3af04662d606b229f3d36a44238f6711f", 0x5c}, {&(0x7f0000000340)="853fb58bbfe8dd0cc89d43d5d23b1300ed7e35f003657088996f21190dcb6b3f58c4056eeda3ad7e97ab52e04a101c55ad140ed006cb1a657170168fef29b9d66a7d877d1c71536b486b0ef40e14b84a970df872b1bee0e7", 0x58}, {&(0x7f00000003c0)="e9623a2564f0dca65929e3dcaf93431db8a9e128b420d32a401394714e0352e456d446ac080b638c9d63fa92e935cebeb2273e06064c044da5b383b4a6222d0d6afb6612404566faeee57d678a63a91eea4242f87342c64a95ebfdc6ad6b0a72feab53b2d53d805f90cc578b2bafbdcfd62f2ef4861b76e32272e8c799fdffd209b1c8fc26d842bd31482458ef705a7ff7f14faa90a193977eb376443d524cbb7ec9c6b73d441c57d69e2389a1fed974289ad4ce97d971edd3d7d678ee9de3caeeefe4cfcb09bc11ca162e06e98a2ce596070d83081e8d4014d917145aeb224f2a4a530cf5bbf1021647b99cd5", 0xed}, {&(0x7f00000004c0)="73d4ee65bba261afcec94075e4f13fb157c1bc27e26547cde7ff7244ed31797dfb8df9b8695ca5667526d5594901cd5e", 0x30}, {&(0x7f0000000100)="cfc4a70042dd2be7b7", 0x9}], 0x6}}, {{0x0, 0x0, &(0x7f0000000c80)}}], 0x2, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0xdfa, 0x4)
r1 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff)
write$binfmt_script(r1, &(0x7f0000000940)={'#! ', './file0', [{0x20, '()$'}, {0x20, 'devlink\x00'}], 0xa, "87f06113ebfa265faaae2ce8693c453dd323860d5fc88317d7e13f728be3920ff1395ab6f9d98333ff39d249b200d2a2d2462e7a7d92db38044ab42089dc4375d3617119e8a0be0c01c5f4d838fc35c7929fc842e4b652c5dc30d32439bb9aa575bf83f74beb31bde11f81124f73680f1fc8464bcc5cb2aa589cb051d04bdd2b3461220a160acd398989d1a59803b7283f80f15c641269c1a703beb275ea03aa33cf1f85d59d31a2540594e4fc4d2930456edc5fd04c14e8555b9407b6fb914316f0976eb9c7e9da65d05886c0ad3427959bade8a1dcd72eefe78e5b9efbffaa553924f1b1ed912893bf691fd4a64d97003b48410eb4"}, 0x10e)
r2 = getpid()
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RELOAD(r3, &(0x7f0000000100)={0x0, 0x4100, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r4, 0x1, 0x0, 0x0, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r2}}]}, 0x3c}}, 0x0)
sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b", 0x44, 0x11, 0x0, 0x0)

5m5.455371743s ago: executing program 9 (id=327):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, 0x0, 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
umount2(&(0x7f00000000c0)='./file0/file0\x00', 0x8)

5m3.88224668s ago: executing program 9 (id=331):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f0000001400)={{0x80}, 'port1\x00', 0xe3, 0x1b1c07})
openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/mdstat\x00', 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000600)=@security={'security\x00', 0x44, 0x4, 0x3c0, 0xffffffff, 0x0, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x2f0, 0x2f0, 0x2f0, 0xffffffff, 0x6, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @remote}, @empty, [], [], 'nr0\x00', 'nr0\x00'}, 0x203, 0xe0, 0x108, 0x8502, {0x700}, [@common=@unspec=@quota={{0x38}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x0, 0x3}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x4}}}, {{@ipv6={@local, @mcast1, [], [], 'ip6erspan0\x00', 'veth1_macvtap\x00'}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@ah={{0x30}}]}, @common=@unspec=@CLASSIFY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x420)
readv(r0, &(0x7f0000000080)=[{&(0x7f0000002600)=""/46, 0x2e}], 0x1)
close_range(r0, r0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
r6 = syz_open_dev$vivid(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_QUERYCTRL(r6, 0xc0445624, &(0x7f0000000200)={0x40, 0x4, "f6bdc12abad991705f3e04209420ec1a152c5c5e74ed6f76451c9930b12c11fd", 0x4, 0x8, 0x1, 0x3, 0x82})
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7})
ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000280)=0x1)
syz_open_dev$ttys(0xc, 0x2, 0x0)

4m53.686030635s ago: executing program 9 (id=347):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/mdstat\x00', 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000600)=@security={'security\x00', 0x44, 0x4, 0x3c0, 0xffffffff, 0x0, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x2f0, 0x2f0, 0x2f0, 0xffffffff, 0x6, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @remote}, @empty, [], [], 'nr0\x00', 'nr0\x00'}, 0x203, 0xe0, 0x108, 0x8502, {0x700}, [@common=@unspec=@quota={{0x38}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x0, 0x3}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x4}}}, {{@ipv6={@local, @mcast1, [], [], 'ip6erspan0\x00', 'veth1_macvtap\x00'}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@ah={{0x30}}]}, @common=@unspec=@CLASSIFY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x420)
readv(r0, &(0x7f0000000080)=[{&(0x7f0000002600)=""/46, 0x2e}], 0x1)
close_range(r0, r0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
r6 = syz_open_dev$vivid(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_QUERYCTRL(r6, 0xc0445624, &(0x7f0000000200)={0x40, 0x4, "f6bdc12abad991705f3e04209420ec1a152c5c5e74ed6f76451c9930b12c11fd", 0x4, 0x8, 0x1, 0x3, 0x82})
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7})
ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000280)=0x1)
syz_open_dev$ttys(0xc, 0x2, 0x0)

4m53.235580105s ago: executing program 39 (id=347):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x60240)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/mdstat\x00', 0x0, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000600)=@security={'security\x00', 0x44, 0x4, 0x3c0, 0xffffffff, 0x0, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x2f0, 0x2f0, 0x2f0, 0xffffffff, 0x6, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @remote}, @empty, [], [], 'nr0\x00', 'nr0\x00'}, 0x203, 0xe0, 0x108, 0x8502, {0x700}, [@common=@unspec=@quota={{0x38}}]}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x0, 0x3}}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x4}}}, {{@ipv6={@local, @mcast1, [], [], 'ip6erspan0\x00', 'veth1_macvtap\x00'}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@ah={{0x30}}]}, @common=@unspec=@CLASSIFY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x420)
readv(r0, &(0x7f0000000080)=[{&(0x7f0000002600)=""/46, 0x2e}], 0x1)
close_range(r0, r0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0)
r5 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
r6 = syz_open_dev$vivid(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_QUERYCTRL(r6, 0xc0445624, &(0x7f0000000200)={0x40, 0x4, "f6bdc12abad991705f3e04209420ec1a152c5c5e74ed6f76451c9930b12c11fd", 0x4, 0x8, 0x1, 0x3, 0x82})
ioctl$vim2m_VIDIOC_REQBUFS(r5, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7})
ioctl$vim2m_VIDIOC_STREAMOFF(r5, 0x40045612, &(0x7f0000000280)=0x1)
syz_open_dev$ttys(0xc, 0x2, 0x0)

3m49.661323271s ago: executing program 0 (id=497):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
accept4$packet(0xffffffffffffffff, 0x0, 0x0, 0x80000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan1\x00'})
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000018c0), 0xe0c81)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f00000000c0)={0x0, 0x0, 0x0, 'queue0\x00'})
write$sndseq(r5, &(0x7f00000001c0)=[{0x0, 0xe1, 0x0, 0x0, @time={0x0, 0x1}, {}, {}, @result}], 0x1c)
write$sndseq(r5, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x48, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}, @IPSET_ATTR_REVISION={0x5}]}, 0x48}}, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nfc(&(0x7f0000000240), 0xffffffffffffffff)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r6)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000180)=<r8=>0x0)
sendmsg$NFC_CMD_FW_DOWNLOAD(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x24, r7, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@NFC_ATTR_FIRMWARE_NAME={0x5, 0x14, '\x00'}, @NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r8}]}, 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x40000)

3m48.632585569s ago: executing program 0 (id=500):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
r4 = socket$kcm(0x10, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x89f1, &(0x7f0000000000)={'tunl0\x00', &(0x7f0000000040)=@ethtool_cmd={0x2e, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000045}})
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
connect$unix(r2, 0x0, 0x0)
r5 = creat(&(0x7f00000000c0)='./file0\x00', 0xc9028ba210c11f88)
dup2(r5, r5)
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1a0000000400010000000000010000000000", @ANYBLOB='\x00'/19, @ANYRES32=0x0, @ANYRES32], 0x50)
r6 = creat(&(0x7f00000000c0)='./file0\x00', 0x15)
mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040)='befs\x00', 0x8400, 0x0)
openat$ttyS3(0xffffff9c, &(0x7f0000000500), 0x84140, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
fchownat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0, 0x400)
statx(r5, &(0x7f00000005c0)='./file0\x00', 0x6000, 0x4, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0})
lsetxattr$system_posix_acl(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='system.posix_acl_access\x00', &(0x7f0000000540)=ANY=[@ANYBLOB="02000000010002000000000002000600517c5411b514481b7290e2d0fe3cd9d42acad7e4bc739b02658cd950aded13dee0f42239", @ANYRES64=r6, @ANYBLOB="040002000000000008000500", @ANYRES32=0x0, @ANYRES64=r5, @ANYRES32=r8, @ANYBLOB="100005000000000020000d0000000000"], 0x3c, 0x2)
sendmsg$IPSET_CMD_DESTROY(r5, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2c000000030601010000000000000000050000090500010007000000050001000700000c4a49af0007000000"], 0x2c}}, 0x4c040)
getsockopt(r7, 0x0, 0x2, 0x0, &(0x7f00000000c0))
bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="462f99547e39b548feb4c9c7eda2cd17e8c203a08f8e7bf587ffcf180f5d51a7a99597090000009af7"], 0x50)
openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000200), 0x1, 0x0)
pread64(r0, &(0x7f0000000180)=""/81, 0x51, 0x0)

3m47.028894765s ago: executing program 0 (id=505):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = io_uring_setup(0xaab, &(0x7f0000000340)={0x0, 0x40000001})
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000040)=0x7)
r6 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000a00)={'wlan0\x00'})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl80211(0x0, r7)
sendmsg$NL80211_CMD_RADAR_DETECT(r7, &(0x7f0000002080)={0x0, 0x0, &(0x7f0000002040)={&(0x7f0000002000)=ANY=[@ANYBLOB="1c00", @ANYRES16=r8, @ANYBLOB="010029bd7000ffdbdf255e0000000800", @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x20000800)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
kcmp$KCMP_EPOLL_TFD(r5, 0xffffffffffffffff, 0x7, 0xffffffffffffffff, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r9 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
write(r9, 0x0, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x40, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, &(0x7f0000000100)="3e0f017d0066ba4000b8e3000000ef0f017e00f30fb65ffd0fc75b9f0f20d835080000000f22d8c4e3a90c6925fac4c1637db2dbcf4a72d9ea0f01c8", 0x3c}], 0x1, 0x0, 0x0, 0x0)

3m45.786760131s ago: executing program 0 (id=510):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
umount2(0x0, 0x8)

3m45.510429008s ago: executing program 0 (id=511):
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={0x0, 0x14}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x10, &(0x7f0000000680)=ANY=[], &(0x7f0000000540)='syzkaller\x00', 0x8, 0xba, &(0x7f0000000140)=""/186, 0x41000, 0x3, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37, @void, @value}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f0000000640)=0x4)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0xffffffffffffff2b, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x804)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x9)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@uuid_off}]})
r3 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r3, &(0x7f0000000000)='./file1\x00', 0xc000, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(r3, &(0x7f00000005c0)='./file1\x00', r3, &(0x7f0000000240)='./file2\x00', 0x0)
unlink(&(0x7f0000000280)='./file1\x00')
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_tx_ring(r4, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYRES64=r2], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x560b0000, &(0x7f0000000000)="259a53f271a76d2688ca4c6588a8", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
link(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='./file1\x00')
chroot(&(0x7f0000000040)='./file1\x00')
syz_io_uring_setup(0x5c91, &(0x7f0000000300)={0x0, 0x2002, 0x0, 0xfffffffe, 0xfffffffc}, &(0x7f0000000380), &(0x7f0000000180))

3m44.510143244s ago: executing program 0 (id=514):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
pipe(0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000140)={0x0, 0x5}, 0x8)
r2 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r2, 0x107, 0x10, 0x0, &(0x7f0000000040))
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, 0x0)
mkdir(0x0, 0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r6, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
setsockopt$inet6_mreq(r6, 0x29, 0x1b, &(0x7f0000000000)={@mcast2}, 0x14)
close(r6)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000040))

3m44.142480406s ago: executing program 40 (id=514):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
pipe(0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000140)={0x0, 0x5}, 0x8)
r2 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_int(r2, 0x107, 0x10, 0x0, &(0x7f0000000040))
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, 0x0)
mkdir(0x0, 0x2)
socket$inet_tcp(0x2, 0x1, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_mreq(r6, 0x29, 0x1b, &(0x7f0000000100)={@remote}, 0x14)
setsockopt$inet6_mreq(r6, 0x29, 0x1b, &(0x7f0000000000)={@mcast2}, 0x14)
close(r6)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000040))

49.315239743s ago: executing program 6 (id=1074):
sendmsg$IPSET_CMD_TEST(0xffffffffffffffff, 0x0, 0x40800)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
write$dsp(0xffffffffffffffff, 0x0, 0x0)
ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5001, 0x0)
ioctl$SNDCTL_DSP_SETFMT(0xffffffffffffffff, 0xc0045005, 0x0)
r0 = getpid()
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x7d, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5)
syz_clone(0x0, 0x0, 0xfffffe55, 0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xa)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r2}, 0x0)

44.180221576s ago: executing program 6 (id=1086):
getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000000)=""/54, &(0x7f0000000040)=0x36)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x24040800)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x24, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="10000000040000"], 0x48)
syz_usb_connect(0x0, 0x24, &(0x7f0000001240)={{0x12, 0x1, 0x0, 0x81, 0xdd, 0x22, 0x10, 0x54c, 0x2e, 0x500, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf7, 0x4, 0xc9}}]}}]}}, 0x0)
socket$inet6(0xa, 0x6, 0xb)
setsockopt$inet6_udp_int(0xffffffffffffffff, 0x11, 0x65, &(0x7f00000019c0)=0xfffffff8, 0x4)
sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000001240)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0xfc, @remote, 0x5}, 0x1c, 0x0}}, {{0x0, 0x0, 0x0}}], 0x2, 0x20000004)
openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_MESH(r2, &(0x7f0000000300)={&(0x7f0000000100), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r3, 0x300, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x80000000}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4008000)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x414a40, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r1}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000006c0), 0x20200)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r5, 0xc0505350, &(0x7f0000000700)={{0x0, 0x1}, {0xf, 0xfe}, 0x1})
openat$sndseq(0xffffffffffffff9c, &(0x7f00000000c0), 0x801)
r6 = fsopen(&(0x7f0000000080)='vfat\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)

41.303330634s ago: executing program 6 (id=1096):
r0 = socket(0x10, 0x3, 0x0) (async)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000500)={'netdevsim0\x00', &(0x7f0000000700)=@ethtool_test={0x51, 0x0, 0x4}}) (async)
write(r0, &(0x7f0000001fc0)="fc0000001a000708ab092504090007000aab0700a90100001d60369321000100fe800000000000000000000000039815fa2c1ec28656aaa79bb94b46fe000000bc00030026eab4a5780763f072778e82b712e9c060000000140000270400117c22ebc205214a00000000008934d07302ade01720d7d5b3c91a3e3280772c05defd5a32e280fc83ab82f605f70c9ddef2c2d6a2c82374f6aa2bd9f92ff0ea1ffe082038f4f8b29d3ef3d92c83170e5bba4a46d284a710af333ae4f5566f91cf190201ded815b2ccd243f295ed94e0ad91bd0734babc7c3f2eeb57d43dd16b17e583df150c3b880f411f46a6b567b4d5715587e658a1ad0a4f01731d05", 0xfc)

40.725286487s ago: executing program 6 (id=1097):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=@base={0xe, 0x4, 0x4, 0x3, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x13, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x5}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {{0x5, 0x0, 0x3}, {0x95, 0x0, 0x0, 0x700}}, [], {{0x5, 0x1, 0x5, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2c, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)

40.69453263s ago: executing program 6 (id=1098):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r2 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1b1c, 0x1c0d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r2, 0x0, 0x0)
syz_usb_control_io$hid(r2, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="002205000000d7ca0400004d38e8faca0b76f5d98a98ba31f5556df55955f538cbdd20d352599b031009222ac9c84e99aa1729fbcaa29ef4eb776954a12bbab2585af9b9abc210cbc30465bb36e95d04a4a7f9026030081c54b22fbd1e28292d66cdcced054e063dac0500a2701c81f9e57d87021603ed44"], 0x0}, 0x0)
r3 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r4=>0x0], 0x1})
r5 = fsopen(&(0x7f00000001c0)='bdev\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
r6 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r6, &(0x7f0000000700)=ANY=[@ANYBLOB="3800000078009106000000000000004a07"], 0xfe33)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000180)={&(0x7f0000000140)=[r4], 0x1, 0x80800})
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r7, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r7, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r7, 0x6, 0x16, &(0x7f0000000240)=[@mss, @sack_perm, @timestamp, @mss={0x2, 0x1}, @window, @window={0x3, 0x0, 0xfffc}, @timestamp, @timestamp], 0x8)
setsockopt$inet_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3)
setsockopt$inet_tcp_TCP_REPAIR(r7, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
sendto$inet(r7, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r7, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000000100000014000200776732000000000000000000000000004c00088048000080"], 0x74}}, 0x0)
r8 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r8, @ANYBLOB="010000000000000000000c00000018000180140002006261746164765f736c6176655f310000600003"], 0x8c}}, 0x0)

36.501474877s ago: executing program 6 (id=1110):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002bc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f0000002c00)={0xfffffffe, 0x0, 'client0\x00', 0x0, "3c2126a2542a49cd", "863bb7b7249888e8bb8543a4e2200bac014cbf45d34d4f18554150f26a89a89e"})
syz_usb_connect(0x2, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000109737107d071004c1ec0102030109021b00010040b0000904000001362434000905", @ANYRES32], 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@enum64={0x5, 0x0, 0x0, 0x13, 0x0, 0x1}]}, {0x0, [0x30, 0x30, 0x5f, 0x2e]}}, 0x0, 0x2a, 0x0, 0x1, 0x7, 0x0, @void, @value}, 0x28)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000940)=@newtaction={0x68, 0x30, 0x48b, 0x0, 0x0, {}, [{0x54, 0x1, [@m_simple={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x8, 0x3, 'nat\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x6f8, 0x2, 0x1, 0x6, 0x70c}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x68}}, 0x0)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000140)={@my=0x1})
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000080))
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
readv(r4, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0xfdef}], 0x1)
ioctl$TCSETS(r4, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, "000080f100df00000000000000000009f600"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f00000000c0)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r8 = syz_open_pts(r4, 0x801)
r9 = dup3(r8, r4, 0x0)
write$UHID_INPUT(r9, &(0x7f00000001c0)={0xa, {"08c39ee52f329f1698b1c4865f8b540a5eee9f496a0809c3d20325867b6edda88489ab4c09fe0a7f1e8640aa8e344f412df0d69475a5d6570e21f31fac7dfb4aa7ade0e851582d5c1abdd809580cb34c9e48576b1c73ed76023256fca058ada3db47d86cc75b33cf762b67fe61f152618c49a40858f68794a4fc484ab73ccd254ba3d147f5feddaf91dacc238c0a8096f79597ca1e6da781fcf37a0141a335c6a7577d2d53c6e552a7be208381bb31d1d3e0e92ea651655217535734b286d3f19780a4c720075a36a734151f8c00e651cb3a6bbe30e3f6aee48750436da6471e965e81f38134674fcb697108fb7345010bb8fa15fba9b33355d7858327171ab9c68f6c21b2ffbff4eb061dab80bc77a4a7769e7ff73bcd98790e09415bfc5978cf5af45c3ec9ef9c1a39f766c59d59590281038dbcb765580ba2b3f141d5bbfc40910a0894cd1f22d2a8b6d4e4778debef99438b54d44b4b7568de2777431a5b2f3e8d1a45a60a468f5e33e8ef534f803dfb6798c270f52edf031ecd996bb78c4e92961c63c079676d77412ebc6074e5f235417785e7a14b14ce7626b015071c154cc2bf8f4499b93293e9997c23df4c7a1498cf12414fb31eb873728e4f613b540d22e7ca718f18da5b82ed24995e4309c3af4a2e1097465bf09728082d09e71ea365522035eb9772b8e072f8454777ee304dacd59d3eb9f933f151fa14f8c38eadbeba04810a2dea7a66824f09235c13a45f07870210d0d310ce3ae6284577bd4e65f32700f6723727926cb52e4f27776a1dab0f6668327ab5cf1893879a635261f2e0d9923ccecbf5b80f10a8275c1515f47930d614e787f14c105d3a4f8faf8e7f738cf4eae4fc39ef3db3cb87794ace87f7239b69dc4ab4e5ae57cdfbd309e847d99600ef14b51faead01e8ade57d24270bc13a1787896096eeacb8ab1c93d31d93cfb244bb09ecfecf336362a5656db7df327cbb9aeb898f8af229c7bb9452805f2b4510c5df86b6d564e01f000000167ade5205331523a6392af2bea9e6db0ba5480cbf1b202714233289c4017cb66e83c0c8b6e88bedb922162d0ceecf6c5da173bbefe6781ab7720d2be6cca378db650c69d4228141ae190922fbbaddb86c7f0fe138b704e8305b3bcc7910b2280d96d71dafdbfa876b0013fc4de586f85d9ee077b6349becbdca8bd989a51c4c76ed8a8cc691a65078e0272a62edec8236a779f0cbffeda49dcdccd4def7064e0d77ae5a8c64f3057b4a3a0d4457d33f2bc6c112378315411baa4bb126fe540d750491fc58fbb66911ef82bce5ed76872dbcd8e05dea2f3f347a653aa39ab5d75e71671bfeb924e71476134dbf91e3f287fd853cc34bf81e717edd41aa04b6fbeb43cf2074f0c8fe5350401b6cff801c147a3b58b972aa5652629a9fd8b1df2852708ce958d4e9974ec4383aa5da4e3f75fdc85981e97b75863546f67a8703673b6fe2c26f0e9eeb8c45c26f673adac55fa5d69b82ae7d032fd3b26866047e8c029b90a62794a89c11398944b398b4177b2dcc5a743c16d4a5333b1e30af678d3db8df849c1753db067a6f94bab00c0dd3c7e94a8675924c89bda98ac09e10bcdf83f5114b9b466c413477a5cdc48c857230798934bcc1f0eb3a2d2944b139e459af32e515785f46ed4e97cdcb23c7e4dc7c4f91b5b5ca5228344aeb6652fffaf31325c7429bc70a5f6beaaa98ef190dffdeccc94bd814b3edfdd48243bf34291076ab5438ee00e924a827d5b453df42d24144fe1a45bb6c84fcbb2143d0a561c1e867c1279bdf0a47061ea77a84f36c720aff785f0db10eda84c767b5f3874f9455c0f026735ded32f0403ef7dbcf97d2233d59c670114ddf89314ba74fc248bcbdbf43c24e46304e229b3cf583aa410f4dfd119152495da8737518ee2a05a8ca1f004be3c551408f2e4013e444b63bf2bb26ddeae505642dffcc989ee241c48741181b506e22fdc4530319522780c74bf786852dc66ebbb51f8ecbb1e35de09ef7afe589bb8a31c5d63477db5d5e7174694ea04cfa98057d39127a4e5eedb4897a491c6693acd0a036abf846f3b6f3006e5e5fd586f29a4a8a31abbccf732e4f1b88187a72d669c16302657e9cbbeb9322662e111edc7771526400b6123d0f8207bcaa38bee07043e36e223d418ac948d65e7acfe72cc3fdcf03a3e43ecfec8ae489ddba09126709c5c7968829e3504de8a5010c9372de09476a7b96b04d7aed2486d8f89f21f075321abe350024abe00a81f87df3dc372fc3206496776c26b6958243070bda4cace3e358da5d39a3945765c2ba4b002b06efd416af66f3343f218ed84550ea83f02f9a5c3fc677ea60987aa25f0406d6154081cfdc074814a2465accdfa102858f5a52c9eae293c56ddcaf8f6926d3dd0ccb51a30c960d6b7e473038ebd3702b5106f6bc040efdfd7169fd3f2dc42ff23de26a239e13b74278729fd7e843b38a35c55fd50181ac13a9cbbbfd8feb36afaeb1993349c0ac5a0c44ffd92919dfe272b0f8ed7df7198cd299715f021109a58dced4753d3c7ddd6e9ea01596f18b2fe7000000004ccfca57aed5b5cebdff65de480a56bd53f4c7f83ddef00d7c9686311d1fce76f320bb3222a11db30ba6ed31535d8fda61e694478ca9935d72719b8d6b9be88ae3df30b60ee251b919b4d1734b994c62accdf855488b351738331b462eccf27efdc5577d7a5548579dc90d227a42ac010f33a720dc3cf0a63454f8b07c775287495761a058ec1e28e6aaf8057241f4ef8b5de56e279355bb66630c4ddf35e7c2cfff26a4241b1df0379d2a1e9f959e46d3843f89844ead50aff44640fcbc4a1edb033afff7cc9e57c4f8d31900764233e11fa4c28e547788c1b00de4268df692ba3415a9ad90fa712f9618f5ecff57da32809380eeff040cd3b23f508614c72b303cec3bcd732708303b166193366a062b9cea536f28478c387e626744c6a611a8e7162d274efccc84eee8eb31d3310c86752777dd5b5ffe234e895c54909f19a4aabcf3c15b90c02170409e314fd90e766ec4ba93c8ec6321237a980ad3c32fb2fab69e57541ea7f5427a85c2c57d40f9ebe9de5572f46a4713fb28e0af42d0adef3e29195aa41a3ba318181512eebfadffede4e35ff7f975928edc5d4d9f2d931fb44b30e1df55e66c52e1648e9cdaf71221b57c6a6b087428ccc57ade5b1531341cba2be452b426c434c70fd8c493337d4995cbd76ea1dd545226e3eb59d5f94ffb5352f87a4a66cd7c5e88322404fd397c46e198646a9c819d0eb1f10e54d8a3ea912f1cb134ff1095aa7325287f6ea9af8c13b67d6abcbb70dbc06838ecb33e45b60f6cb832c3e72d1401770f66bd02f35a2d007815ab676099e31f5102000000c0e83d5e7107c8dc5830c9cddb9781185b94d7f2814c5058ba3ac54c268741c5728f4997a9628602c2a36090162379f3f37c47619b3e7c7397a5913b7060b51e0c7f7226ff1135444f866f89a4b74136cbd3acb7178bd63183b3fd9cd19fdeb6fcc6341910ad4605da76a9af4bfb8b75fcd666f8188902b380ae560d9aa04f8f9b0ac5c109d1824a470726e06a49d955f8f71c8a86081e75b13f62600deb941da181eaff544cd559c467d8dae432debd22e7a7b3e1ad731a5b9470f5f60423dda061ff899c07c79f3da34f38e1d8182d6ee0c36c602945509167be440382a8a8a759b20e41638fd57152029b190b5701d30a86f579e2d0cc53a2f809ca9bd3aba1eb2772a7acc35c4d983afa83a9baea35c0ed4931234719636cf8f5fe1884bde6cebbdf23bd62b1ebf0a5cb78c27295349bd7d5cf28c4ee4689497238fd3aa71a417914e6892667a56bd69dc2e5882cfb67df71494e9a9199e025892e4e7435f727636cd988cc7563d28db5133f649849c5b3973a3428de10ad39d96146b22acc50f50eee5a038876452b960686892de40efe30081ccdaa2bf64af78d5988026e529b36c62a21378ac42d220d0dd878010178e374e6dbb2b61206066d04e729ed03c6fd9a4e00547fe9304aec0925d85a0acd07fdc5d48c1a1cff656916f5d25952327792255e0d606a32517781cc3d737ec753eb95b5b5b95dabd8946907ab54cc85d05b475e2e5486c6fc070417198d3a50910e2949d20d3fa68fd327934cff5171224942b8f18d88947763a7c710d09c4b269bdf2d3e715329917fb70728a4a0530999b755ba8fc04deabf4bc4bcffc4d62d491538c65078122bf2c263ae0020af67cfc9cf19e5b929e086af281fb43d5504d728935c5cfac136eb81703d50fddb39a5a713b2914c6acd9b2d07819cf7bba495ac5734fe423e611d309b80eeafcf9053d51b0ab3c29d5ca5eb8861ffc1ebc4d53f361b8991baecb52860c15202f979e34054fcde869d018103ccd6d914a70f1840fc6aaf426beec975ddb980b19b0f4cc2ca393c0b9e6ebe5e7d1c9fc1ef7a1c91378f0b73262993fb80667ecf62bac3c47cbd002ae1b87b8dc3ec99d5c987765d778868eb55022cc3bed14b8f934a584bcc98fa0b4f6e6982ab8d8a2bb49f9074ef429dd7b8db332a96ccec6983a97be7c8634c02e7937ffc8d613b83aa375886bf40a87ec062090382f874bf2c8e5fbb58ac18a46c4d9e85af3ca21bdacb7755f49776b0eb3972ff682c84beb07d74cbe2764e378253e72128991b73d2730704a5448280e8a0fd8cc87d4cddcffbfe5525ae3d2304877a3988e33c8e12bf77793e753f25840e9af2ce56bdb999fc62623a2298b4244534f662eb398a2577c72f6cfd5174697dcee151d4f3a7293b11de3889c43744da4165aca4e4a1e926d37ae4d7471584a06f3641f2037a74a58c2397a594f29d142d59f91bb57e24e1a3f30f68c626033cc34895c1b16d62e3a375c3e09f5dbd9338cd3a500643143cd404b57019c648c3ec31d696233fe16efc3c4c84aca0830ca8b9fbf1144b98d82f41e4cf67631c74cdcf8d9c8b8556b876ff1592683ccac0b47a26cb3a2cb1b917f433bb54e0b53deae9ac4b1cd0594c1fa0e6744e7ed88fdac60901e3da989f3b0d7c12b140cc576fa1b0e8e705321d37c303691aafc9fed9c3dc419078d0925ead56455ea5f3cd57941e410c1c14c2e8972d7cca44fcaca1f64fc817f4a41b6d9fb237fed159cb09e788ae560726537f49cb64b9f60915d402e0931355c55ad792cde758548b1af54b196e414046d4af3579a6c30ceac3d68bbfd2adef309c064e759a9f0dd69d682a3880b8ff27b69abffaa45ee7e65d8f1f6e40c188f6249fdf72220b4c87243217ba0292b9e9b67ebeda4fb83406216a4d765812bafeff34cc57f7d2cd1608282079c076055b9cabffe5fa491b970291bc2672540ccc15ed877d7dbe3ef683724c715ace770905e48c2dc6a44e1fc095773676d070eac00ee3834b07590cba7093f56b678313870471c81599d34c53fc03ec6c913d8ba3f604ace8da12d2025cbb5000bc062f4db65a6feacaf3915206d1c15ce7e78c17dc2ea32cb57d6fab0a22d487c77118e75016006f812541ec8180a321287a2d57248d4ee4a19706a19d802c70e250c3b0fc400a0b5cdc06537d2f55fd5300be4eeeaab8cc481a84b6a5e17d8c47ec92fe40710d4ec3530a94ca16710ade2ec7562398106e0ddbb6c8af6412166afd99d45d29a3a967e58decd0d6fc5bebb98d639b5606efd358a43d635d50f0ccb8472197da604994e7fb700243d5f7e45700", 0x1000}}, 0xffffff5c)
syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)

21.383302914s ago: executing program 41 (id=1110):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000002bc0), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(r0, 0xc0bc5351, &(0x7f0000002c00)={0xfffffffe, 0x0, 'client0\x00', 0x0, "3c2126a2542a49cd", "863bb7b7249888e8bb8543a4e2200bac014cbf45d34d4f18554150f26a89a89e"})
syz_usb_connect(0x2, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000109737107d071004c1ec0102030109021b00010040b0000904000001362434000905", @ANYRES32], 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={&(0x7f0000000440)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x6, [@enum64={0x5, 0x0, 0x0, 0x13, 0x0, 0x1}]}, {0x0, [0x30, 0x30, 0x5f, 0x2e]}}, 0x0, 0x2a, 0x0, 0x1, 0x7, 0x0, @void, @value}, 0x28)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000940)=@newtaction={0x68, 0x30, 0x48b, 0x0, 0x0, {}, [{0x54, 0x1, [@m_simple={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x24, 0x2, 0x0, 0x1, [@TCA_DEF_DATA={0x8, 0x3, 'nat\x00'}, @TCA_DEF_PARMS={0x18, 0x2, {0x6f8, 0x2, 0x1, 0x6, 0x70c}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x68}}, 0x0)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000140)={@my=0x1})
r3 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000080))
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
readv(r4, &(0x7f0000000000)=[{&(0x7f0000001300)=""/244, 0xfdef}], 0x1)
ioctl$TCSETS(r4, 0x40045431, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, "000080f100df00000000000000000009f600"})
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x40000000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f00000000c0)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r8 = syz_open_pts(r4, 0x801)
r9 = dup3(r8, r4, 0x0)
write$UHID_INPUT(r9, &(0x7f00000001c0)={0xa, {"08c39ee52f329f1698b1c4865f8b540a5eee9f496a0809c3d20325867b6edda88489ab4c09fe0a7f1e8640aa8e344f412df0d69475a5d6570e21f31fac7dfb4aa7ade0e851582d5c1abdd809580cb34c9e48576b1c73ed76023256fca058ada3db47d86cc75b33cf762b67fe61f152618c49a40858f68794a4fc484ab73ccd254ba3d147f5feddaf91dacc238c0a8096f79597ca1e6da781fcf37a0141a335c6a7577d2d53c6e552a7be208381bb31d1d3e0e92ea651655217535734b286d3f19780a4c720075a36a734151f8c00e651cb3a6bbe30e3f6aee48750436da6471e965e81f38134674fcb697108fb7345010bb8fa15fba9b33355d7858327171ab9c68f6c21b2ffbff4eb061dab80bc77a4a7769e7ff73bcd98790e09415bfc5978cf5af45c3ec9ef9c1a39f766c59d59590281038dbcb765580ba2b3f141d5bbfc40910a0894cd1f22d2a8b6d4e4778debef99438b54d44b4b7568de2777431a5b2f3e8d1a45a60a468f5e33e8ef534f803dfb6798c270f52edf031ecd996bb78c4e92961c63c079676d77412ebc6074e5f235417785e7a14b14ce7626b015071c154cc2bf8f4499b93293e9997c23df4c7a1498cf12414fb31eb873728e4f613b540d22e7ca718f18da5b82ed24995e4309c3af4a2e1097465bf09728082d09e71ea365522035eb9772b8e072f8454777ee304dacd59d3eb9f933f151fa14f8c38eadbeba04810a2dea7a66824f09235c13a45f07870210d0d310ce3ae6284577bd4e65f32700f6723727926cb52e4f27776a1dab0f6668327ab5cf1893879a635261f2e0d9923ccecbf5b80f10a8275c1515f47930d614e787f14c105d3a4f8faf8e7f738cf4eae4fc39ef3db3cb87794ace87f7239b69dc4ab4e5ae57cdfbd309e847d99600ef14b51faead01e8ade57d24270bc13a1787896096eeacb8ab1c93d31d93cfb244bb09ecfecf336362a5656db7df327cbb9aeb898f8af229c7bb9452805f2b4510c5df86b6d564e01f000000167ade5205331523a6392af2bea9e6db0ba5480cbf1b202714233289c4017cb66e83c0c8b6e88bedb922162d0ceecf6c5da173bbefe6781ab7720d2be6cca378db650c69d4228141ae190922fbbaddb86c7f0fe138b704e8305b3bcc7910b2280d96d71dafdbfa876b0013fc4de586f85d9ee077b6349becbdca8bd989a51c4c76ed8a8cc691a65078e0272a62edec8236a779f0cbffeda49dcdccd4def7064e0d77ae5a8c64f3057b4a3a0d4457d33f2bc6c112378315411baa4bb126fe540d750491fc58fbb66911ef82bce5ed76872dbcd8e05dea2f3f347a653aa39ab5d75e71671bfeb924e71476134dbf91e3f287fd853cc34bf81e717edd41aa04b6fbeb43cf2074f0c8fe5350401b6cff801c147a3b58b972aa5652629a9fd8b1df2852708ce958d4e9974ec4383aa5da4e3f75fdc85981e97b75863546f67a8703673b6fe2c26f0e9eeb8c45c26f673adac55fa5d69b82ae7d032fd3b26866047e8c029b90a62794a89c11398944b398b4177b2dcc5a743c16d4a5333b1e30af678d3db8df849c1753db067a6f94bab00c0dd3c7e94a8675924c89bda98ac09e10bcdf83f5114b9b466c413477a5cdc48c857230798934bcc1f0eb3a2d2944b139e459af32e515785f46ed4e97cdcb23c7e4dc7c4f91b5b5ca5228344aeb6652fffaf31325c7429bc70a5f6beaaa98ef190dffdeccc94bd814b3edfdd48243bf34291076ab5438ee00e924a827d5b453df42d24144fe1a45bb6c84fcbb2143d0a561c1e867c1279bdf0a47061ea77a84f36c720aff785f0db10eda84c767b5f3874f9455c0f026735ded32f0403ef7dbcf97d2233d59c670114ddf89314ba74fc248bcbdbf43c24e46304e229b3cf583aa410f4dfd119152495da8737518ee2a05a8ca1f004be3c551408f2e4013e444b63bf2bb26ddeae505642dffcc989ee241c48741181b506e22fdc4530319522780c74bf786852dc66ebbb51f8ecbb1e35de09ef7afe589bb8a31c5d63477db5d5e7174694ea04cfa98057d39127a4e5eedb4897a491c6693acd0a036abf846f3b6f3006e5e5fd586f29a4a8a31abbccf732e4f1b88187a72d669c16302657e9cbbeb9322662e111edc7771526400b6123d0f8207bcaa38bee07043e36e223d418ac948d65e7acfe72cc3fdcf03a3e43ecfec8ae489ddba09126709c5c7968829e3504de8a5010c9372de09476a7b96b04d7aed2486d8f89f21f075321abe350024abe00a81f87df3dc372fc3206496776c26b6958243070bda4cace3e358da5d39a3945765c2ba4b002b06efd416af66f3343f218ed84550ea83f02f9a5c3fc677ea60987aa25f0406d6154081cfdc074814a2465accdfa102858f5a52c9eae293c56ddcaf8f6926d3dd0ccb51a30c960d6b7e473038ebd3702b5106f6bc040efdfd7169fd3f2dc42ff23de26a239e13b74278729fd7e843b38a35c55fd50181ac13a9cbbbfd8feb36afaeb1993349c0ac5a0c44ffd92919dfe272b0f8ed7df7198cd299715f021109a58dced4753d3c7ddd6e9ea01596f18b2fe7000000004ccfca57aed5b5cebdff65de480a56bd53f4c7f83ddef00d7c9686311d1fce76f320bb3222a11db30ba6ed31535d8fda61e694478ca9935d72719b8d6b9be88ae3df30b60ee251b919b4d1734b994c62accdf855488b351738331b462eccf27efdc5577d7a5548579dc90d227a42ac010f33a720dc3cf0a63454f8b07c775287495761a058ec1e28e6aaf8057241f4ef8b5de56e279355bb66630c4ddf35e7c2cfff26a4241b1df0379d2a1e9f959e46d3843f89844ead50aff44640fcbc4a1edb033afff7cc9e57c4f8d31900764233e11fa4c28e547788c1b00de4268df692ba3415a9ad90fa712f9618f5ecff57da32809380eeff040cd3b23f508614c72b303cec3bcd732708303b166193366a062b9cea536f28478c387e626744c6a611a8e7162d274efccc84eee8eb31d3310c86752777dd5b5ffe234e895c54909f19a4aabcf3c15b90c02170409e314fd90e766ec4ba93c8ec6321237a980ad3c32fb2fab69e57541ea7f5427a85c2c57d40f9ebe9de5572f46a4713fb28e0af42d0adef3e29195aa41a3ba318181512eebfadffede4e35ff7f975928edc5d4d9f2d931fb44b30e1df55e66c52e1648e9cdaf71221b57c6a6b087428ccc57ade5b1531341cba2be452b426c434c70fd8c493337d4995cbd76ea1dd545226e3eb59d5f94ffb5352f87a4a66cd7c5e88322404fd397c46e198646a9c819d0eb1f10e54d8a3ea912f1cb134ff1095aa7325287f6ea9af8c13b67d6abcbb70dbc06838ecb33e45b60f6cb832c3e72d1401770f66bd02f35a2d007815ab676099e31f5102000000c0e83d5e7107c8dc5830c9cddb9781185b94d7f2814c5058ba3ac54c268741c5728f4997a9628602c2a36090162379f3f37c47619b3e7c7397a5913b7060b51e0c7f7226ff1135444f866f89a4b74136cbd3acb7178bd63183b3fd9cd19fdeb6fcc6341910ad4605da76a9af4bfb8b75fcd666f8188902b380ae560d9aa04f8f9b0ac5c109d1824a470726e06a49d955f8f71c8a86081e75b13f62600deb941da181eaff544cd559c467d8dae432debd22e7a7b3e1ad731a5b9470f5f60423dda061ff899c07c79f3da34f38e1d8182d6ee0c36c602945509167be440382a8a8a759b20e41638fd57152029b190b5701d30a86f579e2d0cc53a2f809ca9bd3aba1eb2772a7acc35c4d983afa83a9baea35c0ed4931234719636cf8f5fe1884bde6cebbdf23bd62b1ebf0a5cb78c27295349bd7d5cf28c4ee4689497238fd3aa71a417914e6892667a56bd69dc2e5882cfb67df71494e9a9199e025892e4e7435f727636cd988cc7563d28db5133f649849c5b3973a3428de10ad39d96146b22acc50f50eee5a038876452b960686892de40efe30081ccdaa2bf64af78d5988026e529b36c62a21378ac42d220d0dd878010178e374e6dbb2b61206066d04e729ed03c6fd9a4e00547fe9304aec0925d85a0acd07fdc5d48c1a1cff656916f5d25952327792255e0d606a32517781cc3d737ec753eb95b5b5b95dabd8946907ab54cc85d05b475e2e5486c6fc070417198d3a50910e2949d20d3fa68fd327934cff5171224942b8f18d88947763a7c710d09c4b269bdf2d3e715329917fb70728a4a0530999b755ba8fc04deabf4bc4bcffc4d62d491538c65078122bf2c263ae0020af67cfc9cf19e5b929e086af281fb43d5504d728935c5cfac136eb81703d50fddb39a5a713b2914c6acd9b2d07819cf7bba495ac5734fe423e611d309b80eeafcf9053d51b0ab3c29d5ca5eb8861ffc1ebc4d53f361b8991baecb52860c15202f979e34054fcde869d018103ccd6d914a70f1840fc6aaf426beec975ddb980b19b0f4cc2ca393c0b9e6ebe5e7d1c9fc1ef7a1c91378f0b73262993fb80667ecf62bac3c47cbd002ae1b87b8dc3ec99d5c987765d778868eb55022cc3bed14b8f934a584bcc98fa0b4f6e6982ab8d8a2bb49f9074ef429dd7b8db332a96ccec6983a97be7c8634c02e7937ffc8d613b83aa375886bf40a87ec062090382f874bf2c8e5fbb58ac18a46c4d9e85af3ca21bdacb7755f49776b0eb3972ff682c84beb07d74cbe2764e378253e72128991b73d2730704a5448280e8a0fd8cc87d4cddcffbfe5525ae3d2304877a3988e33c8e12bf77793e753f25840e9af2ce56bdb999fc62623a2298b4244534f662eb398a2577c72f6cfd5174697dcee151d4f3a7293b11de3889c43744da4165aca4e4a1e926d37ae4d7471584a06f3641f2037a74a58c2397a594f29d142d59f91bb57e24e1a3f30f68c626033cc34895c1b16d62e3a375c3e09f5dbd9338cd3a500643143cd404b57019c648c3ec31d696233fe16efc3c4c84aca0830ca8b9fbf1144b98d82f41e4cf67631c74cdcf8d9c8b8556b876ff1592683ccac0b47a26cb3a2cb1b917f433bb54e0b53deae9ac4b1cd0594c1fa0e6744e7ed88fdac60901e3da989f3b0d7c12b140cc576fa1b0e8e705321d37c303691aafc9fed9c3dc419078d0925ead56455ea5f3cd57941e410c1c14c2e8972d7cca44fcaca1f64fc817f4a41b6d9fb237fed159cb09e788ae560726537f49cb64b9f60915d402e0931355c55ad792cde758548b1af54b196e414046d4af3579a6c30ceac3d68bbfd2adef309c064e759a9f0dd69d682a3880b8ff27b69abffaa45ee7e65d8f1f6e40c188f6249fdf72220b4c87243217ba0292b9e9b67ebeda4fb83406216a4d765812bafeff34cc57f7d2cd1608282079c076055b9cabffe5fa491b970291bc2672540ccc15ed877d7dbe3ef683724c715ace770905e48c2dc6a44e1fc095773676d070eac00ee3834b07590cba7093f56b678313870471c81599d34c53fc03ec6c913d8ba3f604ace8da12d2025cbb5000bc062f4db65a6feacaf3915206d1c15ce7e78c17dc2ea32cb57d6fab0a22d487c77118e75016006f812541ec8180a321287a2d57248d4ee4a19706a19d802c70e250c3b0fc400a0b5cdc06537d2f55fd5300be4eeeaab8cc481a84b6a5e17d8c47ec92fe40710d4ec3530a94ca16710ade2ec7562398106e0ddbb6c8af6412166afd99d45d29a3a967e58decd0d6fc5bebb98d639b5606efd358a43d635d50f0ccb8472197da604994e7fb700243d5f7e45700", 0x1000}}, 0xffffff5c)
syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301)

15.914842556s ago: executing program 8 (id=1162):
r0 = socket(0x2a, 0x2, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, r0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
mlockall(0x7)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r1, &(0x7f00000021c0)={0x2020, 0x0, <r2=>0x0}, 0x2020)
write$FUSE_INIT(r1, &(0x7f0000000040)={0x50, 0x0, r2, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r1, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100c4b600", 0x2000, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x4, {0x0, 0x9c33cbf2f2cca357}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x1, 0x0)
write$FUSE_INIT(r3, 0x0, 0x62)

12.115890845s ago: executing program 8 (id=1171):
connect$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000500))
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000300)=[@acquire], 0x0, 0x0, 0x0})
dup3(0xffffffffffffffff, r1, 0x80000)
r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r2, 0xc018643a, &(0x7f0000000000)={0x4000000})
pread64(r2, 0x0, 0x0, 0x4)
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000480)={0x20, 0x0, &(0x7f0000000000)=[@request_death, @clear_death], 0x0, 0x0, 0x0})
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0x1, &(0x7f0000000200)={0x8}, &(0x7f0000000280))
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0)
write$binfmt_script(r5, &(0x7f0000000100), 0x208e24b)
mmap(&(0x7f000028b000/0x1000)=nil, 0x1000, 0x0, 0x12, r5, 0x0)
preadv(r5, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600a847500140600fe8000"/37, @ANYRES32=0x41424344], 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000327000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0)
execveat$binfmt(0xffffffffffffff9c, 0x0, &(0x7f0000000340)={[&(0x7f0000000140)='/dev/kvm\x00']}, 0x0, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002540)=""/216, 0xd8}}], 0x1, 0x0, 0x0)

11.357627835s ago: executing program 8 (id=1176):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
fsopen(0x0, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4000000000000007910480000000000610400000000000095000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48)
close(r4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=@base={0xf, 0x4, 0x4, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
prlimit64(r0, 0xe, &(0x7f0000000100)={0x4c, 0xabb}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000000c0)={{r6}, &(0x7f0000000000), &(0x7f0000000080)=r4}, 0x20)
recvmsg$unix(r5, &(0x7f00000004c0)={0x0, 0xfffffffffffffc90, 0x0, 0xfffffffffffffdbd, 0x0, 0x24}, 0x2041)
sendmsg$inet(r5, &(0x7f0000000500)={0x0, 0x0, 0x0}, 0x0)
unshare(0x62040200)
syz_usb_connect(0x0, 0x24, &(0x7f0000000340)=ANY=[@ANYBLOB="1201000040154220a9055015bbe4010203010902120001692b01a842fe45461a94c8000034cfde503d47ca00bbea151fd614dcd3f2f5bd13900f709d34fee8f3fed1ac8c8c0f6b6aa60b83958a65f6b52f6e51327fc3077371a929b8ca259bcb97d506e648727e39b4a8284c74094514dba74cfd16907a64b6f03bf51f2621af1d5c3bdbfa9fa6673e85b4b9db4baf57d199973d3bba45563eb30dc4d5ec9a1c8e59b8353a8a4537cccd3974888e5fd321ebfbe6f820a0f01d3ce400000000"], 0x0)
r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)

7.779818545s ago: executing program 8 (id=1184):
r0 = syz_open_dev$amidi(&(0x7f0000000480), 0x2, 0x80042)
r1 = dup(r0)
r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB="2c005dcdf9ccb004ed55eec59da87f76bc15554a5dbb35017324eb9f5cf7398003a99eaed9e72291690dd1618b812ec0876cb9c9c2ca186f1e293e16dbe398a23c493939f4873c4a441ee36ff998701466e0c60a99b409e330f85e9f3ef2d46561999c6c41b8db3e8d8c86b6f1c02926b42a681f21f964785c88f099956b401d5517565b36ce64e31fbf8f4402e444588bb11ef0ee0a0efb52890317b1ecbe5c926b61b74a7c32dee6bd512e7632a395df7dbb4e21059040d581c76588adebd02e7b55d4b551"])
r3 = syz_open_procfs(0x0, &(0x7f0000000280)='timerslack_ns\x00')
lseek(r3, 0x8, 0x0)
write$eventfd(r3, &(0x7f0000000000)=0x4, 0x8)
r4 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000075f84c1071042703a461000000010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r4, 0x0, &(0x7f00000004c0)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000100000011"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r4, 0x0, 0x0)
syz_usb_control_io$uac1(r4, 0x0, 0x0)
syz_usb_control_io$printer(r4, 0x0, 0x0)
syz_usb_control_io$uac1(r4, 0x0, 0x0)
syz_usb_control_io(r4, 0x0, 0x0)
syz_usb_control_io$hid(r4, 0x0, &(0x7f00000005c0)={0x2c, &(0x7f0000000040)=ANY=[@ANYBLOB="200000000000e0aad92c77859edd1351afd3d1c5a5281a"], 0x0, 0x0, 0x0, 0x0})
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000240)={&(0x7f00000004c0)="fb4d9c495e82c54dd6ee2d8af87cfb9a1196f26ed999f62a10385d827f83ae821576cc7d0efd7c2d557cffe7702d1c1259c189a4b3f11fe6a2b3985c611dc2fc07846da01cad60ccb16406c075473b5159cc530fb7268b6bc204bac9572dd7d62fe3", &(0x7f0000000540)=""/124, &(0x7f0000000100)="9bb84ddeabd7df19169473628fd7e7708fda1c71be84ed91b693bf72bdbfa71a98e574169e919b0e9c163080e7f603ac6528e6042d4ce6d24c5094a08d964b501f63be1110d7315691e9fee9f9aa49943a3e3401775c59d9a80c46f5f197e8df7090370fb7a0bf146096426b080bc28d18bfeb4975c67f14cabe6319e08632aadc00b1620c0b39d1e2caf8dc3df27de0b6a89cf4ffb964b04417709107c75b65f503cd99", &(0x7f00000001c0)="5fce7462144cd33d1912425a44123810b35531d38c6c448ec143666311819ae8004c06049c96e1d278b2ae231ea4f0bba93933cbed1345690b397e60f9521a81239fb8", 0x7, r3, 0x4}, 0x38)
sendmsg$DEVLINK_CMD_RATE_GET(r3, &(0x7f0000000480)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x130, 0x0, 0x0, 0x70bd29, 0x25dfdbfb, {}, [@DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @DEVLINK_ATTR_RATE_NODE_NAME={0xac, 0xa8, @random="9fb2c5bb1b71d4e6db511041206ed0902f7709554c373d5900b1aa80ace3574338a119778dc4a1fdfa8e1b40f86d6fc9d1dc1b778c9a166a54ac417d21e122b02944ee4737983bedc075d5e3dc7a005154bf5b0776c458ecb49ede4cbd219a5973045605cbf35eeb3b7ee154d201625b5966def6adc40e5a0f72718ff739280d31d2ca655880bfa1a8c8816f53fc4a04a560c6253555b0eec63b97d62ce94d6a677a250731071b8f"}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_RATE_NODE_NAME={0xe}, @handle=@pci={{0x8}, {0x11}}, @handle=@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}]}, 0x130}, 0x1, 0x0, 0x0, 0x20040010}, 0x20000014)

5.842360023s ago: executing program 3 (id=1195):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
socket(0x2, 0x5, 0x0)
r0 = open(&(0x7f0000000000)='./file0\x00', 0x2400, 0x1)
ioctl$UFFDIO_WAKE(r0, 0x8010aa02, &(0x7f0000000040)={&(0x7f000008c000/0x14000)=nil, 0x14000})
msgctl$IPC_INFO(0x0, 0x3, &(0x7f0000000ac0)=""/164)

5.841675285s ago: executing program 3 (id=1197):
r0 = socket$netlink(0x10, 0x3, 0x7)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r2, {0x2, 0x2, @multicast2}, 0x2, 0x0, 0x4}}, 0x2e)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
flock(r1, 0x5)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$L2TP_CMD_SESSION_GET(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000006000000140008"], 0x28}}, 0x8000)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000001540)={0x4, 0x2000}, 0x4)

5.731414565s ago: executing program 3 (id=1198):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}})
write$FUSE_NOTIFY_RETRIEVE(r0, &(0x7f0000000100)={0x30, 0x5, 0x0, {0x0, 0x1}}, 0x30)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x4200, 0x84)
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
umount2(&(0x7f00000001c0)='./file0\x00', 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_open_dev$dri(0x0, 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, 0x0)
r6 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r6, &(0x7f0000000900)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r6, &(0x7f0000005240), 0x264e33, 0xfffe)
write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000000280)=ANY=[@ANYBLOB="36000000060000000000000000000000000000000000000000000000000000000d00000000000000646f6e745f6170707261697365005dc8a313c7638e4c9cc892f9cd2b904157604a281ad79a60c419eac072610e138c48e14312eb0e273e7c4415ee055a3a6ecb7586161bdeb5304037014e39944737707dbd057e7a84fe20aa659984837a4bcde2fedb5462b467490bbb9dfea8d0a05c40697e552acaabc5f0c2e1dcfc26e89978655dee78b00046054884d2fcec57642baa8d6b0b7e35d1e43b42d59da2135cae211bdf130f0bad504c1e119d"], 0x36)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1}, 0x50)

4.737441228s ago: executing program 3 (id=1201):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
r1 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1b1c, 0x1c0d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r1, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="002205000000d7ca0400004d38e8faca0b76f5d98a98ba31f5556df55955f538cbdd20d352599b031009222ac9c84e99aa1729fbcaa29ef4eb776954a12bbab2585af9b9abc210cbc30465bb36e95d04a4a7f9026030081c54b22fbd1e28292d66cdcced054e063dac0500a2701c81f9e57d87021603ed44"], 0x0}, 0x0)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r3=>0x0], 0x1})
r4 = fsopen(&(0x7f00000001c0)='bdev\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000240)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
r5 = socket$kcm(0x10, 0x400000002, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000700)=ANY=[@ANYBLOB="3800000078009106000000000000004a07"], 0xfe33)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000180)={&(0x7f0000000140)=[r3], 0x1, 0x80800})
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r6, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r6, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r6, 0x6, 0x16, &(0x7f0000000240)=[@mss, @sack_perm, @timestamp, @mss={0x2, 0x1}, @window, @window={0x3, 0x0, 0xfffc}, @timestamp, @timestamp], 0x8)
setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3)
setsockopt$inet_tcp_TCP_REPAIR(r6, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
sendto$inet(r6, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
recvfrom$inet(r6, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)

3.638483357s ago: executing program 7 (id=1204):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000003c0), r1)
sendmsg$IEEE802154_LLSEC_DEL_DEV(r0, 0x0, 0x0)

3.567205455s ago: executing program 4 (id=1205):
r0 = accept$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, &(0x7f0000000100)=0x10)
close(r0)
ioctl$AUTOFS_IOC_PROTOVER(r0, 0x80049363, &(0x7f0000000180))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r1, 0x0, r4, 0x0, 0x10003, 0x0)
write$binfmt_elf64(r2, &(0x7f00000001c0)=ANY=[], 0x10034)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_DEL_MIF(r6, 0x29, 0xc8, 0x0, 0xc000000)
setsockopt$MRT6_ADD_MFC(r6, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x4, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c)
setsockopt$MRT6_ADD_MFC_PROXY(r6, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="a78700000000000000e020"], 0x14}}, 0x0)
r9 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_ADD(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x34, r9, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'wg0\x00'}]}, 0x34}}, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000002a00)='./file0\x00', 0x40, 0x0)
r10 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
r11 = open$dir(&(0x7f0000000200)='./file0\x00', 0x0, 0x1)
move_mount(r11, &(0x7f0000000280)='./file0\x00', r3, &(0x7f00000002c0)='./file0\x00', 0x252)
r12 = syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
ioctl$FIONREAD(r3, 0x541b, &(0x7f0000000380))
openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000032c0), 0x101000, 0x0)
pselect6(0x40, &(0x7f0000000100), 0x0, &(0x7f0000000240)={0x1f}, 0x0, 0x0)
ioctl$CEC_ADAP_G_CAPS(r12, 0xc04c6100, &(0x7f0000000180))
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r10, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
write$FUSE_NOTIFY_INVAL_INODE(r10, &(0x7f0000000140)={0x28, 0x2, 0x0, {0x1, 0x101, 0x6701e32d}}, 0x28)

3.553200412s ago: executing program 7 (id=1206):
r0 = accept$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @multicast2}, &(0x7f0000000100)=0x10)
ioctl$AUTOFS_IOC_PROTOVER(r0, 0x80049363, &(0x7f0000000180))
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r1, 0x0, r4, 0x0, 0x10003, 0x0)
write$binfmt_elf64(r2, &(0x7f00000001c0)=ANY=[], 0x10034)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, 0x0)
request_key(0x0, &(0x7f0000001400)={'syz', 0x1}, 0x0, 0xfffffffffffffffe)
add_key(0x0, &(0x7f0000001900)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
socket$key(0xf, 0x3, 0x2)
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e04004220"], 0x7)
r6 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_DEL_MIF(r6, 0x29, 0xc8, 0x0, 0xc000000)
setsockopt$MRT6_ADD_MFC(r6, 0x29, 0xcc, &(0x7f0000000280)={{0xa, 0x0, 0x4, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c)
setsockopt$MRT6_ADD_MFC_PROXY(r6, 0x29, 0xd2, &(0x7f0000000300)={{0xa, 0x0, 0x0, @loopback}, {0xa, 0x0, 0x0, @mcast2}}, 0x5c)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_TSINFO_GET(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="a78700000000000000e020"], 0x14}}, 0x0)
r9 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_ADD(r5, &(0x7f00000001c0)={0x0, 0xfffffffffffffec6, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="000100000000000000000200000000000400020000000000020076657468305fcf3fba4f"], 0xffffffb1}}, 0x20000040)
openat$dir(0xffffffffffffff9c, &(0x7f0000002a00)='./file0\x00', 0x40, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
r10 = open$dir(&(0x7f0000000200)='./file0\x00', 0x0, 0x1)
move_mount(r10, &(0x7f0000000280)='./file0\x00', r3, &(0x7f00000002c0)='./file0\x00', 0x252)
syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
ioctl$FIONREAD(r3, 0x541b, &(0x7f0000000380))
openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000032c0), 0x101000, 0x0)

3.432416467s ago: executing program 7 (id=1209):
r0 = syz_usb_connect$printer(0x2, 0x2d, &(0x7f0000000dc0)=ANY=[@ANYBLOB="12011001000000202505a8a440000102030109021b000101ff20cd090400fd440701013d09050102"], 0x0)
syz_usb_control_io$printer(r0, &(0x7f0000001100)={0x14, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0003040000000403"]}, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000feffff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_usb_control_io(r0, &(0x7f00000015c0)={0x2c, 0x0, &(0x7f0000001480)=ANY=[@ANYBLOB="00031b0000000403"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r2)
r4 = socket$packet(0x11, 0x2, 0x300)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000600)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r4], 0x40}, 0x1, 0x0, 0x0, 0x4004001}, 0x0)
syz_usb_ep_read(r0, 0x1, 0x0, 0x0)
r5 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc))
socket(0x10, 0x3, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000a00)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000800000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
open(0x0, 0x14927e, 0x0)
r6 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1)
getsockopt$inet_sctp_SCTP_RECVRCVINFO(r6, 0x84, 0x20, 0x0, 0x0)
r7 = syz_usb_connect$hid(0x6, 0x3f, &(0x7f0000000080)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x10, 0x1b1c, 0x1c06, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x3, 0x0, 0x8, [{{0x9, 0x4, 0x0, 0x6, 0x2, 0x3, 0x1, 0x3, 0x1, {0x9, 0x21, 0x7, 0x0, 0x1, {0x22, 0x93f}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x3, 0x2, 0x8}}, [{{0x9, 0x5, 0x2, 0x3, 0x400, 0x6, 0xb, 0x40}}]}}}]}}]}}, &(0x7f0000000800)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x310, 0x36, 0x7, 0x40, 0x40, 0x7}, 0xe4, &(0x7f0000000440)={0x5, 0xf, 0xe4, 0x6, [@ext_cap={0x7, 0x10, 0x2, 0x16, 0x7, 0x7, 0x5}, @ptm_cap={0x3}, @generic={0x3, 0x10, 0x1}, @generic={0xbb, 0x10, 0x1, "5739a867fb881aa4a79dfaa82c1b401c83c3b5bd1ff6ca9164f9aa7e1733608874012060e2aad845e68cf6ec6b00d160b3f44b31324e751539cac83551b18e858b9cbc5ea3d4ffae18500a0c8ce01e5d0974f4029799a0a1cd496bfd009fb78a2a068d13680fa45cd259c9a22887e9c8f783a322aa6a68bf4f0a4d2902e3508ef74ab18c14209d3c311f452ff29062e257ffc96d572db0b565ed561a888c27a255b40eafc90282c59a69f91102bbbb2098de04c39a4827e3"}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x9, "2102f1dc6ccf768c0864f69cc0a4a005"}]}, 0xa, [{0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x809}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x2c0a}}, {0x4, &(0x7f0000000340)=@lang_id={0x4, 0x3, 0x140a}}, {0x61, &(0x7f0000000540)=@string={0x61, 0x3, "0462a0c95696f1e92243c3c5851201e8134cc83416895cc46936e15d87fe6044c330ae02eeb251d8fc8f5561543220b4c03833bcd08d2bcb9e6a6957c7c0d431ab69c38c2c270a936281ef3b58d2d3926ae8afba4273710239f14f4ff362fc"}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x3409}}, {0xb, &(0x7f00000005c0)=@string={0xb, 0x3, "2965de728c646d78fa"}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x4001}}, {0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x427}}, {0x4, &(0x7f00000006c0)=@lang_id={0x4, 0x3, 0x441}}, {0xd1, &(0x7f0000000700)=@string={0xd1, 0x3, "a7c341012613b120dc20132637025e08ead6c81fc521a342af79696eb2a772e59d0d4222b1b85cab2b40c757c622f0fa362a98c1f8b61ec1becd5369ee4bfcb36792a7d9f242d18c1a50e75748564e9b2c5984e53780512b4ba86e4783129ac989f1a9fcf6b27bc7278f169395a20395d8011fe1a54aa419a3c07d6377f2657d99991654d9f47bd00a5584bf97757b96a4da353d0c2cca3305bc37a580ecda3363bace323292646987b314973fa7bccf2b860a18deba35172fed4899145c655f46151c51723239d3b8c9875103f0b1"}}]})
syz_usb_ep_read(r7, 0xf9, 0xbf, &(0x7f00000008c0)=""/191)
openat$ttynull(0xffffffffffffff9c, &(0x7f0000000300), 0x42, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

3.157443648s ago: executing program 2 (id=1213):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = io_uring_setup(0xaab, &(0x7f0000000340)={0x0, 0x40000001})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000040)=0x7)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000a00)={'wlan0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x40, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, &(0x7f0000000100)="3e0f017d0066ba4000b8e3000000ef0f017e00f30fb65ffd0fc75b9f0f20d835080000000f22d8c4e3a90c6925fac4c1637db2dbcf4a72d9ea0f01c8", 0x3c}], 0x1, 0x0, 0x0, 0x0)

2.63578684s ago: executing program 4 (id=1214):
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x2)
epoll_create(0x2)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6)
syz_open_procfs(0x0, &(0x7f00000001c0)='environ\x00')
fsopen(0x0, 0x0)
getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0xc, 0x0, &(0x7f0000000000))
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x1800)
write$9p(r1, &(0x7f0000000080), 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r2, &(0x7f00000009c0)=""/102392, 0x18ff8)
getpid()
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(0x0, r3)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000080000000000000064ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={r5, 0xe0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001440)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xfffffffffffffffd}}, 0x10)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="00042bbdfb34358d05d77000fedbdf25460000000e0001006e657464657673696d0000"], 0x54}, 0x1, 0x0, 0x0, 0x8895}, 0x4040000)
mount(&(0x7f00000001c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000280)='./file0\x00', &(0x7f0000000980)='erofs\x00', 0xc, 0x0)

2.625915806s ago: executing program 8 (id=1215):
landlock_create_ruleset(&(0x7f0000000080)={0x1d50, 0x6}, 0x10, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x10000000000001, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
syz_open_dev$dri(&(0x7f0000000000), 0x3, 0x22080)
syz_open_dev$dri(0x0, 0x6, 0x719700)
mkdir(&(0x7f0000005740)='./file0\x00', 0x3b)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000580)='ntfs\x00', 0x24d808, 0x0)
mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', 0x0, 0x202000, &(0x7f0000000440)={[{@default_permissions, 0x3a}], [{@audit}, {@seclabel}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@defcontext={'defcontext', 0x3d, 'staff_u'}}, {@smackfsdef}], 0x2f})
r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x2c)
getdents(r2, &(0x7f0000000300)=""/132, 0x84)
socket$netlink(0x10, 0x3, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB, @ANYRES32, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000e0270300000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000650d000000000000e1000000000000000007000000ff0f0000000000000000000008000b000000000008001600000000000c001500000000005d0000000401050000000000000000000000ffff00000000000000003300000002000000e00000020000000000000000000000000000000000000000000000000000000000000000ff0100000000000000000000000000010000"], 0x254}}, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
r4 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1f00, 0x10053, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xfffffffc, @value}, 0x94)
ioctl$VIDIOC_EXPBUF(r4, 0x2, &(0x7f0000000140))
mount$9p_fd(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x400, &(0x7f00000022c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c7703646e0700", @ANYRESHEX=r4, @ANYBLOB=',\x00'])
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00'})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x2, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000000010000000000000000001851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000106608000000000000180000000000000000000000000000009500000000000000360a020000001000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78)

2.601893396s ago: executing program 2 (id=1216):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f00000003c0), r1)
sendmsg$IEEE802154_LLSEC_DEL_DEV(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0)

2.539291532s ago: executing program 2 (id=1217):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000098c0), 0x0, 0x0)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f00000003c0)={0x2, 0x0, 0xffffffc0, 0x0, 0x0, "000001002000", 0x0, 0x1})

2.131487571s ago: executing program 2 (id=1218):
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$IEEE802154_LLSEC_SETPARAMS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4048001}, 0x40e4090)
sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000040601080000fab0e53016cb23f75a62"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x800)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='iso9660\x00', 0x208000, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x22, &(0x7f0000000080)=0x2, 0x4)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x2)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0xffffffffffffffff, 0x2}, 0x6)
recvmmsg(0xffffffffffffffff, &(0x7f0000000100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_iHD', @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
read$FUSE(r0, &(0x7f00000077c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000100)={0x50, 0x0, r1, {0x7, 0x1f}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000042c0)="000000000000000000000000000000000000000000000000000000000000000090c400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000542d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000015000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000001f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ea8286a2fba523440000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000633956a10000000000000000000000000000000000000000000000000000000000000000000000000000000093160000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000018000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007d6ab715107fa1820000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f6ffffffffffffff0000000000000e000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e1ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fffffff3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f40000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000286071480000000000b13bc1e6d970884f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f3ffffffffffffff0000000000000000000000000000002000", 0x2000, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
madvise(&(0x7f0000ffd000/0x1000)=nil, 0x7fe4d2ddf000, 0x11)
openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x16, 0x6, &(0x7f0000000000)=ANY=[], 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x37, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xffffffff, @void, @value}, 0x94)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000080)={{0x1009, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 'syz0\x00', 0x0})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="4800000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="0000000014060000280012800b00010067656e657665002018ffffffffac14141e"], 0x48}, 0x9}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2800000019"], 0x28}}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
clock_settime(0x0, &(0x7f00000000c0)={0x77359400})
ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)

1.834323693s ago: executing program 4 (id=1219):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
clock_gettime(0x0, &(0x7f0000007a40)={<r1=>0x0, <r2=>0x0})
recvmmsg(r0, &(0x7f00000077c0)=[{{&(0x7f0000000000)=@qipcrtr, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000080)=""/154, 0x9a}, {&(0x7f0000000140)=""/151, 0x97}, {&(0x7f0000000240)=""/58, 0x3a}, {&(0x7f0000000280)=""/76, 0x4c}, {&(0x7f0000000300)=""/132, 0x84}, {&(0x7f00000003c0)=""/230, 0xe6}, {&(0x7f00000004c0)}, {&(0x7f0000000500)=""/248, 0xf8}, {&(0x7f0000000600)=""/161, 0xa1}], 0x9, &(0x7f0000000780)=""/145, 0x91}, 0x5}, {{&(0x7f0000000840)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @initdev}}, 0x80, &(0x7f0000000a00)=[{&(0x7f00000008c0)=""/119, 0x77}, {&(0x7f0000000940)=""/192, 0xc0}], 0x2, &(0x7f0000000a40)=""/119, 0x77}, 0x80000000}, {{&(0x7f0000000ac0)=@generic, 0x80, &(0x7f0000000c40)=[{&(0x7f0000000b40)=""/83, 0x53}, {&(0x7f0000000bc0)=""/110, 0x6e}], 0x2, &(0x7f0000000c80)=""/224, 0xe0}, 0x8000}, {{&(0x7f0000000d80)=@caif=@dgm, 0x80, &(0x7f0000002200)=[{&(0x7f0000000e00)=""/38, 0x26}, {&(0x7f0000000e40)=""/13, 0xd}, {&(0x7f0000000e80)=""/230, 0xe6}, {&(0x7f0000000f80)=""/177, 0xb1}, {&(0x7f0000001040)=""/4096, 0x1000}, {&(0x7f0000002040)=""/237, 0xed}, {&(0x7f0000002140)=""/182, 0xb6}], 0x7, &(0x7f0000002280)=""/60, 0x3c}, 0x4}, {{&(0x7f00000022c0)=@vsock={0x28, 0x0, 0x0, @host}, 0x80, &(0x7f00000024c0)=[{&(0x7f0000002340)=""/38, 0x26}, {&(0x7f0000002380)=""/77, 0x4d}, {&(0x7f0000002400)=""/177, 0xb1}], 0x3, &(0x7f0000002500)=""/4096, 0x1000}, 0x6}, {{&(0x7f0000003500)=@xdp, 0x80, &(0x7f0000005980)=[{&(0x7f0000003580)=""/4, 0x4}, {&(0x7f00000035c0)=""/176, 0xb0}, {&(0x7f0000003680)=""/238, 0xee}, {&(0x7f0000003780)=""/149, 0x95}, {&(0x7f0000003840)=""/4096, 0x1000}, {&(0x7f0000004840)=""/21, 0x15}, {&(0x7f0000004880)=""/128, 0x80}, {&(0x7f0000004900)=""/4096, 0x1000}, {&(0x7f0000005900)=""/108, 0x6c}], 0x9}, 0x1}, {{0x0, 0x0, &(0x7f0000005a40), 0x0, &(0x7f0000005a80)=""/132, 0x84}, 0x10000}, {{&(0x7f0000005b40)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x80, &(0x7f0000005f40)=[{&(0x7f0000005bc0)=""/143, 0x8f}, {&(0x7f0000005c80)=""/204, 0xcc}, {&(0x7f0000005d80)=""/152, 0x98}, {&(0x7f0000005e40)=""/193, 0xc1}], 0x4, &(0x7f0000005f80)=""/187, 0xbb}, 0x8}, {{&(0x7f0000006040)=@in={0x2, 0x0, @multicast1}, 0x80, &(0x7f0000006400)=[{&(0x7f00000060c0)=""/156, 0x9c}, {&(0x7f0000006180)=""/229, 0xe5}, {&(0x7f0000006280)=""/39, 0x27}, {&(0x7f00000062c0)=""/205, 0xcd}, {&(0x7f00000063c0)=""/43, 0x2b}], 0x5}, 0x9}, {{&(0x7f0000006480)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, &(0x7f0000007740)=[{&(0x7f0000006500)=""/236, 0xec}, {&(0x7f0000006600)=""/28, 0x1c}, {&(0x7f0000006640)=""/212, 0xd4}, {&(0x7f0000006740)=""/4096, 0x1000}], 0x4, &(0x7f0000007780)=""/29, 0x1d}, 0x8}], 0xa, 0x40010000, &(0x7f0000007a80)={r1, r2+10000000})
syz_emit_vhci(&(0x7f0000000200)=@HCI_EVENT_PKT={0x4, @hci_ev_conn_complete={{0x3, 0xb}, {0x0, 0xc8, @none, 0x1, 0x80}}}, 0xe)

1.522240262s ago: executing program 4 (id=1220):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_socket_connect_nvme_tcp()
socket$inet6_udplite(0xa, 0x2, 0x88)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1900000004000000040000000500000000000000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB='\x00'/25], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
open(&(0x7f0000000180)='./file0\x00', 0x408040, 0xb2)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffe3, 0x0, 0x0, 0x0, 0x8, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10)
r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_UIE_ON(r6, 0x7003)
ioctl$RTC_SET_TIME(r6, 0x4024700a, &(0x7f0000000040)={0x2, 0x0, 0x0, 0x17, 0x0, 0x4f})
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10)

1.510595442s ago: executing program 8 (id=1221):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x8, 0x5, 0x1008, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
r1 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x54, &(0x7f0000000080)={{0x12, 0x1, 0x250, 0x2, 0x0, 0x0, 0x10, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x42, 0x1, 0x1, 0xb, 0x40, 0xa4, [{{0x9, 0x4, 0x0, 0x6, 0x2, 0x2, 0x6, 0x0, 0x5, {{0x5}, {0x5, 0x24, 0x0, 0x6}, {0xd, 0x24, 0xf, 0x1, 0x5, 0xffff, 0xac1, 0xf9}, [@network_terminal={0x7, 0x24, 0xa, 0x8, 0xd, 0xb, 0x6}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x200, 0x9, 0x2, 0x81}}, {{0x9, 0x5, 0x3, 0x2, 0x400, 0x2, 0x4}}}}}]}}]}}, &(0x7f00000003c0)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x300, 0x9, 0x4, 0x7f, 0x10, 0x7}, 0x41, &(0x7f0000000180)={0x5, 0xf, 0x41, 0x3, [@ss_container_id={0x14, 0x10, 0x4, 0x8, "7343769bfaafe919288ad0c87bd12efa"}, @ssp_cap={0x14, 0x10, 0xa, 0xb, 0x2, 0x2, 0xf, 0x7, [0xc000, 0xff]}, @ss_container_id={0x14, 0x10, 0x4, 0x0, "8338542670467fb57c6dcb25980516c0"}]}})
write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000000c0)={<r3=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r2, &(0x7f0000000140)={0x15, 0x110, 0xfa00, {r3, 0x0, 0x30, 0x30, 0x0, @in6={0x1b, 0x0, 0x0, @loopback, 0x3ff}, @ib={0x1b, 0xffff, 0x0, {"0000000000000000001393000000dd00"}, 0x0, 0x0, 0x7fff}}}, 0x118)
bind$llc(r1, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x81, 0x42}, 0x10)
connect$llc(r1, 0x0, 0x0)
r4 = syz_init_net_socket$llc(0x1a, 0x802, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f0000000040)=0x1)
bind$llc(r4, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x10)
r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r6 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r6, 0x1, &(0x7f0000000080)={0x0, 0xffd, 0x1b})
bind$bt_l2cap(r5, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe)
listen(r5, 0x3)
io_uring_enter(0xffffffffffffffff, 0x7050, 0x24fd, 0x34, &(0x7f0000000300)={[0x4]}, 0x8)
r7 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r8 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000180)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0xa9)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x16, 0x10, &(0x7f00000000c0)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r8}, {}, {0x85, 0x0, 0x0, 0x73}}]}, &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r7, 0x0, 0x77, 0x8, &(0x7f0000000280)="0000000008000000d37fb28722b42691f30da11277913db79a64b34303a66d608a790c23c7f3b0353472ccf2d572a25cf05d20fe6729f5f809bed7bba901385ee55f2dcc9ff323e3abc2918d8ab9bd2ea61ea6b948cd5e755937080a1b565645dd937fc81599c7db7666eedc4bea943cb57b72b53ff0b4", &(0x7f0000000700)=""/8, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)

1.453835835s ago: executing program 2 (id=1222):
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd\x00')
unshare(0x600)
getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000280)={{{@in6=@local, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@private0}, 0x0, @in6=@remote}}, &(0x7f0000000180)=0xe8)
getresuid(&(0x7f00000045c0)=<r3=>0x0, &(0x7f0000004600), &(0x7f0000004640))
r4 = syz_open_procfs(0x0, &(0x7f0000004440)='net/ptype\x00')
read$FUSE(r4, &(0x7f0000004480)={0x2020, 0x0, 0x0, <r5=>0x0}, 0x2020)
setuid(r5)
r6 = getgid()
r7 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r8=>0x0}, &(0x7f0000cab000)=0xc)
setresgid(0x0, r8, 0x0)
r9 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2)
write$binfmt_aout(r9, 0x0, 0xffffff52)
write$FUSE_DIRENTPLUS(0xffffffffffffffff, &(0x7f0000004680)={0x5c8, 0x0, 0x0, [{{0x2, 0x3, 0x6, 0x2, 0x2, 0x1, {0x1, 0x6d3cb3da, 0x9, 0x6000000000000000, 0x2, 0x9, 0xa, 0x3, 0x8, 0x8000, 0x7fff, 0x0, 0x0, 0x6, 0x96}}, {0x2, 0x8, 0x3, 0x7f, '%+$'}}, {{0x6, 0x1, 0x3, 0x4, 0x6d, 0x80, {0x1, 0x7, 0x7, 0x200, 0x6, 0x9, 0x7faf, 0x8000200, 0x2, 0xc000, 0x2, 0x0, 0x0, 0x0, 0x1}}, {0x0, 0x2, 0x5, 0xffff0000, '}-\\,+'}}, {{0x0, 0x2, 0x8001, 0x4, 0x4b, 0x5, {0x0, 0x0, 0x9, 0x8, 0x0, 0xfff, 0x9, 0x6, 0xad, 0x8000, 0x2, 0xee01, 0x0, 0x3, 0x3}}, {0x3, 0x1, 0x3, 0xefc8, ')^]'}}, {{0x1, 0x1, 0x4, 0x9, 0xb, 0x200, {0x4, 0x1, 0x81, 0x7, 0x4, 0xa, 0x0, 0x8, 0x9, 0x4000, 0xa0, 0x0, 0x0, 0x7fff, 0x5}}, {0x6, 0x401, 0x0, 0x7}}, {{0x4, 0x2, 0x80, 0x5, 0x1, 0x0, {0x4, 0x9, 0x6, 0x5, 0xe8, 0x5, 0x539c, 0x8, 0x8, 0xc000, 0x7, 0x0, 0x0, 0x8d, 0x6}}, {0x0, 0xb, 0xd, 0x2, '/dev/video36\x00'}}, {{0x4, 0x1, 0x3f38, 0xa, 0x3, 0x87, {0x5, 0x1, 0x6, 0xfffffffffffffffb, 0xfffffffeffffffff, 0x3, 0x3, 0x1ff, 0x48, 0xc000, 0x2, 0x0, 0x0, 0x4433, 0x7}}, {0x6, 0xfffffffffffffffb, 0x4, 0x1, 'GPL\x00'}}, {{0x3, 0x3, 0x2, 0x4, 0x3, 0x80, {0x4, 0xffffffffffffffc0, 0x9, 0x3, 0xf6a, 0x5, 0x4, 0x7, 0x6, 0x1000, 0x2, r3, 0xffffffffffffffff, 0x1, 0xac}}, {0x6, 0x100000001, 0x18, 0x6, '%\x1a/{{\\%,\\o[*)]@[\x82\"!)\x14*}\v'}}, {{0x4, 0x1, 0xffff, 0x81b, 0x1, 0x2a11, {0x1, 0xd26, 0x6, 0x80, 0x7fffffffffffffff, 0x9, 0x3ff, 0xfffffffd, 0x4, 0x4000, 0x0, r5, r6, 0x4, 0x800}}, {0x6, 0x0, 0xd, 0x1, '/dev/video36\x00'}}, {{0x4, 0x2, 0xd9e9, 0x6, 0x9, 0xe, {0x0, 0xc, 0xfffffffffffffffc, 0x8, 0x100, 0x4, 0x8, 0x9, 0x6, 0xa000, 0x0, 0xffffffffffffffff, r8, 0x6, 0x3}}, {0x2, 0x9, 0x3, 0x9, '++-'}}]}, 0x5c8)
chown(&(0x7f0000000140)='./file0\x00', r2, r6)
r10 = memfd_create(&(0x7f0000001980)='D\xa3\xd5Wj\x00\x00x0\xc1\xac\x1a\x1a\vG\xa9~vB\xbc\t\x00\x00\x00VoA\xaa\xbc\xee[\xe1\xa2\xe0\xff\x04\x00\x00\x00\\i\xcf\t\xb0\xa9 +H/\x1a\xe7\x95\xce\"\"\xbd\xf9!\xfd\xa4\xcaN\x84\xadS\x8bqE\x99\x01t\\\xb1\x1f|\x99PL\x92\x8f\xc2\xf9\xcd\x8cj\x03X\x05\x17mwI\xf0\x01\xe5z\xcdJ)\xc7\xfa)\xaa}\xef\xbb\xf5\xcd\xb1o5\x18\xd6\v\x85q\x98\x9bB\xb9\xea\xe7\xff\x7f\x00\x00T\xc0\xd2\t?\bpBl\xf4*8\xc6\xe5\x06P\xc11\f^\x7f\x8e\xc1\xd1Wra\x19)\xe3\x8f\xd9\x9f\x15\x1e\xf2\x18\r\xad\b\xe0\x96NH\x85\r+\xfc\xb3\xdd\xddh\f\xda\xd4\xbc\xeaK\xa7\x02\x19\xc8^\xe3\xcfg \x03\xa7\x92\xff\x00+h\xb7@#K\x9cMY\xd3\x9b\b-G\xb1\xdaS\x81\xb2\x93\xb83\x8a\x94*\x8d\\\b\xff/\xa1\xc0\xf9&\xd3M\xf6\n\xff\x83k\xe6\'Da\x16\xbd\x1a\xb2w\b\x1d\x82\xef\xd1\xed\xa2\x9a\xe7\x0e\x05\xbeh\xcc\xf7\xde\xb0f\xb7W\xa9\xa2\x7fg\x9f!$\xac\xd62\xb8\xa0\x9b}^}\xbc\xd6\x9f\xe9\xfdc\xdc%\x93\xe2_n\xcb`\xd5\xaf\xf8\xa5\xe4\xe5\x83o%\x82\xd4\xad\x14\xd0_\x9c\x1a\xb8%\xd6g\xf06\xe0\xfc\x94\\\xd7m\x881\xc6X\xc7\x16\xc2k\xbf\xcf\x123\x19\x85\xac\x0e|@\xbf\x1c&_\xb7\xbb\xcf\'\xd7\xbb\xa4\xbaG,#c#\x9fs\x96\x9b\xf0hp\x01\xe4C\xbb\xf8T\xd8l\ry\x05\x8b\x89\f\x8e\f\xf8=\x92\x99\xa6\xcaO}=\x92u\x9b\xe02\x02\xca\x0fD\xef\xe0+\xcf\xee\xc4C\x022\x15\xfb2}\xe0\x10D:=@\xd6\x17\x87\xb0\xef,\x931\xe1f\xca\xabfN[\xc2k\xc9\xf8\xc4\x80\a\xc6\xc8\x12\xe3o\x88\xa84\xffQ1hz\x93Y\xf8\x87\xe5\x9du\xbc\xf3M)-`\xce\xda*_A\xc2\xf4*C\x91\x87a6\xfe\x8dv\x97\xf8i\xb0\xd8*\xa7\xf9\'\x8d\xb6\xaa\x9e:\xed\x02\xc0Z\xf9\xa3m\xb0\xfc\xda\x90\x97\x97o\x04/s%\x8b\x0f\xbbT\x82\x1em\\J7\x86\x1b\xac\x05\x04k\xd9\x89\xc6\xe1g=\x99\xa5\x84\x0e|\x8dntU\x19\x87\xc6\xb8v\x1f\x92+\xdah2\xaf\xac\xcb)\xb5\xe5\xd7\xdb(\xc1\x01\xca8\x9ayS\xdb|T\x81\xccs:\xa2j\xe2\x90\x13\xa8\xbe\x12n6\xc7\xb2\xc6El\xf0\xb2\x0e>\xfa\xfe\x00\x011\x7fT/\x99A\xdc\x8c\xdd\x05~\xb3b\xe9\xfd\x9f\xa6\xed\xa0%3\xcc<G\xe4*\xbf0H\xe1D\xb7\x9a\x91\xa5\r\xfb[a\xcf\xf3bwq\a\xf6\xc7m\"\xb5\x7f\xa5\xbdm\xdaF', 0x1)
r11 = socket$inet_udp(0x2, 0x2, 0x0)
r12 = fsopen(&(0x7f0000000000)='tracefs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r12, 0x0, 0xffffffffffffffff, 0x0, 0x0)
connect$inet(r11, &(0x7f0000000080)={0x2, 0x4e22, @remote}, 0x10)
sendmmsg$inet(r11, &(0x7f0000004540)=[{{&(0x7f0000000040)={0x2, 0x4e22, @multicast1}, 0x7e1f, 0x0}, 0xee0000b0}, {{0x0, 0x0, &(0x7f00000012c0)=[{&(0x7f0000001100)="15b26f226e2966667482d50903b0a8d92ccd9e69d5cc4cb3d467a670b237a9225fb56c0f7ea725dee27c4bb43bb50c6748c83b71d59f0537405dfab648c096607340fac939a2efd31cbe2f8ca29c409e87ea0974b7bceff9afef5d07d691575f5115f2f961ad488e3386036913e98181a6034febaab853a3e928b9035b0e3a8e1cb393c70f6d0448970e0af2476f8b923ee09c19deca55d58f70e8eeff55dda6381cb96afe97196c0af0a8fd450a1447a1a521e2c211fb84cbcf4aebd31298972ec6bea1764fbde5500fa30c5f2459cff4d7f123ab94cfd5762d586ec7a28abc2f8c9e608f8f964b96ecb0883d60d444f317834a3d734cb304051a60d1a084a84da8f9a23a1b9d4951c0a81985c63ae193f40e9deb358b2f08553324fd6086be9e70e5061568abefebcda50e70f4dab2e4dc0cf6d85aced044d7005326922886194895267165f7f592036ebe11dcf1cad98f5cda766eaea90fb4cb5e793525126c7594f8599055192d63a81d3cd26aadd50983f1c3f1d4655c1b5f59e80f733e3abc4792b760729fd26298ef15141cf76cc4", 0xc3}, {&(0x7f0000000d80)="7d68e6de85f9b0cbc9d710267f321ec64eab043ecad9af7e01e9463218ec45924a99867163e468d36a682fadd749caa325e685d75559a87139e02fae7271be8f55671cfd32a09896278d1941370174720838039d0989bc3394b8a4c4f4a30f0496be313d6d60fe47966c634a3ee1f659e8ef310647725bda0130d5de5028220a4cf5fc808a75694738ee26cb21302b4bba4265b845a5d5dce706d9820c6936b122f9658446d74a9016b94424971dd443a6907eb5c73b6b200e92b23f2c36a214729b0bc231511e4c", 0xc8}, {&(0x7f0000000380)="73fd71361e8d6c80ae1bc9953e2a4aeac7a314273066fc7f65a51969b46df1774bb0be94ccd4824f2d57ad2cd37242b1258402395481f9f07e067652e52aa8ccefcd0962ba0c48757b68d493f3ad702e65d4daa7dfc1605a173185472ae12470eea64c70ef4e64793b8a830447de0f423bef3964934eef4243cac42939ba6fa68d821b9373b5f3e2c26e7ca75ed8fb3203aef3a6637cecdd0251532b99537e02f604058f50e66c8a657d59beeed127695475f082d3d2b9790181fc987ad000ac00887d1506be89f388ecb405660b4ea196ee8f5a92b12ec43bbf49567db613d478ebe2358364f7600bf4f80ef4b2756fb13416c4fa22880cc96a03f07888575aedb001d5a74bb2f906797912b5ac080a0a3d361425f1a92ab03bbe65d5dcb235f43b5ad1162a16ebdc647baac013bf076945126cdd5a080853976a97ad55184601102fbb8df86b21aa8162858d74465c5fb7dc766602a3567f6eaf441f85ec50ca7fb3a4fdb450d1420531da25d01a412958a5e3895c59542238cf8e188e7fb5641eb24a5f1819bf8d2e9dd6c1d0e93564d723e311db9cd268bb1e477036e822b135cdbaf40f812aa7db01d22c829ab01ae24997dae96ddeed49e62d285701d5419e3f94a8b95790cf5a296ed15bffae1f71470c6a6eda872528844a2df42590d898630263cab5cccec57b7cea365ad8c91bfbe7cb419635ce6bf340a56115c0ad922b6fade9538e543bc5def2a85d35ab16d20c219c4733837be2c14ba4d3d32c3a6882ce6857626f55109b4cdcb634425d710bf3108f9b31b4af0cc17a58e49e871a56126dd8bed08e038ba64008587237b3442d28032e52fc9fae1a5784ba59d0edfa03d38352724903ed6f6970b3f4dfa6e40bf933b6765c6ee648174765f1e8ec71b80cac86abd065a3005b40a43a665707cc590997c5048183006a9dd8026d39def05950183b3d4f12f4e1644ef78cddac7c5569985c2c232bb350f28857675339e53f63a868704d2e0b38993dc57a02d3e297fc9a5b9384622841018c303a05bac25d509df5a2d0e3232927283fcc3ec67e4fa7b71d22f115cf693851dcceab4bce38cbfbb32829e211cdcb6a359e14fe416663541050d340aef2555dbd292bd9cbab8fcf20378149cc994569c2bc95fb33fd2d9321b8ac8e5160b02e202492f470eb719a8f2ac3a4be37ea0918b54b14789b7aa228d47f7b13fd9af608740c5a8fe02109a7cc0e555b22628ef790e513ecadfd338d30aed8ca219e64ee4fb0bd0e21e5101bf2072ffa071eb1aa0454caccc015ff1e166813f819a142b56a22e4ff387bb319288a0ef747c6fc8fdee3a0e193b0d086eb816e97e0322fcdaa30da61cd26ac9d8d0748fccd911ce0fd4adc953e9486e137fe66bc8aedfd5b78c562ebfc578ac9f96a453311766564541e16955e30b95914e9411a0b4cd95e0d8732d5ff7a4f921ef41d986a195334266585353b16b9449955523913a30c087532bcb899f733af3abea59baea174cf04359547a633b5f8a582ae3ef12a1d0125bef8c6e8c9fb589d3597c5ab3879491b0c5e3607203f06836a6805d3f7979c4325f9fecb2aceddedb272237132460cda812ef7d613a585898d59f92ef68ec95f12b47b440f6d899ecbfab48055e0c1605ba4cd9dbc17c4cbfec8a953ebbd38c45a6737a57ee58e21a20e530171137968ae4f0d0366cdb0b9d6a4667b011fcd7cd9e77364e5221989d8f0d80793260e748e3bd394849c090c744f6044328304cd6f02e941c5405647daffc1fd2f2864b37f92bbf4931c8e4a7c6bafd0ea79d39d330e70e6776bf6a926de227e5a43653bba04883e98d67bb64aa86e8bf271ba87604bc598e47f2992c7618ad25068860a481554b53352c7339de7e79c3bd1aed5bef8f398432858c888a5d8651969ea40eb3d486e9fe61d49b20500fdfd1548f567da970103d36730657c35d03d2c36b142665f62203b1fb12d616478cfef6f38b34cda87a634dd06d359f33e98b94a5e5b46b2a8d73126352d1d5b65af75055455cc903e384c41876fbdff935d047284d9d203b147a6ba0e9cb50beef7798886c33d2f2f0c0d9abe0e32c7c809f8b0b28fc59471987353c862a311776b8275bf319d5cb9a59f8f103b6e567ef5dd8859973cc3fe41e356bf5bd3186240e49286977eca36a8ad44185973b276cd7958b73e14a221b7fd567818bebf54ad27ee95161bd2aeeb356482ff467500a7d36f0464f58a591ec6b728f984ec78d0abe14c6d3411ac3ffc4c3179d1f95d029f26cceb545723519d3d4209a2b1243e78767273c13dc2bd320512674b6f1a50313bae7b9d16aebb476dbc829e8fd8dd46a1696efaff5795cf75de57c90f05ed9ef4a5cdfbf20d3d9ed95fb4114b1d5c9ade0856212e7ba330ce5bccf2c993dff89112b28bd3b17d3fcfacef7590f62bf948977dd79e2d8025946c80bf263e34035409b5ba1443d4929727180761bd56d258c3670a0aa4de21111fc3172367582de2d164ff3a18d0696b8dd8e5c1423b2ea1e2c0cfe141e4cf04f8cdaed48976b94c40d6a581300458661bbdbfeeb4969af6319eb1798843d0872f68f0c6537bbc9c7dd1e9b0564bf442d8d25f8aa884aba1df074d374f99750d9227bb821ba0355f60de2829a5c8cd47c89d29a2e3d7d53d59db5c3ace8f484664202c210c68a3b33076fb00d59938e84fbad6d6618c0bb89cf94035fa2de4da351e0d71df416450ea7ec3af33aa5c0313c63e654bd79c73b39dc1933636956761058d76648746daca469f8fce62c17a8160cdefc6a927eef9ec4a8dd684e46f35282546ce2362ab8afedd39bf699fd7c2cde538f52ea43c08558f42ba77b2986b800c45fa76a130b30919b3e1d504573e3c1e7dd2dc5d81379df53d736511f1da4ad8791e46adb27bb5c38129e89edda0aed99dcc03fe400f7d05d48e3e9e17744e8487f8ac464c86f7332211fb9799e9d27a6832d5f17ccd1a2da255f6da047e4728dd80860c04391bca4b7833f0346866401ec20033bcf6dfa85fd1520de5a03b4f9f6f5d2f8d7b6e7d7df1cbe5c05e23e080cf335639c94c48aaeb0bfebbe79530d67d35fb101c91839954c0e50dd4b90a86428b22b0be1e906fee30f68d7ce4bf9c68eafe695f07f5e4e4d473d77104b7b1b5dcfeb84e8c83624c0068d4e1cccfe740f8e5d5699603f8481ef2a1f2d4b8fd2314c5cb1985fe34cf8ede7d2e8bddea269422490903489c7f5951114d7ccb29a19455a987d538955712a460243105b25ccb6e6f34c370a6bbb234bee150dbcea5188e45305253f1014f7c0b5d60d517d2d05707f5ca9249a921d6c5307caf41deca0509b49102d801320db65c00f6e1c05fb8c2e1cc554673bf6168dd64086b19af28eec508fd0c304837e802173ac9947c4d73929c61d9632ab929a25f2a04350954612c2de705c1c25215284fe933fc8ccfd30ab3fc9ff5e04dd68d4720d95a29d6da176ac9d332c9ce77358f3c262777ea828fe6473638bc77be2aa586a3733e275744bc42c3742c1ad8f89d25c31958902f2f498c58fc85e9b78fb7a331734cb081cfa9ccfd262df927c0ff46983f8765af4add3532de2b91f2436df028", 0x9fd}], 0x3}}, {{0x0, 0x0, &(0x7f00000017c0)=[{&(0x7f0000001700)="a6", 0x1}], 0x300}}], 0x3, 0x0)
write(r10, &(0x7f00000000c0)="6963e64243ea486da3a74e3deec6fc5bb9650b5de56946c568f95d22467190ba406d59a5958d6f156c9c8a2ac4677b00000000000000000000200000f8bf54da33", 0x41)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r10, 0x0)
r13 = dup3(r1, r0, 0x0)
fchdir(r13)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)

1.374277888s ago: executing program 3 (id=1223):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
mincore(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0xfffffffffffffffe)
r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000140)={0x0, 0x2e000000})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
r2 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r2, 0xc0505350, &(0x7f0000000480)={{}, {}, 0x4, 0x5})
r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r3, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[0x0, 0x0], 0x2})
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r3, 0xc01064c7, &(0x7f00000002c0)={0x1, 0x0, &(0x7f0000003340)=[0x0]})

1.30982596s ago: executing program 2 (id=1224):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='dctcp\x00', 0x6)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22100, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x3, 0x0)
syz_open_dev$MSR(0x0, 0x8c6, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
socket$nl_route(0x10, 0x3, 0x0)
r2 = dup(r1)
write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c)
syz_io_uring_setup(0x93f, &(0x7f0000000480)={0x0, 0xa74d, 0x40, 0x1000000, 0x1a5}, 0x0, &(0x7f0000000340))
getsockopt$inet6_mreq(r2, 0x29, 0x15, &(0x7f0000000540)={@local, <r3=>0x0}, &(0x7f0000000580)=0x14)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x309, 0x0, 0x0, 0x0, 0x6a, '\x00', r3, 0x25, r2, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000880)={'#! ', './file0'}, 0xb)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r5 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000400)=ANY=[@ANYBLOB="1e000000090000000900000009000000005e0200", @ANYRES64, @ANYBLOB="0000b05a00000000383ce270fcb91b", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0400000002000000010000000a00"/28], 0x50)
fgetxattr(r5, &(0x7f0000000380)=@known='user.incfs.size\x00', 0x0, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000080)=0x7)
ioctl$TCFLSH(r4, 0x8926, 0x4000000000000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'syz_tun\x00'})
bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0)
keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=ANY=[], 0x2a, 0x0)
add_key(0x0, &(0x7f0000000180)={'syz', 0x3}, &(0x7f0000000300)="bacc7baefe04ebb28c023c61fd08f74a8a1aafa0c7b4a7", 0x17, 0xfffffffffffffffe)

757.188972ms ago: executing program 3 (id=1225):
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x458, 0x5010, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x5, 0x5, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x200, 0x8, 0x1, {0x22, 0x394}}}}]}}]}}, 0x0)
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r0, 0x550c, 0x0)

630.205232ms ago: executing program 7 (id=1226):
socket$inet_tcp(0x2, 0x1, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$can_bcm(0x1d, 0x2, 0x2) (async)
socket$alg(0x26, 0x5, 0x0) (async)
socket(0x10, 0x3, 0x0) (async)
socket$rds(0x15, 0x5, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000718c0000000000"], 0x48) (async)
socket$xdp(0x2c, 0x3, 0x0)
socket$inet_dccp(0x2, 0x6, 0x0) (async)
socket$unix(0x1, 0x1, 0x0) (async)
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000100)) (async)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x0)
r3 = socket$inet(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x8, 0x3, 0x210, 0x0, 0x8, 0xfa04, 0x0, 0x6c02, 0x178, 0x194, 0x194, 0x178, 0x194, 0x3, 0x0, {[{{@ip={@empty=0x1e00, @broadcast, 0x0, 0x0, 'sit0\x00', 'ip6_vti0\x00', {}, {}, 0x6, 0x0, 0x4a}, 0x0, 0x98, 0xc0, 0x0, {0x0, 0x74020000}, [@common=@inet=@ecn={{0x28}, {0x10, 0x20, 0x5, 0x8}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@uncond, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0xffff, 0x0, 0x0, 'snmp\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x270) (async)
mount(0x0, &(0x7f0000000180)='./file1\x00', &(0x7f00000003c0)='ramfs\x00', 0x800000, 0x0)
chdir(&(0x7f0000000080)='./file1\x00') (async)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1ff) (async)
r4 = dup(r2)
ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000ce"])
r5 = socket(0x1, 0x803, 0x0)
getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000240)=0x14) (async)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="440000001000030400000000fcffffff00000000", @ANYRES32=0x0, @ANYBLOB="7fff00003f000000140001006d61637365630000040002800800050000000000", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r6, @ANYBLOB], 0x44}}, 0x0) (async)
socket$nl_route(0x10, 0x3, 0x0)

599.011752ms ago: executing program 4 (id=1227):
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
r3 = io_uring_setup(0xaab, &(0x7f0000000340)={0x0, 0x40000001})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000040)=0x7)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000a00)={'wlan0\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
close_range(r3, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0x1, 0x40, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r2, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, &(0x7f0000000100)="3e0f017d0066ba4000b8e3000000ef0f017e00f30fb65ffd0fc75b9f0f20d835080000000f22d8c4e3a90c6925fac4c1637db2dbcf4a72d9ea0f01c8", 0x3c}], 0x1, 0x0, 0x0, 0x0)

486.927914ms ago: executing program 7 (id=1228):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000098c0), 0x0, 0x0)
ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f00000003c0)={0x2, 0x0, 0xffffffc0, 0x0, 0x0, "000001002000", 0x0, 0x1})

356.055007ms ago: executing program 7 (id=1229):
socket$nl_route(0x10, 0x3, 0x0)
syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x2)
epoll_create(0x2)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6)
syz_open_procfs(0x0, &(0x7f00000001c0)='environ\x00')
fsopen(0x0, 0x0)
getsockopt$inet_buf(0xffffffffffffffff, 0x0, 0xc, 0x0, &(0x7f0000000000))
pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x1800)
write$9p(r1, &(0x7f0000000080), 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r2, &(0x7f00000009c0)=""/102392, 0x18ff8)
getpid()
mkdir(&(0x7f0000000180)='./file0\x00', 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$devlink(0x0, r3)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000080000000000000064ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={r5, 0xe0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001440)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0xfffffffffffffffd}}, 0x10)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="00042bbdfb34358d05d77000fedbdf25460000000e0001006e657464657673696d0000000f"], 0x54}, 0x1, 0x0, 0x0, 0x8895}, 0x4040000)
mount(&(0x7f00000001c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000280)='./file0\x00', &(0x7f0000000980)='erofs\x00', 0xc, 0x0)

0s ago: executing program 4 (id=1230):
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000240)=ANY=[@ANYBLOB], 0x310)

kernel console output (not intermixed with test programs):

`syz.2.825' uses 32-bit capabilities (legacy support in use)
[  375.886315][T10447] veth3: entered promiscuous mode
[  376.715919][   T29] audit: type=1400 audit(1734517470.659:1693): avc:  denied  { read } for  pid=10453 comm="syz.4.827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  376.780516][   T29] audit: type=1400 audit(1734517470.749:1694): avc:  denied  { setopt } for  pid=10453 comm="syz.4.827" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  377.108864][ T7178] cdc_ncm 8-1:1.1: bind() failure
[  377.129253][ T7178] usb 8-1: USB disconnect, device number 25
[  377.653528][ T5872] cdc_ncm 7-1:1.1: bind() failure
[  377.661004][ T5872] usb 7-1: USB disconnect, device number 26
[  378.537196][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  378.545535][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  378.910764][T10477] netlink: 4 bytes leftover after parsing attributes in process `syz.6.830'.
[  379.405829][T10481] Invalid ELF header type: 3 != 1
[  379.636168][T10483] fuse: Unknown parameter 'group_id00000000000000000000'
[  380.085808][T10493] netlink: 4 bytes leftover after parsing attributes in process `syz.4.837'.
[  380.260821][ T7178] usb 9-1: new high-speed USB device number 24 using dummy_hcd
[  380.450607][ T7178] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  380.473441][ T7178] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 2
[  380.504469][ T7178] usb 9-1: config 1 has no interface number 0
[  380.523214][ T7178] usb 9-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  380.692118][ T7178] usb 9-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  380.870090][ T7178] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  380.879360][ T7178] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.910604][ T7178] usb 9-1: Product: syz
[  380.914858][ T7178] usb 9-1: Manufacturer: syz
[  380.938740][ T7178] usb 9-1: SerialNumber: syz
[  381.193966][T10502] netlink: 20 bytes leftover after parsing attributes in process `syz.2.839'.
[  381.636334][T10506] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  382.934427][T10519] 9pnet_fd: Insufficient options for proto=fd
[  384.541973][T10536] netlink: 12 bytes leftover after parsing attributes in process `syz.7.846'.
[  384.640412][   T29] audit: type=1400 audit(1734517479.079:1695): avc:  denied  { create } for  pid=10530 comm="syz.6.848" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  384.998188][ T7178] cdc_ncm 9-1:1.1: bind() failure
[  385.010296][ T7178] usb 9-1: USB disconnect, device number 24
[  385.074328][   T29] audit: type=1400 audit(1734517479.509:1696): avc:  denied  { bind } for  pid=10545 comm="syz.7.851" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  385.545229][   T29] audit: type=1400 audit(1734517479.509:1697): avc:  denied  { listen } for  pid=10545 comm="syz.7.851" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  386.108648][   T29] audit: type=1400 audit(1734517479.629:1698): avc:  denied  { map } for  pid=10545 comm="syz.7.851" path="/dev/bus/usb/002/001" dev="devtmpfs" ino=724 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  387.724342][   T29] audit: type=1326 audit(1734517481.849:1699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10562 comm="syz.6.855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e93785d29 code=0x7fc00000
[  387.828557][   T29] audit: type=1326 audit(1734517481.849:1700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10562 comm="syz.6.855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e93785d29 code=0x7fc00000
[  387.888279][T10572] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  387.907338][   T29] audit: type=1326 audit(1734517481.849:1701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10562 comm="syz.6.855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e93785d29 code=0x7fc00000
[  387.912588][T10572] 9pnet_fd: Insufficient options for proto=fd
[  387.930964][   T29] audit: type=1326 audit(1734517481.849:1702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10562 comm="syz.6.855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e93785d29 code=0x7fc00000
[  387.960869][   T29] audit: type=1326 audit(1734517481.849:1703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10562 comm="syz.6.855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e93785d29 code=0x7fc00000
[  387.984872][   T29] audit: type=1326 audit(1734517481.849:1704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10562 comm="syz.6.855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9e93785d29 code=0x7fc00000
[  389.564483][ T5871] usb 9-1: new high-speed USB device number 25 using dummy_hcd
[  390.281932][ T5871] usb 9-1: Using ep0 maxpacket: 16
[  391.189233][   T29] kauditd_printk_skb: 60 callbacks suppressed
[  391.189247][   T29] audit: type=1400 audit(1734517485.619:1765): avc:  denied  { ioctl } for  pid=10591 comm="syz.4.864" path="socket:[29628]" dev="sockfs" ino=29628 ioctlcmd=0x671e scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  391.459845][ T5872] usb 8-1: new high-speed USB device number 26 using dummy_hcd
[  391.464691][   T25] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  391.626338][T10616] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  391.649764][ T5872] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  391.679389][   T25] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  391.684795][ T5872] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2
[  391.689927][   T25] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  391.707977][   T25] usb 3-1: config 1 has no interface number 0
[  391.717402][   T25] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  391.724734][ T5872] usb 8-1: config 1 has no interface number 0
[  391.728414][   T25] usb 3-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  391.747799][ T5872] usb 8-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  391.757106][   T25] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  391.766508][ T5872] usb 8-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  391.774592][   T25] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.801501][ T5872] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  391.805205][   T25] usb 3-1: Product: syz
[  391.813891][ T5872] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  391.815696][   T25] usb 3-1: Manufacturer: syz
[  391.825506][ T5872] usb 8-1: Product: syz
[  391.847080][ T5872] usb 8-1: Manufacturer: syz
[  391.847780][   T25] usb 3-1: SerialNumber: syz
[  391.854438][ T5872] usb 8-1: SerialNumber: syz
[  391.971267][ T5871] usb 9-1: unable to get BOS descriptor or descriptor too short
[  391.978971][ T5871] usb 9-1: too many configurations: 231, using maximum allowed: 8
[  392.999552][ T5871] usb 9-1: unable to read config index 0 descriptor/start: -71
[  393.007595][ T5871] usb 9-1: can't read configurations, error -71
[  393.343189][T10630] netlink: 12 bytes leftover after parsing attributes in process `syz.8.874'.
[  393.899224][ T5872] cdc_ncm 8-1:1.1: bind() failure
[  394.118314][ T5872] usb 8-1: USB disconnect, device number 26
[  394.572242][T10639] unknown channel width for channel at 909000KHz?
[  394.613111][T10639] unknown channel width for channel at 909000KHz?
[  394.897773][T10639] unknown channel width for channel at 909000KHz?
[  395.138549][T10649] netlink: 300 bytes leftover after parsing attributes in process `syz.6.880'.
[  395.180193][T10649] 9pnet_fd: Insufficient options for proto=fd
[  395.219690][ T5871] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  395.269212][   T29] audit: type=1400 audit(1734517489.569:1766): avc:  denied  { write } for  pid=10647 comm="syz.6.880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  395.312924][   T25] cdc_ncm 3-1:1.1: bind() failure
[  395.338671][   T25] usb 3-1: USB disconnect, device number 14
[  395.376426][   T29] audit: type=1400 audit(1734517489.569:1767): avc:  denied  { nlmsg_write } for  pid=10647 comm="syz.6.880" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  395.459212][ T5871] usb 5-1: Using ep0 maxpacket: 16
[  395.476160][ T5871] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7
[  395.488585][ T5871] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  395.498751][ T5871] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  395.577104][ T5871] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  395.669322][ T5871] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  395.677719][ T5871] usb 5-1: Product: syz
[  395.681932][ T5871] usb 5-1: Manufacturer: syz
[  395.686525][ T5871] usb 5-1: SerialNumber: syz
[  396.348198][T10651] vlan2: entered promiscuous mode
[  396.383690][T10665] netlink: 4 bytes leftover after parsing attributes in process `syz.2.885'.
[  396.392684][T10665] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  396.425969][T10665] batman_adv: batadv0: Removing interface: batadv_slave_0
[  396.435601][T10665] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  396.443162][T10665] batman_adv: batadv0: Removing interface: batadv_slave_1
[  396.928949][ T5871] usb 5-1: 2:1 : UAC_AS_GENERAL descriptor not found
[  396.945186][ T5871] usb 5-1: unit 0 not found!
[  397.281600][T10674] netlink: 12 bytes leftover after parsing attributes in process `syz.6.887'.
[  397.336625][ T5871] usb 5-1: USB disconnect, device number 11
[  397.377843][   T29] audit: type=1400 audit(1734517491.809:1768): avc:  denied  { create } for  pid=10676 comm="syz.7.888" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  397.472160][T10677] dlm: plock device version mismatch: kernel (1.2.0), user (10.0.0)
[  397.482583][   T29] audit: type=1400 audit(1734517491.919:1769): avc:  denied  { shutdown } for  pid=10682 comm="syz.8.890" laddr=fe80::a lport=55393 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  397.510059][   T55] Bluetooth: hci4: Received unexpected HCI Event 0x00
[  398.192555][T10700] FAULT_INJECTION: forcing a failure.
[  398.192555][T10700] name failslab, interval 1, probability 0, space 0, times 0
[  398.205299][T10700] CPU: 0 UID: 0 PID: 10700 Comm: syz.2.895 Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0
[  398.215975][T10700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  398.226032][T10700] Call Trace:
[  398.229294][T10700]  <TASK>
[  398.232206][T10700]  dump_stack_lvl+0x16c/0x1f0
[  398.236869][T10700]  should_fail_ex+0x497/0x5b0
[  398.241531][T10700]  ? fs_reclaim_acquire+0xae/0x150
[  398.246632][T10700]  should_failslab+0xc2/0x120
[  398.251292][T10700]  __kmalloc_noprof+0xcb/0x510
[  398.256036][T10700]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  398.261655][T10700]  tomoyo_realpath_from_path+0xb9/0x720
[  398.267183][T10700]  ? tomoyo_path_number_perm+0x235/0x590
[  398.272797][T10700]  ? tomoyo_path_number_perm+0x235/0x590
[  398.278411][T10700]  tomoyo_path_number_perm+0x248/0x590
[  398.283848][T10700]  ? tomoyo_path_number_perm+0x235/0x590
[  398.289464][T10700]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  398.295450][T10700]  ? irqentry_exit+0x3b/0x90
[  398.300023][T10700]  ? lockdep_hardirqs_on+0x7c/0x110
[  398.305209][T10700]  ? security_file_ioctl+0x21c/0x240
[  398.310479][T10700]  ? security_file_ioctl+0x22/0x240
[  398.315661][T10700]  security_file_ioctl+0x9b/0x240
[  398.320670][T10700]  __x64_sys_ioctl+0xb7/0x200
[  398.325332][T10700]  do_syscall_64+0xcd/0x250
[  398.329821][T10700]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  398.335697][T10700] RIP: 0033:0x7f256d185d29
[  398.340093][T10700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  398.359683][T10700] RSP: 002b:00007f256df0b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  398.368077][T10700] RAX: ffffffffffffffda RBX: 00007f256d376080 RCX: 00007f256d185d29
[  398.376028][T10700] RDX: 0000000020000200 RSI: 0000000000008983 RDI: 0000000000000005
[  398.383979][T10700] RBP: 00007f256df0b090 R08: 0000000000000000 R09: 0000000000000000
[  398.391930][T10700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  398.399882][T10700] R13: 0000000000000000 R14: 00007f256d376080 R15: 00007ffd60db5608
[  398.407844][T10700]  </TASK>
[  398.457291][T10700] ERROR: Out of memory at tomoyo_realpath_from_path.
[  398.825280][   T29] audit: type=1400 audit(1734517493.259:1770): avc:  denied  { write } for  pid=10703 comm="syz.7.896" name="usbmon2" dev="devtmpfs" ino=722 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  398.933730][T10707] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  399.657570][T10712] netlink: 12 bytes leftover after parsing attributes in process `syz.8.899'.
[  399.735394][T10716] pim6reg1: entered promiscuous mode
[  399.769210][T10716] pim6reg1: entered allmulticast mode
[  399.906394][   T29] audit: type=1400 audit(1734517494.339:1771): avc:  denied  { write } for  pid=10719 comm="syz.8.902" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  400.608709][   T29] audit: type=1400 audit(1734517494.999:1772): avc:  denied  { ioctl } for  pid=10719 comm="syz.8.902" path="/dev/sg0" dev="devtmpfs" ino=744 ioctlcmd=0x5393 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  400.789185][   T29] audit: type=1400 audit(1734517495.189:1773): avc:  denied  { setopt } for  pid=10727 comm="syz.6.904" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  400.882533][   T29] audit: type=1400 audit(1734517495.189:1774): avc:  denied  { connect } for  pid=10727 comm="syz.6.904" laddr=127.0.0.1 lport=20000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  401.421635][   T29] audit: type=1400 audit(1734517495.189:1775): avc:  denied  { name_connect } for  pid=10727 comm="syz.6.904" dest=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=dccp_socket permissive=1
[  401.815344][T10741] netlink: 300 bytes leftover after parsing attributes in process `syz.4.905'.
[  402.537032][T10757] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  402.910992][   T29] audit: type=1400 audit(1734517497.269:1776): avc:  denied  { ioctl } for  pid=10756 comm="syz.6.913" path="socket:[31049]" dev="sockfs" ino=31049 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1
[  403.540061][T10755] netlink: 12 bytes leftover after parsing attributes in process `syz.2.912'.
[  403.679946][T10734] 9pnet_fd: Insufficient options for proto=fd
[  405.405002][T10780] netlink: 16 bytes leftover after parsing attributes in process `syz.4.920'.
[  406.761684][T10791] netlink: 12 bytes leftover after parsing attributes in process `syz.8.924'.
[  407.359745][   T29] audit: type=1400 audit(1734517501.789:1777): avc:  denied  { unlink } for  pid=10800 comm="syz.2.927" name="file0" dev="fuse" ino=0 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  407.470531][   T29] audit: type=1400 audit(1734517501.879:1778): avc:  denied  { relabelfrom } for  pid=10800 comm="syz.2.927" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  407.979163][ T5914] usb 8-1: new high-speed USB device number 27 using dummy_hcd
[  408.587398][   T29] audit: type=1400 audit(1734517501.889:1779): avc:  denied  { relabelto } for  pid=10800 comm="syz.2.927" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tun_socket permissive=1
[  408.690193][ T5914] usb 8-1: Using ep0 maxpacket: 16
[  408.701568][ T5914] usb 8-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00
[  408.710810][ T5914] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.718797][ T5914] usb 8-1: Product: syz
[  408.723851][ T5914] usb 8-1: Manufacturer: syz
[  408.728458][ T5914] usb 8-1: SerialNumber: syz
[  408.741745][ T5914] usb 8-1: config 0 descriptor??
[  408.752457][ T5914] usb-storage 8-1:0.0: USB Mass Storage device detected
[  408.855632][T10820] netlink: 332 bytes leftover after parsing attributes in process `syz.4.931'.
[  408.907435][ T5914] usb-storage 8-1:0.0: Quirks match for vid 054c pid 002e: 1
[  408.950078][ T5914] usb-storage 8-1:0.0: This device (054c,002e,0500 S 04 P c9) has an unneeded SubClass entry in unusual_devs.h (kernel 6.13.0-rc3-syzkaller-00044-gaef25be35d23)
[  408.950078][ T5914]    Please send a copy of this message to <linux-usb@vger.kernel.org> and <usb-storage@lists.one-eyed-alien.net>
[  409.129224][   T29] audit: type=1400 audit(1734517503.429:1780): avc:  denied  { ioctl } for  pid=10817 comm="syz.4.931" path="socket:[32017]" dev="sockfs" ino=32017 ioctlcmd=0x64a1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  409.269278][   T29] audit: type=1400 audit(1734517503.689:1781): avc:  denied  { setcheckreqprot } for  pid=10825 comm="syz.2.933" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  409.705065][T10827] netlink: 8 bytes leftover after parsing attributes in process `syz.2.933'.
[  410.144458][ T5914] usb 8-1: USB disconnect, device number 27
[  410.312265][T10839] netlink: 8 bytes leftover after parsing attributes in process `syz.4.936'.
[  410.321135][T10839] netlink: 8 bytes leftover after parsing attributes in process `syz.4.936'.
[  410.716149][T10845] netlink: 12 bytes leftover after parsing attributes in process `syz.4.939'.
[  411.662559][T10867] fuse: Bad value for 'fd'
[  412.179842][   T29] audit: type=1400 audit(1734517506.619:1782): avc:  denied  { remount } for  pid=10862 comm="syz.4.943" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1
[  414.869115][   T29] audit: type=1400 audit(1734517509.239:1783): avc:  denied  { ioctl } for  pid=10902 comm="syz.4.952" path="/dev/ptyqd" dev="devtmpfs" ino=132 ioctlcmd=0x5430 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bsdpty_device_t tclass=chr_file permissive=1
[  414.880655][T10891] netlink: 12 bytes leftover after parsing attributes in process `syz.2.950'.
[  414.939177][T10905] warn_alloc: 2 callbacks suppressed
[  414.939190][T10905] syz.4.955: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  415.098292][T10905] CPU: 0 UID: 0 PID: 10905 Comm: syz.4.955 Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0
[  415.108990][T10905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  415.119046][T10905] Call Trace:
[  415.122321][T10905]  <TASK>
[  415.125250][T10905]  dump_stack_lvl+0x16c/0x1f0
[  415.129943][T10905]  warn_alloc+0x24d/0x3a0
[  415.134285][T10905]  ? __pfx_warn_alloc+0x10/0x10
[  415.139140][T10905]  ? __pfx_stack_trace_save+0x10/0x10
[  415.144529][T10905]  ? kasan_save_stack+0x42/0x60
[  415.149981][T10905]  ? kasan_save_stack+0x33/0x60
[  415.154842][T10905]  ? kasan_save_track+0x14/0x30
[  415.159693][T10905]  ? __kasan_kmalloc+0xaa/0xb0
[  415.164452][T10905]  ? xskq_create+0x52/0x1d0
[  415.168931][T10905]  ? do_sock_setsockopt+0x222/0x480
[  415.174114][T10905]  ? __sys_setsockopt+0x1a0/0x230
[  415.179153][T10905]  ? __x64_sys_setsockopt+0xbd/0x160
[  415.184460][T10905]  __vmalloc_node_range_noprof+0x10df/0x1530
[  415.190456][T10905]  ? xskq_create+0xfb/0x1d0
[  415.194969][T10905]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  415.201331][T10905]  ? xskq_create+0xfb/0x1d0
[  415.205846][T10905]  vmalloc_user_noprof+0x6b/0x90
[  415.210797][T10905]  ? xskq_create+0xfb/0x1d0
[  415.215305][T10905]  xskq_create+0xfb/0x1d0
[  415.219637][T10905]  xsk_setsockopt+0x757/0xa10
[  415.224313][T10905]  ? __pfx_xsk_setsockopt+0x10/0x10
[  415.229524][T10905]  ? selinux_socket_setsockopt+0x6a/0x80
[  415.235161][T10905]  ? __pfx_xsk_setsockopt+0x10/0x10
[  415.240365][T10905]  do_sock_setsockopt+0x222/0x480
[  415.245401][T10905]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  415.250967][T10905]  ? lock_acquire+0x2f/0xb0
[  415.255494][T10905]  __sys_setsockopt+0x1a0/0x230
[  415.260365][T10905]  __x64_sys_setsockopt+0xbd/0x160
[  415.265484][T10905]  ? do_syscall_64+0x91/0x250
[  415.270170][T10905]  ? lockdep_hardirqs_on+0x7c/0x110
[  415.275373][T10905]  do_syscall_64+0xcd/0x250
[  415.279886][T10905]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  415.285788][T10905] RIP: 0033:0x7f14f4185d29
[  415.290201][T10905] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  415.309812][T10905] RSP: 002b:00007f14f505e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  415.318228][T10905] RAX: ffffffffffffffda RBX: 00007f14f4375fa0 RCX: 00007f14f4185d29
[  415.326199][T10905] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005
[  415.334165][T10905] RBP: 00007f14f4201a20 R08: 0000000000000020 R09: 0000000000000000
[  415.342130][T10905] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000
[  415.350097][T10905] R13: 0000000000000000 R14: 00007f14f4375fa0 R15: 00007fff8e30b988
[  415.358078][T10905]  </TASK>
[  415.570544][T10914] fuse: Bad value for 'fd'
[  415.763790][T10905] Mem-Info:
[  415.766977][T10905] active_anon:12988 inactive_anon:0 isolated_anon:0
[  415.766977][T10905]  active_file:11579 inactive_file:49033 isolated_file:0
[  415.766977][T10905]  unevictable:768 dirty:466 writeback:0
[  415.766977][T10905]  slab_reclaimable:11056 slab_unreclaimable:110327
[  415.766977][T10905]  mapped:35537 shmem:7280 pagetables:1352
[  415.766977][T10905]  sec_pagetables:0 bounce:0
[  415.766977][T10905]  kernel_misc_reclaimable:0
[  415.766977][T10905]  free:1295046 free_pcp:1359 free_cma:0
[  415.814791][T10905] Node 0 active_anon:51952kB inactive_anon:0kB active_file:46316kB inactive_file:195980kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:142084kB dirty:1856kB writeback:0kB shmem:27584kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12696kB pagetables:5408kB sec_pagetables:0kB all_unreclaimable? no
[  415.855198][T10905] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:152kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:64kB dirty:8kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  415.928479][T10905] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  415.955796][T10905] lowmem_reserve[]: 0 2459 2459 0 0
[  415.962582][T10905] Node 0 DMA32 free:1271604kB boost:0kB min:34152kB low:42688kB high:51224kB reserved_highatomic:0KB active_anon:28848kB inactive_anon:0kB active_file:46316kB inactive_file:195884kB unevictable:1536kB writepending:1856kB present:3129332kB managed:2547148kB mlocked:0kB bounce:0kB free_pcp:13448kB local_pcp:12848kB free_cma:0kB
[  415.993579][T10905] lowmem_reserve[]: 0 0 0 0 0
[  415.998836][T10905] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:96kB unevictable:0kB writepending:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  416.050976][T10905] lowmem_reserve[]:
[  416.067680][T10927] netlink: 45 bytes leftover after parsing attributes in process `syz.4.955'.
[  416.075299][T10905]  0 0 0 0 0
[  416.232726][T10905] Node 1 Normal free:3909448kB boost:0kB min:55748kB low:69684kB high:83620kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:152kB unevictable:1536kB writepending:8kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  416.629161][T10905] lowmem_reserve[]: 0 0 0 0 0
[  416.633898][T10905] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  416.646650][T10905] Node 0 DMA32: 295*4kB (UM) 816*8kB (UME) 730*16kB (UME) 444*32kB (UME) 306*64kB (UME) 234*128kB (UME) 195*256kB (UME) 85*512kB (UM) 43*1024kB (UM) 26*2048kB (UM) 246*4096kB (UM) = 1281468kB
[  416.690251][T10936] openvswitch: netlink: nsh attr 0 has unexpected len 41659 expected 0
[  416.691878][T10905] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  416.698754][T10936] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  416.749931][T10905] Node 1 Normal: 216*4kB (UM) 79*8kB (UME) 51*16kB (UME) 212*32kB (UE) 93*64kB (UME) 37*128kB (UM) 22*256kB (UM) 8*512kB (UME) 3*1024kB (UME) 3*2048kB (UE) 945*4096kB (M) = 3909448kB
[  416.798623][T10931] netdevsim netdevsim6: Direct firmware load for printk failed with error -2
[  416.803208][T10938] 9pnet_fd: Insufficient options for proto=fd
[  416.813846][T10931] netdevsim netdevsim6: Falling back to sysfs fallback for: printk
[  416.821925][T10905] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  416.937236][T10936] syzkaller0: entered promiscuous mode
[  416.951505][T10938] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60923 sclass=netlink_route_socket pid=10938 comm=syz.8.962
[  416.967524][T10905] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  416.978531][T10936] syzkaller0: entered allmulticast mode
[  417.086421][   T29] audit: type=1400 audit(1734517511.519:1784): avc:  denied  { getopt } for  pid=10925 comm="syz.6.960" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  417.110594][T10905] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  417.121042][T10938] netlink: 'syz.8.962': attribute type 1 has an invalid length.
[  417.130093][T10933] syz.6.960: attempt to access beyond end of device
[  417.130093][T10933] nbd6: rw=0, sector=64, nr_sectors = 1 limit=0
[  417.139811][T10905] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  417.720097][T10933] syz.6.960: attempt to access beyond end of device
[  417.720097][T10933] nbd6: rw=0, sector=256, nr_sectors = 1 limit=0
[  417.739243][T10905] 64924 total pagecache pages
[  417.750974][T10905] 0 pages in swap cache
[  417.761885][T10938] 8021q: adding VLAN 0 to HW filter on device bond1
[  417.762184][T10933] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[  417.770609][T10905] Free swap  = 124292kB
[  417.782897][T10933] syz.6.960: attempt to access beyond end of device
[  417.782897][T10933] nbd6: rw=0, sector=512, nr_sectors = 1 limit=0
[  417.849694][T10905] Total swap = 124996kB
[  417.855199][T10905] 2097051 pages RAM
[  417.859107][T10905] 0 pages HighMem/MovableOnly
[  417.864564][T10905] 428606 pages reserved
[  417.868725][T10905] 0 pages cma reserved
[  417.880590][T10933] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[  417.914130][T10933] UDF-fs: warning (device nbd6): udf_load_vrs: No anchor found
[  417.917013][T10925] [U] vÔ3
[  418.049386][T10933] UDF-fs: Scanning with blocksize 512 failed
[  418.062390][T10933] syz.6.960: attempt to access beyond end of device
[  418.062390][T10933] nbd6: rw=0, sector=64, nr_sectors = 2 limit=0
[  418.075329][T10933] syz.6.960: attempt to access beyond end of device
[  418.075329][T10933] nbd6: rw=0, sector=512, nr_sectors = 2 limit=0
[  418.323724][T10933] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[  418.350761][T10933] syz.6.960: attempt to access beyond end of device
[  418.350761][T10933] nbd6: rw=0, sector=1024, nr_sectors = 2 limit=0
[  418.373242][T10933] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[  418.387710][T10933] UDF-fs: warning (device nbd6): udf_load_vrs: No anchor found
[  418.455876][T10933] UDF-fs: Scanning with blocksize 1024 failed
[  418.475784][T10933] syz.6.960: attempt to access beyond end of device
[  418.475784][T10933] nbd6: rw=0, sector=64, nr_sectors = 4 limit=0
[  418.498736][T10933] syz.6.960: attempt to access beyond end of device
[  418.498736][T10933] nbd6: rw=0, sector=1024, nr_sectors = 4 limit=0
[  418.516342][T10933] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[  418.525973][T10933] syz.6.960: attempt to access beyond end of device
[  418.525973][T10933] nbd6: rw=0, sector=2048, nr_sectors = 4 limit=0
[  418.651307][T10933] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[  418.660844][T10933] UDF-fs: warning (device nbd6): udf_load_vrs: No anchor found
[  418.677772][T10933] UDF-fs: Scanning with blocksize 2048 failed
[  418.684460][T10933] syz.6.960: attempt to access beyond end of device
[  418.684460][T10933] nbd6: rw=0, sector=64, nr_sectors = 8 limit=0
[  419.222020][T10933] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=256, location=256
[  419.237307][T10933] UDF-fs: error (device nbd6): udf_read_tagged: read failed, block=512, location=512
[  419.279278][T10933] UDF-fs: warning (device nbd6): udf_load_vrs: No anchor found
[  419.293144][T10933] UDF-fs: Scanning with blocksize 4096 failed
[  419.299978][T10933] UDF-fs: warning (device nbd6): udf_fill_super: No partition found (1)
[  420.230593][ T5879] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[  420.400490][ T5879] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  420.439089][ T5879] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  420.515953][ T5879] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  420.787333][ T5879] usb 5-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=ec.c1
[  420.796424][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  420.804506][ T5879] usb 5-1: Product: syz
[  420.808670][ T5879] usb 5-1: Manufacturer: syz
[  420.813281][ T5879] usb 5-1: SerialNumber: syz
[  420.824391][ T5879] usb 5-1: config 0 descriptor??
[  420.829895][T10962] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  421.204228][T10978] netlink: 'syz.8.972': attribute type 10 has an invalid length.
[  423.047667][T10978] bridge0: port 2(bridge_slave_1) entered disabled state
[  423.055162][T10978] bridge0: port 1(bridge_slave_0) entered disabled state
[  423.069589][T10978] bridge0: port 2(bridge_slave_1) entered blocking state
[  423.076784][T10978] bridge0: port 2(bridge_slave_1) entered forwarding state
[  423.084651][T10978] bridge0: port 1(bridge_slave_0) entered blocking state
[  423.091772][T10978] bridge0: port 1(bridge_slave_0) entered forwarding state
[  423.101661][T10978] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  423.287743][   T29] audit: type=1400 audit(1734517517.719:1785): avc:  denied  { read write } for  pid=10997 comm="syz.8.980" name="uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  423.316447][   T29] audit: type=1400 audit(1734517517.719:1786): avc:  denied  { open } for  pid=10997 comm="syz.8.980" path="/dev/uhid" dev="devtmpfs" ino=1273 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  423.339803][    C1] vkms_vblank_simulate: vblank timer overrun
[  423.509290][ T8532] usb 8-1: new high-speed USB device number 28 using dummy_hcd
[  423.676106][ T8532] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  423.706926][ T8532] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2
[  423.841979][ T8532] usb 8-1: config 1 has no interface number 0
[  423.850008][ T8532] usb 8-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  423.860985][ T8532] usb 8-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  423.871901][ T8532] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  423.881025][ T8532] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  423.898040][ T8532] usb 8-1: Product: syz
[  423.917949][ T8532] usb 8-1: Manufacturer: syz
[  423.934925][ T8532] usb 8-1: SerialNumber: syz
[  424.305185][   T29] audit: type=1400 audit(1734517518.429:1787): avc:  denied  { ioctl } for  pid=10997 comm="syz.8.980" path="/dev/ppp" dev="devtmpfs" ino=709 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  424.447162][ T5879] powermate: Expected payload of 3--6 bytes, found 64 bytes!
[  424.455678][ T5879] input: Griffin PowerMate as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input34
[  424.472836][    C1] powermate: config urb returned -71
[  424.478231][    C1] powermate: config urb returned -71
[  424.486100][    C1] powermate: config urb returned -71
[  424.492714][    C1] powermate: config urb returned -71
[  424.499375][ T5879] usb 5-1: USB disconnect, device number 12
[  424.505295][    C1] powermate 5-1:0.0: powermate_irq - usb_submit_urb failed with result: -19
[  426.162122][ T5879] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[  426.324352][ T5879] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  426.432578][ T5879] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  426.483075][ T5879] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  426.576166][ T5879] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  426.586637][ T5879] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.617987][ T5879] usb 7-1: config 0 descriptor??
[  427.289621][ T8532] cdc_ncm 8-1:1.1: bind() failure
[  427.309922][ T8532] usb 8-1: USB disconnect, device number 28
[  427.317119][   T29] audit: type=1400 audit(1734517521.749:1788): avc:  denied  { accept } for  pid=11039 comm="syz.2.992" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  427.345532][   T29] audit: type=1400 audit(1734517521.769:1789): avc:  denied  { ioctl } for  pid=11036 comm="syz.8.991" path="socket:[31671]" dev="sockfs" ino=31671 ioctlcmd=0x9367 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  428.275393][ T5879] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving
[  428.488564][ T5879] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  428.811532][   T29] audit: type=1400 audit(1734517523.229:1790): avc:  denied  { getopt } for  pid=11058 comm="syz.2.998" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  429.161079][   T29] audit: type=1400 audit(1734517523.239:1791): avc:  denied  { bind } for  pid=11058 comm="syz.2.998" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  430.048387][   T29] audit: type=1400 audit(1734517523.239:1792): avc:  denied  { write } for  pid=11058 comm="syz.2.998" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  430.067762][    C1] vkms_vblank_simulate: vblank timer overrun
[  430.263311][   T29] audit: type=1400 audit(1734517523.239:1793): avc:  denied  { getopt } for  pid=11058 comm="syz.2.998" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  430.282670][    C1] vkms_vblank_simulate: vblank timer overrun
[  430.498792][T11083] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  430.699873][T11085] netlink: 'syz.4.1007': attribute type 1 has an invalid length.
[  430.703521][ T7952] usb 7-1: USB disconnect, device number 27
[  430.782428][T11086] fuse: Unknown parameter ''
[  431.479607][T11094] vivid-000: kernel_thread() failed
[  431.680251][   T29] audit: type=1400 audit(1734517526.109:1794): avc:  denied  { setattr } for  pid=11089 comm="syz.7.1005" name="vcsa" dev="devtmpfs" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1
[  431.703285][    C1] vkms_vblank_simulate: vblank timer overrun
[  431.956864][   T29] audit: type=1326 audit(1734517526.389:1795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11108 comm="syz.6.1013" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9e93785d29 code=0x0
[  432.030337][T11113] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1014'.
[  432.041852][   T29] audit: type=1400 audit(1734517526.479:1796): avc:  denied  { bind } for  pid=11112 comm="syz.7.1014" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  433.322990][T11134] netlink: 'syz.4.1022': attribute type 12 has an invalid length.
[  433.978706][T11137] netlink: 300 bytes leftover after parsing attributes in process `syz.7.1021'.
[  434.053810][T11137] 9pnet_fd: Insufficient options for proto=fd
[  434.393227][   T29] audit: type=1400 audit(1734517528.819:1797): avc:  denied  { unmount } for  pid=8947 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  434.437730][   T29] audit: type=1400 audit(1734517528.869:1798): avc:  denied  { append } for  pid=11145 comm="syz.4.1025" name="usbmon4" dev="devtmpfs" ino=728 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  434.606040][T11151] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  436.724479][T11189] syz.4.1040: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  436.724542][T11189] CPU: 0 UID: 0 PID: 11189 Comm: syz.4.1040 Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0
[  436.724566][T11189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  436.724578][T11189] Call Trace:
[  436.724585][T11189]  <TASK>
[  436.724593][T11189]  dump_stack_lvl+0x16c/0x1f0
[  436.724622][T11189]  warn_alloc+0x24d/0x3a0
[  436.724648][T11189]  ? __pfx_warn_alloc+0x10/0x10
[  436.724670][T11189]  ? __pfx_stack_trace_save+0x10/0x10
[  436.724708][T11189]  ? kasan_save_stack+0x42/0x60
[  436.724729][T11189]  ? kasan_save_stack+0x33/0x60
[  436.724750][T11189]  ? kasan_save_track+0x14/0x30
[  436.724770][T11189]  ? __kasan_kmalloc+0xaa/0xb0
[  436.724790][T11189]  ? xskq_create+0x52/0x1d0
[  436.724808][T11189]  ? do_sock_setsockopt+0x222/0x480
[  436.724838][T11189]  ? __sys_setsockopt+0x1a0/0x230
[  436.724866][T11189]  ? __x64_sys_setsockopt+0xbd/0x160
[  436.724903][T11189]  __vmalloc_node_range_noprof+0x10df/0x1530
[  436.724936][T11189]  ? xskq_create+0xfb/0x1d0
[  436.724962][T11189]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  436.724994][T11189]  ? xskq_create+0xfb/0x1d0
[  436.725014][T11189]  vmalloc_user_noprof+0x6b/0x90
[  436.725036][T11189]  ? xskq_create+0xfb/0x1d0
[  436.725055][T11189]  xskq_create+0xfb/0x1d0
[  436.725076][T11189]  xsk_setsockopt+0x757/0xa10
[  436.725095][T11189]  ? __pfx_xsk_setsockopt+0x10/0x10
[  436.725125][T11189]  ? selinux_socket_setsockopt+0x6a/0x80
[  436.725148][T11189]  ? __pfx_xsk_setsockopt+0x10/0x10
[  436.725167][T11189]  do_sock_setsockopt+0x222/0x480
[  436.725190][T11189]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  436.725213][T11189]  ? lock_acquire+0x2f/0xb0
[  436.725249][T11189]  __sys_setsockopt+0x1a0/0x230
[  436.725284][T11189]  __x64_sys_setsockopt+0xbd/0x160
[  436.725311][T11189]  ? do_syscall_64+0x91/0x250
[  436.725337][T11189]  ? lockdep_hardirqs_on+0x7c/0x110
[  436.725361][T11189]  do_syscall_64+0xcd/0x250
[  436.725388][T11189]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  436.725414][T11189] RIP: 0033:0x7f14f4185d29
[  436.725429][T11189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  436.725448][T11189] RSP: 002b:00007f14f503d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  436.725467][T11189] RAX: ffffffffffffffda RBX: 00007f14f4376080 RCX: 00007f14f4185d29
[  436.725479][T11189] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005
[  436.725491][T11189] RBP: 00007f14f4201a20 R08: 0000000000000020 R09: 0000000000000000
[  436.725504][T11189] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000
[  436.725516][T11189] R13: 0000000000000001 R14: 00007f14f4376080 R15: 00007fff8e30b988
[  436.725543][T11189]  </TASK>
[  436.725550][T11189] Mem-Info:
[  436.725558][T11189] active_anon:8462 inactive_anon:0 isolated_anon:0
[  436.725558][T11189]  active_file:11578 inactive_file:49041 isolated_file:0
[  436.725558][T11189]  unevictable:768 dirty:359 writeback:0
[  436.725558][T11189]  slab_reclaimable:11003 slab_unreclaimable:108640
[  436.725558][T11189]  mapped:32223 shmem:3866 pagetables:1316
[  436.725558][T11189]  sec_pagetables:0 bounce:0
[  436.725558][T11189]  kernel_misc_reclaimable:0
[  436.725558][T11189]  free:1301045 free_pcp:1309 free_cma:0
[  436.725605][T11189] Node 0 active_anon:33848kB inactive_anon:0kB active_file:46312kB inactive_file:196012kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:128840kB dirty:1432kB writeback:0kB shmem:13928kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12696kB pagetables:5264kB sec_pagetables:0kB all_unreclaimable? no
[  436.725651][T11189] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:152kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:52kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  436.725706][T11189] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  436.725760][T11189] lowmem_reserve[]: 0 2459 2459 0 0
[  436.725801][T11189] Node 0 DMA32 free:1279372kB boost:0kB min:34152kB low:42688kB high:51224kB reserved_highatomic:0KB active_anon:33844kB inactive_anon:0kB active_file:46312kB inactive_file:195916kB unevictable:1536kB writepending:1432kB present:3129332kB managed:2547148kB mlocked:0kB bounce:0kB free_pcp:5228kB local_pcp:2908kB free_cma:0kB
[  436.725861][T11189] lowmem_reserve[]: 0 0 0 0 0
[  436.725899][T11189] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:96kB unevictable:0kB writepending:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  436.725947][T11189] lowmem_reserve[]: 0 0 0 0 0
[  436.725982][T11189] Node 1 Normal free:3909448kB boost:0kB min:55748kB low:69684kB high:83620kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:152kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  436.726029][T11189] lowmem_reserve[]: 0 0 0 0 0
[  436.726066][T11189] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  436.726191][T11189] Node 0 DMA32: 69*4kB (UE) 449*8kB (UME) 533*16kB (UME) 679*32kB (UME) 278*64kB (UME) 195*128kB (UME) 177*256kB (UME) 72*512kB (UM) 40*1024kB (UM) 21*2048kB (UM) 253*4096kB (UM) = 1279308kB
[  436.726364][T11189] Node 0 Normal: 
[  437.005978][T11192] netlink: 45 bytes leftover after parsing attributes in process `syz.4.1040'.
[  437.007620][ T5914] usb 9-1: new high-speed USB device number 27 using dummy_hcd
[  437.058266][    C0] vkms_vblank_simulate: vblank timer overrun
[  437.065183][T11189] 0*4kB 
[  437.090768][    C0] vkms_vblank_simulate: vblank timer overrun
[  437.090869][ T7952] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  437.259212][    T8] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  437.314485][T11189] 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  437.353030][ T7952] usb 3-1: Using ep0 maxpacket: 32
[  437.358215][T11189] Node 1 Normal: 216*4kB (UM) 79*8kB (UME) 51*16kB (UME) 211*32kB (UE) 92*64kB (UME) 38*128kB (UM) 22*256kB (UM) 8*512kB (UME) 3*1024kB (UME) 3*2048kB (UE) 945*4096kB (M) = 3909480kB
[  437.376996][T11189] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  437.386644][T11189] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  437.396136][T11189] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  437.406667][T11189] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  437.418590][T11189] 64911 total pagecache pages
[  437.423395][ T5914] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  437.433573][ T5914] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 2
[  437.442459][ T5914] usb 9-1: config 1 has no interface number 0
[  437.448557][ T5914] usb 9-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  437.459444][ T5914] usb 9-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  437.468574][ T7952] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11
[  437.479850][ T7952] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  437.489673][ T7952] usb 3-1: New USB device found, idVendor=056a, idProduct=00d8, bcdDevice= 0.00
[  437.498918][ T7952] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  437.508300][T11189] 0 pages in swap cache
[  437.512555][T11189] Free swap  = 124648kB
[  437.516754][T11189] Total swap = 124996kB
[  437.521655][ T7952] usb 3-1: config 0 descriptor??
[  437.527287][T11189] 2097051 pages RAM
[  437.531198][T11189] 0 pages HighMem/MovableOnly
[  437.536009][T11189] 428606 pages reserved
[  437.540629][T11189] 0 pages cma reserved
[  437.574439][ T5914] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  437.583665][ T5914] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.591800][ T5914] usb 9-1: Product: syz
[  437.596221][ T5914] usb 9-1: Manufacturer: syz
[  437.600876][ T5914] usb 9-1: SerialNumber: syz
[  437.629171][    T8] usb 7-1: Using ep0 maxpacket: 16
[  437.635546][    T8] usb 7-1: config 0 has an invalid interface number: 39 but max is 0
[  437.643699][    T8] usb 7-1: config 0 has no interface number 0
[  437.658656][    T8] usb 7-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=70.6d
[  437.667798][    T8] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  437.675838][    T8] usb 7-1: Product: syz
[  437.680081][    T8] usb 7-1: Manufacturer: syz
[  437.684694][    T8] usb 7-1: SerialNumber: syz
[  437.760278][    T8] usb 7-1: config 0 descriptor??
[  437.772539][    T8] i2c-tiny-usb 7-1:0.39: version 70.6d found at bus 007 address 028
[  438.109085][ T7952] wacom 0003:056A:00D8.0005: Unknown device_type for 'HID 056a:00d8'. Assuming pen.
[  438.613022][ T7952] wacom 0003:056A:00D8.0005: hidraw0: USB HID v0.01 Device [HID 056a:00d8] on usb-dummy_hcd.2-1/input0
[  438.625614][ T7952] input: Wacom Bamboo Comic 2FG Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:056A:00D8.0005/input/input35
[  438.764095][ T7952] usb 3-1: USB disconnect, device number 15
[  438.773876][    T8] i2c i2c-1: failure reading functionality
[  439.545612][ T5914] cdc_ncm 9-1:1.1: bind() failure
[  439.553783][ T5914] usb 9-1: USB disconnect, device number 27
[  439.573096][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  439.628313][    T8] i2c i2c-1: connected i2c-tiny-usb device
[  439.644451][    T8] usb 7-1: USB disconnect, device number 28
[  440.349762][ T5914] usb 9-1: new high-speed USB device number 28 using dummy_hcd
[  440.613332][ T5914] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  440.624220][ T5914] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 2
[  440.706622][ T5914] usb 9-1: config 1 has no interface number 0
[  440.763698][ T5914] usb 9-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  440.806895][ T5914] usb 9-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  440.841576][ T5914] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  440.857172][ T5914] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  440.878799][ T5914] usb 9-1: Product: syz
[  440.893677][ T5914] usb 9-1: Manufacturer: syz
[  440.905727][ T5914] usb 9-1: SerialNumber: syz
[  441.053096][    T8] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  441.219176][    T8] usb 7-1: Using ep0 maxpacket: 8
[  441.225337][    T8] usb 7-1: config 6 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  441.235460][    T8] usb 7-1: config 6 interface 0 altsetting 0 has an endpoint descriptor with address 0xEC, changing to 0x8C
[  441.247210][    T8] usb 7-1: config 6 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0
[  441.258506][    T8] usb 7-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  441.267639][    T8] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.275704][    T8] usb 7-1: Product: syz
[  441.279903][    T8] usb 7-1: Manufacturer: syz
[  441.284497][    T8] usb 7-1: SerialNumber: syz
[  441.294096][    T8] hso 7-1:6.0: Can't find BULK IN endpoint
[  441.515283][ T8532] usb 7-1: USB disconnect, device number 29
[  441.879216][ T8532] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[  442.140232][ T8532] usb 7-1: device descriptor read/64, error -71
[  442.460202][ T8532] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[  442.475407][T11236] netlink: 45 bytes leftover after parsing attributes in process `syz.4.1052'.
[  442.599145][ T8532] usb 7-1: device descriptor read/64, error -71
[  442.710176][ T8532] usb usb7-port1: attempt power cycle
[  442.799352][    T8] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  442.859113][ T7178] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  442.970393][    T8] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  442.980573][    T8] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  442.989474][    T8] usb 3-1: config 1 has no interface number 0
[  442.995613][    T8] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  443.006690][    T8] usb 3-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  443.016876][ T7178] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  443.023932][    T8] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  443.027264][ T7178] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  443.046069][ T7178] usb 5-1: config 1 has no interface number 0
[  443.046187][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.052290][ T8532] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[  443.063491][    T8] usb 3-1: Product: syz
[  443.068257][ T7178] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  443.073542][    T8] usb 3-1: Manufacturer: syz
[  443.083019][ T7178] usb 5-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  443.087417][    T8] usb 3-1: SerialNumber: syz
[  443.102936][ T7178] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  443.112240][ T7178] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.120345][ T7178] usb 5-1: Product: syz
[  443.124713][ T7178] usb 5-1: Manufacturer: syz
[  443.129444][ T8532] usb 7-1: device descriptor read/8, error -71
[  443.135637][ T7178] usb 5-1: SerialNumber: syz
[  443.299151][ T5914] cdc_ncm 9-1:1.1: bind() failure
[  443.316240][ T5914] usb 9-1: USB disconnect, device number 28
[  443.373219][ T8532] usb 7-1: new high-speed USB device number 33 using dummy_hcd
[  444.172815][ T8532] usb 7-1: device not accepting address 33, error -71
[  444.224366][ T8532] usb usb7-port1: unable to enumerate USB device
[  444.629096][ T7952] usb 8-1: new high-speed USB device number 29 using dummy_hcd
[  444.810934][ T7952] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  444.854900][ T7952] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2
[  444.866071][ T7952] usb 8-1: config 1 has no interface number 0
[  445.517767][ T7952] usb 8-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  445.528962][ T7952] usb 8-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  445.633178][    T8] cdc_ncm 3-1:1.1: bind() failure
[  445.648779][    T8] usb 3-1: USB disconnect, device number 16
[  445.693395][ T7952] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  445.712280][ T7952] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  445.729633][ T7178] cdc_ncm 5-1:1.1: bind() failure
[  445.737908][ T7178] usb 5-1: USB disconnect, device number 13
[  445.780755][ T7952] usb 8-1: Product: syz
[  445.793921][ T7952] usb 8-1: Manufacturer: syz
[  445.798882][ T7952] usb 8-1: SerialNumber: syz
[  445.818208][T11276] : entered promiscuous mode
[  446.154186][   T29] audit: type=1400 audit(1734517540.589:1799): avc:  denied  { bind } for  pid=11273 comm="syz.2.1062" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  446.173864][   T29] audit: type=1400 audit(1734517540.589:1800): avc:  denied  { node_bind } for  pid=11273 comm="syz.2.1062" saddr=224.0.0.1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  447.105902][T11285] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  447.265132][T11288] warn_alloc: 1 callbacks suppressed
[  447.265147][T11288] syz.6.1065: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  447.265210][T11288] CPU: 1 UID: 0 PID: 11288 Comm: syz.6.1065 Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0
[  447.265234][T11288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  447.265245][T11288] Call Trace:
[  447.265252][T11288]  <TASK>
[  447.265261][T11288]  dump_stack_lvl+0x16c/0x1f0
[  447.265290][T11288]  warn_alloc+0x24d/0x3a0
[  447.265317][T11288]  ? __pfx_warn_alloc+0x10/0x10
[  447.265340][T11288]  ? __pfx_stack_trace_save+0x10/0x10
[  447.265380][T11288]  ? kasan_save_stack+0x42/0x60
[  447.265400][T11288]  ? kasan_save_stack+0x33/0x60
[  447.265419][T11288]  ? kasan_save_track+0x14/0x30
[  447.265440][T11288]  ? __kasan_kmalloc+0xaa/0xb0
[  447.265461][T11288]  ? xskq_create+0x52/0x1d0
[  447.265480][T11288]  ? do_sock_setsockopt+0x222/0x480
[  447.265501][T11288]  ? __sys_setsockopt+0x1a0/0x230
[  447.265527][T11288]  ? __x64_sys_setsockopt+0xbd/0x160
[  447.265560][T11288]  __vmalloc_node_range_noprof+0x10df/0x1530
[  447.265605][T11288]  ? xskq_create+0xfb/0x1d0
[  447.265632][T11288]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  447.265661][T11288]  ? xskq_create+0xfb/0x1d0
[  447.265680][T11288]  vmalloc_user_noprof+0x6b/0x90
[  447.265702][T11288]  ? xskq_create+0xfb/0x1d0
[  447.265720][T11288]  xskq_create+0xfb/0x1d0
[  447.265740][T11288]  xsk_setsockopt+0x757/0xa10
[  447.265760][T11288]  ? __pfx_xsk_setsockopt+0x10/0x10
[  447.265788][T11288]  ? selinux_socket_setsockopt+0x6a/0x80
[  447.265810][T11288]  ? __pfx_xsk_setsockopt+0x10/0x10
[  447.265829][T11288]  do_sock_setsockopt+0x222/0x480
[  447.265851][T11288]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  447.265875][T11288]  ? lock_acquire+0x2f/0xb0
[  447.265911][T11288]  __sys_setsockopt+0x1a0/0x230
[  447.265944][T11288]  __x64_sys_setsockopt+0xbd/0x160
[  447.265976][T11288]  ? do_syscall_64+0x91/0x250
[  447.266000][T11288]  ? lockdep_hardirqs_on+0x7c/0x110
[  447.266025][T11288]  do_syscall_64+0xcd/0x250
[  447.266054][T11288]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  447.266079][T11288] RIP: 0033:0x7f9e93785d29
[  447.266095][T11288] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  447.266114][T11288] RSP: 002b:00007f9e9455d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  447.266133][T11288] RAX: ffffffffffffffda RBX: 00007f9e93976080 RCX: 00007f9e93785d29
[  447.266146][T11288] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005
[  447.266158][T11288] RBP: 00007f9e93801a20 R08: 0000000000000020 R09: 0000000000000000
[  447.266171][T11288] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000
[  447.266183][T11288] R13: 0000000000000001 R14: 00007f9e93976080 R15: 00007ffd5d457b58
[  447.266211][T11288]  </TASK>
[  447.266219][T11288] Mem-Info:
[  447.266228][T11288] active_anon:32927 inactive_anon:0 isolated_anon:0
[  447.266228][T11288]  active_file:11578 inactive_file:49045 isolated_file:0
[  447.266228][T11288]  unevictable:768 dirty:535 writeback:0
[  447.266228][T11288]  slab_reclaimable:10975 slab_unreclaimable:109109
[  447.266228][T11288]  mapped:35250 shmem:28223 pagetables:1346
[  447.266228][T11288]  sec_pagetables:0 bounce:0
[  447.266228][T11288]  kernel_misc_reclaimable:0
[  447.266228][T11288]  free:1275986 free_pcp:1755 free_cma:0
[  447.266274][T11288] Node 0 active_anon:131708kB inactive_anon:0kB active_file:46312kB inactive_file:196028kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:140964kB dirty:2136kB writeback:0kB shmem:111356kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12772kB pagetables:5384kB sec_pagetables:0kB all_unreclaimable? no
[  447.266322][T11288] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:152kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:36kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  447.266367][T11288] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  447.266419][T11288] lowmem_reserve[]: 0 2459 2459 0 0
[  447.266461][T11288] Node 0 DMA32 free:1179068kB boost:0kB min:34152kB low:42688kB high:51224kB reserved_highatomic:0KB active_anon:131704kB inactive_anon:0kB active_file:46312kB inactive_file:195932kB unevictable:1536kB writepending:2136kB present:3129332kB managed:2547148kB mlocked:0kB bounce:0kB free_pcp:6996kB local_pcp:2536kB free_cma:0kB
[  447.266513][T11288] lowmem_reserve[]: 0 0 0 0 0
[  447.266550][T11288] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:96kB unevictable:0kB writepending:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  447.266599][T11288] lowmem_reserve[]: 0 0 0 0 0
[  447.266638][T11288] Node 1 Normal free:3909516kB boost:0kB min:55748kB low:69684kB high:83620kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:152kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  447.266688][T11288] lowmem_reserve[]: 0 0 0 0 0
[  447.266726][T11288] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  447.266851][T11288] Node 0 DMA32: 388*4kB (UME) 492*8kB (UME) 197*16kB (UE) 301*32kB (UE) 170*64kB (UME) 145*128kB (UME) 123*256kB (UME) 40*512kB (U) 24*1024kB (U) 9*2048kB (UM) 253*4096kB (UM) = 1178976kB
[  447.267030][T11288] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  447.267135][T11288] Node 1 Normal: 215*4kB (UM) 80*8kB (UME) 51*16kB (UME) 212*32kB (UE) 92*64kB (UME) 38*128kB (UM) 22*256kB (UM) 8*512kB (UME) 3*1024kB (UME) 3*2048kB (UE) 945*4096kB (M) = 3909516kB
[  447.267336][T11288] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  447.267352][T11288] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  447.267367][T11288] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  447.267382][T11288] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  447.267397][T11288] 88871 total pagecache pages
[  447.267405][T11288] 0 pages in swap cache
[  447.267412][T11288] Free swap  = 124648kB
[  447.267420][T11288] Total swap = 124996kB
[  447.267428][T11288] 2097051 pages RAM
[  447.267435][T11288] 0 pages HighMem/MovableOnly
[  447.267442][T11288] 428606 pages reserved
[  447.267449][T11288] 0 pages cma reserved
[  447.575646][T11290] netlink: 45 bytes leftover after parsing attributes in process `syz.6.1065'.
[  448.333273][T11298] netlink: 300 bytes leftover after parsing attributes in process `syz.2.1067'.
[  448.387751][T11299] 9pnet_fd: Insufficient options for proto=fd
[  449.269355][ T7952] cdc_ncm 8-1:1.1: bind() failure
[  449.293540][ T7178] usb 9-1: new high-speed USB device number 29 using dummy_hcd
[  449.385192][ T7952] usb 8-1: USB disconnect, device number 29
[  449.557321][T11310] fuse: Bad value for 'rootmode'
[  449.798908][ T7178] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  449.815291][ T7178] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 2
[  449.824320][ T7178] usb 9-1: config 1 has no interface number 0
[  449.830511][ T7178] usb 9-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  449.841449][ T7178] usb 9-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  450.050933][ T7178] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  450.074837][ T7178] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  450.111039][ T7178] usb 9-1: Product: syz
[  450.115206][ T7178] usb 9-1: Manufacturer: syz
[  450.140855][ T7178] usb 9-1: SerialNumber: syz
[  450.718508][T11333] overlayfs: failed to resolve './file0': -2
[  451.399563][ T7178] cdc_ncm 9-1:1.1: bind() failure
[  451.684379][ T7178] usb 9-1: USB disconnect, device number 29
[  455.069585][ T7952] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  455.170784][ T7178] usb 8-1: new high-speed USB device number 30 using dummy_hcd
[  455.279178][ T7952] usb 5-1: Using ep0 maxpacket: 32
[  455.285497][ T7952] usb 5-1: config 105 has an invalid descriptor of length 66, skipping remainder of the config
[  455.295859][ T7952] usb 5-1: config 105 has 0 interfaces, different from the descriptor's value: 1
[  455.306505][ T7952] usb 5-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  455.316154][ T7952] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.324221][ T7952] usb 5-1: Product: syz
[  455.328836][ T7952] usb 5-1: Manufacturer: syz
[  455.336986][ T7952] usb 5-1: SerialNumber: syz
[  455.339098][ T7178] usb 8-1: Using ep0 maxpacket: 32
[  455.346873][ T5879] usb 9-1: new high-speed USB device number 30 using dummy_hcd
[  455.356385][ T7178] usb 8-1: config 105 has an invalid descriptor of length 66, skipping remainder of the config
[  455.366891][ T7178] usb 8-1: config 105 has 0 interfaces, different from the descriptor's value: 1
[  455.377825][ T7178] usb 8-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  455.386931][ T7178] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.395183][ T7178] usb 8-1: Product: syz
[  455.399411][ T7178] usb 8-1: Manufacturer: syz
[  455.404030][ T7178] usb 8-1: SerialNumber: syz
[  455.500610][ T5879] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  455.511615][ T5879] usb 9-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  455.519167][ T5914] usb 7-1: new high-speed USB device number 34 using dummy_hcd
[  455.528867][ T5879] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  455.542107][ T5879] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.603467][ T5879] usb 9-1: Product: syz
[  455.607933][ T5879] usb 9-1: Manufacturer: syz
[  455.622488][ T5879] usb 9-1: SerialNumber: syz
[  455.679360][ T5914] usb 7-1: Using ep0 maxpacket: 16
[  455.691637][ T5914] usb 7-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00
[  455.700966][ T5914] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  455.708987][ T5914] usb 7-1: Product: syz
[  455.713251][ T5914] usb 7-1: Manufacturer: syz
[  455.717882][ T5914] usb 7-1: SerialNumber: syz
[  455.724291][ T5914] usb 7-1: config 0 descriptor??
[  455.730548][ T5914] usb-storage 7-1:0.0: USB Mass Storage device detected
[  455.783030][ T5914] usb-storage 7-1:0.0: Quirks match for vid 054c pid 002e: 1
[  455.798342][ T5914] usb-storage 7-1:0.0: This device (054c,002e,0500 S 04 P c9) has an unneeded SubClass entry in unusual_devs.h (kernel 6.13.0-rc3-syzkaller-00044-gaef25be35d23)
[  455.798342][ T5914]    Please send a copy of this message to <linux-usb@vger.kernel.org> and <usb-storage@lists.one-eyed-alien.net>
[  455.910742][T11378] qnx4: no qnx4 filesystem (no root dir).
[  455.940146][T11378] input: syz1 as /devices/virtual/input/input38
[  455.945742][T11366] raw-gadget.2 gadget.8: fail, usb_ep_enable returned -22
[  456.696236][ T7952] usb 5-1: USB disconnect, device number 14
[  456.721013][T11366] raw-gadget.2 gadget.8: fail, usb_ep_enable returned -22
[  456.728199][ T7178] usb 8-1: USB disconnect, device number 30
[  456.753861][    T9] usb 7-1: USB disconnect, device number 34
[  456.949960][ T5879] cdc_mbim 9-1:1.0: MAC-Address: 42:42:42:42:42:42
[  456.956495][ T5879] cdc_mbim 9-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  456.993960][ T5879] cdc_mbim 9-1:1.0: setting rx_max = 2048
[  457.909248][    T9] usb 8-1: new high-speed USB device number 31 using dummy_hcd
[  458.090800][T11411] netlink: 'syz.6.1096': attribute type 3 has an invalid length.
[  458.091555][    T9] usb 8-1: config 0 has an invalid interface number: 64 but max is 0
[  458.108971][ T5879] cdc_mbim 9-1:1.0: setting tx_max = 184
[  458.109255][    T9] usb 8-1: config 0 has no interface number 0
[  458.146556][ T5879] cdc_mbim 9-1:1.0: cdc-wdm0: USB WDM device
[  458.222535][ T5879] wwan wwan0: port wwan0mbim0 attached
[  458.261549][ T5879] cdc_mbim 9-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.8-1, CDC MBIM, 42:42:42:42:42:42
[  458.283026][ T5879] usb 9-1: USB disconnect, device number 30
[  458.407065][ T5879] cdc_mbim 9-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.8-1, CDC MBIM
[  458.583477][    T9] usb 8-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  458.592569][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  458.619065][    T9] usb 8-1: Product: syz
[  458.623299][    T9] usb 8-1: Manufacturer: syz
[  458.635524][    T9] usb 8-1: SerialNumber: syz
[  458.644346][    T9] usb 8-1: config 0 descriptor??
[  458.661130][ T5879] wwan wwan0: port wwan0mbim0 disconnected
[  458.709128][ T7952] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  458.937370][    T9] usb 8-1: Found UVC 0.08 device syz (046d:0823)
[  458.943898][    T9] uvcvideo 8-1:0.64: Entity type for entity Output 3 was not initialized!
[  458.952750][    T9] usb 8-1: Failed to create links for entity 3
[  458.959088][    T9] usb 8-1: Failed to register entities (-22).
[  458.965717][ T7952] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  458.975842][ T7952] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2
[  458.984718][ T7952] usb 5-1: config 1 has no interface number 0
[  458.990960][ T5914] usb 7-1: new full-speed USB device number 35 using dummy_hcd
[  459.006747][    T9] usb 8-1: USB disconnect, device number 31
[  459.013629][ T7952] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  459.172924][ T5914] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  459.270412][ T5914] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  459.314765][ T7952] usb 5-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  459.382952][ T5914] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  459.441596][ T5914] usb 7-1: New USB device found, idVendor=1b1c, idProduct=1c0d, bcdDevice= 0.00
[  459.453057][ T7952] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  459.467599][ T7952] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  459.478881][ T5914] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  459.492046][ T7952] usb 5-1: Product: syz
[  459.496258][ T7952] usb 5-1: Manufacturer: syz
[  459.504180][ T5914] usb 7-1: config 0 descriptor??
[  459.511115][ T7952] usb 5-1: SerialNumber: syz
[  460.189182][ T5879] usb 9-1: new high-speed USB device number 31 using dummy_hcd
[  460.312617][ T5914] hid (null): unknown global tag 0xd
[  460.335827][ T5914] corsair-psu 0003:1B1C:1C0D.0006: unknown global tag 0xd
[  460.356215][ T5914] corsair-psu 0003:1B1C:1C0D.0006: item 0 4 1 13 parsing failed
[  460.439564][ T5914] corsair-psu 0003:1B1C:1C0D.0006: probe with driver corsair-psu failed with error -22
[  460.589201][ T5879] usb 9-1: Using ep0 maxpacket: 32
[  461.122513][ T5879] usb 9-1: config 105 has an invalid descriptor of length 66, skipping remainder of the config
[  461.189775][ T5879] usb 9-1: config 105 has 0 interfaces, different from the descriptor's value: 1
[  461.253836][ T5879] usb 9-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  461.298516][ T5879] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  461.307923][T11438] netlink: 300 bytes leftover after parsing attributes in process `syz.7.1103'.
[  461.318440][ T5879] usb 9-1: Product: syz
[  461.385164][ T5879] usb 9-1: Manufacturer: syz
[  461.411771][T11416] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1098'.
[  461.414097][T11438] 9pnet_fd: Insufficient options for proto=fd
[  461.439087][ T5879] usb 9-1: SerialNumber: syz
[  461.567674][T11433] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1102'.
[  461.667577][T11440] netlink: 92 bytes leftover after parsing attributes in process `syz.6.1098'.
[  462.398894][ T7952] cdc_ncm 5-1:1.1: bind() failure
[  462.418974][ T7952] usb 5-1: USB disconnect, device number 15
[  462.809120][ T5879] usb 9-1: USB disconnect, device number 31
[  462.850175][ T7178] usb 7-1: USB disconnect, device number 35
[  462.881137][T11454] syzkaller0: entered promiscuous mode
[  462.886586][T11454] syzkaller0: entered allmulticast mode
[  462.900263][ T7952] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  463.079352][ T7952] usb 5-1: Using ep0 maxpacket: 16
[  463.093358][ T7952] usb 5-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00
[  463.122859][ T7952] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.423535][ T7952] usb 5-1: Product: syz
[  463.478335][ T7952] usb 5-1: Manufacturer: syz
[  463.494662][ T7952] usb 5-1: SerialNumber: syz
[  463.512994][ T7952] usb 5-1: config 0 descriptor??
[  463.536046][T11463] slcan: can't register candev
[  463.536221][ T7952] usb-storage 5-1:0.0: USB Mass Storage device detected
[  463.543796][T11463] Falling back ldisc for ptm1.
[  463.566973][ T7952] usb-storage 5-1:0.0: Quirks match for vid 054c pid 002e: 1
[  463.602634][ T7952] usb-storage 5-1:0.0: This device (054c,002e,0500 S 04 P c9) has an unneeded SubClass entry in unusual_devs.h (kernel 6.13.0-rc3-syzkaller-00044-gaef25be35d23)
[  463.602634][ T7952]    Please send a copy of this message to <linux-usb@vger.kernel.org> and <usb-storage@lists.one-eyed-alien.net>
[  463.899227][ T7178] usb 7-1: new full-speed USB device number 36 using dummy_hcd
[  464.111087][ T7178] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  464.341497][ T7178] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  464.468665][ T7178] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  464.740048][ T7178] usb 7-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=ec.c1
[  464.754204][ T7178] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  464.760360][ T7952] usb 5-1: USB disconnect, device number 16
[  464.762365][ T7178] usb 7-1: Product: syz
[  464.774596][ T7178] usb 7-1: Manufacturer: syz
[  464.779395][ T7178] usb 7-1: SerialNumber: syz
[  464.791837][ T7178] usb 7-1: config 0 descriptor??
[  464.797401][T11459] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  464.845666][T11482] netlink: 300 bytes leftover after parsing attributes in process `syz.8.1114'.
[  464.868420][T11482] 9pnet_fd: Insufficient options for proto=fd
[  466.036392][T11489] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  466.500438][T11493] FAULT_INJECTION: forcing a failure.
[  466.500438][T11493] name failslab, interval 1, probability 0, space 0, times 0
[  466.515067][T11493] CPU: 0 UID: 0 PID: 11493 Comm: syz.4.1117 Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0
[  466.525833][T11493] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  466.535881][T11493] Call Trace:
[  466.539148][T11493]  <TASK>
[  466.542075][T11493]  dump_stack_lvl+0x16c/0x1f0
[  466.546752][T11493]  should_fail_ex+0x497/0x5b0
[  466.551416][T11493]  ? fs_reclaim_acquire+0xae/0x150
[  466.556509][T11493]  should_failslab+0xc2/0x120
[  466.561168][T11493]  kmem_cache_alloc_noprof+0x6e/0x3d0
[  466.566531][T11493]  ? do_epoll_ctl+0x1185/0x35d0
[  466.571374][T11493]  do_epoll_ctl+0x1185/0x35d0
[  466.576040][T11493]  ? find_held_lock+0x2d/0x110
[  466.580798][T11493]  ? __pfx_do_epoll_ctl+0x10/0x10
[  466.585816][T11493]  ? __might_fault+0xe3/0x190
[  466.590486][T11493]  ? __x64_sys_epoll_ctl+0x15d/0x1e0
[  466.595757][T11493]  __x64_sys_epoll_ctl+0x15d/0x1e0
[  466.600856][T11493]  ? __pfx___x64_sys_epoll_ctl+0x10/0x10
[  466.606483][T11493]  do_syscall_64+0xcd/0x250
[  466.610972][T11493]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  466.616850][T11493] RIP: 0033:0x7f14f4185d29
[  466.621244][T11493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  466.640836][T11493] RSP: 002b:00007f14f505e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9
[  466.649232][T11493] RAX: ffffffffffffffda RBX: 00007f14f4375fa0 RCX: 00007f14f4185d29
[  466.657181][T11493] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004
[  466.665133][T11493] RBP: 00007f14f505e090 R08: 0000000000000000 R09: 0000000000000000
[  466.673084][T11493] R10: 0000000020000100 R11: 0000000000000246 R12: 0000000000000001
[  466.681034][T11493] R13: 0000000000000000 R14: 00007f14f4375fa0 R15: 00007fff8e30b988
[  466.688997][T11493]  </TASK>
[  467.979208][ T8532] usb 9-1: new high-speed USB device number 32 using dummy_hcd
[  468.129207][ T8532] usb 9-1: Using ep0 maxpacket: 8
[  468.137051][ T8532] usb 9-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  468.146565][ T8532] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  468.156303][ T8532] usb 9-1: config 0 descriptor??
[  468.217851][T11505] tipc: Started in network mode
[  468.222875][T11505] tipc: Node identity ac14140f, cluster identity 4711
[  468.239370][T11505] tipc: New replicast peer: 255.255.255.255
[  468.245548][T11505] tipc: Enabled bearer <udp:syz2>, priority 10
[  468.374579][T11511] netlink: 'syz.2.1121': attribute type 1 has an invalid length.
[  468.397320][T11511] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1121'.
[  468.737678][   T48] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  469.266102][ T7952] tipc: Node number set to 2886997007
[  469.450548][   T48] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7
[  469.462018][   T48] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  469.472975][   T48] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0
[  469.484289][   T48] usb 5-1: New USB device found, idVendor=0738, idProduct=a2c5, bcdDevice=1e.ce
[  469.493819][   T48] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  469.501899][   T48] usb 5-1: Product: syz
[  469.506124][   T48] usb 5-1: Manufacturer: syz
[  469.510833][   T48] usb 5-1: SerialNumber: syz
[  469.533917][   T48] usb 5-1: config 0 descriptor??
[  469.917479][    T9] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  469.940715][ T7178] powermate: Expected payload of 3--6 bytes, found 64 bytes!
[  469.957759][ T7178] input: Griffin PowerMate as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input41
[  469.974682][   T48] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input40
[  470.012461][    C1] powermate: config urb returned -32
[  470.017793][    C1] powermate: config urb returned -32
[  470.023169][    C1] powermate: config urb returned -32
[  470.028558][    C1] powermate: config urb returned -32
[  470.072333][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  470.088168][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  470.097503][    T9] usb 3-1: config 1 has no interface number 0
[  470.106831][    T9] usb 3-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  470.128955][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  470.142238][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  470.229304][    T9] usb 3-1: Product: syz
[  470.254969][    T9] usb 3-1: Manufacturer: syz
[  470.280727][    T9] usb 3-1: SerialNumber: syz
[  470.296174][    T9] usb 3-1: selecting invalid altsetting 1
[  470.387650][T11535] netlink: 300 bytes leftover after parsing attributes in process `syz.7.1127'.
[  470.409001][T11535] 9pnet_fd: Insufficient options for proto=fd
[  472.290660][T11542] 9pnet_fd: Insufficient options for proto=fd
[  472.498800][    C1] xpad 5-1:0.0: xpad_irq_out - usb_submit_urb failed with result -19
[  472.498819][ T7952] usb 5-1: USB disconnect, device number 17
[  472.512936][ T7952] xpad 5-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  472.586392][ T8532] asix 9-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  472.597000][ T8532] asix 9-1:0.0: probe with driver asix failed with error -71
[  472.616259][ T8532] usb 9-1: USB disconnect, device number 32
[  472.667901][T11546] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  473.256071][ T8532] usb 9-1: new full-speed USB device number 33 using dummy_hcd
[  473.445620][ T8532] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  473.569144][ T8532] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  473.586347][ T8532] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  473.608582][ T8532] usb 9-1: New USB device found, idVendor=077d, idProduct=0410, bcdDevice=ec.c1
[  473.716451][    T9] cdc_ncm 3-1:1.1: failed GET_NTB_PARAMETERS
[  473.722512][    T9] cdc_ncm 3-1:1.1: bind() failure
[  473.723595][ T8532] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  473.750803][ T8532] usb 9-1: Product: syz
[  473.753618][    T9] usb 3-1: USB disconnect, device number 17
[  473.775643][ T8532] usb 9-1: Manufacturer: syz
[  473.781910][ T8532] usb 9-1: SerialNumber: syz
[  473.788437][ T8532] usb 9-1: config 0 descriptor??
[  473.794563][T11551] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22
[  473.962423][T11565] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  475.094495][    T9] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  476.044924][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  476.058683][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  476.073403][    T9] usb 3-1: config 1 has no interface number 0
[  476.080308][    T9] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  476.513954][    T9] usb 3-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  476.525325][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  476.534585][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  476.542656][    T9] usb 3-1: Product: syz
[  476.547051][    T9] usb 3-1: Manufacturer: syz
[  476.551708][    T9] usb 3-1: SerialNumber: syz
[  476.774805][T11584] netlink: 300 bytes leftover after parsing attributes in process `syz.7.1140'.
[  476.787806][T11584] 9pnet_fd: Insufficient options for proto=fd
[  477.253268][    T9] cdc_ncm 3-1:1.1: bind() failure
[  477.328085][    T9] usb 3-1: USB disconnect, device number 18
[  477.880500][T11592] tipc: Enabling of bearer <udp:syz2> rejected, already enabled
[  477.985996][T11595] 9pnet_fd: Insufficient options for proto=fd
[  478.250095][T11598] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1146'.
[  478.460047][ T5836] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  478.470147][ T5836] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  478.478377][ T5836] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  478.486071][ T5836] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  478.495262][ T5836] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  478.503107][ T5836] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  478.872035][ T8532] powermate: Expected payload of 3--6 bytes, found 64 bytes!
[  478.975646][ T8532] input: Griffin PowerMate as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/input/input42
[  478.990780][    T9] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  479.019618][    C1] powermate: config urb returned -32
[  479.025095][    C1] powermate: config urb returned -32
[  479.031085][    C1] powermate: config urb returned -32
[  479.036495][    C1] powermate: config urb returned -32
[  479.074372][    C1] powermate 7-1:0.0: powermate_irq - usb_submit_urb failed with result: -19
[  479.096922][ T8532] usb 7-1: USB disconnect, device number 36
[  479.147596][ T5914] usb 9-1: USB disconnect, device number 33
[  479.147595][    C1] powermate 9-1:0.0: powermate_irq - usb_submit_urb failed with result: -19
[  479.182290][    T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  479.192993][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  479.201934][    T9] usb 3-1: config 1 has no interface number 0
[  479.208008][    T9] usb 3-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  479.241800][T11601] chnl_net:caif_netlink_parms(): no params data found
[  479.383801][T11615] netlink: 300 bytes leftover after parsing attributes in process `syz.4.1150'.
[  479.408650][T11615] 9pnet_fd: Insufficient options for proto=fd
[  479.477640][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  479.489227][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.494489][    T9] usb 3-1: Product: syz
[  479.496836][    T9] usb 3-1: Manufacturer: syz
[  479.499084][    T9] usb 3-1: SerialNumber: syz
[  479.659499][T11616] syz.8.1149: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  479.659560][T11616] CPU: 1 UID: 0 PID: 11616 Comm: syz.8.1149 Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0
[  479.659584][T11616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  479.659596][T11616] Call Trace:
[  479.659602][T11616]  <TASK>
[  479.659610][T11616]  dump_stack_lvl+0x16c/0x1f0
[  479.659640][T11616]  warn_alloc+0x24d/0x3a0
[  479.659667][T11616]  ? __pfx_warn_alloc+0x10/0x10
[  479.659688][T11616]  ? __pfx_stack_trace_save+0x10/0x10
[  479.659724][T11616]  ? kasan_save_stack+0x42/0x60
[  479.659743][T11616]  ? kasan_save_stack+0x33/0x60
[  479.659762][T11616]  ? kasan_save_track+0x14/0x30
[  479.659783][T11616]  ? __kasan_kmalloc+0xaa/0xb0
[  479.659801][T11616]  ? xskq_create+0x52/0x1d0
[  479.659819][T11616]  ? do_sock_setsockopt+0x222/0x480
[  479.659840][T11616]  ? __sys_setsockopt+0x1a0/0x230
[  479.659867][T11616]  ? __x64_sys_setsockopt+0xbd/0x160
[  479.659901][T11616]  __vmalloc_node_range_noprof+0x10df/0x1530
[  479.659932][T11616]  ? xskq_create+0xfb/0x1d0
[  479.659957][T11616]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  479.659986][T11616]  ? xskq_create+0xfb/0x1d0
[  479.660006][T11616]  vmalloc_user_noprof+0x6b/0x90
[  479.660028][T11616]  ? xskq_create+0xfb/0x1d0
[  479.660047][T11616]  xskq_create+0xfb/0x1d0
[  479.660067][T11616]  xsk_setsockopt+0x757/0xa10
[  479.660086][T11616]  ? __pfx_xsk_setsockopt+0x10/0x10
[  479.660114][T11616]  ? selinux_socket_setsockopt+0x6a/0x80
[  479.660137][T11616]  ? __pfx_xsk_setsockopt+0x10/0x10
[  479.660156][T11616]  do_sock_setsockopt+0x222/0x480
[  479.660178][T11616]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  479.660202][T11616]  ? lock_acquire+0x2f/0xb0
[  479.660237][T11616]  __sys_setsockopt+0x1a0/0x230
[  479.660271][T11616]  __x64_sys_setsockopt+0xbd/0x160
[  479.660298][T11616]  ? do_syscall_64+0x91/0x250
[  479.660323][T11616]  ? lockdep_hardirqs_on+0x7c/0x110
[  479.660346][T11616]  do_syscall_64+0xcd/0x250
[  479.660374][T11616]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  479.660400][T11616] RIP: 0033:0x7fe337785d29
[  479.660416][T11616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  479.660434][T11616] RSP: 002b:00007fe3385a7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  479.660457][T11616] RAX: ffffffffffffffda RBX: 00007fe337976080 RCX: 00007fe337785d29
[  479.660470][T11616] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000005
[  479.660482][T11616] RBP: 00007fe337801a20 R08: 0000000000000020 R09: 0000000000000000
[  479.660494][T11616] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000
[  479.660506][T11616] R13: 0000000000000001 R14: 00007fe337976080 R15: 00007fff14f259b8
[  479.660534][T11616]  </TASK>
[  479.660541][T11616] Mem-Info:
[  479.660549][T11616] active_anon:5745 inactive_anon:0 isolated_anon:0
[  479.660549][T11616]  active_file:11535 inactive_file:48431 isolated_file:0
[  479.660549][T11616]  unevictable:1689 dirty:476 writeback:0
[  479.660549][T11616]  slab_reclaimable:10951 slab_unreclaimable:111762
[  479.660549][T11616]  mapped:29825 shmem:1442 pagetables:1292
[  479.660549][T11616]  sec_pagetables:0 bounce:0
[  479.660549][T11616]  kernel_misc_reclaimable:0
[  479.660549][T11616]  free:1297795 free_pcp:746 free_cma:0
[  479.660598][T11616] Node 0 active_anon:22980kB inactive_anon:0kB active_file:46140kB inactive_file:193572kB unevictable:5220kB isolated(anon):0kB isolated(file):0kB mapped:119232kB dirty:1900kB writeback:0kB shmem:4232kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12680kB pagetables:5168kB sec_pagetables:0kB all_unreclaimable? no
[  479.660647][T11616] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:152kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:68kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  479.660691][T11616] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  479.660739][T11616] lowmem_reserve[]: 0 2459 2459 0 0
[  479.660777][T11616] Node 0 DMA32 free:1266304kB boost:0kB min:34152kB low:42688kB high:51224kB reserved_highatomic:0KB active_anon:22976kB inactive_anon:0kB active_file:46140kB inactive_file:193476kB unevictable:5220kB writepending:1900kB present:3129332kB managed:2547148kB mlocked:3684kB bounce:0kB free_pcp:2976kB local_pcp:720kB free_cma:0kB
[  479.660827][T11616] lowmem_reserve[]: 0 0 0 0 0
[  479.660863][T11616] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:96kB unevictable:0kB writepending:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  479.660910][T11616] lowmem_reserve[]: 0 0 0 0 0
[  479.660947][T11616] Node 1 Normal free:3909516kB boost:0kB min:55748kB low:69684kB high:83620kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:152kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  479.660998][T11616] lowmem_reserve[]: 0 0 0 0 0
[  479.661035][T11616] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  479.661159][T11616] Node 0 DMA32: 809*4kB (UME) 1370*8kB (UME) 764*16kB (UME) 541*32kB (UME) 229*64kB (UME) 198*128kB (UME) 131*256kB (UME) 66*512kB (UM) 41*1024kB (UM) 16*2048kB (UM) 254*4096kB (UM) = 1266196kB
[  479.661332][T11616] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  479.661436][T11616] Node 1 Normal: 215*4kB (UM) 80*8kB (UME) 51*16kB (UME) 212*32kB (UE) 92*64kB (UME) 38*128kB (UM) 22*256kB (UM) 8*512kB (UME) 3*1024kB (UME) 3*2048kB (UE) 945*4096kB (M) = 3909516kB
[  479.661612][T11616] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  479.661628][T11616] Node 0 hugepages_total=6 hugepages_free=0 hugepages_surp=4 hugepages_size=2048kB
[  479.661644][T11616] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  479.661659][T11616] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  479.661674][T11616] 62080 total pagecache pages
[  479.661682][T11616] 0 pages in swap cache
[  479.661689][T11616] Free swap  = 124648kB
[  479.661697][T11616] Total swap = 124996kB
[  479.661705][T11616] 2097051 pages RAM
[  479.661712][T11616] 0 pages HighMem/MovableOnly
[  479.661719][T11616] 428606 pages reserved
[  479.661725][T11616] 0 pages cma reserved
[  479.672253][    T9] cdc_ncm 3-1:1.1: NCM or ECM functional descriptors missing
[  479.672279][    T9] cdc_ncm 3-1:1.1: bind() failure
[  479.742619][T11601] bridge0: port 1(bridge_slave_0) entered blocking state
[  479.742751][T11601] bridge0: port 1(bridge_slave_0) entered disabled state
[  479.742853][T11601] bridge_slave_0: entered allmulticast mode
[  479.743710][T11601] bridge_slave_0: entered promiscuous mode
[  479.746308][T11601] bridge0: port 2(bridge_slave_1) entered blocking state
[  479.746352][T11601] bridge0: port 2(bridge_slave_1) entered disabled state
[  479.746517][T11601] bridge_slave_1: entered allmulticast mode
[  479.747192][T11601] bridge_slave_1: entered promiscuous mode
[  479.983925][T11620] netlink: 45 bytes leftover after parsing attributes in process `syz.8.1149'.
[  480.490484][ T5872] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  480.549821][ T5836] Bluetooth: hci5: command tx timeout
[  480.939218][ T5872] usb 5-1: Using ep0 maxpacket: 32
[  480.953467][ T5872] usb 5-1: config 105 has an invalid descriptor of length 66, skipping remainder of the config
[  481.101011][T11601] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  481.124764][T11601] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  481.134247][ T5872] usb 5-1: config 105 has 0 interfaces, different from the descriptor's value: 1
[  481.177562][ T5872] usb 5-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  481.186846][ T5872] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  481.194940][ T5872] usb 5-1: Product: syz
[  481.199297][ T5872] usb 5-1: Manufacturer: syz
[  481.203945][ T5872] usb 5-1: SerialNumber: syz
[  481.272931][T11601] team0: Port device team_slave_0 added
[  481.303924][T11601] team0: Port device team_slave_1 added
[  481.352446][T11638] bio_check_eod: 2 callbacks suppressed
[  481.352460][T11638] syz.7.1154: attempt to access beyond end of device
[  481.352460][T11638] loop7: rw=6144, sector=128, nr_sectors = 8 limit=0
[  481.379141][T11638] gfs2: error -5 reading superblock
[  481.401390][T11601] batman_adv: batadv0: Adding interface: batadv_slave_0
[  481.408377][T11601] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  481.436279][T11601] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  481.448791][T11601] batman_adv: batadv0: Adding interface: batadv_slave_1
[  481.467593][T11601] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  481.558563][   T29] audit: type=1400 audit(1734517575.989:1801): avc:  denied  { ioctl } for  pid=11632 comm="syz.8.1152" path="socket:[35931]" dev="sockfs" ino=35931 ioctlcmd=0x8983 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  481.708801][T11601] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  482.054419][T11601] hsr_slave_0: entered promiscuous mode
[  482.061778][T11601] hsr_slave_1: entered promiscuous mode
[  482.068625][T11601] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  482.076467][T11601] Cannot create hsr debugfs directory
[  482.214767][   T29] audit: type=1400 audit(1734517576.519:1802): avc:  denied  { setopt } for  pid=11641 comm="syz.7.1155" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  482.337003][T11647] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1157'.
[  482.389121][ T5914] usb 3-1: USB disconnect, device number 19
[  482.445940][T11601] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  482.489933][T11651] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1155'.
[  482.555429][T11651] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1155'.
[  482.609101][ T5836] Bluetooth: hci5: command tx timeout
[  482.728647][T11601] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  482.941411][ T5872] usb 5-1: USB disconnect, device number 18
[  483.026729][ T5914] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  483.351360][ T5914] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  483.371824][T11601] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  483.487532][ T5914] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  483.496547][ T5914] usb 3-1: config 1 has no interface number 0
[  483.502731][ T5914] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  483.513625][ T5914] usb 3-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  483.620806][T11660] netlink: 300 bytes leftover after parsing attributes in process `syz.4.1161'.
[  483.631559][T11660] 9pnet_fd: Insufficient options for proto=fd
[  483.654912][ T5914] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  483.664088][ T5914] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  483.672161][ T5914] usb 3-1: Product: syz
[  483.676316][ T5914] usb 3-1: Manufacturer: syz
[  483.680984][ T5914] usb 3-1: SerialNumber: syz
[  483.712200][T11601] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  483.853810][T11601] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  483.862670][T11601] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  483.925519][T11601] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  483.946423][T11601] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  483.965411][T11667] netlink: 300 bytes leftover after parsing attributes in process `syz.4.1163'.
[  485.019264][ T5836] Bluetooth: hci5: command tx timeout
[  485.174891][T11601] 8021q: adding VLAN 0 to HW filter on device bond0
[  485.193752][T11601] 8021q: adding VLAN 0 to HW filter on device team0
[  485.211797][ T1810] bridge0: port 1(bridge_slave_0) entered blocking state
[  485.218871][ T1810] bridge0: port 1(bridge_slave_0) entered forwarding state
[  485.236191][ T1775] bridge0: port 2(bridge_slave_1) entered blocking state
[  485.243294][ T1775] bridge0: port 2(bridge_slave_1) entered forwarding state
[  485.251548][ T5836] block nbd7: Receive control failed (result -107)
[  485.309834][T11674] nbd7: detected capacity change from 0 to 8589934592
[  485.321924][T11674] block nbd7: Dead connection, failed to find a fallback
[  485.339329][T11674] block nbd7: shutting down sockets
[  485.357880][T11674] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  485.376751][T11674] Buffer I/O error on dev nbd7, logical block 0, async page read
[  485.394831][T11674] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  485.428016][T11601] 8021q: adding VLAN 0 to HW filter on device batadv0
[  485.473309][T11674] Buffer I/O error on dev nbd7, logical block 0, async page read
[  485.509244][T11674] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  485.522719][T11674] Buffer I/O error on dev nbd7, logical block 0, async page read
[  485.536511][T11674] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  485.550146][T11674] Buffer I/O error on dev nbd7, logical block 0, async page read
[  485.553095][T11601] veth0_vlan: entered promiscuous mode
[  485.564223][T11674] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  485.578405][T11674] Buffer I/O error on dev nbd7, logical block 0, async page read
[  485.593878][T11601] veth1_vlan: entered promiscuous mode
[  485.594359][T11674] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  485.612324][T11674] Buffer I/O error on dev nbd7, logical block 0, async page read
[  485.622060][T11674] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  485.624856][T11601] veth0_macvtap: entered promiscuous mode
[  485.637518][T11674] Buffer I/O error on dev nbd7, logical block 0, async page read
[  485.646012][T11674] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  485.656428][T11674] Buffer I/O error on dev nbd7, logical block 0, async page read
[  485.658918][T11601] veth1_macvtap: entered promiscuous mode
[  485.670776][T11674] ldm_validate_partition_table(): Disk read failed.
[  485.678477][T11674] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  485.688267][T11674] Buffer I/O error on dev nbd7, logical block 0, async page read
[  485.700643][T11674] I/O error, dev nbd7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  485.709666][T11601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  485.709818][T11674] Buffer I/O error on dev nbd7, logical block 0, async page read
[  485.731038][T11674] Dev nbd7: unable to read RDB block 0
[  485.742613][T11674]  nbd7: unable to read partition table
[  485.747508][T11601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.759207][T11601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  485.812548][T11601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.830754][T11601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  485.859245][T11601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.872674][T11601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  485.893667][T11601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.921060][T11601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  485.967376][T11601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.967395][T11601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  485.967410][T11601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  485.969867][T11601] batman_adv: batadv0: Interface activated: batadv_slave_0
[  485.989165][T11601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  486.061381][T11601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  486.061414][T11601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  486.061428][T11601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  486.061439][T11601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  486.061451][T11601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  486.061462][T11601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  486.061474][T11601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  486.061484][T11601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  486.061496][T11601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  486.061508][T11601] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  486.061521][T11601] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  486.066307][T11601] batman_adv: batadv0: Interface activated: batadv_slave_1
[  486.076794][T11601] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  486.076824][T11601] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  486.076847][T11601] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  486.076868][T11601] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  486.086034][T11688] netlink: 45 bytes leftover after parsing attributes in process `syz.7.1168'.
[  486.108084][ T5914] cdc_ncm 3-1:1.1: bind() failure
[  486.110921][ T5914] usb 3-1: USB disconnect, device number 20
[  486.398432][ T1775] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  486.398500][ T1775] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  486.548181][ T9184] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  486.548216][ T9184] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  487.093816][ T5836] Bluetooth: hci5: command tx timeout
[  487.385917][   T48] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  487.526276][T11706] FAULT_INJECTION: forcing a failure.
[  487.526276][T11706] name failslab, interval 1, probability 0, space 0, times 0
[  487.526297][T11706] CPU: 0 UID: 0 PID: 11706 Comm: syz.2.1172 Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0
[  487.526309][T11706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  487.526315][T11706] Call Trace:
[  487.526319][T11706]  <TASK>
[  487.526324][T11706]  dump_stack_lvl+0x16c/0x1f0
[  487.526341][T11706]  should_fail_ex+0x497/0x5b0
[  487.526355][T11706]  ? fs_reclaim_acquire+0xae/0x150
[  487.526372][T11706]  should_failslab+0xc2/0x120
[  487.526391][T11706]  __kmalloc_noprof+0xcb/0x510
[  487.526402][T11706]  ? d_absolute_path+0x137/0x1b0
[  487.526415][T11706]  ? rcu_is_watching+0x12/0xc0
[  487.526430][T11706]  tomoyo_encode2+0x100/0x3e0
[  487.526444][T11706]  tomoyo_encode+0x29/0x50
[  487.526456][T11706]  tomoyo_realpath_from_path+0x19d/0x720
[  487.526471][T11706]  tomoyo_path_number_perm+0x248/0x590
[  487.526481][T11706]  ? tomoyo_path_number_perm+0x235/0x590
[  487.526493][T11706]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  487.526515][T11706]  ? __pfx_lock_release+0x10/0x10
[  487.526526][T11706]  ? trace_lock_acquire+0x14e/0x1f0
[  487.526542][T11706]  ? lock_acquire+0x2f/0xb0
[  487.526551][T11706]  ? __fget_files+0x40/0x3a0
[  487.526564][T11706]  ? __fget_files+0x206/0x3a0
[  487.526575][T11706]  security_file_ioctl+0x9b/0x240
[  487.526588][T11706]  __x64_sys_ioctl+0xb7/0x200
[  487.526603][T11706]  do_syscall_64+0xcd/0x250
[  487.526617][T11706]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  487.526630][T11706] RIP: 0033:0x7f256d185d29
[  487.526639][T11706] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  487.526649][T11706] RSP: 002b:00007f256df2c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  487.526660][T11706] RAX: ffffffffffffffda RBX: 00007f256d375fa0 RCX: 00007f256d185d29
[  487.526666][T11706] RDX: 0000000020001ec0 RSI: 0000000000004b67 RDI: 0000000000000003
[  487.526673][T11706] RBP: 00007f256df2c090 R08: 0000000000000000 R09: 0000000000000000
[  487.526679][T11706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  487.526685][T11706] R13: 0000000000000000 R14: 00007f256d375fa0 R15: 00007ffd60db5608
[  487.526698][T11706]  </TASK>
[  487.526706][T11706] ERROR: Out of memory at tomoyo_realpath_from_path.
[  487.550528][   T48] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  487.550559][   T48] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  487.550589][   T48] usb 4-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  487.550611][   T48] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  487.552032][   T48] usb 4-1: config 0 descriptor??
[  487.996740][   T48] hid-steam 0003:28DE:1142.0007: unexpected long global item
[  488.021737][   T48] hid-steam 0003:28DE:1142.0007: steam_probe:parse of hid interface failed
[  488.041361][   T48] hid-steam 0003:28DE:1142.0007: probe with driver hid-steam failed with error -22
[  488.258943][T11712] erofs (device loop2): cannot find valid erofs superblock
[  488.448678][ T8532] usb 4-1: USB disconnect, device number 9
[  490.670910][T11735] fuse: Bad value for 'fd'
[  490.893340][T11741] FAULT_INJECTION: forcing a failure.
[  490.893340][T11741] name failslab, interval 1, probability 0, space 0, times 0
[  491.273017][T11741] CPU: 0 UID: 0 PID: 11741 Comm: syz.7.1182 Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0
[  491.283789][T11741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  491.293825][T11741] Call Trace:
[  491.297085][T11741]  <TASK>
[  491.299999][T11741]  dump_stack_lvl+0x16c/0x1f0
[  491.304664][T11741]  should_fail_ex+0x497/0x5b0
[  491.309328][T11741]  ? fs_reclaim_acquire+0xae/0x150
[  491.314431][T11741]  should_failslab+0xc2/0x120
[  491.319093][T11741]  kmem_cache_alloc_node_noprof+0x72/0x3c0
[  491.324880][T11741]  ? __alloc_skb+0x2b1/0x380
[  491.329462][T11741]  __alloc_skb+0x2b1/0x380
[  491.333865][T11741]  ? __pfx___alloc_skb+0x10/0x10
[  491.338789][T11741]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  491.344760][T11741]  netlink_alloc_large_skb+0x69/0x130
[  491.350120][T11741]  netlink_sendmsg+0x689/0xd70
[  491.354872][T11741]  ? __pfx_netlink_sendmsg+0x10/0x10
[  491.360144][T11741]  ? ____sys_sendmsg+0x942/0xc90
[  491.365068][T11741]  ____sys_sendmsg+0xaaf/0xc90
[  491.369817][T11741]  ? copy_msghdr_from_user+0x10b/0x160
[  491.375258][T11741]  ? __pfx_____sys_sendmsg+0x10/0x10
[  491.380535][T11741]  ___sys_sendmsg+0x135/0x1e0
[  491.385195][T11741]  ? __pfx____sys_sendmsg+0x10/0x10
[  491.390389][T11741]  ? __pfx_lock_release+0x10/0x10
[  491.395395][T11741]  ? trace_lock_acquire+0x14e/0x1f0
[  491.400585][T11741]  ? __fget_files+0x206/0x3a0
[  491.405250][T11741]  __sys_sendmsg+0x16e/0x220
[  491.409823][T11741]  ? __pfx___sys_sendmsg+0x10/0x10
[  491.414929][T11741]  do_syscall_64+0xcd/0x250
[  491.419421][T11741]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  491.425296][T11741] RIP: 0033:0x7fdd59f85d29
[  491.429693][T11741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  491.449280][T11741] RSP: 002b:00007fdd5ad0b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  491.457672][T11741] RAX: ffffffffffffffda RBX: 00007fdd5a175fa0 RCX: 00007fdd59f85d29
[  491.465622][T11741] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000005
[  491.473573][T11741] RBP: 00007fdd5ad0b090 R08: 0000000000000000 R09: 0000000000000000
[  491.481524][T11741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  491.489475][T11741] R13: 0000000000000000 R14: 00007fdd5a175fa0 R15: 00007ffd885b9348
[  491.497438][T11741]  </TASK>
[  491.500493][    C0] vkms_vblank_simulate: vblank timer overrun
[  491.519067][    T9] usb 9-1: new high-speed USB device number 34 using dummy_hcd
[  491.648796][ T5872] kernel write not supported for file /amidi2 (pid: 5872 comm: kworker/0:4)
[  491.764788][   T29] audit: type=1400 audit(1734517586.189:1803): avc:  denied  { view } for  pid=11746 comm="syz.2.1185" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  491.783808][    C0] vkms_vblank_simulate: vblank timer overrun
[  491.845930][   T29] audit: type=1400 audit(1734517586.259:1804): avc:  denied  { read } for  pid=11746 comm="syz.2.1185" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  492.026700][T11758] erofs (device loop2): cannot find valid erofs superblock
[  492.223401][   T29] audit: type=1400 audit(1734517586.259:1805): avc:  denied  { open } for  pid=11746 comm="syz.2.1185" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  492.392306][    T9] usb 9-1: Using ep0 maxpacket: 32
[  492.545232][    T9] usb 9-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  492.581330][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  492.657946][    T9] usb 9-1: config 0 descriptor??
[  492.807408][    T9] gspca_main: sonixj-2.14.0 probing 0471:0327
[  493.035470][T11778] warn_alloc: 1 callbacks suppressed
[  493.035485][T11778] syz.4.1193: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  493.088075][   T29] audit: type=1400 audit(1734517587.519:1806): avc:  denied  { ioctl } for  pid=11776 comm="syz.4.1193" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4611 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  493.099923][T11778] CPU: 1 UID: 0 PID: 11778 Comm: syz.4.1193 Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0
[  493.130977][T11778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  493.141024][T11778] Call Trace:
[  493.144289][T11778]  <TASK>
[  493.147348][T11778]  dump_stack_lvl+0x16c/0x1f0
[  493.152018][T11778]  warn_alloc+0x24d/0x3a0
[  493.156341][T11778]  ? __pfx_warn_alloc+0x10/0x10
[  493.161180][T11778]  ? __pfx_stack_trace_save+0x10/0x10
[  493.166551][T11778]  ? kasan_save_stack+0x42/0x60
[  493.171385][T11778]  ? kasan_save_stack+0x33/0x60
[  493.176217][T11778]  ? kasan_save_track+0x14/0x30
[  493.181050][T11778]  ? __kasan_kmalloc+0xaa/0xb0
[  493.185800][T11778]  ? xskq_create+0x52/0x1d0
[  493.190290][T11778]  ? do_sock_setsockopt+0x222/0x480
[  493.195476][T11778]  ? __sys_setsockopt+0x1a0/0x230
[  493.200487][T11778]  ? __x64_sys_setsockopt+0xbd/0x160
[  493.205763][T11778]  __vmalloc_node_range_noprof+0x10df/0x1530
[  493.211733][T11778]  ? xskq_create+0xfb/0x1d0
[  493.216223][T11778]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  493.222539][T11778]  ? xskq_create+0xfb/0x1d0
[  493.227026][T11778]  vmalloc_user_noprof+0x6b/0x90
[  493.231946][T11778]  ? xskq_create+0xfb/0x1d0
[  493.236432][T11778]  xskq_create+0xfb/0x1d0
[  493.240755][T11778]  xsk_setsockopt+0x757/0xa10
[  493.245422][T11778]  ? __pfx_xsk_setsockopt+0x10/0x10
[  493.250614][T11778]  ? selinux_socket_setsockopt+0x6a/0x80
[  493.256233][T11778]  ? __pfx_xsk_setsockopt+0x10/0x10
[  493.261411][T11778]  do_sock_setsockopt+0x222/0x480
[  493.266420][T11778]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  493.271952][T11778]  ? lock_acquire+0x2f/0xb0
[  493.276450][T11778]  __sys_setsockopt+0x1a0/0x230
[  493.281294][T11778]  __x64_sys_setsockopt+0xbd/0x160
[  493.286396][T11778]  ? do_syscall_64+0x91/0x250
[  493.291060][T11778]  ? lockdep_hardirqs_on+0x7c/0x110
[  493.296250][T11778]  do_syscall_64+0xcd/0x250
[  493.300740][T11778]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  493.306620][T11778] RIP: 0033:0x7f14f4185d29
[  493.311017][T11778] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  493.330610][T11778] RSP: 002b:00007f14f505e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  493.339005][T11778] RAX: ffffffffffffffda RBX: 00007f14f4375fa0 RCX: 00007f14f4185d29
[  493.346962][T11778] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000003
[  493.354914][T11778] RBP: 00007f14f4201a20 R08: 0000000000000020 R09: 0000000000000000
[  493.362870][T11778] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000000
[  493.370822][T11778] R13: 0000000000000000 R14: 00007f14f4375fa0 R15: 00007fff8e30b988
[  493.378789][T11778]  </TASK>
[  493.395929][T11778] Mem-Info:
[  493.439081][T11778] active_anon:10889 inactive_anon:0 isolated_anon:0
[  493.439081][T11778]  active_file:11526 inactive_file:49117 isolated_file:0
[  493.439081][T11778]  unevictable:768 dirty:657 writeback:0
[  493.439081][T11778]  slab_reclaimable:10975 slab_unreclaimable:110836
[  493.439081][T11778]  mapped:33476 shmem:6283 pagetables:1312
[  493.439081][T11778]  sec_pagetables:0 bounce:0
[  493.439081][T11778]  kernel_misc_reclaimable:0
[  493.439081][T11778]  free:1290622 free_pcp:5078 free_cma:0
[  493.567697][   T29] audit: type=1400 audit(1734517587.999:1807): avc:  denied  { lock } for  pid=11785 comm="syz.3.1197" path="socket:[35658]" dev="sockfs" ino=35658 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  493.609258][T11778] Node 0 active_anon:35656kB inactive_anon:0kB active_file:46104kB inactive_file:196316kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:130756kB dirty:2624kB writeback:0kB shmem:15796kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12728kB pagetables:5248kB sec_pagetables:0kB all_unreclaimable? no
[  493.683672][T11778] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:152kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:60kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  493.717629][T11778] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  493.745762][T11778] lowmem_reserve[]: 0 2459 2459 0 0
[  493.751140][T11778] Node 0 DMA32 free:1262040kB boost:0kB min:34152kB low:42688kB high:51224kB reserved_highatomic:0KB active_anon:37552kB inactive_anon:0kB active_file:46104kB inactive_file:196220kB unevictable:1536kB writepending:2620kB present:3129332kB managed:2547148kB mlocked:0kB bounce:0kB free_pcp:8984kB local_pcp:7784kB free_cma:0kB
[  493.813247][T11778] lowmem_reserve[]: 0 0 0 0 0
[  493.818087][T11778] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:4kB inactive_anon:0kB active_file:0kB inactive_file:96kB unevictable:0kB writepending:4kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  493.866986][T11778] lowmem_reserve[]: 0 0 0 0 0
[  493.871852][T11778] Node 1 Normal free:3892884kB boost:0kB min:55748kB low:69684kB high:83620kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:152kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:15280kB local_pcp:440kB free_cma:0kB
[  493.915716][T11778] lowmem_reserve[]: 0 0 0 0 0
[  493.999133][T11778] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  494.038333][T11778] Node 0 DMA32: 746*4kB (U) 751*8kB (UME) 455*16kB (UME) 100*32kB (UME) 282*64kB (UME) 215*128kB (UME) 132*256kB (UME) 65*512kB (UM) 40*1024kB (UM) 20*2048kB (UM) 254*4096kB (UM) = 1254416kB
[  494.077841][T11778] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  494.089592][T11778] Node 1 Normal: 3*4kB (M) 5*8kB (UME) 6*16kB (UME) 10*32kB (UE) 7*64kB (UME) 18*128kB (UM) 22*256kB (UM) 8*512kB (UME) 3*1024kB (UME) 3*2048kB (UE) 945*4096kB (M) = 3892884kB
[  494.107723][T11778] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  494.117301][T11778] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  494.139107][T11778] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  494.309207][T11778] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  494.326364][T11778] 67901 total pagecache pages
[  494.336459][T11778] 50 pages in swap cache
[  494.348140][T11778] Free swap  = 122588kB
[  494.365635][T11778] Total swap = 124996kB
[  494.377260][T11778] 2097051 pages RAM
[  494.391334][T11778] 0 pages HighMem/MovableOnly
[  494.411029][T11778] 428606 pages reserved
[  494.425752][T11778] 0 pages cma reserved
[  494.754897][T11805] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1199'.
[  495.089370][ T5914] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  495.433246][T11808] erofs (device loop7): cannot find valid erofs superblock
[  495.459365][    T9] gspca_sonixj: i2c_w8 err -110
[  495.689723][    T9] sonixj 9-1:0.0: probe with driver sonixj failed with error -110
[  495.780677][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  495.797195][ T5914] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  495.808175][ T5914] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  495.821445][ T5914] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1c0d, bcdDevice= 0.00
[  495.830808][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  495.840546][ T5914] usb 4-1: config 0 descriptor??
[  495.859528][T11813] smc: net device wg0 applied user defined pnetid SYZ0
[  495.912697][ T5836] Bluetooth: hci4: unexpected event for opcode 0x2042
[  496.229161][    T8] usb 8-1: new full-speed USB device number 32 using dummy_hcd
[  496.253576][ T5914] hid (null): unknown global tag 0xd
[  496.266203][ T5914] corsair-psu 0003:1B1C:1C0D.0008: unknown global tag 0xd
[  496.273605][ T5914] corsair-psu 0003:1B1C:1C0D.0008: item 0 4 1 13 parsing failed
[  496.281880][ T5914] corsair-psu 0003:1B1C:1C0D.0008: probe with driver corsair-psu failed with error -22
[  496.449935][    T8] usb 8-1: too many endpoints for config 1 interface 0 altsetting 253: 68, using maximum allowed: 30
[  496.524024][T11801] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1201'.
[  496.537720][    T8] usb 8-1: config 1 interface 0 altsetting 253 endpoint 0x1 has invalid wMaxPacketSize 0
[  496.555374][    T8] usb 8-1: config 1 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 68
[  496.572569][    T8] usb 8-1: config 1 interface 0 has no altsetting 0
[  496.589109][    T8] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  496.606139][    T8] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  496.618781][    T8] usb 8-1: Product: syz
[  496.692780][    T8] usb 8-1: Manufacturer: syz
[  496.702877][    T9] usb 9-1: USB disconnect, device number 34
[  496.731642][    T8] usb 8-1: SerialNumber: syz
[  496.933053][T11856] erofs (device loop4): cannot find valid erofs superblock
[  497.280601][T11860] syz.2.1218: attempt to access beyond end of device
[  497.280601][T11860] nbd2: rw=0, sector=64, nr_sectors = 2 limit=0
[  497.377789][T11860] isofs_fill_super: bread failed, dev=nbd2, iso_blknum=16, block=32
[  497.463865][T11862] netlink: 300 bytes leftover after parsing attributes in process `syz.8.1215'.
[  497.531251][T11862] 9pnet_fd: Insufficient options for proto=fd
[  497.680701][T11860] fuse: Unknown parameter 'group_iHD00000000000000000000'
[  497.744054][T11828] netlink: 36 bytes leftover after parsing attributes in process `syz.7.1209'.
[  497.744737][    T8] usblp 8-1:1.0: usblp0: USB Unidirectional printer dev 32 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  497.784312][   T29] audit: type=1400 audit(1734517592.219:1808): avc:  denied  { getopt } for  pid=11827 comm="syz.7.1209" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  497.818074][   T48] usb 8-1: USB disconnect, device number 32
[  497.828681][   T48] usblp0: removed
[  497.890961][ T7952] usb 4-1: USB disconnect, device number 10
[  497.963318][   T29] audit: type=1400 audit(1734517592.399:1809): avc:  denied  { write } for  pid=11870 comm="syz.2.1222" name="fd" dev="proc" ino=36891 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  498.031159][   T29] audit: type=1400 audit(1734517592.439:1810): avc:  denied  { add_name } for  pid=11870 comm="syz.2.1222" name="3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  498.056539][   T29] audit: type=1400 audit(1734517592.439:1811): avc:  denied  { create } for  pid=11870 comm="syz.2.1222" name="3" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=file permissive=1
[  498.113049][   T29] audit: type=1400 audit(1734517592.449:1812): avc:  denied  { associate } for  pid=11870 comm="syz.2.1222" name="3" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  498.759143][    T8] usb 9-1: new high-speed USB device number 35 using dummy_hcd
[  498.786695][T11882] sp0: Synchronizing with TNC
[  498.909198][    T8] usb 9-1: Using ep0 maxpacket: 16
[  498.916949][    T8] usb 9-1: config 1 interface 0 altsetting 6 bulk endpoint 0x3 has invalid maxpacket 1024
[  498.927047][    T8] usb 9-1: config 1 interface 0 has no altsetting 0
[  498.938951][    T8] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  498.973392][    T8] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  499.004987][    T8] usb 9-1: Product: syz
[  499.012967][    T8] usb 9-1: Manufacturer: syz
[  499.027760][    T8] usb 9-1: SerialNumber: syz
[  499.029076][   T48] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  499.128543][T11869] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22
[  499.361480][T11869] program syz.8.1221 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  499.399896][   T29] audit: type=1400 audit(1734517593.839:1813): avc:  denied  { listen } for  pid=11868 comm="syz.8.1221" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  499.424549][ T5836] ==================================================================
[  499.432606][ T5836] BUG: KASAN: slab-use-after-free in l2cap_sock_ready_cb+0x16a/0x170
[  499.440651][ T5836] Read of size 8 at addr ffff8880572b1188 by task kworker/u9:7/5836
[  499.448594][ T5836] 
[  499.450901][ T5836] CPU: 1 UID: 0 PID: 5836 Comm: kworker/u9:7 Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0
[  499.461718][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  499.471756][ T5836] Workqueue: hci3 hci_rx_work
[  499.476413][ T5836] Call Trace:
[  499.479665][ T5836]  <TASK>
[  499.482584][ T5836]  dump_stack_lvl+0x116/0x1f0
[  499.487250][ T5836]  print_report+0xc3/0x620
[  499.491640][ T5836]  ? __virt_addr_valid+0x5e/0x590
[  499.496637][ T5836]  ? __phys_addr+0xc6/0x150
[  499.501116][ T5836]  kasan_report+0xd9/0x110
[  499.505518][ T5836]  ? l2cap_sock_ready_cb+0x16a/0x170
[  499.510796][ T5836]  ? l2cap_sock_ready_cb+0x16a/0x170
[  499.516057][ T5836]  l2cap_sock_ready_cb+0x16a/0x170
[  499.521144][ T5836]  l2cap_le_start+0x1ec/0xe40
[  499.525791][ T5836]  ? l2cap_connect_cfm+0x5f4/0xf10
[  499.530875][ T5836]  ? __pfx_l2cap_le_start+0x10/0x10
[  499.536049][ T5836]  ? __pfx_l2cap_global_fixed_chan+0x10/0x10
[  499.542019][ T5836]  ? __l2cap_chan_add+0x3db/0xa20
[  499.547017][ T5836]  l2cap_connect_cfm+0x99f/0xf10
[  499.551927][ T5836]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  499.557355][ T5836]  ? hci_cb_lookup+0x319/0x4e0
[  499.562094][ T5836]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  499.567524][ T5836]  le_conn_complete_evt+0x168d/0x1da0
[  499.572868][ T5836]  ? __pfx_lock_release+0x10/0x10
[  499.577862][ T5836]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  499.583552][ T5836]  ? trace_contention_end+0xee/0x140
[  499.588810][ T5836]  hci_le_conn_complete_evt+0x23c/0x370
[  499.594330][ T5836]  hci_le_meta_evt+0x2e2/0x5d0
[  499.599069][ T5836]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  499.605105][ T5836]  hci_event_packet+0x666/0x1180
[  499.610012][ T5836]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  499.615266][ T5836]  ? __pfx_hci_event_packet+0x10/0x10
[  499.620610][ T5836]  ? mark_held_locks+0x9f/0xe0
[  499.625343][ T5836]  ? kcov_remote_start+0x3cf/0x6e0
[  499.630424][ T5836]  ? lockdep_hardirqs_on+0x7c/0x110
[  499.635593][ T5836]  hci_rx_work+0x2c5/0x16b0
[  499.640069][ T5836]  ? process_one_work+0x921/0x1ba0
[  499.645164][ T5836]  process_one_work+0x9c5/0x1ba0
[  499.650071][ T5836]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  499.655672][ T5836]  ? __pfx_process_one_work+0x10/0x10
[  499.661024][ T5836]  ? rcu_is_watching+0x12/0xc0
[  499.665765][ T5836]  ? assign_work+0x1a0/0x250
[  499.670339][ T5836]  worker_thread+0x6c8/0xf00
[  499.674922][ T5836]  ? __pfx_worker_thread+0x10/0x10
[  499.680002][ T5836]  kthread+0x2c1/0x3a0
[  499.684043][ T5836]  ? _raw_spin_unlock_irq+0x23/0x50
[  499.689211][ T5836]  ? __pfx_kthread+0x10/0x10
[  499.693773][ T5836]  ret_from_fork+0x45/0x80
[  499.698155][ T5836]  ? __pfx_kthread+0x10/0x10
[  499.702717][ T5836]  ret_from_fork_asm+0x1a/0x30
[  499.707456][ T5836]  </TASK>
[  499.710446][ T5836] 
[  499.712737][ T5836] Allocated by task 11869:
[  499.717114][ T5836]  kasan_save_stack+0x33/0x60
[  499.721760][ T5836]  kasan_save_track+0x14/0x30
[  499.726403][ T5836]  __kasan_kmalloc+0xaa/0xb0
[  499.730960][ T5836]  __kmalloc_noprof+0x21c/0x510
[  499.735779][ T5836]  sk_prot_alloc+0x1a8/0x2a0
[  499.740343][ T5836]  sk_alloc+0x36/0xb90
[  499.744385][ T5836]  bt_sock_alloc+0x3b/0x3a0
[  499.748857][ T5836]  l2cap_sock_alloc.constprop.0+0x33/0x1c0
[  499.754635][ T5836]  l2cap_sock_create+0x123/0x1f0
[  499.759542][ T5836]  bt_sock_create+0x182/0x350
[  499.764183][ T5836]  __sock_create+0x335/0x8d0
[  499.768741][ T5836]  __sys_socket+0x14f/0x260
[  499.773218][ T5836]  __x64_sys_socket+0x72/0xb0
[  499.777866][ T5836]  do_syscall_64+0xcd/0x250
[  499.782337][ T5836]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.788198][ T5836] 
[  499.790492][ T5836] Freed by task 11868:
[  499.794524][ T5836]  kasan_save_stack+0x33/0x60
[  499.799167][ T5836]  kasan_save_track+0x14/0x30
[  499.803811][ T5836]  kasan_save_free_info+0x3b/0x60
[  499.808803][ T5836]  __kasan_slab_free+0x51/0x70
[  499.813532][ T5836]  kfree+0x14f/0x4b0
[  499.817392][ T5836]  __sk_destruct+0x5eb/0x720
[  499.821953][ T5836]  sk_destruct+0xc2/0xf0
[  499.826164][ T5836]  __sk_free+0xf4/0x3e0
[  499.830290][ T5836]  sk_free+0x6a/0x90
[  499.834155][ T5836]  l2cap_sock_kill+0x171/0x2d0
[  499.838889][ T5836]  l2cap_sock_release+0x189/0x210
[  499.843883][ T5836]  __sock_release+0xb0/0x270
[  499.848440][ T5836]  sock_close+0x1c/0x30
[  499.852561][ T5836]  __fput+0x3f8/0xb60
[  499.856510][ T5836]  task_work_run+0x14e/0x250
[  499.861069][ T5836]  syscall_exit_to_user_mode+0x27b/0x2a0
[  499.866669][ T5836]  do_syscall_64+0xda/0x250
[  499.871145][ T5836]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  499.877007][ T5836] 
[  499.879300][ T5836] The buggy address belongs to the object at ffff8880572b1000
[  499.879300][ T5836]  which belongs to the cache kmalloc-2k of size 2048
[  499.893318][ T5836] The buggy address is located 392 bytes inside of
[  499.893318][ T5836]  freed 2048-byte region [ffff8880572b1000, ffff8880572b1800)
[  499.907163][ T5836] 
[  499.909455][ T5836] The buggy address belongs to the physical page:
[  499.915829][ T5836] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x572b0
[  499.924554][ T5836] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  499.933015][ T5836] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  499.940957][ T5836] page_type: f5(slab)
[  499.944905][ T5836] raw: 00fff00000000040 ffff88801b042000 0000000000000000 0000000000000001
[  499.953454][ T5836] raw: 0000000000000000 0000000080080008 00000001f5000000 0000000000000000
[  499.962003][ T5836] head: 00fff00000000040 ffff88801b042000 0000000000000000 0000000000000001
[  499.970639][ T5836] head: 0000000000000000 0000000080080008 00000001f5000000 0000000000000000
[  499.979279][ T5836] head: 00fff00000000003 ffffea00015cac01 ffffffffffffffff 0000000000000000
[  499.987925][ T5836] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  499.996561][ T5836] page dumped because: kasan: bad access detected
[  500.002937][ T5836] page_owner tracks the page as allocated
[  500.008625][ T5836] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 11601, tgid 11601 (syz-executor), ts 481401047114, free_ts 481204917462
[  500.030296][ T5836]  post_alloc_hook+0x2d1/0x350
[  500.035031][ T5836]  get_page_from_freelist+0xfce/0x2f80
[  500.040458][ T5836]  __alloc_pages_noprof+0x223/0x25b0
[  500.045712][ T5836]  alloc_pages_mpol_noprof+0x2c9/0x610
[  500.051140][ T5836]  new_slab+0x2c9/0x410
[  500.055261][ T5836]  ___slab_alloc+0xd7d/0x17a0
[  500.059909][ T5836]  __slab_alloc.constprop.0+0x56/0xb0
[  500.065246][ T5836]  __kmalloc_cache_noprof+0xfa/0x410
[  500.070497][ T5836]  rtnl_newlink+0x109/0x1d60
[  500.075061][ T5836]  rtnetlink_rcv_msg+0x95b/0xea0
[  500.079969][ T5836]  netlink_rcv_skb+0x16b/0x440
[  500.084702][ T5836]  netlink_unicast+0x53c/0x7f0
[  500.089433][ T5836]  netlink_sendmsg+0x8b8/0xd70
[  500.094164][ T5836]  __sys_sendto+0x488/0x4f0
[  500.098634][ T5836]  __x64_sys_sendto+0xe0/0x1c0
[  500.103367][ T5836]  do_syscall_64+0xcd/0x250
[  500.107838][ T5836] page last free pid 11601 tgid 11601 stack trace:
[  500.114302][ T5836]  free_unref_page+0x661/0x1080
[  500.119127][ T5836]  __put_partials+0x14c/0x170
[  500.123779][ T5836]  qlist_free_all+0x4e/0x120
[  500.128336][ T5836]  kasan_quarantine_reduce+0x195/0x1e0
[  500.133762][ T5836]  __kasan_slab_alloc+0x69/0x90
[  500.138580][ T5836]  __kmalloc_cache_noprof+0x243/0x410
[  500.143917][ T5836]  kobject_uevent_env+0x265/0x1870
[  500.148999][ T5836]  __kobject_del+0x168/0x1f0
[  500.153572][ T5836]  kobject_put+0x327/0x5a0
[  500.157957][ T5836]  net_rx_queue_update_kobjects+0x478/0x5f0
[  500.163821][ T5836]  netif_set_real_num_rx_queues+0x169/0x210
[  500.169681][ T5836]  veth_init_queues+0x151/0x190
[  500.174499][ T5836]  veth_newlink+0x462/0x8f0
[  500.178969][ T5836]  rtnl_newlink+0xb95/0x1d60
[  500.183530][ T5836]  rtnetlink_rcv_msg+0x95b/0xea0
[  500.188437][ T5836]  netlink_rcv_skb+0x16b/0x440
[  500.193171][ T5836] 
[  500.195464][ T5836] Memory state around the buggy address:
[  500.201058][ T5836]  ffff8880572b1080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  500.209087][ T5836]  ffff8880572b1100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  500.217114][ T5836] >ffff8880572b1180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  500.225146][ T5836]                       ^
[  500.229439][ T5836]  ffff8880572b1200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  500.237473][ T5836]  ffff8880572b1280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  500.245500][ T5836] ==================================================================
[  500.253546][    C1] vkms_vblank_simulate: vblank timer overrun
[  500.263193][ T5836] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  500.270388][ T5836] CPU: 1 UID: 0 PID: 5836 Comm: kworker/u9:7 Not tainted 6.13.0-rc3-syzkaller-00044-gaef25be35d23 #0
[  500.281224][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024
[  500.291276][ T5836] Workqueue: hci3 hci_rx_work
[  500.295952][ T5836] Call Trace:
[  500.299219][ T5836]  <TASK>
[  500.302137][ T5836]  dump_stack_lvl+0x3d/0x1f0
[  500.306720][ T5836]  panic+0x71d/0x800
[  500.310611][ T5836]  ? __pfx_panic+0x10/0x10
[  500.315023][ T5836]  ? preempt_schedule_thunk+0x1a/0x30
[  500.320394][ T5836]  ? preempt_schedule_common+0x44/0xc0
[  500.325853][ T5836]  check_panic_on_warn+0xab/0xb0
[  500.330769][ T5836]  end_report+0x117/0x180
[  500.335080][ T5836]  kasan_report+0xe9/0x110
[  500.339478][ T5836]  ? l2cap_sock_ready_cb+0x16a/0x170
[  500.344747][ T5836]  ? l2cap_sock_ready_cb+0x16a/0x170
[  500.350015][ T5836]  l2cap_sock_ready_cb+0x16a/0x170
[  500.355107][ T5836]  l2cap_le_start+0x1ec/0xe40
[  500.359762][ T5836]  ? l2cap_connect_cfm+0x5f4/0xf10
[  500.364855][ T5836]  ? __pfx_l2cap_le_start+0x10/0x10
[  500.370035][ T5836]  ? __pfx_l2cap_global_fixed_chan+0x10/0x10
[  500.375997][ T5836]  ? __l2cap_chan_add+0x3db/0xa20
[  500.381002][ T5836]  l2cap_connect_cfm+0x99f/0xf10
[  500.385924][ T5836]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  500.391366][ T5836]  ? hci_cb_lookup+0x319/0x4e0
[  500.396112][ T5836]  ? __pfx_l2cap_connect_cfm+0x10/0x10
[  500.401553][ T5836]  le_conn_complete_evt+0x168d/0x1da0
[  500.406907][ T5836]  ? __pfx_lock_release+0x10/0x10
[  500.411910][ T5836]  ? __pfx_le_conn_complete_evt+0x10/0x10
[  500.417607][ T5836]  ? trace_contention_end+0xee/0x140
[  500.422878][ T5836]  hci_le_conn_complete_evt+0x23c/0x370
[  500.428408][ T5836]  hci_le_meta_evt+0x2e2/0x5d0
[  500.433152][ T5836]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  500.439201][ T5836]  hci_event_packet+0x666/0x1180
[  500.444120][ T5836]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  500.449388][ T5836]  ? __pfx_hci_event_packet+0x10/0x10
[  500.454739][ T5836]  ? mark_held_locks+0x9f/0xe0
[  500.459483][ T5836]  ? kcov_remote_start+0x3cf/0x6e0
[  500.464576][ T5836]  ? lockdep_hardirqs_on+0x7c/0x110
[  500.469758][ T5836]  hci_rx_work+0x2c5/0x16b0
[  500.474245][ T5836]  ? process_one_work+0x921/0x1ba0
[  500.479337][ T5836]  process_one_work+0x9c5/0x1ba0
[  500.484256][ T5836]  ? __pfx_lock_acquire.part.0+0x10/0x10
[  500.489871][ T5836]  ? __pfx_process_one_work+0x10/0x10
[  500.495220][ T5836]  ? rcu_is_watching+0x12/0xc0
[  500.499967][ T5836]  ? assign_work+0x1a0/0x250
[  500.504535][ T5836]  worker_thread+0x6c8/0xf00
[  500.509109][ T5836]  ? __pfx_worker_thread+0x10/0x10
[  500.514197][ T5836]  kthread+0x2c1/0x3a0
[  500.518247][ T5836]  ? _raw_spin_unlock_irq+0x23/0x50
[  500.523429][ T5836]  ? __pfx_kthread+0x10/0x10
[  500.528003][ T5836]  ret_from_fork+0x45/0x80
[  500.532399][ T5836]  ? __pfx_kthread+0x10/0x10
[  500.536973][ T5836]  ret_from_fork_asm+0x1a/0x30
[  500.541726][ T5836]  </TASK>
[  500.544901][ T5836] Kernel Offset: disabled
[  500.549197][ T5836] Rebooting in 86400 seconds..