last executing test programs:

2m48.856889781s ago: executing program 0 (id=263):
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff3}, {}, {0x0, 0x8}}}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha1\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000001bc0)={0x0, 0x0, &(0x7f0000001b80)={&(0x7f0000001580)={{0x14}, [@NFT_MSG_NEWSETELEM={0x28, 0xc, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x4}, [@NFTA_SET_ELEM_LIST_SET_ID={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWTABLE={0x1d8, 0x0, 0xa, 0x0, 0x0, 0x0, {0x3, 0x0, 0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}, @NFTA_TABLE_USERDATA={0xb1, 0x6, "9410b50908866dbdab582e231107102c8be28e2379adbdc0974c3f6554bd2617ebc509acbfffec0904001647575aeffe29e22c568c2f579f51ba49d0b8be8ce7c58732e59873ab86a844683f36157a2179775d5ceda8de0d55cf1472d0027dce616ec74f59ba71b5c197a6393d4769f87a7c06f5d856b10fd455da6110c96e25c00dd6644a22d68dec9f08af165764621327ceb6da1cf63c41a5489de49f281b50a0af6453ad99f1f23a47ad62"}, @NFTA_TABLE_USERDATA={0xf7, 0x6, "54501b4a81eb6ad0328be729edaafd50c7757f5e5644ed3cd1bc598980b22b922994b492bc4542fa16e70beb37a43b82d3aaa54a3ce71bd61e2cba124249181aed7c0656a7b2293db01743878f08b45912c4cf597560242ac8c0edb0acd24c75d5ad56c35ea584e29e899c45ef7180a7816963cff241ef3564e76a2b0041276d3f066a0dbdf3c06c3777e389c2b1521e44362c585770e041facffdaabb2f5837bec8bdf51fe04c8c5958a108b64937de25cfce78ab446ae1db679ce961588a084ef4dd356a23ada30582556f6197cc0640bac414d3a340c67d05813806c85ebaed40554f24f4c5c08700e61e50455838355cfa"}, @NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x17c, 0x6, 0xa, 0x301, 0x0, 0x0, {0x7, 0x0, 0x4}, [@NFTA_RULE_CHAIN_ID={0x8, 0xb, 0x1, 0x0, 0x4}, @NFTA_RULE_COMPAT={0x24, 0x5, 0x0, 0x1, [@NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x3}, @NFTA_RULE_COMPAT_FLAGS={0x8, 0x2, 0x1, 0x0, 0x7}, @NFTA_RULE_COMPAT_PROTO_BRIDGE={0x8, 0x1, 0x1, 0x0, 0x9100}]}, @NFTA_RULE_EXPRESSIONS={0x10c, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_MASQ_REG_PROTO_MAX={0x8, 0x3, 0x1, 0x0, 0xc}]}}}, {0x48, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0xa}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0xe}, @NFTA_DUP_SREG_DEV={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0x15}, @NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0x12}, @NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0x12}, @NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0xc, 0x1, 0x0, 0x1, @fib={{0x8}, @void}}, {0x10, 0x1, 0x0, 0x1, @quota={{0xa}, @void}}, {0x58, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x4c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x1}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x14}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x1}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_CT_DIRECTION={0x5}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0xd}, @NFTA_CT_SREG={0x8, 0x4, 0x1, 0x0, 0x8}]}}}, {0x10, 0x1, 0x0, 0x1, @tproxy={{0xb}, @void}}, {0x20, 0x1, 0x0, 0x1, @byteorder={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_BYTEORDER_SREG={0x8, 0x1, 0x1, 0x0, 0x15}]}}}]}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x4}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x2}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELSETELEM={0x14, 0xe, 0xa, 0x401, 0x0, 0x0, {0x7, 0x0, 0xa}}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x3b8}, 0x1, 0x0, 0x0, 0x2000c084}, 0x4040)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000), 0x8)
close(r4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=@newqdisc={0x44, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x9, 0x1}}}}]}, 0x44}}, 0x0)
r5 = socket(0x2, 0x3, 0x6)
setsockopt$SO_TIMESTAMPING(r5, 0x1, 0x41, &(0x7f0000000240)=0x1fc9, 0x4)
sendto$inet(r5, 0x0, 0x30, 0x40000, &(0x7f0000000140)={0x2, 0xc, @remote}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000bc0)=@newtfilter={0x38, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {}, {0x1c, 0xfff1}}, [@filter_kind_options=@f_u32={{0x8}, {0xc, 0x2, [@TCA_U32_DIVISOR={0x8, 0x4, 0x2}]}}]}, 0x38}}, 0x0)
r6 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r6, &(0x7f00000002c0), 0x40000000000009f, 0x0)

2m48.56536732s ago: executing program 0 (id=266):
r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x20800, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x17, 0x4, &(0x7f0000001300)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x0, 0x1}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x14, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffe0}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x40, 0x4, 0x800, 0x3, 0x7}, 0x7, 0x1, 0x1, 0x90f, 0x400, 0x1c, 0x3, 0x11, 0x1, 0xffffffff, {0x3, 0xf6, 0x7, 0x7fff, 0x3f05dda3, 0x1000}}}}]}, 0x78}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001c00)=@newtfilter={0x7c, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xf, 0xf}, {}, {0x7}}, [@TCA_RATE={0x6, 0x5, {0x1, 0xd}}, @filter_kind_options=@f_cgroup={{0xb}, {0x44, 0x2, [@TCA_CGROUP_POLICE={0x40, 0x2, [@TCA_POLICE_TBF={0x3c, 0x1, {0x800, 0x6, 0x8, 0x8, 0x4, {0x6, 0x0, 0xb, 0x2, 0x8}, {0x4, 0x1, 0x30, 0x1, 0x7, 0x3}, 0xb, 0x5, 0x1}}]}]}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0)
syz_init_net_socket$llc(0x1a, 0x1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x6, &(0x7f0000000140)=ANY=[@ANYBLOB="05000000000000006b110800000000008510000002000000850000000000000095000000000000009500a50500000000389230606378b65aa92ac1ac2a77cdc867e41e3acbda96d4b848d263de77bf1e6d8b17e03ac18017c094eb881e"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="6000000002060103000000000000000000000004050001000700000013000300686173683a6e65742c696661636500000900020073797a30000000400500040000000000050005000a00000014000780050015000a00000008001240"], 0x60}}, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
getuid()
r4 = socket$netlink(0x10, 0x3, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
r6 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r6, &(0x7f0000000b00)={0x0, 0x0, 0x0}, 0x20000000)
getsockname$packet(r6, &(0x7f0000000040)={0x11, 0x0, <r7=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/19, @ANYRES32=r7, @ANYBLOB], 0x3c}}, 0x0)
sendmsg$nl_route(r4, 0x0, 0x0)
ioperm(0x200, 0x10, 0x100000004)
quotactl$Q_QUOTAON(0xffffffff80000200, 0x0, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
pipe(&(0x7f0000000080)={<r8=>0xffffffffffffffff})
close(r8)

2m48.279108938s ago: executing program 0 (id=267):
bpf$MAP_CREATE(0x0, &(0x7f0000001140)=@base={0x6, 0x4, 0x4, 0x2, 0x9020, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x10000000, 0x1, 0x0, @value, @void, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0)

2m47.941414718s ago: executing program 0 (id=270):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@newtaction={0x84, 0x30, 0xb, 0x5, 0x2000000, {}, [{0x70, 0x1, [@m_ct={0x6c, 0x1, 0x0, 0x0, {{0x7}, {0x44, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x80000001, 0x0, 0x5, 0x2, 0x400}}, @TCA_CT_LABELS={0x14, 0x7, "ff07f6e34c99ced2e337e1bca3848e68"}, @TCA_CT_LABELS_MASK={0x14, 0x8, "08a09f7b718b96e456a0f3f536b0c5c9"}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc}}}]}]}, 0x84}, 0x1, 0x0, 0x0, 0x400c891}, 0x0)

2m46.56708394s ago: executing program 0 (id=272):
r0 = socket$nl_route(0x10, 0x3, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
fsync(0xffffffffffffffff)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000000c0)=@newlink={0x40, 0x10, 0x439, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x9905}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_PDP_HASHSIZE={0x8, 0x3, 0x7fff}, @IFLA_GTP_FD0={0x8}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x881}, 0x8000)

2m45.233650971s ago: executing program 0 (id=276):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x1000)=nil)
socket(0x11, 0x2, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x7, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0xc2842, 0x132)
ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000040)={0x200, 0xfffffff9, 0xbf5b, 0x0, 0x3})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket(0x11, 0x5, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0x400, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)
socket$kcm(0x10, 0x3, 0x10)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, 0x0)
io_uring_setup(0x47e3, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_open_procfs(0x0, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_SET_SIZE_BLOCKS(r4, 0xab07, 0xb)
r5 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r5, 0xab00, r6)
ioctl$NBD_DO_IT(r5, 0xab03)
ioctl$NBD_CLEAR_SOCK(r1, 0xab04)
socket$key(0xf, 0x3, 0x2)
syz_open_dev$video4linux(&(0x7f0000000000), 0x7fffffff, 0x80)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000040000000100000000000000", @ANYRES32=r0, @ANYBLOB="00000000000000000000000000000000000000002d8ccc96663e4fb05e32df2d3b79c994a99682379cab481f8e10bf95505efef1ac30a19c7f379b1a939e69f00c7e262464f3440ebb82e2a6fd10ed67ab40520be6868d375e8bd8", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0300"/28], 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r7, &(0x7f0000000140), 0x0}, 0x20)

2m29.882966939s ago: executing program 32 (id=276):
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x1000)=nil)
socket(0x11, 0x2, 0x0)
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x7, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0xc2842, 0x132)
ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000040)={0x200, 0xfffffff9, 0xbf5b, 0x0, 0x3})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
r3 = socket(0x11, 0x5, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0x400, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)
socket$kcm(0x10, 0x3, 0x10)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, 0x0)
io_uring_setup(0x47e3, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
syz_open_procfs(0x0, 0x0)
r4 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x0)
ioctl$NBD_SET_SIZE_BLOCKS(r4, 0xab07, 0xb)
r5 = syz_open_dev$ndb(&(0x7f00000001c0), 0x0, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
ioctl$NBD_SET_SOCK(r5, 0xab00, r6)
ioctl$NBD_DO_IT(r5, 0xab03)
ioctl$NBD_CLEAR_SOCK(r1, 0xab04)
socket$key(0xf, 0x3, 0x2)
syz_open_dev$video4linux(&(0x7f0000000000), 0x7fffffff, 0x80)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000040000000100000000000000", @ANYRES32=r0, @ANYBLOB="00000000000000000000000000000000000000002d8ccc96663e4fb05e32df2d3b79c994a99682379cab481f8e10bf95505efef1ac30a19c7f379b1a939e69f00c7e262464f3440ebb82e2a6fd10ed67ab40520be6868d375e8bd8", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0300"/28], 0x50)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000000)={r7, &(0x7f0000000140), 0x0}, 0x20)

1m0.958938185s ago: executing program 3 (id=516):
socket$inet(0x2, 0x4000000000000001, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18)
openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c)
r0 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0xdff9, 0x800, 0x1000}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0)

1m0.021349539s ago: executing program 3 (id=520):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000180), 0xfea7)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
ioctl$PPPIOCATTACH(0xffffffffffffffff, 0x4004743d, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff0000", @ANYBLOB, @ANYBLOB], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0xa4}}, 0x0, 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
prlimit64(0x0, 0xe, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
lseek(r6, 0x0, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)

58.458569194s ago: executing program 3 (id=523):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r1, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000080)={0x5, 0x1000086}, 0x0)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
recvmmsg(r1, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)
recvfrom(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={{0x14, 0x10, 0x1, 0x0, 0x84000000}, [], {0x14, 0x10}}, 0x28}}, 0x0)
r3 = syz_open_dev$media(&(0x7f00000000c0), 0x1ff, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r4, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)
recvmmsg(0xffffffffffffffff, &(0x7f00000048c0)=[{{&(0x7f0000000100)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, &(0x7f0000001540)=[{&(0x7f0000000180)=""/99, 0x63}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/152, 0x98}, {&(0x7f0000000000)=""/27, 0x1b}, {&(0x7f00000012c0)=""/126, 0x7e}, {&(0x7f0000001340)=""/162, 0xa2}, {&(0x7f0000001400)=""/71, 0x47}, {&(0x7f0000001480)=""/173, 0xad}], 0x8}, 0x4}, {{&(0x7f00000015c0)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f0000001800)=[{&(0x7f0000001640)=""/145, 0x91}, {&(0x7f0000001700)=""/216, 0xd8}, {&(0x7f0000000080)=""/28, 0x1c}], 0x3, &(0x7f0000001840)=""/86, 0x56}, 0x8}, {{&(0x7f00000018c0), 0x80, &(0x7f0000001cc0)=[{&(0x7f0000001940)=""/170, 0xaa}, {&(0x7f0000001a00)=""/114, 0x72}, {&(0x7f0000001a80)=""/110, 0x6e}, {&(0x7f0000001b00)=""/184, 0xb8}, {&(0x7f0000001bc0)=""/108, 0x6c}, {&(0x7f0000001c40)=""/47, 0x2f}, {&(0x7f0000001c80)=""/36, 0x24}], 0x7, &(0x7f0000001d40)=""/61, 0x3d}, 0x2}, {{&(0x7f0000001d80)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000002240)=[{&(0x7f0000001e00)=""/81, 0x51}, {&(0x7f0000001e80)=""/41, 0x29}, {&(0x7f0000001ec0)}, {&(0x7f0000001f00)=""/241, 0xf1}, {&(0x7f0000004a00)=""/79, 0x4f}, {&(0x7f0000002080)=""/156, 0x9c}, {&(0x7f0000002140)=""/55, 0x37}, {&(0x7f0000002180)=""/16, 0x10}, {&(0x7f00000021c0)=""/104, 0x68}], 0x9, &(0x7f0000002300)=""/115, 0x73}, 0x2}, {{&(0x7f0000002380)=@qipcrtr, 0x80, &(0x7f00000047c0)=[{&(0x7f0000002400)=""/4096, 0x1000}, {&(0x7f0000003400)=""/5, 0x5}, {&(0x7f0000003440)=""/237, 0xed}, {&(0x7f0000003540)=""/255, 0xff}, {&(0x7f0000003640)=""/71, 0x47}, {&(0x7f00000036c0)=""/4096, 0x1000}, {&(0x7f00000046c0)=""/238, 0xee}], 0x7, &(0x7f0000004840)=""/72, 0x48}, 0x9}], 0x5, 0x1, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r3, 0x80047c05, &(0x7f0000000040))
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000050000f58f04"])

57.99894116s ago: executing program 5 (id=524):
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2)
r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0)
syz_usb_control_io(r1, 0x0, &(0x7f0000000780)={0x44, &(0x7f00000004c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_ep_write$ath9k_ep2(r1, 0x83, 0x9e, &(0x7f0000000280)=@generic={0x0, 0x2, 0x96, "4dec1074", "6b1a40cfbff8c62f85811baf27de6a166a9aca72abcdda5998633724e5c75331ace2b396aff8d6e05ab37cb37aba83ee2cf3f5e4f2cf9529520d848c78f04950be3342148e2358b6b1a5fab098b5f529729ba87a59f14446793d10dbbced3a4bdea62f929e3357c2180649f8851f9fc92e6f2c52fab432fb4acc5ca4f89b2293137b69001e5d00a6a327702c630289811c7a85dab561"})
r3 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSBRKP(r3, 0x5425, 0x7)
ioctl$EVIOCGMASK(r2, 0x80015b1b, 0x0)
ioctl$VIDIOC_S_PARM(r0, 0xc0cc5616, &(0x7f0000000180)={0x4, @capture={0x1000, 0x1, {0x4000006, 0x2}, 0x8}})

5.52595382s ago: executing program 4 (id=529):
memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, 0x0)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x5)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
getsockopt$llc_int(r2, 0x10c, 0x5, &(0x7f0000000000), &(0x7f000000dac0)=0x4)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, 0x0, 0x0)
sendmsg$tipc(r4, 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, 'v\x00', "07f217bd74511f465bbbd5de01000000f91800", "0000f600", "8ce63ecbc640735f"}, 0x38)
sendto$inet6(r3, &(0x7f0000000100)='S', 0x1, 0x8000, 0x0, 0x0)

5.525495507s ago: executing program 1 (id=530):
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
timer_create(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x1400200bce)
syz_open_dev$sndctrl(&(0x7f0000000140), 0xfffffffffffff6cf, 0x177201)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@dev={0xfe, 0x80, '\x00', 0x30}, 0x7, 0x1, 0x0, 0x6, 0x6, 0x1}, 0x20)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x8}, 0x0)
r1 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab190c092d077ce70590fbbd4f8bf4d6ab1cea6dbe9d4a54c17aac0", 0x114)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}, 0xa}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000040), 0x4)
socket$unix(0x1, 0x2, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000300), 0x40000000000000fb, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000040)={0x400, 0x1, 0x4, 0x0, 0x20})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))

5.524359899s ago: executing program 4 (id=531):
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x1000)=nil)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x11, 0x0}}]}, &(0x7f0000000440)=0x10)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000100)={r1, 0x0, 0x7, 0x2, 0x0, 0x3}, 0x14)
syz_emit_ethernet(0x4e, &(0x7f0000000380)=ANY=[@ANYBLOB="0180c20000000180c200000008004d0000400067000000119078ac1e0001e000008101441c0e81e0000001000000026401c44800000009ac1e0101000007ff00000000000e21000c9078210200006f67ca7b9a82f155546c0fbab3dd9eeb75a3cbe89c3984cea5e4427da4839a1129ff8e3a3e02ca6c214269d5ea82d4"], 0x0)
r2 = socket(0x11, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r4)
getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000500)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', <r6=>r5, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x80, 0xfffffffc}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f00000000c0)={'syztnl1\x00', r6, 0x0, 0x0, 0x0, 0x0, 0xd, @dev={0xfe, 0x80, '\x00', 0x8}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x700, 0x0, 0xfffffffc}})
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r8 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030033000b35d25a806c8c6f94f90324fc60100003000a000200053582c137153e37000c0680050002000300", 0x33fe0}], 0x1}, 0x0)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
io_uring_setup(0x175c, 0x0)
shmctl$SHM_STAT(0x0, 0xd, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000800)={0x408, 0x0, 0x8, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_TX_RATES={0x1a0, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x98, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x5, 0x5, 0x1, 0x6, 0x0, 0x0, 0x1]}}, @NL80211_TXRATE_HT={0x2c, 0x2, [{0x5, 0x2}, {0x2, 0x9}, {0x6, 0x7}, {0x2}, {0x1, 0x7}, {0x5, 0x6}, {0x2, 0x1}, {0x1, 0x3}, {0x3, 0x7}, {0x2, 0x1}, {0x1, 0x9}, {0x7, 0x3}, {0x6, 0x5}, {0x0, 0x5}, {0x6, 0x6}, {0x4}, {0x2, 0x7}, {0x2, 0x7}, {0x2, 0x3}, {0x1, 0x8}, {0x1, 0x9}, {0x3, 0x8}, {0x6, 0x5}, {0x3, 0x4}, {0x5, 0x3}, {0x1, 0x1}, {0x1, 0x9}, {0x0, 0x2}, {0x1, 0x8}, {0x7, 0x7}, {0x0, 0x3}, {0x0, 0x4}, {0x7, 0x8}, {0x0, 0x2}, {0x3, 0x4}, {0x6, 0x6}, {}, {0x1, 0xa}, {0x2, 0x5}, {0x2, 0x2}]}, @NL80211_TXRATE_LEGACY={0xc, 0x1, [0x30, 0x16, 0x24, 0x1, 0x30, 0x6, 0x6c, 0x16]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xd9, 0x3, 0x6, 0x8, 0xe0, 0x9, 0x0, 0x9]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x101, 0x9, 0x1, 0x5, 0x0, 0x45f, 0x1]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_2GHZ={0x90, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x24, 0x2, [{0x1}, {0x2, 0x2}, {}, {0x7}, {0x5, 0xa}, {0x0, 0x1}, {0x1, 0x6}, {0x1, 0x4}, {0x7, 0x4}, {0x0, 0x9}, {0x1, 0x3}, {0x2, 0x9}, {0x2, 0x8}, {0x5, 0xa}, {0x5, 0x5}, {0x1}, {0x5}, {0x2, 0x5}, {0x5, 0x6}, {0x5}, {0x6, 0x1}, {0x5, 0x9}, {0x2, 0x1}, {0x4, 0x5}, {0x1, 0x9}, {0x3, 0x5}, {0x1, 0x4}, {0x0, 0x2}, {0x7, 0x8}, {0x0, 0x7}, {0x6, 0x2}, {0x3, 0x6}]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0xc5df, 0xd, 0x4, 0x7, 0x8, 0x7, 0xb]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x8, 0xfc20, 0xffff, 0x4, 0x4, 0x6, 0x6]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x9, 0x10, 0x4, 0x8903, 0xe, 0x100, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfff, 0x4, 0x6, 0x68, 0x0, 0x6c72, 0x7fff, 0x9]}}]}, @NL80211_BAND_6GHZ={0x74, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x1a, 0x2, [{0x0, 0xa}, {0x0, 0x4}, {0x0, 0xa}, {0x6, 0x9}, {0x2, 0x2}, {0x1, 0x6}, {0x5, 0x2}, {0x5, 0x6}, {0x4, 0x2}, {0x4, 0x1}, {0x3, 0x2}, {0x4, 0x1}, {0x6, 0x8}, {0x3, 0x9}, {0x2, 0x4}, {0x3, 0xa}, {0x0, 0x5}, {0x6, 0x4}, {0x6, 0x6}, {0x3, 0xa}, {0x4, 0x2}, {0x6, 0x4}]}, @NL80211_TXRATE_HT={0x29, 0x2, [{0x3, 0x1}, {0x7, 0x1}, {0x1}, {0x0, 0x2}, {0x3, 0xa}, {0x4, 0x1}, {}, {0x3, 0x2}, {0x7, 0xa}, {0x0, 0x5}, {}, {0x7, 0x5}, {0x1, 0x2}, {0x1, 0x2}, {0x2, 0x3}, {0x2, 0x3}, {0x7, 0x6}, {0x1, 0x4}, {0x3, 0xa}, {0x7, 0x4}, {0x3, 0x6}, {0x3, 0x8}, {0x2, 0x7}, {0x1, 0xa}, {0x6, 0x6}, {0x0, 0x8}, {0x1, 0x4}, {0x3, 0x1}, {0x4, 0x6}, {0x4, 0x7}, {0x7}, {0x1, 0x8}, {0x1, 0x8}, {0x1, 0x8}, {0x3, 0x9}, {0x1, 0x1}, {0x2, 0x8}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x3ff, 0x1, 0xe5c, 0x4, 0x3, 0x7ff, 0xaded]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xe7f1, 0x4, 0x1000, 0x2, 0x0, 0x400, 0xf20, 0x50]}}]}]}, @NL80211_ATTR_TX_RATES={0x254, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc4, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x24, 0x1, [0x4, 0xc, 0x15, 0x9, 0x9, 0x1, 0x16, 0x5, 0x36, 0x5, 0x30, 0x60, 0xb, 0x4, 0x1b, 0x5, 0x9, 0x2, 0x2, 0x24, 0x48, 0xb, 0x1, 0xb, 0x36, 0xcf2ba777a22fe3d6, 0x3, 0x36, 0xb, 0x2, 0x48, 0x4]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfffa, 0x8, 0x0, 0x6, 0x8, 0x1, 0x5, 0x4]}}, @NL80211_TXRATE_LEGACY={0xe, 0x1, [0x4e, 0x6, 0x24, 0x24, 0xb, 0x6c, 0x6, 0x6, 0x16, 0x1b]}, @NL80211_TXRATE_LEGACY={0x1f, 0x1, [0xb, 0x1b, 0x6, 0x3, 0x6c, 0x60, 0x36, 0x4, 0x4, 0x4, 0x36, 0xc, 0x10, 0x54, 0xa, 0x1, 0x13, 0x6, 0xb, 0x30, 0xc, 0x1b, 0x30, 0x36, 0x60, 0x1e, 0x1]}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0x9, 0x30, 0x0, 0x12, 0x9, 0x5, 0x36, 0x24, 0xb]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x1a, 0x1, [0x0, 0xb, 0x24, 0x36, 0x6c, 0x4, 0x1b, 0x48, 0x36, 0x6c, 0x36, 0xb, 0x2, 0x6c, 0x18, 0x36, 0x0, 0x48, 0xd, 0x2, 0x6c, 0x16]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xc, 0x9, 0x7, 0x10, 0x1cae, 0x5, 0x5, 0x7]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_2GHZ={0x48, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_HT={0x36, 0x2, [{0x0, 0xa}, {0x3}, {0x3, 0x9}, {0x2, 0x7}, {0x6, 0x4}, {0x5}, {0x0, 0x4}, {0x2, 0x4}, {0x0, 0x9}, {0x0, 0x2}, {0x6, 0x8}, {0x2, 0x9}, {0x0, 0x9}, {0x7}, {0x5, 0xa}, {0x2, 0x3}, {0x1, 0x6}, {0x3, 0xa}, {0x5, 0x1}, {0x0, 0xa}, {0x0, 0x4}, {0x0, 0x3}, {0x6, 0x5}, {0x4, 0x9}, {0x3}, {0x5, 0x1}, {0x1, 0x2}, {0x7, 0x5}, {0x5, 0x6}, {0x4, 0x6}, {0x7, 0x9}, {0x7, 0x6}, {0x7}, {0x5, 0x5}, {0x3, 0x4}, {0x6, 0x1}, {0x3, 0x3}, {0x1, 0x8}, {0x3, 0xa}, {0x1, 0x2}, {0x3}, {0x0, 0x3}, {0x7, 0x5}, {0x6, 0xa}, {0x5, 0x6}, {0x6, 0x1}, {0x7, 0xa}, {0x3, 0x8}, {0x2, 0x3}, {0x6, 0x5}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_60GHZ={0x88, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x15, 0x1, [0xb, 0x9, 0x9, 0xb, 0x1, 0x18, 0x3, 0x30, 0x5, 0x3, 0xc, 0x60, 0x5, 0xb, 0x30, 0x30, 0x48]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HT={0x43, 0x2, [{0x3, 0x9}, {0x4, 0x8}, {0x1, 0x6}, {0x5, 0x9}, {0x0, 0xa}, {0x1, 0x8}, {0x5, 0x5}, {0x0, 0x1}, {0x1, 0x7}, {0x2, 0x9}, {0x0, 0x9}, {}, {0x7, 0x1}, {0x7, 0x3}, {0x2}, {0x4}, {0x5, 0xa}, {0x5, 0x3}, {0x3, 0x6}, {0x6, 0x3}, {0x6, 0x9}, {0x4, 0x6}, {0x3, 0x7}, {0x6, 0x5}, {0x3, 0x9}, {0x4, 0x5}, {0x1, 0x8}, {0x3, 0x5}, {0x0, 0x7}, {0x1, 0x8}, {0x3, 0x9}, {}, {0x6, 0x1}, {0x2, 0x2}, {0x1, 0x6}, {0x4, 0x8}, {0x7, 0x2}, {0x6, 0x3}, {0x1, 0x3}, {0x0, 0x6}, {0x5, 0x7}, {0x4}, {0x6, 0x7}, {0x5, 0x7}, {0x1, 0x9}, {0x2}, {0x6, 0xa}, {0x3, 0x4}, {0x1, 0x8}, {0x6, 0x6}, {0x0, 0x5}, {0x2, 0x7}, {0x4, 0x7}, {0x1, 0x9}, {0x0, 0x9}, {0x1, 0x5}, {0x7, 0x7}, {0x1}, {0x5, 0x5}, {0x7, 0x5}, {0x4, 0x5}, {0x0, 0x9}, {0x6, 0x8}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_5GHZ={0x58, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x1ff, 0x9, 0xf, 0xc2f, 0x3ff, 0x9, 0x9]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x18, 0x2, [{0x6, 0x2}, {0x1, 0x7}, {0x1, 0x4}, {0x0, 0x1}, {0x7, 0xa}, {0x3}, {0x7, 0x3}, {0x4, 0x6}, {0x7, 0x2}, {0x6, 0x3}, {0x6, 0xa}, {0x6, 0x8}, {0x5, 0x8}, {0x1, 0x7}, {0x6, 0x2}, {0x1, 0x7}, {0x6, 0x1}, {0x5, 0x8}, {0x0, 0x4}, {0x5, 0x4}]}, @NL80211_TXRATE_LEGACY={0xc, 0x1, [0x5, 0x3, 0x2b, 0x3, 0x16, 0x3, 0x48, 0x48]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x6, 0x800, 0x9, 0x60, 0x3, 0x6, 0x100]}}]}, @NL80211_BAND_2GHZ={0x64, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x24, 0x1, [0x30, 0x1, 0xb, 0x1b, 0x36, 0x18, 0x18, 0xb, 0x2, 0xc, 0x24, 0x18, 0x6c, 0x30, 0x36, 0xb, 0x3, 0x5, 0x6, 0x1c, 0x1, 0x6, 0x1b, 0xb, 0xc, 0x18, 0x9, 0xc, 0x24, 0x60, 0x4, 0x30]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x3, 0x9, 0x6, 0x5e80, 0xdc04, 0x7, 0x7]}}]}]}]}, 0x408}, 0x1, 0x0, 0x0, 0x805}, 0x40040)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

5.52332237s ago: executing program 2 (id=532):
r0 = syz_open_dev$video(&(0x7f0000000040), 0x7, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$can_raw(0x1d, 0x3, 0x1)
bind$can_raw(r2, &(0x7f0000000000), 0x10)
r3 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="9feb010018000000"], 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, 0x0, &(0x7f0000000080)='GPL\x00', 0x5, 0xa8, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000000)={0x0, <r5=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x11, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, r4, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0xb, 0x0, 0x0, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback=0x31, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
setsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, &(0x7f00000000c0), 0xf00)
setsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, 0x0, 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r6, 0x8933, &(0x7f0000001880)={'wg1\x00', <r7=>0x0})
r8 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff)
sendmsg$WG_CMD_SET_DEVICE(r1, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000900)={0x50, r8, 0xa29, 0x0, 0x0, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r7}, @WGDEVICE_A_PEERS={0x34, 0x8, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_PROTOCOL_VERSION={0x8, 0xa, 0xff80}]}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000840}, 0x0)
ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f0000000000)={0x9, {0xffffff7f, 0x8001, 0x9, 0x6}})

5.522738298s ago: executing program 5 (id=533):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x200008d4, &(0x7f000072e000)={0xa, 0x0, 0x0, @loopback}, 0x1c)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='mnt/encrypted_dir\x00', 0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f0000000100)=@v2={0x2, @aes128, 0x241fc7b68b43ab99, '\x00', @auto="410d8af0ff000008de00"})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0xb, &(0x7f00000009c0)=@framed={{}, [@printk={@lli, {0x3, 0x3, 0x3, 0xa, 0x0}, {0x5}, {0x7, 0x0, 0x2}, {}, {}, {0x85, 0x0, 0x0, 0x25}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
unlink(0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01020000000000100000020000000900020073797a310000000008000440000000000900010073797a3000000000080003400000000a140000001100"], 0x64}}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000ec0)={{0x14}, [@NFT_MSG_DELOBJ={0x28, 0x14, 0xa, 0x201, 0x0, 0x0, {0x2, 0x0, 0x9}, [@NFTA_OBJ_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x8}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x101, 0x0, 0x0, {0x0, 0x0, 0xe}}, @NFT_MSG_NEWCHAIN={0x174, 0x3, 0xa, 0x5, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_CHAIN_HOOK={0x4c, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth0_to_bridge\x00'}, @NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0xaff76f99dd603e00}, @NFTA_HOOK_DEV={0x14, 0x3, 'team_slave_0\x00'}]}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x4}, @NFTA_CHAIN_COUNTERS={0x1c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc}, @NFTA_COUNTER_PACKETS={0xc}]}, @NFTA_CHAIN_HANDLE={0xc, 0x2, 0x1, 0x0, 0x2}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffb}, @NFTA_CHAIN_USERDATA={0x8d, 0xc, "de65ad57e7fac1f9b108457ebc3d10c6ab4562a07140fa1c7c9911a28e9283461e626bc3d1f89d8807362437366e68fa141609d672751aa39e47269ea13b27f5e5166cf6a8c27c9fec33e77b951ef6df9ebaa21111d6649ded91c56babccf0c5c8c5c26adf9102eea1b9d60d0b687b8e18830ea242dccf2304d571616c9fa1e74790dbfe71757e40b8"}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x63a45bad}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x3}, @NFTA_HOOK_DEV={0x14, 0x3, 'veth0_to_bond\x00'}]}]}, @NFT_MSG_DELFLOWTABLE={0x34, 0x18, 0xa, 0x101, 0x0, 0x0, {0x7}, [@NFTA_FLOWTABLE_FLAGS={0x8}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELOBJ={0x200, 0x14, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x7}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x9}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_OBJ_USERDATA={0x8a, 0x8, "60978311288ee892a739c2a61c3d5b0486a0432d1a9d7fc7b7d609b5f9918d27dbde1346339cfdb60d857f9565dd617ac550e3af9bf9cf1058b554bc6cc930348cb199b30fa0f8ff84d2ed70e11d6e4866e57398708b281de0d082081fa021a82dfe384596c127c3ebef52b3e42a45d2ab8ab07b5607142a5ff31269e44e63e6b1f93ca100fb"}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_USERDATA={0x2e, 0x8, "271e746586835abdbdf11a131ef94b92f8cfa0b05b7972a53b98b50ff0b4743cba5e95e33066ff2972b7"}, @NFTA_OBJ_USERDATA={0x102, 0x8, "62153b0b69b61f8f2109f56d9d9210a1d422722de01fdb1f583e7c84c254d25937df6faaf854c0f366f491bd511202ba3129211a1eafb399701f4781638ecad41b19a8eb0a1e2ca02abd26ad4c2f400772bf8ca882eaa18516771afb6a0db071e5713e382f36deb2b46e579693aad68b128a0bdd3489b4c5c4c083c2d88c7cf6b56774064cd25b3cbf5e8331dee97f4457dcdf68fa6f2bf255ae9ceec826322279609a3e25c70fdbd329456ee14e5b1585dcc7cddae1afe8b1c5700e3e75fde8dc5a690784f81fda423b23a18a512ed77b9811770845b2a2b3935c6522155fce02f077bce7dd58637b6da120413868a5774712de562d13c76afd5ebf7e82"}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x5}}}, 0x40c}}, 0x0)
r4 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000059770c40c009030243d3000000010902120001000000000904"], 0x0)
syz_usb_control_io(r4, 0x0, &(0x7f0000000a00)={0x84, &(0x7f0000000680)={0x0, 0x11}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

5.521266791s ago: executing program 4 (id=534):
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x1000)=nil)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x0, 0x0}, &(0x7f0000000440)=0x10)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000100)={r1, 0x0, 0x7, 0x2, 0x0, 0x3}, 0x14)
r2 = socket(0x11, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = socket(0x10, 0x2, 0x0)
r5 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r5)
getsockname$packet(r5, &(0x7f0000000340)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000500)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', <r7=>r6, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x80, 0xfffffffc}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f00000000c0)={'syztnl1\x00', r7, 0x0, 0x0, 0x0, 0x0, 0xd, @dev={0xfe, 0x80, '\x00', 0x8}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x700, 0x0, 0xfffffffc}})
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r8 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r9 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030033000b35d25a806c8c6f94f90324fc60100003000a000200053582c137153e37000c0680050002000300", 0x33fe0}], 0x1}, 0x0)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
shmctl$SHM_STAT(0x0, 0xd, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000800)={0x408, 0x0, 0x8, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_TX_RATES={0x1a0, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x98, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x5, 0x5, 0x1, 0x6, 0x0, 0x0, 0x1]}}, @NL80211_TXRATE_HT={0x2c, 0x2, [{0x5, 0x2}, {0x2, 0x9}, {0x6, 0x7}, {0x2}, {0x1, 0x7}, {0x5, 0x6}, {0x2, 0x1}, {0x1, 0x3}, {0x3, 0x7}, {0x2, 0x1}, {0x1, 0x9}, {0x7, 0x3}, {0x6, 0x5}, {0x0, 0x5}, {0x6, 0x6}, {0x4}, {0x2, 0x7}, {0x2, 0x7}, {0x2, 0x3}, {0x1, 0x8}, {0x1, 0x9}, {0x3, 0x8}, {0x6, 0x5}, {0x3, 0x4}, {0x5, 0x3}, {0x1, 0x1}, {0x1, 0x9}, {0x0, 0x2}, {0x1, 0x8}, {0x7, 0x7}, {0x0, 0x3}, {0x0, 0x4}, {0x7, 0x8}, {0x0, 0x2}, {0x3, 0x4}, {0x6, 0x6}, {}, {0x1, 0xa}, {0x2, 0x5}, {0x2, 0x2}]}, @NL80211_TXRATE_LEGACY={0xc, 0x1, [0x30, 0x16, 0x24, 0x1, 0x30, 0x6, 0x6c, 0x16]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xd9, 0x3, 0x6, 0x8, 0xe0, 0x9, 0x0, 0x9]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x101, 0x9, 0x1, 0x5, 0x0, 0x45f, 0x1]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_2GHZ={0x90, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x24, 0x2, [{0x1}, {0x2, 0x2}, {}, {0x7}, {0x5, 0xa}, {0x0, 0x1}, {0x1, 0x6}, {0x1, 0x4}, {0x7, 0x4}, {0x0, 0x9}, {0x1, 0x3}, {0x2, 0x9}, {0x2, 0x8}, {0x5, 0xa}, {0x5, 0x5}, {0x1}, {0x5}, {0x2, 0x5}, {0x5, 0x6}, {0x5}, {0x6, 0x1}, {0x5, 0x9}, {0x2, 0x1}, {0x4, 0x5}, {0x1, 0x9}, {0x3, 0x5}, {0x1, 0x4}, {0x0, 0x2}, {0x7, 0x8}, {0x0, 0x7}, {0x6, 0x2}, {0x3, 0x6}]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0xc5df, 0xd, 0x4, 0x7, 0x8, 0x7, 0xb]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x8, 0xfc20, 0xffff, 0x4, 0x4, 0x6, 0x6]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x9, 0x10, 0x4, 0x8903, 0xe, 0x100, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfff, 0x4, 0x6, 0x68, 0x0, 0x6c72, 0x7fff, 0x9]}}]}, @NL80211_BAND_6GHZ={0x74, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x1a, 0x2, [{0x0, 0xa}, {0x0, 0x4}, {0x0, 0xa}, {0x6, 0x9}, {0x2, 0x2}, {0x1, 0x6}, {0x5, 0x2}, {0x5, 0x6}, {0x4, 0x2}, {0x4, 0x1}, {0x3, 0x2}, {0x4, 0x1}, {0x6, 0x8}, {0x3, 0x9}, {0x2, 0x4}, {0x3, 0xa}, {0x0, 0x5}, {0x6, 0x4}, {0x6, 0x6}, {0x3, 0xa}, {0x4, 0x2}, {0x6, 0x4}]}, @NL80211_TXRATE_HT={0x29, 0x2, [{0x3, 0x1}, {0x7, 0x1}, {0x1}, {0x0, 0x2}, {0x3, 0xa}, {0x4, 0x1}, {}, {0x3, 0x2}, {0x7, 0xa}, {0x0, 0x5}, {}, {0x7, 0x5}, {0x1, 0x2}, {0x1, 0x2}, {0x2, 0x3}, {0x2, 0x3}, {0x7, 0x6}, {0x1, 0x4}, {0x3, 0xa}, {0x7, 0x4}, {0x3, 0x6}, {0x3, 0x8}, {0x2, 0x7}, {0x1, 0xa}, {0x6, 0x6}, {0x0, 0x8}, {0x1, 0x4}, {0x3, 0x1}, {0x4, 0x6}, {0x4, 0x7}, {0x7}, {0x1, 0x8}, {0x1, 0x8}, {0x1, 0x8}, {0x3, 0x9}, {0x1, 0x1}, {0x2, 0x8}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x3ff, 0x1, 0xe5c, 0x4, 0x3, 0x7ff, 0xaded]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xe7f1, 0x4, 0x1000, 0x2, 0x0, 0x400, 0xf20, 0x50]}}]}]}, @NL80211_ATTR_TX_RATES={0x254, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc4, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x24, 0x1, [0x4, 0xc, 0x15, 0x9, 0x9, 0x1, 0x16, 0x5, 0x36, 0x5, 0x30, 0x60, 0xb, 0x4, 0x1b, 0x5, 0x9, 0x2, 0x2, 0x24, 0x48, 0xb, 0x1, 0xb, 0x36, 0xcf2ba777a22fe3d6, 0x3, 0x36, 0xb, 0x2, 0x48, 0x4]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfffa, 0x8, 0x0, 0x6, 0x8, 0x1, 0x5, 0x4]}}, @NL80211_TXRATE_LEGACY={0xe, 0x1, [0x4e, 0x6, 0x24, 0x24, 0xb, 0x6c, 0x6, 0x6, 0x16, 0x1b]}, @NL80211_TXRATE_LEGACY={0x1f, 0x1, [0xb, 0x1b, 0x6, 0x3, 0x6c, 0x60, 0x36, 0x4, 0x4, 0x4, 0x36, 0xc, 0x10, 0x54, 0xa, 0x1, 0x13, 0x6, 0xb, 0x30, 0xc, 0x1b, 0x30, 0x36, 0x60, 0x1e, 0x1]}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0x9, 0x30, 0x0, 0x12, 0x9, 0x5, 0x36, 0x24, 0xb]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x1a, 0x1, [0x0, 0xb, 0x24, 0x36, 0x6c, 0x4, 0x1b, 0x48, 0x36, 0x6c, 0x36, 0xb, 0x2, 0x6c, 0x18, 0x36, 0x0, 0x48, 0xd, 0x2, 0x6c, 0x16]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xc, 0x9, 0x7, 0x10, 0x1cae, 0x5, 0x5, 0x7]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_2GHZ={0x48, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_HT={0x36, 0x2, [{0x0, 0xa}, {0x3}, {0x3, 0x9}, {0x2, 0x7}, {0x6, 0x4}, {0x5}, {0x0, 0x4}, {0x2, 0x4}, {0x0, 0x9}, {0x0, 0x2}, {0x6, 0x8}, {0x2, 0x9}, {0x0, 0x9}, {0x7}, {0x5, 0xa}, {0x2, 0x3}, {0x1, 0x6}, {0x3, 0xa}, {0x5, 0x1}, {0x0, 0xa}, {0x0, 0x4}, {0x0, 0x3}, {0x6, 0x5}, {0x4, 0x9}, {0x3}, {0x5, 0x1}, {0x1, 0x2}, {0x7, 0x5}, {0x5, 0x6}, {0x4, 0x6}, {0x7, 0x9}, {0x7, 0x6}, {0x7}, {0x5, 0x5}, {0x3, 0x4}, {0x6, 0x1}, {0x3, 0x3}, {0x1, 0x8}, {0x3, 0xa}, {0x1, 0x2}, {0x3}, {0x0, 0x3}, {0x7, 0x5}, {0x6, 0xa}, {0x5, 0x6}, {0x6, 0x1}, {0x7, 0xa}, {0x3, 0x8}, {0x2, 0x3}, {0x6, 0x5}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_60GHZ={0x88, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x15, 0x1, [0xb, 0x9, 0x9, 0xb, 0x1, 0x18, 0x3, 0x30, 0x5, 0x3, 0xc, 0x60, 0x5, 0xb, 0x30, 0x30, 0x48]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HT={0x43, 0x2, [{0x3, 0x9}, {0x4, 0x8}, {0x1, 0x6}, {0x5, 0x9}, {0x0, 0xa}, {0x1, 0x8}, {0x5, 0x5}, {0x0, 0x1}, {0x1, 0x7}, {0x2, 0x9}, {0x0, 0x9}, {}, {0x7, 0x1}, {0x7, 0x3}, {0x2}, {0x4}, {0x5, 0xa}, {0x5, 0x3}, {0x3, 0x6}, {0x6, 0x3}, {0x6, 0x9}, {0x4, 0x6}, {0x3, 0x7}, {0x6, 0x5}, {0x3, 0x9}, {0x4, 0x5}, {0x1, 0x8}, {0x3, 0x5}, {0x0, 0x7}, {0x1, 0x8}, {0x3, 0x9}, {}, {0x6, 0x1}, {0x2, 0x2}, {0x1, 0x6}, {0x4, 0x8}, {0x7, 0x2}, {0x6, 0x3}, {0x1, 0x3}, {0x0, 0x6}, {0x5, 0x7}, {0x4}, {0x6, 0x7}, {0x5, 0x7}, {0x1, 0x9}, {0x2}, {0x6, 0xa}, {0x3, 0x4}, {0x1, 0x8}, {0x6, 0x6}, {0x0, 0x5}, {0x2, 0x7}, {0x4, 0x7}, {0x1, 0x9}, {0x0, 0x9}, {0x1, 0x5}, {0x7, 0x7}, {0x1}, {0x5, 0x5}, {0x7, 0x5}, {0x4, 0x5}, {0x0, 0x9}, {0x6, 0x8}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_5GHZ={0x58, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x1ff, 0x9, 0xf, 0xc2f, 0x3ff, 0x9, 0x9]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x18, 0x2, [{0x6, 0x2}, {0x1, 0x7}, {0x1, 0x4}, {0x0, 0x1}, {0x7, 0xa}, {0x3}, {0x7, 0x3}, {0x4, 0x6}, {0x7, 0x2}, {0x6, 0x3}, {0x6, 0xa}, {0x6, 0x8}, {0x5, 0x8}, {0x1, 0x7}, {0x6, 0x2}, {0x1, 0x7}, {0x6, 0x1}, {0x5, 0x8}, {0x0, 0x4}, {0x5, 0x4}]}, @NL80211_TXRATE_LEGACY={0xc, 0x1, [0x5, 0x3, 0x2b, 0x3, 0x16, 0x3, 0x48, 0x48]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x6, 0x800, 0x9, 0x60, 0x3, 0x6, 0x100]}}]}, @NL80211_BAND_2GHZ={0x64, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x24, 0x1, [0x30, 0x1, 0xb, 0x1b, 0x36, 0x18, 0x18, 0xb, 0x2, 0xc, 0x24, 0x18, 0x6c, 0x30, 0x36, 0xb, 0x3, 0x5, 0x6, 0x1c, 0x1, 0x6, 0x1b, 0xb, 0xc, 0x18, 0x9, 0xc, 0x24, 0x60, 0x4, 0x30]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x3, 0x9, 0x6, 0x5e80, 0xdc04, 0x7, 0x7]}}]}]}]}, 0x408}, 0x1, 0x0, 0x0, 0x805}, 0x40040)
getpid()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

5.519886747s ago: executing program 1 (id=535):
r0 = socket$inet_smc(0x2b, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000140)={0x2, 0x4e22, @multicast2}, 0x10)
connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @loopback}, 0x10)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{}, @HCI_OP_WRITE_AUTH_ENABLE={{0x4}, 0x10}}}, 0x6)
shutdown(r0, 0x1)
r1 = getpid()
connect$unix(0xffffffffffffffff, 0x0, 0x0)
setuid(0xee00)
prlimit64(r1, 0x7, 0x0, 0x0)
syz_emit_vhci(0x0, 0x0)

5.518470529s ago: executing program 3 (id=536):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000001200)={0x2, 0x2, 0x0, "0e4110549c593a640b58655a0dbf7755552546205002a5e676d7397c29a6cab5", 0xb5315258})
ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f0000000000)={0x2, 'veth1_to_hsr\x00', {0x4}, 0x7})

5.512713829s ago: executing program 5 (id=537):
syz_usb_connect(0x1, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582239f"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000c8e00)={0x0, ""/256, <r1=>0x0, <r2=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000c9000)={0x1, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r1}, {}, {}, {}, {}, {}, {0x0, r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r1}], 0x5, "779095e5a18ddc"})
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r4, 0xd000943d, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000c8c00)={<r5=>0x0, ""/256, <r6=>0x0, <r7=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r4, 0x81f8943c, &(0x7f00000c8e00)={0x0, ""/256, <r8=>0x0, <r9=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000c9000)={0x1, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {<r10=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r6}, {}, {}, {}, {}, {}, {r5}, {}, {0x0, r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r11=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r8}, {}, {}, {}, {}, {}, {0x0, r9}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r9}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {}, {r8}], 0x5, "779095e5a18ddc"})
r12 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r13 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r12}, 0x10)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r13, 0xd000943d, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r13, 0x81f8943c, &(0x7f00000c8c00)={<r14=>0x0, ""/256, <r15=>0x0, <r16=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r13, 0x81f8943c, &(0x7f00000c8e00)={0x0, ""/256, <r17=>0x0, <r18=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000c9000)={0x1, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r15}, {}, {}, {}, {}, {}, {r14}, {}, {0x0, r16}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r16}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r15}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r11}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r10}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r16}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r17}, {}, {}, {}, {}, {}, {0x0, r18}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r18}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r16}, {}, {r17}], 0x5, "779095e5a18ddc"})
r19 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r20 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r19}, 0x10)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r20, 0xd000943d, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r20, 0x81f8943c, &(0x7f00000c8c00)={<r21=>0x0, ""/256, <r22=>0x0, <r23=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r20, 0x81f8943c, &(0x7f00000c8e00)={0x0, ""/256, <r24=>0x0, <r25=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000c9000)={0x1, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r22}, {}, {}, {}, {}, {}, {r21}, {}, {0x0, r23}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r23}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r22}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r23}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r24}, {}, {}, {}, {}, {}, {0x0, r25}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r25}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r23}, {}, {r24}], 0x5, "779095e5a18ddc"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000cf940)={0x0, ""/256, 0x0, <r26=>0x0})
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f00000cfb40)={{<r27=>0x0, 0x5, 0xffffffffffff0001, 0x7, 0x1, 0x7fffffff, 0x8, 0x7, 0xe3, 0xbbb7, 0x0, 0x7, 0x3, 0x100000000, 0x9}, 0x40, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
ioctl$BTRFS_IOC_TREE_SEARCH_V2(r0, 0xc0709411, &(0x7f00000cfc00)={{<r28=>0x0, 0x0, 0xdd, 0xd, 0x5, 0x3, 0x5bf7, 0x75, 0x6, 0x9138, 0x8, 0x7, 0xffffffff, 0x4, 0x8}, 0x10, [0x0, 0x0]})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000cfc80)={0x0, ""/256, 0x0, <r29=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f00000cfe80)={0x9, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {<r30=>0x0}], 0x2, "57529a0e67b009"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f00000d0e80)={0x0, ""/256, 0x0, <r31=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f00000d1080)={0x5, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r2}, {r8, r16}, {r21, r26}, {r27}, {r28, r29}, {}, {r30, r31}], 0x6, "e3f20e813ba3c9"})
writev(r0, &(0x7f00000001c0)=[{&(0x7f00000005c0)="950bb843bb81e92f0557c8049974a2cde5923b8a61394f9dafc7dd5f718fd6d6d6e1284aa16021a1438e93398b6b05974a9425abac95277e5fc722b449ca4261", 0x40}], 0x1)

5.51133689s ago: executing program 1 (id=538):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3d, &(0x7f0000000040)={0x0, &(0x7f0000000080)})
pipe2(&(0x7f0000001440)={<r0=>0xffffffffffffffff}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x48850}, 0x1)
r1 = socket$kcm(0xa, 0x2, 0x3a)
sendmsg$kcm(r1, &(0x7f0000000440)={&(0x7f0000000800)=@in6={0xa, 0x4, 0x0, @mcast2, 0x1a}, 0x80, &(0x7f00000000c0)=[{0x0}], 0x1, 0x0, 0x0, 0x900}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
rseq(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
syz_clone(0x206000, 0x0, 0x0, 0x0, 0x0, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={0xffffffffffffffff, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

5.510737193s ago: executing program 2 (id=539):
r0 = socket(0x840000000002, 0x3, 0xfa)
connect$inet(r0, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r0, &(0x7f0000005240), 0x4000095, 0x0)
setsockopt$inet_int(r0, 0x0, 0x29, 0x0, 0xff00)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000006dc0)=@newsa={0xf0, 0x10, 0x1, 0x0, 0x0, {{@in=@multicast1, @in=@multicast2, 0x0, 0x0, 0x1ffd, 0x0, 0x2, 0xa361dde4364359de, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {@in6=@mcast1, 0x4d2, 0x6c}, @in=@multicast1, {0x0, 0x0, 0xfffffffffffffffd, 0xfffffff800000002, 0xfffffffffffffffe}, {0x80000000, 0x4, 0xd56b, 0x6}, {0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0x2, 0x3, 0x6, 0x46}}, 0xf0}, 0x1, 0x0, 0x0, 0x4014050}, 0x20000080)

5.510270918s ago: executing program 3 (id=540):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010711e0920000000000021090224000100000000090400090103000100092105000001220500090581030002000000"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
r1 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r1, 0x0, &(0x7f00000000c0)=<r2=>0x0)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r3)
sendmsg$NFC_CMD_DEV_UP(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)={0x1c, r4, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r2}]}, 0x1c}}, 0x0)
read$nci(r1, &(0x7f0000000200)=""/100, 0x64)
write$nci(r1, &(0x7f0000000280)=@NCI_OP_CORE_RESET_RSP, 0x6)
read$nci(r1, &(0x7f00000002c0)=""/100, 0x64)
write$nci(r1, &(0x7f0000000340)=@NCI_OP_CORE_INIT_RSP, 0x14)
read$nci(r1, &(0x7f0000000380)=""/100, 0x64)
write$nci(r1, &(0x7f0000000400)=@NCI_OP_RF_DISCOVER_MAP_RSP, 0x4)
sendmsg$NFC_CMD_START_POLL(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000004c0)={0x24, r4, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r2}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0xffffffff}]}, 0x24}}, 0x0)
read$nci(r1, &(0x7f0000000500)=""/100, 0x64)
write$nci(r1, &(0x7f0000000580)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r1, &(0x7f0000000900)=""/114, 0x72)
write$nci(r1, &(0x7f0000000640)=@NCI_OP_CORE_SET_CONFIG_RSP, 0x5)
read$nci(r1, &(0x7f0000000680)=""/100, 0x64)
write$nci(r1, &(0x7f0000000700)=@NCI_OP_RF_DISCOVER_RSP, 0x4)
write$nci(r1, &(0x7f0000000740)=@NCI_OP_RF_DISCOVER_NTF={0x1, 0x0, 0x3, 0x3, 0x0, @b={0x0, 0x1, 0x1, 0x1, {0x1, "aa"}}}, 0xa)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000800)={0x2c, r4, 0x1, 0x123, 0x234, {}, [@NFC_ATTR_DEVICE_INDEX={0x8, 0x1, r2}, @NFC_ATTR_TARGET_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x1}]}, 0x2c}}, 0x0)
read$nci(r1, &(0x7f0000000840)=""/100, 0x64)
write$nci(r1, &(0x7f00000008c0)=@NCI_OP_CORE_CONN_CREATE_RSP={0x0, 0x0, 0x2, 0x4, 0x0, {0x0, 0x0, 0x0, 0x1}}, 0x7)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')
lseek(r5, 0x1000000, 0x0)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000140)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100)={<r7=>0xffffffffffffffff}, 0x2}}, 0x20)
write$RDMA_USER_CM_CMD_MIGRATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x12, 0x10, 0xfa00, {&(0x7f0000000000), r7, r6}}, 0x18)

5.508984437s ago: executing program 4 (id=541):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r1, 0x5408, &(0x7f0000000080)={0x49de, 0x0, 0x0, 0xbfdf, 0x0, "ec28a144f13d7607"})
write$binfmt_aout(r1, &(0x7f0000000180)=ANY=[], 0xff2e)
ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000dc0)={0x0, 0x800, 0x800, 0x740, 0x22, "0000000000000000010000000000f7ffffff00"})
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000ff199610b9066140880101020301090212"], 0x0)
r2 = syz_open_pts(r1, 0x0)
r3 = dup3(r2, r1, 0x0)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x44)
r4 = fsopen(&(0x7f0000000000)='hfs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='+\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r0, 0x6, 0x1d, &(0x7f0000000340)={0x1, 0x0, 0x0, 0x0, 0x8000}, 0x14)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000200)={0x0, <r5=>0x0})
sched_setscheduler(r5, 0x6, &(0x7f00000000c0)=0x3ff)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_CHANGE_NAN_CONFIG(r6, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="4283c3754e5a123728f6a5580e1cdd665afb32fc80bc515d610000000000", @ANYRES16=0x0, @ANYBLOB="04002cbd7000ffdbdf257700000008000300", @ANYRES32=r7, @ANYBLOB="0500ee00010000000500ee00010000000800ef00080000000500ee00030000000800ef00090000000800ef0002000000"], 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x11)

4.604879809s ago: executing program 2 (id=542):
memfd_create(&(0x7f0000000280)='\x00\x00\x00\x00\x00\x00z\x9b\xb6\xe8t;\xfc\x02\x00\x00\x009\xa0\x8b\x14d\xa2\xa1\xa8!\xe8\xd1\xa0\x8a\xce0\x1c\xb7\xf1\xccm\xce\xd4\xdb\x89\xe5\x8f\xe2\xb6\xd6\x9cF\xbd\xff\x14\x05\x00\x00\x00\x00\x00\x00\x00\xf3\xdc\x91\'\x06\\8\r\xfc\xeeG\xbe\x90C\x1c)5\x98\xa3\xfa\a\xf9\x98\xbb}\xeb\x86P=\xe51\x9d,\xb7\xe6_M\xbe\x19\xea#\xff[\xd1\xc3\x9a\xa3\x1b\xf9\xe9\x1d \xce1\xc9\x9f\xb0\x14\xc2\xeb\xf9\xceE\xad\xa4\x92\f\xef\x87g\xb6\xabW\xac\rP\xf42\xb7\xc8\xaajn\xd7\n\r\x802\xd7\x1b$\x95tO*\xf4\xae\xb8\xb8m\xbf\r\xd5\xbf*\xfd\xc7\x85\x1b\x8b\xe5\x97j`c\xe0\x88?\xda\x8a#t>r\xae\xe8\xc9)', 0x0)
ioctl$VIDIOC_ENUM_FRAMESIZES(0xffffffffffffffff, 0xc02c564a, 0x0)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080))
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x5)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, 0x0, 0x0)
r2 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
getsockopt$llc_int(r2, 0x10c, 0x5, &(0x7f0000000000), &(0x7f000000dac0)=0x4)
setsockopt$SO_RDS_TRANSPORT(0xffffffffffffffff, 0x114, 0x8, 0x0, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r4, 0x0, 0x0)
sendmsg$tipc(r4, 0x0, 0x0)
connect$inet6(r3, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, 'v\x00', "07f217bd74511f465bbbd5de01000000f91800", "0000f600", "8ce63ecbc640735f"}, 0x38)
sendto$inet6(r3, &(0x7f0000000100)='S', 0x1, 0x8000, 0x0, 0x0)

4.492821996s ago: executing program 1 (id=543):
r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfad6}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0)
select(0x40, &(0x7f0000000340)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x2e787ec3}, 0x0, 0x0, 0x0)
io_uring_enter(r0, 0x32cd, 0x0, 0x0, 0x0, 0x0)
r3 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000100)=@req={0x3fc, 0x4000}, 0x10)
r4 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10)
socket$unix(0x1, 0x1, 0x0)
sendmmsg(r4, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
setsockopt$MRT_ADD_MFC(r3, 0x0, 0xcc, &(0x7f0000000240)={@empty, @empty, 0x0, "ade3bca78a2f018326b6e27a6021dbaeb03acf36e3a5f9081e589a71ab6542bd", 0x1, 0x4, 0x1, 0x7}, 0x3c)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_clone(0x8000400, &(0x7f0000000040)="e596ea735d6d6088f20ed75b210099c9ebbbfa2be6c887aa3ec2d98f4b15482348a32b2df1e663f4b758e9184a23c5d6c59ab464f5", 0x35, &(0x7f0000000080), &(0x7f00000001c0), &(0x7f0000000200)="5d7b8d24519e9ff11244674dd5c5abb87649491c201e3e643f5be5")
setsockopt$sock_int(r3, 0x1, 0x8, &(0x7f0000000000), 0x4)
recvfrom(r3, &(0x7f0000000140)=""/104, 0x68, 0x12020, 0x0, 0x0)

4.326193607s ago: executing program 2 (id=544):
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x1000)=nil)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x11, 0x0}}]}, &(0x7f0000000440)=0x10)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000100)={r1, 0x0, 0x7, 0x2, 0x0, 0x3}, 0x14)
syz_emit_ethernet(0x4e, &(0x7f0000000380)=ANY=[@ANYBLOB="0180c20000000180c200000008004d0000400067000000119078ac1e0001e000008101441c0e81e0000001000000026401c44800000009ac1e0101000007ff00000000000e21000c9078210200006f67ca7b9a82f155546c0fbab3dd9eeb75a3cbe89c3984cea5e4427da4839a1129ff8e3a3e02ca6c214269d5ea82d4"], 0x0)
r2 = socket(0x11, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r4)
getsockname$packet(r4, &(0x7f0000000340)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000500)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', <r6=>r5, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x80, 0xfffffffc}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f00000000c0)={'syztnl1\x00', r6, 0x0, 0x0, 0x0, 0x0, 0xd, @dev={0xfe, 0x80, '\x00', 0x8}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x700, 0x0, 0xfffffffc}})
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r8 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r8, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030033000b35d25a806c8c6f94f90324fc60100003000a000200053582c137153e37000c0680050002000300", 0x33fe0}], 0x1}, 0x0)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
io_uring_setup(0x175c, 0x0)
shmctl$SHM_STAT(0x0, 0xd, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000800)={0x408, 0x0, 0x8, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_TX_RATES={0x1a0, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x98, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x5, 0x5, 0x1, 0x6, 0x0, 0x0, 0x1]}}, @NL80211_TXRATE_HT={0x2c, 0x2, [{0x5, 0x2}, {0x2, 0x9}, {0x6, 0x7}, {0x2}, {0x1, 0x7}, {0x5, 0x6}, {0x2, 0x1}, {0x1, 0x3}, {0x3, 0x7}, {0x2, 0x1}, {0x1, 0x9}, {0x7, 0x3}, {0x6, 0x5}, {0x0, 0x5}, {0x6, 0x6}, {0x4}, {0x2, 0x7}, {0x2, 0x7}, {0x2, 0x3}, {0x1, 0x8}, {0x1, 0x9}, {0x3, 0x8}, {0x6, 0x5}, {0x3, 0x4}, {0x5, 0x3}, {0x1, 0x1}, {0x1, 0x9}, {0x0, 0x2}, {0x1, 0x8}, {0x7, 0x7}, {0x0, 0x3}, {0x0, 0x4}, {0x7, 0x8}, {0x0, 0x2}, {0x3, 0x4}, {0x6, 0x6}, {}, {0x1, 0xa}, {0x2, 0x5}, {0x2, 0x2}]}, @NL80211_TXRATE_LEGACY={0xc, 0x1, [0x30, 0x16, 0x24, 0x1, 0x30, 0x6, 0x6c, 0x16]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xd9, 0x3, 0x6, 0x8, 0xe0, 0x9, 0x0, 0x9]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x101, 0x9, 0x1, 0x5, 0x0, 0x45f, 0x1]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_2GHZ={0x90, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x24, 0x2, [{0x1}, {0x2, 0x2}, {}, {0x7}, {0x5, 0xa}, {0x0, 0x1}, {0x1, 0x6}, {0x1, 0x4}, {0x7, 0x4}, {0x0, 0x9}, {0x1, 0x3}, {0x2, 0x9}, {0x2, 0x8}, {0x5, 0xa}, {0x5, 0x5}, {0x1}, {0x5}, {0x2, 0x5}, {0x5, 0x6}, {0x5}, {0x6, 0x1}, {0x5, 0x9}, {0x2, 0x1}, {0x4, 0x5}, {0x1, 0x9}, {0x3, 0x5}, {0x1, 0x4}, {0x0, 0x2}, {0x7, 0x8}, {0x0, 0x7}, {0x6, 0x2}, {0x3, 0x6}]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0xc5df, 0xd, 0x4, 0x7, 0x8, 0x7, 0xb]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x8, 0xfc20, 0xffff, 0x4, 0x4, 0x6, 0x6]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x9, 0x10, 0x4, 0x8903, 0xe, 0x100, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfff, 0x4, 0x6, 0x68, 0x0, 0x6c72, 0x7fff, 0x9]}}]}, @NL80211_BAND_6GHZ={0x74, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x1a, 0x2, [{0x0, 0xa}, {0x0, 0x4}, {0x0, 0xa}, {0x6, 0x9}, {0x2, 0x2}, {0x1, 0x6}, {0x5, 0x2}, {0x5, 0x6}, {0x4, 0x2}, {0x4, 0x1}, {0x3, 0x2}, {0x4, 0x1}, {0x6, 0x8}, {0x3, 0x9}, {0x2, 0x4}, {0x3, 0xa}, {0x0, 0x5}, {0x6, 0x4}, {0x6, 0x6}, {0x3, 0xa}, {0x4, 0x2}, {0x6, 0x4}]}, @NL80211_TXRATE_HT={0x29, 0x2, [{0x3, 0x1}, {0x7, 0x1}, {0x1}, {0x0, 0x2}, {0x3, 0xa}, {0x4, 0x1}, {}, {0x3, 0x2}, {0x7, 0xa}, {0x0, 0x5}, {}, {0x7, 0x5}, {0x1, 0x2}, {0x1, 0x2}, {0x2, 0x3}, {0x2, 0x3}, {0x7, 0x6}, {0x1, 0x4}, {0x3, 0xa}, {0x7, 0x4}, {0x3, 0x6}, {0x3, 0x8}, {0x2, 0x7}, {0x1, 0xa}, {0x6, 0x6}, {0x0, 0x8}, {0x1, 0x4}, {0x3, 0x1}, {0x4, 0x6}, {0x4, 0x7}, {0x7}, {0x1, 0x8}, {0x1, 0x8}, {0x1, 0x8}, {0x3, 0x9}, {0x1, 0x1}, {0x2, 0x8}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x3ff, 0x1, 0xe5c, 0x4, 0x3, 0x7ff, 0xaded]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xe7f1, 0x4, 0x1000, 0x2, 0x0, 0x400, 0xf20, 0x50]}}]}]}, @NL80211_ATTR_TX_RATES={0x254, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc4, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x24, 0x1, [0x4, 0xc, 0x15, 0x9, 0x9, 0x1, 0x16, 0x5, 0x36, 0x5, 0x30, 0x60, 0xb, 0x4, 0x1b, 0x5, 0x9, 0x2, 0x2, 0x24, 0x48, 0xb, 0x1, 0xb, 0x36, 0xcf2ba777a22fe3d6, 0x3, 0x36, 0xb, 0x2, 0x48, 0x4]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfffa, 0x8, 0x0, 0x6, 0x8, 0x1, 0x5, 0x4]}}, @NL80211_TXRATE_LEGACY={0xe, 0x1, [0x4e, 0x6, 0x24, 0x24, 0xb, 0x6c, 0x6, 0x6, 0x16, 0x1b]}, @NL80211_TXRATE_LEGACY={0x1f, 0x1, [0xb, 0x1b, 0x6, 0x3, 0x6c, 0x60, 0x36, 0x4, 0x4, 0x4, 0x36, 0xc, 0x10, 0x54, 0xa, 0x1, 0x13, 0x6, 0xb, 0x30, 0xc, 0x1b, 0x30, 0x36, 0x60, 0x1e, 0x1]}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0x9, 0x30, 0x0, 0x12, 0x9, 0x5, 0x36, 0x24, 0xb]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x1a, 0x1, [0x0, 0xb, 0x24, 0x36, 0x6c, 0x4, 0x1b, 0x48, 0x36, 0x6c, 0x36, 0xb, 0x2, 0x6c, 0x18, 0x36, 0x0, 0x48, 0xd, 0x2, 0x6c, 0x16]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xc, 0x9, 0x7, 0x10, 0x1cae, 0x5, 0x5, 0x7]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_2GHZ={0x48, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_HT={0x36, 0x2, [{0x0, 0xa}, {0x3}, {0x3, 0x9}, {0x2, 0x7}, {0x6, 0x4}, {0x5}, {0x0, 0x4}, {0x2, 0x4}, {0x0, 0x9}, {0x0, 0x2}, {0x6, 0x8}, {0x2, 0x9}, {0x0, 0x9}, {0x7}, {0x5, 0xa}, {0x2, 0x3}, {0x1, 0x6}, {0x3, 0xa}, {0x5, 0x1}, {0x0, 0xa}, {0x0, 0x4}, {0x0, 0x3}, {0x6, 0x5}, {0x4, 0x9}, {0x3}, {0x5, 0x1}, {0x1, 0x2}, {0x7, 0x5}, {0x5, 0x6}, {0x4, 0x6}, {0x7, 0x9}, {0x7, 0x6}, {0x7}, {0x5, 0x5}, {0x3, 0x4}, {0x6, 0x1}, {0x3, 0x3}, {0x1, 0x8}, {0x3, 0xa}, {0x1, 0x2}, {0x3}, {0x0, 0x3}, {0x7, 0x5}, {0x6, 0xa}, {0x5, 0x6}, {0x6, 0x1}, {0x7, 0xa}, {0x3, 0x8}, {0x2, 0x3}, {0x6, 0x5}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_60GHZ={0x88, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x15, 0x1, [0xb, 0x9, 0x9, 0xb, 0x1, 0x18, 0x3, 0x30, 0x5, 0x3, 0xc, 0x60, 0x5, 0xb, 0x30, 0x30, 0x48]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HT={0x43, 0x2, [{0x3, 0x9}, {0x4, 0x8}, {0x1, 0x6}, {0x5, 0x9}, {0x0, 0xa}, {0x1, 0x8}, {0x5, 0x5}, {0x0, 0x1}, {0x1, 0x7}, {0x2, 0x9}, {0x0, 0x9}, {}, {0x7, 0x1}, {0x7, 0x3}, {0x2}, {0x4}, {0x5, 0xa}, {0x5, 0x3}, {0x3, 0x6}, {0x6, 0x3}, {0x6, 0x9}, {0x4, 0x6}, {0x3, 0x7}, {0x6, 0x5}, {0x3, 0x9}, {0x4, 0x5}, {0x1, 0x8}, {0x3, 0x5}, {0x0, 0x7}, {0x1, 0x8}, {0x3, 0x9}, {}, {0x6, 0x1}, {0x2, 0x2}, {0x1, 0x6}, {0x4, 0x8}, {0x7, 0x2}, {0x6, 0x3}, {0x1, 0x3}, {0x0, 0x6}, {0x5, 0x7}, {0x4}, {0x6, 0x7}, {0x5, 0x7}, {0x1, 0x9}, {0x2}, {0x6, 0xa}, {0x3, 0x4}, {0x1, 0x8}, {0x6, 0x6}, {0x0, 0x5}, {0x2, 0x7}, {0x4, 0x7}, {0x1, 0x9}, {0x0, 0x9}, {0x1, 0x5}, {0x7, 0x7}, {0x1}, {0x5, 0x5}, {0x7, 0x5}, {0x4, 0x5}, {0x0, 0x9}, {0x6, 0x8}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_5GHZ={0x58, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x1ff, 0x9, 0xf, 0xc2f, 0x3ff, 0x9, 0x9]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x18, 0x2, [{0x6, 0x2}, {0x1, 0x7}, {0x1, 0x4}, {0x0, 0x1}, {0x7, 0xa}, {0x3}, {0x7, 0x3}, {0x4, 0x6}, {0x7, 0x2}, {0x6, 0x3}, {0x6, 0xa}, {0x6, 0x8}, {0x5, 0x8}, {0x1, 0x7}, {0x6, 0x2}, {0x1, 0x7}, {0x6, 0x1}, {0x5, 0x8}, {0x0, 0x4}, {0x5, 0x4}]}, @NL80211_TXRATE_LEGACY={0xc, 0x1, [0x5, 0x3, 0x2b, 0x3, 0x16, 0x3, 0x48, 0x48]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x6, 0x800, 0x9, 0x60, 0x3, 0x6, 0x100]}}]}, @NL80211_BAND_2GHZ={0x64, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x24, 0x1, [0x30, 0x1, 0xb, 0x1b, 0x36, 0x18, 0x18, 0xb, 0x2, 0xc, 0x24, 0x18, 0x6c, 0x30, 0x36, 0xb, 0x3, 0x5, 0x6, 0x1c, 0x1, 0x6, 0x1b, 0xb, 0xc, 0x18, 0x9, 0xc, 0x24, 0x60, 0x4, 0x30]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x3, 0x9, 0x6, 0x5e80, 0xdc04, 0x7, 0x7]}}]}]}]}, 0x408}, 0x1, 0x0, 0x0, 0x805}, 0x40040)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

3.327910681s ago: executing program 2 (id=545):
r0 = syz_open_dev$video(&(0x7f0000000080), 0xe, 0x20400)
ioctl$VIDIOC_SUBDEV_S_SELECTION(r0, 0xc040563e, &(0x7f00000000c0)={0x1, 0x0, 0x103, 0x0, {0x3, 0x3, 0x4, 0x7}})
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e24, @rand_addr=0x64010100}, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
modify_ldt$write(0x1, &(0x7f0000000080)={0x1fff}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYRES32], 0x48)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x81000, 0x0)
r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0xfffffffffffffffc)
r5 = dup(r4)
ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4400ae8f, &(0x7f0000000040)=@x86={0x0, 0x2, 0x6, 0x0, 0x0, 0x8, 0x7f, 0x2, 0x31, 0x8, 0x5, 0x9, 0x0, 0x0, 0x8, 0x5, 0x1, 0x9, 0x8b, '\x00', 0x2, 0x8000000000000000})
ioctl$KVM_RUN(r5, 0xae80, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'pimreg\x00', <r7=>0x0})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000100))
ioctl$DRM_IOCTL_MODE_GETPLANE(r6, 0xc02064b6, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000240)=[0x0]})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r5, 0xc02064b9, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="340000001400010000000000000000000aa10000", @ANYRES32=r7, @ANYBLOB="14000100ff0500000000000000000000000000010800080002040000"], 0x34}}, 0x0)
socket(0x10, 0x803, 0x0)

3.130440707s ago: executing program 1 (id=546):
fcntl$getownex(0xffffffffffffffff, 0x10, 0x0)
timer_create(0x1, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x1400200bce)
syz_open_dev$sndctrl(&(0x7f0000000140), 0xfffffffffffff6cf, 0x177201)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000002700)=""/102392, 0x18ff8)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@dev={0xfe, 0x80, '\x00', 0x30}, 0x7, 0x1, 0x0, 0x6, 0x6, 0x1}, 0x20)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x8}, 0x0)
r1 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_buf(r1, 0x29, 0x39, &(0x7f0000e86000)="0022040000ffffebfffffffeffffff0700000000ff000207835eeb1317b208feefaf234b4ff8b4cc4c39bdc8451792b903f4b7d8c8cf2153622652328c19ef68234f905557c4070000008735e9ab2f77c62e0a5cdd2cf9984c070400000000000003ff23353d8b2fc6a3ae1ebfcb49004a3ccd3560ae01010000079c60ed7449b842f3e253be8a62b37f820fe75a9ea937ea4efbfb9b4a128f2dbe2837496d00ad7765abaac2ec0f91c88a1ea1ff6ee308c72febedcf00798d41991ac25bb6fce2220c25ea380c7e112ab358c3a6bd8a59c100000001b4e82cb03419544a3988bc226a85abe6eb60cd7cf8d103d38c31c7c86d16c4d86cbe4ab190c092d077ce70590fbbd4f8bf4d6ab1cea6dbe9d4a54c17aac0db6e", 0x116)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000080)=0x1, 0x4)
connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}, 0xa}, 0x1c)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000040), 0x4)
socket$unix(0x1, 0x2, 0x0)
r2 = syz_open_dev$vim2m(&(0x7f0000000300), 0x40000000000000fb, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f0000000040)={0x400, 0x1, 0x4, 0x0, 0x20})
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100))

2.559612922s ago: executing program 5 (id=547):
socket$netlink(0x10, 0x3, 0x0)
prctl$PR_SET_MM(0x23, 0x6, &(0x7f0000ffc000/0x1000)=nil)
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={<r1=>0x0, 0x0, 0x0}, &(0x7f0000000440)=0x10)
setsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000100)={r1, 0x0, 0x7, 0x2, 0x0, 0x3}, 0x14)
r2 = socket(0x11, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r4 = socket(0x10, 0x2, 0x0)
r5 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r5)
getsockname$packet(r5, &(0x7f0000000340)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000500)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl1\x00', <r7=>r6, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @private2={0xfc, 0x2, '\x00', 0x1}, 0x0, 0x80, 0xfffffffc}})
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r4, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f00000000c0)={'syztnl1\x00', r7, 0x0, 0x0, 0x0, 0x0, 0xd, @dev={0xfe, 0x80, '\x00', 0x8}, @private0={0xfc, 0x0, '\x00', 0x1}, 0x700, 0x0, 0xfffffffc}})
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r8 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r9 = socket$kcm(0x10, 0x3, 0x10)
sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030033000b35d25a806c8c6f94f90324fc60100003000a000200053582c137153e37000c0680050002000300", 0x33fe0}], 0x1}, 0x0)
bpf$BPF_PROG_DETACH(0x9, 0x0, 0x20)
shmctl$SHM_STAT(0x0, 0xd, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000800)={0x408, 0x0, 0x8, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_TX_RATES={0x1a0, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x98, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x5, 0x5, 0x1, 0x6, 0x0, 0x0, 0x1]}}, @NL80211_TXRATE_HT={0x2c, 0x2, [{0x5, 0x2}, {0x2, 0x9}, {0x6, 0x7}, {0x2}, {0x1, 0x7}, {0x5, 0x6}, {0x2, 0x1}, {0x1, 0x3}, {0x3, 0x7}, {0x2, 0x1}, {0x1, 0x9}, {0x7, 0x3}, {0x6, 0x5}, {0x0, 0x5}, {0x6, 0x6}, {0x4}, {0x2, 0x7}, {0x2, 0x7}, {0x2, 0x3}, {0x1, 0x8}, {0x1, 0x9}, {0x3, 0x8}, {0x6, 0x5}, {0x3, 0x4}, {0x5, 0x3}, {0x1, 0x1}, {0x1, 0x9}, {0x0, 0x2}, {0x1, 0x8}, {0x7, 0x7}, {0x0, 0x3}, {0x0, 0x4}, {0x7, 0x8}, {0x0, 0x2}, {0x3, 0x4}, {0x6, 0x6}, {}, {0x1, 0xa}, {0x2, 0x5}, {0x2, 0x2}]}, @NL80211_TXRATE_LEGACY={0xc, 0x1, [0x30, 0x16, 0x24, 0x1, 0x30, 0x6, 0x6c, 0x16]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xd9, 0x3, 0x6, 0x8, 0xe0, 0x9, 0x0, 0x9]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x101, 0x9, 0x1, 0x5, 0x0, 0x45f, 0x1]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_2GHZ={0x90, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x24, 0x2, [{0x1}, {0x2, 0x2}, {}, {0x7}, {0x5, 0xa}, {0x0, 0x1}, {0x1, 0x6}, {0x1, 0x4}, {0x7, 0x4}, {0x0, 0x9}, {0x1, 0x3}, {0x2, 0x9}, {0x2, 0x8}, {0x5, 0xa}, {0x5, 0x5}, {0x1}, {0x5}, {0x2, 0x5}, {0x5, 0x6}, {0x5}, {0x6, 0x1}, {0x5, 0x9}, {0x2, 0x1}, {0x4, 0x5}, {0x1, 0x9}, {0x3, 0x5}, {0x1, 0x4}, {0x0, 0x2}, {0x7, 0x8}, {0x0, 0x7}, {0x6, 0x2}, {0x3, 0x6}]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0xc5df, 0xd, 0x4, 0x7, 0x8, 0x7, 0xb]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x8, 0xfc20, 0xffff, 0x4, 0x4, 0x6, 0x6]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x9, 0x10, 0x4, 0x8903, 0xe, 0x100, 0x5]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfff, 0x4, 0x6, 0x68, 0x0, 0x6c72, 0x7fff, 0x9]}}]}, @NL80211_BAND_6GHZ={0x74, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x1a, 0x2, [{0x0, 0xa}, {0x0, 0x4}, {0x0, 0xa}, {0x6, 0x9}, {0x2, 0x2}, {0x1, 0x6}, {0x5, 0x2}, {0x5, 0x6}, {0x4, 0x2}, {0x4, 0x1}, {0x3, 0x2}, {0x4, 0x1}, {0x6, 0x8}, {0x3, 0x9}, {0x2, 0x4}, {0x3, 0xa}, {0x0, 0x5}, {0x6, 0x4}, {0x6, 0x6}, {0x3, 0xa}, {0x4, 0x2}, {0x6, 0x4}]}, @NL80211_TXRATE_HT={0x29, 0x2, [{0x3, 0x1}, {0x7, 0x1}, {0x1}, {0x0, 0x2}, {0x3, 0xa}, {0x4, 0x1}, {}, {0x3, 0x2}, {0x7, 0xa}, {0x0, 0x5}, {}, {0x7, 0x5}, {0x1, 0x2}, {0x1, 0x2}, {0x2, 0x3}, {0x2, 0x3}, {0x7, 0x6}, {0x1, 0x4}, {0x3, 0xa}, {0x7, 0x4}, {0x3, 0x6}, {0x3, 0x8}, {0x2, 0x7}, {0x1, 0xa}, {0x6, 0x6}, {0x0, 0x8}, {0x1, 0x4}, {0x3, 0x1}, {0x4, 0x6}, {0x4, 0x7}, {0x7}, {0x1, 0x8}, {0x1, 0x8}, {0x1, 0x8}, {0x3, 0x9}, {0x1, 0x1}, {0x2, 0x8}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x3ff, 0x1, 0xe5c, 0x4, 0x3, 0x7ff, 0xaded]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xe7f1, 0x4, 0x1000, 0x2, 0x0, 0x400, 0xf20, 0x50]}}]}]}, @NL80211_ATTR_TX_RATES={0x254, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc4, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x24, 0x1, [0x4, 0xc, 0x15, 0x9, 0x9, 0x1, 0x16, 0x5, 0x36, 0x5, 0x30, 0x60, 0xb, 0x4, 0x1b, 0x5, 0x9, 0x2, 0x2, 0x24, 0x48, 0xb, 0x1, 0xb, 0x36, 0xcf2ba777a22fe3d6, 0x3, 0x36, 0xb, 0x2, 0x48, 0x4]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfffa, 0x8, 0x0, 0x6, 0x8, 0x1, 0x5, 0x4]}}, @NL80211_TXRATE_LEGACY={0xe, 0x1, [0x4e, 0x6, 0x24, 0x24, 0xb, 0x6c, 0x6, 0x6, 0x16, 0x1b]}, @NL80211_TXRATE_LEGACY={0x1f, 0x1, [0xb, 0x1b, 0x6, 0x3, 0x6c, 0x60, 0x36, 0x4, 0x4, 0x4, 0x36, 0xc, 0x10, 0x54, 0xa, 0x1, 0x13, 0x6, 0xb, 0x30, 0xc, 0x1b, 0x30, 0x36, 0x60, 0x1e, 0x1]}, @NL80211_TXRATE_LEGACY={0xd, 0x1, [0x9, 0x30, 0x0, 0x12, 0x9, 0x5, 0x36, 0x24, 0xb]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x1a, 0x1, [0x0, 0xb, 0x24, 0x36, 0x6c, 0x4, 0x1b, 0x48, 0x36, 0x6c, 0x36, 0xb, 0x2, 0x6c, 0x18, 0x36, 0x0, 0x48, 0xd, 0x2, 0x6c, 0x16]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xc, 0x9, 0x7, 0x10, 0x1cae, 0x5, 0x5, 0x7]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_2GHZ={0x48, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4}, @NL80211_TXRATE_HT={0x36, 0x2, [{0x0, 0xa}, {0x3}, {0x3, 0x9}, {0x2, 0x7}, {0x6, 0x4}, {0x5}, {0x0, 0x4}, {0x2, 0x4}, {0x0, 0x9}, {0x0, 0x2}, {0x6, 0x8}, {0x2, 0x9}, {0x0, 0x9}, {0x7}, {0x5, 0xa}, {0x2, 0x3}, {0x1, 0x6}, {0x3, 0xa}, {0x5, 0x1}, {0x0, 0xa}, {0x0, 0x4}, {0x0, 0x3}, {0x6, 0x5}, {0x4, 0x9}, {0x3}, {0x5, 0x1}, {0x1, 0x2}, {0x7, 0x5}, {0x5, 0x6}, {0x4, 0x6}, {0x7, 0x9}, {0x7, 0x6}, {0x7}, {0x5, 0x5}, {0x3, 0x4}, {0x6, 0x1}, {0x3, 0x3}, {0x1, 0x8}, {0x3, 0xa}, {0x1, 0x2}, {0x3}, {0x0, 0x3}, {0x7, 0x5}, {0x6, 0xa}, {0x5, 0x6}, {0x6, 0x1}, {0x7, 0xa}, {0x3, 0x8}, {0x2, 0x3}, {0x6, 0x5}]}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_60GHZ={0x88, 0x2, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x15, 0x1, [0xb, 0x9, 0x9, 0xb, 0x1, 0x18, 0x3, 0x30, 0x5, 0x3, 0xc, 0x60, 0x5, 0xb, 0x30, 0x30, 0x48]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HT={0x43, 0x2, [{0x3, 0x9}, {0x4, 0x8}, {0x1, 0x6}, {0x5, 0x9}, {0x0, 0xa}, {0x1, 0x8}, {0x5, 0x5}, {0x0, 0x1}, {0x1, 0x7}, {0x2, 0x9}, {0x0, 0x9}, {}, {0x7, 0x1}, {0x7, 0x3}, {0x2}, {0x4}, {0x5, 0xa}, {0x5, 0x3}, {0x3, 0x6}, {0x6, 0x3}, {0x6, 0x9}, {0x4, 0x6}, {0x3, 0x7}, {0x6, 0x5}, {0x3, 0x9}, {0x4, 0x5}, {0x1, 0x8}, {0x3, 0x5}, {0x0, 0x7}, {0x1, 0x8}, {0x3, 0x9}, {}, {0x6, 0x1}, {0x2, 0x2}, {0x1, 0x6}, {0x4, 0x8}, {0x7, 0x2}, {0x6, 0x3}, {0x1, 0x3}, {0x0, 0x6}, {0x5, 0x7}, {0x4}, {0x6, 0x7}, {0x5, 0x7}, {0x1, 0x9}, {0x2}, {0x6, 0xa}, {0x3, 0x4}, {0x1, 0x8}, {0x6, 0x6}, {0x0, 0x5}, {0x2, 0x7}, {0x4, 0x7}, {0x1, 0x9}, {0x0, 0x9}, {0x1, 0x5}, {0x7, 0x7}, {0x1}, {0x5, 0x5}, {0x7, 0x5}, {0x4, 0x5}, {0x0, 0x9}, {0x6, 0x8}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_5GHZ={0x58, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x1ff, 0x9, 0xf, 0xc2f, 0x3ff, 0x9, 0x9]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x18, 0x2, [{0x6, 0x2}, {0x1, 0x7}, {0x1, 0x4}, {0x0, 0x1}, {0x7, 0xa}, {0x3}, {0x7, 0x3}, {0x4, 0x6}, {0x7, 0x2}, {0x6, 0x3}, {0x6, 0xa}, {0x6, 0x8}, {0x5, 0x8}, {0x1, 0x7}, {0x6, 0x2}, {0x1, 0x7}, {0x6, 0x1}, {0x5, 0x8}, {0x0, 0x4}, {0x5, 0x4}]}, @NL80211_TXRATE_LEGACY={0xc, 0x1, [0x5, 0x3, 0x2b, 0x3, 0x16, 0x3, 0x48, 0x48]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x4, 0x6, 0x800, 0x9, 0x60, 0x3, 0x6, 0x100]}}]}, @NL80211_BAND_2GHZ={0x64, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x24, 0x1, [0x30, 0x1, 0xb, 0x1b, 0x36, 0x18, 0x18, 0xb, 0x2, 0xc, 0x24, 0x18, 0x6c, 0x30, 0x36, 0xb, 0x3, 0x5, 0x6, 0x1c, 0x1, 0x6, 0x1b, 0xb, 0xc, 0x18, 0x9, 0xc, 0x24, 0x60, 0x4, 0x30]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x0, 0x3, 0x9, 0x6, 0x5e80, 0xdc04, 0x7, 0x7]}}]}]}]}, 0x408}, 0x1, 0x0, 0x0, 0x805}, 0x40040)
getpid()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)

2.384175576s ago: executing program 2 (id=548):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = socket(0x2000000000000021, 0x2, 0x10000000000002)
connect$rxrpc(r1, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8, @multicast2}}, 0x24)
sendmmsg(r1, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18, 0xe000}, 0x5}], 0x1, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
recvmmsg(r1, &(0x7f0000000d00), 0xf000, 0x10002, 0x0)
recvfrom(r1, 0x0, 0x0, 0x0, 0x0, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={{0x14, 0x10, 0x1, 0x0, 0x84000000}, [], {0x14, 0x10}}, 0x28}}, 0x0)
r3 = syz_open_dev$media(&(0x7f00000000c0), 0x1ff, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r4, &(0x7f0000000140)={0xa, 0x0, 0x0, @dev, 0x9}, 0x1c)
r5 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488)
sendmsg(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000000)=',', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x44004)
recvmmsg(0xffffffffffffffff, &(0x7f00000048c0)=[{{&(0x7f0000000100)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}}}, 0x80, &(0x7f0000001540)=[{&(0x7f0000000180)=""/99, 0x63}, {&(0x7f0000000200)=""/4096, 0x1000}, {&(0x7f0000001200)=""/152, 0x98}, {&(0x7f0000000000)=""/27, 0x1b}, {&(0x7f00000012c0)=""/126, 0x7e}, {&(0x7f0000001340)=""/162, 0xa2}, {&(0x7f0000001400)=""/71, 0x47}, {&(0x7f0000001480)=""/173, 0xad}], 0x8}, 0x4}, {{&(0x7f00000015c0)=@vsock={0x28, 0x0, 0x0, @local}, 0x80, &(0x7f0000001800)=[{&(0x7f0000001640)=""/145, 0x91}, {&(0x7f0000001700)=""/216, 0xd8}, {&(0x7f0000000080)=""/28, 0x1c}], 0x3, &(0x7f0000001840)=""/86, 0x56}, 0x8}, {{&(0x7f00000018c0), 0x80, &(0x7f0000001cc0)=[{&(0x7f0000001940)=""/170, 0xaa}, {&(0x7f0000001a00)=""/114, 0x72}, {&(0x7f0000001a80)=""/110, 0x6e}, {&(0x7f0000001b00)=""/184, 0xb8}, {&(0x7f0000001bc0)=""/108, 0x6c}, {&(0x7f0000001c40)=""/47, 0x2f}, {&(0x7f0000001c80)=""/36, 0x24}], 0x7, &(0x7f0000001d40)=""/61, 0x3d}, 0x2}, {{&(0x7f0000001d80)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000002240)=[{&(0x7f0000001e00)=""/81, 0x51}, {&(0x7f0000001e80)=""/41, 0x29}, {&(0x7f0000001ec0)}, {&(0x7f0000001f00)=""/241, 0xf1}, {&(0x7f0000004a00)=""/79, 0x4f}, {&(0x7f0000002080)=""/156, 0x9c}, {&(0x7f0000002140)=""/55, 0x37}, {&(0x7f0000002180)=""/16, 0x10}, {&(0x7f00000021c0)=""/104, 0x68}], 0x9, &(0x7f0000002300)=""/115, 0x73}, 0x2}, {{&(0x7f0000002380)=@qipcrtr, 0x80, &(0x7f00000047c0)=[{&(0x7f0000002400)=""/4096, 0x1000}, {&(0x7f0000003400)=""/5, 0x5}, {&(0x7f0000003440)=""/237, 0xed}, {&(0x7f0000003540)=""/255, 0xff}, {&(0x7f0000003640)=""/71, 0x47}, {&(0x7f00000036c0)=""/4096, 0x1000}, {&(0x7f00000046c0)=""/238, 0xee}], 0x7, &(0x7f0000004840)=""/72, 0x48}, 0x9}], 0x5, 0x1, 0x0)
ioctl$MEDIA_IOC_REQUEST_ALLOC(r3, 0x80047c05, &(0x7f0000000040))
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000050000f58f04"])

2.110992809s ago: executing program 4 (id=549):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$vim2m(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
ioctl$vim2m_VIDIOC_ENUM_FMT(r1, 0xc0405602, &(0x7f0000001200)={0x2, 0x2, 0x0, "0e4110549c593a640b58655a0dbf7755552546205002a5e676d7397c29a6cab5", 0xb5315258})
ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f0000000000)={0x2, 'veth1_to_hsr\x00', {0x4}, 0x7})

1.325264087s ago: executing program 5 (id=550):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000800)=@newtaction={0x94, 0x30, 0x1, 0x0, 0x0, {}, [{0x80, 0x1, [@m_mpls={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}, @m_pedit={0x30, 0x2, 0x0, 0x0, {{0xa}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x94}}, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r2, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
write$qrtrtun(r1, &(0x7f0000000280)="ca1c808bb35bda", 0x7)
write$vhost_msg_v2(r1, &(0x7f0000000180)={0x2, 0x0, {0x0, 0x0, 0x0, 0x3, 0x4}}, 0x48)
write$qrtrtun(r1, &(0x7f0000000c00)="9d8d645e53b6183d874f9e93a18dd009a09560ff682bd07dc3d28385a8f3f9e18418950d4dfe49f13a19e24320444a7d6c121741ba3dc510dba4f980bbd9a315544fa0a1622d949faba79788908354e467989e8458e6f5f76e0e4e781bfca4c928c956321dd514877569805db6602f1584a8bd051f13bad882bea021ffb5ce918a1f87f1d439ec93772d6ecaaf8891f7678f2037ccced78ea5c1aa805f1b9f5a2c3974c5124cac5e163d9b6f5b998c1c7263fa2331d1241523986dccbd4e1f32b2f521380a2ea4732132264de6d26ce40177a780df98cbf94b96d900a2dfc5c877db675ebb1d7cbc398ca422ddbadc24ee6f3bf036f62cdb056502a6b657ff95930ea668649ad0003afe9a912179ce61631b3dab94642d2768f1f22299deb9eddb917fc0076b74406149024514d07417c6007e8cd4dc4e2295be", 0x13a)
write$UHID_INPUT(r1, &(0x7f0000001300)={0x8, {"af0014920c989bde943127351c7e048fe805d44569c987d51286ac5e80b0961cfe3629729c82e28c53b31e3ecbb8722bff9c0906027d5cb6fbd929cb4b5e657cc88a443809e6a720828c27b6519e7c18904d67528373733934aa5240afd60544d489e1ec3779ac45095c12c6c5f13c086306dfbbd31926b74150ff2c87db2be1d995e9b3a16fb7360de12618b05d94c291acfcdab84c919de60133f54a0a18d2517c1d0de417ae39fec1c9fa306573205051a9880da1f213b9a27c22b72d42d92b7b260b41bcc1868a0404936774ea5209f02929ec3eef4298818ddb708de6c0e1fda05436037d7d4042d2de3adebc8a62f58ec6ccb4160435c4393ba913250b56ec2fce544a01a5a3ce4363fd497fb256910f31e9416f5b719d64f931bd6d71b54787841b3e49e01fe6ac9598ddb5ef1aeb3d1cabb75845d46806a494b6cf89ec9c8203b92dd0dadc5a3c02545cd005b5f26b7d2b848cb684cb58245d591472d5109e7fbe1175656d729fdd689af57802b33d7d53d427aa57eb0af7a63d9f73be83cd9c12bd06463083b4cc853aad416e9faf484fa069d3b7599b6fc6d94152811403201b91da2547ff6721b0ea237c37464b47b3b4f37384e50ba5773a63356991a5abef659e089cc95e5c3b6d8428115efcf9e89e2743b167d7b9824392d868c159fd1264bea8b9b8b26769d15a27df3af350e2a6e9e37b35c153bf980e8ad15de3b0f3add5f98eb2cbc03eeb2b04e6fb032991d7a88b14c7d2cf2959fc4ed27c4c93c13f5760d0803f10afb91effb45967b4793c58e4bc2e4348c93b4e59f1544a01e89530f6056cda3f972050ae79d9297af71cce0d82c764db2422967f05c9847715c66321e8ab0075a361e8fd78a956074945e687ec1ad01f8dfeb7f3ae2c25daff35617a5d752ad5b019689f10c789d0196f73011f5a4e002aebb676ccb2d8b92ff6c1eb60de10ed0d42f2d19fe96786938eca0fd09a3f16f7b52ef806183282c05ff9fccf96abd096b442c73c494c78c4161ce0599bf6e637664f5dbefa129e69a0d53525d77f871716052385649c1249a402a4a9ecadfd7182a4aba3fc48d76890dfe8a5442ff1b833b95fdb7ae5f052e5c18e9b0ad482ed80c4567f0d0645e6525e3390195b3a4314ab063ffca639d2b181efe15d5bb09e967900fd55ad9db7f6ba99268e0d7e2785c5b14f801b16b6fe9966bb3fa88352bc2ca79aa9a77ec5f9c271dcc62b6124a4d5ed1014fa6eb98521d4be4ca4323311d39e44002e71469326056d98af69fd42eed1dfec48d191587b35e2641abe8c80a2553b92cb43feea49505b5b5ca35dfaf06c693730033ebcad45b6b8026d4722b5c7e13d69269808f438816f77a7b1ed2d31ab44968657e70a51e8d98e520e3628014a09e55f36ca5c4c630d687b20e5a7bdfd6d43613fd3738c8ec1464561586987388885b7a424c949a3110e5de795ffdcf1ef43fb8b5b0364cdb0e9a62c1c6922f08125d456f0ee5d58fa670ff071a8d5b57c06efe30d960f9a67d3dd7dd6ec13c799f9b89d90593ba794c5c582f8bd583af0a59043a1da36cee8e2cc173610960e33300ec48cf7281887ffe66e7ec113a29ed339556d84d638ae9554bb20f2a7695da8bcad10e5f155fe5d54eb511087f7abb4a8ae9e78e233b1e079a44c9cdf2529ed3166c24f80a2bda3b2dfdd2e1c2f650cc35fccf8cb17c03681c6f379f535eeaf46caa1dd95f0b72ea6cf301f2d713844b36c7e90e052528f04a668e1dc5ed11e95bbb86268c712af3f6c77d538c9d3dafeceaacc7ba6b20d9266d75c7470d627725700bfd36a9faf5488532a0871a00e18466f3499e3e3270513168d05f52472045b8558d3fb7880805b6fe3a56b3df9eaea72d147f94ee09e763fcf66d0c71b708fb842bbe619eeeaf483fa717864ab435ca03503285591364727a3615582c80d2023897f7bfdda9b00d095ec11f42482f3851a9232ed09ec6733d54020a9e3b98cb3a014f094e9d968672632a30f967a6d2f00c64fb0aefbeb64510edca5496c9f69379f71412f08fe6afeeb604040a42f00290bc04a40f66f0b84c9c6d7e4d1bc213ed49142215b259be08a0a305c68cbec769ce195ea62b7a2ce632da0a98b469284fd7802bb8c47943ac1c8a7a2b0ee36ed45cde2d13cc00ecc11ca9516d9e917fa28d703566b8d5743c5aba0da662f0446768c6d0df6773d1b0c46dac6a6213aa7b5095a8bd9f34048394a8baac9ec65d740ad8acb8eb683702eaf509c30b547bf355561ca00841efdccd413295a430344d17d2d5f4f435d0a33fafe1b4f6826e9d91436b379cc46039551997e54692487562f65a406b769f2856d37c87a73e2e3738c9afdfa5e0f088bbd2799c7c722c23a7cc37266af557beecb9cc8340bc76ba85a147530f3a9bd8cfe82358c0d799f0687540d463e0f010d1e914f043027284292bf31af75301e27689910393e41f877832797dd7c184249e7b2ec0a79b0decb9a3eead5b3c82ac60fe1485829bf75b8af597b5fd9e47460ebb6d809733eb790027094b019ef2bfb76d75876a5e1e312e80e841c5e074c78b35be6a4070c99372dbb13dc27966a8d448b8e3225b11af907985f3142d41da70a682166814fce9e535cca37058bbb3a02894f6ada82c266e763f431d7e1926da2fc86805b02d6af712c82e7a36e667bd3091661be9cc0cdbd3b3cc690594cf8bac39dd9dac1f883cfb0e500759b0e5dc36721b3ed452addc26d39733a2d76d852d897298009dea9546bae66e9aac7f35277e025d440ca93fdec4bbd58970a130fc79056af96f81b0461ef0e16d4fb12014313438a4bb95b2f9cac98e24a713ed14b539ceddf55e90b6c000044a24be6597e2c5a397a772d7c493ad53a05d6076b584ee7c1615ee7f9de627ac9d7d0d4a12b5a080a9c4977da436704bc9eb9f1d25ba91498e4b575550a69aab83e9157a910c4b2907ea97bcc171dcb7ff6fa982dee16d5c5aaaf93fcc225a6c67c96e54ead190f9c6f949b8025988a46d29c86cf18623882d5aa996a3ece81881ba63e0e7d62b585a179631c7e22f924be7aad5699af389c6651c92848153007d9929683648c8a3fb102a50d9a3e9c83e6cabeae5f97d7faad7a803f8c6dbd9237fa4bec7b33db2cc4db5cd7b3baf1c4f4ddc1f16ec6484cbd1adecab06617045b2d5bac8d1bf97a37ed2780a967a678095a6849cabd87256dbe46f52c960ba8ead52e666a131abfb019d2ac7dd2b055bf91168322b23821a522d241f27a2e7ef892d589a0e55b606167e53b0725a089cae5ef65f02f8a2f32dedb370bf2dc34dac5218be294e755915b399cece7e5c3fa887909961a3d626e4a43bab7edd193a9bc0a7a764640943a635fec7722ff8b3add819b26b78c4e54ff970c15d6b27971cd135d288f081a66e792a8ee5b2d89d5945a99f4216ac21fd9a61e305b4a908f4cbe38e5ccd5eab65f5962877a570524809dffa4ca0ed90d505601d7d244273f20cc47feca7259bd1362e334be459e25a59d4873fc8ede03744c88599a5e5f2a6fb0ca08d085e40c8bd71a0777f7715153e71f4a67f6bb73bbbcd766a9dd4287671dcf6b7daacc4f4b81b32ea0d0381fc32807fe9393249e596d3d5ae4bc5a1cb3e48d63478679eb381fbe8cafd2c6890ba29c1af695f2597c6b472a163b7584dde7327933b9d5e88e0d77e3a3d526a619966dde7f82c7ab7a67a59ded2c880ee0e2f736f054b7d99cc68df48c28d76ab12762c85d07a1f3215d3d4ef2ebd65b0f7eacf62ec12997ccdada731992513263a06e063c27eccfdb3c9d1199136c1a2c3d6b5ea6b2e96c9aa6be3bfbda408b2779ad4eba91809a495c1b872e40d49b0acf4b19b4677e6ea8d07b9a621816c4c5f0e5aa364d4803567da0b2b646604563b31aaa298130576690cbab52bf1ddad7c64a7a416ceb36d6b3202f377ed003e8d74cabd4a6a7be18c95716022cc30c45157d6743785746cf8b0e21ec3208336ab0a43ad9c058fffa3021f84ca8b037dea55254ab944493ca03d025a4b42df3e5b830b81471cddf81fd14aed18e45cfed27b1ef015827942f833a0eee4cc0fcd57f0180f83f32e17d27e4784e42eb1a256404aa6e12f9daabddb907230b20693f3bc74723be6808d95c6463ef7bb6bc4a756fdc805ef4077303e5cd504e6c1754ee8303ee92b94808782984f75c0df49436d3859c092133b0545dac0d8f84fc95a1f0f38e4ecbe3f935d33e86b97bb11ca6f502a602bc7e05b4e6514ddc8ae4d8231874b350b32f96ff6cfbe03f1bf5a0fda73c15eca00afe85c026f5e34e699910ab16502b224b8f383a9a863ca351a1e87c17baadb3f7141aa1295a2a6be4d88d1347da9c356ba9b3bfcc678b58add1b224a0c9b7c3cc4c828abc56acd320e8a8ad22da90a0cf6ae40a471c150581da040297aed0e4889c5963bd8c1415acecbd932f9acda87315e3b2dade276b8324dc7d95141cdd8c4fba82c834a95f9efeb2c74c31e7fd32f96a6a68d9e9942c0bdc55bedd1617e47420877b9f640094a37ceea39656468215ebe789a277f585adc1cc0285b53e33afae1616b0806aeed78b6cc4da54e3bdfa3d49ead4e4fa3623f86a4dfa3042ed403684c62a5d148a30c99c24c3cf9a8858e02800e49e0eed84472a559c9f208f6c3310050e4c5948320b5b4eeefe583bb0bcc0bc01356e76e3465f66a7d0c56ca7abc069db5bd7ad20ec01307f391b5bc890b5034271ee31d5bd374a9422a08ce949667512c8d0bb60eb5d4d22fa0e2a5d172edc7b7386abe63222ef8fc5c676828a1441c5ed19ed5827b0d73d568efc51f46f65ea4f205ac26924d6a7f11477fe23049e0de65bd534c81756556c1cd8bc70b3ce71e4e13d44500773e0767bc735c98f0e1d06dc79e43b946a2faaf698e188cf5909e433edbc546beffcbdea76064ff9d5d56273ca05af42c541b896bc5a942665599c9a8f52db36dbd6d42e8f9bb3446df5f44e3971eb408d0c63381b4aa5997441e01a5eff9fa51d82b7d60d8c3ead784e50b562db074b19e855e8290896b808611c40ed7e0691f758103208900d69cd4c86310318d339eeb473b4bea27be94622560cf35416eea7333bb72110afe202dfcc55c755ed32ea9b4851378b554546b52ebd71b90828733ac3040daf1e3d23bfcadd20bb9248731ab11155aebd259b7e693ebad5d43e6a85f14ea317f31eca905634f9e8d5b1ff73dc5dbd2bbeef6c2965932c885969e00e1939685b472c097b4504c9e6f273e1038045e5ac4010ac232288b77de7d3433a143292f145465b6d1f9020aa4f8405bda4310059b82ad8fd41e698a7824456e11f44e577dc5d5a0eb93b98421a2867c3d40627f9061c1d5689205915c7a91da42348ad3bd12038d84175bddaee423b73c93aebf873c850ef44d66324a80ad0cf268998d71fac6988cb0b1879ebcb6c4c3bce2c45daf73db246bc55fb8221341ef760f5f5264113a437e03cbcf03bb276cdc4100138afc6a1eeb9d90e7f43ce8abbd8be6b9c5b54920f76f07d1557167292feb4c970da3f582d40c0661af8f043e01db8016e2600f655175fa7d705bda3a14d1733ccf6603b7f8709b71f2046211468460791330234fa21f417e6a68cdb1d4496808923a87d02f0ebfb09e102a7c9f7c870c082d6993d10e0de2dbe119ac811848661ab30ab8d7a528acf262bf7d21c2f235e5638be58171b61bed99ac3fef801562aabcf3feff77fe9498d09de3e9c3cf18914392433030595aa31d9c79abc29350a2a2a1d0c2f311246", 0x1000}}, 0x1006)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r4, 0x0, 0x30, 0xe1515f8735398fb, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000002c0)=[0x45c], 0x0, 0x0, 0x1, 0x1}}, 0x3c)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000080)={'syztnl0\x00', &(0x7f0000000000)={'syztnl2\x00', <r5=>0x0, 0x8000, 0x700, 0x7, 0x101, {{0x12, 0x4, 0x2, 0x15, 0x48, 0x66, 0x0, 0x0, 0x4, 0x0, @empty, @loopback, {[@rr={0x7, 0x1b, 0x3d, [@loopback, @empty, @loopback, @empty, @private=0xa010102, @loopback]}, @lsrr={0x83, 0x17, 0xfa, [@rand_addr=0x64010100, @multicast1, @empty, @loopback, @initdev={0xac, 0x1e, 0x0, 0x0}]}]}}}}})
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r5, 0x0, 0x2}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_QUERY_RESPONSE_INTVL={0xc, 0x22, 0xc}, @IFLA_BR_STP_STATE={0x8, 0x5, 0x1}]}}}]}, 0x48}}, 0x0)

714.48832ms ago: executing program 4 (id=551):
r0 = syz_usb_connect(0x0, 0xfffffdc6, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x4a, 0x46, 0x2f, 0x20, 0x2040, 0x7217, 0xb93d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x67, 0x1, 0x0, 0x0, 0x50, 0x0, [{{0x9, 0x4, 0x4e, 0x0, 0x0, 0xd1, 0xa2, 0xb9, 0xff, [@uac_control={{0xa, 0x24, 0x1, 0x0, 0x2a}, [@output_terminal={0x9, 0x24, 0x3, 0x2, 0x305, 0x3, 0x4, 0xe0}, @processing_unit={0xd, 0x24, 0x7, 0x1, 0x2, 0x0, "cb4a9b3306ce"}, @input_terminal={0xc, 0x24, 0x2, 0x2, 0x105, 0x4, 0xec, 0xa, 0x3, 0x2b}]}, @cdc_ncm={{0x6, 0x24, 0x6, 0x0, 0x1, "8a"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x4, 0xff81, 0xa7}, {0x6, 0x24, 0x1a, 0x7, 0x30}, [@dmm={0x7, 0x24, 0x14, 0x774, 0x368}, @obex={0x5, 0x24, 0x15, 0x5}]}]}}]}}]}}, 0x0)
syz_usb_connect$cdc_ecm(0x5, 0x24d, &(0x7f0000000140)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0xff, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x23b, 0x1, 0x1, 0x89, 0x40, 0xcd, [{{0x9, 0x4, 0x0, 0x1, 0x3, 0x2, 0x6, 0x0, 0x8, {{0x5}, {0x5, 0x24, 0x0, 0x800}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x3, 0x3, 0x2}, [@mdlm_detail={0x27, 0x24, 0x13, 0x16, "88bf3e96712407f397cb7112d32240f5ae27d35c4b1264ae6d91f424420dbeca760bb9"}, @mdlm_detail={0xcf, 0x24, 0x13, 0xa5, "229fb7a67d5fe0212dc44ead9fe556e8b5b518c0578c9f80eabc2093cd1ecb7d9e92e3df2dc2a86c9b0630039e5b067e7c3f5a7307701db6875daf837b61c8442955d24c5b34c95dfa3865f7430a4b6c0778179bbe3077cf93707d79153158ef9ae04cfb52ba75317525c8bd858872c37b23cefaaf8aa3c21716fb181a58bf5fab2cd07178c0e8851e198e8b4e95cd1d0a4d966443770b04dce66063a5d46de2fe9ab5b7b0fb7994a4a985c4576c7421c49d535f7cae7d6ea0d7bc0d65b84f554b449c430a3c7adc9ea3f1"}, @ncm={0x6, 0x24, 0x1a, 0x3ff, 0x24}, @call_mgmt={0x5, 0x24, 0x1, 0x3, 0x80}, @mdlm_detail={0x37, 0x24, 0x13, 0xe, "42b334cea34f527e6b69d7be1fb4fc119b5b8569e3fa081ec133728c64bd23b7e05365a283b275b4ad77431228a1a9b495f3ff"}, @mdlm_detail={0xc8, 0x24, 0x13, 0xfa, "87956ed78b88c247a5ee4202a616c9eba40b5ecb384ad20c98023db66709f10be6aa249a613949ab9fc70e3bdcb6f41e78e27c9e1e6b8206498f833f072490de94666cf9d2b37ef90236f3b2f5e684d630001d84dcbb213df7cbe04c575f2a7ba904daad1ef5a3e2151af4c1082278dab9f0e829083e1866482e2b2379c1cb4576a7380b9eef7cb92a8f93bfc4e085fdce2baddd1ed021c37bff4f7154029448a0ca023d948fc93304cb3cf11c64818396ab5d2cb37ecd30a9dcf2b3895254a6c701f504"}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x40, 0x8, 0x5, 0x7}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0xc, 0xab, 0x6}}}}}]}}]}}, &(0x7f0000000700)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x200, 0x8, 0x4, 0x1, 0x10, 0xf}, 0x110, &(0x7f00000004c0)={0x5, 0xf, 0x110, 0x6, [@ssp_cap={0x10, 0x10, 0xa, 0x6, 0x1, 0x1, 0xf00f, 0x5, [0xff3f30]}, @ssp_cap={0x14, 0x10, 0xa, 0x9, 0x2, 0x7, 0x0, 0x8, [0xff0030, 0x0]}, @wireless={0xb, 0x10, 0x1, 0xc, 0x4, 0x17, 0x0, 0x240, 0x71}, @generic={0xc1, 0x10, 0x3, "55396a21bd60a048427f50cde86ab32e6cea2c43cd52abd6bff8a0558d8a580aef419a8364856e8be38de2de6ee70c8a2bf40dab10cf18d77dc82657038e5cc769357d2c2271965c0e16ac133b22baa152aa3eb478cd09e478f5f73d0059427ce13023d8c82604a1c893e32bc726f8bbbef719c7dc6a46bdfb3af46fc095de43029c15308ea0bacd808acc25cdf2a0ca08dac1e1abbfc2d2945fc844e1d496ed8266e5b0674ce5a0d2c974a73c7416dcf059d4497496e59fed411c4e14f4"}, @ssp_cap={0x18, 0x10, 0xa, 0x1, 0x3, 0x8, 0xf00f, 0xcc47, [0xff00, 0x0, 0x30]}, @ptm_cap={0x3}]}, 0x6, [{0x4, &(0x7f0000000080)=@lang_id={0x4, 0x3, 0x400a}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x3409}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x801}}, {0xc0, &(0x7f0000000600)=@string={0xc0, 0x3, "3e27a4137188b1feed8c5b83f9a4fd68c5d92014b63ae13c66ad66ed62378048915a9628a0721167132b2c396564b1ddcdb65e37e7b81c05022d0d0927a0d2d83a505881173f2d969adfd07dac5745eb5827538c534b46c1aa1e0bd4ce473892e96a76c322eade78129da4ab23283a7a07351133ae2d04bb8785f2fce503cd86aa3e7fd09fcded495d103246f222422a0c222652cd1ad1f1eb8c0ed6204ab87caa641911cd3b181a83061fb42f17652355ff93daea2b4754864fa096569c"}}, {0x4, &(0x7f00000006c0)=@lang_id={0x4, 0x3, 0x80a}}]})
syz_usb_connect$hid(0x5, 0x3f, &(0x7f0000000780)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x5a4, 0x1700, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x3, 0x20, 0xfb, [{{0x9, 0x4, 0x0, 0x4, 0x2, 0x3, 0x1, 0x2, 0x3, {0x9, 0x21, 0xf3, 0x80, 0x1, {0x22, 0xcbb}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x10, 0x41, 0x2}}, [{{0x9, 0x5, 0x2, 0x3, 0x3ff, 0x3, 0xb3, 0x6}}]}}}]}}]}}, &(0x7f0000000c00)={0xa, &(0x7f00000007c0)={0xa, 0x6, 0x110, 0x3, 0x1, 0x78, 0x8, 0xff}, 0xcc, &(0x7f0000000800)={0x5, 0xf, 0xcc, 0x5, [@ptm_cap={0x3}, @ext_cap={0x7, 0x10, 0x2, 0xc, 0x9, 0x3}, @generic={0x9f, 0x10, 0x1, "8ef0d5734496cac34fed539cf5a05b5611267d95fbb32af87d551b06ebe8e3bfa2102302127e696772c0e2fb1cb7f89ae78bf18237b1d3e0bfc5c6e3bffa25b6c4b0e54f638d976eb037902e53ce63aba919afcf426d990cefe7d383ef685b740ce69df51fc758439caf87bade85b857ce7021b194689363c761688afbd2fc4dc74ec7b013de91c86017e2a686ff9ccc03210b9415dd59a87c30e243"}, @ss_container_id={0x14, 0x10, 0x4, 0x4, "95d1bb264d701c24ad63633d8ebd2bb7"}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x8, 0x7, 0x4, 0x1ff}]}, 0x7, [{0x4, &(0x7f0000000900)=@lang_id={0x4, 0x3, 0x843}}, {0x4, &(0x7f0000000980)=@lang_id={0x4, 0x3, 0x420}}, {0x4, &(0x7f00000009c0)=@lang_id={0x4, 0x3, 0x2013}}, {0x4, &(0x7f0000000a00)=@lang_id={0x4, 0x3, 0x459}}, {0x3d, &(0x7f0000000a40)=@string={0x3d, 0x3, "85ba3ede8d57f55bf47c1602c4c49482103ab6ae4e12c68cae2285d5b180914f6b980b877f3c066b637e40f09e90329f5f4d20b8d0233cfc1b91ed"}}, {0x4, &(0x7f0000000a80)=@lang_id={0x4, 0x3, 0x1c0a}}, {0xda, &(0x7f0000000ac0)=@string={0xda, 0x3, "3a9b889867d4d44e926af7c50301efd306e64cf3d196a1d1dc7263b7b968b43a936ce030e6c23332d66221c923550b2983834345a0543a2445c05eaedfdbd004be09acad690da5366f4598b86fdda1d7e38cc9ba924da97a86a1e30996bcd55240edc7e0e5e5e112487165f4965f4d8129364f7cec7f15d1d090f9d4c8686260c0b51ddeea129d77ccc238312b5b1e9af016e440228f28f5e9ff6ccd385a7a16aa70a89bca7f7164f3566490fd39b25780c4b72b91f84d2a71bb31872accf72089a1a0fa5843ffd7cf4c141ccb66e3eb2dd3bf8974d93ab0"}}]})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000bc0)={0x2c, &(0x7f0000000940)={0x40, 0x31, 0x1, "f2"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000480)={0x2c, &(0x7f0000000000)=ANY=[@ANYBLOB="4013f808c8e00008050000000000004111ec0346920400000000000000b1907e2fa9e41d21"], 0x0, 0x0, 0x0, 0x0})

427.025174ms ago: executing program 3 (id=552):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x1})
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000400)=@bpf_ext={0x1c, 0x26, &(0x7f0000000780)=ANY=[@ANYBLOB="1800000001800000000000000200000018110000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000402700010400000018120000", @ANYBLOB, @ANYRES32, @ANYBLOB], &(0x7f00000000c0)='GPL\x00', 0x1037721f, 0x0, 0x0, 0x41000, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x8, 0x1}, 0x8, 0x10, &(0x7f0000000180)={0x4, 0x7, 0x3, 0x7}, 0x10, 0x30be8, 0xffffffffffffffff, 0x1, &(0x7f0000000200)=[0x1, 0x1], &(0x7f0000000240)=[{0x0, 0x2, 0xb, 0x2}], 0x10, 0x101, @void, @value}, 0x94)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
socket$inet6_mptcp(0xa, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
r5 = dup(r4)
setpriority(0x2, 0x0, 0x3ff)
setsockopt$IPT_SO_SET_REPLACE(r5, 0x4000000000000, 0x4, 0x0, 0x0)
mq_notify(r5, 0x0)
socket$kcm(0x29, 0x2, 0x0)
r6 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_SET_TIME(r6, 0x40247007, &(0x7f0000000040)={0x3e7})
sendmsg$RDMA_NLDEV_CMD_STAT_GET(0xffffffffffffffff, 0x0, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=ANY=[@ANYBLOB], 0xfc}}, 0x4040040)
bpf$BPF_PROG_QUERY(0x10, 0x0, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000540)=ANY=[@ANYRES32, @ANYRES32=r2, @ANYBLOB="1e0000fb0400415cdea1411c00000000000042f725528cf6dc863a5dcf837c9be57eed747c1c8c344ecb7eeb402827775b876fbe13a76f8e7f4a55d770b412d8728ae9e8e458c66228a9aa20f7eaa060741f3b690c139addf06900cf95e952d39bf4764ca889f2257763a5d5e3760b4f62f341cb727efdbcb9c91d063e1c5b0c1d90d45a925bb8846706a0a18d47961475381753d9829963e7", @ANYRES32=r2, @ANYBLOB, @ANYRES64], 0x20)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000500)={{0x1, 0x1, 0x18, <r8=>0xffffffffffffffff}, './file0\x00'})
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000004c0)={@cgroup=r0, r1, 0x27, 0x10, 0xffffffffffffffff, @void, @value=r8}, 0x20)
ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x306)

414.944708ms ago: executing program 1 (id=553):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f0000000400)=[{{&(0x7f0000000280)=@pppol2tpv3, 0x80, &(0x7f0000000340)=[{&(0x7f0000000300)=""/9, 0x9}], 0x1, &(0x7f0000000380)=""/23, 0x17}, 0x8}], 0x1, 0x2, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="140000001000009006000000000000000000000a44000000090a0000000000fa82a3fa211411fa0008000a40000000000900020073797a31000000000900010073797a30000000000800054000000000080008400000000014000000110001"], 0x6c}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0, 0xffffffffffffffff, 0x0, 0x1}, 0x18)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010000100000000000000000000fc000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000001c08000640ffffff000800034000000028580000000c0a01010000000000000000070000000900020073797a31000000000900010073797a30000000002c0003802800008008000340000000021c00028018000280080001"], 0xec}}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00'})
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
bind$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0x2710, @local}, 0x10)
listen(r5, 0x0)
r6 = landlock_create_ruleset(&(0x7f0000000040)={0x8201, 0x3}, 0x18, 0x0)
landlock_restrict_self(r6, 0x0)
landlock_restrict_self(r6, 0x0)
r7 = gettid()
r8 = syz_clone(0x0, 0x0, 0xfffffe11, 0x0, 0x0, 0x0)
r9 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x10, 0x0)
landlock_restrict_self(r9, 0x0)
kcmp(r7, r8, 0x5, 0xffffffffffffffff, r9)
r10 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r10, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10)

0s ago: executing program 5 (id=554):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3d, &(0x7f0000000040)={0x0, &(0x7f0000000080)})
pipe2(&(0x7f0000001440)={<r0=>0xffffffffffffffff}, 0x0)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x48850}, 0x1)
r1 = socket$kcm(0xa, 0x2, 0x3a)
sendmsg$kcm(r1, &(0x7f0000000440)={&(0x7f0000000800)=@in6={0xa, 0x4, 0x0, @mcast2, 0x1a}, 0x80, &(0x7f00000000c0)=[{0x0}], 0x1, 0x0, 0x0, 0x900}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
rseq(0x0, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
syz_clone(0x206000, 0x0, 0x0, 0x0, 0x0, 0x0)
mlock(&(0x7f00007d8000/0x800000)=nil, 0x800000)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={0xffffffffffffffff, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.143' (ED25519) to the list of known hosts.
[   73.049488][ T5819] cgroup: Unknown subsys name 'net'
[   73.165020][ T5819] cgroup: Unknown subsys name 'cpuset'
[   73.175027][ T5819] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   74.780164][ T5819] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   77.368921][ T5842] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   77.377534][ T5842] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   77.400433][ T5843] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   77.402411][ T5839] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   77.409150][ T5845] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   77.417131][ T5839] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   77.423329][ T5843] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   77.437761][ T5845] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   77.438250][ T5839] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   77.447079][ T5845] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   77.452709][ T5849] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   77.459659][ T5845] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   77.468471][ T5839] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   77.475235][ T5845] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   77.483641][ T5849] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   77.488160][ T5845] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   77.494602][ T5839] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   77.502872][ T5845] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   77.509948][ T5839] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   77.515581][ T5845] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   77.522542][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   77.530507][ T5845] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   77.545615][ T5845] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   77.557362][ T5845] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   77.565472][ T5845] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   77.573213][ T5845] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   77.581032][ T5845] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   77.591274][ T5845] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   77.615624][ T5844] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   77.623556][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   77.936343][ T5833] chnl_net:caif_netlink_parms(): no params data found
[   78.079495][ T5830] chnl_net:caif_netlink_parms(): no params data found
[   78.171664][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.179596][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.187816][ T5833] bridge_slave_0: entered allmulticast mode
[   78.195570][ T5833] bridge_slave_0: entered promiscuous mode
[   78.205448][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.212973][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.220270][ T5833] bridge_slave_1: entered allmulticast mode
[   78.227676][ T5833] bridge_slave_1: entered promiscuous mode
[   78.247470][ T5829] chnl_net:caif_netlink_parms(): no params data found
[   78.298843][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.308191][ T5840] chnl_net:caif_netlink_parms(): no params data found
[   78.327651][ T5841] chnl_net:caif_netlink_parms(): no params data found
[   78.348005][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.409682][ T5830] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.417017][ T5830] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.424375][ T5830] bridge_slave_0: entered allmulticast mode
[   78.431034][ T5830] bridge_slave_0: entered promiscuous mode
[   78.449655][ T5833] team0: Port device team_slave_0 added
[   78.467395][ T5830] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.477615][ T5830] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.485258][ T5830] bridge_slave_1: entered allmulticast mode
[   78.493005][ T5830] bridge_slave_1: entered promiscuous mode
[   78.512773][ T5833] team0: Port device team_slave_1 added
[   78.566393][ T5830] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.608230][ T5830] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.620845][ T5829] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.629349][ T5829] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.636650][ T5829] bridge_slave_0: entered allmulticast mode
[   78.643828][ T5829] bridge_slave_0: entered promiscuous mode
[   78.652042][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.659046][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.685123][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.698373][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.705477][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.731412][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.766790][ T5829] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.774066][ T5829] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.781382][ T5829] bridge_slave_1: entered allmulticast mode
[   78.788111][ T5829] bridge_slave_1: entered promiscuous mode
[   78.812717][ T5840] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.819837][ T5840] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.827295][ T5840] bridge_slave_0: entered allmulticast mode
[   78.834464][ T5840] bridge_slave_0: entered promiscuous mode
[   78.854301][ T5830] team0: Port device team_slave_0 added
[   78.889188][ T5829] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.898602][ T5840] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.905944][ T5840] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.913878][ T5840] bridge_slave_1: entered allmulticast mode
[   78.920618][ T5840] bridge_slave_1: entered promiscuous mode
[   78.938975][ T5830] team0: Port device team_slave_1 added
[   78.946494][ T5841] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.953978][ T5841] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.961345][ T5841] bridge_slave_0: entered allmulticast mode
[   78.968153][ T5841] bridge_slave_0: entered promiscuous mode
[   78.976886][ T5841] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.984064][ T5841] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.991367][ T5841] bridge_slave_1: entered allmulticast mode
[   78.998290][ T5841] bridge_slave_1: entered promiscuous mode
[   79.024559][ T5829] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.092839][ T5833] hsr_slave_0: entered promiscuous mode
[   79.099352][ T5833] hsr_slave_1: entered promiscuous mode
[   79.119277][ T5840] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.129020][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.136301][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.162449][ T5830] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.175173][ T5830] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.182195][ T5830] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.208164][ T5830] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.221872][ T5841] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   79.255981][ T5829] team0: Port device team_slave_0 added
[   79.263439][ T5840] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.287629][ T5841] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   79.312037][ T5829] team0: Port device team_slave_1 added
[   79.331852][ T5840] team0: Port device team_slave_0 added
[   79.340264][ T5840] team0: Port device team_slave_1 added
[   79.395257][ T5841] team0: Port device team_slave_0 added
[   79.425960][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.433139][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.459386][ T5829] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.484234][ T5841] team0: Port device team_slave_1 added
[   79.493615][ T5830] hsr_slave_0: entered promiscuous mode
[   79.500025][ T5830] hsr_slave_1: entered promiscuous mode
[   79.506299][ T5830] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   79.514222][ T5830] Cannot create hsr debugfs directory
[   79.520151][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.527225][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.553280][ T5840] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.566711][ T5840] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.566808][ T5844] Bluetooth: hci2: command tx timeout
[   79.573778][   T54] Bluetooth: hci3: command tx timeout
[   79.574183][ T5840] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.610922][ T5840] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.626259][ T5829] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.633490][ T5829] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.659601][ T5829] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.660081][ T5844] Bluetooth: hci0: command tx timeout
[   79.670328][   T54] Bluetooth: hci1: command tx timeout
[   79.670705][   T54] Bluetooth: hci4: command tx timeout
[   79.730089][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_0
[   79.737226][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.763579][ T5841] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   79.776616][ T5841] batman_adv: batadv0: Adding interface: batadv_slave_1
[   79.783844][ T5841] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   79.810526][ T5841] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   79.895621][ T5840] hsr_slave_0: entered promiscuous mode
[   79.902411][ T5840] hsr_slave_1: entered promiscuous mode
[   79.908537][ T5840] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   79.916511][ T5840] Cannot create hsr debugfs directory
[   79.974397][ T5829] hsr_slave_0: entered promiscuous mode
[   79.980821][ T5829] hsr_slave_1: entered promiscuous mode
[   79.988025][ T5829] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   79.996089][ T5829] Cannot create hsr debugfs directory
[   80.022852][ T5841] hsr_slave_0: entered promiscuous mode
[   80.028989][ T5841] hsr_slave_1: entered promiscuous mode
[   80.035273][ T5841] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   80.043221][ T5841] Cannot create hsr debugfs directory
[   80.208809][ T5833] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   80.243563][ T5833] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   80.289720][ T5833] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   80.331693][ T5833] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   80.435876][ T5830] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   80.448434][ T5830] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   80.466495][ T5830] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   80.494190][ T5830] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   80.537011][ T5829] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   80.559914][ T5829] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   80.571876][ T5829] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   80.590024][ T5829] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   80.667332][ T5840] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   80.680398][ T5840] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   80.690946][ T5840] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   80.702659][ T5840] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   80.778573][ T5841] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   80.802324][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.809195][ T5841] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   80.822652][ T5841] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   80.834430][ T5841] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   80.897438][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[   80.912239][ T5829] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.951434][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.958748][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.009772][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.016951][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.050207][ T5829] 8021q: adding VLAN 0 to HW filter on device team0
[   81.062140][ T5830] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.094492][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.105479][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.112647][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.122822][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.130006][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.177653][ T5840] 8021q: adding VLAN 0 to HW filter on device team0
[   81.202682][ T5830] 8021q: adding VLAN 0 to HW filter on device team0
[   81.225466][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.232632][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.254923][ T5829] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   81.300023][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.307323][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.320410][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.327616][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.350269][ T5841] 8021q: adding VLAN 0 to HW filter on device bond0
[   81.396911][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.404143][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.459187][ T5841] 8021q: adding VLAN 0 to HW filter on device team0
[   81.497696][ T5830] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   81.508835][ T5830] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   81.590417][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.618570][   T52] bridge0: port 1(bridge_slave_0) entered blocking state
[   81.625782][   T52] bridge0: port 1(bridge_slave_0) entered forwarding state
[   81.642618][   T54] Bluetooth: hci3: command tx timeout
[   81.648244][   T54] Bluetooth: hci2: command tx timeout
[   81.665911][   T52] bridge0: port 2(bridge_slave_1) entered blocking state
[   81.673117][   T52] bridge0: port 2(bridge_slave_1) entered forwarding state
[   81.721688][   T54] Bluetooth: hci4: command tx timeout
[   81.747481][   T54] Bluetooth: hci0: command tx timeout
[   81.747493][ T5844] Bluetooth: hci1: command tx timeout
[   81.809255][ T5829] veth0_vlan: entered promiscuous mode
[   81.852756][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.958766][ T5829] veth1_vlan: entered promiscuous mode
[   82.009636][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.019363][ T5830] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.080457][ T5833] veth0_vlan: entered promiscuous mode
[   82.111116][ T5841] 8021q: adding VLAN 0 to HW filter on device batadv0
[   82.141095][ T5833] veth1_vlan: entered promiscuous mode
[   82.196094][ T5829] veth0_macvtap: entered promiscuous mode
[   82.220833][ T5830] veth0_vlan: entered promiscuous mode
[   82.250493][ T5830] veth1_vlan: entered promiscuous mode
[   82.270670][ T5829] veth1_macvtap: entered promiscuous mode
[   82.295223][ T5841] veth0_vlan: entered promiscuous mode
[   82.312183][ T5833] veth0_macvtap: entered promiscuous mode
[   82.324545][ T5841] veth1_vlan: entered promiscuous mode
[   82.344944][ T5833] veth1_macvtap: entered promiscuous mode
[   82.356891][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.380280][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.393427][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.405270][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.427625][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.441413][ T5830] veth0_macvtap: entered promiscuous mode
[   82.450247][ T5830] veth1_macvtap: entered promiscuous mode
[   82.460219][ T5829] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   82.470871][ T5829] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.483113][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.499253][ T5829] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.509125][ T5829] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.518583][ T5829] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.529178][ T5829] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.540026][ T5833] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.549160][ T5833] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.558457][ T5833] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.569060][ T5833] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.634296][ T5841] veth0_macvtap: entered promiscuous mode
[   82.648043][ T5840] veth0_vlan: entered promiscuous mode
[   82.658648][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.670124][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.685250][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.696119][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.708417][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.724512][ T5841] veth1_macvtap: entered promiscuous mode
[   82.740643][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   82.752592][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.763854][ T5830] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   82.774382][ T5830] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.785647][ T5830] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.796408][ T5830] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.805335][ T5830] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.814496][ T5830] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.823423][ T5830] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.844822][ T5840] veth1_vlan: entered promiscuous mode
[   82.901470][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.914541][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.928045][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.938747][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.948654][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.959158][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.970017][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.003992][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.021426][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.031540][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.042256][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.052215][ T5841] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.062688][ T5841] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.074092][ T5841] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.122828][ T5841] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.125825][   T52] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.141529][   T52] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.147035][ T5841] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.158102][ T5841] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.167322][ T5841] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.179832][ T5840] veth0_macvtap: entered promiscuous mode
[   83.195805][ T3464] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.201056][ T5840] veth1_macvtap: entered promiscuous mode
[   83.210058][ T3464] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.295486][ T3464] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.297655][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.311629][ T3464] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.324143][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.334062][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.344594][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.354546][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.365154][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.376161][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   83.386726][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.397505][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0
[   83.424341][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.437527][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.447588][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.458057][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.467941][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.478474][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.488871][ T5840] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   83.499423][ T5840] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   83.510316][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1
[   83.519735][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.527810][ T5840] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   83.538186][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.539284][ T5840] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   83.555411][ T5840] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   83.564615][ T5840] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   83.589082][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.600261][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.697124][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.710629][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.724247][   T54] Bluetooth: hci2: command tx timeout
[   83.724373][ T5844] Bluetooth: hci3: command tx timeout
[   83.801761][ T5844] Bluetooth: hci1: command tx timeout
[   83.802262][   T54] Bluetooth: hci0: command tx timeout
[   83.807366][ T5844] Bluetooth: hci4: command tx timeout
[   83.856110][ T5833] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   83.897342][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.923120][ T3464] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.931001][ T3464] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.946203][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.004116][   T52] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.035382][   T52] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.087300][   T64] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   84.121256][   T64] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   84.142928][ T5918] FAULT_INJECTION: forcing a failure.
[   84.142928][ T5918] name failslab, interval 1, probability 0, space 0, times 1
[   84.180821][ T5918] CPU: 1 UID: 0 PID: 5918 Comm: syz.1.2 Not tainted 6.14.0-rc3-syzkaller-00137-g27eddbf34490 #0
[   84.180851][ T5918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[   84.180868][ T5918] Call Trace:
[   84.180879][ T5918]  <TASK>
[   84.180887][ T5918]  dump_stack_lvl+0x241/0x360
[   84.180927][ T5918]  ? __pfx_dump_stack_lvl+0x10/0x10
[   84.180949][ T5918]  ? __pfx__printk+0x10/0x10
[   84.180984][ T5918]  ? fs_reclaim_acquire+0x93/0x130
[   84.181023][ T5918]  ? __pfx___might_resched+0x10/0x10
[   84.181052][ T5918]  should_fail_ex+0x40a/0x550
[   84.181087][ T5918]  should_failslab+0xac/0x100
[   84.181121][ T5918]  __kmalloc_noprof+0xdd/0x4c0
[   84.181140][ T5918]  ? kstrtouint_from_user+0x128/0x190
[   84.181159][ T5918]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[   84.181192][ T5918]  tomoyo_realpath_from_path+0xcf/0x5e0
[   84.181226][ T5918]  tomoyo_path_number_perm+0x239/0x770
[   84.181257][ T5918]  ? __lock_acquire+0x1397/0x2100
[   84.181289][ T5918]  ? tomoyo_path_number_perm+0x209/0x770
[   84.181321][ T5918]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[   84.181393][ T5918]  ? __fget_files+0x2a/0x410
[   84.181418][ T5918]  ? __fget_files+0x2a/0x410
[   84.181444][ T5918]  security_file_ioctl+0xc6/0x2a0
[   84.181478][ T5918]  __se_sys_ioctl+0x46/0x170
[   84.181507][ T5918]  do_syscall_64+0xf3/0x230
[   84.181535][ T5918]  ? clear_bhb_loop+0x35/0x90
[   84.181568][ T5918]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   84.181596][ T5918] RIP: 0033:0x7f2e6218d0a9
[   84.181620][ T5918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   84.181637][ T5918] RSP: 002b:00007f2e62fa0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   84.181658][ T5918] RAX: ffffffffffffffda RBX: 00007f2e623a5fa0 RCX: 00007f2e6218d0a9
[   84.181673][ T5918] RDX: 0000400000000000 RSI: 000000008010aa01 RDI: 0000000000000004
[   84.181687][ T5918] RBP: 00007f2e62fa0090 R08: 0000000000000000 R09: 0000000000000000
[   84.181699][ T5918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   84.181711][ T5918] R13: 0000000000000000 R14: 00007f2e623a5fa0 R15: 00007ffd345e98b8
[   84.181741][ T5918]  </TASK>
[   84.428708][ T5918] ERROR: Out of memory at tomoyo_realpath_from_path.
[   84.861566][ T5927] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   85.201449][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   85.251916][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   85.456624][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   85.661452][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!!
[   85.802822][   T54] Bluetooth: hci2: command tx timeout
[   85.808996][ T5844] Bluetooth: hci3: command tx timeout
[   85.881515][   T54] Bluetooth: hci1: command tx timeout
[   85.887414][ T5845] Bluetooth: hci4: command tx timeout
[   85.893507][ T5844] Bluetooth: hci0: command tx timeout
[   86.138930][   T29] audit: type=1326 audit(1740144313.483:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5945 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8098d0a9 code=0x7ffc0000
[   86.171540][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   86.202369][ T5946] ipt_REJECT: TCP_RESET invalid for non-tcp
[   86.235336][ T5946] x_tables: ip_tables: REJECT target: only valid in filter table, not .
[   86.341597][   T29] audit: type=1326 audit(1740144313.503:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5945 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7f7f8098d0a9 code=0x7ffc0000
[   86.467629][   T29] audit: type=1326 audit(1740144313.503:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5945 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8098d0a9 code=0x7ffc0000
[   86.817484][   T29] audit: type=1326 audit(1740144313.573:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5945 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f7f8098d0a9 code=0x7ffc0000
[   87.032418][   T29] audit: type=1326 audit(1740144313.573:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5945 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8098d0a9 code=0x7ffc0000
[   87.057000][   T29] audit: type=1326 audit(1740144313.573:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5945 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f7f8098d0a9 code=0x7ffc0000
[   87.096009][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   87.149401][   T29] audit: type=1326 audit(1740144313.573:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5945 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8098d0a9 code=0x7ffc0000
[   87.190493][ T5976] netlink: 12 bytes leftover after parsing attributes in process `syz.3.15'.
[   87.203989][   T29] audit: type=1326 audit(1740144313.593:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5945 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=280 compat=0 ip=0x7f7f8098d0a9 code=0x7ffc0000
[   87.225267][   T29] audit: type=1326 audit(1740144313.593:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5945 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8098d0a9 code=0x7ffc0000
[   87.391427][ T5979] Zero length message leads to an empty skb
[   87.405281][ T5979] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   88.174151][ T5975] smc: net device bond0 applied user defined pnetid SYZ2
[   88.193901][   T29] audit: type=1326 audit(1740144313.593:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5945 comm="syz.3.4" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f7f8098d0a9 code=0x7ffc0000
[   88.256056][ T5984] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   88.282237][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   90.282034][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   90.474065][    T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!!
[   91.191024][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   91.871257][ T6010] warning: `syz.4.22' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   92.031807][   T63] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   92.041861][ T5912] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   92.133435][ T6012] netlink: 76 bytes leftover after parsing attributes in process `syz.1.23'.
[   92.150869][ T6012] netlink: 16 bytes leftover after parsing attributes in process `syz.1.23'.
[   92.165978][ T6012] netlink: 4 bytes leftover after parsing attributes in process `syz.1.23'.
[   92.203204][ T6012] netlink: 20 bytes leftover after parsing attributes in process `syz.1.23'.
[   92.224006][ T5912] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 34, using maximum allowed: 30
[   92.272215][   T63] usb 3-1: Using ep0 maxpacket: 8
[   92.277869][ T5912] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   92.283511][   T63] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   92.292224][    T8] cfg80211: failed to load regulatory.db
[   92.346473][ T5912] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 34
[   92.356286][   T63] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0
[   92.414869][ T5912] usb 1-1: New USB device found, idVendor=046a, idProduct=0027, bcdDevice= 0.00
[   92.438820][   T63] usb 3-1: config 0 interface 0 has no altsetting 0
[   92.452787][ T5912] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.465050][   T63] usb 3-1: New USB device found, idVendor=056e, idProduct=00ff, bcdDevice= 0.00
[   92.480387][   T63] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.501608][   T25] usb 5-1: new low-speed USB device number 2 using dummy_hcd
[   92.523758][   T63] usb 3-1: config 0 descriptor??
[   92.671591][   T25] usb 5-1: device descriptor read/64, error -71
[   92.735782][ T5912] usb 1-1: config 0 descriptor??
[   92.991572][   T25] usb 5-1: new low-speed USB device number 3 using dummy_hcd
[   93.271582][   T25] usb 5-1: device descriptor read/64, error -71
[   93.371243][   T63] elecom 0003:056E:00FF.0001: hidraw0: USB HID v0.05 Device [HID 056e:00ff] on usb-dummy_hcd.2-1/input0
[   93.535279][ T5912] cherry 0003:046A:0027.0002: item fetching failed at offset 3/5
[   93.563426][ T5912] cherry 0003:046A:0027.0002: probe with driver cherry failed with error -22
[   93.681822][   T25] usb usb5-port1: attempt power cycle
[   93.690171][   T63] usb 3-1: USB disconnect, device number 2
[   93.779618][  T120] usb 1-1: USB disconnect, device number 2
[   94.041392][   T25] usb 5-1: new low-speed USB device number 4 using dummy_hcd
[   94.084486][   T25] usb 5-1: device descriptor read/8, error -71
[   94.371453][   T25] usb 5-1: new low-speed USB device number 5 using dummy_hcd
[   94.386652][ T6035] netlink: 8 bytes leftover after parsing attributes in process `syz.2.29'.
[   94.412600][  T120] IPVS: starting estimator thread 0...
[   94.430244][   T25] usb 5-1: device descriptor read/8, error -71
[   94.582120][ T6039] netlink: 12 bytes leftover after parsing attributes in process `syz.3.30'.
[   94.775966][   T25] usb usb5-port1: unable to enumerate USB device
[   94.873999][ T6038] IPVS: using max 18 ests per chain, 43200 per kthread
[   96.788696][ T6059] netlink: 8 bytes leftover after parsing attributes in process `syz.4.35'.
[   97.081404][ T5912] IPVS: starting estimator thread 0...
[   97.159594][ T6055] netlink: 76 bytes leftover after parsing attributes in process `syz.0.36'.
[   97.209325][ T6061] IPVS: using max 28 ests per chain, 67200 per kthread
[   97.763096][ T6063] netlink: 16 bytes leftover after parsing attributes in process `syz.0.36'.
[   97.816681][ T6063] netlink: 4 bytes leftover after parsing attributes in process `syz.0.36'.
[   97.848869][ T6055] netlink: 20 bytes leftover after parsing attributes in process `syz.0.36'.
[   98.046945][ T6069] netlink: 'syz.4.39': attribute type 29 has an invalid length.
[   98.101016][ T6069] netlink: 8 bytes leftover after parsing attributes in process `syz.4.39'.
[   98.136875][ T6070] netlink: 'syz.4.39': attribute type 29 has an invalid length.
[   98.190232][ T6070] netlink: 8 bytes leftover after parsing attributes in process `syz.4.39'.
[   98.234174][ T6073] netlink: 12 bytes leftover after parsing attributes in process `syz.2.40'.
[  102.040437][ T6104] netlink: 'syz.4.46': attribute type 29 has an invalid length.
[  102.062833][ T6104] netlink: 'syz.4.46': attribute type 29 has an invalid length.
[  102.161809][  T120] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  102.363168][  T120] usb 3-1: Using ep0 maxpacket: 8
[  102.399240][  T120] usb 3-1: config 32 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 255, changing to 11
[  102.543743][  T120] usb 3-1: config 32 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 59391, setting to 1024
[  102.787253][  T120] usb 3-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7
[  103.285559][  T120] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.617599][ T6115] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  103.636078][  T120] usb 3-1: can't set config #32, error -71
[  103.674331][  T120] usb 3-1: USB disconnect, device number 3
[  110.416224][ T6173] capability: warning: `syz.1.65' uses 32-bit capabilities (legacy support in use)
[  112.447248][ T6189] FAULT_INJECTION: forcing a failure.
[  112.447248][ T6189] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  112.462212][ T6189] CPU: 0 UID: 0 PID: 6189 Comm: syz.1.68 Not tainted 6.14.0-rc3-syzkaller-00137-g27eddbf34490 #0
[  112.462240][ T6189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  112.462252][ T6189] Call Trace:
[  112.462259][ T6189]  <TASK>
[  112.462267][ T6189]  dump_stack_lvl+0x241/0x360
[  112.462296][ T6189]  ? __pfx_dump_stack_lvl+0x10/0x10
[  112.462331][ T6189]  should_fail_ex+0x40a/0x550
[  112.462363][ T6189]  _copy_from_user+0x2d/0xb0
[  112.462388][ T6189]  copy_folio_from_user+0x158/0x2a0
[  112.462415][ T6189]  mfill_atomic_copy+0x1686/0x1a60
[  112.462463][ T6189]  ? __pfx_mfill_atomic_copy+0x10/0x10
[  112.462496][ T6189]  ? irqentry_exit+0x63/0x90
[  112.462522][ T6189]  ? lockdep_hardirqs_on+0x99/0x150
[  112.462561][ T6189]  userfaultfd_ioctl+0x2985/0x6840
[  112.462602][ T6189]  ? raw_spin_rq_unlock_irq+0x12/0x90
[  112.462634][ T6189]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  112.462660][ T6189]  ? mark_lock+0x9a/0x360
[  112.462692][ T6189]  ? rcu_is_watching+0x15/0xb0
[  112.462715][ T6189]  ? __pv_queued_spin_lock_slowpath+0xb8a/0xdb0
[  112.462754][ T6189]  ? __pfx___pv_queued_spin_lock_slowpath+0x10/0x10
[  112.462784][ T6189]  ? do_vfs_ioctl+0xf18/0x2770
[  112.462815][ T6189]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  112.462841][ T6189]  ? raw_spin_rq_unlock_irq+0x12/0x90
[  112.462870][ T6189]  ? update_curr+0x113/0xda0
[  112.462904][ T6189]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  112.462936][ T6189]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  112.462965][ T6189]  ? do_raw_spin_unlock+0x13c/0x8b0
[  112.462991][ T6189]  ? raw_spin_rq_unlock_irq+0x17/0x90
[  112.463021][ T6189]  ? lockdep_hardirqs_on+0x99/0x150
[  112.463046][ T6189]  ? raw_spin_rq_unlock_irq+0x17/0x90
[  112.463078][ T6189]  ? __schedule+0x1a75/0x4c40
[  112.463119][ T6189]  ? __pfx___schedule+0x10/0x10
[  112.463146][ T6189]  ? irqentry_exit+0x63/0x90
[  112.463169][ T6189]  ? lockdep_hardirqs_on+0x99/0x150
[  112.463219][ T6189]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  112.463250][ T6189]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  112.463283][ T6189]  ? irqentry_exit+0x63/0x90
[  112.463304][ T6189]  ? lockdep_hardirqs_on+0x99/0x150
[  112.463336][ T6189]  ? __se_sys_ioctl+0x51/0x170
[  112.463362][ T6189]  ? do_vfs_ioctl+0xc/0x2770
[  112.463387][ T6189]  ? __pfx_userfaultfd_ioctl+0x10/0x10
[  112.463415][ T6189]  __se_sys_ioctl+0xf5/0x170
[  112.463443][ T6189]  do_syscall_64+0xf3/0x230
[  112.463469][ T6189]  ? clear_bhb_loop+0x35/0x90
[  112.463501][ T6189]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  112.463528][ T6189] RIP: 0033:0x7f2e6218d0a9
[  112.463545][ T6189] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  112.463561][ T6189] RSP: 002b:00007f2e62f7f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  112.463582][ T6189] RAX: ffffffffffffffda RBX: 00007f2e623a6080 RCX: 00007f2e6218d0a9
[  112.463596][ T6189] RDX: 0000400000000000 RSI: 00000000c028aa03 RDI: 0000000000000003
[  112.463609][ T6189] RBP: 00007f2e62f7f090 R08: 0000000000000000 R09: 0000000000000000
[  112.463621][ T6189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  112.463632][ T6189] R13: 0000000000000000 R14: 00007f2e623a6080 R15: 00007ffd345e98b8
[  112.463661][ T6189]  </TASK>
[  115.952862][ T6224] kvm: emulating exchange as write
[  122.929197][ T6290] delete_channel: no stack
[  123.034402][ T6289] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  123.607647][ T6296] netlink: 8 bytes leftover after parsing attributes in process `syz.4.93'.
[  123.620276][ T6296] netlink: 4 bytes leftover after parsing attributes in process `syz.4.93'.
[  124.007652][ T6296] netlink: 32 bytes leftover after parsing attributes in process `syz.4.93'.
[  124.251422][ T6296] nbd0: detected capacity change from 0 to 256
[  124.284138][ T5844] block nbd0: Receive control failed (result -32)
[  124.398339][ T5989] block nbd0: Dead connection, failed to find a fallback
[  124.481255][ T5989] block nbd0: shutting down sockets
[  124.487031][ T5989] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  124.531540][ T5989] Buffer I/O error on dev nbd0, logical block 0, async page read
[  124.549910][ T5989] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  124.568357][ T5989] Buffer I/O error on dev nbd0, logical block 0, async page read
[  124.751903][ T5989] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  124.761881][ T5989] Buffer I/O error on dev nbd0, logical block 0, async page read
[  124.770043][ T5989] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  124.781104][ T5989] Buffer I/O error on dev nbd0, logical block 0, async page read
[  124.790327][ T5989] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  125.635651][ T5989] Buffer I/O error on dev nbd0, logical block 0, async page read
[  125.656409][ T5989] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  125.932464][ T5989] Buffer I/O error on dev nbd0, logical block 0, async page read
[  125.943669][ T5989] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  126.287343][ T5989] Buffer I/O error on dev nbd0, logical block 0, async page read
[  126.307847][ T5989] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  126.359707][ T5989] Buffer I/O error on dev nbd0, logical block 0, async page read
[  126.368936][ T5989] ldm_validate_partition_table(): Disk read failed.
[  126.454271][ T5989] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  126.772313][ T5989] Buffer I/O error on dev nbd0, logical block 0, async page read
[  126.791974][ T5989] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  126.821607][ T5989] Buffer I/O error on dev nbd0, logical block 0, async page read
[  126.835182][ T5989] Dev nbd0: unable to read RDB block 0
[  126.841871][ T5989]  nbd0: unable to read partition table
[  126.977969][ T5989] ldm_validate_partition_table(): Disk read failed.
[  127.775680][ T5989] Dev nbd0: unable to read RDB block 0
[  127.781816][ T5989]  nbd0: unable to read partition table
[  129.411295][   T63] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  129.561460][   T63] usb 5-1: device descriptor read/64, error -71
[  129.891777][   T63] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  130.016079][ T6342] x_tables: duplicate underflow at hook 3
[  130.237516][   T63] usb 5-1: device descriptor read/64, error -71
[  130.574807][   T63] usb usb5-port1: attempt power cycle
[  131.002672][   T63] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  131.103194][   T63] usb 5-1: device descriptor read/8, error -71
[  132.191292][   T63] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  132.491345][   T63] usb 5-1: device not accepting address 9, error -71
[  132.571639][   T63] usb usb5-port1: unable to enumerate USB device
[  133.910972][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  133.918829][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  134.253481][ T6393] lo speed is unknown, defaulting to 1000
[  134.271526][ T6393] lo speed is unknown, defaulting to 1000
[  134.350045][ T6393] lo speed is unknown, defaulting to 1000
[  134.432485][ T6393] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  134.466444][ T6393] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  135.199821][ T6393] lo speed is unknown, defaulting to 1000
[  135.229728][ T6393] lo speed is unknown, defaulting to 1000
[  135.263557][ T6393] lo speed is unknown, defaulting to 1000
[  135.277623][ T6393] lo speed is unknown, defaulting to 1000
[  135.314188][ T6393] lo speed is unknown, defaulting to 1000
[  137.497792][ T6418] netlink: 194488 bytes leftover after parsing attributes in process `syz.3.124'.
[  137.931670][   T63] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  138.156523][   T63] usb 5-1: Using ep0 maxpacket: 8
[  138.329496][   T63] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  138.595322][   T63] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.837716][   T63] usb 5-1: config 0 descriptor??
[  139.653963][   T63] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61
[  139.709718][   T63] asix 5-1:0.0: probe with driver asix failed with error -61
[  140.215801][ T6453] netlink: 8 bytes leftover after parsing attributes in process `syz.0.133'.
[  140.519261][    T9] IPVS: starting estimator thread 0...
[  140.611361][ T6457] IPVS: using max 30 ests per chain, 72000 per kthread
[  140.883915][   T29] kauditd_printk_skb: 26 callbacks suppressed
[  140.883935][   T29] audit: type=1326 audit(1740144368.253:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6460 comm="syz.3.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8098d0a9 code=0x7ffc0000
[  140.967327][   T29] audit: type=1326 audit(1740144368.283:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6460 comm="syz.3.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8098d0a9 code=0x7ffc0000
[  140.994194][   T29] audit: type=1326 audit(1740144368.283:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6460 comm="syz.3.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=152 compat=0 ip=0x7f7f8098d0a9 code=0x7ffc0000
[  141.815254][   T29] audit: type=1326 audit(1740144368.283:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6460 comm="syz.3.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8098d0a9 code=0x7ffc0000
[  141.995621][   T29] audit: type=1326 audit(1740144368.283:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6460 comm="syz.3.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8098d0a9 code=0x7ffc0000
[  142.026193][   T29] audit: type=1326 audit(1740144368.283:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6460 comm="syz.3.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f7f8098d0a9 code=0x7ffc0000
[  142.101374][   T29] audit: type=1326 audit(1740144368.343:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6460 comm="syz.3.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8098d0a9 code=0x7ffc0000
[  142.135327][   T63] usb 5-1: USB disconnect, device number 10
[  142.161622][   T29] audit: type=1326 audit(1740144368.343:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6460 comm="syz.3.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8098d0a9 code=0x7ffc0000
[  142.271739][   T29] audit: type=1326 audit(1740144369.183:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6460 comm="syz.3.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7f8098d0a9 code=0x7ffc0000
[  142.335641][   T29] audit: type=1326 audit(1740144369.193:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6460 comm="syz.3.135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f8098d0a9 code=0x7ffc0000
[  143.365871][ T6482] syz.3.141 uses obsolete (PF_INET,SOCK_PACKET)
[  146.567219][   T63] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  146.733598][   T63] usb 5-1: Using ep0 maxpacket: 32
[  146.748514][   T63] usb 5-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=88.ea
[  146.771795][   T63] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.786610][   T63] usb 5-1: Product: syz
[  146.791003][   T63] usb 5-1: Manufacturer: syz
[  146.797909][   T63] usb 5-1: SerialNumber: syz
[  146.821671][ T5882] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  146.888250][   T63] usb 5-1: config 0 descriptor??
[  146.893253][ T6519] Invalid source name
[  146.967187][   T63] ati_remote 5-1:0.0: ati_remote_probe: Unexpected desc.bNumEndpoints
[  147.022277][ T5882] usb 4-1: unable to get BOS descriptor or descriptor too short
[  147.067507][ T5882] usb 4-1: config 2 has an invalid interface number: 181 but max is 0
[  147.129103][ T5882] usb 4-1: config 2 has no interface number 0
[  147.154140][   T63] usb 5-1: USB disconnect, device number 11
[  147.230650][ T5882] usb 4-1: config 2 interface 181 altsetting 9 endpoint 0xD has an invalid bInterval 173, changing to 11
[  147.376320][ T5882] usb 4-1: config 2 interface 181 has no altsetting 0
[  147.612546][ T5882] usb 4-1: New USB device found, idVendor=06f8, idProduct=0001, bcdDevice=65.85
[  147.645393][ T5882] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.675596][ T5882] usb 4-1: Product: syz
[  147.701948][ T5882] usb 4-1: Manufacturer: syz
[  147.706618][ T5882] usb 4-1: SerialNumber: syz
[  149.921923][ T5882] usb 4-1: USB disconnect, device number 2
[  150.034877][ T6540] 9pnet_fd: Insufficient options for proto=fd
[  150.602878][    T9] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  150.890797][    T9] usb 3-1: Using ep0 maxpacket: 32
[  151.125606][ T6547] netlink: 'syz.0.156': attribute type 3 has an invalid length.
[  151.134148][ T6547] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.156'.
[  151.144379][    T9] usb 3-1: config 1 has an invalid interface number: 217 but max is 0
[  151.317694][    T9] usb 3-1: config 1 has no interface number 0
[  151.344450][    T9] usb 3-1: too many endpoints for config 1 interface 217 altsetting 12: 35, using maximum allowed: 30
[  151.467575][    T9] usb 3-1: config 1 interface 217 altsetting 12 has 0 endpoint descriptors, different from the interface descriptor's value: 35
[  151.944241][    T9] usb 3-1: config 1 interface 217 has no altsetting 0
[  152.089005][    T9] usb 3-1: New USB device found, idVendor=04e8, idProduct=6601, bcdDevice=81.9b
[  152.123216][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.190849][    T9] usb 3-1: Product: syz
[  152.217752][ T6564] netlink: 'syz.3.159': attribute type 6 has an invalid length.
[  152.219318][    T9] usb 3-1: Manufacturer: syz
[  152.280481][    T9] usb 3-1: SerialNumber: syz
[  152.576011][ T6573] capability: warning: `syz.0.160' uses deprecated v2 capabilities in a way that may be insecure
[  152.666357][ T6574] Invalid source name
[  153.230429][    T9] usb 3-1: palm_os_4_probe - error -110 getting connection info
[  153.281498][    T9] visor 3-1:1.217: Handspring Visor / Palm OS converter detected
[  153.343035][    T9] usb 3-1: Handspring Visor / Palm OS converter now attached to ttyUSB0
[  153.408725][    T9] usb 3-1: Handspring Visor / Palm OS converter now attached to ttyUSB1
[  153.467240][    T9] usb 3-1: USB disconnect, device number 4
[  153.545104][    T9] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0
[  153.709507][    T9] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1
[  154.755881][    T9] visor 3-1:1.217: device disconnected
[  156.912047][    T9] usb 4-1: new full-speed USB device number 3 using dummy_hcd
[  157.173458][    T9] usb 4-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x7F, changing to 0xF
[  157.200138][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 10
[  157.241029][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 29949, setting to 64
[  157.265121][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  157.277897][    T9] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22
[  157.327453][    T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  157.384748][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  157.404170][    T9] usb 4-1: SerialNumber: syz
[  157.415454][ T6603] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  157.426534][ T6603] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  158.255686][ T5832] usb 4-1: USB disconnect, device number 3
[  159.025648][ T6542] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  159.241595][ T5832] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  159.809694][ T5832] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  159.834783][ T5832] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  159.859944][ T5832] usb 4-1: New USB device found, idVendor=056a, idProduct=0027, bcdDevice= 0.00
[  159.880000][ T5832] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.911453][ T6542] usb 5-1: device descriptor read/64, error -71
[  159.928850][ T5832] usb 4-1: config 0 descriptor??
[  160.151264][ T6542] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  160.301522][ T6542] usb 5-1: device descriptor read/64, error -71
[  160.421678][ T6542] usb usb5-port1: attempt power cycle
[  160.433607][ T5832] wacom 0003:056A:0027.0003: unknown main item tag 0x0
[  160.462302][ T5832] wacom 0003:056A:0027.0003: unknown main item tag 0x0
[  160.474449][ T5832] wacom 0003:056A:0027.0003: unknown main item tag 0x0
[  160.482100][ T5832] wacom 0003:056A:0027.0003: unknown main item tag 0x0
[  160.489208][ T5832] wacom 0003:056A:0027.0003: unknown main item tag 0x0
[  160.501836][ T5832] wacom 0003:056A:0027.0003: unknown main item tag 0x0
[  160.509744][ T5832] wacom 0003:056A:0027.0003: unknown main item tag 0x0
[  160.550046][ T5832] wacom 0003:056A:0027.0003: Unknown device_type for 'HID 056a:0027'. Assuming pen.
[  160.574281][ T5832] wacom 0003:056A:0027.0003: hidraw0: USB HID v0.00 Device [HID 056a:0027] on usb-dummy_hcd.3-1/input0
[  161.590603][ T5832] input: Wacom Intuos5 touch M Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:056A:0027.0003/input/input5
[  161.611438][ T6542] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  161.655324][ T6542] usb 5-1: device descriptor read/8, error -71
[  161.704911][ T5832] usb 4-1: USB disconnect, device number 4
[  162.004671][ T6649] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  163.863324][ T6668] netlink: 'syz.2.188': attribute type 8 has an invalid length.
[  167.590741][ T6701] netlink: 20 bytes leftover after parsing attributes in process `syz.4.197'.
[  169.661063][ T6705] syz.3.198 (6705): drop_caches: 2
[  169.999250][ T6719] netlink: 76 bytes leftover after parsing attributes in process `syz.2.203'.
[  170.065388][ T6715] kvm: kvm [6714]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x3900000857
[  170.093534][ T6715] kvm_intel: kvm [6714]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x1d9) = 0x3d00000865
[  170.120546][ T6721] netlink: 4 bytes leftover after parsing attributes in process `syz.4.202'.
[  170.137611][ T6732] netlink: 16 bytes leftover after parsing attributes in process `syz.2.203'.
[  171.363903][ T6738] program syz.2.203 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  171.396111][ T6732] netlink: 4 bytes leftover after parsing attributes in process `syz.2.203'.
[  173.291540][ T5882] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  173.703147][ T5882] usb 3-1: config 0 has an invalid interface number: 64 but max is 0
[  173.718784][ T5882] usb 3-1: config 0 has no interface number 0
[  173.743446][ T5882] usb 3-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07
[  173.758787][ T5882] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.800505][ T5882] usb 3-1: Product: syz
[  173.817545][ T5882] usb 3-1: Manufacturer: syz
[  173.845402][ T5882] usb 3-1: SerialNumber: syz
[  173.866692][ T5882] usb 3-1: config 0 descriptor??
[  174.099778][ T5882] usb 3-1: Found UVC 0.08 device syz (046d:0823)
[  174.115841][ T5882] usb 3-1: No valid video chain found.
[  174.141060][ T5882] usb 3-1: USB disconnect, device number 5
[  174.166463][ T5989] udevd[5989]: setting mode of /dev/bus/usb/003/005 to 020664 failed: No such file or directory
[  174.194518][ T5989] udevd[5989]: setting owner of /dev/bus/usb/003/005 to uid=0, gid=0 failed: No such file or directory
[  174.256691][ T6774] netlink: 8 bytes leftover after parsing attributes in process `syz.3.216'.
[  174.277742][ T5832] IPVS: starting estimator thread 0...
[  174.391312][ T6775] IPVS: using max 21 ests per chain, 50400 per kthread
[  174.452818][ T6778] netlink: 76 bytes leftover after parsing attributes in process `syz.1.219'.
[  174.462931][ T6778] netlink: 16 bytes leftover after parsing attributes in process `syz.1.219'.
[  174.473833][ T6778] netlink: 4 bytes leftover after parsing attributes in process `syz.1.219'.
[  174.488310][ T6778] program syz.1.219 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  175.120896][ T6784] /dev/nullb0: Can't open blockdev
[  178.671387][ T5832] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  179.161693][ T6803] netlink: 12 bytes leftover after parsing attributes in process `syz.2.228'.
[  179.438639][ T6806] netlink: 8 bytes leftover after parsing attributes in process `syz.4.229'.
[  179.745452][ T6818] netlink: 'syz.3.232': attribute type 1 has an invalid length.
[  179.753798][ T6818] netlink: 224 bytes leftover after parsing attributes in process `syz.3.232'.
[  180.595890][ T6824] netlink: 'syz.4.233': attribute type 3 has an invalid length.
[  180.604716][ T6824] netlink: 666 bytes leftover after parsing attributes in process `syz.4.233'.
[  180.613832][ T6830] @: renamed from vlan0 (while UP)
[  180.706737][ T6835] evm: overlay not supported
[  182.248253][ T5832] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  182.871282][ T5832] usb 2-1: Using ep0 maxpacket: 16
[  183.030777][ T5832] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  183.051259][ T5832] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  183.061081][ T5832] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  183.117782][ T5832] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  184.076041][ T5832] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.086396][ T5832] usb 2-1: config 0 descriptor??
[  184.563995][ T5832] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  184.583607][ T5832] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  184.590910][ T5832] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  184.614754][ T5832] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  184.623897][ T5832] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  184.655320][ T6879] overlayfs: missing 'lowerdir'
[  184.813717][ T5832] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  184.936927][ T5832] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  185.055997][ T5832] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  185.223913][ T5832] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  185.250159][ T5832] microsoft 0003:045E:07DA.0004: unknown main item tag 0x0
[  185.298447][ T5832] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0004/input/input8
[  185.621510][ T5832] microsoft 0003:045E:07DA.0004: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  186.143163][ T5832] usb 2-1: USB disconnect, device number 3
[  190.881404][   T25] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  190.931640][ T6945] netlink: 36 bytes leftover after parsing attributes in process `syz.1.264'.
[  191.057581][ T6945] netlink: 76 bytes leftover after parsing attributes in process `syz.1.264'.
[  191.063741][   T25] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  191.095872][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.116004][ T6945] block nbd0: NBD_DISCONNECT
[  191.129897][   T25] usb 5-1: config 0 descriptor??
[  191.151599][ T6945] block nbd0: Send disconnect failed -32
[  191.155548][   T25] cp210x 5-1:0.0: cp210x converter detected
[  191.186961][ T6947] netlink: 28 bytes leftover after parsing attributes in process `syz.0.266'.
[  191.624135][   T25] cp210x 5-1:0.0: failed to get vendor val 0x0010 size 3: -32
[  191.699762][   T25] cp210x 5-1:0.0: GPIO initialisation failed: -524
[  191.943597][   T25] usb 5-1: cp210x converter now attached to ttyUSB0
[  192.872820][ T5912] usb 5-1: USB disconnect, device number 16
[  192.892614][ T5912] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  192.912896][ T5912] cp210x 5-1:0.0: device disconnected
[  193.269055][ T6972] gtp0: entered promiscuous mode
[  194.752200][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  197.039228][ T6991] nbd0: detected capacity change from 0 to 22
[  197.108870][ T5844] block nbd0: Receive control failed (result -104)
[  200.459289][ T7027] netlink: 'syz.1.285': attribute type 3 has an invalid length.
[  200.467426][ T7027] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.285'.
[  200.756051][ T5912] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  200.944554][ T5912] usb 5-1: Using ep0 maxpacket: 32
[  200.967447][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  201.000995][ T5912] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  201.028820][ T5912] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  201.077431][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.170017][ T5912] usb 5-1: config 0 descriptor??
[  201.188358][ T5912] hub 5-1:0.0: USB hub found
[  201.394394][ T5912] hub 5-1:0.0: config failed, can't read hub descriptor (err -22)
[  201.418443][ T5912] usbhid 5-1:0.0: can't add hid device: -71
[  201.477390][ T5912] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  201.555032][ T5912] usb 5-1: USB disconnect, device number 17
[  202.379276][ T5839] Bluetooth: hci0: command 0x0406 tx timeout
[  202.385432][ T5849] Bluetooth: hci1: command 0x0406 tx timeout
[  202.391783][ T5837] Bluetooth: hci2: command 0x0406 tx timeout
[  202.391884][ T5837] Bluetooth: hci4: command 0x0406 tx timeout
[  202.398576][ T5848] Bluetooth: hci3: command 0x0406 tx timeout
[  204.167624][ T7053] netlink: 76 bytes leftover after parsing attributes in process `syz.1.295'.
[  204.193847][ T7053] netlink: 16 bytes leftover after parsing attributes in process `syz.1.295'.
[  204.226655][ T7053] netlink: 4 bytes leftover after parsing attributes in process `syz.1.295'.
[  204.288592][ T7053] program syz.1.295 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  205.850853][ T5983] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  206.021562][ T5983] usb 2-1: device descriptor read/64, error -71
[  206.287246][ T5983] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  206.431449][ T5983] usb 2-1: device descriptor read/64, error -71
[  206.451807][ T7072] IPVS: sync thread started: state = BACKUP, mcast_ifn = vxcan1, syncid = 1, id = 0
[  206.551746][ T5983] usb usb2-port1: attempt power cycle
[  206.991287][ T5983] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  207.013140][ T5983] usb 2-1: device descriptor read/8, error -71
[  207.911746][ T5983] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  207.945749][ T5983] usb 2-1: device descriptor read/8, error -71
[  208.071847][ T5983] usb usb2-port1: unable to enumerate USB device
[  211.422996][ T5844] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  211.433021][ T5844] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  211.441765][ T5844] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  211.467562][ T5844] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  211.475719][ T5844] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  211.483648][ T5844] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  211.655819][ T7109] lo speed is unknown, defaulting to 1000
[  212.160713][ T7109] chnl_net:caif_netlink_parms(): no params data found
[  212.246648][ T7125] FAULT_INJECTION: forcing a failure.
[  212.246648][ T7125] name failslab, interval 1, probability 0, space 0, times 0
[  212.305207][ T7125] CPU: 0 UID: 0 PID: 7125 Comm: syz.2.315 Not tainted 6.14.0-rc3-syzkaller-00137-g27eddbf34490 #0
[  212.305236][ T7125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  212.305249][ T7125] Call Trace:
[  212.305256][ T7125]  <TASK>
[  212.305265][ T7125]  dump_stack_lvl+0x241/0x360
[  212.305306][ T7125]  ? __pfx_dump_stack_lvl+0x10/0x10
[  212.305328][ T7125]  ? __pfx__printk+0x10/0x10
[  212.305362][ T7125]  ? fs_reclaim_acquire+0x93/0x130
[  212.305389][ T7125]  ? __pfx___might_resched+0x10/0x10
[  212.305418][ T7125]  should_fail_ex+0x40a/0x550
[  212.305452][ T7125]  should_failslab+0xac/0x100
[  212.305485][ T7125]  __kmalloc_noprof+0xdd/0x4c0
[  212.305505][ T7125]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  212.305526][ T7125]  ? __lock_acquire+0x1397/0x2100
[  212.305558][ T7125]  tomoyo_realpath_from_path+0xcf/0x5e0
[  212.305592][ T7125]  tomoyo_check_open_permission+0x258/0x4f0
[  212.305627][ T7125]  ? tomoyo_check_open_permission+0x207/0x4f0
[  212.305657][ T7125]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  212.305732][ T7125]  ? do_raw_spin_unlock+0x13c/0x8b0
[  212.305755][ T7125]  ? tomoyo_file_open+0x165/0x220
[  212.305783][ T7125]  security_file_open+0xac/0x250
[  212.305815][ T7125]  do_dentry_open+0x320/0x1960
[  212.305856][ T7125]  ? vfs_open+0x31/0x370
[  212.305892][ T7125]  vfs_open+0x3b/0x370
[  212.305927][ T7125]  path_openat+0x2c81/0x3590
[  212.305982][ T7125]  ? __pfx_path_openat+0x10/0x10
[  212.306028][ T7125]  do_filp_open+0x27f/0x4e0
[  212.306056][ T7125]  ? __pfx_do_filp_open+0x10/0x10
[  212.306080][ T7125]  ? do_raw_spin_lock+0x14f/0x370
[  212.306138][ T7125]  do_sys_openat2+0x13e/0x1d0
[  212.306166][ T7125]  ? __pfx_do_sys_openat2+0x10/0x10
[  212.306192][ T7125]  ? __task_pid_nr_ns+0x28/0x450
[  212.306226][ T7125]  __x64_sys_open+0x225/0x270
[  212.306249][ T7125]  ? __pfx___x64_sys_open+0x10/0x10
[  212.306274][ T7125]  ? do_syscall_64+0x100/0x230
[  212.306304][ T7125]  ? do_syscall_64+0xb6/0x230
[  212.306333][ T7125]  do_syscall_64+0xf3/0x230
[  212.306359][ T7125]  ? clear_bhb_loop+0x35/0x90
[  212.306392][ T7125]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  212.306419][ T7125] RIP: 0033:0x7fc30f38d0a9
[  212.306442][ T7125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  212.306458][ T7125] RSP: 002b:00007fc31029f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  212.306484][ T7125] RAX: ffffffffffffffda RBX: 00007fc30f5a5fa0 RCX: 00007fc30f38d0a9
[  212.306499][ T7125] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000400000000000
[  212.306511][ T7125] RBP: 00007fc31029f090 R08: 0000000000000000 R09: 0000000000000000
[  212.306523][ T7125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  212.306534][ T7125] R13: 0000000000000000 R14: 00007fc30f5a5fa0 R15: 00007fff6d1e1938
[  212.306565][ T7125]  </TASK>
[  212.356856][ T7125] ERROR: Out of memory at tomoyo_realpath_from_path.
[  213.300736][ T7139] netlink: 12 bytes leftover after parsing attributes in process `syz.3.318'.
[  213.313265][ T7134] bridge0: entered promiscuous mode
[  213.318814][ T7134] macvlan2: entered promiscuous mode
[  213.430697][ T7143] Invalid source name
[  213.562644][ T5845] Bluetooth: hci5: command tx timeout
[  213.884818][ T7109] bridge0: port 1(bridge_slave_0) entered blocking state
[  213.901424][ T7109] bridge0: port 1(bridge_slave_0) entered disabled state
[  213.927825][ T7109] bridge_slave_0: entered allmulticast mode
[  213.949481][ T7109] bridge_slave_0: entered promiscuous mode
[  214.006114][ T7109] bridge0: port 2(bridge_slave_1) entered blocking state
[  214.035471][ T7109] bridge0: port 2(bridge_slave_1) entered disabled state
[  214.066778][ T7109] bridge_slave_1: entered allmulticast mode
[  214.080205][ T7109] bridge_slave_1: entered promiscuous mode
[  214.116196][ T7145] sp0: Synchronizing with TNC
[  214.188544][ T7146] [U] �
[  214.389380][ T7109] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  214.850613][ T7154] netlink: 20 bytes leftover after parsing attributes in process `syz.4.323'.
[  214.855068][ T7109] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  215.418279][ T7109] team0: Port device team_slave_0 added
[  215.508251][ T7173] IPVS: Unknown mcast interface: vxcan1
[  215.542120][ T7109] team0: Port device team_slave_1 added
[  215.652388][ T5845] Bluetooth: hci5: command tx timeout
[  215.776969][ T7109] batman_adv: batadv0: Adding interface: batadv_slave_0
[  215.830752][ T7109] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  216.161805][ T7109] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  216.186767][ T7109] batman_adv: batadv0: Adding interface: batadv_slave_1
[  216.215497][ T7109] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  216.622122][ T7109] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  217.417194][ T7109] hsr_slave_0: entered promiscuous mode
[  217.436648][ T7183] netlink: 12 bytes leftover after parsing attributes in process `syz.2.330'.
[  217.450893][ T7109] hsr_slave_1: entered promiscuous mode
[  217.464624][ T7109] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  217.721868][ T5845] Bluetooth: hci5: command tx timeout
[  218.325368][ T7109] Cannot create hsr debugfs directory
[  218.487833][ T7187] Invalid source name
[  219.920956][ T5845] Bluetooth: hci5: command tx timeout
[  220.005193][ T7199] netlink: 'syz.1.334': attribute type 3 has an invalid length.
[  220.015364][ T7199] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.334'.
[  221.160128][ T7205] FAULT_INJECTION: forcing a failure.
[  221.160128][ T7205] name failslab, interval 1, probability 0, space 0, times 0
[  221.198504][ T7109] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  221.219455][ T7205] CPU: 1 UID: 0 PID: 7205 Comm: syz.2.336 Not tainted 6.14.0-rc3-syzkaller-00137-g27eddbf34490 #0
[  221.219486][ T7205] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  221.219498][ T7205] Call Trace:
[  221.219506][ T7205]  <TASK>
[  221.219515][ T7205]  dump_stack_lvl+0x241/0x360
[  221.219545][ T7205]  ? __pfx_dump_stack_lvl+0x10/0x10
[  221.219568][ T7205]  ? __pfx__printk+0x10/0x10
[  221.219603][ T7205]  ? fs_reclaim_acquire+0x93/0x130
[  221.219631][ T7205]  ? __pfx___might_resched+0x10/0x10
[  221.219662][ T7205]  should_fail_ex+0x40a/0x550
[  221.219697][ T7205]  should_failslab+0xac/0x100
[  221.219732][ T7205]  __kmalloc_noprof+0xdd/0x4c0
[  221.219757][ T7205]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  221.219786][ T7205]  tomoyo_realpath_from_path+0xcf/0x5e0
[  221.219823][ T7205]  tomoyo_mount_permission+0x3bf/0xb80
[  221.219871][ T7205]  ? stack_depot_save_flags+0x37/0x940
[  221.219901][ T7205]  ? tomoyo_mount_permission+0x298/0xb80
[  221.219939][ T7205]  ? __pfx_tomoyo_mount_permission+0x10/0x10
[  221.220033][ T7205]  ? hook_sb_mount+0x10b/0x420
[  221.220055][ T7205]  ? security_sb_mount+0x22/0x2f0
[  221.220082][ T7205]  security_sb_mount+0xe0/0x2f0
[  221.220109][ T7205]  path_mount+0xb9/0xfa0
[  221.220140][ T7205]  ? kmem_cache_free+0x195/0x410
[  221.220160][ T7205]  ? user_path_at+0x44/0x60
[  221.220192][ T7205]  __se_sys_mount+0x2d6/0x3c0
[  221.220219][ T7205]  ? __pfx___se_sys_mount+0x10/0x10
[  221.220237][ T7205]  ? trace_sys_enter+0x74/0x120
[  221.220268][ T7205]  ? rcu_is_watching+0x15/0xb0
[  221.220290][ T7205]  ? trace_sys_enter+0x25/0x120
[  221.220320][ T7205]  ? __x64_sys_mount+0x20/0xc0
[  221.220343][ T7205]  do_syscall_64+0xf3/0x230
[  221.220371][ T7205]  ? clear_bhb_loop+0x35/0x90
[  221.220404][ T7205]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  221.220431][ T7205] RIP: 0033:0x7fc30f38d0a9
[  221.220448][ T7205] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  221.220464][ T7205] RSP: 002b:00007fc31029f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  221.220485][ T7205] RAX: ffffffffffffffda RBX: 00007fc30f5a5fa0 RCX: 00007fc30f38d0a9
[  221.220500][ T7205] RDX: 0000400000001200 RSI: 0000400000000000 RDI: 0000000000000000
[  221.220513][ T7205] RBP: 00007fc31029f090 R08: 0000400000000180 R09: 0000000000000000
[  221.220526][ T7205] R10: 000000000000000a R11: 0000000000000246 R12: 0000000000000001
[  221.220538][ T7205] R13: 0000000000000000 R14: 00007fc30f5a5fa0 R15: 00007fff6d1e1938
[  221.220569][ T7205]  </TASK>
[  221.525730][ T7205] ERROR: Out of memory at tomoyo_realpath_from_path.
[  221.618503][ T7109] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  221.637827][ T7109] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  221.682861][ T7109] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  223.026487][ T7214] FAULT_INJECTION: forcing a failure.
[  223.026487][ T7214] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  223.039669][ T7214] CPU: 1 UID: 0 PID: 7214 Comm: syz.4.340 Not tainted 6.14.0-rc3-syzkaller-00137-g27eddbf34490 #0
[  223.039688][ T7214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  223.039697][ T7214] Call Trace:
[  223.039703][ T7214]  <TASK>
[  223.039709][ T7214]  dump_stack_lvl+0x241/0x360
[  223.039731][ T7214]  ? __pfx_dump_stack_lvl+0x10/0x10
[  223.039746][ T7214]  ? __pfx__printk+0x10/0x10
[  223.039771][ T7214]  ? __pfx_lock_release+0x10/0x10
[  223.039798][ T7214]  should_fail_ex+0x40a/0x550
[  223.039822][ T7214]  _copy_from_user+0x2d/0xb0
[  223.039841][ T7214]  __x64_sys_rt_sigsuspend+0xe8/0x170
[  223.039865][ T7214]  ? __pfx___x64_sys_rt_sigsuspend+0x10/0x10
[  223.039888][ T7214]  ? trace_sys_enter+0x74/0x120
[  223.039910][ T7214]  ? rcu_is_watching+0x15/0xb0
[  223.039932][ T7214]  ? trace_sys_enter+0x25/0x120
[  223.039957][ T7214]  do_syscall_64+0xf3/0x230
[  223.039977][ T7214]  ? clear_bhb_loop+0x35/0x90
[  223.040000][ T7214]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.040020][ T7214] RIP: 0033:0x7f48e678d0a9
[  223.040033][ T7214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  223.040045][ T7214] RSP: 002b:00007f48e45f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000082
[  223.040061][ T7214] RAX: ffffffffffffffda RBX: 00007f48e69a5fa0 RCX: 00007f48e678d0a9
[  223.040071][ T7214] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000400000000340
[  223.040080][ T7214] RBP: 00007f48e45f6090 R08: 0000000000000000 R09: 0000000000000000
[  223.040089][ T7214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  223.040097][ T7214] R13: 0000000000000000 R14: 00007f48e69a5fa0 R15: 00007fffdbab07b8
[  223.040118][ T7214]  </TASK>
[  223.267450][ T7109] 8021q: adding VLAN 0 to HW filter on device bond0
[  223.285389][ T7109] 8021q: adding VLAN 0 to HW filter on device team0
[  223.325578][ T7109] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  223.336168][ T7109] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  223.382555][ T6190] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.389826][ T6190] bridge0: port 1(bridge_slave_0) entered forwarding state
[  223.400131][ T6190] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.407709][ T6190] bridge0: port 2(bridge_slave_1) entered forwarding state
[  225.267570][ T7233] netlink: 'syz.4.341': attribute type 4 has an invalid length.
[  225.275378][ T7233] netlink: 3657 bytes leftover after parsing attributes in process `syz.4.341'.
[  225.286359][ T7233] netlink: 12 bytes leftover after parsing attributes in process `syz.4.341'.
[  226.604932][ T7109] 8021q: adding VLAN 0 to HW filter on device batadv0
[  228.087860][   T43] block nbd0: Possible stuck request ffff888025a89140: control (read@0,4096B). Runtime 30 seconds
[  228.322691][ T7261] netlink: 'syz.2.345': attribute type 3 has an invalid length.
[  228.330546][ T7261] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.345'.
[  228.756715][ T7265] netlink: 28 bytes leftover after parsing attributes in process `syz.3.346'.
[  228.997890][ T7109] veth0_vlan: entered promiscuous mode
[  229.013753][ T7109] veth1_vlan: entered promiscuous mode
[  229.046299][ T7109] veth0_macvtap: entered promiscuous mode
[  229.055100][ T7109] veth1_macvtap: entered promiscuous mode
[  229.071833][ T7109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  229.084359][ T7109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.094537][ T7109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  229.106035][ T7109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.116346][ T7109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  229.128444][ T7109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.139683][ T7109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  229.151049][ T7109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.458079][ T7109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  229.468742][ T7109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  229.498776][ T7109] batman_adv: batadv0: Interface activated: batadv_slave_0
[  231.028891][ T7109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.064925][ T7109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.206750][ T7109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.283847][ T7109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.301650][ T7109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.474121][ T7293] netlink: 8 bytes leftover after parsing attributes in process `syz.1.354'.
[  232.571265][ T7109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  232.621349][ T7109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  232.649407][ T7109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  232.668975][ T7109] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  232.699746][ T7109] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  232.714089][ T7109] batman_adv: batadv0: Interface activated: batadv_slave_1
[  232.834307][ T7109] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  232.858595][ T7109] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  232.877487][ T7109] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  232.903328][ T7109] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  232.931262][ T5983] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  233.531760][ T5983] usb 5-1: Using ep0 maxpacket: 32
[  233.669092][ T7309] netlink: 'syz.2.358': attribute type 3 has an invalid length.
[  233.677865][ T7309] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.358'.
[  233.715801][ T5983] usb 5-1: config 2 has an invalid interface number: 15 but max is 0
[  233.828553][ T5983] usb 5-1: config 2 has 2 interfaces, different from the descriptor's value: 1
[  234.201415][ T5983] usb 5-1: config 2 has no interface number 1
[  234.229182][ T5983] usb 5-1: config 2 interface 15 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  234.264733][ T5983] usb 5-1: config 2 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 9
[  234.316535][ T5983] usb 5-1: config 2 interface 0 has no altsetting 0
[  234.355283][ T5983] usb 5-1: New USB device found, idVendor=0471, idProduct=0312, bcdDevice=94.69
[  234.377556][   T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  234.383710][ T5983] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  234.410144][   T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  234.578175][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  234.621785][ T5983] usb 5-1: Product: syz
[  234.626043][ T5983] usb 5-1: Manufacturer: syz
[  234.630679][ T5983] usb 5-1: SerialNumber: syz
[  234.637388][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  234.710987][ T5983] pwc: Philips PCVC750K (ToUCam Pro Scan) USB webcam detected.
[  235.680196][ T5983] pwc: Failed to set LED on/off time (-71)
[  235.744517][ T5983] pwc: send_video_command error -71
[  235.750002][ T5983] pwc: Failed to set video mode VGA@30 fps; return code = -71
[  235.826829][ T5983] Philips webcam 5-1:2.0: probe with driver Philips webcam failed with error -71
[  235.900680][ T5983] usb 5-1: USB disconnect, device number 18
[  236.187366][ T7325] netlink: 36 bytes leftover after parsing attributes in process `syz.1.363'.
[  236.926568][ T7331] netlink: 76 bytes leftover after parsing attributes in process `syz.5.308'.
[  236.989284][ T7331] netlink: 16 bytes leftover after parsing attributes in process `syz.5.308'.
[  237.045192][ T7331] netlink: 4 bytes leftover after parsing attributes in process `syz.5.308'.
[  237.096142][ T7331] program syz.5.308 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  238.162581][ T7352] netlink: 'syz.3.369': attribute type 3 has an invalid length.
[  238.170373][ T7352] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.369'.
[  238.724476][ T7348] netlink: 8 bytes leftover after parsing attributes in process `syz.2.370'.
[  240.976308][ T7378] FAULT_INJECTION: forcing a failure.
[  240.976308][ T7378] name failslab, interval 1, probability 0, space 0, times 0
[  240.989173][ T7378] CPU: 0 UID: 0 PID: 7378 Comm: syz.2.376 Not tainted 6.14.0-rc3-syzkaller-00137-g27eddbf34490 #0
[  240.989199][ T7378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  240.989212][ T7378] Call Trace:
[  240.989220][ T7378]  <TASK>
[  240.989228][ T7378]  dump_stack_lvl+0x241/0x360
[  240.989260][ T7378]  ? __pfx_dump_stack_lvl+0x10/0x10
[  240.989282][ T7378]  ? __pfx__printk+0x10/0x10
[  240.989318][ T7378]  ? kmem_cache_alloc_node_noprof+0x4f/0x380
[  240.989368][ T7378]  ? __pfx___might_resched+0x10/0x10
[  240.989399][ T7378]  should_fail_ex+0x40a/0x550
[  240.989435][ T7378]  should_failslab+0xac/0x100
[  240.989469][ T7378]  kmem_cache_alloc_node_noprof+0x77/0x380
[  240.989503][ T7378]  ? __alloc_skb+0x1c3/0x440
[  240.989537][ T7378]  __alloc_skb+0x1c3/0x440
[  240.989572][ T7378]  ? __pfx___alloc_skb+0x10/0x10
[  240.989602][ T7378]  ? smack_socket_getpeersec_dgram+0x220/0x410
[  240.989633][ T7378]  netlink_sendmsg+0x634/0xcb0
[  240.989668][ T7378]  ? __pfx_netlink_sendmsg+0x10/0x10
[  240.989703][ T7378]  ? __pfx_netlink_sendmsg+0x10/0x10
[  240.989723][ T7378]  __sock_sendmsg+0x221/0x270
[  240.989752][ T7378]  ____sys_sendmsg+0x53a/0x860
[  240.989793][ T7378]  ? __pfx_____sys_sendmsg+0x10/0x10
[  240.989824][ T7378]  ? __fget_files+0x2a/0x410
[  240.989860][ T7378]  ? __fget_files+0x2a/0x410
[  240.989890][ T7378]  __sys_sendmsg+0x269/0x350
[  240.989926][ T7378]  ? __pfx___sys_sendmsg+0x10/0x10
[  240.989971][ T7378]  ? do_sys_openat2+0x17a/0x1d0
[  240.990018][ T7378]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  240.990050][ T7378]  ? do_syscall_64+0x100/0x230
[  240.990081][ T7378]  ? do_syscall_64+0xb6/0x230
[  240.990110][ T7378]  do_syscall_64+0xf3/0x230
[  240.990137][ T7378]  ? clear_bhb_loop+0x35/0x90
[  240.990169][ T7378]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  240.990197][ T7378] RIP: 0033:0x7fc30f38d0a9
[  240.990215][ T7378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  240.990249][ T7378] RSP: 002b:00007fc31025d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  240.990271][ T7378] RAX: ffffffffffffffda RBX: 00007fc30f5a6160 RCX: 00007fc30f38d0a9
[  240.990287][ T7378] RDX: 0000000000000000 RSI: 00004000000002c0 RDI: 000000000000000a
[  240.990299][ T7378] RBP: 00007fc31025d090 R08: 0000000000000000 R09: 0000000000000000
[  240.990312][ T7378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  240.990324][ T7378] R13: 0000000000000000 R14: 00007fc30f5a6160 R15: 00007fff6d1e1938
[  240.990363][ T7378]  </TASK>
[  241.703138][ T7383] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  241.781298][   T25] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  241.982855][   T25] usb 4-1: Using ep0 maxpacket: 8
[  242.038073][   T25] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  242.068068][   T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.106614][   T25] usb 4-1: Product: syz
[  242.124246][   T25] usb 4-1: Manufacturer: syz
[  242.179286][   T25] usb 4-1: SerialNumber: syz
[  242.211561][   T25] usb 4-1: config 0 descriptor??
[  242.454311][   T25] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  242.941455][ T7403] netlink: 'syz.2.382': attribute type 4 has an invalid length.
[  242.950099][ T7403] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.382'.
[  242.985191][ T7403] netlink: 12 bytes leftover after parsing attributes in process `syz.2.382'.
[  244.729277][ T7409] netlink: 8 bytes leftover after parsing attributes in process `syz.2.383'.
[  244.975435][   T25] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  245.095520][   T25] usb 4-1: USB disconnect, device number 5
[  246.355307][ T7433] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  248.891411][ T7446] DRBG: could not allocate digest TFM handle: hmac(sha384)
[  249.611285][   T25] usb 4-1: new low-speed USB device number 6 using dummy_hcd
[  249.954947][   T25] usb 4-1: config 1 interface 0 altsetting 7 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  250.042619][   T25] usb 4-1: config 1 interface 0 altsetting 7 endpoint 0x81 has invalid maxpacket 32, setting to 8
[  250.407257][   T25] usb 4-1: config 1 interface 0 altsetting 7 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  250.432259][ T7466] netlink: 8 bytes leftover after parsing attributes in process `syz.5.394'.
[  250.451252][   T25] usb 4-1: config 1 interface 0 has no altsetting 0
[  250.470396][   T25] usb 4-1: New USB device found, idVendor=046d, idProduct=005c, bcdDevice= 0.40
[  250.491429][ T5882] IPVS: starting estimator thread 0...
[  250.501592][   T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  250.509892][   T25] usb 4-1: Product: 覕鷌閉蚏䨨إ搠됆髣ﳵ羷㰏ﶟ鲏㛱솾뜶碑⊶㔞㿸䧵왙㡧ꐁ棲哃亓
[  250.570306][   T25] usb 4-1: Manufacturer: ъ
[  250.581369][ T7469] IPVS: using max 29 ests per chain, 69600 per kthread
[  250.603490][   T25] usb 4-1: SerialNumber: 쟓沴鿸䌃願꺱邅컦씦먧譺뮤穣냱⾅퍦鷳ᇭ㏠瑝仧涷䁗搸倇褙滻넠甹﵏Ḁ묺侺켳尛鍮軡巃﮺꫾鿕衱鏛瓠龆㐠
[  251.103665][   T25] usb 4-1: rejected 1 configuration due to insufficient available bus power
[  251.277397][   T25] usb 4-1: no configuration chosen from 1 choice
[  252.321298][    T8] usb 4-1: USB disconnect, device number 6
[  252.391366][ T5983] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  252.463367][ T5832] usb 3-1: new low-speed USB device number 6 using dummy_hcd
[  252.562398][ T5983] usb 5-1: Using ep0 maxpacket: 32
[  252.597156][ T5983] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  252.642212][ T5983] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  252.654895][ T5983] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  252.670573][ T5832] usb 3-1: Invalid ep0 maxpacket: 32
[  252.698979][ T5983] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.828951][ T5832] usb 3-1: new low-speed USB device number 7 using dummy_hcd
[  253.055722][ T5983] usb 5-1: config 0 descriptor??
[  253.421409][ T5832] usb 3-1: Invalid ep0 maxpacket: 32
[  253.582788][ T5832] usb usb3-port1: attempt power cycle
[  253.678754][ T5983] savu 0003:1E7D:2D5A.0005: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0
[  253.844375][ T7479] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  254.314808][ T7479] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  254.361326][ T5832] usb 3-1: new low-speed USB device number 8 using dummy_hcd
[  254.451507][ T5832] usb 3-1: Invalid ep0 maxpacket: 32
[  254.465924][   T25] usb 5-1: USB disconnect, device number 19
[  254.664841][ T5832] usb 3-1: new low-speed USB device number 9 using dummy_hcd
[  255.575956][ T5832] usb 3-1: device descriptor read/8, error -71
[  255.922545][ T5832] usb usb3-port1: unable to enumerate USB device
[  256.127555][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  257.589200][ T7516] netlink: 8 bytes leftover after parsing attributes in process `syz.5.409'.
[  258.217163][ T7536] netlink: 'syz.3.412': attribute type 4 has an invalid length.
[  258.224950][ T7536] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.412'.
[  258.251398][ T7536] netlink: 12 bytes leftover after parsing attributes in process `syz.3.412'.
[  258.978928][   T43] block nbd0: Possible stuck request ffff888025a89140: control (read@0,4096B). Runtime 60 seconds
[  260.335616][ T7551] FAULT_INJECTION: forcing a failure.
[  260.335616][ T7551] name failslab, interval 1, probability 0, space 0, times 0
[  260.437443][ T7551] CPU: 0 UID: 0 PID: 7551 Comm: syz.4.418 Not tainted 6.14.0-rc3-syzkaller-00137-g27eddbf34490 #0
[  260.437475][ T7551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  260.437488][ T7551] Call Trace:
[  260.437495][ T7551]  <TASK>
[  260.437504][ T7551]  dump_stack_lvl+0x241/0x360
[  260.437534][ T7551]  ? __pfx_dump_stack_lvl+0x10/0x10
[  260.437555][ T7551]  ? __pfx__printk+0x10/0x10
[  260.437589][ T7551]  ? fs_reclaim_acquire+0x93/0x130
[  260.437616][ T7551]  ? __pfx___might_resched+0x10/0x10
[  260.437646][ T7551]  should_fail_ex+0x40a/0x550
[  260.437680][ T7551]  should_failslab+0xac/0x100
[  260.437715][ T7551]  __kmalloc_noprof+0xdd/0x4c0
[  260.437734][ T7551]  ? tomoyo_encode+0x26f/0x540
[  260.437760][ T7551]  tomoyo_encode+0x26f/0x540
[  260.437787][ T7551]  tomoyo_realpath_from_path+0x59e/0x5e0
[  260.437822][ T7551]  tomoyo_path_number_perm+0x239/0x770
[  260.437852][ T7551]  ? __lock_acquire+0x1397/0x2100
[  260.437884][ T7551]  ? tomoyo_path_number_perm+0x209/0x770
[  260.437916][ T7551]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  260.437988][ T7551]  ? __fget_files+0x2a/0x410
[  260.438013][ T7551]  ? __fget_files+0x2a/0x410
[  260.438039][ T7551]  security_file_ioctl+0xc6/0x2a0
[  260.438072][ T7551]  __se_sys_ioctl+0x46/0x170
[  260.438102][ T7551]  do_syscall_64+0xf3/0x230
[  260.438130][ T7551]  ? clear_bhb_loop+0x35/0x90
[  260.438170][ T7551]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.438198][ T7551] RIP: 0033:0x7f48e678d0a9
[  260.438216][ T7551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  260.438232][ T7551] RSP: 002b:00007f48e45f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  260.438254][ T7551] RAX: ffffffffffffffda RBX: 00007f48e69a5fa0 RCX: 00007f48e678d0a9
[  260.438269][ T7551] RDX: 0000400000000340 RSI: 00000000000007a8 RDI: 0000000000000003
[  260.438281][ T7551] RBP: 00007f48e45f6090 R08: 0000000000000000 R09: 0000000000000000
[  260.438293][ T7551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  260.438305][ T7551] R13: 0000000000000000 R14: 00007f48e69a5fa0 R15: 00007fffdbab07b8
[  260.438335][ T7551]  </TASK>
[  260.439213][ T7551] ERROR: Out of memory at tomoyo_realpath_from_path.
[  261.208402][ T7557] =======================================================
[  261.208402][ T7557] WARNING: The mand mount option has been deprecated and
[  261.208402][ T7557]          and is ignored by this kernel. Remove the mand
[  261.208402][ T7557]          option from the mount to silence this warning.
[  261.208402][ T7557] =======================================================
[  261.331535][ T7557] futex_wake_op: syz.5.420 tries to shift op by 36; fix this program
[  261.632088][ T7572] openvswitch: netlink: VXLAN extension 0 has unexpected len 3 expected 0
[  261.866004][ T7571] netlink: 8 bytes leftover after parsing attributes in process `syz.3.425'.
[  264.744003][    T9] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  264.911277][    T9] usb 3-1: Using ep0 maxpacket: 16
[  264.958858][    T9] usb 3-1: config 1 has an invalid descriptor of length 115, skipping remainder of the config
[  264.983078][    T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  265.020633][    T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  265.054697][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.089842][    T9] usb 3-1: Product: ဈ
[  265.099584][    T9] usb 3-1: Manufacturer: 槛ἷ컂㉟㿫㯎饟⩂ｚ沚抇拎⁑ـ찏휷댲襪뽹ࣃﶮ坲
[  265.127122][    T9] usb 3-1: SerialNumber: syz
[  265.852081][    T9] usb 3-1: 0:2 : does not exist
[  266.289712][    T9] usb 3-1: USB disconnect, device number 10
[  266.359520][ T7617] lo speed is unknown, defaulting to 1000
[  266.394434][ T7617] lo speed is unknown, defaulting to 1000
[  266.431752][ T7619] netlink: 20 bytes leftover after parsing attributes in process `syz.3.438'.
[  266.482470][ T7617] lo speed is unknown, defaulting to 1000
[  266.491850][ T7619] netlink: 8 bytes leftover after parsing attributes in process `syz.3.438'.
[  266.658596][ T6029] udevd[6029]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  267.508024][ T7628] netlink: 8 bytes leftover after parsing attributes in process `syz.2.440'.
[  268.502598][ T7641] xt_limit: Overflow, try lower: 0/0
[  269.046576][ T7617] infiniband s
z1: set active
[  269.053895][    T9] lo speed is unknown, defaulting to 1000
[  269.081347][ T7617] infiniband s
z1: added lo
[  269.087280][ T7617] s
z1: rxe_create_cq: returned err = -12
[  269.168202][ T7617] infiniband s
z1: Couldn't create ib_mad CQ
[  269.197983][ T7617] infiniband s
z1: Couldn't open port 1
[  270.088958][ T7617] RDS/IB: s
z1: added
[  270.093894][ T7617] smc: adding ib device s
z1 with port count 1
[  270.100440][ T7617] smc:    ib device s
z1 port 1 has pnetid 
[  270.109659][   T25] lo speed is unknown, defaulting to 1000
[  270.120531][ T7617] lo speed is unknown, defaulting to 1000
[  271.000894][ T7617] lo speed is unknown, defaulting to 1000
[  272.657937][ T7617] lo speed is unknown, defaulting to 1000
[  273.694238][ T7684] netlink: 8 bytes leftover after parsing attributes in process `syz.3.453'.
[  273.905064][ T7617] lo speed is unknown, defaulting to 1000
[  274.760390][ T7617] lo speed is unknown, defaulting to 1000
[  276.053575][ T7704] No source specified
[  276.441667][ T6542] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  276.547106][ T7617] lo speed is unknown, defaulting to 1000
[  276.661220][ T6542] usb 5-1: Using ep0 maxpacket: 16
[  276.673732][ T6542] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  276.718007][ T6542] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  276.744626][ T6542] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  276.761789][ T6542] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  276.781982][ T6542] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  276.812998][ T6542] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  276.831273][ T6542] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  276.844449][ T6542] usb 5-1: Manufacturer: syz
[  276.883931][ T6542] usb 5-1: config 0 descriptor??
[  277.155840][ T7713] dlm: no local IP address has been set
[  277.161894][ T7713] dlm: cannot start dlm midcomms -107
[  277.632295][ T6542] rc_core: IR keymap rc-hauppauge not found
[  277.648157][ T7717] netlink: 4 bytes leftover after parsing attributes in process `syz.4.460'.
[  277.696764][ T6542] Registered IR keymap rc-empty
[  277.713394][ T6542] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  277.747721][ T6542] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  277.814490][ T6542] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0
[  277.840172][ T7715] netlink: 52 bytes leftover after parsing attributes in process `syz.5.463'.
[  278.037000][ T6542] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input9
[  278.338454][ T6542] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  278.431602][ T6542] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  278.541708][ T6542] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  278.575108][ T6542] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  278.641471][ T6542] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  278.694354][ T6542] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  278.790044][ T6542] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  278.837760][ T7727] netlink: 8 bytes leftover after parsing attributes in process `syz.3.466'.
[  278.882844][ T6542] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  278.980954][ T6542] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  279.084395][ T6542] mceusb 5-1:0.0: Error: mce write submit urb error = -90
[  279.270885][ T6542] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  279.368734][ T6542] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  279.761714][ T6542] usb 5-1: USB disconnect, device number 20
[  282.661724][ T7765] netlink: 292 bytes leftover after parsing attributes in process `syz.2.476'.
[  282.941398][ T6542] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  283.491399][ T6542] usb 3-1: Using ep0 maxpacket: 16
[  283.501948][ T6542] usb 3-1: config 0 has an invalid interface number: 255 but max is 0
[  283.517917][ T6542] usb 3-1: config 0 has no interface number 0
[  283.524466][ T6542] usb 3-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[  283.536385][ T6542] usb 3-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[  283.569394][ T6542] usb 3-1: config 0 interface 255 has no altsetting 0
[  283.590208][ T6542] usb 3-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3
[  283.603891][ T6542] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  283.613362][ T6542] usb 3-1: Product: syz
[  283.617660][ T6542] usb 3-1: Manufacturer: syz
[  283.631282][ T6542] usb 3-1: SerialNumber: syz
[  283.682159][ T6542] usb 3-1: config 0 descriptor??
[  284.015853][ T7784] netlink: 8 bytes leftover after parsing attributes in process `syz.5.483'.
[  284.637018][ T7765] Driver unsupported XDP return value 0 on prog  (id 67) dev N/A, expect packet loss!
[  284.771440][ T6542] dvb_usb_dtv5100 3-1:0.255: probe with driver dvb_usb_dtv5100 failed with error -71
[  284.831340][ T6542] usb 3-1: USB disconnect, device number 11
[  286.871271][ T5983] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  287.046114][ T5983] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  287.093641][ T5983] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  287.174902][ T5983] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  287.271180][ T5983] usb 4-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00
[  287.291332][ T5983] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.332627][ T5983] usb 4-1: config 0 descriptor??
[  287.788033][ T5983] hid-multitouch 0003:0EEF:72C4.0006: item fetching failed at offset 0/2
[  287.844301][ T5983] hid-multitouch 0003:0EEF:72C4.0006: probe with driver hid-multitouch failed with error -22
[  289.351072][ T7823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  289.396322][ T7823] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  289.412220][   T43] block nbd0: Possible stuck request ffff888025a89140: control (read@0,4096B). Runtime 90 seconds
[  289.413061][ T7823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  289.488599][    T8] usb 4-1: USB disconnect, device number 7
[  289.558760][ T7823] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  289.591368][ T5881] usb 3-1: new low-speed USB device number 12 using dummy_hcd
[  289.614211][ T7823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  289.651818][ T7823] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  289.761353][ T5881] usb 3-1: device descriptor read/64, error -71
[  289.835142][ T7828] 9pnet: p9_errstr2errno: server reported unknown error �00000000000000000007
[  289.861292][ T7823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  289.872168][ T7823] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  289.889405][ T7829] overlay: ./file0 is not a directory
[  289.922570][ T7823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  289.934464][ T7823] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  291.627872][ T7843] xt_CT: You must specify a L4 protocol and not use inversions on it
[  293.171707][ T5197] udevd[5197]: worker [5989] /devices/virtual/block/nbd0 is taking a long time
[  293.519932][ T7847] netlink: 20 bytes leftover after parsing attributes in process `syz.3.500'.
[  293.644785][ T7849] FAULT_INJECTION: forcing a failure.
[  293.644785][ T7849] name failslab, interval 1, probability 0, space 0, times 0
[  293.644811][ T7849] CPU: 0 UID: 0 PID: 7849 Comm: syz.2.501 Not tainted 6.14.0-rc3-syzkaller-00137-g27eddbf34490 #0
[  293.644827][ T7849] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  293.644836][ T7849] Call Trace:
[  293.644841][ T7849]  <TASK>
[  293.644847][ T7849]  dump_stack_lvl+0x241/0x360
[  293.644869][ T7849]  ? __pfx_dump_stack_lvl+0x10/0x10
[  293.644884][ T7849]  ? __pfx__printk+0x10/0x10
[  293.644908][ T7849]  ? __kmalloc_noprof+0xb5/0x4c0
[  293.644924][ T7849]  ? __pfx___might_resched+0x10/0x10
[  293.644946][ T7849]  should_fail_ex+0x40a/0x550
[  293.644970][ T7849]  should_failslab+0xac/0x100
[  293.644994][ T7849]  __kmalloc_noprof+0xdd/0x4c0
[  293.645007][ T7849]  ? sock_kmalloc+0xd7/0x160
[  293.645024][ T7849]  sock_kmalloc+0xd7/0x160
[  293.645040][ T7849]  ____sys_sendmsg+0x231/0x860
[  293.645069][ T7849]  ? __pfx_____sys_sendmsg+0x10/0x10
[  293.645091][ T7849]  ? __fget_files+0x2a/0x410
[  293.645108][ T7849]  ? __fget_files+0x2a/0x410
[  293.645129][ T7849]  __sys_sendmmsg+0x36a/0x720
[  293.645159][ T7849]  ? __pfx___sys_sendmmsg+0x10/0x10
[  293.645190][ T7849]  ? __pfx_lock_release+0x10/0x10
[  293.645210][ T7849]  ? kstrtouint_from_user+0x128/0x190
[  293.645240][ T7849]  ? ksys_write+0x22a/0x2b0
[  293.645259][ T7849]  ? __pfx_lock_release+0x10/0x10
[  293.645284][ T7849]  ? sb_end_write+0xe9/0x1c0
[  293.645299][ T7849]  ? vfs_write+0x7fa/0xd10
[  293.645319][ T7849]  ? __mutex_unlock_slowpath+0x227/0x800
[  293.645361][ T7849]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  293.645384][ T7849]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  293.645406][ T7849]  ? do_syscall_64+0x100/0x230
[  293.645427][ T7849]  __x64_sys_sendmmsg+0xa0/0xb0
[  293.645451][ T7849]  do_syscall_64+0xf3/0x230
[  293.645470][ T7849]  ? clear_bhb_loop+0x35/0x90
[  293.645493][ T7849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  293.645513][ T7849] RIP: 0033:0x7fc30f38d0a9
[  293.645539][ T7849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  293.645550][ T7849] RSP: 002b:00007fc31029f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  293.645565][ T7849] RAX: ffffffffffffffda RBX: 00007fc30f5a5fa0 RCX: 00007fc30f38d0a9
[  293.645576][ T7849] RDX: 0000000000000001 RSI: 0000400000007100 RDI: 0000000000000003
[  293.645584][ T7849] RBP: 00007fc31029f090 R08: 0000000000000000 R09: 0000000000000000
[  293.645593][ T7849] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000001
[  293.645601][ T7849] R13: 0000000000000000 R14: 00007fc30f5a5fa0 R15: 00007fff6d1e1938
[  293.645621][ T7849]  </TASK>
[  298.207999][   T29] kauditd_printk_skb: 64 callbacks suppressed
[  298.208084][   T29] audit: type=1326 audit(1740144525.563:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7889 comm="syz.3.510" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7f8098d0a9 code=0x0
[  298.303892][ T7895] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  298.502812][   T29] audit: type=1326 audit(1740144525.873:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7899 comm="syz.1.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e6218d0a9 code=0x7ffc0000
[  298.569222][ T7901] 9pnet_fd: Insufficient options for proto=fd
[  298.591201][   T29] audit: type=1326 audit(1740144525.893:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7899 comm="syz.1.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e6218d0a9 code=0x7ffc0000
[  298.629507][   T29] audit: type=1326 audit(1740144525.893:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7899 comm="syz.1.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2e6218d0a9 code=0x7ffc0000
[  298.682683][   T29] audit: type=1326 audit(1740144525.893:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7899 comm="syz.1.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e6218d0a9 code=0x7ffc0000
[  298.704739][   T29] audit: type=1326 audit(1740144525.893:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7899 comm="syz.1.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e6218d0a9 code=0x7ffc0000
[  298.766771][   T29] audit: type=1326 audit(1740144525.893:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7899 comm="syz.1.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2e6218d0a9 code=0x7ffc0000
[  298.909411][ T7911] netlink: 'syz.1.517': attribute type 3 has an invalid length.
[  298.917783][ T7911] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.517'.
[  299.375784][   T29] audit: type=1326 audit(1740144525.893:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7899 comm="syz.1.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e6218d0a9 code=0x7ffc0000
[  299.487886][   T29] audit: type=1326 audit(1740144525.893:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7899 comm="syz.1.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e6218d0a9 code=0x7ffc0000
[  299.599283][ T7916] sp0: Synchronizing with TNC
[  299.604595][   T29] audit: type=1326 audit(1740144525.893:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7899 comm="syz.1.513" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f2e6218d0a9 code=0x7ffc0000
[  299.627596][ T7918] sp0: Found TNC
[  299.709980][ T7917] netlink: 'syz.5.519': attribute type 3 has an invalid length.
[  299.717823][ T7917] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.519'.
[  299.745905][ T7916] netlink: 20 bytes leftover after parsing attributes in process `syz.4.518'.
[  299.768256][ T7916] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  299.776340][ T7916] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  299.785442][ T7916] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  299.793261][ T7916] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[  299.806814][ T7914] [U] �`
[  301.184531][ T7921] netlink: 8 bytes leftover after parsing attributes in process `syz.1.521'.
[  301.831645][ T5983] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  301.854504][ T7938] Bluetooth: MGMT ver 1.23
[  302.561325][ T5983] usb 6-1: Using ep0 maxpacket: 8
[  302.573608][ T5983] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[  302.613255][ T5983] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  302.682034][ T5983] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  302.720267][ T5983] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  302.739495][ T5983] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  303.241050][ T5983] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  303.257096][ T7950] netlink: 36 bytes leftover after parsing attributes in process `syz.1.527'.
[  303.268041][ T7943] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(11)
[  303.275040][ T7943] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed)
[  303.283509][ T5983] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.302680][ T7943] vhci_hcd vhci_hcd.0: Device attached
[  303.362801][ T7947] vhci_hcd: connection closed
[  303.374857][   T52] vhci_hcd: stop threads
[  303.408933][ T7950] loop8: detected capacity change from 0 to 7
[  303.433774][   T52] vhci_hcd: release socket
[  303.439772][ T7950] Dev loop8: unable to read RDB block 7
[  303.450663][   T52] vhci_hcd: disconnect device
[  303.481743][ T5885] vhci_hcd: vhci_device speed not set
[  303.497867][ T7950]  loop8: unable to read partition table
[  303.505525][ T7950] loop8: partition table beyond EOD, truncated
[  303.512155][ T7950] loop_reread_partitions: partition scan of loop8 (�被x������ڬ��dƤ����ݡ�����
[  303.512155][ T7950] 
) failed (rc=-5)
[  303.530115][ T5983] usb 6-1: GET_CAPABILITIES returned 0
[  303.546249][ T5983] usbtmc 6-1:16.0: can't read capabilities
[  303.771577][ T5881] usb 6-1: USB disconnect, device number 2
[  303.932590][ T7954] openvswitch: netlink: Actions may not be safe on all matching packets
[  304.306661][ T7962] netlink: 'syz.4.531': attribute type 3 has an invalid length.
[  304.314677][ T7962] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.531'.
[  305.605219][ T7971] netlink: 4 bytes leftover after parsing attributes in process `syz.5.533'.
[  305.958799][ T5983] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  306.016803][ T5845] Bluetooth: hci0: unexpected cc 0x0c20 length: 0 < 1
[  306.027515][ T5845] Bluetooth: hci0: unexpected event for opcode 0x0c20
[  306.185941][ T7977] netlink: 'syz.4.534': attribute type 3 has an invalid length.
[  306.194010][ T7977] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.534'.
[  306.252706][ T5983] usb 6-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43
[  306.271882][ T5983] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.680203][ T5983] usb 6-1: config 0 descriptor??
[  306.915863][ T5983] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state.
[  307.438345][ T5983] gp8psk: usb in 128 operation failed.
[  307.453268][ T5983] gp8psk: usb in 137 operation failed.
[  307.458802][ T5983] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter)
[  307.470336][ T5983] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19)
[  307.481900][ T5983] usb 6-1: USB disconnect, device number 3
[  317.564136][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  319.483207][   T43] block nbd0: Possible stuck request ffff888025a89140: control (read@0,4096B). Runtime 120 seconds
[  335.002252][ T5844] Bluetooth: hci5: command 0x0406 tx timeout
[  349.566231][   T43] block nbd0: Possible stuck request ffff888025a89140: control (read@0,4096B). Runtime 150 seconds
[  354.341269][    T8] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  354.371638][    T9] usb 6-1: new low-speed USB device number 4 using dummy_hcd
[  354.563319][ T5885] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  354.591580][    T8] usb 4-1: Using ep0 maxpacket: 16
[  354.615989][    T9] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  354.632589][    T8] usb 4-1: too many configurations: 33, using maximum allowed: 8
[  354.661017][    T9] usb 6-1: config 0 has no interface number 0
[  354.687326][    T8] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  354.708417][    T9] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  354.772269][ T5885] usb 5-1: Using ep0 maxpacket: 16
[  354.789319][    T8] usb 4-1: config 0 interface 0 has no altsetting 0
[  354.811421][ T5885] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  354.824074][    T9] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  354.861657][    T8] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  354.890048][ T5885] usb 5-1: config 0 has no interfaces?
[  354.899060][    T9] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  354.915381][    T8] usb 4-1: config 0 interface 0 has no altsetting 0
[  354.927692][ T5885] usb 5-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88
[  354.937223][    T9] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.945937][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.955708][    T8] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  354.971535][    T9] usb 6-1: config 0 descriptor??
[  354.977848][ T5885] usb 5-1: Product: syz
[  355.074395][ T5885] usb 5-1: Manufacturer: syz
[  355.082519][    T8] usb 4-1: config 0 interface 0 has no altsetting 0
[  355.089708][ T7985] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  355.097347][ T5885] usb 5-1: SerialNumber: syz
[  355.110808][    T8] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  355.124333][    T9] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  355.151379][    T8] usb 4-1: config 0 interface 0 has no altsetting 0
[  355.158842][ T5885] usb 5-1: config 0 descriptor??
[  355.197489][    T8] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  355.230404][    T8] usb 4-1: config 0 interface 0 has no altsetting 0
[  355.250803][    T8] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  355.269757][    T8] usb 4-1: config 0 interface 0 has no altsetting 0
[  355.287777][    T8] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  355.305028][    T8] usb 4-1: config 0 interface 0 has no altsetting 0
[  355.380846][    T8] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  355.441337][ T8006] netlink: 'syz.2.544': attribute type 3 has an invalid length.
[  355.449209][ T8006] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.544'.
[  355.472375][    T8] usb 4-1: config 0 interface 0 has no altsetting 0
[  355.505858][    T8] usb 4-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  355.554750][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  355.629946][    T8] usb 4-1: config 0 descriptor??
[  355.726209][    C1] iowarrior 6-1:0.1: iowarrior_callback - usb_submit_urb failed with result -1
[  355.748841][ T5885] usb 6-1: USB disconnect, device number 4
[  357.227182][    T8] usbhid 4-1:0.0: can't add hid device: -71
[  357.241539][    T8] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  357.294941][ T6542] usb 5-1: USB disconnect, device number 21
[  357.299761][    T8] usb 4-1: USB disconnect, device number 8
[  357.341700][ T8017] netlink: 'syz.5.547': attribute type 3 has an invalid length.
[  357.349890][ T8017] netlink: 209852 bytes leftover after parsing attributes in process `syz.5.547'.
[  359.491651][ T5881] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  359.761904][ T5881] usb 5-1: Using ep0 maxpacket: 32
[  359.939475][ T5881] usb 5-1: config index 0 descriptor too short (expected 9, got 0)
[  359.969784][   T30] INFO: task syz.0.276:6983 blocked for more than 143 seconds.
[  360.021242][   T30]       Not tainted 6.14.0-rc3-syzkaller-00137-g27eddbf34490 #0
[  360.022617][ T5881] usb 5-1: can't read configurations, error -22
[  360.183310][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  360.193087][   T30] task:syz.0.276       state:D stack:24160 pid:6983  tgid:6983  ppid:5830   task_flags:0x400040 flags:0x00004004
[  360.211253][   T30] Call Trace:
[  360.214783][   T30]  <TASK>
[  360.217874][   T30]  __schedule+0x18bc/0x4c40
[  360.231874][   T30]  ? __pfx___schedule+0x10/0x10
[  360.236897][   T30]  ? __pfx_lock_release+0x10/0x10
[  360.246683][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  360.257907][ T8042] netlink: 12 bytes leftover after parsing attributes in process `syz.1.553'.
[  360.401760][   T30]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  361.490921][   T30]  ? schedule+0x90/0x320
[  361.501329][ T5881] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  361.511905][   T30]  schedule+0x14b/0x320
[  361.534382][   T30]  schedule_preempt_disabled+0x13/0x30
[  361.546979][   T30]  __mutex_lock+0x817/0x1010
[  361.557524][   T30]  ? __mutex_lock+0x602/0x1010
[  361.565042][   T30]  ? bdev_release+0x17e/0x700
[  361.569964][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  361.581454][   T30]  ? __pfx_ima_file_free+0x10/0x10
[  361.586987][   T30]  bdev_release+0x17e/0x700
[  361.601054][   T30]  ? __pfx_call_rcu+0x10/0x10
[  361.606570][   T30]  blkdev_release+0x15/0x20
[  361.613537][   T30]  ? __pfx_blkdev_release+0x10/0x10
[  361.619045][   T30]  __fput+0x3e9/0x9f0
[  361.626253][   T30]  task_work_run+0x24f/0x310
[  361.668154][   T30]  ? _raw_spin_unlock+0x28/0x50
[  361.681205][ T5881] usb 5-1: Using ep0 maxpacket: 32
[  361.693181][   T30]  ? __pfx_task_work_run+0x10/0x10
[  361.704202][   T30]  ? syscall_exit_to_user_mode+0xa3/0x340
[  361.710537][   T30]  syscall_exit_to_user_mode+0x13f/0x340
[  361.712548][ T5881] usb 5-1: config index 0 descriptor too short (expected 9, got 0)
[  361.720555][   T30]  do_syscall_64+0x100/0x230
[  361.735860][   T30]  ? clear_bhb_loop+0x35/0x90
[  361.742662][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  361.748771][   T30] RIP: 0033:0x7efe0e78d0a9
[  361.753292][ T5881] usb 5-1: can't read configurations, error -22
[  361.763565][ T5881] usb usb5-port1: attempt power cycle
[  361.770156][   T30] RSP: 002b:00007ffe15dae898 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  361.779900][   T30] RAX: 0000000000000000 RBX: 00007efe0e9a7ba0 RCX: 00007efe0e78d0a9
[  361.793479][   T30] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  361.812496][   T30] RBP: 00007efe0e9a7ba0 R08: 000000000000022c R09: 0000001e15daeb8f
[  361.845296][   T30] R10: 00007efe0e9a7ac0 R11: 0000000000000246 R12: 00000000000301b3
[  361.878815][   T30] R13: 00007efe0e9a6160 R14: ffffffffffffffff R15: 00007ffe15dae9b0
[  361.903350][   T30]  </TASK>
[  361.909900][   T30] INFO: task syz.0.276:6991 blocked for more than 145 seconds.
[  361.932299][   T30]       Not tainted 6.14.0-rc3-syzkaller-00137-g27eddbf34490 #0
[  361.945627][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  361.957390][   T30] task:syz.0.276       state:D stack:25840 pid:6991  tgid:6983  ppid:5830   task_flags:0x400140 flags:0x00004004
[  361.979005][   T30] Call Trace:
[  361.996933][   T30]  <TASK>
[  362.003591][   T30]  __schedule+0x18bc/0x4c40
[  362.008468][   T30]  ? __pfx___schedule+0x10/0x10
[  362.017043][   T30]  ? __pfx_lock_release+0x10/0x10
[  362.025034][   T30]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  362.042904][   T30]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  362.049079][   T30]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  362.060387][   T30]  ? schedule+0x90/0x320
[  362.069083][   T30]  schedule+0x14b/0x320
[  362.078448][   T30]  schedule_preempt_disabled+0x13/0x30
[  362.087941][   T30]  __mutex_lock+0x817/0x1010
[  362.097846][   T30]  ? __mutex_lock+0x602/0x1010
[  362.111315][ T5881] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  362.129489][   T30]  ? bdev_release+0x17e/0x700
[  362.149764][   T30]  ? __pfx___mutex_lock+0x10/0x10
[  362.162192][ T5881] usb 5-1: Using ep0 maxpacket: 32
[  362.164213][   T30]  ? __pfx_ima_file_free+0x10/0x10
[  362.177634][   T30]  bdev_release+0x17e/0x700
[  362.182891][ T5881] usb 5-1: config index 0 descriptor too short (expected 9, got 0)
[  362.184594][   T30]  blkdev_release+0x15/0x20
[  362.190818][ T5881] usb 5-1: can't read configurations, error -22
[  362.208729][   T30]  ? __pfx_blkdev_release+0x10/0x10
[  362.220148][   T30]  __fput+0x3e9/0x9f0
[  362.258769][   T30]  task_work_run+0x24f/0x310
[  362.269768][   T30]  ? __pfx_task_work_run+0x10/0x10
[  362.276305][   T30]  ? syscall_exit_to_user_mode+0xa3/0x340
[  362.294390][   T30]  syscall_exit_to_user_mode+0x13f/0x340
[  362.309835][   T30]  do_syscall_64+0x100/0x230
[  362.318275][   T30]  ? clear_bhb_loop+0x35/0x90
[  362.336448][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  362.372609][   T30] RIP: 0033:0x7efe0e78d0a9
[  362.377599][   T30] RSP: 002b:00007efe0c5d5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  362.393568][   T30] RAX: 0000000000000000 RBX: 00007efe0e9a6080 RCX: 00007efe0e78d0a9
[  362.429827][   T30] RDX: 0000000000000000 RSI: 000000000000ab03 RDI: 0000000000000009
[  362.466470][   T30] RBP: 00007efe0e80e2a0 R08: 0000000000000000 R09: 0000000000000000
[  362.475596][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  362.494803][   T30] R13: 0000000000000000 R14: 00007efe0e9a6080 R15: 00007ffe15dae738
[  362.518272][   T30]  </TASK>
[  362.528401][   T30] 
[  362.528401][   T30] Showing all locks held in the system:
[  362.544508][   T30] 1 lock held by khungtaskd/30:
[  362.600510][   T30]  #0: ffffffff8eb38f60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x55/0x2a0
[  362.631463][   T30] 4 locks held by kworker/u8:3/52:
[  362.641159][   T30] 2 locks held by getty/5590:
[  362.648798][   T30]  #0: ffff888072c280a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  362.664904][   T30]  #1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x616/0x1770
[  362.678727][   T30] 3 locks held by syz-executor/5829:
[  362.687844][   T30] 6 locks held by kworker/1:3/5881:
[  362.696680][   T30]  #0: ffff8881416b7948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x98b/0x18e0
[  362.711783][   T30]  #1: ffffc900043ffc60 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9c6/0x18e0
[  362.729614][   T30]  #2: ffff8881457de190 (&dev->mutex){....}-{4:4}, at: hub_event+0x1fe/0x5150
[  362.739979][   T30]  #3: ffff888028a81510 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x25b9/0x5150
[  362.752308][   T30]  #4: ffff88814576aa68 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x25f7/0x5150
[  362.764298][   T30]  #5: ffffffff8f79a450 (ehci_cf_port_reset_rwsem){.+.+}-{4:4}, at: hub_port_reset+0x1f8/0x1b30
[  362.775320][   T30] 1 lock held by udevd/5989:
[  362.780054][   T30]  #0: ffff8880259d54c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xf0/0xc50
[  362.789508][   T30] 1 lock held by syz.0.276/6983:
[  362.795103][   T30]  #0: ffff8880259d54c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x17e/0x700
[  362.805123][   T30] 1 lock held by syz.0.276/6991:
[  362.810197][   T30]  #0: ffff8880259d54c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_release+0x17e/0x700
[  362.820248][   T30] 2 locks held by syz.1.543/8007:
[  362.825682][   T30] 
[  362.828127][   T30] =============================================
[  362.828127][   T30] 
[  362.840993][   T30] NMI backtrace for cpu 1
[  362.841008][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.14.0-rc3-syzkaller-00137-g27eddbf34490 #0
[  362.841032][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  362.841045][   T30] Call Trace:
[  362.841053][   T30]  <TASK>
[  362.841067][   T30]  dump_stack_lvl+0x241/0x360
[  362.841096][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  362.841118][   T30]  ? __pfx__printk+0x10/0x10
[  362.841161][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  362.841188][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  362.841208][   T30]  ? _printk+0xd5/0x120
[  362.841264][   T30]  ? __pfx__printk+0x10/0x10
[  362.841295][   T30]  ? __wake_up_klogd+0xcc/0x110
[  362.841321][   T30]  ? __pfx__printk+0x10/0x10
[  362.841353][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  362.841382][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  362.841410][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  362.841435][   T30]  watchdog+0x1058/0x10a0
[  362.841467][   T30]  ? watchdog+0x1ea/0x10a0
[  362.841501][   T30]  ? __pfx_watchdog+0x10/0x10
[  362.841539][   T30]  kthread+0x7a9/0x920
[  362.841566][   T30]  ? __pfx_kthread+0x10/0x10
[  362.841598][   T30]  ? __pfx_watchdog+0x10/0x10
[  362.841627][   T30]  ? __pfx_kthread+0x10/0x10
[  362.841655][   T30]  ? __pfx_kthread+0x10/0x10
[  362.841688][   T30]  ? __pfx_kthread+0x10/0x10
[  362.841715][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  362.841738][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  362.841762][   T30]  ? __pfx_kthread+0x10/0x10
[  362.841794][   T30]  ret_from_fork+0x4b/0x80
[  362.841820][   T30]  ? __pfx_kthread+0x10/0x10
[  362.841849][   T30]  ret_from_fork_asm+0x1a/0x30
[  362.841887][   T30]  </TASK>
[  363.006683][   T30] Sending NMI from CPU 1 to CPUs 0:
[  363.012721][    C0] NMI backtrace for cpu 0
[  363.012734][    C0] CPU: 0 UID: 0 PID: 8007 Comm: syz.1.543 Not tainted 6.14.0-rc3-syzkaller-00137-g27eddbf34490 #0
[  363.012752][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  363.012762][    C0] RIP: 0010:check_preemption_disabled+0x5d/0x120
[  363.012790][    C0] Code: 28 00 00 00 48 3b 44 24 08 0f 85 ce 00 00 00 89 d8 48 83 c4 10 5b 41 5c 41 5e 41 5f c3 cc cc cc cc 48 c7 04 24 00 00 00 00 9c <8f> 04 24 f7 04 24 00 02 00 00 74 c5 49 89 f6 49 89 ff 65 4c 8b 24
[  363.012803][    C0] RSP: 0018:ffffc90004f1eb70 EFLAGS: 00000046
[  363.012818][    C0] RAX: 0000000080000000 RBX: 0000000000000000 RCX: ffff888026315a00
[  363.012830][    C0] RDX: 0000000000000000 RSI: ffffffff8c2ab6a0 RDI: ffffffff8c8019c0
[  363.012841][    C0] RBP: 0000000000000001 R08: ffffffff8bf7be77 R09: ffffffff8bf7bd8b
[  363.012852][    C0] R10: 0000000000000004 R11: ffff888026315a00 R12: 0000000000000246
[  363.012862][    C0] R13: ffff888026315a00 R14: 00000000ffffffff R15: ffff8880305c4fe0
[  363.012873][    C0] FS:  00007f2e62f726c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
[  363.012887][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  363.012903][    C0] CR2: 00007fc30f5783f8 CR3: 000000002f950000 CR4: 00000000003526f0
[  363.012917][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  363.012926][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  363.012936][    C0] Call Trace:
[  363.012942][    C0]  <NMI>
[  363.012948][    C0]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  363.012965][    C0]  ? __pfx_lock_acquire+0x10/0x10
[  363.012988][    C0]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  363.013011][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  363.013031][    C0]  ? nmi_handle+0x14f/0x5a0
[  363.013053][    C0]  ? nmi_handle+0x2a/0x5a0
[  363.013075][    C0]  ? check_preemption_disabled+0x5d/0x120
[  363.013096][    C0]  ? default_do_nmi+0x63/0x160
[  363.013120][    C0]  ? exc_nmi+0x123/0x1f0
[  363.013143][    C0]  ? end_repeat_nmi+0xf/0x53
[  363.013169][    C0]  ? mtree_range_walk+0x3eb/0x8e0
[  363.013186][    C0]  ? mtree_range_walk+0x4d7/0x8e0
[  363.013204][    C0]  ? check_preemption_disabled+0x5d/0x120
[  363.013225][    C0]  ? check_preemption_disabled+0x5d/0x120
[  363.013248][    C0]  ? check_preemption_disabled+0x5d/0x120
[  363.013294][    C0]  </NMI>
[  363.013300][    C0]  <TASK>
[  363.013308][    C0]  lock_is_held_type+0x101/0x190
[  363.013329][    C0]  mtree_range_walk+0x518/0x8e0
[  363.013355][    C0]  mt_find+0x3a8/0x920
[  363.013375][    C0]  ? mt_find+0x2a9/0x920
[  363.013397][    C0]  ? __pfx_mt_find+0x10/0x10
[  363.013425][    C0]  find_vma+0xf9/0x170
[  363.013444][    C0]  ? __pfx_find_vma+0x10/0x10
[  363.013466][    C0]  __get_user_pages+0x479/0x4140
[  363.013500][    C0]  ? __pfx___get_user_pages+0x10/0x10
[  363.013518][    C0]  ? get_dump_page+0xe2/0x2f0
[  363.013538][    C0]  ? get_dump_page+0x19d/0x2f0
[  363.013557][    C0]  ? __pfx_down_read_killable+0x10/0x10
[  363.013588][    C0]  get_dump_page+0x155/0x2f0
[  363.013607][    C0]  ? __pfx___might_resched+0x10/0x10
[  363.013627][    C0]  ? __pfx_get_dump_page+0x10/0x10
[  363.013647][    C0]  ? generic_file_llseek_size+0x322/0x390
[  363.013669][    C0]  ? iov_iter_bvec+0x4e/0x180
[  363.013689][    C0]  dump_user_range+0x14d/0x970
[  363.013718][    C0]  ? __pfx_dump_user_range+0x10/0x10
[  363.013744][    C0]  ? __pfx_elf_coredump_extra_notes_write+0x10/0x10
[  363.013769][    C0]  ? __kmalloc_cache_noprof+0x243/0x390
[  363.013786][    C0]  ? dump_emit+0x99/0xd0
[  363.013808][    C0]  elf_core_dump+0x4054/0x4a80
[  363.013842][    C0]  ? __pfx_elf_core_dump+0x10/0x10
[  363.013867][    C0]  ? mark_lock+0x9a/0x360
[  363.013892][    C0]  ? __lock_acquire+0x1397/0x2100
[  363.013918][    C0]  ? __pfx_cmp_vma_size+0x10/0x10
[  363.013954][    C0]  ? rcu_read_lock_any_held+0xb7/0x160
[  363.013979][    C0]  do_coredump+0x232a/0x32c0
[  363.014013][    C0]  ? __pfx_do_coredump+0x10/0x10
[  363.014048][    C0]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  363.014075][    C0]  ? proc_coredump_connector+0x1f4/0x660
[  363.014098][    C0]  ? __pfx_preempt_schedule+0x10/0x10
[  363.014117][    C0]  ? __pfx_proc_coredump_connector+0x10/0x10
[  363.014142][    C0]  ? preempt_schedule_thunk+0x1a/0x30
[  363.014167][    C0]  get_signal+0x13e5/0x1720
[  363.014191][    C0]  ? __pfx_get_signal+0x10/0x10
[  363.014206][    C0]  ? __pfx_force_sig_fault+0x10/0x10
[  363.014235][    C0]  arch_do_signal_or_restart+0x96/0x860
[  363.014255][    C0]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  363.014286][    C0]  ? irqentry_exit_to_user_mode+0x53/0x250
[  363.014309][    C0]  irqentry_exit_to_user_mode+0x7e/0x250
[  363.014330][    C0]  exc_page_fault+0x590/0x8b0
[  363.014352][    C0]  asm_exc_page_fault+0x26/0x30
[  363.014374][    C0] RIP: 0033:0xf564b49ac5
[  363.014392][    C0] Code: Unable to access opcode bytes at 0xf564b49a9b.
[  363.014400][    C0] RSP: 002b:0000400000000078 EFLAGS: 00010217
[  363.014414][    C0] RAX: 0000000000000000 RBX: 00007f2e623a6080 RCX: 00007f2e6218d0a9
[  363.014425][    C0] RDX: 0000400000000080 RSI: 0000400000000070 RDI: 0000000008000400
[  363.014436][    C0] RBP: 00007f2e6220e2a0 R08: 0000400000000200 R09: 0000400000000200
[  363.014448][    C0] R10: 00004000000001c0 R11: 0000000000000206 R12: 0000000000000000
[  363.014459][    C0] R13: 0000000000000000 R14: 00007f2e623a6080 R15: 00007ffd345e98b8
[  363.014477][    C0]  </TASK>
[  363.026648][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  363.026668][   T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.14.0-rc3-syzkaller-00137-g27eddbf34490 #0
[  363.026696][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
[  363.026711][   T30] Call Trace:
[  363.026721][   T30]  <TASK>
[  363.026732][   T30]  dump_stack_lvl+0x241/0x360
[  363.026765][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  363.026791][   T30]  ? __pfx__printk+0x10/0x10
[  363.026824][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  363.026866][   T30]  ? vscnprintf+0x5d/0x90
[  363.026894][   T30]  panic+0x349/0x880
[  363.026930][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  363.026958][   T30]  ? __pfx_panic+0x10/0x10
[  363.026990][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  363.027019][   T30]  ? __irq_work_queue_local+0x137/0x410
[  363.027055][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  363.027100][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  363.027123][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  363.027150][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  363.027176][   T30]  watchdog+0x1097/0x10a0
[  363.027210][   T30]  ? watchdog+0x1ea/0x10a0
[  363.027247][   T30]  ? __pfx_watchdog+0x10/0x10
[  363.027279][   T30]  kthread+0x7a9/0x920
[  363.027310][   T30]  ? __pfx_kthread+0x10/0x10
[  363.027345][   T30]  ? __pfx_watchdog+0x10/0x10
[  363.027376][   T30]  ? __pfx_kthread+0x10/0x10
[  363.027406][   T30]  ? __pfx_kthread+0x10/0x10
[  363.027442][   T30]  ? __pfx_kthread+0x10/0x10
[  363.027473][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  363.027498][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  363.027531][   T30]  ? __pfx_kthread+0x10/0x10
[  363.027565][   T30]  ret_from_fork+0x4b/0x80
[  363.027593][   T30]  ? __pfx_kthread+0x10/0x10
[  363.027631][   T30]  ret_from_fork_asm+0x1a/0x30
[  363.027682][   T30]  </TASK>
[  363.708491][   T30] Kernel Offset: disabled
[  363.712814][   T30] Rebooting in 86400 seconds..