last executing test programs:

11.498765958s ago: executing program 4 (id=1640):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r3, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendfile(r3, r2, 0x0, 0x40008)
setsockopt$MRT6_INIT(0xffffffffffffffff, 0x29, 0xc8, &(0x7f00000002c0), 0x4)
r4 = signalfd4(r0, &(0x7f0000000080)={[0xc658]}, 0x8, 0x800)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r4, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x2b})
sendmsg$key(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020800000100000000000001000000000100140003"], 0x18}}, 0x0)
io_setup(0x30, &(0x7f0000000600))
pipe2$9p(&(0x7f00000000c0), 0x4000)
write$binfmt_script(0xffffffffffffffff, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0))
r5 = syz_open_dev$vim2m(&(0x7f0000000080), 0x6, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000000)={0xc, 0x1, 0x2, "18000040000000f7c28dca4c2100000000000000000000048400", 0x50424752})
syz_io_uring_setup(0x241, &(0x7f0000000300)={0x0, 0xcdda, 0x8000, 0x1, 0x22f, 0x0, r5}, &(0x7f0000000380), &(0x7f00000003c0))
cachestat(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0)

9.175450078s ago: executing program 4 (id=1651):
socket$can_bcm(0x1d, 0x2, 0x2)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000240)={'syzkaller1\x00', @link_local})
writev(r0, &(0x7f00000002c0)=[{&(0x7f00000003c0)="2e9b3d0007e03dd65193dfb6c575963f86ddf06712e900442b8db0049d90491ceaebfd26d4eef23248000000f858dbb8a19052343f", 0x35}, {&(0x7f0000000200)="c67f246500", 0x5}], 0x2) (fail_nth: 5)

8.236225132s ago: executing program 4 (id=1654):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000200)={0xa, 0x4e22, 0x2, @empty, 0x8}, 0x1c)
listen(r3, 0x204)
r4 = socket$netlink(0x10, 0x3, 0x4)
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001500add427323b470c45b4560a067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a09000000ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1)

7.244236434s ago: executing program 3 (id=1655):
r0 = syz_usb_connect(0x3, 0x24, &(0x7f0000000400)=ANY=[@ANYBLOB="06010000e4c5ad101d0620c0159c010203010902120001000000000904"], 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000100)={'dvmrp0\x00', 0x2})
ioctl$TUNATTACHFILTER(r1, 0x401054d5, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x6}]})
ioctl$TUNDETACHFILTER(r1, 0x401054d6, 0x0)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000500)={0x34, &(0x7f0000000300)={0x20, 0x1, 0x3, "745202"}, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
r2 = syz_open_dev$usbfs(0x0, 0x10000001d, 0x8041)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000600)={0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000640)={<r4=>0x0})
ioctl$DRM_IOCTL_SET_SAREA_CTX(r3, 0x4010641c, &(0x7f0000000780)={r4, &(0x7f0000000680)=""/250})
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, &(0x7f0000000140)={0x14, &(0x7f0000000040)={0x40, 0x24, 0xa8, {0xa8, 0x24, "0e30d44840317e880737ff63d6e12b63984a36fc33fc2f1eb42ca043b6cebf3f797918efdf84e9c6310afb5faf6805f3cb4490400256632801887c9ea547043f4ccdead04d83f32a523c8d9b2cc94e8f62b9fc0aaa23a9a0fa008d0d6d1b4af848b98b2a8ee01d4dfd3a566559d40b34943ee0371250af2fb0f2834d4c4c8cd35ba8aa82cf39091e89ad0c6013b3502bc05a1792f235736c37de76c2aebae82088bf682145fb"}}, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x80a}}}, &(0x7f00000005c0)={0x34, &(0x7f0000000340)={0x40, 0x8, 0x95, "27f37be6a28a0e80988c0104cd556b1d7c2cf39437d754dbe097f1692d30065df2f2e50f38cbc06c2a718f028d7dfa47394bb14d97d5591a6ca1e0c230a7a0acab02e6636fe9c0c876b28b616dd2a872d9c2083e34da100ac13da0e67d4a91a9dd2fa1d2ac75b4d5fdcaa693077ff5da855965f817c92fa557c3a53d8045c83077de5c201f1a67cfa1615d74e305cf60809f61af4c"}, &(0x7f0000000180)={0x0, 0xa, 0x1, 0xb9}, &(0x7f0000000440)={0x0, 0x8, 0x1, 0x1}, &(0x7f0000000480)={0x20, 0x0, 0x75, {0x73, "7b7cafdfab7989fc6c9dc4d0b697c4793a767b6c7f50b4a0e40986d534ace8d52719ccf9cf3d3df01e43a3ea1aa3190ac94c44ce68c9cc48b17064eb0e91f4d4182757f2f1bd74910f67a9f179cc7fbb7b464842be844d0ac5240225fa4390f4f88dc03dc79152bcbecbab50c0edf1d0a713aa"}}, &(0x7f0000000540)={0x20, 0x1, 0x1, 0x8b}, &(0x7f0000000580)={0x20, 0x0, 0x1, 0x68}})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000008c0)={0x44, &(0x7f0000000000)=ANY=[@ANYBLOB="600c0300004a0000000000000019470adfda9df5e9660971daa252c4023302a2276e94ef0df7c156"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
openat$dlm_control(0xffffffffffffff9c, &(0x7f00000007c0), 0x10002, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x6, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x4}, [@ldst={0x5, 0x3}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0xf}, 0x94)
r5 = socket$can_bcm(0x1d, 0x2, 0x2)
accept4(r5, 0x0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x8108551b, &(0x7f00000001c0)={0x0, 0x2, "4cf90fba85c830e42a3ca4b10f01bbcb15f3806c4853e7c44a6974759d9f643905a56baa4195fb396d9bfa306999f1586e5d1ca49add100a36b751a7d9fe0b182ebf2c8a0e66f72c1c08260030752f07cd4089473e52885a3c85bacf3ccfac5bb9435fe036dcfccd7254bbd8bce90e2284d29e1f17d6652270fd0abcb8729f16ff602b438bd122a9e09984e2799d0dbfef7533d1a930ea4f4b57605ace45f5815450693650ae122d34aa0c5ca5e793516d156e5a5b34d6c17c40d753426a3d8e15e726d0f2622e873e0cbe63751bb62c68594d4cb0a21b92ad2e80f24a9b290a87ee6779022a0b7f5223e4e8c9f53f501ec8c439724078fdc076a51d50760566"})

6.804252073s ago: executing program 4 (id=1657):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$KVM_IOEVENTFD(r2, 0x4040ae79, &(0x7f0000000000)={0xd, 0x5000, 0xd, 0xffffffffffffffff, 0x4})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x10)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x42)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380))
socket$nl_route(0x10, 0x3, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x92)
socket$inet6_sctp(0xa, 0x1, 0x84)
socket$nl_xfrm(0x10, 0x3, 0x6)
socket$nl_xfrm(0x10, 0x3, 0x6)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
r3 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x8, 0x4, &(0x7f0000000180)=ANY=[@ANYRES32=r3], 0x0, 0x8, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r3}, 0x94)
ioctl$AUTOFS_IOC_PROTOSUBVER(r3, 0x40049366, &(0x7f0000000180))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x9a974000)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0)
ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r5, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000580)=ANY=[@ANYBLOB="8c000000", @ANYRES16=r6, @ANYBLOB="010626bd7000fbdbdf2509000000780004801300010062726f6164636173742d6c696e6b00000c00078008000500010000005400078008000300ffffffff0800030030b0000008000200020000000800030007000000080001001a000000080003000101000008000300030000000800030000020000080001001400000008000200be"], 0x8c}, 0x1, 0x0, 0x0, 0x4000000}, 0xc000)

6.656178614s ago: executing program 2 (id=1658):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x282, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r3, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
sendfile(r3, r2, 0x0, 0x40008)
openat$sw_sync_info(0xffffffffffffff9c, 0x0, 0x80002, 0x0)
r4 = signalfd4(r0, &(0x7f0000000080)={[0xc658]}, 0x8, 0x800)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r4, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x2b})
sendmsg$key(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020800000100000000000001000000000100140003"], 0x18}}, 0x0)
io_setup(0x30, &(0x7f0000000600))
pipe2$9p(&(0x7f00000000c0), 0x4000)
write$binfmt_script(0xffffffffffffffff, &(0x7f00000004c0), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, 0xffffffffffffffff, 0x0)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000001c0))
r5 = syz_open_dev$vim2m(&(0x7f0000000080), 0x6, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000000)={0xc, 0x1, 0x2, "18000040000000f7c28dca4c2100000000000000000000048400", 0x50424752})
syz_io_uring_setup(0x241, &(0x7f0000000300)={0x0, 0xcdda, 0x8000, 0x1, 0x22f, 0x0, r5}, &(0x7f0000000380), &(0x7f00000003c0))
cachestat(0xffffffffffffffff, &(0x7f0000000040), 0x0, 0x0)

4.878945666s ago: executing program 1 (id=1663):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0xd}, 0x18)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
ioctl$SIOCX25SFACILITIES(0xffffffffffffffff, 0x89e3, 0x0)
write$bt_hci(r1, &(0x7f0000000080)=ANY=[], 0x6)

4.788527341s ago: executing program 1 (id=1664):
openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x80040, 0x40, 0xe}, 0x18)
r0 = socket(0xa, 0x3, 0xff)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x4, <r3=>r1})
mount$9p_fd(0x200000000000000, &(0x7f0000000540)='./file0\x00', &(0x7f0000000580), 0x2000000, &(0x7f00000005c0)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r0}})

4.565954939s ago: executing program 1 (id=1665):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000200)={0xa, 0x4e22, 0x2, @empty, 0x8}, 0x1c)
listen(r3, 0x204)
r4 = socket$netlink(0x10, 0x3, 0x4)
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001500add427323b470c45b4560a067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a09000000ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1)

4.330018333s ago: executing program 4 (id=1666):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000009c0)={{0x12, 0x1, 0x0, 0x3a, 0x98, 0x2a, 0x8, 0xccd, 0x10a3, 0x23a2, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x57, 0x33, 0x19}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000400)={0x1c, &(0x7f00000002c0)={0x8248851b466bc884, 0x18, 0x6, "da441f73df3e"}, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
setxattr$security_ima(0x0, &(0x7f00000000c0), 0x0, 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)=ANY=[])
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000180)={0x14, 0x0, 0x0}, &(0x7f00000004c0)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)={0x20, 0x87, 0x2, 0x8}, &(0x7f0000000480)={0x20, 0x89, 0x2, 0x1}})
userfaultfd(0x80000)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

3.930863813s ago: executing program 2 (id=1667):
userfaultfd(0x80801)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000001480)={'syzkaller0\x00', 0x7101})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000))
ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000002280)={'syzkaller0\x00', @random="110000000002"})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = fsopen(&(0x7f0000000100)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x82)
fchdir(r5)
openat(0xffffffffffffff9c, &(0x7f0000004280)='.\x00', 0x0, 0x0)
r6 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r6, 0x7fff, 0x0)

3.685286181s ago: executing program 0 (id=1668):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000080)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3e, 0x3e, 0x8, [@const={0xf}, @datasec={0xf, 0x3, 0x0, 0xf, 0x2, [{0x2, 0x401, 0x7f}, {0x4, 0x8, 0x6}, {0x1, 0x1c000}], '&<'}]}, {0x0, [0x30, 0x61, 0x2e, 0x0, 0x61, 0x30]}}, &(0x7f0000000280)=""/144, 0x60, 0x90, 0x0, 0x913}, 0x28)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x19, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r2, 0x0, 0x5}, 0x18)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0)
add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000440)="ab", 0xff77, 0xfffffffffffffffe)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='mm_migrate_pages\x00', r3, 0x0, 0x9}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

3.558379837s ago: executing program 1 (id=1669):
r0 = memfd_secret(0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xe, 0x4}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x18, 0x2, {{0x9}, [@TCA_NETEM_RATE={0x14, 0xe, {0x0, 0x5}}]}}}]}, 0x60}}, 0x20048020)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_MSFILTER(r4, 0x0, 0x30, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000"], 0x110)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
r7 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r7, 0x2205, 0x0)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r6, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x80)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000008142000000000000009500000000000000"], 0x0, 0x2}, 0x94)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
r8 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r8, &(0x7f0000000080)={0x18, 0x0, {0x3, @random="bb7fb37b9489", 'bond0\x00'}}, 0x1e)
r9 = socket$kcm(0x10, 0x2, 0x0)
r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00')
preadv(r10, &(0x7f0000010440)=[{&(0x7f0000000040)=""/160, 0x3fd}], 0x1, 0xc03, 0x0)
sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="2e00000011008b88040f80ee59acbc04130800480f0000005e2900421803001825800000000000000280000c0012", 0x2e}], 0x1}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x12, &(0x7f0000000200)=ANY=[@ANYBLOB="1836cb3f870b44e2570f2d3ce929d7845dd418f1b600000018000000000000000101000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000000d34289a30e000085100000020000009500000000000000"], &(0x7f0000000180)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x11, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffbff}, 0x94)

3.557302666s ago: executing program 0 (id=1670):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000040)="1a1f426bbae5279f", 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000240)={'\x00', 0x8000, 0x101, 0x7, 0x8000000000000000, 0x9, <r1=>0x0})
prlimit64(r1, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000080)=0x80000)
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(r2, 0x7a5, &(0x7f0000000200)={{@my=0x0}, 0x0, 0x1})
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(r2, 0x7b1, &(0x7f00000003c0)={&(0x7f0000004000)=[0xfffffffd, 0x101, 0x238, 0x40, 0x7, 0x2, 0x4dfb, 0xa, 0x0, 0x2, 0x7, 0x81, 0x3, 0x3, 0x7, 0x2, 0x5, 0x4, 0x60, 0x7, 0x200, 0xa3f, 0x9a, 0x7, 0x9, 0x8, 0x9, 0x1000, 0x6, 0x0, 0x2e, 0x3, 0x7f, 0x7, 0x6c9d3c45, 0x401, 0x7, 0xfffffff9, 0x8, 0x7d, 0x5, 0x24f4, 0x1000, 0x6, 0xe, 0x7fffffff, 0x1ff, 0x2, 0x3ea8, 0xb32, 0x0, 0x3, 0x6, 0x101, 0x6, 0x519, 0x3, 0x7f, 0xb7, 0x7, 0x5, 0x401, 0x9, 0x5, 0x5, 0x2, 0xff, 0x0, 0x3, 0x5, 0xfffffff7, 0x8, 0x2, 0xe8, 0x1, 0x6, 0xcef3, 0xfffffff6, 0x1, 0x5, 0x1000, 0x9, 0x400, 0x8f, 0x0, 0xcabc, 0x7, 0x5, 0x6, 0x6, 0x2, 0xd34, 0x265, 0x3, 0x8, 0x49, 0x8, 0x1000, 0x0, 0x5, 0x4, 0xaf, 0xffffffff, 0x9, 0x5, 0x80000000, 0x9, 0x6, 0x97df, 0x6, 0x800, 0x7ff, 0x18ff, 0x3, 0x3, 0x8, 0xfff, 0xfb, 0x3, 0x5, 0x4, 0x1, 0xffff, 0x8, 0x3, 0x3, 0x7db, 0x7f, 0x6, 0x2, 0x8, 0x3ff, 0xfd, 0x9, 0x4, 0x3, 0x6, 0x3, 0x2, 0xfffffff8, 0x8, 0x339, 0xfffffff0, 0x3, 0x9, 0x1, 0xf, 0x6, 0x800, 0xc791, 0x6, 0xfd, 0x1, 0x10040000, 0x3, 0x8, 0x9, 0x101, 0x0, 0x6, 0x5, 0x7fffffff, 0x4, 0x1, 0x102, 0x6, 0x4, 0x80, 0x4, 0x0, 0x8, 0x6, 0x0, 0x43df, 0x1, 0x54eb, 0x80, 0x80000000, 0x5, 0xfffffffd, 0x9, 0x9, 0x7, 0x5, 0x10, 0x8, 0xfffffff7, 0x0, 0x8, 0xc, 0x8, 0x6, 0x800, 0x6, 0x3, 0x3ff, 0x2, 0x3, 0x2, 0x3, 0x0, 0x4e, 0x5, 0xffff, 0x6, 0xc3, 0x0, 0x4, 0xe3, 0x9, 0x5, 0xfff, 0x5, 0x10000, 0x2, 0xcff, 0x6, 0x4, 0x100, 0x3, 0x6, 0x8, 0xfffffff7, 0x0, 0x200, 0x7f, 0x5, 0x42, 0x3, 0x6, 0x411af549, 0x0, 0x22cb, 0x0, 0x6, 0x2428, 0x1, 0x3, 0x9, 0x8001, 0x81, 0x7, 0x3, 0x4, 0x10000000, 0x6, 0x8, 0x7, 0xc8, 0x401, 0xc9f3, 0xd6, 0x800, 0x10, 0x1, 0xf1b, 0x10001, 0x3ae44413, 0x534c, 0x2, 0x28, 0x80000000, 0xffffffff, 0x200, 0xfffff025, 0x3, 0x6, 0x0, 0xfff, 0x6, 0x4, 0x9, 0x5c7115a2, 0x10, 0x6, 0x3, 0x6, 0x0, 0x6, 0x81, 0x8, 0x1, 0x3, 0x4, 0x9, 0x1, 0x4, 0x4, 0x4, 0x101, 0x3, 0x4730, 0x7, 0x5, 0x6e87, 0x7, 0x2, 0x8, 0xffffffff, 0xd, 0x8, 0x8000, 0x4, 0x8, 0xa, 0xfffffff9, 0x9, 0x9, 0x2, 0x8, 0x2, 0x0, 0xcdb2, 0x800, 0x1, 0x7, 0xdd8f, 0x7f0a, 0x5, 0x3, 0x80000001, 0x7fffffff, 0x5, 0x2, 0xfffffffd, 0x80000000, 0x3ff, 0x9, 0x1, 0x81, 0x4, 0x1, 0x7, 0x8, 0xffffffff, 0x8, 0x1, 0x8, 0x0, 0x2, 0x4, 0x0, 0x6, 0x4, 0xbb0e, 0x5022, 0x4, 0xfffffffd, 0xe, 0x7, 0x2, 0x6, 0x3, 0x21000, 0x8, 0x3, 0x6, 0x7, 0x800, 0x7f5, 0x3ff, 0xf1, 0x4, 0x7, 0x9fc, 0x80000001, 0xfffffffb, 0x1, 0x1, 0x3, 0x5, 0x7, 0x4, 0x8, 0x1, 0x8, 0x0, 0xb, 0x8001, 0x3, 0x0, 0xa, 0x6a1f, 0x0, 0x22, 0xc, 0x6c000000, 0x6, 0x80, 0x1, 0x6, 0x40, 0x5cb2, 0x8, 0x2, 0x9, 0xffff7e5c, 0x800, 0x120, 0x7fff, 0x8, 0x401, 0x29, 0x80000000, 0x1, 0x0, 0x8, 0x8, 0xffffe110, 0x5, 0xef0, 0xfffffffd, 0x9, 0x9845, 0xe, 0x170, 0x5, 0x3, 0x5, 0x7ad, 0x3, 0x9, 0x5, 0x4, 0x0, 0x6, 0x5d, 0x7, 0x940, 0xebc, 0xffffff20, 0x800, 0x4, 0x0, 0x203b, 0x0, 0x330, 0x7, 0x7, 0x63b, 0xe, 0x7ff, 0x5bf9, 0x9, 0x5, 0xf3, 0x200, 0x0, 0x7, 0xc000, 0x8, 0x7, 0x50, 0x4da, 0xd, 0x3, 0x7, 0x50d, 0x3, 0x1, 0x1, 0x7, 0x2c16f915, 0x8001, 0x800, 0x1, 0x4, 0x2, 0xa, 0x5d, 0x6, 0xb, 0x0, 0x6, 0x6, 0x6, 0x80000001, 0x7b, 0x400, 0x7, 0xe0, 0x3, 0x9d8, 0x2, 0x5, 0x9, 0x1, 0x5, 0x0, 0xfffffe00, 0x5, 0x0, 0xd, 0xfffffff4, 0xd2, 0x7, 0x80000001, 0x80000000, 0x4, 0x5, 0xffffffe9, 0x1ff, 0xbc, 0x1, 0x200, 0x6, 0x5, 0x9, 0x6, 0xfffffffb, 0x805, 0x2, 0xffffffff, 0xff, 0x3, 0xf, 0x0, 0x3, 0x8, 0x6, 0x6, 0x100000, 0xfffffff3, 0x6, 0x6, 0x28, 0x8, 0x5, 0x0, 0xc0000000, 0x401, 0x1, 0x2, 0x7, 0x4, 0x8, 0xb, 0x9, 0x1, 0x5, 0xffffffff, 0x3efc, 0x7f, 0x0, 0x0, 0x9, 0x0, 0x1, 0x0, 0x6, 0xfe, 0x5, 0x7, 0x7776, 0xff, 0x3, 0x20, 0x1, 0x36a, 0x1, 0xa, 0x400, 0x2afcad61, 0x0, 0x4, 0xccfc, 0x100000, 0x9, 0x800, 0xa, 0x7, 0x2, 0x21, 0x5, 0x4, 0xe, 0x1000, 0x3, 0x1, 0x9, 0xacf, 0x6, 0x3, 0x800, 0x8, 0x9338, 0x7, 0x9, 0x9, 0x71, 0x3, 0x1ff, 0x80, 0xd98b, 0x8, 0x2, 0x1, 0x5, 0x4, 0x5, 0x5, 0x3, 0x9, 0x2, 0x0, 0x101, 0x66, 0x6, 0x2, 0x7, 0xfffffffc, 0x8, 0x40, 0x1, 0x4, 0x5, 0x2, 0x9, 0xc1cc, 0x3ff, 0x2, 0x8, 0x4b, 0x3, 0x0, 0x40, 0xd, 0x0, 0x3571, 0x6, 0x0, 0x0, 0x8469, 0x3, 0x80000000, 0x0, 0x7e1, 0x4, 0x2b, 0x6, 0xf7d9, 0x9, 0x5, 0xc00d, 0x3, 0x3, 0x80000000, 0xe600, 0x7, 0xc, 0x80000001, 0x401, 0x4, 0x5, 0x3, 0x9, 0xf3f, 0x1, 0xfffffffe, 0x9, 0x1, 0x3, 0x4, 0x2, 0x84, 0x448f, 0x0, 0x8, 0x100, 0x9, 0x0, 0x4, 0x9, 0x4, 0x3, 0x0, 0x5, 0x9, 0x1, 0x8000, 0x1fc, 0xffff1364, 0x80000001, 0x67, 0xc, 0xdf2, 0x4, 0x7, 0x8, 0x756, 0x3, 0xfffffc00, 0xc9, 0x7, 0xce, 0x8, 0x0, 0x6, 0x0, 0x9, 0x8, 0x8, 0x9, 0x1, 0x6, 0xa7, 0x10000, 0xfffff801, 0x6, 0x31fe, 0x28, 0x10, 0x8020000, 0x2, 0x1, 0x2, 0x1, 0x8, 0x1, 0xecc, 0x3, 0x0, 0x4, 0x6, 0x6, 0x80, 0xfcb, 0x7, 0x9, 0x7, 0xe, 0x1000, 0x3, 0xffffffff, 0xa4, 0x0, 0xffffffff, 0x8, 0x0, 0x40, 0x1, 0xfffffff8, 0x0, 0xfffffffe, 0x7, 0x81, 0x400, 0x2, 0xa255, 0x1, 0xbd1e, 0xc, 0x8, 0x401, 0x9, 0x0, 0x400, 0x1, 0x700, 0x9, 0x1, 0x0, 0x7, 0x80000001, 0x4, 0x4, 0x0, 0x400, 0xfff, 0x0, 0x5cb, 0x2, 0x9, 0x1, 0x3, 0x7fffffff, 0xfffffffe, 0x6, 0x5, 0xfffffffd, 0x80000001, 0x2, 0x7fffffff, 0x1ff, 0x101, 0x77960, 0xbc0, 0x81, 0x800, 0xfff, 0x7f, 0x7ff, 0x5, 0x6, 0x0, 0x7, 0x81, 0x0, 0x0, 0x9, 0xe, 0xfffffffd, 0xf1fb, 0x1, 0xe3c, 0x3, 0x9, 0xc5c9ca61, 0x8, 0x3, 0xfffffff9, 0xc8aa, 0xb2, 0x3ff, 0xd9, 0x81, 0xffff, 0xffff, 0xfffffc00, 0xadf, 0x5, 0x6, 0x4, 0x6, 0x7, 0x6, 0x2, 0x2, 0xd6, 0x8, 0x5b0, 0x2, 0x8000, 0x7, 0x6, 0x0, 0x1, 0x2, 0x0, 0x39d, 0x9, 0x3ff, 0x8000, 0xb, 0x2, 0x7, 0x6, 0x8, 0x19, 0xfffffff0, 0x7, 0x9, 0xb5a, 0x101, 0x1, 0x3, 0x10000, 0x4, 0xe, 0x3ff, 0xe, 0x3, 0x0, 0x7ff, 0x1, 0x404d, 0x6, 0x3ff, 0x0, 0xce, 0x6, 0x2, 0x4, 0x0, 0x3, 0x7, 0x81, 0x6, 0x8, 0xb54, 0x9, 0x31, 0x80000001, 0x3ff, 0x7, 0x9, 0x400, 0x1, 0xe7, 0x8, 0x8001, 0x2, 0x7, 0x5, 0x9, 0x17ff, 0x6, 0x3, 0x80000001, 0x800, 0x3c8, 0x43b, 0x101, 0x2, 0x7, 0x7f, 0x7, 0x7f, 0x10000, 0x9, 0xd39, 0xfb27, 0x3, 0x3, 0x3, 0x1, 0x6, 0x9, 0xd63, 0x4, 0x80000001, 0x5, 0x6, 0xa, 0x5, 0x8, 0x6, 0x7, 0x9, 0x526, 0x5, 0x8, 0x2, 0x8, 0x2, 0x53, 0xa, 0xc9ad, 0x8, 0xf3, 0x80, 0x9, 0x9, 0x3, 0x7ff, 0x1, 0x1f, 0x0, 0x3bb, 0x3, 0x1, 0x2, 0x2, 0x4, 0x140, 0xb, 0x0, 0xfffffffe, 0x3, 0x6, 0x1, 0x90a0, 0x2, 0x1b6, 0x0, 0x1, 0xc6bd, 0x3, 0xfffffffc, 0x1, 0x295d, 0x7, 0x96, 0x3, 0x3, 0x9, 0x5, 0x2, 0xe7c, 0x3, 0x5, 0x6, 0x8, 0x1, 0x1, 0x3, 0x9, 0x3, 0x4000006, 0x8, 0x0, 0x8, 0x0, 0x2, 0x5, 0x8, 0x7, 0x6, 0x720b, 0x10, 0x5, 0x5, 0x2000003, 0x3, 0x8000, 0xfffffffe, 0x7, 0x7, 0x6f, 0x9, 0xb, 0x3, 0xc, 0x3326c296, 0x2, 0xcd, 0x5, 0x2, 0x7, 0xffff, 0x80, 0x2, 0x4, 0xf4f1], 0x6, 0x400})
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x43, 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x486, 0x0, 0x7fffffffffffffff}]})
r3 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r3, 0xc0205648, &(0x7f00000001c0)={0x0, 0x7, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0xf0f041, 0x0, '\x00', @p_u8=0x0}})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x972, &(0x7f0000006680))
lsm_list_modules(&(0x7f0000002600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000000)=0x7b, 0x0)
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
r5 = timerfd_create(0x0, 0x0)
timerfd_settime(r5, 0x3, &(0x7f0000000000)={{}, {0x0, 0x3938700}}, 0x0)
read(r5, &(0x7f0000000280)=""/73, 0x49)
r6 = syz_open_procfs(0x0, &(0x7f0000000580)='net/fib_trie\x00')
syz_clone(0x30000000, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000580)='.\x00', &(0x7f0000000000), 0x800, &(0x7f0000000080)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x5c}]})
getsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, 0x0, &(0x7f00000001c0))
pread64(r6, &(0x7f0000019180)=""/102355, 0x18fd3, 0xc2a)

2.721974295s ago: executing program 0 (id=1671):
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x24, 0x0, 0x5, 0xfffffffd, 0x2, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xc}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x4810)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000580)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000540)={&(0x7f0000000840)={0x6c4, 0x0, 0x800, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x6a8, 0x11d, 0x0, 0x1, [{0x2d0, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x80}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x114, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x5c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x17, 0x2, [{0x0, 0x8}, {0x0, 0x4}, {0x6, 0x2}, {0x4}, {0x7, 0x2}, {0x5, 0xa}, {0x6, 0x3}, {0x1, 0x5}, {0x7, 0x1}, {0x4, 0x1}, {0x2}, {0x3, 0x7}, {0x1, 0x3}, {0x5, 0x7}, {0x7, 0x9}, {0x6, 0x7}, {0x2, 0x7}, {0x6, 0x5}, {0x7}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x1b, 0x1, [0xc, 0x36, 0xc, 0x16, 0xb, 0x1b, 0x3, 0x1, 0x60, 0x5, 0x4, 0x1b, 0x48, 0x24, 0x3b, 0xc, 0x48, 0xc, 0x3, 0x6, 0x16, 0x60, 0x36]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x6, 0x1, 0xf, 0x100, 0xa, 0x9a8d, 0xb7]}}]}, @NL80211_BAND_60GHZ={0x28, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x16, 0x2, [{0x1, 0x1}, {0x3, 0x3}, {0x4, 0x7}, {0x6, 0x5}, {0x7, 0x9}, {0x4}, {0x7, 0x7}, {}, {0x6}, {0x0, 0x8}, {0x0, 0x7}, {0x0, 0xa}, {0x5, 0x3}, {0x1, 0xa}, {0x5, 0x7}, {0x3, 0x8}, {0x7, 0x6}, {0x3, 0x9}]}, @NL80211_TXRATE_HT={0xc, 0x2, [{0x2, 0x2}, {0x5}, {0x2, 0x1}, {0x5, 0xa}, {0x3, 0x1}, {0x2, 0x4}, {0x1, 0x1}, {0x0, 0x6}]}]}, @NL80211_BAND_6GHZ={0x8c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1000, 0x9, 0x1, 0x0, 0x3, 0x0, 0x101, 0x7]}}, @NL80211_TXRATE_HT={0x4f, 0x2, [{0x3, 0x5}, {0x1, 0x7}, {0x2, 0x2}, {0x7, 0x1}, {0x1, 0x8}, {0x1, 0x4}, {0x1, 0x8}, {0x1, 0xa}, {0x0, 0x2}, {0x1, 0x8}, {0x0, 0x7}, {0x1, 0x1}, {0x7, 0x7}, {0x7, 0x8}, {0x4, 0x8}, {0x0, 0x7}, {0x2, 0x3}, {0x7, 0x9}, {0x7, 0x1}, {0x1, 0x4}, {0x4, 0x7}, {0x3, 0xa}, {0x7, 0x7}, {0x7, 0x2}, {0x6, 0x5}, {0x0, 0xa}, {0x7, 0x4}, {0x0, 0x9}, {0x1, 0x6}, {0x6, 0x2}, {0x1, 0x2}, {0x5, 0xa}, {0x1, 0x5}, {0x7, 0x2}, {0x2, 0x4}, {0x3, 0x7}, {0x4, 0x1}, {0x6, 0x9}, {0x4, 0x3}, {0x1, 0x3}, {0x6, 0x8}, {0x0, 0x3}, {0x4, 0x4}, {0x4, 0x8}, {0x1, 0x7}, {0x2, 0x8}, {0x3, 0x7}, {0x1, 0x3}, {0x7, 0xa}, {0x2, 0x7}, {0x4, 0x8}, {0x1}, {0x3, 0x4}, {0x1, 0x1}, {0x5}, {0x3, 0x6}, {0x2, 0x8}, {0x4, 0x2}, {0x2, 0x8}, {0x2, 0x8}, {0x1, 0x5}, {0x5, 0x2}, {0x2}, {0x5, 0x8}, {0x6, 0x6}, {0x5, 0x9}, {0x4, 0x2}, {0x0, 0x5}, {0x5, 0x6}, {}, {0x2, 0x7}, {0x0, 0x4}, {0x5, 0xa}, {0x6, 0x1}, {0x1, 0x2}]}, @NL80211_TXRATE_LEGACY={0x19, 0x1, [0x6c, 0x9, 0x6, 0x48, 0x60, 0x3, 0x6, 0xb, 0x4, 0xc, 0x60, 0x3, 0x16, 0x18, 0x18, 0x18, 0x16, 0x12, 0x12, 0x5, 0x3]}]}]}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x91}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x16c, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x28, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x23, 0x2, [{0x1, 0x7}, {0x0, 0x4}, {0x0, 0x5}, {0x1, 0x9}, {0x6, 0x6}, {0x3, 0x8}, {0x7, 0x5}, {0x1, 0x4}, {0x7, 0x3}, {0x6, 0x6}, {0x5, 0x9}, {0x4, 0x3}, {0x6, 0x9}, {0x5}, {0x0, 0x5}, {0x2}, {0x6, 0x1}, {0x7, 0xa}, {0x0, 0x5}, {0x4, 0x6}, {0x1, 0x3}, {0x3, 0x9}, {0x2, 0x6}, {0x1, 0x6}, {0x7, 0x7}, {0x4, 0x4}, {0x1, 0x2}, {0x6, 0xa}, {0x6, 0x5}, {0x2, 0x5}, {0x7, 0x9}]}]}, @NL80211_BAND_2GHZ={0x54, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x47, 0x2, [{0x7, 0x1}, {0x3, 0x6}, {0x4, 0x9}, {0x6, 0x7}, {0x3, 0xa}, {0x6, 0x4}, {0x0, 0x8}, {0x6, 0x9}, {0x1, 0x3}, {0x0, 0x2}, {0x7, 0x8}, {0x7, 0x4}, {0x6, 0x5}, {0x1}, {0x0, 0xa}, {0x2, 0x5}, {0x7, 0x2}, {0x0, 0x3}, {0x1, 0x3}, {0x3, 0x8}, {0x1, 0x1}, {0x2, 0x2}, {0x4, 0x1}, {0x3, 0xa}, {0x1, 0x7}, {0x2, 0x5}, {0x6}, {0x0, 0x7}, {0x1, 0xa}, {0x0, 0x3}, {0x6, 0x6}, {0x1, 0x8}, {0x3, 0x4}, {0x5, 0x7}, {0x2, 0xa}, {0x7}, {0x5, 0x5}, {0x6, 0x6}, {0x4}, {0x0, 0x6}, {0x0, 0x5}, {0x4}, {0x5, 0x6}, {0x7, 0x1}, {0x1, 0x9}, {0x4, 0x9}, {0x1, 0x3}, {0x4, 0x1}, {0x4, 0x4}, {0x4, 0x6}, {0x4, 0x3}, {0x7, 0x3}, {0x7, 0x4}, {0x7, 0x6}, {0x4, 0x1}, {0x1, 0x1}, {0x6, 0x1}, {0x1, 0x1}, {0x3, 0x4}, {0x6}, {0x7, 0x5}, {0x1, 0xa}, {0x2, 0x7}, {0x7, 0x4}, {0x6, 0x4}, {0x7, 0x5}, {0x7, 0x8}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_2GHZ={0x3c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x5, 0x3, 0x4, 0xb502, 0x1c0, 0xc, 0x2]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x200, 0x8, 0x6, 0x6, 0x7, 0xfff3, 0x6]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x7a}]}, @NL80211_BAND_2GHZ={0xb0, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x42, 0x2, [{0x6}, {0x3, 0x3}, {0x4, 0x2}, {0x5, 0x9}, {0x0, 0x6}, {0x4, 0x5}, {0x3, 0x5}, {0x3}, {0x4, 0x4}, {0x7, 0x8}, {0x3, 0x7}, {0x3, 0x8}, {0x3, 0xa}, {0x0, 0x9}, {0x6}, {0x3, 0x6}, {0x4, 0x1}, {0x7, 0x6}, {0x7, 0x6}, {}, {0x6, 0x14}, {0x4}, {0x4, 0x1}, {0x0, 0x3}, {0x1, 0x5}, {0x0, 0x2}, {0x5, 0x4}, {0x6, 0x5}, {0x0, 0x5}, {0x0, 0x6}, {0x7, 0x1}, {0x1, 0x3}, {0x4, 0x7}, {0x4, 0x8}, {0x1, 0x9}, {0x1, 0x5}, {0x3, 0x2}, {0x5}, {0x7, 0x1}, {0x1, 0x6}, {0x0, 0x7}, {0x0, 0x3}, {0x5, 0x4}, {0x5, 0xa}, {0x0, 0x7}, {0x2, 0x3}, {0x5, 0x4}, {0x1, 0x8}, {0x5, 0x4}, {0x6, 0x8}, {0x4, 0x2}, {0x2, 0xa}, {0x0, 0x8}, {0x4, 0x4}, {0x3, 0x6}, {0x4, 0x9}, {0x2, 0x6}, {0x2, 0xa}, {0x1, 0x1}, {0x1, 0x6}, {0x6, 0x3}, {0x1, 0x5}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HT={0x26, 0x2, [{0x3, 0x4}, {0x5, 0x3}, {0x5, 0x8}, {0x1, 0x7}, {0x1, 0x7}, {0x1}, {0x0, 0x8}, {0x6, 0x5}, {0x1, 0x7}, {0x0, 0x1}, {0x4, 0x2}, {0x0, 0xa}, {0x4, 0x4}, {0x0, 0xa}, {0x0, 0x3}, {0x7, 0x8}, {0x7, 0x4}, {0x6, 0x2}, {0x1, 0x9}, {0x4, 0x8}, {0x1, 0x6}, {0x4, 0x1}, {0x7, 0x5}, {0x4, 0x7}, {0x2, 0x5}, {0x0, 0x8}, {0x1, 0xa}, {0x4, 0xa}, {0x0, 0x3}, {0x0, 0x3}, {0x0, 0x9}, {0x1, 0x3}, {0x0, 0x8}, {0x6, 0x1}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfff, 0x7, 0x5385, 0x8001, 0xf0e7, 0xfffe, 0x6, 0x1]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x7, 0x9, 0x40, 0x2, 0x8, 0x6]}}]}]}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x66}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x4}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x5}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x71}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}]}, {0x2dc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xf0}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x2c8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x38, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x18, 0x2, [{0x3, 0xa}, {0x1, 0x2}, {0x2, 0xa}, {0x0, 0x5}, {0x2, 0x6}, {0x1}, {0x2, 0x8}, {0x1, 0x6}, {0x7, 0x4}, {0x6, 0x3}, {0x2, 0x9}, {0x4}, {0x3, 0x1}, {0x1, 0x9}, {0x0, 0x1}, {0x0, 0x7}, {0x3, 0x6}, {0x4}, {0x6, 0x1}, {0x0, 0x8}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x95, 0x2, 0x3, 0xd6, 0x0, 0x6, 0x6]}}]}, @NL80211_BAND_60GHZ={0xb8, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x2d, 0x2, [{0x2, 0x4}, {0x5}, {0x3, 0x2}, {0x7, 0x3}, {0x5, 0x3}, {0x6, 0x3}, {0x7, 0x3}, {0x2}, {0x1, 0x8}, {0x7}, {0x3, 0x3}, {0x7, 0x2}, {0x5, 0x8}, {0x1, 0x7}, {0x2, 0x8}, {0x4, 0x7}, {0x2, 0x9}, {0x1}, {0x1, 0xa}, {0x1, 0xa}, {0x6, 0x6}, {0x6, 0x2}, {0x7, 0x3}, {0x6, 0x1}, {0x1}, {0x4, 0x5}, {0x1, 0x9}, {0x1}, {0x2, 0x3}, {0x0, 0x1}, {0x1, 0x4}, {0x3, 0x5}, {0x1, 0x1}, {0x1}, {0x3, 0x1}, {0x1, 0xa}, {0x6, 0xa}, {0x0, 0xa}, {0x4}, {0x4, 0x3}, {0x2, 0x7}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x3, 0x78, 0x6, 0xfd, 0xdc, 0x7, 0x915]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xca8, 0x4, 0x5b5d, 0x7, 0xfff, 0x4, 0x7]}}, @NL80211_TXRATE_LEGACY={0x15, 0x1, [0x18, 0x24, 0x0, 0x18, 0x4, 0x1b, 0x4, 0xc, 0x9, 0x12, 0x0, 0xc, 0x4, 0x24, 0x24, 0x16, 0x63]}, @NL80211_TXRATE_LEGACY={0x19, 0x1, [0x4, 0x1, 0x12, 0x6e, 0x36, 0x6c, 0x1b, 0x6, 0xb, 0x16, 0x6, 0x2, 0x6c, 0x18, 0x6c, 0x60, 0x6, 0xc, 0x16, 0x5, 0x36]}, @NL80211_TXRATE_HT={0xd, 0x2, [{0x7, 0x9}, {0x5, 0x9}, {0x5, 0x3}, {0x6, 0x2}, {0x1, 0x5}, {0x0, 0x1}, {0x7, 0x5}, {0x2, 0x1}, {0x3}]}]}, @NL80211_BAND_6GHZ={0x28, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x21, 0x1, [0x5098abc75f17ee31, 0x4, 0x6, 0x9, 0x5, 0x12, 0x6c, 0x3, 0x6c, 0x1b, 0x24, 0x9, 0xb, 0x12, 0x3834ceaf91043b90, 0x1b, 0x48, 0x2, 0x12, 0x6, 0x30, 0x4, 0x4, 0x6c, 0xb, 0xb, 0xc, 0xc, 0x36]}]}, @NL80211_BAND_60GHZ={0x64, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xffff, 0x8, 0xf, 0xe, 0x2, 0x3, 0x47, 0x1]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xd, 0x4, 0x7, 0x7, 0x80, 0x4, 0x1, 0x3]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_60GHZ={0x64, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x49, 0x2, [{0x1, 0x3}, {0x7, 0x7}, {0x4}, {0x5, 0x2}, {0x6}, {0x1}, {0x0, 0x5}, {0x5, 0x6}, {0x4, 0x5}, {0x2, 0x5}, {0x3}, {0x0, 0x4}, {0x0, 0x5}, {0x7, 0x1}, {0x7, 0x3}, {0x7, 0x8}, {0x5, 0x5}, {0x7, 0x8}, {0x0, 0x7}, {0x1, 0x6}, {0x1, 0x1}, {0x1, 0x4}, {0x3, 0x3}, {0x0, 0x3}, {0x6, 0x3}, {0x7, 0x8}, {0x1, 0x8}, {0x1, 0x9}, {0x3, 0x3}, {0x0, 0x4}, {0x2, 0x9}, {0x1, 0x8}, {0x1, 0x9}, {0x0, 0x1}, {0x4, 0x3}, {0x6, 0x8}, {0x1, 0x5}, {0x0, 0x1}, {0x3, 0x2}, {0x7, 0x9}, {0x7, 0x8}, {0x3, 0x9}, {0x4, 0x5}, {0x7, 0x8}, {0x6, 0x7}, {}, {0x7, 0x9}, {0x6, 0x1}, {0x2, 0xa}, {0x3, 0x7}, {0x5, 0x2}, {0x4, 0x9}, {0x4, 0x8}, {0x0, 0x4}, {0x3, 0x9}, {0x4, 0x7}, {0x6, 0x2}, {0x1, 0xa}, {0x6}, {0x7, 0x1}, {0x1, 0x8}, {0x2, 0xa}, {0x0, 0xa}, {0x3, 0x2}, {0x4, 0x3}, {0x5, 0x6}, {0x0, 0x4}, {0x2, 0x2}, {0x6, 0x4}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x6b, 0x5, 0x3, 0x2fd, 0x8, 0x1, 0x100, 0x1]}}]}, @NL80211_BAND_5GHZ={0x54, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x36, 0x0, 0x3ff, 0xe61, 0x0, 0x7f, 0x10]}}, @NL80211_TXRATE_LEGACY={0x5, 0x1, [0x12]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x21, 0x2, [{0x4, 0x9}, {0x4, 0x9}, {0x1, 0xa}, {0x4, 0x7}, {0x3, 0x4}, {0x6, 0x7}, {0x0, 0x8}, {0x1, 0xa}, {0x3, 0x3}, {0x1, 0x3}, {0x0, 0x2}, {0x4, 0xa}, {0x5}, {0x6, 0x5}, {}, {0x7, 0x5}, {0x1, 0x9}, {0x0, 0x3}, {0x3, 0x6}, {0x0, 0xa}, {0x5}, {0x0, 0x6}, {0x6, 0x9}, {0x1, 0x5}, {0x7, 0x1}, {0x1, 0x9}, {0x1, 0x3}, {0x0, 0x7}, {0x2, 0x2}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_6GHZ={0x4}, @NL80211_BAND_5GHZ={0x8c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x0, 0x4, 0x9, 0x8, 0x1, 0x9, 0x7]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x6c, 0x48, 0x36, 0x18, 0x4, 0x5, 0x16, 0x16, 0x6c, 0x6, 0x1b, 0x6, 0x0, 0x48, 0x6, 0x4, 0x3, 0x16, 0x4, 0x4d, 0x48, 0x12, 0x6, 0x6, 0x60, 0x6c, 0x6c, 0x1, 0x1]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x2, 0x100, 0x100, 0x100, 0x9, 0xf, 0x4]}}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x30, 0xb, 0x48, 0x1b, 0x0, 0xc, 0x60, 0x5, 0xb, 0xe, 0x53, 0x24, 0x50, 0x1b, 0x6, 0x42acac960eb9f4a5, 0x48, 0x6, 0xb, 0xa, 0x1b, 0x6, 0x2, 0x16, 0x48, 0x4, 0x30, 0x36, 0x6]}]}]}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x10}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x81}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xd3}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xdb}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xa7}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x8000}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x5}]}, {0x28, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x2}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x25}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xd}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x8}]}]}]}, 0x6c4}, 0x1, 0x0, 0x0, 0x1}, 0x4)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xd13a}, @TCA_FQ_PIE_LIMIT={0x8, 0x1, 0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r7 = accept4(r6, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r8, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r9, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2.632749594s ago: executing program 3 (id=1672):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000006c0015"], 0x38}, 0x1, 0x300}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) (fail_nth: 5)

2.38328302s ago: executing program 0 (id=1673):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$SMC_PNETID_DEL(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000fddbdf25020202201420020076657468315f766c616e000000000000"], 0x28}, 0x1, 0x40030000000000, 0x0, 0x40084}, 0x0)
r2 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
r3 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r5}, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
sendmsg$inet(r7, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r6, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
write$binfmt_format(r2, &(0x7f0000000100)='0\x00', 0x2)
mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x2)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r2, &(0x7f0000000300)="ca0e808bb35b", 0x6)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r8, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0x7, 0x5], &(0x7f0000000240), 0x0, 0x2}}, 0x40)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

2.109566513s ago: executing program 3 (id=1674):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt(r0, 0x84, 0x81, &(0x7f0000000040)="1a1f426bbae5279f", 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000240)={'\x00', 0x8000, 0x101, 0x7, 0x8000000000000000, 0x9, <r1=>0x0})
prlimit64(r1, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0)
ioctl$IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, &(0x7f0000000080)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, &(0x7f0000000000)={@my=0x0})
ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7a5, &(0x7f0000000200)={{@my=0x0}, 0x0, 0x1})
ioctl$IOCTL_VMCI_CTX_GET_CPT_STATE(0xffffffffffffffff, 0x7b1, &(0x7f00000003c0)={&(0x7f0000004000)=[0xfffffffd, 0x101, 0x238, 0x40, 0x7, 0x2, 0x4dfb, 0xa, 0x0, 0x2, 0x7, 0x81, 0x3, 0x3, 0x7, 0x2, 0x5, 0x4, 0x60, 0x7, 0x200, 0xa3f, 0x9a, 0x7, 0x9, 0x8, 0x9, 0x1000, 0x6, 0x0, 0x2e, 0x3, 0x7f, 0x7, 0x6c9d3c45, 0x401, 0x7, 0xfffffff9, 0x8, 0x7d, 0x5, 0x24f4, 0x1000, 0x6, 0xe, 0x7fffffff, 0x1ff, 0x2, 0x3ea8, 0xb32, 0x0, 0x3, 0x6, 0x101, 0x6, 0x519, 0x3, 0x7f, 0xb7, 0x7, 0x5, 0x401, 0x9, 0x5, 0x5, 0x2, 0xff, 0x0, 0x3, 0x5, 0xfffffff7, 0x8, 0x2, 0xe8, 0x1, 0x6, 0xcef3, 0xfffffff6, 0x1, 0x5, 0x1000, 0x9, 0x400, 0x8f, 0x0, 0xcabc, 0x7, 0x5, 0x6, 0x6, 0x2, 0xd34, 0x265, 0x3, 0x8, 0x49, 0x8, 0x1000, 0x0, 0x5, 0x4, 0xaf, 0xffffffff, 0x9, 0x5, 0x80000000, 0x9, 0x6, 0x97df, 0x6, 0x800, 0x7ff, 0x18ff, 0x3, 0x3, 0x8, 0xfff, 0xfb, 0x3, 0x5, 0x4, 0x1, 0xffff, 0x8, 0x3, 0x3, 0x7db, 0x7f, 0x6, 0x2, 0x8, 0x3ff, 0xfd, 0x9, 0x4, 0x3, 0x6, 0x3, 0x2, 0xfffffff8, 0x8, 0x339, 0xfffffff0, 0x3, 0x9, 0x1, 0xf, 0x6, 0x800, 0xc791, 0x6, 0xfd, 0x1, 0x10040000, 0x3, 0x8, 0x9, 0x101, 0x0, 0x6, 0x5, 0x7fffffff, 0x4, 0x1, 0x102, 0x6, 0x4, 0x80, 0x4, 0x0, 0x8, 0x6, 0x0, 0x43df, 0x1, 0x54eb, 0x80, 0x80000000, 0x5, 0xfffffffd, 0x9, 0x9, 0x7, 0x5, 0x10, 0x8, 0xfffffff7, 0x0, 0x8, 0xc, 0x8, 0x6, 0x800, 0x6, 0x3, 0x3ff, 0x2, 0x3, 0x2, 0x3, 0x0, 0x4e, 0x5, 0xffff, 0x6, 0xc3, 0x0, 0x4, 0xe3, 0x9, 0x5, 0xfff, 0x5, 0x10000, 0x2, 0xcff, 0x6, 0x4, 0x100, 0x3, 0x6, 0x8, 0xfffffff7, 0x0, 0x200, 0x7f, 0x5, 0x42, 0x3, 0x6, 0x411af549, 0x0, 0x22cb, 0x0, 0x6, 0x2428, 0x1, 0x3, 0x9, 0x8001, 0x81, 0x7, 0x3, 0x4, 0x10000000, 0x6, 0x8, 0x7, 0xc8, 0x401, 0xc9f3, 0xd6, 0x800, 0x10, 0x1, 0xf1b, 0x10001, 0x3ae44413, 0x534c, 0x2, 0x28, 0x80000000, 0xffffffff, 0x200, 0xfffff025, 0x3, 0x6, 0x0, 0xfff, 0x6, 0x4, 0x9, 0x5c7115a2, 0x10, 0x6, 0x3, 0x6, 0x0, 0x6, 0x81, 0x8, 0x1, 0x3, 0x4, 0x9, 0x1, 0x4, 0x4, 0x4, 0x101, 0x3, 0x4730, 0x7, 0x5, 0x6e87, 0x7, 0x2, 0x8, 0xffffffff, 0xd, 0x8, 0x8000, 0x4, 0x8, 0xa, 0xfffffff9, 0x9, 0x9, 0x2, 0x8, 0x2, 0x0, 0xcdb2, 0x800, 0x1, 0x7, 0xdd8f, 0x7f0a, 0x5, 0x3, 0x80000001, 0x7fffffff, 0x5, 0x2, 0xfffffffd, 0x80000000, 0x3ff, 0x9, 0x1, 0x81, 0x4, 0x1, 0x7, 0x8, 0xffffffff, 0x8, 0x1, 0x8, 0x0, 0x2, 0x4, 0x0, 0x6, 0x4, 0xbb0e, 0x5022, 0x4, 0xfffffffd, 0xe, 0x7, 0x2, 0x6, 0x3, 0x21000, 0x8, 0x3, 0x6, 0x7, 0x800, 0x7f5, 0x3ff, 0xf1, 0x4, 0x7, 0x9fc, 0x80000001, 0xfffffffb, 0x1, 0x1, 0x3, 0x5, 0x7, 0x4, 0x8, 0x1, 0x8, 0x0, 0xb, 0x8001, 0x3, 0x0, 0xa, 0x6a1f, 0x0, 0x22, 0xc, 0x6c000000, 0x6, 0x80, 0x1, 0x6, 0x40, 0x5cb2, 0x8, 0x2, 0x9, 0xffff7e5c, 0x800, 0x120, 0x7fff, 0x8, 0x401, 0x29, 0x80000000, 0x1, 0x0, 0x8, 0x8, 0xffffe110, 0x5, 0xef0, 0xfffffffd, 0x9, 0x9845, 0xe, 0x170, 0x5, 0x3, 0x5, 0x7ad, 0x3, 0x9, 0x5, 0x4, 0x0, 0x6, 0x5d, 0x7, 0x940, 0xebc, 0xffffff20, 0x800, 0x4, 0x0, 0x203b, 0x0, 0x330, 0x7, 0x7, 0x63b, 0xe, 0x7ff, 0x5bf9, 0x9, 0x5, 0xf3, 0x200, 0x0, 0x7, 0xc000, 0x8, 0x7, 0x50, 0x4da, 0xd, 0x3, 0x7, 0x50d, 0x3, 0x1, 0x1, 0x7, 0x2c16f915, 0x8001, 0x800, 0x1, 0x4, 0x2, 0xa, 0x5d, 0x6, 0xb, 0x0, 0x6, 0x6, 0x6, 0x80000001, 0x7b, 0x400, 0x7, 0xe0, 0x3, 0x9d8, 0x2, 0x5, 0x9, 0x1, 0x5, 0x0, 0xfffffe00, 0x5, 0x0, 0xd, 0xfffffff4, 0xd2, 0x7, 0x80000001, 0x80000000, 0x4, 0x5, 0xffffffe9, 0x1ff, 0xbc, 0x1, 0x200, 0x6, 0x5, 0x9, 0x6, 0xfffffffb, 0x805, 0x2, 0xffffffff, 0xff, 0x3, 0xf, 0x0, 0x3, 0x8, 0x6, 0x6, 0x100000, 0xfffffff3, 0x6, 0x6, 0x28, 0x8, 0x5, 0x0, 0xc0000000, 0x401, 0x1, 0x2, 0x7, 0x4, 0x8, 0xb, 0x9, 0x1, 0x5, 0xffffffff, 0x3efc, 0x7f, 0x0, 0x0, 0x9, 0x0, 0x1, 0x0, 0x6, 0xfe, 0x5, 0x7, 0x7776, 0xff, 0x3, 0x20, 0x1, 0x36a, 0x1, 0xa, 0x400, 0x2afcad61, 0x0, 0x4, 0xccfc, 0x100000, 0x9, 0x800, 0xa, 0x7, 0x2, 0x21, 0x5, 0x4, 0xe, 0x1000, 0x3, 0x1, 0x9, 0xacf, 0x6, 0x3, 0x800, 0x8, 0x9338, 0x7, 0x9, 0x9, 0x71, 0x3, 0x1ff, 0x80, 0xd98b, 0x8, 0x2, 0x1, 0x5, 0x4, 0x5, 0x5, 0x3, 0x9, 0x2, 0x0, 0x101, 0x66, 0x6, 0x2, 0x7, 0xfffffffc, 0x8, 0x40, 0x1, 0x4, 0x5, 0x2, 0x9, 0xc1cc, 0x3ff, 0x2, 0x8, 0x4b, 0x3, 0x0, 0x40, 0xd, 0x0, 0x3571, 0x6, 0x0, 0x0, 0x8469, 0x3, 0x80000000, 0x0, 0x7e1, 0x4, 0x2b, 0x6, 0xf7d9, 0x9, 0x5, 0xc00d, 0x3, 0x3, 0x80000000, 0xe600, 0x7, 0xc, 0x80000001, 0x401, 0x4, 0x5, 0x3, 0x9, 0xf3f, 0x1, 0xfffffffe, 0x9, 0x1, 0x3, 0x4, 0x2, 0x84, 0x448f, 0x0, 0x8, 0x100, 0x9, 0x0, 0x4, 0x9, 0x4, 0x3, 0x0, 0x5, 0x9, 0x1, 0x8000, 0x1fc, 0xffff1364, 0x80000001, 0x67, 0xc, 0xdf2, 0x4, 0x7, 0x8, 0x756, 0x3, 0xfffffc00, 0xc9, 0x7, 0xce, 0x8, 0x0, 0x6, 0x0, 0x9, 0x8, 0x8, 0x9, 0x1, 0x6, 0xa7, 0x10000, 0xfffff801, 0x6, 0x31fe, 0x28, 0x10, 0x8020000, 0x2, 0x1, 0x2, 0x1, 0x8, 0x1, 0xecc, 0x3, 0x0, 0x4, 0x6, 0x6, 0x80, 0xfcb, 0x7, 0x9, 0x7, 0xe, 0x1000, 0x3, 0xffffffff, 0xa4, 0x0, 0xffffffff, 0x8, 0x0, 0x40, 0x1, 0xfffffff8, 0x0, 0xfffffffe, 0x7, 0x81, 0x400, 0x2, 0xa255, 0x1, 0xbd1e, 0xc, 0x8, 0x401, 0x9, 0x0, 0x400, 0x1, 0x700, 0x9, 0x1, 0x0, 0x7, 0x80000001, 0x4, 0x4, 0x0, 0x400, 0xfff, 0x0, 0x5cb, 0x2, 0x9, 0x1, 0x3, 0x7fffffff, 0xfffffffe, 0x6, 0x5, 0xfffffffd, 0x80000001, 0x2, 0x7fffffff, 0x1ff, 0x101, 0x77960, 0xbc0, 0x81, 0x800, 0xfff, 0x7f, 0x7ff, 0x5, 0x6, 0x0, 0x7, 0x81, 0x0, 0x0, 0x9, 0xe, 0xfffffffd, 0xf1fb, 0x1, 0xe3c, 0x3, 0x9, 0xc5c9ca61, 0x8, 0x3, 0xfffffff9, 0xc8aa, 0xb2, 0x3ff, 0xd9, 0x81, 0xffff, 0xffff, 0xfffffc00, 0xadf, 0x5, 0x6, 0x4, 0x6, 0x7, 0x6, 0x2, 0x2, 0xd6, 0x8, 0x5b0, 0x2, 0x8000, 0x7, 0x6, 0x0, 0x1, 0x2, 0x0, 0x39d, 0x9, 0x3ff, 0x8000, 0xb, 0x2, 0x7, 0x6, 0x8, 0x19, 0xfffffff0, 0x7, 0x9, 0xb5a, 0x101, 0x1, 0x3, 0x10000, 0x4, 0xe, 0x3ff, 0xe, 0x3, 0x0, 0x7ff, 0x1, 0x404d, 0x6, 0x3ff, 0x0, 0xce, 0x6, 0x2, 0x4, 0x0, 0x3, 0x7, 0x81, 0x6, 0x8, 0xb54, 0x9, 0x31, 0x80000001, 0x3ff, 0x7, 0x9, 0x400, 0x1, 0xe7, 0x8, 0x8001, 0x2, 0x7, 0x5, 0x9, 0x17ff, 0x6, 0x3, 0x80000001, 0x800, 0x3c8, 0x43b, 0x101, 0x2, 0x7, 0x7f, 0x7, 0x7f, 0x10000, 0x9, 0xd39, 0xfb27, 0x3, 0x3, 0x3, 0x1, 0x6, 0x9, 0xd63, 0x4, 0x80000001, 0x5, 0x6, 0xa, 0x5, 0x8, 0x6, 0x7, 0x9, 0x526, 0x5, 0x8, 0x2, 0x8, 0x2, 0x53, 0xa, 0xc9ad, 0x8, 0xf3, 0x80, 0x9, 0x9, 0x3, 0x7ff, 0x1, 0x1f, 0x0, 0x3bb, 0x3, 0x1, 0x2, 0x2, 0x4, 0x140, 0xb, 0x0, 0xfffffffe, 0x3, 0x6, 0x1, 0x90a0, 0x2, 0x1b6, 0x0, 0x1, 0xc6bd, 0x3, 0xfffffffc, 0x1, 0x295d, 0x7, 0x96, 0x3, 0x3, 0x9, 0x5, 0x2, 0xe7c, 0x3, 0x5, 0x6, 0x8, 0x1, 0x1, 0x3, 0x9, 0x3, 0x4000006, 0x8, 0x0, 0x8, 0x0, 0x2, 0x5, 0x8, 0x7, 0x6, 0x720b, 0x10, 0x5, 0x5, 0x2000003, 0x3, 0x8000, 0xfffffffe, 0x7, 0x7, 0x6f, 0x9, 0xb, 0x3, 0xc, 0x3326c296, 0x2, 0xcd, 0x5, 0x2, 0x7, 0xffff, 0x80, 0x2, 0x4, 0xf4f1], 0x6, 0x400})
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x3)
sched_setaffinity(0x0, 0xffffffffffffff5b, &(0x7f00000002c0)=0x400000bce)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x43, 0x0, 0x0)
ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x486, 0x0, 0x7fffffffffffffff}]})
r2 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205648, &(0x7f00000001c0)={0x0, 0x7, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0xf0f041, 0x0, '\x00', @p_u8=0x0}})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x972, &(0x7f0000006680))
lsm_list_modules(&(0x7f0000002600)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000000)=0x7b, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = timerfd_create(0x0, 0x0)
timerfd_settime(r4, 0x3, &(0x7f0000000000)={{}, {0x0, 0x3938700}}, 0x0)
read(r4, &(0x7f0000000280)=""/73, 0x49)
r5 = syz_open_procfs(0x0, &(0x7f0000000580)='net/fib_trie\x00')
syz_clone(0x30000000, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000580)='.\x00', &(0x7f0000000000), 0x800, &(0x7f0000000080)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x5c}]})
getsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, 0x0, &(0x7f00000001c0))
pread64(r5, &(0x7f0000019180)=""/102355, 0x18fd3, 0xc2a)

1.528950422s ago: executing program 1 (id=1675):
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000340)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000580)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000540)={&(0x7f0000000840)={0x770, r4, 0x800, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x754, 0x11d, 0x0, 0x1, [{0x2d0, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x80}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x114, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x5c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x17, 0x2, [{0x0, 0x8}, {0x0, 0x4}, {0x6, 0x2}, {0x4}, {0x7, 0x2}, {0x5, 0xa}, {0x6, 0x3}, {0x1, 0x5}, {0x7, 0x1}, {0x4, 0x1}, {0x2}, {0x3, 0x7}, {0x1, 0x3}, {0x5, 0x7}, {0x7, 0x9}, {0x6, 0x7}, {0x2, 0x7}, {0x6, 0x5}, {0x7}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x1b, 0x1, [0xc, 0x36, 0xc, 0x16, 0xb, 0x1b, 0x3, 0x1, 0x60, 0x5, 0x4, 0x1b, 0x48, 0x24, 0x3b, 0xc, 0x48, 0xc, 0x3, 0x6, 0x16, 0x60, 0x36]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x6, 0x1, 0xf, 0x100, 0xa, 0x9a8d, 0xb7]}}]}, @NL80211_BAND_60GHZ={0x28, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x16, 0x2, [{0x1, 0x1}, {0x3, 0x3}, {0x4, 0x7}, {0x6, 0x5}, {0x7, 0x9}, {0x4}, {0x7, 0x7}, {}, {0x6}, {0x0, 0x8}, {0x0, 0x7}, {0x0, 0xa}, {0x5, 0x3}, {0x1, 0xa}, {0x5, 0x7}, {0x3, 0x8}, {0x7, 0x6}, {0x3, 0x9}]}, @NL80211_TXRATE_HT={0xc, 0x2, [{0x2, 0x2}, {0x5}, {0x2, 0x1}, {0x5, 0xa}, {0x3, 0x1}, {0x2, 0x4}, {0x1, 0x1}, {0x0, 0x6}]}]}, @NL80211_BAND_6GHZ={0x8c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1000, 0x9, 0x1, 0x0, 0x3, 0x0, 0x101, 0x7]}}, @NL80211_TXRATE_HT={0x4f, 0x2, [{0x3, 0x5}, {0x1, 0x7}, {0x2, 0x2}, {0x7, 0x1}, {0x1, 0x8}, {0x1, 0x4}, {0x1, 0x8}, {0x1, 0xa}, {0x0, 0x2}, {0x1, 0x8}, {0x0, 0x7}, {0x1, 0x1}, {0x7, 0x7}, {0x7, 0x8}, {0x4, 0x8}, {0x0, 0x7}, {0x2, 0x3}, {0x7, 0x9}, {0x7, 0x1}, {0x1, 0x4}, {0x4, 0x7}, {0x3, 0xa}, {0x7, 0x7}, {0x7, 0x2}, {0x6, 0x5}, {0x0, 0xa}, {0x7, 0x4}, {0x0, 0x9}, {0x1, 0x6}, {0x6, 0x2}, {0x1, 0x2}, {0x5, 0xa}, {0x1, 0x5}, {0x7, 0x2}, {0x2, 0x4}, {0x3, 0x7}, {0x4, 0x1}, {0x6, 0x9}, {0x4, 0x3}, {0x1, 0x3}, {0x6, 0x8}, {0x0, 0x3}, {0x4, 0x4}, {0x4, 0x8}, {0x1, 0x7}, {0x2, 0x8}, {0x3, 0x7}, {0x1, 0x3}, {0x7, 0xa}, {0x2, 0x7}, {0x4, 0x8}, {0x1}, {0x3, 0x4}, {0x1, 0x1}, {0x5}, {0x3, 0x6}, {0x2, 0x8}, {0x4, 0x2}, {0x2, 0x8}, {0x2, 0x8}, {0x1, 0x5}, {0x5, 0x2}, {0x2}, {0x5, 0x8}, {0x6, 0x6}, {0x5, 0x9}, {0x4, 0x2}, {0x0, 0x5}, {0x5, 0x6}, {}, {0x2, 0x7}, {0x0, 0x4}, {0x5, 0xa}, {0x6, 0x1}, {0x1, 0x2}]}, @NL80211_TXRATE_LEGACY={0x19, 0x1, [0x6c, 0x9, 0x6, 0x48, 0x60, 0x3, 0x6, 0xb, 0x4, 0xc, 0x60, 0x3, 0x16, 0x18, 0x18, 0x18, 0x16, 0x12, 0x12, 0x5, 0x3]}]}]}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x91}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x16c, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x28, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x23, 0x2, [{0x1, 0x7}, {0x0, 0x4}, {0x0, 0x5}, {0x1, 0x9}, {0x6, 0x6}, {0x3, 0x8}, {0x7, 0x5}, {0x1, 0x4}, {0x7, 0x3}, {0x6, 0x6}, {0x5, 0x9}, {0x4, 0x3}, {0x6, 0x9}, {0x5}, {0x0, 0x5}, {0x2}, {0x6, 0x1}, {0x7, 0xa}, {0x0, 0x5}, {0x4, 0x6}, {0x1, 0x3}, {0x3, 0x9}, {0x2, 0x6}, {0x1, 0x6}, {0x7, 0x7}, {0x4, 0x4}, {0x1, 0x2}, {0x6, 0xa}, {0x6, 0x5}, {0x2, 0x5}, {0x7, 0x9}]}]}, @NL80211_BAND_2GHZ={0x54, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x47, 0x2, [{0x7, 0x1}, {0x3, 0x6}, {0x4, 0x9}, {0x6, 0x7}, {0x3, 0xa}, {0x6, 0x4}, {0x0, 0x8}, {0x6, 0x9}, {0x1, 0x3}, {0x0, 0x2}, {0x7, 0x8}, {0x7, 0x4}, {0x6, 0x5}, {0x1}, {0x0, 0xa}, {0x2, 0x5}, {0x7, 0x2}, {0x0, 0x3}, {0x1, 0x3}, {0x3, 0x8}, {0x1, 0x1}, {0x2, 0x2}, {0x4, 0x1}, {0x3, 0xa}, {0x1, 0x7}, {0x2, 0x5}, {0x6}, {0x0, 0x7}, {0x1, 0xa}, {0x0, 0x3}, {0x6, 0x6}, {0x1, 0x8}, {0x3, 0x4}, {0x5, 0x7}, {0x2, 0xa}, {0x7}, {0x5, 0x5}, {0x6, 0x6}, {0x4}, {0x0, 0x6}, {0x0, 0x5}, {0x4}, {0x5, 0x6}, {0x7, 0x1}, {0x1, 0x9}, {0x4, 0x9}, {0x1, 0x3}, {0x4, 0x1}, {0x4, 0x4}, {0x4, 0x6}, {0x4, 0x3}, {0x7, 0x3}, {0x7, 0x4}, {0x7, 0x6}, {0x4, 0x1}, {0x1, 0x1}, {0x6, 0x1}, {0x1, 0x1}, {0x3, 0x4}, {0x6}, {0x7, 0x5}, {0x1, 0xa}, {0x2, 0x7}, {0x7, 0x4}, {0x6, 0x4}, {0x7, 0x5}, {0x7, 0x8}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_2GHZ={0x3c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x5, 0x3, 0x4, 0xb502, 0x1c0, 0xc, 0x2]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x200, 0x8, 0x6, 0x6, 0x7, 0xfff3, 0x6]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x7a}]}, @NL80211_BAND_2GHZ={0xb0, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x42, 0x2, [{0x6}, {0x3, 0x3}, {0x4, 0x2}, {0x5, 0x9}, {0x0, 0x6}, {0x4, 0x5}, {0x3, 0x5}, {0x3}, {0x4, 0x4}, {0x7, 0x8}, {0x3, 0x7}, {0x3, 0x8}, {0x3, 0xa}, {0x0, 0x9}, {0x6}, {0x3, 0x6}, {0x4, 0x1}, {0x7, 0x6}, {0x7, 0x6}, {}, {0x6, 0x14}, {0x4}, {0x4, 0x1}, {0x0, 0x3}, {0x1, 0x5}, {0x0, 0x2}, {0x5, 0x4}, {0x6, 0x5}, {0x0, 0x5}, {0x0, 0x6}, {0x7, 0x1}, {0x1, 0x3}, {0x4, 0x7}, {0x4, 0x8}, {0x1, 0x9}, {0x1, 0x5}, {0x3, 0x2}, {0x5}, {0x7, 0x1}, {0x1, 0x6}, {0x0, 0x7}, {0x0, 0x3}, {0x5, 0x4}, {0x5, 0xa}, {0x0, 0x7}, {0x2, 0x3}, {0x5, 0x4}, {0x1, 0x8}, {0x5, 0x4}, {0x6, 0x8}, {0x4, 0x2}, {0x2, 0xa}, {0x0, 0x8}, {0x4, 0x4}, {0x3, 0x6}, {0x4, 0x9}, {0x2, 0x6}, {0x2, 0xa}, {0x1, 0x1}, {0x1, 0x6}, {0x6, 0x3}, {0x1, 0x5}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HT={0x26, 0x2, [{0x3, 0x4}, {0x5, 0x3}, {0x5, 0x8}, {0x1, 0x7}, {0x1, 0x7}, {0x1}, {0x0, 0x8}, {0x6, 0x5}, {0x1, 0x7}, {0x0, 0x1}, {0x4, 0x2}, {0x0, 0xa}, {0x4, 0x4}, {0x0, 0xa}, {0x0, 0x3}, {0x7, 0x8}, {0x7, 0x4}, {0x6, 0x2}, {0x1, 0x9}, {0x4, 0x8}, {0x1, 0x6}, {0x4, 0x1}, {0x7, 0x5}, {0x4, 0x7}, {0x2, 0x5}, {0x0, 0x8}, {0x1, 0xa}, {0x4, 0xa}, {0x0, 0x3}, {0x0, 0x3}, {0x0, 0x9}, {0x1, 0x3}, {0x0, 0x8}, {0x6, 0x1}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfff, 0x7, 0x5385, 0x8001, 0xf0e7, 0xfffe, 0x6, 0x1]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x7, 0x9, 0x40, 0x2, 0x8, 0x6]}}]}]}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x66}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x4}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x5}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x71}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}]}, {0x390, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xf0}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x37c, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x38, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x18, 0x2, [{0x3, 0xa}, {0x1, 0x2}, {0x2, 0xa}, {0x0, 0x5}, {0x2, 0x6}, {0x1}, {0x2, 0x8}, {0x1, 0x6}, {0x7, 0x4}, {0x6, 0x3}, {0x2, 0x9}, {0x4}, {0x3, 0x1}, {0x1, 0x9}, {0x0, 0x1}, {0x0, 0x7}, {0x3, 0x6}, {0x4}, {0x6, 0x1}, {0x0, 0x8}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x95, 0x2, 0x3, 0xd6, 0x0, 0x6, 0x6]}}]}, @NL80211_BAND_60GHZ={0xb8, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x2d, 0x2, [{0x2, 0x4}, {0x5}, {0x3, 0x2}, {0x7, 0x3}, {0x5, 0x3}, {0x6, 0x3}, {0x7, 0x3}, {0x2}, {0x1, 0x8}, {0x7}, {0x3, 0x3}, {0x7, 0x2}, {0x5, 0x8}, {0x1, 0x7}, {0x2, 0x8}, {0x4, 0x7}, {0x2, 0x9}, {0x1}, {0x1, 0xa}, {0x1, 0xa}, {0x6, 0x6}, {0x6, 0x2}, {0x7, 0x3}, {0x6, 0x1}, {0x1}, {0x4, 0x5}, {0x1, 0x9}, {0x1}, {0x2, 0x3}, {0x0, 0x1}, {0x1, 0x4}, {0x3, 0x5}, {0x1, 0x1}, {0x1}, {0x3, 0x1}, {0x1, 0xa}, {0x6, 0xa}, {0x0, 0xa}, {0x4}, {0x4, 0x3}, {0x2, 0x7}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x3, 0x78, 0x6, 0xfd, 0xdc, 0x7, 0x915]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xca8, 0x4, 0x5b5d, 0x7, 0xfff, 0x4, 0x7]}}, @NL80211_TXRATE_LEGACY={0x15, 0x1, [0x18, 0x24, 0x0, 0x18, 0x4, 0x1b, 0x4, 0xc, 0x9, 0x12, 0x0, 0xc, 0x4, 0x24, 0x24, 0x16, 0x63]}, @NL80211_TXRATE_LEGACY={0x19, 0x1, [0x4, 0x1, 0x12, 0x6e, 0x36, 0x6c, 0x1b, 0x6, 0xb, 0x16, 0x6, 0x2, 0x6c, 0x18, 0x6c, 0x60, 0x6, 0xc, 0x16, 0x5, 0x36]}, @NL80211_TXRATE_HT={0xd, 0x2, [{0x7, 0x9}, {0x5, 0x9}, {0x5, 0x3}, {0x6, 0x2}, {0x1, 0x5}, {0x0, 0x1}, {0x7, 0x5}, {0x2, 0x1}, {0x3}]}]}, @NL80211_BAND_6GHZ={0x28, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x21, 0x1, [0x5098abc75f17ee31, 0x4, 0x6, 0x9, 0x5, 0x12, 0x6c, 0x3, 0x6c, 0x1b, 0x24, 0x9, 0xb, 0x12, 0x3834ceaf91043b90, 0x1b, 0x48, 0x2, 0x12, 0x6, 0x30, 0x4, 0x4, 0x6c, 0xb, 0xb, 0xc, 0xc, 0x36]}]}, @NL80211_BAND_60GHZ={0x64, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xffff, 0x8, 0xf, 0xe, 0x2, 0x3, 0x47, 0x1]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xd, 0x4, 0x7, 0x7, 0x80, 0x4, 0x1, 0x3]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_60GHZ={0x64, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x49, 0x2, [{0x1, 0x3}, {0x7, 0x7}, {0x4}, {0x5, 0x2}, {0x6}, {0x1}, {0x0, 0x5}, {0x5, 0x6}, {0x4, 0x5}, {0x2, 0x5}, {0x3}, {0x0, 0x4}, {0x0, 0x5}, {0x7, 0x1}, {0x7, 0x3}, {0x7, 0x8}, {0x5, 0x5}, {0x7, 0x8}, {0x0, 0x7}, {0x1, 0x6}, {0x1, 0x1}, {0x1, 0x4}, {0x3, 0x3}, {0x0, 0x3}, {0x6, 0x3}, {0x7, 0x8}, {0x1, 0x8}, {0x1, 0x9}, {0x3, 0x3}, {0x0, 0x4}, {0x2, 0x9}, {0x1, 0x8}, {0x1, 0x9}, {0x0, 0x1}, {0x4, 0x3}, {0x6, 0x8}, {0x1, 0x5}, {0x0, 0x1}, {0x3, 0x2}, {0x7, 0x9}, {0x7, 0x8}, {0x3, 0x9}, {0x4, 0x5}, {0x7, 0x8}, {0x6, 0x7}, {}, {0x7, 0x9}, {0x6, 0x1}, {0x2, 0xa}, {0x3, 0x7}, {0x5, 0x2}, {0x4, 0x9}, {0x4, 0x8}, {0x0, 0x4}, {0x3, 0x9}, {0x4, 0x7}, {0x6, 0x2}, {0x1, 0xa}, {0x6}, {0x7, 0x1}, {0x1, 0x8}, {0x2, 0xa}, {0x0, 0xa}, {0x3, 0x2}, {0x4, 0x3}, {0x5, 0x6}, {0x0, 0x4}, {0x2, 0x2}, {0x6, 0x4}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x6b, 0x5, 0x3, 0x2fd, 0x8, 0x1, 0x100, 0x1]}}]}, @NL80211_BAND_5GHZ={0x54, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x36, 0x0, 0x3ff, 0xe61, 0x0, 0x7f, 0x10]}}, @NL80211_TXRATE_LEGACY={0x5, 0x1, [0x12]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x21, 0x2, [{0x4, 0x9}, {0x4, 0x9}, {0x1, 0xa}, {0x4, 0x7}, {0x3, 0x4}, {0x6, 0x7}, {0x0, 0x8}, {0x1, 0xa}, {0x3, 0x3}, {0x1, 0x3}, {0x0, 0x2}, {0x4, 0xa}, {0x5}, {0x6, 0x5}, {}, {0x7, 0x5}, {0x1, 0x9}, {0x0, 0x3}, {0x3, 0x6}, {0x0, 0xa}, {0x5}, {0x0, 0x6}, {0x6, 0x9}, {0x1, 0x5}, {0x7, 0x1}, {0x1, 0x9}, {0x1, 0x3}, {0x0, 0x7}, {0x2, 0x2}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_6GHZ={0x30, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x5, 0x1, [0x9]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x5, 0x6, 0x3, 0xdf, 0x6, 0x8, 0x2, 0x6]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_5GHZ={0x8c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x0, 0x4, 0x9, 0x8, 0x1, 0x9, 0x7]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x6c, 0x48, 0x36, 0x18, 0x4, 0x5, 0x16, 0x16, 0x6c, 0x6, 0x1b, 0x6, 0x0, 0x48, 0x6, 0x4, 0x3, 0x16, 0x4, 0x4d, 0x48, 0x12, 0x6, 0x6, 0x60, 0x6c, 0x6c, 0x1, 0x1]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x2, 0x100, 0x100, 0x100, 0x9, 0xf, 0x4]}}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x30, 0xb, 0x48, 0x1b, 0x0, 0xc, 0x60, 0x5, 0xb, 0xe, 0x53, 0x24, 0x50, 0x1b, 0x6, 0x42acac960eb9f4a5, 0x48, 0x6, 0xb, 0xa, 0x1b, 0x6, 0x2, 0x16, 0x48, 0x4, 0x30, 0x36, 0x6]}]}, @NL80211_BAND_60GHZ={0x88, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x29, 0x2, [{0x2, 0x5}, {0x2, 0x3}, {0x6, 0x7}, {0x7, 0x2}, {0x0, 0xa}, {0x5, 0x8}, {0x2, 0x4}, {0x7, 0x9}, {0x1, 0x3}, {0x6, 0x3}, {0x2, 0xa}, {0x7, 0x7}, {0x4, 0x4}, {0x0, 0x6}, {0x6, 0x7}, {0x1, 0x1}, {0x1, 0x5}, {0x2, 0x4}, {0x1, 0x9}, {0x3, 0x5}, {0x6, 0x2}, {0x5, 0x4}, {0x0, 0x5}, {0x0, 0x4}, {0x4, 0x2}, {0x1, 0x6}, {0x7, 0x2}, {0x5, 0x6}, {0x6, 0x9}, {0x0, 0x7}, {0x0, 0x6}, {0x5, 0x6}, {0x0, 0xa}, {0x6, 0x3}, {0x5, 0x6}, {0x7, 0x1}, {0x0, 0x6}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HT={0x48, 0x2, [{0x5, 0x6}, {0x6, 0x9}, {0x0, 0xa}, {0x5, 0x5}, {0x0, 0x9}, {0x5, 0x8}, {0x3, 0x1}, {0x3, 0xa}, {}, {0x5, 0x3}, {0x3, 0x5}, {0x0, 0x2}, {0x5, 0x6}, {0x1, 0x8}, {0x7, 0x5}, {0x0, 0x1}, {0x5, 0x1}, {0x2, 0x2}, {}, {0x7, 0x5}, {0x5, 0x1}, {0x6}, {0x4}, {0x7, 0x9}, {0x0, 0x9}, {0x1, 0x5}, {0x2, 0x2}, {0x2, 0xa}, {0x6, 0x7}, {0x0, 0x3}, {0x1, 0x8}, {0x2}, {0x0, 0x9}, {0x7, 0x8}, {0x6, 0x3}, {0x6, 0x6}, {0x5, 0x3}, {0x5, 0x8}, {0x6, 0x8}, {0x1, 0x1}, {0x7, 0x8}, {0x4, 0x1}, {0x7, 0x3}, {0x2, 0x1}, {0x2, 0xa}, {0x6, 0x8}, {0x0, 0x4}, {0x7, 0x5}, {0x2, 0x7}, {0x6, 0xa}, {0x2, 0x9}, {0x1, 0x1}, {0x4, 0x3}, {0x5, 0x5}, {0x7, 0x3}, {0x6, 0x5}, {0x0, 0x3}, {0x4, 0x4}, {0x7, 0xa}, {0x1, 0x6}, {0x6, 0x2}, {0x6, 0x1}, {0x3, 0x8}, {0x2, 0x6}, {0x7, 0x7}, {0x3, 0x6}, {0x2}, {0x0, 0x9}]}]}]}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x10}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x81}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xdb}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xa7}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x8000}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x5}]}, {0x28, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x2}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x25}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xd}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x8}]}]}]}, 0x770}, 0x1, 0x0, 0x0, 0x1}, 0x4)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xd13a}, @TCA_FQ_PIE_LIMIT={0x8, 0x1, 0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r8 = accept4(r7, 0x0, 0x0, 0x800)
sendmmsg$alg(r8, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r8, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r9, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r10, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

1.475264042s ago: executing program 0 (id=1676):
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket(0x10, 0x3, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x24, r3, 0x5, 0xfffffffd, 0x2, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xc}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x4810)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000340)={'wlan1\x00'})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xd13a}, @TCA_FQ_PIE_LIMIT={0x8, 0x1, 0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
r6 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r6, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r7 = accept4(r6, 0x0, 0x0, 0x800)
sendmmsg$alg(r7, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r8, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r9, @ANYBLOB], 0x6f4}}, 0x0)

1.424641682s ago: executing program 2 (id=1677):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000380), r0)
sendmsg$NFC_CMD_LLC_SET_PARAMS(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010026bd7000fedbdf251000000005000f0002000000080001"], 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x8080)
capset(&(0x7f0000000dc0)={0x20080522}, &(0x7f0000000e00)={0x0, 0x4, 0x4, 0x0, 0x80000, 0xffffffff})
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000009c0000000b"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0x23, &(0x7f0000000640)={r4, r3}, 0xc)
prlimit64(0x0, 0x9, &(0x7f0000000000)={0xe, 0x247}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
mremap(&(0x7f0000532000/0x3000)=nil, 0x3000, 0x1000, 0x3, &(0x7f0000190000/0x1000)=nil)
mlock(&(0x7f0000626000/0x5000)=nil, 0x5000)

1.389779527s ago: executing program 1 (id=1678):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4)
connect$inet(r0, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$nvram(0xffffffffffffff9c, &(0x7f00000001c0), 0x800, 0x0)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000580)={0x2, <r4=>0x0}, 0x8)
lseek(0xffffffffffffffff, 0x98b, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(0xffffffffffffffff, &(0x7f0000000980)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000940)={&(0x7f0000000140)={0x2c, r5, 0x300, 0x70bd2b, 0x25dfd3ff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x7, 0x78}}}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8004}, 0x20000045)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f00000006c0)={{0x1, 0x1, 0x18, r1, {0x4}}, './file0\x00'})
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x20, 0xb, 0x0, &(0x7f0000000280)='GPL\x00', 0x9, 0xc3, &(0x7f00000002c0)=""/195, 0x41000, 0x20, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x8, &(0x7f0000000500)={0x1, 0x2}, 0x8, 0x10, &(0x7f0000000540)={0x2, 0xc, 0xa11, 0x4}, 0x10, r4, 0xffffffffffffffff, 0x0, &(0x7f0000000700)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff], 0x0, 0x10, 0x400}, 0x94)
sendmmsg$inet(r0, &(0x7f0000004d00)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30000}}], 0x300, 0xf00)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='xfrm0\x00', 0x10)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

1.334249515s ago: executing program 2 (id=1679):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000200)={0xa, 0x4e22, 0x2, @empty, 0x8}, 0x1c)
listen(r3, 0x204)
r4 = socket$netlink(0x10, 0x3, 0x4)
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001500add427323b470c45b4560a067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a09000000ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1)

1.288576822s ago: executing program 0 (id=1680):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000006c0015"], 0x38}, 0x1, 0x300}, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c00000001090212000100000000090401"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
preadv(r0, &(0x7f0000000580)=[{&(0x7f0000000040)=""/133, 0x85}, {0x0}], 0x2, 0x2, 0x80000001)
r1 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r1, &(0x7f0000000140), 0x4924b68, 0x0)

702.061313ms ago: executing program 3 (id=1681):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0)
write$dsp(r0, 0x0, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000440)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
ioctl$SNDCTL_DSP_SYNC(r0, 0x80044df9, 0x0)

625.262913ms ago: executing program 3 (id=1682):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000020000000000000000800000850000000500000085000000a000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_clone(0x22180, 0x0, 0xa42f, 0x0, 0x0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r2)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
syz_open_procfs(r1, &(0x7f00000000c0)='smaps_rollup\x00')
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000000)="c1dfb080cd21d308098e00000000", 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

415.328434ms ago: executing program 2 (id=1683):
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket$vsock_stream(0x28, 0x1, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x10, 0x3, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)={0x24, r2, 0x5, 0xfffffffd, 0x2, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xc}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x4810)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000580)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000540)={&(0x7f0000000840)={0x778, r2, 0x800, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x75c, 0x11d, 0x0, 0x1, [{0x2d0, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x80}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x114, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x5c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x17, 0x2, [{0x0, 0x8}, {0x0, 0x4}, {0x6, 0x2}, {0x4}, {0x7, 0x2}, {0x5, 0xa}, {0x6, 0x3}, {0x1, 0x5}, {0x7, 0x1}, {0x4, 0x1}, {0x2}, {0x3, 0x7}, {0x1, 0x3}, {0x5, 0x7}, {0x7, 0x9}, {0x6, 0x7}, {0x2, 0x7}, {0x6, 0x5}, {0x7}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x1b, 0x1, [0xc, 0x36, 0xc, 0x16, 0xb, 0x1b, 0x3, 0x1, 0x60, 0x5, 0x4, 0x1b, 0x48, 0x24, 0x3b, 0xc, 0x48, 0xc, 0x3, 0x6, 0x16, 0x60, 0x36]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x6, 0x1, 0xf, 0x100, 0xa, 0x9a8d, 0xb7]}}]}, @NL80211_BAND_60GHZ={0x28, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x16, 0x2, [{0x1, 0x1}, {0x3, 0x3}, {0x4, 0x7}, {0x6, 0x5}, {0x7, 0x9}, {0x4}, {0x7, 0x7}, {}, {0x6}, {0x0, 0x8}, {0x0, 0x7}, {0x0, 0xa}, {0x5, 0x3}, {0x1, 0xa}, {0x5, 0x7}, {0x3, 0x8}, {0x7, 0x6}, {0x3, 0x9}]}, @NL80211_TXRATE_HT={0xc, 0x2, [{0x2, 0x2}, {0x5}, {0x2, 0x1}, {0x5, 0xa}, {0x3, 0x1}, {0x2, 0x4}, {0x1, 0x1}, {0x0, 0x6}]}]}, @NL80211_BAND_6GHZ={0x8c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1000, 0x9, 0x1, 0x0, 0x3, 0x0, 0x101, 0x7]}}, @NL80211_TXRATE_HT={0x4f, 0x2, [{0x3, 0x5}, {0x1, 0x7}, {0x2, 0x2}, {0x7, 0x1}, {0x1, 0x8}, {0x1, 0x4}, {0x1, 0x8}, {0x1, 0xa}, {0x0, 0x2}, {0x1, 0x8}, {0x0, 0x7}, {0x1, 0x1}, {0x7, 0x7}, {0x7, 0x8}, {0x4, 0x8}, {0x0, 0x7}, {0x2, 0x3}, {0x7, 0x9}, {0x7, 0x1}, {0x1, 0x4}, {0x4, 0x7}, {0x3, 0xa}, {0x7, 0x7}, {0x7, 0x2}, {0x6, 0x5}, {0x0, 0xa}, {0x7, 0x4}, {0x0, 0x9}, {0x1, 0x6}, {0x6, 0x2}, {0x1, 0x2}, {0x5, 0xa}, {0x1, 0x5}, {0x7, 0x2}, {0x2, 0x4}, {0x3, 0x7}, {0x4, 0x1}, {0x6, 0x9}, {0x4, 0x3}, {0x1, 0x3}, {0x6, 0x8}, {0x0, 0x3}, {0x4, 0x4}, {0x4, 0x8}, {0x1, 0x7}, {0x2, 0x8}, {0x3, 0x7}, {0x1, 0x3}, {0x7, 0xa}, {0x2, 0x7}, {0x4, 0x8}, {0x1}, {0x3, 0x4}, {0x1, 0x1}, {0x5}, {0x3, 0x6}, {0x2, 0x8}, {0x4, 0x2}, {0x2, 0x8}, {0x2, 0x8}, {0x1, 0x5}, {0x5, 0x2}, {0x2}, {0x5, 0x8}, {0x6, 0x6}, {0x5, 0x9}, {0x4, 0x2}, {0x0, 0x5}, {0x5, 0x6}, {}, {0x2, 0x7}, {0x0, 0x4}, {0x5, 0xa}, {0x6, 0x1}, {0x1, 0x2}]}, @NL80211_TXRATE_LEGACY={0x19, 0x1, [0x6c, 0x9, 0x6, 0x48, 0x60, 0x3, 0x6, 0xb, 0x4, 0xc, 0x60, 0x3, 0x16, 0x18, 0x18, 0x18, 0x16, 0x12, 0x12, 0x5, 0x3]}]}]}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x91}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x16c, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x28, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x23, 0x2, [{0x1, 0x7}, {0x0, 0x4}, {0x0, 0x5}, {0x1, 0x9}, {0x6, 0x6}, {0x3, 0x8}, {0x7, 0x5}, {0x1, 0x4}, {0x7, 0x3}, {0x6, 0x6}, {0x5, 0x9}, {0x4, 0x3}, {0x6, 0x9}, {0x5}, {0x0, 0x5}, {0x2}, {0x6, 0x1}, {0x7, 0xa}, {0x0, 0x5}, {0x4, 0x6}, {0x1, 0x3}, {0x3, 0x9}, {0x2, 0x6}, {0x1, 0x6}, {0x7, 0x7}, {0x4, 0x4}, {0x1, 0x2}, {0x6, 0xa}, {0x6, 0x5}, {0x2, 0x5}, {0x7, 0x9}]}]}, @NL80211_BAND_2GHZ={0x54, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x47, 0x2, [{0x7, 0x1}, {0x3, 0x6}, {0x4, 0x9}, {0x6, 0x7}, {0x3, 0xa}, {0x6, 0x4}, {0x0, 0x8}, {0x6, 0x9}, {0x1, 0x3}, {0x0, 0x2}, {0x7, 0x8}, {0x7, 0x4}, {0x6, 0x5}, {0x1}, {0x0, 0xa}, {0x2, 0x5}, {0x7, 0x2}, {0x0, 0x3}, {0x1, 0x3}, {0x3, 0x8}, {0x1, 0x1}, {0x2, 0x2}, {0x4, 0x1}, {0x3, 0xa}, {0x1, 0x7}, {0x2, 0x5}, {0x6}, {0x0, 0x7}, {0x1, 0xa}, {0x0, 0x3}, {0x6, 0x6}, {0x1, 0x8}, {0x3, 0x4}, {0x5, 0x7}, {0x2, 0xa}, {0x7}, {0x5, 0x5}, {0x6, 0x6}, {0x4}, {0x0, 0x6}, {0x0, 0x5}, {0x4}, {0x5, 0x6}, {0x7, 0x1}, {0x1, 0x9}, {0x4, 0x9}, {0x1, 0x3}, {0x4, 0x1}, {0x4, 0x4}, {0x4, 0x6}, {0x4, 0x3}, {0x7, 0x3}, {0x7, 0x4}, {0x7, 0x6}, {0x4, 0x1}, {0x1, 0x1}, {0x6, 0x1}, {0x1, 0x1}, {0x3, 0x4}, {0x6}, {0x7, 0x5}, {0x1, 0xa}, {0x2, 0x7}, {0x7, 0x4}, {0x6, 0x4}, {0x7, 0x5}, {0x7, 0x8}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_2GHZ={0x3c, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x8, 0x5, 0x3, 0x4, 0xb502, 0x1c0, 0xc, 0x2]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9, 0x200, 0x8, 0x6, 0x6, 0x7, 0xfff3, 0x6]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x7a}]}, @NL80211_BAND_2GHZ={0xb0, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x42, 0x2, [{0x6}, {0x3, 0x3}, {0x4, 0x2}, {0x5, 0x9}, {0x0, 0x6}, {0x4, 0x5}, {0x3, 0x5}, {0x3}, {0x4, 0x4}, {0x7, 0x8}, {0x3, 0x7}, {0x3, 0x8}, {0x3, 0xa}, {0x0, 0x9}, {0x6}, {0x3, 0x6}, {0x4, 0x1}, {0x7, 0x6}, {0x7, 0x6}, {}, {0x6, 0x14}, {0x4}, {0x4, 0x1}, {0x0, 0x3}, {0x1, 0x5}, {0x0, 0x2}, {0x5, 0x4}, {0x6, 0x5}, {0x0, 0x5}, {0x0, 0x6}, {0x7, 0x1}, {0x1, 0x3}, {0x4, 0x7}, {0x4, 0x8}, {0x1, 0x9}, {0x1, 0x5}, {0x3, 0x2}, {0x5}, {0x7, 0x1}, {0x1, 0x6}, {0x0, 0x7}, {0x0, 0x3}, {0x5, 0x4}, {0x5, 0xa}, {0x0, 0x7}, {0x2, 0x3}, {0x5, 0x4}, {0x1, 0x8}, {0x5, 0x4}, {0x6, 0x8}, {0x4, 0x2}, {0x2, 0xa}, {0x0, 0x8}, {0x4, 0x4}, {0x3, 0x6}, {0x4, 0x9}, {0x2, 0x6}, {0x2, 0xa}, {0x1, 0x1}, {0x1, 0x6}, {0x6, 0x3}, {0x1, 0x5}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HT={0x26, 0x2, [{0x3, 0x4}, {0x5, 0x3}, {0x5, 0x8}, {0x1, 0x7}, {0x1, 0x7}, {0x1}, {0x0, 0x8}, {0x6, 0x5}, {0x1, 0x7}, {0x0, 0x1}, {0x4, 0x2}, {0x0, 0xa}, {0x4, 0x4}, {0x0, 0xa}, {0x0, 0x3}, {0x7, 0x8}, {0x7, 0x4}, {0x6, 0x2}, {0x1, 0x9}, {0x4, 0x8}, {0x1, 0x6}, {0x4, 0x1}, {0x7, 0x5}, {0x4, 0x7}, {0x2, 0x5}, {0x0, 0x8}, {0x1, 0xa}, {0x4, 0xa}, {0x0, 0x3}, {0x0, 0x3}, {0x0, 0x9}, {0x1, 0x3}, {0x0, 0x8}, {0x6, 0x1}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xfff, 0x7, 0x5385, 0x8001, 0xf0e7, 0xfffe, 0x6, 0x1]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x7, 0x9, 0x40, 0x2, 0x8, 0x6]}}]}]}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0x66}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x4}, @NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x5}]}, {0x1c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x71}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5, 0xb, 0x1}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}]}, {0x390, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xf0}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x37c, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x38, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x18, 0x2, [{0x3, 0xa}, {0x1, 0x2}, {0x2, 0xa}, {0x0, 0x5}, {0x2, 0x6}, {0x1}, {0x2, 0x8}, {0x1, 0x6}, {0x7, 0x4}, {0x6, 0x3}, {0x2, 0x9}, {0x4}, {0x3, 0x1}, {0x1, 0x9}, {0x0, 0x1}, {0x0, 0x7}, {0x3, 0x6}, {0x4}, {0x6, 0x1}, {0x0, 0x8}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x95, 0x2, 0x3, 0xd6, 0x0, 0x6, 0x6]}}]}, @NL80211_BAND_60GHZ={0xb8, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x2d, 0x2, [{0x2, 0x4}, {0x5}, {0x3, 0x2}, {0x7, 0x3}, {0x5, 0x3}, {0x6, 0x3}, {0x7, 0x3}, {0x2}, {0x1, 0x8}, {0x7}, {0x3, 0x3}, {0x7, 0x2}, {0x5, 0x8}, {0x1, 0x7}, {0x2, 0x8}, {0x4, 0x7}, {0x2, 0x9}, {0x1}, {0x1, 0xa}, {0x1, 0xa}, {0x6, 0x6}, {0x6, 0x2}, {0x7, 0x3}, {0x6, 0x1}, {0x1}, {0x4, 0x5}, {0x1, 0x9}, {0x1}, {0x2, 0x3}, {0x0, 0x1}, {0x1, 0x4}, {0x3, 0x5}, {0x1, 0x1}, {0x1}, {0x3, 0x1}, {0x1, 0xa}, {0x6, 0xa}, {0x0, 0xa}, {0x4}, {0x4, 0x3}, {0x2, 0x7}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0x3, 0x78, 0x6, 0xfd, 0xdc, 0x7, 0x915]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xca8, 0x4, 0x5b5d, 0x7, 0xfff, 0x4, 0x7]}}, @NL80211_TXRATE_LEGACY={0x15, 0x1, [0x18, 0x24, 0x0, 0x18, 0x4, 0x1b, 0x4, 0xc, 0x9, 0x12, 0x0, 0xc, 0x4, 0x24, 0x24, 0x16, 0x63]}, @NL80211_TXRATE_LEGACY={0x19, 0x1, [0x4, 0x1, 0x12, 0x6e, 0x36, 0x6c, 0x1b, 0x6, 0xb, 0x16, 0x6, 0x2, 0x6c, 0x18, 0x6c, 0x60, 0x6, 0xc, 0x16, 0x5, 0x36]}, @NL80211_TXRATE_HT={0xd, 0x2, [{0x7, 0x9}, {0x5, 0x9}, {0x5, 0x3}, {0x6, 0x2}, {0x1, 0x5}, {0x0, 0x1}, {0x7, 0x5}, {0x2, 0x1}, {0x3}]}]}, @NL80211_BAND_6GHZ={0x28, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x21, 0x1, [0x5098abc75f17ee31, 0x4, 0x6, 0x9, 0x5, 0x12, 0x6c, 0x3, 0x6c, 0x1b, 0x24, 0x9, 0xb, 0x12, 0x3834ceaf91043b90, 0x1b, 0x48, 0x2, 0x12, 0x6, 0x30, 0x4, 0x4, 0x6c, 0xb, 0xb, 0xc, 0xc, 0x36]}]}, @NL80211_BAND_60GHZ={0x64, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xffff, 0x8, 0xf, 0xe, 0x2, 0x3, 0x47, 0x1]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xd, 0x4, 0x7, 0x7, 0x80, 0x4, 0x1, 0x3]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_60GHZ={0x64, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x49, 0x2, [{0x1, 0x3}, {0x7, 0x7}, {0x4}, {0x5, 0x2}, {0x6}, {0x1}, {0x0, 0x5}, {0x5, 0x6}, {0x4, 0x5}, {0x2, 0x5}, {0x3}, {0x0, 0x4}, {0x0, 0x5}, {0x7, 0x1}, {0x7, 0x3}, {0x7, 0x8}, {0x5, 0x5}, {0x7, 0x8}, {0x0, 0x7}, {0x1, 0x6}, {0x1, 0x1}, {0x1, 0x4}, {0x3, 0x3}, {0x0, 0x3}, {0x6, 0x3}, {0x7, 0x8}, {0x1, 0x8}, {0x1, 0x9}, {0x3, 0x3}, {0x0, 0x4}, {0x2, 0x9}, {0x1, 0x8}, {0x1, 0x9}, {0x0, 0x1}, {0x4, 0x3}, {0x6, 0x8}, {0x1, 0x5}, {0x0, 0x1}, {0x3, 0x2}, {0x7, 0x9}, {0x7, 0x8}, {0x3, 0x9}, {0x4, 0x5}, {0x7, 0x8}, {0x6, 0x7}, {}, {0x7, 0x9}, {0x6, 0x1}, {0x2, 0xa}, {0x3, 0x7}, {0x5, 0x2}, {0x4, 0x9}, {0x4, 0x8}, {0x0, 0x4}, {0x3, 0x9}, {0x4, 0x7}, {0x6, 0x2}, {0x1, 0xa}, {0x6}, {0x7, 0x1}, {0x1, 0x8}, {0x2, 0xa}, {0x0, 0xa}, {0x3, 0x2}, {0x4, 0x3}, {0x5, 0x6}, {0x0, 0x4}, {0x2, 0x2}, {0x6, 0x4}]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x6b, 0x5, 0x3, 0x2fd, 0x8, 0x1, 0x100, 0x1]}}]}, @NL80211_BAND_5GHZ={0x54, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x36, 0x0, 0x3ff, 0xe61, 0x0, 0x7f, 0x10]}}, @NL80211_TXRATE_LEGACY={0x5, 0x1, [0x12]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HT={0x21, 0x2, [{0x4, 0x9}, {0x4, 0x9}, {0x1, 0xa}, {0x4, 0x7}, {0x3, 0x4}, {0x6, 0x7}, {0x0, 0x8}, {0x1, 0xa}, {0x3, 0x3}, {0x1, 0x3}, {0x0, 0x2}, {0x4, 0xa}, {0x5}, {0x6, 0x5}, {}, {0x7, 0x5}, {0x1, 0x9}, {0x0, 0x3}, {0x3, 0x6}, {0x0, 0xa}, {0x5}, {0x0, 0x6}, {0x6, 0x9}, {0x1, 0x5}, {0x7, 0x1}, {0x1, 0x9}, {0x1, 0x3}, {0x0, 0x7}, {0x2, 0x2}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_6GHZ={0x30, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x5, 0x1, [0x9]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x5, 0x6, 0x3, 0xdf, 0x6, 0x8, 0x2, 0x6]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_5GHZ={0x8c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x0, 0x4, 0x9, 0x8, 0x1, 0x9, 0x7]}}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x6c, 0x48, 0x36, 0x18, 0x4, 0x5, 0x16, 0x16, 0x6c, 0x6, 0x1b, 0x6, 0x0, 0x48, 0x6, 0x4, 0x3, 0x16, 0x4, 0x4d, 0x48, 0x12, 0x6, 0x6, 0x60, 0x6c, 0x6c, 0x1, 0x1]}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x2, 0x100, 0x100, 0x100, 0x9, 0xf, 0x4]}}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x30, 0xb, 0x48, 0x1b, 0x0, 0xc, 0x60, 0x5, 0xb, 0xe, 0x53, 0x24, 0x50, 0x1b, 0x6, 0x42acac960eb9f4a5, 0x48, 0x6, 0xb, 0xa, 0x1b, 0x6, 0x2, 0x16, 0x48, 0x4, 0x30, 0x36, 0x6]}]}, @NL80211_BAND_60GHZ={0x88, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x29, 0x2, [{0x2, 0x5}, {0x2, 0x3}, {0x6, 0x7}, {0x7, 0x2}, {0x0, 0xa}, {0x5, 0x8}, {0x2, 0x4}, {0x7, 0x9}, {0x1, 0x3}, {0x6, 0x3}, {0x2, 0xa}, {0x7, 0x7}, {0x4, 0x4}, {0x0, 0x6}, {0x6, 0x7}, {0x1, 0x1}, {0x1, 0x5}, {0x2, 0x4}, {0x1, 0x9}, {0x3, 0x5}, {0x6, 0x2}, {0x5, 0x4}, {0x0, 0x5}, {0x0, 0x4}, {0x4, 0x2}, {0x1, 0x6}, {0x7, 0x2}, {0x5, 0x6}, {0x6, 0x9}, {0x0, 0x7}, {0x0, 0x6}, {0x5, 0x6}, {0x0, 0xa}, {0x6, 0x3}, {0x5, 0x6}, {0x7, 0x1}, {0x0, 0x6}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HT={0x48, 0x2, [{0x5, 0x6}, {0x6, 0x9}, {0x0, 0xa}, {0x5, 0x5}, {0x0, 0x9}, {0x5, 0x8}, {0x3, 0x1}, {0x3, 0xa}, {}, {0x5, 0x3}, {0x3, 0x5}, {0x0, 0x2}, {0x5, 0x6}, {0x1, 0x8}, {0x7, 0x5}, {0x0, 0x1}, {0x5, 0x1}, {0x2, 0x2}, {}, {0x7, 0x5}, {0x6}, {0x4}, {0x7, 0x9}, {0x0, 0x9}, {0x1, 0x5}, {0x2, 0x2}, {0x2, 0xa}, {0x6, 0x7}, {0x0, 0x3}, {0x1, 0x8}, {0x2}, {0x0, 0x9}, {0x7, 0x8}, {0x6, 0x3}, {0x6, 0x6}, {0x5, 0x3}, {0x5, 0x8}, {0x2, 0x4}, {0x6, 0x8}, {0x1, 0x1}, {0x7, 0x8}, {0x4, 0x1}, {0x7, 0x3}, {0x2, 0x1}, {0x2, 0xa}, {0x6, 0x8}, {0x0, 0x4}, {0x7, 0x5}, {0x2, 0x7}, {0x6, 0xa}, {0x2, 0x9}, {0x1, 0x1}, {0x4, 0x3}, {0x5, 0x5}, {0x7, 0x3}, {0x6, 0x5}, {0x0, 0x3}, {0x4, 0x4}, {0x7, 0xa}, {0x1, 0x6}, {0x6, 0x2}, {0x6, 0x1}, {0x3, 0x8}, {0x2, 0x6}, {0x7, 0x7}, {0x3, 0x6}, {0x2}, {0x0, 0x9}]}]}]}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5, 0x9, 0x1}]}, {0x34, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x10}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}]}, {0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x81}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xd3}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xdb}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0xa7}]}, {0x24, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_VIF_SUPP={0xc, 0x2, 0x8000}, @NL80211_TID_CONFIG_ATTR_AMSDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x5}]}, {0x28, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x2}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x25}]}, {0x14, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0xd}, @NL80211_TID_CONFIG_ATTR_TIDS={0x6, 0x5, 0x8}]}]}]}, 0x778}, 0x1, 0x0, 0x0, 0x1}, 0x4)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x6}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x14, 0x8002, [@TCA_FQ_PIE_FLOWS={0x8, 0x2, 0xd13a}, @TCA_FQ_PIE_LIMIT={0x8, 0x1, 0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x2}, 0x2000400c)
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r5 = accept4(r4, 0x0, 0x0, 0x800)
sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r6, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r7, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

264.680369ms ago: executing program 3 (id=1684):
prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$OBJ_PIN_MAP(0x6, 0x0, 0x0)
getpgid(0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x150)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r3, &(0x7f0000000200)={0xa, 0x4e22, 0x2, @empty, 0x8}, 0x1c)
listen(r3, 0x204)
r4 = socket$netlink(0x10, 0x3, 0x4)
writev(r4, &(0x7f00000000c0)=[{&(0x7f0000000180)="580000001500add427323b470c45b4560a067fffffff81004e22030d00ff0028925aa8002000eaa57b00090080020efffeffe809020000ff0004f03a09000000ffffffffffffffffffffffe7ee0000000000000000020000", 0x58}], 0x1)

250.222773ms ago: executing program 2 (id=1685):
r0 = memfd_secret(0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000c80)={'lo\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newqdisc={0x60, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0xe, 0x4}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x18, 0x2, {{0x9}, [@TCA_NETEM_RATE={0x14, 0xe, {0x0, 0x5}}]}}}]}, 0x60}}, 0x20048020)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_MSFILTER(r4, 0x0, 0x30, &(0x7f0000000600)=ANY=[@ANYBLOB="020000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000"], 0x110)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
r7 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(r7, 0x2205, 0x0)
sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r6, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x80)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1, 0x3, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000008142000000000000009500000000000000"], 0x0, 0x2}, 0x94)
mremap(&(0x7f00003eb000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil)
r8 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r8, &(0x7f0000000080)={0x18, 0x0, {0x3, @random="bb7fb37b9489", 'bond0\x00'}}, 0x1e)
r9 = socket$kcm(0x10, 0x2, 0x0)
r10 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000006100)='cmdline\x00')
preadv(r10, &(0x7f0000010440)=[{&(0x7f0000000040)=""/160, 0x3fd}], 0x1, 0xc03, 0x0)
sendmsg$kcm(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="2e00000011008b88040f80ee59acbc04130800480f0000005e2900421803001825800000000000000280000c0012", 0x2e}], 0x1}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x12, &(0x7f0000000200)=ANY=[@ANYBLOB="1836cb3f870b44e2570f2d3ce929d7845dd418f1b600000018000000000000000101000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b70000000000000000d34289a30e000085100000020000009500000000000000"], &(0x7f0000000180)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x11, '\x00', r3, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffbff}, 0x94)

0s ago: executing program 4 (id=1686):
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mkdir(&(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000100)='./bus\x00', 0x1f2)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = open(&(0x7f0000000780)='./bus\x00', 0x0, 0x0)
io_setup(0x7d, &(0x7f0000000600)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000001d00)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000)="96", 0x1, 0x0, 0x0, 0x0, r0}])

kernel console output (not intermixed with test programs):

in process `syz.2.1007'.
[  285.568368][ T9675] team0: entered promiscuous mode
[  285.585209][ T9675] team_slave_0: entered promiscuous mode
[  285.613233][ T9675] team_slave_1: entered promiscuous mode
[  285.632649][ T9675] team0: entered allmulticast mode
[  285.637858][ T9675] team_slave_0: entered allmulticast mode
[  285.644460][ T9675] team_slave_1: entered allmulticast mode
[  285.698758][ T9675] bridge0: port 3(team0) entered blocking state
[  285.710423][ T9675] bridge0: port 3(team0) entered disabled state
[  285.735139][ T9675] bridge0: port 3(team0) entered blocking state
[  285.741596][ T9675] bridge0: port 3(team0) entered forwarding state
[  286.195784][   T30] audit: type=1400 audit(1753614606.489:608): avc:  denied  { create } for  pid=9689 comm="syz.2.1013" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  286.974327][ T5901] usb write operation failed. (-71)
[  286.995756][ T5901] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  287.193986][ T5901] dvbdev: DVB: registering new adapter (Terratec H7)
[  287.208589][ T5901] usb 5-1: media controller created
[  287.309600][ T5901] usb read operation failed. (-71)
[  287.388391][ T5901] usb write operation failed. (-71)
[  287.555395][ T9705] netlink: 'syz.4.1014': attribute type 4 has an invalid length.
[  287.568825][ T9705] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1014'.
[  287.727701][ T5901] dvb_usb_az6007 5-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  287.796989][ T5901] usb 5-1: USB disconnect, device number 22
[  288.026964][ T9717] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1016'.
[  289.966829][ T5917] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  290.092029][ T5880] usb 3-1: new high-speed USB device number 34 using dummy_hcd
[  290.118852][ T9749] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1029'.
[  290.132457][ T9749] netem: invalid attributes len -4
[  290.137558][ T9749] netem: change failed
[  290.142882][ T5917] usb 5-1: Using ep0 maxpacket: 8
[  290.152024][ T5917] usb 5-1: config 0 has no interfaces?
[  290.157519][ T5917] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  290.186322][ T5917] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  290.188902][   T30] audit: type=1400 audit(1753614610.489:609): avc:  denied  { read } for  pid=9743 comm="syz.1.1027" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  290.232926][ T5917] usb 5-1: config 0 descriptor??
[  290.252387][ T5880] usb 3-1: Using ep0 maxpacket: 8
[  290.262695][ T5880] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  290.272953][ T5880] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.334154][ T5880] usb 3-1: Product: syz
[  290.338351][ T5880] usb 3-1: Manufacturer: syz
[  290.415664][ T9754] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1029'.
[  290.427041][ T5880] usb 3-1: SerialNumber: syz
[  290.452163][ T5894] usb 5-1: USB disconnect, device number 23
[  290.498795][ T5880] usb 3-1: config 0 descriptor??
[  290.714874][ T5880] usb 3-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  291.915008][ T9754]  (unregistering): (slave bond_slave_0): Releasing backup interface
[  291.966485][ T9754]  (unregistering): (slave bond_slave_1): Releasing backup interface
[  291.979910][ T9754]  (unregistering): Released all slaves
[  292.189970][ T9778] netlink: 'syz.3.1036': attribute type 4 has an invalid length.
[  292.769636][ T9786] sp0: Synchronizing with TNC
[  292.817613][ T5880] usb write operation failed. (-71)
[  293.304356][ T9782] [U] è`
[  293.308791][ T5880] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  293.319912][ T5880] dvbdev: DVB: registering new adapter (Terratec H7)
[  293.327309][ T5880] usb 3-1: media controller created
[  293.336544][   T30] audit: type=1400 audit(1753614613.069:610): avc:  denied  { bind } for  pid=9782 comm="syz.1.1037" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  293.488051][ T5880] usb read operation failed. (-71)
[  293.525521][ T5880] usb write operation failed. (-71)
[  293.616136][ T5880] dvb_usb_az6007 3-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  293.747652][   T30] audit: type=1400 audit(1753614614.049:611): avc:  denied  { connect } for  pid=9788 comm="syz.4.1038" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  293.803447][ T5880] usb 3-1: USB disconnect, device number 34
[  294.322488][ T5880] usb 3-1: new full-speed USB device number 35 using dummy_hcd
[  294.334099][ T9805] netlink: 'syz.1.1044': attribute type 1 has an invalid length.
[  294.364428][ T9805] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1044'.
[  294.698145][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  294.714730][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  294.769912][ T5880] usb 3-1: New USB device found, idVendor=1b96, idProduct=0012, bcdDevice= 0.00
[  294.798100][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  294.828685][ T5880] usb 3-1: config 0 descriptor??
[  295.476099][ T5880] ntrig 0003:1B96:0012.0008: item fetching failed at offset 2/5
[  295.502960][ T5880] ntrig 0003:1B96:0012.0008: parse failed
[  295.511959][ T5880] ntrig 0003:1B96:0012.0008: probe with driver ntrig failed with error -22
[  295.745187][   T30] audit: type=1400 audit(1753614616.049:612): avc:  denied  { create } for  pid=9828 comm="syz.4.1050" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  295.782676][ T5880] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  295.822644][   T30] audit: type=1400 audit(1753614616.089:613): avc:  denied  { write } for  pid=9828 comm="syz.4.1050" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  295.953232][ T5880] usb 1-1: Using ep0 maxpacket: 8
[  295.967898][ T5880] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  295.978977][ T5880] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  295.988886][ T5880] usb 1-1: Product: syz
[  295.995256][ T5880] usb 1-1: Manufacturer: syz
[  295.999861][ T5880] usb 1-1: SerialNumber: syz
[  296.033778][ T5880] usb 1-1: config 0 descriptor??
[  296.253107][ T5880] usb 1-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  296.713774][ T9844] FAULT_INJECTION: forcing a failure.
[  296.713774][ T9844] name failslab, interval 1, probability 0, space 0, times 0
[  296.760960][ T9844] CPU: 1 UID: 0 PID: 9844 Comm: syz.4.1055 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[  296.760985][ T9844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  296.761010][ T9844] Call Trace:
[  296.761016][ T9844]  <TASK>
[  296.761022][ T9844]  dump_stack_lvl+0x16c/0x1f0
[  296.761054][ T9844]  should_fail_ex+0x512/0x640
[  296.761080][ T9844]  ? fs_reclaim_acquire+0xae/0x150
[  296.761102][ T9844]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  296.761118][ T9844]  should_failslab+0xc2/0x120
[  296.761134][ T9844]  __kmalloc_noprof+0xd2/0x510
[  296.761164][ T9844]  tomoyo_realpath_from_path+0xc2/0x6e0
[  296.761183][ T9844]  ? tomoyo_profile+0x47/0x60
[  296.761205][ T9844]  tomoyo_path_number_perm+0x245/0x580
[  296.761227][ T9844]  ? tomoyo_path_number_perm+0x237/0x580
[  296.761253][ T9844]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  296.761279][ T9844]  ? find_held_lock+0x2b/0x80
[  296.761324][ T9844]  ? find_held_lock+0x2b/0x80
[  296.761344][ T9844]  ? hook_file_ioctl_common+0x145/0x410
[  296.761375][ T9844]  ? __fget_files+0x20e/0x3c0
[  296.761396][ T9844]  security_file_ioctl+0x9b/0x240
[  296.761414][ T9844]  __x64_sys_ioctl+0xb7/0x210
[  296.761439][ T9844]  do_syscall_64+0xcd/0x4c0
[  296.761457][ T9844]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  296.761473][ T9844] RIP: 0033:0x7efec418e9a9
[  296.761487][ T9844] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  296.761506][ T9844] RSP: 002b:00007efec4fed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  296.761522][ T9844] RAX: ffffffffffffffda RBX: 00007efec43b5fa0 RCX: 00007efec418e9a9
[  296.761533][ T9844] RDX: 0000200000000100 RSI: 000000004020940d RDI: 0000000000000004
[  296.761543][ T9844] RBP: 00007efec4fed090 R08: 0000000000000000 R09: 0000000000000000
[  296.761553][ T9844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  296.761563][ T9844] R13: 0000000000000000 R14: 00007efec43b5fa0 R15: 00007fff952f0b78
[  296.761586][ T9844]  </TASK>
[  296.761608][ T9844] ERROR: Out of memory at tomoyo_realpath_from_path.
[  296.822395][ T9846] netlink: 'syz.3.1054': attribute type 4 has an invalid length.
[  297.013001][ T9849] netlink: 'syz.4.1056': attribute type 4 has an invalid length.
[  297.770783][ T5834] Bluetooth: hci5: command 0x1003 tx timeout
[  297.777902][ T5838] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  297.971260][ T5942] usb 3-1: USB disconnect, device number 35
[  298.105003][   T30] audit: type=1400 audit(1753614618.409:614): avc:  denied  { bind } for  pid=9865 comm="syz.4.1060" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  298.106555][ T9868] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  298.174620][ T9868] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  298.185049][   T30] audit: type=1400 audit(1753614618.489:615): avc:  denied  { watch watch_reads } for  pid=9865 comm="syz.4.1060" path="/proc/698" dev="proc" ino=23082 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  298.192505][ T5880] usb write operation failed. (-71)
[  298.265981][ T5880] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  298.455155][ T5887] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  298.472915][ T5880] dvbdev: DVB: registering new adapter (Terratec H7)
[  298.479763][ T5880] usb 1-1: media controller created
[  298.638431][ T5880] usb read operation failed. (-71)
[  298.651371][ T5942] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  298.661951][ T5880] usb write operation failed. (-71)
[  298.676864][ T5880] dvb_usb_az6007 1-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  298.722286][ T5880] usb 1-1: USB disconnect, device number 28
[  298.782391][ T5887] usb 5-1: Using ep0 maxpacket: 16
[  298.843975][ T5887] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  298.893066][ T5887] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  298.902801][ T5942] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  298.902829][ T5942] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023
[  298.904822][ T5942] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  298.904846][ T5942] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.904864][ T5942] usb 4-1: Product: syz
[  298.904878][ T5942] usb 4-1: Manufacturer: syz
[  298.904893][ T5942] usb 4-1: SerialNumber: syz
[  299.479293][ T5887] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  299.494272][ T5887] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  299.505423][ T5887] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  299.528941][ T9882] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1064'.
[  299.553456][ T9864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  299.565949][ T5887] usb 5-1: config 0 descriptor??
[  299.771759][ T9864] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  299.898256][ T9882] vlan2: entered promiscuous mode
[  300.008107][ T9864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  300.019749][ T9864] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  300.029849][ T5887] usbhid 5-1:0.0: can't add hid device: -71
[  300.037801][ T9882] bridge0: entered promiscuous mode
[  300.046095][ T5887] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  300.062325][ T9864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  300.086062][ T5887] usb 5-1: USB disconnect, device number 24
[  300.097823][ T9864] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  300.196592][ T9895] capability: warning: `syz.1.1067' uses deprecated v2 capabilities in a way that may be insecure
[  300.314259][   T30] audit: type=1400 audit(1753614620.619:616): avc:  denied  { write } for  pid=9890 comm="syz.2.1066" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  300.466469][ T9901] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9901 comm=syz.1.1069
[  300.702244][ T5942] cdc_ncm 4-1:1.0: bind() failure
[  300.846364][ T5942] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  300.853813][ T5942] cdc_ncm 4-1:1.1: bind() failure
[  300.871586][ T5942] usb 4-1: USB disconnect, device number 16
[  301.302392][ T9918] 9pnet_fd: Insufficient options for proto=fd
[  301.400912][ T5942] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  301.565974][ T5942] usb 4-1: Using ep0 maxpacket: 8
[  302.069659][ T5942] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  302.106699][ T5942] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.187103][ T5942] usb 4-1: Product: syz
[  302.362861][ T5942] usb 4-1: Manufacturer: syz
[  302.368472][ T5942] usb 4-1: SerialNumber: syz
[  303.389339][ T5942] usb 4-1: config 0 descriptor??
[  303.605323][ T5942] usb 4-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  303.827912][ T9948] /dev/nullb0: Can't open blockdev
[  304.359612][ T9959] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=9959 comm=syz.1.1084
[  304.469928][   T30] audit: type=1400 audit(1753614624.769:617): avc:  denied  { read } for  pid=9960 comm="syz.1.1085" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  305.982012][ T5942] usb write operation failed. (-71)
[  306.158724][ T5942] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  306.224293][ T5942] dvbdev: DVB: registering new adapter (Terratec H7)
[  306.275014][ T5942] usb 4-1: media controller created
[  306.301679][ T5942] usb read operation failed. (-71)
[  306.481112][ T5942] usb write operation failed. (-71)
[  307.022149][ T9987] overlayfs: failed to resolve './file0': -2
[  307.053797][ T5942] dvb_usb_az6007 4-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  307.136159][ T5942] usb 4-1: USB disconnect, device number 17
[  307.465765][   T30] audit: type=1400 audit(1753614627.609:618): avc:  denied  { setopt } for  pid=10000 comm="syz.2.1097" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  307.653387][   T30] audit: type=1400 audit(1753614627.949:619): avc:  denied  { mounton } for  pid=9999 comm="syz.1.1096" path="/254/file0" dev="fuse" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1
[  308.064939][T10015] 9pnet_fd: Insufficient options for proto=fd
[  308.093897][   T30] audit: type=1400 audit(1753614627.949:620): avc:  denied  { mount } for  pid=9999 comm="syz.1.1096" name="/" dev="hugetlbfs" ino=23742 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  308.117895][   T30] audit: type=1400 audit(1753614628.369:621): avc:  denied  { mounton } for  pid=10013 comm="syz.4.1100" path="/syzcgroup/net/syz4/devices.allow" dev="cgroup" ino=220 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=file permissive=1
[  308.249747][T10017] Cannot find add_set index 0 as target
[  308.845101][T10015] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  308.884232][   T30] audit: type=1400 audit(1753614629.139:622): avc:  denied  { unmount } for  pid=5825 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:hugetlbfs_t tclass=filesystem permissive=1
[  309.036857][   T30] audit: type=1400 audit(1753614629.329:623): avc:  denied  { name_bind } for  pid=10025 comm="syz.3.1103" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  309.116649][   T30] audit: type=1400 audit(1753614629.419:624): avc:  denied  { connect } for  pid=10013 comm="syz.4.1100" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  309.192102][ T5901] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  309.349517][T10035] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10035 comm=syz.4.1106
[  309.392908][ T5901] usb 1-1: Using ep0 maxpacket: 8
[  309.469213][ T5901] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  309.491676][ T5901] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.500804][ T5942] usb 3-1: new full-speed USB device number 36 using dummy_hcd
[  309.508645][ T5901] usb 1-1: Product: syz
[  309.515357][ T5901] usb 1-1: Manufacturer: syz
[  309.519990][ T5901] usb 1-1: SerialNumber: syz
[  309.534971][T10037] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1107'.
[  309.537712][ T5901] usb 1-1: config 0 descriptor??
[  309.706025][ T5942] usb 3-1: config index 0 descriptor too short (expected 20, got 18)
[  309.727147][T10043] netlink: 'syz.3.1110': attribute type 4 has an invalid length.
[  309.752512][ T5942] usb 3-1: config 0 has an invalid interface number: 93 but max is 0
[  309.768895][ T5942] usb 3-1: config 0 has no interface number 0
[  309.785111][ T5942] usb 3-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  309.795840][ T5942] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.809929][ T5942] usb 3-1: Product: syz
[  309.818754][ T5942] usb 3-1: Manufacturer: syz
[  309.828476][ T5942] usb 3-1: SerialNumber: syz
[  309.893781][ T5942] usb 3-1: config 0 descriptor??
[  310.387661][ T5901] usb 1-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  310.414363][ T5942] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  310.440937][ T5942] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  310.457848][ T5942] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  310.487748][T10050] /dev/nullb0: Can't open blockdev
[  310.497551][ T5942] usb 3-1: media controller created
[  310.561968][ T5942] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  311.185081][ T5942] DVB: Unable to find symbol dib7000p_attach()
[  311.195377][ T5942] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  311.205885][ T5942] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  311.228708][ T5942] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  311.268547][ T5942] usb 3-1: media controller created
[  311.288946][ T5942] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  311.309634][ T5942] dib0700: the master dib7090 has to be initialized first
[  311.327985][ T5942] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  311.470888][ T5942] rc_core: IR keymap rc-dib0700-rc5 not found
[  311.488555][ T5942] Registered IR keymap rc-empty
[  311.495140][ T5942] dvb-usb: could not initialize remote control.
[  311.504027][ T5942] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[  311.538343][ T5942] usb 3-1: USB disconnect, device number 36
[  312.041855][T10068] netlink: 156 bytes leftover after parsing attributes in process `syz.3.1115'.
[  312.052371][T10068] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1115'.
[  312.058970][ T5942] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[  312.446144][ T5901] usb write operation failed. (-71)
[  312.467452][ T5901] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  312.504380][ T5901] dvbdev: DVB: registering new adapter (Terratec H7)
[  312.513768][ T5901] usb 1-1: media controller created
[  312.519367][ T5901] usb read operation failed. (-71)
[  312.527097][ T5901] usb write operation failed. (-71)
[  312.614593][ T5901] dvb_usb_az6007 1-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  312.677193][ T5901] usb 1-1: USB disconnect, device number 29
[  312.693064][T10074] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10074 comm=syz.4.1118
[  312.978103][T10087] netlink: 'syz.0.1124': attribute type 4 has an invalid length.
[  313.113152][T10083] netlink: 'syz.3.1119': attribute type 1 has an invalid length.
[  313.195864][T10083] bond0: entered promiscuous mode
[  313.201339][T10083] 8021q: adding VLAN 0 to HW filter on device bond0
[  313.549200][T10088] 8021q: adding VLAN 0 to HW filter on device bond0
[  313.577638][T10088] bond0: (slave vxcan3): The slave device specified does not support setting the MAC address
[  313.598829][T10088] bond0: (slave vxcan3): Setting fail_over_mac to active for active-backup mode
[  313.615243][T10088] bond0: (slave vxcan3): making interface the new active one
[  313.624947][T10088] vxcan3: entered promiscuous mode
[  313.633313][T10088] bond0: (slave vxcan3): Enslaving as an active interface with an up link
[  313.703576][T10083] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1792 sclass=netlink_route_socket pid=10083 comm=syz.3.1119
[  313.716373][ T5942] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  313.914014][ T5942] usb 5-1: Using ep0 maxpacket: 32
[  314.947554][ T5942] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  314.959917][ T5942] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  314.970485][ T5942] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  314.979523][ T5942] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  314.998740][ T5942] usb 5-1: config 0 descriptor??
[  315.140824][ T5942] hub 5-1:0.0: USB hub found
[  315.775639][ T5942] hub 5-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  316.107352][T10129] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1133'.
[  316.182938][T10092] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  316.195136][T10092] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  316.725592][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  316.738458][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  316.774110][ T5942] hid-generic 0003:046D:C31C.0009: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.4-1/input0
[  316.826328][ T5942] usb 5-1: USB disconnect, device number 25
[  316.849054][T10134] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10134 comm=syz.2.1134
[  316.996322][T10132] fido_id[10132]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  317.629774][T10122] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  318.125839][T10153] netlink: 'syz.0.1138': attribute type 4 has an invalid length.
[  320.447861][T10175] netlink: 'syz.1.1145': attribute type 4 has an invalid length.
[  320.949298][T10180] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10180 comm=syz.0.1146
[  322.776313][   T30] audit: type=1400 audit(1753614642.919:625): avc:  denied  { mount } for  pid=10200 comm="syz.0.1152" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  322.954404][ T5831] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  323.053679][T10215] netlink: 'syz.4.1156': attribute type 4 has an invalid length.
[  323.067662][   T30] audit: type=1400 audit(1753614643.369:626): avc:  denied  { unmount } for  pid=5827 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  323.511239][ T5831] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  323.593720][ T5831] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  323.856544][T10228] overlayfs: failed to resolve './file0': -2
[  323.937634][T10230] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10230 comm=syz.0.1159
[  323.951562][ T5831] usb 2-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00
[  323.967569][ T5831] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  323.977773][ T5831] usb 2-1: config 0 descriptor??
[  324.278447][T10235] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1161'.
[  324.299019][T10235] netem: invalid attributes len -4
[  324.305959][T10235] netem: change failed
[  324.325050][T10237] netlink: 'syz.0.1162': attribute type 4 has an invalid length.
[  324.485936][ T5831] hid-led 0003:1D34:0004.000A: item fetching failed at offset 5/7
[  324.832130][ T5831] hid-led 0003:1D34:0004.000A: probe with driver hid-led failed with error -22
[  324.843588][T10244] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1161'.
[  324.934672][ T5831] usb 2-1: USB disconnect, device number 22
[  326.667684][T10244]  (unregistering): (slave bond_slave_0): Releasing backup interface
[  326.678080][T10244]  (unregistering): (slave bond_slave_1): Releasing backup interface
[  326.794436][T10244]  (unregistering): Released all slaves
[  327.578000][T10277] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10277 comm=syz.4.1170
[  327.667728][T10281] netlink: 'syz.3.1173': attribute type 4 has an invalid length.
[  328.492942][   T30] audit: type=1400 audit(1753614648.799:627): avc:  denied  { map } for  pid=10289 comm="syz.4.1176" path="/dev/comedi4" dev="devtmpfs" ino=1280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  328.538631][T10295] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  328.631851][   T30] audit: type=1400 audit(1753614648.799:628): avc:  denied  { execute } for  pid=10289 comm="syz.4.1176" path="/dev/comedi4" dev="devtmpfs" ino=1280 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  328.661271][T10295] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1176'.
[  328.802327][   T30] audit: type=1400 audit(1753614648.959:629): avc:  denied  { bind } for  pid=10289 comm="syz.4.1176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  328.906883][T10305] overlayfs: failed to resolve './file0': -2
[  328.924434][T10303] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1176'.
[  329.019870][T10303] bridge0: port 2(bridge_slave_1) entered disabled state
[  329.029349][T10303] bridge_slave_1: left allmulticast mode
[  329.039155][T10303] bridge_slave_1: left promiscuous mode
[  329.047275][T10303] bridge0: port 2(bridge_slave_1) entered disabled state
[  329.083055][T10303] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  330.026805][T10328] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1184'.
[  330.038182][T10328] netem: invalid attributes len -4
[  330.048463][T10328] netem: change failed
[  330.402276][T10337] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1184'.
[  330.537174][T10339] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10339 comm=syz.3.1186
[  330.695027][T10351] trusted_key: encrypted_key: insufficient parameters specified
[  331.506886][T10337]  (unregistering): (slave bond_slave_0): Releasing backup interface
[  331.598143][T10337]  (unregistering): (slave bond_slave_1): Releasing backup interface
[  331.634423][T10337]  (unregistering): Released all slaves
[  331.675744][   T30] audit: type=1400 audit(1753614651.959:630): avc:  denied  { create } for  pid=10349 comm="syz.4.1191" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  331.729934][T10344] netlink: 'syz.0.1189': attribute type 4 has an invalid length.
[  331.862173][   T30] audit: type=1400 audit(1753614651.959:631): avc:  denied  { ioctl } for  pid=10349 comm="syz.4.1191" path="socket:[24398]" dev="sockfs" ino=24398 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  331.932135][T10360] netlink: 'syz.3.1192': attribute type 10 has an invalid length.
[  331.950797][T10360] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1192'.
[  333.327115][T10384] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10384 comm=syz.4.1198
[  333.889362][T10399] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10399 comm=syz.4.1204
[  333.938369][T10401] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1205'.
[  333.972529][T10401] netem: invalid attributes len -4
[  333.977712][T10401] netem: change failed
[  334.111090][   T30] audit: type=1400 audit(1753614654.419:632): avc:  denied  { ioctl } for  pid=10404 comm="syz.0.1207" path="socket:[24475]" dev="sockfs" ino=24475 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  334.872906][T10417] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1205'.
[  335.441486][T10435] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10435 comm=syz.4.1213
[  336.772370][T10448] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1218'.
[  336.874528][ T5901] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  337.007651][T10453] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10453 comm=syz.2.1219
[  337.125447][ T5901] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  337.136003][ T5901] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping
[  337.154667][ T5901] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  337.171775][ T5901] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  337.305734][ T5901] usb 1-1: config 1 has no interface number 1
[  337.411676][ T5901] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  338.086014][ T5901] usb 1-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  338.274511][ T5901] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  338.291734][ T5901] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  338.309850][ T5901] usb 1-1: Product: syz
[  338.319948][ T5901] usb 1-1: Manufacturer: syz
[  338.363803][ T5901] usb 1-1: SerialNumber: syz
[  339.377642][T10468] comedi comedi0: mpc624: I/O port conflict (0xee,16)
[  339.714769][   T30] audit: type=1400 audit(1753614660.019:633): avc:  denied  { create } for  pid=10441 comm="syz.0.1215" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  339.918621][ T5901] usb 1-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0
[  339.942459][ T5901] usb 1-1: MIDIStreaming interface descriptor not found
[  339.983883][T10476] netlink: 'syz.1.1226': attribute type 4 has an invalid length.
[  340.158728][ T5901] usb 1-1: USB disconnect, device number 30
[  341.049559][T10487] netlink: 'syz.0.1229': attribute type 4 has an invalid length.
[  341.317287][T10493] /dev/nullb0: Can't open blockdev
[  341.653080][T10496] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10496 comm=syz.3.1231
[  343.027225][T10511] netlink: 'syz.2.1236': attribute type 4 has an invalid length.
[  343.319030][T10517] /dev/nullb0: Can't open blockdev
[  345.076778][   T78] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[  345.304645][   T78] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  345.315658][   T78] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  345.333679][T10539] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1243'.
[  345.343383][   T78] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  345.357788][   T78] usb 1-1: config 0 descriptor??
[  345.381132][   T30] audit: type=1400 audit(1753614665.679:634): avc:  denied  { block_suspend } for  pid=10538 comm="syz.4.1243" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  345.418459][   T78] pwc: Askey VC010 type 2 USB webcam detected.
[  345.429244][T10542] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10542 comm=syz.3.1245
[  345.440888][T10543] netlink: 'syz.2.1244': attribute type 4 has an invalid length.
[  345.823658][   T78] pwc: recv_control_msg error -32 req 02 val 2b00
[  346.195157][   T78] pwc: recv_control_msg error -71 req 02 val 2c00
[  346.210663][   T78] pwc: recv_control_msg error -71 req 04 val 1000
[  346.218603][   T78] pwc: recv_control_msg error -71 req 04 val 1300
[  346.238639][   T78] pwc: recv_control_msg error -71 req 04 val 1400
[  346.247691][   T78] pwc: recv_control_msg error -71 req 02 val 2000
[  346.258881][   T78] pwc: recv_control_msg error -71 req 02 val 2100
[  346.282646][   T78] pwc: recv_control_msg error -71 req 04 val 1500
[  346.292269][   T78] pwc: recv_control_msg error -71 req 02 val 2500
[  346.305351][   T78] pwc: recv_control_msg error -71 req 02 val 2400
[  346.317561][   T78] pwc: recv_control_msg error -71 req 02 val 2600
[  346.326896][T10555] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10555 comm=syz.3.1247
[  346.329052][   T78] pwc: recv_control_msg error -71 req 02 val 2900
[  346.392219][   T78] pwc: recv_control_msg error -71 req 02 val 2800
[  346.441798][   T78] pwc: recv_control_msg error -71 req 04 val 1100
[  346.488501][   T78] pwc: recv_control_msg error -71 req 04 val 1200
[  346.577895][T10559] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10559 comm=syz.1.1249
[  346.583984][   T78] pwc: Registered as video103.
[  346.648273][   T78] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input20
[  346.806635][T10569] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1253'.
[  346.810296][   T78] usb 1-1: USB disconnect, device number 31
[  346.817657][T10569] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1253'.
[  346.848044][T10569] syz_tun: entered promiscuous mode
[  346.915808][T10569] syz_tun: left promiscuous mode
[  347.086330][T10574] overlayfs: failed to resolve './file0': -2
[  348.357122][T10590] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1255'.
[  348.923628][T10588] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10588 comm=syz.0.1258
[  349.123475][T10599] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10599 comm=syz.3.1261
[  349.215215][T10602] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1259'.
[  349.553993][T10611] netlink: 'syz.3.1265': attribute type 4 has an invalid length.
[  350.882473][ T5887] usb 1-1: new high-speed USB device number 32 using dummy_hcd
[  351.019684][T10643] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10643 comm=syz.4.1274
[  351.062903][ T5887] usb 1-1: Using ep0 maxpacket: 16
[  351.072321][ T5887] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  351.117032][ T5887] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  351.128015][ T5887] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  351.138110][ T5887] usb 1-1: Product: syz
[  351.149291][ T5887] usb 1-1: Manufacturer: syz
[  351.158159][ T5887] usb 1-1: SerialNumber: syz
[  351.167101][ T5887] usb 1-1: config 0 descriptor??
[  351.274877][ T5887] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  351.972391][ T5887] em28xx 1-1:0.0: DVB interface 0 found: bulk
[  352.009202][T10634] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1270'.
[  352.492921][ T5887] em28xx 1-1:0.0: unknown em28xx chip ID (0)
[  352.589981][ T5887] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  352.605439][ T5887] em28xx 1-1:0.0: board has no eeprom
[  352.682953][ T5887] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  352.704675][ T5887] em28xx 1-1:0.0: dvb set to bulk mode.
[  352.724226][   T10] em28xx 1-1:0.0: Binding DVB extension
[  352.724398][T10658] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10658 comm=syz.1.1277
[  352.749422][ T5887] usb 1-1: USB disconnect, device number 32
[  352.812787][ T5887] em28xx 1-1:0.0: Disconnecting em28xx
[  352.905474][   T10] em28xx 1-1:0.0: Registering input extension
[  352.933246][ T5887] em28xx 1-1:0.0: Closing input extension
[  353.012807][ T5887] em28xx 1-1:0.0: Freeing device
[  353.213111][   T30] audit: type=1400 audit(1753614673.489:635): avc:  denied  { bind } for  pid=10666 comm="syz.1.1281" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  353.687888][   T10] usb 2-1: new low-speed USB device number 23 using dummy_hcd
[  353.774796][T10690] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10690 comm=syz.0.1288
[  353.848795][   T10] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  353.862355][   T10] usb 2-1: config 179 has no interface number 0
[  353.875948][   T10] usb 2-1: config 179 interface 65 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87
[  353.981792][   T10] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 10
[  354.009960][   T10] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x87 has invalid maxpacket 65535, setting to 8
[  354.025362][   T10] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  354.223005][   T10] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  354.261979][   T10] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  354.276142][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  354.332038][T10704] netlink: 212368 bytes leftover after parsing attributes in process `syz.4.1292'.
[  354.354861][T10669] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  354.396386][T10706] netlink: 'syz.0.1293': attribute type 4 has an invalid length.
[  354.492343][ T5887] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  354.599811][ T5880] usb 2-1: USB disconnect, device number 23
[  355.206842][ T5887] usb 4-1: Using ep0 maxpacket: 8
[  355.314606][ T5887] usb 4-1: config 0 has an invalid interface number: 33 but max is 1
[  355.325931][ T5887] usb 4-1: config 0 has no interface number 1
[  355.334204][ T5887] usb 4-1: config 0 interface 33 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7
[  355.347752][ T5887] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 247
[  355.437379][ T5887] usb 4-1: New USB device found, idVendor=2040, idProduct=2950, bcdDevice=85.f1
[  355.448864][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  355.464032][ T5887] usb 4-1: Product: syz
[  355.468192][ T5887] usb 4-1: Manufacturer: syz
[  355.475531][ T5887] usb 4-1: SerialNumber: syz
[  355.505443][ T5887] usb 4-1: config 0 descriptor??
[  355.559671][ T5887] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx
[  356.398982][T10729] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10729 comm=syz.2.1299
[  357.646884][ T5887] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx
[  357.663094][ T5887] usb 4-1: USB disconnect, device number 18
[  357.669769][ T5887] pvrusb2: Device being rendered inoperable
[  357.684141][ T5887] pvrusb2: Device being rendered inoperable
[  357.788347][T10750] 9pnet_fd: Insufficient options for proto=fd
[  357.961998][   T30] audit: type=1400 audit(1753614678.269:636): avc:  denied  { connect } for  pid=10748 comm="syz.3.1308" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  358.885178][T10769] netlink: 'syz.2.1307': attribute type 5 has an invalid length.
[  359.105201][T10774] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1311'.
[  359.164798][T10774] netem: invalid attributes len -4
[  359.406850][T10781] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10781 comm=syz.3.1313
[  359.469611][T10782] netlink: 14 bytes leftover after parsing attributes in process `syz.4.1311'.
[  360.332073][T10782]  (unregistering): (slave bond_slave_0): Releasing backup interface
[  360.423482][T10782]  (unregistering): (slave bond_slave_1): Releasing backup interface
[  360.569160][T10782]  (unregistering): Released all slaves
[  361.421429][T10811] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1323'.
[  361.712314][T10811] netlink: 'syz.3.1323': attribute type 9 has an invalid length.
[  363.382992][T10834] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10834 comm=syz.4.1329
[  363.428510][   T10] usb 4-1: new full-speed USB device number 19 using dummy_hcd
[  363.525675][T10843] netlink: 'syz.4.1332': attribute type 1 has an invalid length.
[  363.556377][T10843] 8021q: adding VLAN 0 to HW filter on device bond0
[  363.584310][   T10] usb 4-1: config index 0 descriptor too short (expected 20, got 18)
[  363.604962][   T10] usb 4-1: config 0 has an invalid interface number: 93 but max is 0
[  363.610719][T10843] vlan0: entered allmulticast mode
[  363.614636][   T10] usb 4-1: config 0 has no interface number 0
[  363.627034][T10843] team0: entered allmulticast mode
[  363.628316][   T10] usb 4-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  363.643042][T10843] team_slave_0: entered allmulticast mode
[  363.643115][T10843] team_slave_1: entered allmulticast mode
[  363.662395][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  363.664283][T10843] bond0: (slave vlan0): making interface the new active one
[  363.672457][   T10] usb 4-1: Product: syz
[  363.685265][   T10] usb 4-1: Manufacturer: syz
[  363.692834][   T10] usb 4-1: SerialNumber: syz
[  363.699582][   T10] usb 4-1: config 0 descriptor??
[  363.712434][ T5880] usb 1-1: new full-speed USB device number 33 using dummy_hcd
[  363.714956][T10843] bond0: (slave vlan0): Enslaving as an active interface with an up link
[  363.869732][T10855] overlayfs: workdir and upperdir must be separate subtrees
[  363.873800][ T5880] usb 1-1: config index 0 descriptor too short (expected 4379, got 27)
[  363.888088][ T5880] usb 1-1: config 150 has an invalid descriptor of length 130, skipping remainder of the config
[  363.901817][ T5880] usb 1-1: config 150 has 0 interfaces, different from the descriptor's value: 16
[  363.916113][   T10] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  363.928875][ T5880] usb 1-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=e6.39
[  363.958222][   T10] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  363.986012][ T5880] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.036463][   T30] audit: type=1400 audit(1753614684.319:637): avc:  denied  { listen } for  pid=10853 comm="syz.2.1337" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  364.036819][ T5880] usb 1-1: Product: syz
[  364.172620][   T10] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  364.228287][   T10] usb 4-1: media controller created
[  364.316240][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  364.368340][ T5880] usb 1-1: Manufacturer: syz
[  364.376939][ T5880] usb 1-1: SerialNumber: syz
[  364.476198][   T10] DVB: Unable to find symbol dib7000p_attach()
[  364.493302][   T10] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  364.507741][   T10] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  364.566923][   T10] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  364.578510][   T10] usb 4-1: media controller created
[  364.597284][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  364.778784][T10865] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1331'.
[  364.794797][T10865] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1331'.
[  364.890207][   T30] audit: type=1400 audit(1753614685.189:638): avc:  denied  { getopt } for  pid=10839 comm="syz.0.1331" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  364.892952][   T10] dib0700: the master dib7090 has to be initialized first
[  365.024138][T10872] netlink: 'syz.4.1340': attribute type 4 has an invalid length.
[  365.045979][   T10] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  365.060955][T10870] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  365.144652][ T5880] usb 1-1: USB disconnect, device number 33
[  365.199387][T10877] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10877 comm=syz.3.1342
[  365.351964][   T10] rc_core: IR keymap rc-dib0700-rc5 not found
[  365.359245][   T10] Registered IR keymap rc-empty
[  365.379878][   T10] dvb-usb: could not initialize remote control.
[  365.413026][   T10] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[  365.456785][   T10] usb 4-1: USB disconnect, device number 19
[  365.588853][   T10] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[  366.248612][T10892] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1346'.
[  367.204456][T10901] trusted_key: encrypted_key: insufficient parameters specified
[  367.626091][ T5880] usb 2-1: new full-speed USB device number 24 using dummy_hcd
[  367.813147][ T5880] usb 2-1: config index 0 descriptor too short (expected 20, got 18)
[  367.823864][ T5880] usb 2-1: config 0 has an invalid interface number: 93 but max is 0
[  367.872441][ T5880] usb 2-1: config 0 has no interface number 0
[  367.889360][ T5880] usb 2-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  367.899746][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.925360][ T5880] usb 2-1: Product: syz
[  367.929553][ T5880] usb 2-1: Manufacturer: syz
[  367.975892][ T5880] usb 2-1: SerialNumber: syz
[  368.025004][ T5880] usb 2-1: config 0 descriptor??
[  368.252516][T10922] ref_tracker: memory allocation failure, unreliable refcount tracker.
[  368.263725][ T5880] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  368.315296][ T5880] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  368.341581][ T5880] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  368.357332][ T5880] usb 2-1: media controller created
[  368.371744][ T5880] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  368.476975][ T5880] DVB: Unable to find symbol dib7000p_attach()
[  368.503131][ T5880] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  368.551842][ T5880] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  368.586670][ T5880] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  368.643656][ T5880] usb 2-1: media controller created
[  368.763046][ T5880] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  368.809018][ T5880] dib0700: the master dib7090 has to be initialized first
[  368.818601][ T5880] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  369.082340][ T5880] rc_core: IR keymap rc-dib0700-rc5 not found
[  369.089333][ T5880] Registered IR keymap rc-empty
[  369.118484][ T5880] dvb-usb: could not initialize remote control.
[  369.167349][ T5880] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[  369.333612][ T5880] usb 2-1: USB disconnect, device number 24
[  369.386078][ T5880] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[  370.327386][T10961] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  370.648023][T10982] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=10982 comm=syz.1.1373
[  370.714524][   T30] audit: type=1400 audit(1753614691.019:639): avc:  denied  { read } for  pid=10983 comm="syz.4.1374" name="btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  370.757716][   T30] audit: type=1400 audit(1753614691.049:640): avc:  denied  { open } for  pid=10983 comm="syz.4.1374" path="/dev/btrfs-control" dev="devtmpfs" ino=1316 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[  371.090676][ T5831] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  371.266373][ T5831] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7
[  371.285422][ T5831] usb 5-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94
[  371.296549][ T5831] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.352562][ T5831] usb 5-1: config 0 descriptor??
[  371.904905][ T5831] usb 5-1: USB disconnect, device number 26
[  372.002769][T11013] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11013 comm=syz.3.1383
[  372.193429][T11019] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11019 comm=syz.3.1386
[  372.352948][ T5880] usb 1-1: new high-speed USB device number 34 using dummy_hcd
[  373.071803][ T5880] usb 1-1: Using ep0 maxpacket: 8
[  373.082494][ T5880] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  373.298320][ T5880] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  373.308714][ T5880] usb 1-1: Product: syz
[  373.314756][ T5880] usb 1-1: Manufacturer: syz
[  373.319885][ T5880] usb 1-1: SerialNumber: syz
[  373.329207][ T5880] usb 1-1: config 0 descriptor??
[  373.583072][ T5880] usb 1-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  373.605773][T11035] FAULT_INJECTION: forcing a failure.
[  373.605773][T11035] name failslab, interval 1, probability 0, space 0, times 0
[  373.622167][T11035] CPU: 0 UID: 0 PID: 11035 Comm: syz.4.1391 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[  373.622186][T11035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  373.622193][T11035] Call Trace:
[  373.622197][T11035]  <TASK>
[  373.622201][T11035]  dump_stack_lvl+0x16c/0x1f0
[  373.622223][T11035]  should_fail_ex+0x512/0x640
[  373.622239][T11035]  ? __kmalloc_noprof+0xbf/0x510
[  373.622259][T11035]  ? lsm_blob_alloc+0x68/0x90
[  373.622271][T11035]  should_failslab+0xc2/0x120
[  373.622281][T11035]  __kmalloc_noprof+0xd2/0x510
[  373.622300][T11035]  lsm_blob_alloc+0x68/0x90
[  373.622312][T11035]  security_sk_alloc+0x30/0x270
[  373.622328][T11035]  sk_prot_alloc+0x1c7/0x2a0
[  373.622343][T11035]  sk_alloc+0x36/0xc20
[  373.622359][T11035]  bpf_prog_test_run_skb+0x330/0x2280
[  373.622372][T11035]  ? __fget_files+0x204/0x3c0
[  373.622384][T11035]  ? __fget_files+0x20e/0x3c0
[  373.622392][T11035]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  373.622406][T11035]  ? fput+0x70/0xf0
[  373.622418][T11035]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  373.622429][T11035]  __sys_bpf+0x170a/0x4ea0
[  373.622447][T11035]  ? __pfx___sys_bpf+0x10/0x10
[  373.622461][T11035]  ? ksys_write+0x190/0x250
[  373.622478][T11035]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  373.622497][T11035]  ? fput+0x70/0xf0
[  373.622507][T11035]  ? ksys_write+0x1ac/0x250
[  373.622521][T11035]  ? __pfx_ksys_write+0x10/0x10
[  373.622539][T11035]  __x64_sys_bpf+0x78/0xc0
[  373.622553][T11035]  ? lockdep_hardirqs_on+0x7c/0x110
[  373.622569][T11035]  do_syscall_64+0xcd/0x4c0
[  373.622580][T11035]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.622591][T11035] RIP: 0033:0x7efec418e9a9
[  373.622599][T11035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  373.622609][T11035] RSP: 002b:00007efec4fed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  373.622619][T11035] RAX: ffffffffffffffda RBX: 00007efec43b5fa0 RCX: 00007efec418e9a9
[  373.622626][T11035] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a
[  373.622632][T11035] RBP: 00007efec4fed090 R08: 0000000000000000 R09: 0000000000000000
[  373.622638][T11035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  373.622644][T11035] R13: 0000000000000000 R14: 00007efec43b5fa0 R15: 00007fff952f0b78
[  373.622657][T11035]  </TASK>
[  374.619317][T11048] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11048 comm=syz.1.1396
[  374.962716][   T10] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  375.151878][   T10] usb 4-1: device descriptor read/64, error -71
[  375.402550][   T10] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  375.611932][   T10] usb 4-1: device descriptor read/64, error -71
[  375.698956][T11065] FAULT_INJECTION: forcing a failure.
[  375.698956][T11065] name failslab, interval 1, probability 0, space 0, times 0
[  375.714781][T11065] CPU: 1 UID: 0 PID: 11065 Comm: syz.2.1403 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[  375.714805][T11065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  375.714815][T11065] Call Trace:
[  375.714821][T11065]  <TASK>
[  375.714827][T11065]  dump_stack_lvl+0x16c/0x1f0
[  375.714857][T11065]  should_fail_ex+0x512/0x640
[  375.714884][T11065]  should_failslab+0xc2/0x120
[  375.714902][T11065]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  375.714928][T11065]  ? skb_clone+0x190/0x3f0
[  375.714948][T11065]  skb_clone+0x190/0x3f0
[  375.714965][T11065]  netlink_deliver_tap+0xabd/0xd30
[  375.714990][T11065]  netlink_unicast+0x62f/0x850
[  375.715013][T11065]  ? __pfx_netlink_unicast+0x10/0x10
[  375.715040][T11065]  netlink_sendmsg+0x8d1/0xdd0
[  375.715063][T11065]  ? __pfx_netlink_sendmsg+0x10/0x10
[  375.715093][T11065]  ____sys_sendmsg+0xa98/0xc70
[  375.715114][T11065]  ? copy_msghdr_from_user+0x10a/0x160
[  375.715130][T11065]  ? __pfx_____sys_sendmsg+0x10/0x10
[  375.715163][T11065]  ___sys_sendmsg+0x134/0x1d0
[  375.715180][T11065]  ? __pfx____sys_sendmsg+0x10/0x10
[  375.715194][T11065]  ? __lock_acquire+0x622/0x1c90
[  375.715241][T11065]  __sys_sendmsg+0x16d/0x220
[  375.715257][T11065]  ? __pfx___sys_sendmsg+0x10/0x10
[  375.715290][T11065]  do_syscall_64+0xcd/0x4c0
[  375.715309][T11065]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  375.715325][T11065] RIP: 0033:0x7efe21d8e9a9
[  375.715337][T11065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  375.715352][T11065] RSP: 002b:00007efe22b7e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  375.715368][T11065] RAX: ffffffffffffffda RBX: 00007efe21fb5fa0 RCX: 00007efe21d8e9a9
[  375.715379][T11065] RDX: 0000000004000000 RSI: 0000200000000200 RDI: 0000000000000003
[  375.715389][T11065] RBP: 00007efe22b7e090 R08: 0000000000000000 R09: 0000000000000000
[  375.715399][T11065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  375.715408][T11065] R13: 0000000000000000 R14: 00007efe21fb5fa0 R15: 00007fff4f82d5a8
[  375.715430][T11065]  </TASK>
[  375.716065][ T5880] usb write operation failed. (-71)
[  375.860940][T11065] bridge0: port 2(bridge_slave_1) entered disabled state
[  375.879134][   T10] usb usb4-port1: attempt power cycle
[  376.003161][ T5880] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  376.017912][ T5880] dvbdev: DVB: registering new adapter (Terratec H7)
[  376.029150][ T5880] usb 1-1: media controller created
[  376.044359][ T5880] usb read operation failed. (-71)
[  376.107891][ T5880] usb write operation failed. (-71)
[  376.217525][ T5880] dvb_usb_az6007 1-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  376.421788][   T10] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  376.454520][   T10] usb 4-1: device descriptor read/8, error -71
[  376.468632][ T5880] usb 1-1: USB disconnect, device number 34
[  376.469650][T11088] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11088 comm=syz.4.1409
[  376.812351][   T10] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  376.943503][T11093] netlink: 'syz.2.1411': attribute type 4 has an invalid length.
[  376.956893][T11093] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1411'.
[  377.109107][   T10] usb 4-1: device descriptor read/8, error -71
[  377.189448][T11097] FAULT_INJECTION: forcing a failure.
[  377.189448][T11097] name failslab, interval 1, probability 0, space 0, times 0
[  377.234320][T11099] FAULT_INJECTION: forcing a failure.
[  377.234320][T11099] name failslab, interval 1, probability 0, space 0, times 0
[  377.249060][T11097] CPU: 1 UID: 0 PID: 11097 Comm: syz.1.1412 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[  377.249083][T11097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  377.249093][T11097] Call Trace:
[  377.249098][T11097]  <TASK>
[  377.249104][T11097]  dump_stack_lvl+0x16c/0x1f0
[  377.249135][T11097]  should_fail_ex+0x512/0x640
[  377.249162][T11097]  should_failslab+0xc2/0x120
[  377.249179][T11097]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  377.249203][T11097]  ? skb_clone+0x190/0x3f0
[  377.249224][T11097]  skb_clone+0x190/0x3f0
[  377.249240][T11097]  netlink_deliver_tap+0xabd/0xd30
[  377.249263][T11097]  netlink_unicast+0x62f/0x850
[  377.249284][T11097]  ? __pfx_netlink_unicast+0x10/0x10
[  377.249307][T11097]  netlink_sendmsg+0x8d1/0xdd0
[  377.249328][T11097]  ? __pfx_netlink_sendmsg+0x10/0x10
[  377.249355][T11097]  ____sys_sendmsg+0xa98/0xc70
[  377.249377][T11097]  ? copy_msghdr_from_user+0x10a/0x160
[  377.249392][T11097]  ? __pfx_____sys_sendmsg+0x10/0x10
[  377.249421][T11097]  ___sys_sendmsg+0x134/0x1d0
[  377.249444][T11097]  ? __pfx____sys_sendmsg+0x10/0x10
[  377.249458][T11097]  ? __lock_acquire+0x622/0x1c90
[  377.249500][T11097]  __sys_sendmsg+0x16d/0x220
[  377.249517][T11097]  ? __pfx___sys_sendmsg+0x10/0x10
[  377.249548][T11097]  do_syscall_64+0xcd/0x4c0
[  377.249567][T11097]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.249582][T11097] RIP: 0033:0x7f231538e9a9
[  377.249595][T11097] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  377.249608][   T10] usb usb4-port1: unable to enumerate USB device
[  377.249610][T11097] RSP: 002b:00007f2316207038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  377.249627][T11097] RAX: ffffffffffffffda RBX: 00007f23155b5fa0 RCX: 00007f231538e9a9
[  377.249637][T11097] RDX: 0000000000000000 RSI: 0000200000000180 RDI: 0000000000000005
[  377.249646][T11097] RBP: 00007f2316207090 R08: 0000000000000000 R09: 0000000000000000
[  377.249654][T11097] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  377.249663][T11097] R13: 0000000000000000 R14: 00007f23155b5fa0 R15: 00007fff9a6bb5c8
[  377.249684][T11097]  </TASK>
[  377.260090][T11099] CPU: 1 UID: 0 PID: 11099 Comm: syz.0.1414 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[  377.260111][T11099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  377.260120][T11099] Call Trace:
[  377.260125][T11099]  <TASK>
[  377.260130][T11099]  dump_stack_lvl+0x16c/0x1f0
[  377.260156][T11099]  should_fail_ex+0x512/0x640
[  377.260182][T11099]  should_failslab+0xc2/0x120
[  377.260197][T11099]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  377.260219][T11099]  ? skb_clone+0x190/0x3f0
[  377.260237][T11099]  skb_clone+0x190/0x3f0
[  377.260252][T11099]  netlink_deliver_tap+0xabd/0xd30
[  377.260273][T11099]  netlink_unicast+0x62f/0x850
[  377.260293][T11099]  ? __pfx_netlink_unicast+0x10/0x10
[  377.260316][T11099]  netlink_sendmsg+0x8d1/0xdd0
[  377.260337][T11099]  ? __pfx_netlink_sendmsg+0x10/0x10
[  377.260362][T11099]  ____sys_sendmsg+0xa98/0xc70
[  377.260381][T11099]  ? copy_msghdr_from_user+0x10a/0x160
[  377.260395][T11099]  ? __pfx_____sys_sendmsg+0x10/0x10
[  377.260423][T11099]  ___sys_sendmsg+0x134/0x1d0
[  377.260439][T11099]  ? __pfx____sys_sendmsg+0x10/0x10
[  377.260451][T11099]  ? __lock_acquire+0x622/0x1c90
[  377.260492][T11099]  __sys_sendmsg+0x16d/0x220
[  377.260507][T11099]  ? __pfx___sys_sendmsg+0x10/0x10
[  377.260535][T11099]  do_syscall_64+0xcd/0x4c0
[  377.260551][T11099]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.260576][T11099] RIP: 0033:0x7f8ed2d8e9a9
[  377.260588][T11099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  377.260601][T11099] RSP: 002b:00007f8ed3c84038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  377.260615][T11099] RAX: ffffffffffffffda RBX: 00007f8ed2fb5fa0 RCX: 00007f8ed2d8e9a9
[  377.260624][T11099] RDX: 0000000000004040 RSI: 0000200000000000 RDI: 0000000000000003
[  377.260633][T11099] RBP: 00007f8ed3c84090 R08: 0000000000000000 R09: 0000000000000000
[  377.260642][T11099] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  377.260651][T11099] R13: 0000000000000000 R14: 00007f8ed2fb5fa0 R15: 00007fff21949358
[  377.260671][T11099]  </TASK>
[  377.865854][T11101] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11101 comm=syz.3.1415
[  377.892469][ T5880] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  378.054430][ T5880] usb 5-1: Using ep0 maxpacket: 8
[  378.064484][ T5880] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  378.097565][ T1297] ieee802154 phy0 wpan0: encryption failed: -22
[  378.106289][ T1297] ieee802154 phy1 wpan1: encryption failed: -22
[  378.119693][ T5880] usb 5-1: config 179 has no interface number 0
[  378.129093][ T5880] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  378.144895][ T5880] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  378.158809][ T5880] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  378.176003][ T5880] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  378.195257][ T5880] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  378.283110][ T5880] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  378.354572][   T30] audit: type=1400 audit(1753614698.639:641): avc:  denied  { listen } for  pid=11103 comm="syz.0.1418" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  378.389135][ T5880] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  378.466749][T11096] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  378.599464][T11119] netlink: 'syz.1.1422': attribute type 1 has an invalid length.
[  378.637659][T11122] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11122 comm=syz.3.1423
[  378.758166][T11119] 8021q: adding VLAN 0 to HW filter on device bond3
[  378.832126][T11126] bond3: (slave veth3): Enslaving as an active interface with a down link
[  378.895102][T11128] veth1: entered promiscuous mode
[  378.910665][T11128] veth1: left promiscuous mode
[  378.956406][T11128] bond3: (slave vlan3): making interface the new active one
[  378.981946][T11128] veth1: entered promiscuous mode
[  378.989480][   T78] usb 5-1: USB disconnect, device number 27
[  378.989589][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  379.005997][    C0] dummy_hcd dummy_hcd.4: timer fired with no URBs pending?
[  379.033300][T11128] vlan3: entered promiscuous mode
[  379.067090][T11128] bond3: (slave vlan3): Enslaving as an active interface with an up link
[  379.079645][T11131] netlink: 'syz.2.1425': attribute type 4 has an invalid length.
[  379.091992][T11140] FAULT_INJECTION: forcing a failure.
[  379.091992][T11140] name failslab, interval 1, probability 0, space 0, times 0
[  379.209710][T11140] CPU: 0 UID: 0 PID: 11140 Comm: syz.0.1427 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[  379.209739][T11140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  379.209746][T11140] Call Trace:
[  379.209750][T11140]  <TASK>
[  379.209755][T11140]  dump_stack_lvl+0x16c/0x1f0
[  379.209778][T11140]  should_fail_ex+0x512/0x640
[  379.209795][T11140]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  379.209813][T11140]  should_failslab+0xc2/0x120
[  379.209824][T11140]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  379.209839][T11140]  ? bpf_ksym_find+0x127/0x1c0
[  379.209853][T11140]  ? fuse_request_alloc+0x22/0x200
[  379.209870][T11140]  fuse_request_alloc+0x22/0x200
[  379.209883][T11140]  fuse_get_req+0x748/0xfd0
[  379.209897][T11140]  ? arch_stack_walk+0xa6/0x100
[  379.209910][T11140]  ? __pfx_fuse_get_req+0x10/0x10
[  379.209934][T11140]  ? stack_trace_save+0x8e/0xc0
[  379.209948][T11140]  ? __pfx_stack_trace_save+0x10/0x10
[  379.209961][T11140]  ? stack_depot_save_flags+0x28/0xa40
[  379.209979][T11140]  __fuse_simple_request+0xb8/0xcb0
[  379.210006][T11140]  fuse_do_getattr+0x281/0x540
[  379.210021][T11140]  ? look_up_lock_class+0x6b/0x150
[  379.210044][T11140]  ? __pfx_fuse_do_getattr+0x10/0x10
[  379.210057][T11140]  ? register_lock_class+0x41/0x4c0
[  379.210093][T11140]  ? do_raw_spin_lock+0x12c/0x2b0
[  379.210111][T11140]  ? find_held_lock+0x2b/0x80
[  379.210132][T11140]  ? lockref_get_not_dead+0x6a/0x80
[  379.210154][T11140]  fuse_permission+0x4eb/0x670
[  379.210175][T11140]  ? __pfx_fuse_permission+0x10/0x10
[  379.210192][T11140]  inode_permission+0x377/0x630
[  379.210218][T11140]  may_open+0x111/0x470
[  379.210241][T11140]  path_openat+0x1354/0x2cb0
[  379.210272][T11140]  ? stack_trace_save+0x8e/0xc0
[  379.210294][T11140]  ? __pfx_path_openat+0x10/0x10
[  379.210316][T11140]  ? stack_depot_save_flags+0x28/0xa40
[  379.210348][T11140]  do_filp_open+0x20b/0x470
[  379.210371][T11140]  ? kasan_save_track+0x14/0x30
[  379.210394][T11140]  ? __pfx_do_filp_open+0x10/0x10
[  379.210415][T11140]  ? __x64_sys_execveat+0xc4/0x120
[  379.210435][T11140]  ? do_syscall_64+0xcd/0x4c0
[  379.210449][T11140]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  379.210495][T11140]  do_open_execat+0xf9/0x380
[  379.210519][T11140]  ? __pfx_do_open_execat+0x10/0x10
[  379.210551][T11140]  alloc_bprm+0x2d/0x6f0
[  379.210578][T11140]  do_execveat_common.isra.0+0x1ce/0x610
[  379.210608][T11140]  __x64_sys_execveat+0xda/0x120
[  379.210636][T11140]  do_syscall_64+0xcd/0x4c0
[  379.210654][T11140]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  379.210671][T11140] RIP: 0033:0x7f8ed2d8e9a9
[  379.210692][T11140] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  379.210709][T11140] RSP: 002b:00007f8ed3c63038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  379.210726][T11140] RAX: ffffffffffffffda RBX: 00007f8ed2fb6080 RCX: 00007f8ed2d8e9a9
[  379.210737][T11140] RDX: 0000000000000000 RSI: 0000200000001400 RDI: ffffffffffffff9c
[  379.210747][T11140] RBP: 00007f8ed3c63090 R08: 0000000000000000 R09: 0000000000000000
[  379.210756][T11140] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  379.210765][T11140] R13: 0000000000000001 R14: 00007f8ed2fb6080 R15: 00007fff21949358
[  379.210788][T11140]  </TASK>
[  380.109658][T11151] /dev/nullb0: Can't open blockdev
[  380.432402][ T5880] usb 1-1: new high-speed USB device number 35 using dummy_hcd
[  380.604415][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  380.644344][ T5880] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  380.657874][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  380.678946][ T5880] usb 1-1: config 0 descriptor??
[  380.756391][T11162] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11162 comm=syz.3.1434
[  380.889181][T11164] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11164 comm=syz.1.1436
[  380.995662][   T10] usb 3-1: new high-speed USB device number 37 using dummy_hcd
[  381.116408][T11176] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11176 comm=syz.1.1441
[  381.162604][   T10] usb 3-1: Using ep0 maxpacket: 8
[  381.196583][   T10] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  381.226952][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.239121][   T10] usb 3-1: Product: syz
[  381.247911][   T10] usb 3-1: Manufacturer: syz
[  381.265657][   T10] usb 3-1: SerialNumber: syz
[  381.276482][   T10] usb 3-1: config 0 descriptor??
[  381.321780][ T5887] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[  381.334074][ T5880] usbhid 1-1:0.0: can't add hid device: -71
[  381.396902][ T5880] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  381.509403][   T10] usb 3-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  381.542406][ T5887] usb 5-1: Using ep0 maxpacket: 16
[  381.553278][ T5887] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  381.574003][ T5880] usb 1-1: USB disconnect, device number 35
[  381.584071][ T5887] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  381.596480][ T5887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.614559][ T5887] usb 5-1: Product: syz
[  381.619604][ T5887] usb 5-1: Manufacturer: syz
[  381.625837][ T5887] usb 5-1: SerialNumber: syz
[  381.635876][ T5887] usb 5-1: config 0 descriptor??
[  381.867194][T11174] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  381.877418][T11174] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  381.927626][ T5887] usb 5-1: USB disconnect, device number 28
[  382.667877][T11200] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11200 comm=syz.4.1449
[  383.309549][T11206] FAULT_INJECTION: forcing a failure.
[  383.309549][T11206] name failslab, interval 1, probability 0, space 0, times 0
[  383.335409][T11206] CPU: 0 UID: 0 PID: 11206 Comm: syz.0.1451 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[  383.335435][T11206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  383.335444][T11206] Call Trace:
[  383.335449][T11206]  <TASK>
[  383.335455][T11206]  dump_stack_lvl+0x16c/0x1f0
[  383.335487][T11206]  should_fail_ex+0x512/0x640
[  383.335512][T11206]  ? __kvmalloc_node_noprof+0x124/0x620
[  383.335539][T11206]  should_failslab+0xc2/0x120
[  383.335555][T11206]  __kvmalloc_node_noprof+0x137/0x620
[  383.335577][T11206]  ? __pfx_try_to_wake_up+0x10/0x10
[  383.335598][T11206]  ? bpf_test_run_xdp_live+0x16b/0x500
[  383.335620][T11206]  ? bpf_test_run_xdp_live+0x16b/0x500
[  383.335635][T11206]  bpf_test_run_xdp_live+0x16b/0x500
[  383.335651][T11206]  ? lockdep_hardirqs_on+0x7c/0x110
[  383.335678][T11206]  ? __pfx_bpf_test_run_xdp_live+0x10/0x10
[  383.335697][T11206]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  383.335719][T11206]  ? __pfx_xdp_test_run_init_page+0x10/0x10
[  383.335735][T11206]  ? bpf_dispatcher_change_prog+0x54d/0xa80
[  383.335775][T11206]  ? __pfx_wait_rcu_exp_gp+0x10/0x10
[  383.335794][T11206]  ? 0xffffffffa02057c0
[  383.335810][T11206]  ? 0xffffffffa02057c0
[  383.335823][T11206]  ? 0xffffffffa02057c0
[  383.335842][T11206]  bpf_prog_test_run_xdp+0x824/0x1590
[  383.335868][T11206]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  383.335888][T11206]  ? __might_fault+0x20/0x190
[  383.335923][T11206]  ? fput+0x70/0xf0
[  383.335941][T11206]  ? __bpf_prog_get+0x97/0x2a0
[  383.335960][T11206]  ? __pfx_bpf_prog_test_run_xdp+0x10/0x10
[  383.335979][T11206]  __sys_bpf+0x170a/0x4ea0
[  383.336004][T11206]  ? __pfx___sys_bpf+0x10/0x10
[  383.336027][T11206]  ? ksys_write+0x190/0x250
[  383.336060][T11206]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  383.336091][T11206]  ? fput+0x70/0xf0
[  383.336109][T11206]  ? ksys_write+0x1ac/0x250
[  383.336132][T11206]  ? __pfx_ksys_write+0x10/0x10
[  383.336165][T11206]  __x64_sys_bpf+0x78/0xc0
[  383.336196][T11206]  ? lockdep_hardirqs_on+0x7c/0x110
[  383.336222][T11206]  do_syscall_64+0xcd/0x4c0
[  383.336241][T11206]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  383.336257][T11206] RIP: 0033:0x7f8ed2d8e9a9
[  383.336271][T11206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  383.336287][T11206] RSP: 002b:00007f8ed3c84038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  383.336303][T11206] RAX: ffffffffffffffda RBX: 00007f8ed2fb5fa0 RCX: 00007f8ed2d8e9a9
[  383.336314][T11206] RDX: 0000000000000048 RSI: 0000200000000600 RDI: 000000000000000a
[  383.336323][T11206] RBP: 00007f8ed3c84090 R08: 0000000000000000 R09: 0000000000000000
[  383.336333][T11206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  383.336343][T11206] R13: 0000000000000000 R14: 00007f8ed2fb5fa0 R15: 00007fff21949358
[  383.336366][T11206]  </TASK>
[  383.682328][T11210] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11210 comm=syz.3.1453
[  383.754767][   T10] usb write operation failed. (-71)
[  383.807733][   T10] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  383.822494][   T10] dvbdev: DVB: registering new adapter (Terratec H7)
[  383.829219][   T10] usb 3-1: media controller created
[  383.836927][   T10] usb read operation failed. (-71)
[  383.844699][   T10] usb write operation failed. (-71)
[  383.869369][   T10] dvb_usb_az6007 3-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  383.888540][   T10] usb 3-1: USB disconnect, device number 37
[  384.383782][T11236] FAULT_INJECTION: forcing a failure.
[  384.383782][T11236] name failslab, interval 1, probability 0, space 0, times 0
[  384.413687][T11236] CPU: 0 UID: 0 PID: 11236 Comm: syz.2.1463 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[  384.413713][T11236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  384.413722][T11236] Call Trace:
[  384.413728][T11236]  <TASK>
[  384.413734][T11236]  dump_stack_lvl+0x16c/0x1f0
[  384.413764][T11236]  should_fail_ex+0x512/0x640
[  384.413791][T11236]  should_failslab+0xc2/0x120
[  384.413807][T11236]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  384.413832][T11236]  ? skb_clone+0x190/0x3f0
[  384.413853][T11236]  skb_clone+0x190/0x3f0
[  384.413869][T11236]  netlink_deliver_tap+0xabd/0xd30
[  384.413893][T11236]  netlink_unicast+0x62f/0x850
[  384.413920][T11236]  ? __pfx_netlink_unicast+0x10/0x10
[  384.413946][T11236]  netlink_sendmsg+0x8d1/0xdd0
[  384.413968][T11236]  ? __pfx_netlink_sendmsg+0x10/0x10
[  384.413996][T11236]  ____sys_sendmsg+0xa98/0xc70
[  384.414018][T11236]  ? copy_msghdr_from_user+0x10a/0x160
[  384.414034][T11236]  ? __pfx_____sys_sendmsg+0x10/0x10
[  384.414058][T11236]  ? __pfx__kstrtoull+0x10/0x10
[  384.414085][T11236]  ___sys_sendmsg+0x134/0x1d0
[  384.414102][T11236]  ? __pfx____sys_sendmsg+0x10/0x10
[  384.414130][T11236]  ? find_held_lock+0x2b/0x80
[  384.414167][T11236]  __sys_sendmmsg+0x200/0x420
[  384.414186][T11236]  ? __pfx___sys_sendmmsg+0x10/0x10
[  384.414211][T11236]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  384.414239][T11236]  ? fput+0x70/0xf0
[  384.414256][T11236]  ? ksys_write+0x1ac/0x250
[  384.414279][T11236]  ? __pfx_ksys_write+0x10/0x10
[  384.414307][T11236]  __x64_sys_sendmmsg+0x9c/0x100
[  384.414322][T11236]  ? lockdep_hardirqs_on+0x7c/0x110
[  384.414348][T11236]  do_syscall_64+0xcd/0x4c0
[  384.414366][T11236]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  384.414384][T11236] RIP: 0033:0x7efe21d8e9a9
[  384.414398][T11236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  384.414413][T11236] RSP: 002b:00007efe22b7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  384.414429][T11236] RAX: ffffffffffffffda RBX: 00007efe21fb5fa0 RCX: 00007efe21d8e9a9
[  384.414440][T11236] RDX: 0000000004924b68 RSI: 0000200000000140 RDI: 0000000000000004
[  384.414450][T11236] RBP: 00007efe22b7e090 R08: 0000000000000000 R09: 0000000000000000
[  384.414459][T11236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  384.414468][T11236] R13: 0000000000000000 R14: 00007efe21fb5fa0 R15: 00007fff4f82d5a8
[  384.414491][T11236]  </TASK>
[  384.668217][T11240] FAULT_INJECTION: forcing a failure.
[  384.668217][T11240] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  384.682986][T11240] CPU: 0 UID: 0 PID: 11240 Comm: syz.3.1464 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[  384.683009][T11240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  384.683018][T11240] Call Trace:
[  384.683024][T11240]  <TASK>
[  384.683031][T11240]  dump_stack_lvl+0x16c/0x1f0
[  384.683062][T11240]  should_fail_ex+0x512/0x640
[  384.683092][T11240]  _copy_from_user+0x2e/0xd0
[  384.683110][T11240]  copy_msghdr_from_user+0x98/0x160
[  384.683127][T11240]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  384.683147][T11240]  ? kfree+0x24f/0x4d0
[  384.683167][T11240]  ? __pfx__kstrtoull+0x10/0x10
[  384.683193][T11240]  ___sys_sendmsg+0xfe/0x1d0
[  384.683210][T11240]  ? __pfx____sys_sendmsg+0x10/0x10
[  384.683249][T11240]  ? __pfx___might_resched+0x10/0x10
[  384.683276][T11240]  __sys_sendmmsg+0x200/0x420
[  384.683293][T11240]  ? __pfx___sys_sendmmsg+0x10/0x10
[  384.683318][T11240]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  384.683346][T11240]  ? fput+0x70/0xf0
[  384.683363][T11240]  ? ksys_write+0x1ac/0x250
[  384.683386][T11240]  ? __pfx_ksys_write+0x10/0x10
[  384.683411][T11240]  __x64_sys_sendmmsg+0x9c/0x100
[  384.683426][T11240]  ? lockdep_hardirqs_on+0x7c/0x110
[  384.683450][T11240]  do_syscall_64+0xcd/0x4c0
[  384.683468][T11240]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  384.683483][T11240] RIP: 0033:0x7f8f8fd8e9a9
[  384.683496][T11240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  384.683512][T11240] RSP: 002b:00007f8f90bdb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  384.683527][T11240] RAX: ffffffffffffffda RBX: 00007f8f8ffb5fa0 RCX: 00007f8f8fd8e9a9
[  384.683538][T11240] RDX: 00000000000002e9 RSI: 0000200000000480 RDI: 0000000000000003
[  384.683548][T11240] RBP: 00007f8f90bdb090 R08: 0000000000000000 R09: 0000000000000000
[  384.683558][T11240] R10: 000000000000ffe0 R11: 0000000000000246 R12: 0000000000000001
[  384.683566][T11240] R13: 0000000000000000 R14: 00007f8f8ffb5fa0 R15: 00007ffdcd810738
[  384.683588][T11240]  </TASK>
[  384.691075][T11242] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11242 comm=syz.2.1465
[  385.462351][   T10] usb 1-1: new high-speed USB device number 36 using dummy_hcd
[  386.072315][   T10] usb 1-1: Using ep0 maxpacket: 8
[  386.103370][   T10] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  386.131702][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  386.182699][   T10] usb 1-1: Product: syz
[  386.194017][   T10] usb 1-1: Manufacturer: syz
[  386.198634][   T10] usb 1-1: SerialNumber: syz
[  386.222976][   T10] usb 1-1: config 0 descriptor??
[  386.442254][   T10] usb 1-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  386.653525][T11276] netlink: 'syz.4.1477': attribute type 4 has an invalid length.
[  386.959822][T11281] /dev/nullb0: Can't open blockdev
[  387.294124][T11284] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11284 comm=syz.1.1479
[  387.569339][   T30] audit: type=1326 audit(1753614707.869:642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11277 comm="syz.3.1478" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8f8fd8e9a9 code=0x0
[  387.699248][T11298] FAULT_INJECTION: forcing a failure.
[  387.699248][T11298] name failslab, interval 1, probability 0, space 0, times 0
[  387.714801][T11298] CPU: 0 UID: 0 PID: 11298 Comm: syz.2.1485 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[  387.714826][T11298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  387.714837][T11298] Call Trace:
[  387.714843][T11298]  <TASK>
[  387.714849][T11298]  dump_stack_lvl+0x16c/0x1f0
[  387.714881][T11298]  should_fail_ex+0x512/0x640
[  387.714912][T11298]  should_failslab+0xc2/0x120
[  387.714929][T11298]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  387.714956][T11298]  ? skb_clone+0x190/0x3f0
[  387.714977][T11298]  skb_clone+0x190/0x3f0
[  387.714994][T11298]  netlink_deliver_tap+0xabd/0xd30
[  387.715019][T11298]  netlink_unicast+0x62f/0x850
[  387.715043][T11298]  ? __pfx_netlink_unicast+0x10/0x10
[  387.715071][T11298]  netlink_sendmsg+0x8d1/0xdd0
[  387.715094][T11298]  ? __pfx_netlink_sendmsg+0x10/0x10
[  387.715122][T11298]  ____sys_sendmsg+0xa98/0xc70
[  387.715144][T11298]  ? copy_msghdr_from_user+0x10a/0x160
[  387.715160][T11298]  ? __pfx_____sys_sendmsg+0x10/0x10
[  387.715193][T11298]  ___sys_sendmsg+0x134/0x1d0
[  387.715211][T11298]  ? __pfx____sys_sendmsg+0x10/0x10
[  387.715225][T11298]  ? __lock_acquire+0x622/0x1c90
[  387.715274][T11298]  __sys_sendmsg+0x16d/0x220
[  387.715296][T11298]  ? __pfx___sys_sendmsg+0x10/0x10
[  387.715329][T11298]  do_syscall_64+0xcd/0x4c0
[  387.715347][T11298]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  387.715365][T11298] RIP: 0033:0x7efe21d8e9a9
[  387.715379][T11298] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  387.715394][T11298] RSP: 002b:00007efe22b7e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  387.715411][T11298] RAX: ffffffffffffffda RBX: 00007efe21fb5fa0 RCX: 00007efe21d8e9a9
[  387.715422][T11298] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000004
[  387.715432][T11298] RBP: 00007efe22b7e090 R08: 0000000000000000 R09: 0000000000000000
[  387.715441][T11298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  387.715451][T11298] R13: 0000000000000000 R14: 00007efe21fb5fa0 R15: 00007fff4f82d5a8
[  387.715475][T11298]  </TASK>
[  387.940749][   T78] usb 2-1: new full-speed USB device number 25 using dummy_hcd
[  388.143560][   T78] usb 2-1: config index 0 descriptor too short (expected 20, got 18)
[  388.170729][   T78] usb 2-1: config 0 has an invalid interface number: 93 but max is 0
[  388.204489][   T78] usb 2-1: config 0 has no interface number 0
[  388.233301][   T78] usb 2-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  388.247586][T11312] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11312 comm=syz.2.1490
[  388.251100][   T30] audit: type=1400 audit(1753614708.549:643): avc:  denied  { getopt } for  pid=11309 comm="syz.3.1489" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  388.281331][   T78] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.294651][   T78] usb 2-1: Product: syz
[  388.298828][   T78] usb 2-1: Manufacturer: syz
[  388.304717][   T78] usb 2-1: SerialNumber: syz
[  388.312751][   T78] usb 2-1: config 0 descriptor??
[  388.382597][   T10] usb write operation failed. (-71)
[  388.389775][   T10] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  388.416156][   T10] dvbdev: DVB: registering new adapter (Terratec H7)
[  388.434095][   T10] usb 1-1: media controller created
[  388.448716][   T10] usb read operation failed. (-71)
[  388.459743][   T10] usb write operation failed. (-71)
[  388.502115][   T10] dvb_usb_az6007 1-1:0.0: probe with driver dvb_usb_az6007 failed with error -5
[  388.526860][   T78] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  388.534074][   T10] usb 1-1: USB disconnect, device number 36
[  388.573241][   T78] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  388.605111][   T78] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  388.628804][   T78] usb 2-1: media controller created
[  388.637444][   T78] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  388.647714][T11320] FAULT_INJECTION: forcing a failure.
[  388.647714][T11320] name failslab, interval 1, probability 0, space 0, times 0
[  388.683092][T11320] CPU: 1 UID: 0 PID: 11320 Comm: syz.4.1494 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[  388.683117][T11320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  388.683127][T11320] Call Trace:
[  388.683133][T11320]  <TASK>
[  388.683140][T11320]  dump_stack_lvl+0x16c/0x1f0
[  388.683171][T11320]  should_fail_ex+0x512/0x640
[  388.683196][T11320]  ? kmem_cache_alloc_noprof+0x5a/0x3b0
[  388.683225][T11320]  should_failslab+0xc2/0x120
[  388.683241][T11320]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  388.683266][T11320]  ? schedule+0x2d7/0x3a0
[  388.683289][T11320]  ? fuse_request_alloc+0x22/0x200
[  388.683315][T11320]  fuse_request_alloc+0x22/0x200
[  388.683336][T11320]  fuse_get_req+0x748/0xfd0
[  388.683365][T11320]  ? __pfx_fuse_get_req+0x10/0x10
[  388.683389][T11320]  ? __pfx_autoremove_wake_function+0x10/0x10
[  388.683424][T11320]  __fuse_simple_request+0xb8/0xcb0
[  388.683446][T11320]  ? __asan_memset+0x23/0x50
[  388.683470][T11320]  fuse_lookup_name+0x2ad/0x780
[  388.683491][T11320]  ? __mutex_lock+0x1ca/0xb90
[  388.683506][T11320]  ? __pfx_fuse_lookup_name+0x10/0x10
[  388.683524][T11320]  ? fuse_lock_inode+0xd2/0x110
[  388.683554][T11320]  ? find_held_lock+0x2b/0x80
[  388.683579][T11320]  fuse_lookup+0x26a/0x560
[  388.683598][T11320]  ? __pfx_fuse_lookup+0x10/0x10
[  388.683628][T11320]  ? do_raw_spin_unlock+0x172/0x230
[  388.683648][T11320]  ? _raw_spin_unlock+0x28/0x50
[  388.683676][T11320]  lookup_one_qstr_excl_raw.part.0+0xec/0x160
[  388.683697][T11320]  ? lookup_dcache+0x66/0x170
[  388.683719][T11320]  lookup_one_qstr_excl+0x3e/0x120
[  388.683742][T11320]  do_unlinkat+0x284/0x6a0
[  388.683760][T11320]  ? __pfx_do_unlinkat+0x10/0x10
[  388.683777][T11320]  ? strncpy_from_user+0x203/0x2e0
[  388.683805][T11320]  ? getname_flags.part.0+0x1c5/0x550
[  388.683824][T11320]  ? __pfx_ksys_write+0x10/0x10
[  388.683854][T11320]  __x64_sys_unlinkat+0xbf/0x130
[  388.683872][T11320]  do_syscall_64+0xcd/0x4c0
[  388.683897][T11320]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  388.683914][T11320] RIP: 0033:0x7efec418e9a9
[  388.683928][T11320] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  388.683944][T11320] RSP: 002b:00007efec4fed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000107
[  388.683960][T11320] RAX: ffffffffffffffda RBX: 00007efec43b5fa0 RCX: 00007efec418e9a9
[  388.683971][T11320] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  388.683981][T11320] RBP: 00007efec4fed090 R08: 0000000000000000 R09: 0000000000000000
[  388.683991][T11320] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  388.684001][T11320] R13: 0000000000000000 R14: 00007efec43b5fa0 R15: 00007fff952f0b78
[  388.684025][T11320]  </TASK>
[  389.478011][   T78] DVB: Unable to find symbol dib7000p_attach()
[  389.485305][   T78] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  389.501459][   T78] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  389.518249][   T78] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  389.532560][   T78] usb 2-1: media controller created
[  389.543444][T11341] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11341 comm=syz.3.1501
[  389.558710][   T78] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  389.605808][   T78] dib0700: the master dib7090 has to be initialized first
[  389.622317][   T78] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  390.042018][   T78] rc_core: IR keymap rc-dib0700-rc5 not found
[  390.082392][   T78] Registered IR keymap rc-empty
[  390.198165][   T78] dvb-usb: could not initialize remote control.
[  390.215075][   T78] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[  390.254482][   T78] usb 2-1: USB disconnect, device number 25
[  390.346432][   T78] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[  392.883769][T11389] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11389 comm=syz.1.1513
[  392.932816][ T6378] vlan3: left promiscuous mode
[  393.402693][ T5165] usb 2-1: new full-speed USB device number 26 using dummy_hcd
[  393.613189][   T30] audit: type=1400 audit(1753614713.909:644): avc:  denied  { create } for  pid=11400 comm="syz.4.1520" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  393.768905][T11410] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.1520'.
[  394.183540][T11411] overlayfs: failed to resolve './file0': -2
[  394.241680][ T5165] usb 2-1: unable to get BOS descriptor or descriptor too short
[  394.252889][ T5165] usb 2-1: not running at top speed; connect to a high speed hub
[  394.424555][ T5165] usb 2-1: config 4 has an invalid interface number: 10 but max is 0
[  394.430067][   T30] audit: type=1400 audit(1753614714.709:645): avc:  denied  { unlink } for  pid=5828 comm="syz-executor" name="file0" dev="tmpfs" ino=1615 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  394.450178][ T5165] usb 2-1: config 4 has no interface number 0
[  394.806281][ T5165] usb 2-1: config 4 interface 10 altsetting 112 endpoint 0xF has invalid maxpacket 1024, setting to 64
[  394.822566][ T5165] usb 2-1: config 4 interface 10 altsetting 112 endpoint 0x9 has invalid maxpacket 512, setting to 64
[  394.834957][ T5165] usb 2-1: config 4 interface 10 altsetting 112 endpoint 0x1 has invalid maxpacket 1024, setting to 64
[  394.852758][   T30] audit: type=1400 audit(1753614715.159:646): avc:  denied  { setopt } for  pid=11419 comm="syz.0.1526" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  394.853400][T11420] 9pnet_fd: Insufficient options for proto=fd
[  394.959179][ T5165] usb 2-1: config 4 interface 10 has no altsetting 0
[  394.985244][ T5165] usb 2-1: New USB device found, idVendor=1199, idProduct=6880, bcdDevice=18.8e
[  395.030762][ T5165] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  395.079597][ T5165] usb 2-1: Product: syz
[  395.135296][ T5165] usb 2-1: Manufacturer: syz
[  395.166153][ T5165] usb 2-1: SerialNumber: syz
[  395.211119][T11397] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  395.262608][ T5880] usb 1-1: new high-speed USB device number 37 using dummy_hcd
[  395.284419][T11426] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11426 comm=syz.2.1528
[  395.426232][T11431] FAULT_INJECTION: forcing a failure.
[  395.426232][T11431] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  395.450162][ T5880] usb 1-1: Using ep0 maxpacket: 32
[  395.473287][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  395.494121][ T5880] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  395.502117][ T5165] sierra 2-1:4.10: Sierra USB modem converter detected
[  395.508324][T11431] CPU: 0 UID: 0 PID: 11431 Comm: syz.2.1530 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[  395.508349][T11431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  395.508357][T11431] Call Trace:
[  395.508363][T11431]  <TASK>
[  395.508368][T11431]  dump_stack_lvl+0x16c/0x1f0
[  395.508400][T11431]  should_fail_ex+0x512/0x640
[  395.508426][T11431]  _copy_from_user+0x2e/0xd0
[  395.508443][T11431]  kstrtouint_from_user+0xd6/0x1d0
[  395.508463][T11431]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  395.508482][T11431]  ? __lock_acquire+0xb8a/0x1c90
[  395.508508][T11431]  proc_fail_nth_write+0x83/0x250
[  395.508530][T11431]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  395.508557][T11431]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  395.508576][T11431]  vfs_write+0x2a0/0x1150
[  395.508607][T11431]  ? __pfx___mutex_lock+0x10/0x10
[  395.508622][T11431]  ? __pfx_vfs_write+0x10/0x10
[  395.508649][T11431]  ? __fget_files+0x20e/0x3c0
[  395.508670][T11431]  ksys_write+0x12a/0x250
[  395.508690][T11431]  ? __pfx_ksys_write+0x10/0x10
[  395.508717][T11431]  do_syscall_64+0xcd/0x4c0
[  395.508734][T11431]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.508749][T11431] RIP: 0033:0x7efe21d8d45f
[  395.508761][T11431] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[  395.508775][T11431] RSP: 002b:00007efe22b7e030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  395.508791][T11431] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007efe21d8d45f
[  395.508800][T11431] RDX: 0000000000000001 RSI: 00007efe22b7e0a0 RDI: 0000000000000004
[  395.508809][T11431] RBP: 00007efe22b7e090 R08: 0000000000000000 R09: 0000000000000000
[  395.508817][T11431] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
[  395.508825][T11431] R13: 0000000000000000 R14: 00007efe21fb5fa0 R15: 00007fff4f82d5a8
[  395.508846][T11431]  </TASK>
[  395.529635][ T5880] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  396.225952][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.313718][ T5880] usb 1-1: config 0 descriptor??
[  396.409835][ T5165] usb 2-1: Sierra USB modem converter now attached to ttyUSB0
[  396.470272][ T5165] usb 2-1: USB disconnect, device number 26
[  396.587643][T11444] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11444 comm=syz.2.1533
[  396.651087][ T5165] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  396.665118][ T5165] sierra 2-1:4.10: device disconnected
[  396.931782][ T5880] usbhid 1-1:0.0: can't add hid device: -71
[  396.937845][ T5880] usbhid 1-1:0.0: probe with driver usbhid failed with error -71
[  396.957547][ T5880] usb 1-1: USB disconnect, device number 37
[  397.326240][T11464] /dev/nullb0: Can't open blockdev
[  397.749652][T11473] FAULT_INJECTION: forcing a failure.
[  397.749652][T11473] name failslab, interval 1, probability 0, space 0, times 0
[  397.802824][T11473] CPU: 1 UID: 0 PID: 11473 Comm: syz.0.1541 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[  397.802857][T11473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  397.802867][T11473] Call Trace:
[  397.802874][T11473]  <TASK>
[  397.802881][T11473]  dump_stack_lvl+0x16c/0x1f0
[  397.802917][T11473]  should_fail_ex+0x512/0x640
[  397.802970][T11473]  should_failslab+0xc2/0x120
[  397.802990][T11473]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  397.803019][T11473]  ? skb_clone+0x190/0x3f0
[  397.803042][T11473]  skb_clone+0x190/0x3f0
[  397.803059][T11473]  netlink_deliver_tap+0xabd/0xd30
[  397.803086][T11473]  netlink_unicast+0x62f/0x850
[  397.803111][T11473]  ? __pfx_netlink_unicast+0x10/0x10
[  397.803138][T11473]  netlink_sendmsg+0x8d1/0xdd0
[  397.803164][T11473]  ? __pfx_netlink_sendmsg+0x10/0x10
[  397.803193][T11473]  ____sys_sendmsg+0xa98/0xc70
[  397.803217][T11473]  ? copy_msghdr_from_user+0x10a/0x160
[  397.803233][T11473]  ? __pfx_____sys_sendmsg+0x10/0x10
[  397.803267][T11473]  ___sys_sendmsg+0x134/0x1d0
[  397.803285][T11473]  ? __pfx____sys_sendmsg+0x10/0x10
[  397.803300][T11473]  ? __lock_acquire+0x622/0x1c90
[  397.803349][T11473]  __sys_sendmsg+0x16d/0x220
[  397.803367][T11473]  ? __pfx___sys_sendmsg+0x10/0x10
[  397.803401][T11473]  do_syscall_64+0xcd/0x4c0
[  397.803422][T11473]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  397.803446][T11473] RIP: 0033:0x7f8ed2d8e9a9
[  397.803462][T11473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  397.803478][T11473] RSP: 002b:00007f8ed3c63038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  397.803495][T11473] RAX: ffffffffffffffda RBX: 00007f8ed2fb6080 RCX: 00007f8ed2d8e9a9
[  397.803506][T11473] RDX: 00000000040084c0 RSI: 00002000000000c0 RDI: 0000000000000003
[  397.803517][T11473] RBP: 00007f8ed3c63090 R08: 0000000000000000 R09: 0000000000000000
[  397.803532][T11473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  397.803541][T11473] R13: 0000000000000000 R14: 00007f8ed2fb6080 R15: 00007fff21949358
[  397.803570][T11473]  </TASK>
[  398.227880][T11477] overlayfs: failed to get index nlink (file1/bus, err=-61)
[  398.415108][T11481] (unnamed net_device) (uninitialized): option downdelay: invalid value (18446744073709551609)
[  398.425881][T11481] (unnamed net_device) (uninitialized): option downdelay: allowed values 0 - 2147483647
[  399.576923][   T30] audit: type=1400 audit(1753614719.879:647): avc:  denied  { ioctl } for  pid=11507 comm="syz.3.1555" path="/dev/nullb0" dev="devtmpfs" ino=696 ioctlcmd=0x127f scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  399.861847][   T10] usb 3-1: new high-speed USB device number 38 using dummy_hcd
[  400.043737][   T10] usb 3-1: Using ep0 maxpacket: 32
[  400.086594][   T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  400.103413][   T10] usb 3-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  400.128040][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  400.138666][   T10] usb 3-1: Product: syz
[  400.145207][   T10] usb 3-1: Manufacturer: syz
[  400.149805][   T10] usb 3-1: SerialNumber: syz
[  400.158525][   T10] usb 3-1: config 0 descriptor??
[  400.169005][   T10] usb 3-1: bad CDC descriptors
[  400.205975][   T10] usb 3-1: unsupported MDLM descriptors
[  400.518279][   T10] usb 3-1: USB disconnect, device number 38
[  401.384888][   T30] audit: type=1400 audit(1753614721.689:648): avc:  denied  { create } for  pid=11552 comm="syz.4.1570" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  402.207002][   T30] audit: type=1400 audit(1753614721.689:649): avc:  denied  { write } for  pid=11552 comm="syz.4.1570" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1
[  402.545106][T11569] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1573'.
[  402.674994][T11573] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1574'.
[  402.685615][T11573] netem: invalid attributes len -4
[  402.753656][T11574] overlayfs: failed to resolve './file0': -2
[  402.994617][T11569] openvswitch: netlink: push_nsh: missing base or metadata attributes
[  403.008686][T11569] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  403.136363][   T30] audit: type=1400 audit(1753614723.429:650): avc:  denied  { bind } for  pid=11580 comm="syz.1.1577" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  403.167532][T11583] FAULT_INJECTION: forcing a failure.
[  403.167532][T11583] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  403.185520][T11583] CPU: 0 UID: 0 PID: 11583 Comm: syz.4.1578 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[  403.185543][T11583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  403.185552][T11583] Call Trace:
[  403.185558][T11583]  <TASK>
[  403.185564][T11583]  dump_stack_lvl+0x16c/0x1f0
[  403.185593][T11583]  should_fail_ex+0x512/0x640
[  403.185622][T11583]  _copy_from_user+0x2e/0xd0
[  403.185639][T11583]  copy_msghdr_from_user+0x98/0x160
[  403.185655][T11583]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  403.185681][T11583]  ___sys_sendmsg+0xfe/0x1d0
[  403.185699][T11583]  ? __pfx____sys_sendmsg+0x10/0x10
[  403.185713][T11583]  ? __lock_acquire+0x622/0x1c90
[  403.185757][T11583]  __sys_sendmsg+0x16d/0x220
[  403.185772][T11583]  ? __pfx___sys_sendmsg+0x10/0x10
[  403.185799][T11583]  do_syscall_64+0xcd/0x4c0
[  403.185816][T11583]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  403.185833][T11583] RIP: 0033:0x7efec418e9a9
[  403.185846][T11583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  403.185860][T11583] RSP: 002b:00007efec4fed038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  403.185881][T11583] RAX: ffffffffffffffda RBX: 00007efec43b5fa0 RCX: 00007efec418e9a9
[  403.185891][T11583] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003
[  403.185900][T11583] RBP: 00007efec4fed090 R08: 0000000000000000 R09: 0000000000000000
[  403.185909][T11583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  403.185918][T11583] R13: 0000000000000000 R14: 00007efec43b5fa0 R15: 00007fff952f0b78
[  403.185938][T11583]  </TASK>
[  403.355608][   T30] audit: type=1400 audit(1753614723.429:651): avc:  denied  { node_bind } for  pid=11580 comm="syz.1.1577" saddr=224.0.0.1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  403.555994][T11593] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1579'.
[  403.861178][T11602] XFS (nullb0): Invalid superblock magic number
[  403.902260][T11610] overlayfs: failed to resolve './file0': -2
[  404.750750][   T78] usb 4-1: new full-speed USB device number 24 using dummy_hcd
[  404.777116][T11626] netlink: 'syz.4.1588': attribute type 3 has an invalid length.
[  404.785970][T11626] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.1588'.
[  404.834800][T11625] FAULT_INJECTION: forcing a failure.
[  404.834800][T11625] name failslab, interval 1, probability 0, space 0, times 0
[  404.856709][T11625] CPU: 1 UID: 0 PID: 11625 Comm: syz.2.1593 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[  404.856736][T11625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  404.856746][T11625] Call Trace:
[  404.856752][T11625]  <TASK>
[  404.856759][T11625]  dump_stack_lvl+0x16c/0x1f0
[  404.856796][T11625]  should_fail_ex+0x512/0x640
[  404.856827][T11625]  should_failslab+0xc2/0x120
[  404.856845][T11625]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  404.856870][T11625]  ? d_instantiate+0x77/0x90
[  404.856889][T11625]  ? alloc_empty_file+0x55/0x1e0
[  404.856912][T11625]  alloc_empty_file+0x55/0x1e0
[  404.856933][T11625]  alloc_file_pseudo+0x13a/0x230
[  404.856955][T11625]  ? __pfx_alloc_file_pseudo+0x10/0x10
[  404.856976][T11625]  ? preempt_schedule_common+0x44/0xc0
[  404.857007][T11625]  __anon_inode_getfile+0xe8/0x280
[  404.857024][T11625]  ? idr_preload_end+0x1bb/0x230
[  404.857043][T11625]  bpf_link_prime+0x10f/0x290
[  404.857068][T11625]  bpf_raw_tp_link_attach+0x28d/0x600
[  404.857093][T11625]  ? __pfx_bpf_raw_tp_link_attach+0x10/0x10
[  404.857119][T11625]  ? irqentry_exit+0x3b/0x90
[  404.857134][T11625]  ? lockdep_hardirqs_on+0x7c/0x110
[  404.857172][T11625]  ? fput+0x70/0xf0
[  404.857190][T11625]  ? __bpf_prog_get+0x97/0x2a0
[  404.857211][T11625]  __sys_bpf+0x3b4/0x4ea0
[  404.857239][T11625]  ? __pfx___sys_bpf+0x10/0x10
[  404.857262][T11625]  ? ksys_write+0x190/0x250
[  404.857292][T11625]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  404.857327][T11625]  ? fput+0x70/0xf0
[  404.857345][T11625]  ? ksys_write+0x1ac/0x250
[  404.857368][T11625]  ? __pfx_ksys_write+0x10/0x10
[  404.857398][T11625]  __x64_sys_bpf+0x78/0xc0
[  404.857420][T11625]  ? lockdep_hardirqs_on+0x7c/0x110
[  404.857446][T11625]  do_syscall_64+0xcd/0x4c0
[  404.857464][T11625]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  404.857481][T11625] RIP: 0033:0x7efe21d8e9a9
[  404.857498][T11625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  404.857514][T11625] RSP: 002b:00007efe22b7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  404.857531][T11625] RAX: ffffffffffffffda RBX: 00007efe21fb5fa0 RCX: 00007efe21d8e9a9
[  404.857541][T11625] RDX: 0000000000000010 RSI: 0000200000000500 RDI: 0000000000000011
[  404.857551][T11625] RBP: 00007efe22b7e090 R08: 0000000000000000 R09: 0000000000000000
[  404.857561][T11625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  404.857571][T11625] R13: 0000000000000000 R14: 00007efe21fb5fa0 R15: 00007fff4f82d5a8
[  404.857597][T11625]  </TASK>
[  405.114047][ T5165] usb 2-1: new high-speed USB device number 27 using dummy_hcd
[  405.124389][   T78] usb 4-1: config index 0 descriptor too short (expected 20, got 18)
[  405.132894][   T78] usb 4-1: config 0 has an invalid interface number: 93 but max is 0
[  405.141603][   T78] usb 4-1: config 0 has no interface number 0
[  405.158674][   T78] usb 4-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  405.168148][   T78] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  405.176466][   T78] usb 4-1: Product: syz
[  405.181249][   T78] usb 4-1: Manufacturer: syz
[  405.185829][   T78] usb 4-1: SerialNumber: syz
[  405.193984][   T78] usb 4-1: config 0 descriptor??
[  405.281962][ T5165] usb 2-1: Using ep0 maxpacket: 16
[  405.288785][ T5165] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  405.300093][ T5165] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  405.309830][ T5165] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  405.324666][ T5165] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  405.334417][ T5165] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  405.345468][ T5165] usb 2-1: config 0 descriptor??
[  405.458650][   T78] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  405.481746][   T78] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  405.493325][   T78] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  405.502680][   T78] usb 4-1: media controller created
[  405.541919][   T78] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  405.597282][T11634] netlink: 'syz.2.1597': attribute type 4 has an invalid length.
[  405.609146][T11634] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1597'.
[  405.896958][ T5165] HID 045e:07da: Invalid code 65791 type 1
[  406.134135][ T5165] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.000B/input/input26
[  406.171505][ T5165] microsoft 0003:045E:07DA.000B: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0
[  406.229823][   T78] DVB: Unable to find symbol dib7000p_attach()
[  406.266672][   T78] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  406.282738][   T78] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  406.297085][   T78] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  406.307971][   T78] usb 4-1: media controller created
[  406.314916][   T78] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  406.326541][   T78] dib0700: the master dib7090 has to be initialized first
[  406.334259][   T78] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  406.482000][   T78] rc_core: IR keymap rc-dib0700-rc5 not found
[  406.487490][T11659] netlink: 'syz.3.1601': attribute type 4 has an invalid length.
[  406.496642][   T78] Registered IR keymap rc-empty
[  406.496848][   T78] dvb-usb: could not initialize remote control.
[  406.496857][   T78] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[  406.504201][   T78] usb 4-1: USB disconnect, device number 24
[  406.517971][   T78] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[  406.671472][T11666] FAULT_INJECTION: forcing a failure.
[  406.671472][T11666] name failslab, interval 1, probability 0, space 0, times 0
[  406.695777][T11666] CPU: 1 UID: 0 PID: 11666 Comm: syz.2.1603 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[  406.695809][T11666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  406.695819][T11666] Call Trace:
[  406.695824][T11666]  <TASK>
[  406.695830][T11666]  dump_stack_lvl+0x16c/0x1f0
[  406.695861][T11666]  should_fail_ex+0x512/0x640
[  406.695888][T11666]  ? __kmalloc_noprof+0xbf/0x510
[  406.695915][T11666]  ? lsm_blob_alloc+0x68/0x90
[  406.695933][T11666]  should_failslab+0xc2/0x120
[  406.695949][T11666]  __kmalloc_noprof+0xd2/0x510
[  406.695979][T11666]  lsm_blob_alloc+0x68/0x90
[  406.696000][T11666]  security_sk_alloc+0x30/0x270
[  406.696026][T11666]  sk_prot_alloc+0x1c7/0x2a0
[  406.696048][T11666]  sk_alloc+0x36/0xc20
[  406.696073][T11666]  bpf_prog_test_run_skb+0x330/0x2280
[  406.696094][T11666]  ? __fget_files+0x204/0x3c0
[  406.696113][T11666]  ? __fget_files+0x20e/0x3c0
[  406.696127][T11666]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  406.696149][T11666]  ? fput+0x70/0xf0
[  406.696169][T11666]  ? __pfx_bpf_prog_test_run_skb+0x10/0x10
[  406.696188][T11666]  __sys_bpf+0x170a/0x4ea0
[  406.696216][T11666]  ? __pfx___sys_bpf+0x10/0x10
[  406.696239][T11666]  ? ksys_write+0x190/0x250
[  406.696266][T11666]  ? __mutex_unlock_slowpath+0x161/0x6a0
[  406.696298][T11666]  ? fput+0x70/0xf0
[  406.696315][T11666]  ? ksys_write+0x1ac/0x250
[  406.696338][T11666]  ? __pfx_ksys_write+0x10/0x10
[  406.696365][T11666]  __x64_sys_bpf+0x78/0xc0
[  406.696386][T11666]  ? lockdep_hardirqs_on+0x7c/0x110
[  406.696410][T11666]  do_syscall_64+0xcd/0x4c0
[  406.696426][T11666]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  406.696442][T11666] RIP: 0033:0x7efe21d8e9a9
[  406.696456][T11666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  406.696472][T11666] RSP: 002b:00007efe22b7e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  406.696488][T11666] RAX: ffffffffffffffda RBX: 00007efe21fb5fa0 RCX: 00007efe21d8e9a9
[  406.696499][T11666] RDX: 0000000000000050 RSI: 00002000000002c0 RDI: 000000000000000a
[  406.696508][T11666] RBP: 00007efe22b7e090 R08: 0000000000000000 R09: 0000000000000000
[  406.696517][T11666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  406.696526][T11666] R13: 0000000000000000 R14: 00007efe21fb5fa0 R15: 00007fff4f82d5a8
[  406.696547][T11666]  </TASK>
[  407.006623][T11669] netlink: 'syz.0.1604': attribute type 4 has an invalid length.
[  407.018142][T11669] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1604'.
[  407.539383][   T10] usb 2-1: reset high-speed USB device number 27 using dummy_hcd
[  408.268920][T11686] netlink: 'syz.0.1610': attribute type 4 has an invalid length.
[  408.284298][T11686] netlink: 152 bytes leftover after parsing attributes in process `syz.0.1610'.
[  409.634564][ T5880] usb 2-1: USB disconnect, device number 27
[  410.157115][T11713] netlink: 'syz.3.1618': attribute type 4 has an invalid length.
[  411.234951][ T5838] Bluetooth: hci1: unexpected event for opcode 0x0413
[  411.772377][T11731] fuse: Bad value for 'user_id'
[  411.777303][T11731] fuse: Bad value for 'user_id'
[  412.003073][   T30] audit: type=1400 audit(1753614732.309:652): avc:  denied  { write } for  pid=11738 comm="syz.4.1628" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  412.025841][    C0] vkms_vblank_simulate: vblank timer overrun
[  412.109146][   T30] audit: type=1400 audit(1753614732.339:653): avc:  denied  { map } for  pid=11738 comm="syz.4.1628" path="/dev/binderfs/binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  412.197169][   T30] audit: type=1400 audit(1753614732.339:654): avc:  denied  { call } for  pid=11738 comm="syz.4.1628" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1
[  412.429332][   T78] usb 3-1: new high-speed USB device number 39 using dummy_hcd
[  412.639159][T11751] netlink: 'syz.4.1632': attribute type 4 has an invalid length.
[  412.680814][   T78] usb 3-1: Using ep0 maxpacket: 8
[  412.698942][   T78] usb 3-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  412.779036][   T78] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.856059][   T78] usb 3-1: Product: syz
[  412.950800][   T78] usb 3-1: Manufacturer: syz
[  412.967737][   T78] usb 3-1: SerialNumber: syz
[  413.064308][   T78] usb 3-1: config 0 descriptor??
[  413.086626][   T78] gspca_main: se401-2.14.0 probing 047d:5003
[  413.279449][T11764] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1636'.
[  413.295429][T11742] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  413.306055][T11742] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  413.415444][T11769] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1636'.
[  413.428235][T11769] nbd: nbd64 already in use
[  413.569407][   T78] gspca_se401: ExtraFeatures: 255
[  413.596437][   T78] gspca_se401: Frame size: 2314x0 bayer
[  413.620774][   T78] gspca_se401: Frame size: 0x0 1/16th janggu
[  413.626951][   T78] gspca_se401: Frame size: 0x256 bayer
[  413.647195][   T78] gspca_se401: Frame size: 8x0 bayer
[  413.680227][   T78] gspca_se401: Frame size: 0x0 1/16th janggu
[  413.706615][   T78] gspca_se401: Frame size: 0x0 1/16th janggu
[  413.730677][   T78] gspca_se401: Frame size: 0x0 1/16th janggu
[  413.739436][   T78] gspca_se401: Frame size: 0x0 1/16th janggu
[  413.774091][   T78] input: se401 as /devices/platform/dummy_hcd.2/usb3/3-1/input/input28
[  413.786362][ T6171] udevd[6171]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  413.834840][   T78] usb 3-1: USB disconnect, device number 39
[  414.948818][T11797] exfat: Unknown parameter 'discardrfs/binder0'
[  414.962905][T11797] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1644'.
[  415.049595][T11803] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1647'.
[  415.299197][ T5838] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  415.313385][ T5838] Bluetooth: hci1: Injecting HCI hardware error event
[  415.331344][ T5838] Bluetooth: hci1: hardware error 0x00
[  415.358565][T11813] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1647'.
[  415.368489][T11813] nbd: device at index 64 is going down
[  415.559526][T11820] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1649'.
[  415.589050][ T5848] udevd[5848]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  415.634277][ T5848] udevd[5848]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory
[  415.803186][T11820] netem: invalid attributes len -4
[  415.808366][T11820] netem: change failed
[  416.048424][T11820] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1649'.
[  416.163065][ T5917] usb 2-1: new high-speed USB device number 28 using dummy_hcd
[  416.330509][ T5917] usb 2-1: Using ep0 maxpacket: 8
[  416.346682][ T5917] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  416.358331][ T5917] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  416.372470][T11820]  (unregistering): (slave bond_slave_0): Releasing backup interface
[  416.416828][T11820]  (unregistering): (slave bond_slave_1): Releasing backup interface
[  416.485126][ T5917] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  416.508485][T11820]  (unregistering): Released all slaves
[  416.532952][ T5917] usb 2-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00
[  416.557827][ T5917] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.587954][ T5917] usb 2-1: config 0 descriptor??
[  417.264630][ T5917] logitech 0003:046D:C29C.000C: hidraw0: USB HID v0.01 Device [HID 046d:c29c] on usb-dummy_hcd.1-1/input0
[  417.362845][ T5838] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[  417.486396][T11825] input: syz1 as /devices/virtual/input/input29
[  417.701165][T11847] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  417.712157][T11847] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  418.109334][ T5917] logitech 0003:046D:C29C.000C: no inputs found
[  418.206161][ T5917] usb 2-1: USB disconnect, device number 28
[  418.389021][ T5894] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  418.436338][   T30] audit: type=1400 audit(1753614738.739:655): avc:  denied  { mount } for  pid=11851 comm="syz.4.1657" name="/" dev="autofs" ino=31911 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  418.458780][    C0] vkms_vblank_simulate: vblank timer overrun
[  418.561925][ T5894] usb 4-1: Using ep0 maxpacket: 16
[  418.571245][ T5894] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  418.594132][ T5894] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  418.615719][ T5894] usb 4-1: Product: syz
[  418.619901][ T5894] usb 4-1: Manufacturer: syz
[  419.146083][ T5894] usb 4-1: SerialNumber: syz
[  419.157771][ T5894] usb 4-1: config 0 descriptor??
[  419.177825][ T5894] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  420.511819][ T5894] usb 4-1: Quatech SSU-100 USB to Serial Driver converter now attached to ttyUSB0
[  420.736529][   T30] audit: type=1400 audit(1753614740.999:656): avc:  denied  { accept } for  pid=11849 comm="syz.3.1655" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  421.169789][   T30] audit: type=1400 audit(1753614741.459:657): avc:  denied  { unmount } for  pid=5828 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[  421.460701][ T5917] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  421.554219][T11899] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1669'.
[  421.634370][T11899] netem: invalid attributes len -4
[  421.650945][T11899] netem: change failed
[  421.660912][ T5917] usb 5-1: Using ep0 maxpacket: 8
[  421.703212][ T5917] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2
[  421.705588][T11904] overlayfs: failed to resolve './file0': -2
[  421.762284][ T5917] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  421.783292][ T5917] usb 5-1: Product: syz
[  421.787480][ T5917] usb 5-1: Manufacturer: syz
[  421.809531][ T5917] usb 5-1: SerialNumber: syz
[  422.186159][ T5917] usb 5-1: config 0 descriptor??
[  422.219700][T11899] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1669'.
[  422.420701][ T5165] usb 4-1: USB disconnect, device number 25
[  422.440867][ T5917] usb 5-1: dvb_usb_v2: found a 'Terratec H7' in warm state
[  422.448346][ T5165] ssu100 ttyUSB0: Quatech SSU-100 USB to Serial Driver converter now disconnected from ttyUSB0
[  422.476360][ T5165] ssu100 4-1:0.0: device disconnected
[  422.507481][T11911] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=11911 comm=syz.0.1671
[  422.534940][T11913] FAULT_INJECTION: forcing a failure.
[  422.534940][T11913] name failslab, interval 1, probability 0, space 0, times 0
[  422.681952][T11913] CPU: 1 UID: 0 PID: 11913 Comm: syz.3.1672 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[  422.681980][T11913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  422.681991][T11913] Call Trace:
[  422.681998][T11913]  <TASK>
[  422.682010][T11913]  dump_stack_lvl+0x16c/0x1f0
[  422.682045][T11913]  should_fail_ex+0x512/0x640
[  422.682076][T11913]  should_failslab+0xc2/0x120
[  422.682094][T11913]  kmem_cache_alloc_noprof+0x6d/0x3b0
[  422.682121][T11913]  ? skb_clone+0x190/0x3f0
[  422.682141][T11913]  skb_clone+0x190/0x3f0
[  422.682158][T11913]  netlink_deliver_tap+0xabd/0xd30
[  422.682183][T11913]  netlink_unicast+0x62f/0x850
[  422.682211][T11913]  ? __pfx_netlink_unicast+0x10/0x10
[  422.682240][T11913]  netlink_sendmsg+0x8d1/0xdd0
[  422.682264][T11913]  ? __pfx_netlink_sendmsg+0x10/0x10
[  422.682297][T11913]  ____sys_sendmsg+0xa98/0xc70
[  422.682319][T11913]  ? copy_msghdr_from_user+0x10a/0x160
[  422.682336][T11913]  ? __pfx_____sys_sendmsg+0x10/0x10
[  422.682358][T11913]  ? __pfx__kstrtoull+0x10/0x10
[  422.682386][T11913]  ___sys_sendmsg+0x134/0x1d0
[  422.682404][T11913]  ? __pfx____sys_sendmsg+0x10/0x10
[  422.682433][T11913]  ? find_held_lock+0x2b/0x80
[  422.682472][T11913]  __sys_sendmmsg+0x200/0x420
[  422.682492][T11913]  ? __pfx___sys_sendmmsg+0x10/0x10
[  422.682517][T11913]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  422.682542][T11913]  ? fput+0x70/0xf0
[  422.682561][T11913]  ? ksys_write+0x1ac/0x250
[  422.682585][T11913]  ? __pfx_ksys_write+0x10/0x10
[  422.682613][T11913]  __x64_sys_sendmmsg+0x9c/0x100
[  422.682629][T11913]  ? lockdep_hardirqs_on+0x7c/0x110
[  422.682655][T11913]  do_syscall_64+0xcd/0x4c0
[  422.682672][T11913]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  422.682690][T11913] RIP: 0033:0x7f8f8fd8e9a9
[  422.682703][T11913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  422.682719][T11913] RSP: 002b:00007f8f90bdb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  422.682737][T11913] RAX: ffffffffffffffda RBX: 00007f8f8ffb5fa0 RCX: 00007f8f8fd8e9a9
[  422.682747][T11913] RDX: 0000000004924b68 RSI: 0000200000000140 RDI: 0000000000000003
[  422.682757][T11913] RBP: 00007f8f90bdb090 R08: 0000000000000000 R09: 0000000000000000
[  422.682777][T11913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  422.682786][T11913] R13: 0000000000000000 R14: 00007f8f8ffb5fa0 R15: 00007ffdcd810738
[  422.682809][T11913]  </TASK>
[  422.688020][T11913] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1672'.
[  423.100987][T11917] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1673'.
[  423.308281][T11920] overlayfs: failed to resolve './file0': -2
[  423.425078][T11917] ref_ctr increment failed for inode: 0x74f offset: 0x5 ref_ctr_offset: 0x1000 of mm: 0xffff888034726400
[  423.684787][T11928] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1677'.
[  423.716311][T11926] netlink: 1752 bytes leftover after parsing attributes in process `syz.0.1676'.
[  424.492462][ T5880] usb 1-1: new full-speed USB device number 38 using dummy_hcd
[  424.727446][ T5880] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  424.738962][ T5880] usb 1-1: config 0 has no interface number 0
[  424.749862][ T5880] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e
[  424.785059][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.801252][ T5917] usb write operation failed. (-71)
[  424.808157][ T5917] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  424.848184][ T5880] usb 1-1: config 0 descriptor??
[  424.861266][ T5917] dvbdev: DVB: registering new adapter (Terratec H7)
[  424.883881][ T5880] usb 1-1: selecting invalid altsetting 1
[  424.893708][ T5880] dvb_ttusb_budget: ttusb_init_controller: error
[  424.919910][ T5917] usb 5-1: media controller created
[  424.921927][ T5880] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB)
[  424.933777][ T5917] usb read operation failed. (-71)
[  424.945512][T11950] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1685'.
[  424.956825][T11950] netem: invalid attributes len -4
[  425.062206][T11950] netem: change failed
[  425.079825][T11936] usb read operation failed. (-71)
[  425.132591][ T5917] usb write operation failed. (-71)
[  425.142894][T11936] ------------[ cut here ]------------
[  425.148367][T11936] DEBUG_LOCKS_WARN_ON(__owner_task(owner) != get_current())
[  425.186228][T11936] WARNING: CPU: 1 PID: 11936 at kernel/locking/mutex.c:920 __mutex_unlock_slowpath+0x3f9/0x6a0
[  425.204987][T11936] Modules linked in:
[  425.208888][T11936] CPU: 1 UID: 0 PID: 11936 Comm: syz.0.1680 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[  425.221806][T11936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  425.232291][T11936] RIP: 0010:__mutex_unlock_slowpath+0x3f9/0x6a0
[  425.238608][T11936] Code: 08 84 c9 0f 85 73 02 00 00 44 8b 0d 11 8d 21 05 45 85 c9 75 19 90 48 c7 c6 c0 63 ad 8b 48 c7 c7 c0 5f ad 8b e8 c8 08 f3 f5 90 <0f> 0b 90 90 90 48 c7 c1 00 70 df 9a 48 b8 00 00 00 00 00 fc ff df
[  425.258392][T11936] RSP: 0018:ffffc90003eef928 EFLAGS: 00010286
[  425.264529][T11936] RAX: 0000000000000000 RBX: ffff888028a98000 RCX: ffffc90004de3000
[  425.272520][T11936] RDX: 0000000000080000 RSI: ffffffff817af1b5 RDI: 0000000000000001
[  425.281188][T11936] RBP: 1ffff920007ddf2a R08: 0000000000000001 R09: 0000000000000000
[  425.289152][T11936] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000003
[  425.297474][T11936] R13: fffffbfff35bee00 R14: ffffc90003eef9b0 R15: ffff8880743f8000
[  425.305998][T11936] FS:  00007f8ed3c846c0(0000) GS:ffff888124820000(0000) knlGS:0000000000000000
[  425.315349][T11936] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  425.322275][T11936] CR2: 0000200000001000 CR3: 000000002d551000 CR4: 00000000003526f0
[  425.330883][T11936] Call Trace:
[  425.334150][T11936]  <TASK>
[  425.337065][T11936]  ? __pfx__printk+0x10/0x10
[  425.342131][T11936]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  425.348094][T11936]  ? __az6007_read+0xb7/0x160
[  425.353124][T11936]  az6007_i2c_xfer+0x9db/0xc30
[  425.357869][T11936]  __i2c_transfer+0x6b6/0x2190
[  425.363030][T11936]  ? lockdep_hardirqs_on+0x7c/0x110
[  425.368214][T11936]  ? __pfx___i2c_transfer+0x10/0x10
[  425.373780][T11936]  ? rt_mutex_slowtrylock+0xc9/0x100
[  425.379060][T11936]  i2c_transfer+0x1da/0x380
[  425.383925][T11936]  i2c_transfer_buffer_flags+0x10c/0x190
[  425.389536][T11936]  ? __pfx_i2c_transfer_buffer_flags+0x10/0x10
[  425.396055][T11936]  i2cdev_read+0x111/0x280
[  425.401115][T11936]  ? __pfx_i2cdev_read+0x10/0x10
[  425.406042][T11936]  vfs_readv+0x5be/0x8b0
[  425.410914][T11936]  ? __pfx_vfs_readv+0x10/0x10
[  425.415683][T11936]  ? kmem_cache_free+0x2d1/0x4d0
[  425.421246][T11936]  ? __fget_files+0x20e/0x3c0
[  425.425933][T11936]  ? do_preadv+0x1a6/0x270
[  425.430967][T11936]  do_preadv+0x1a6/0x270
[  425.435212][T11936]  ? __pfx_do_preadv+0x10/0x10
[  425.439957][T11936]  do_syscall_64+0xcd/0x4c0
[  425.444469][T11936]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.451018][T11936] RIP: 0033:0x7f8ed2d8e9a9
[  425.455423][T11936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  425.475471][T11936] RSP: 002b:00007f8ed3c84038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  425.484448][T11936] RAX: ffffffffffffffda RBX: 00007f8ed2fb5fa0 RCX: 00007f8ed2d8e9a9
[  425.493026][T11936] RDX: 0000000000000002 RSI: 0000200000000580 RDI: 0000000000000004
[  425.501666][T11936] RBP: 00007f8ed2e10d69 R08: 0000000080000001 R09: 0000000000000000
[  425.509642][T11936] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  425.516472][ T5880] DVB: Unable to find symbol cx22700_attach()
[  425.518092][T11936] R13: 0000000000000000 R14: 00007f8ed2fb5fa0 R15: 00007fff21949358
[  425.532228][T11936]  </TASK>
[  425.535251][T11936] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  425.542516][T11936] CPU: 1 UID: 0 PID: 11936 Comm: syz.0.1680 Not tainted 6.16.0-rc7-syzkaller-00140-gec2df4364666 #0 PREEMPT(full) 
[  425.554562][T11936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  425.564600][T11936] Call Trace:
[  425.567860][T11936]  <TASK>
[  425.570778][T11936]  dump_stack_lvl+0x3d/0x1f0
[  425.575374][T11936]  panic+0x71c/0x800
[  425.579260][T11936]  ? __pfx_panic+0x10/0x10
[  425.583666][T11936]  ? show_trace_log_lvl+0x29b/0x3e0
[  425.588858][T11936]  ? __mutex_unlock_slowpath+0x3f9/0x6a0
[  425.594477][T11936]  check_panic_on_warn+0xab/0xb0
[  425.599408][T11936]  __warn+0xf6/0x3c0
[  425.603293][T11936]  ? __mutex_unlock_slowpath+0x3f9/0x6a0
[  425.608908][T11936]  report_bug+0x3c3/0x580
[  425.613229][T11936]  ? __mutex_unlock_slowpath+0x3f9/0x6a0
[  425.618843][T11936]  handle_bug+0x184/0x210
[  425.623160][T11936]  exc_invalid_op+0x17/0x50
[  425.627649][T11936]  asm_exc_invalid_op+0x1a/0x20
[  425.632486][T11936] RIP: 0010:__mutex_unlock_slowpath+0x3f9/0x6a0
[  425.638718][T11936] Code: 08 84 c9 0f 85 73 02 00 00 44 8b 0d 11 8d 21 05 45 85 c9 75 19 90 48 c7 c6 c0 63 ad 8b 48 c7 c7 c0 5f ad 8b e8 c8 08 f3 f5 90 <0f> 0b 90 90 90 48 c7 c1 00 70 df 9a 48 b8 00 00 00 00 00 fc ff df
[  425.658316][T11936] RSP: 0018:ffffc90003eef928 EFLAGS: 00010286
[  425.664371][T11936] RAX: 0000000000000000 RBX: ffff888028a98000 RCX: ffffc90004de3000
[  425.672330][T11936] RDX: 0000000000080000 RSI: ffffffff817af1b5 RDI: 0000000000000001
[  425.680286][T11936] RBP: 1ffff920007ddf2a R08: 0000000000000001 R09: 0000000000000000
[  425.688254][T11936] R10: 0000000000000001 R11: 0000000000000001 R12: 0000000000000003
[  425.696211][T11936] R13: fffffbfff35bee00 R14: ffffc90003eef9b0 R15: ffff8880743f8000
[  425.704174][T11936]  ? __warn_printk+0x1a5/0x350
[  425.708948][T11936]  ? __mutex_unlock_slowpath+0x3f8/0x6a0
[  425.714566][T11936]  ? __pfx__printk+0x10/0x10
[  425.719145][T11936]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  425.725133][T11936]  ? __az6007_read+0xb7/0x160
[  425.729794][T11936]  az6007_i2c_xfer+0x9db/0xc30
[  425.734547][T11936]  __i2c_transfer+0x6b6/0x2190
[  425.739301][T11936]  ? lockdep_hardirqs_on+0x7c/0x110
[  425.744492][T11936]  ? __pfx___i2c_transfer+0x10/0x10
[  425.749671][T11936]  ? rt_mutex_slowtrylock+0xc9/0x100
[  425.754945][T11936]  i2c_transfer+0x1da/0x380
[  425.759435][T11936]  i2c_transfer_buffer_flags+0x10c/0x190
[  425.765056][T11936]  ? __pfx_i2c_transfer_buffer_flags+0x10/0x10
[  425.771198][T11936]  i2cdev_read+0x111/0x280
[  425.775601][T11936]  ? __pfx_i2cdev_read+0x10/0x10
[  425.780523][T11936]  vfs_readv+0x5be/0x8b0
[  425.784766][T11936]  ? __pfx_vfs_readv+0x10/0x10
[  425.789517][T11936]  ? kmem_cache_free+0x2d1/0x4d0
[  425.794452][T11936]  ? __fget_files+0x20e/0x3c0
[  425.799111][T11936]  ? do_preadv+0x1a6/0x270
[  425.803513][T11936]  do_preadv+0x1a6/0x270
[  425.807748][T11936]  ? __pfx_do_preadv+0x10/0x10
[  425.812499][T11936]  do_syscall_64+0xcd/0x4c0
[  425.816990][T11936]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.822869][T11936] RIP: 0033:0x7f8ed2d8e9a9
[  425.827264][T11936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  425.846857][T11936] RSP: 002b:00007f8ed3c84038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  425.855254][T11936] RAX: ffffffffffffffda RBX: 00007f8ed2fb5fa0 RCX: 00007f8ed2d8e9a9
[  425.863210][T11936] RDX: 0000000000000002 RSI: 0000200000000580 RDI: 0000000000000004
[  425.871164][T11936] RBP: 00007f8ed2e10d69 R08: 0000000080000001 R09: 0000000000000000
[  425.879121][T11936] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  425.887082][T11936] R13: 0000000000000000 R14: 00007f8ed2fb5fa0 R15: 00007fff21949358
[  425.895046][T11936]  </TASK>
[  425.898240][T11936] Kernel Offset: disabled
[  425.902541][T11936] Rebooting in 86400 seconds..