last executing test programs:

1m2.30219965s ago: executing program 4 (id=1542):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xffca, 0x0, &(0x7f0000000280)="b9ff0f316844268cb89e14f008004ce0050000000000003277fbac141416e000030a89079f03b180004408050300845013f2325f009402050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa00734611196", 0x0, 0x0, 0x60000000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={<r2=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0x2, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0xa, 0x0, 0x0, @mcast2}, r2}}, 0x48)
write$RDMA_USER_CM_CMD_SET_OPTION(r1, &(0x7f0000000180)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f00000000c0)=0x1, r2, 0x0, 0x1, 0x4}}, 0x20)
r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000400)={<r4=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000380)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000000)=0x1, r4, 0x0, 0x1, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @private1}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x2}, r4}}, 0x48)
write$RDMA_USER_CM_CMD_LISTEN(r3, &(0x7f0000000440)={0x7, 0x8, 0xfa00, {r2, 0x3}}, 0x10)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
close(r0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @broadcast})
openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x1e1842, 0x0)
open_by_handle_at(r7, &(0x7f00000004c0)=ANY=[@ANYBLOB="1400000052000000586500cf09000010230000add0bd0708a5bbd2083ed591000300000007000000"], 0x4000)
unshare(0x40000)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000003c0)={'syzkaller0\x00', 0x7101})
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001c00)=ANY=[@ANYBLOB="bf16000000000000b7070000000100004870000000000000280000000000000095000000000000002ba724a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142da7646c4fe02996b60cf81ebcd50fa9ea4308123f602000000000000de89e661168c1886d0d4d94f204e345c652fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762011052eac2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dc8aff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a6f387a1340a1c8889464f90cc4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd014a337ac5d58bcb5e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e4b9ec7a410ec42315255be1ed66d9051f22614d1f62734d679039a97d2b74f9e8e993ccd314000f747f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798ab20000000bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d2000000000000000819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480e5aee9c9e5f2e5a56a6d920335c8e8726fd8329d9a728995b1531bd20360d33d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c55969a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba84279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047050d7296cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5603a9d801300000000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e43eae50a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed03a6fe7860b3e13c3173a60a1823cb7dde8212a8531bd9060000006a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d74df524b760ab92efcce7dd1574052c73596f860221156437f4d6b76ecc4b35bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b05ebf1445ea110f499f840a5c965443d535556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a0000000000000001ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba0790ee0d112f99e59ba82e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee52303da186b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c44500f8ffff970d5254727e804fbd99ccefb7c09269dd2c5ca93125e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8f09c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c1b04e2fa55a756487517a7445cbd9e3f5175e41c00000000000000000000000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3138e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305977eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f87204311327c18380fedf3d309d8549f99bf6c5cb060fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39289f675f39d01719cdbab3f1ce1060f3e6806e774a5f079c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae794286b6c3e1f5a76b85ed6e1f0000c608b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a650be5114c31582d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea87550fb1ba334c83e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc882d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba4664f35547cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1951393352bc756f3fcaad2c1c399a3e43eaaeca70db90f2fa395964434476719334482eb5424c81814079a24fe3681ad9ac361f71ac279a688f10a12105edebc5e3b8dad4c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e9300b0144fe040cf5fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fbdd351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd61dfb3de7f503d58ac8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2dff78ce9308c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f200000000000000000089de7f8485d9507164a187220b36ddc7fa645d4bd0c1414c30a416f80ba17d21d53961471b2d2d459e4bb23230d676ca49633b25e26a322024beb7c3427da59f7daa70a5d44a0eb895f29245df6401295d3da9399507126a3be932f47fe61ef1bfe83086651af7e23c2a8fa702b9aaa65aa3edaaa6b3f5a0c7cdfd008c898d73bb97168ca390ef539800000000000077a5ad1e683aeff92bb0b66b33ed878df1e344b99450086c819bf174578705c049d2fb25a91ba04643cde1a3c391d8646e5249dbf28b13b1c4d5127f685ee0c0576bf74e17cd3b4df4eb7095e504e361689572b0f93ff1dc6f52e8728a03e5a4df80a32c6055df8f4f4152c0d74d793b20ac2cfa907b5af80716118f82027d3e4cb096fe86de545008b85cb9b637bca30d765b0c3ad489db32955454dcfe000000002830e5e125322d2f5829040a91405bf2fe5bf14833fd7b1e72c775f267bc4511183096eff3188a288c408b10285e7ec75f826e9b08a82cde1f4470545eebc71440623752e87ecc689b7fec2f667e22705b4660b2ef936cce446244bb48f8c7d062ea4a955facf6c2957cfb3c3ee9229efab5b72a5c5266eb493c7c3b08a91971692d9673cb9df620a8240d4f94b9fafd8e2bf0f9cedd1e08f4f10fd8f25f3169ed878624adccb5572cb918e0e3ba7e4ac0967aa65241903509778e63bebf00107524f858d7d48ef9e2c112c75d732344dc0a9bc506172d5a45e3bcb203862307c24c20fe1ffe6b5a43dbc1b20156161b5f59ab9955f2a6fbc64f547a671ded4896d8c4bac78f23e15c8e6cb72599d27607e5a1ad434cdee73d026e5dd14d9824202052181dda714fff7dc43444bc948541f641ac8215a5dae7fa8a50897b916a856aedcdf16be8736b33823ab7b2f1c77554bf2c36e412fcdc2c7c2bf0499ed5dfe84db2d7d3bb802f47dd2ebb7945e09f542d464dfbd2c70a90ab36ebd331a6549fa16f2e83a06c512c83eec56b5b94040d31da56e021a48c8651ebf3e1f8931a6d18150f1d76d07e7d8ecacbed15e9c2a50e610f1d0b523083b182cde6cf655ddd45409400c23fb89eba0db0ab4eee055a60a6ac7fea75703e8e4d737bfabae0fc3c1406b6b454ba694673a69b1782eb0052c2a4e251c8f96c7bcab1845dc347ded7fb207fd19f2bea2e496d63613af735b8e8376658ce4b43a09b53846f0a0218661d917e39bcd79063128f4c5c570b6214db8ed5e1255d48725ad8dc0d3c5aafafb47095dc1f3572650e4b3d0540cec5340638d325897dc3ecc721634875abc32f6ea1c28bf579013269343786a7e8389df8bf34fee174310f070f0abfb9b5e035aa32be5721b5c8475faba7cce82fc9af55e73d8398a45dd151b0a1490700c02135e81d4153c992e171cec6720269625daec40c909f2bb92f9dae7e7caf86be26f080daeb973bd5912562e4211ef924f284dd583537e15b342ef7a7c3cf4c976742c086915d8d92be7e9f9464fb12fa3908c957ae1b2e4443be891828c9cf41036fcd4d871080e4d035c6dcab88a13704f0538c48d7b24f35282adaa33f588ecd4ce7eb861023e10c5adfd80df856524d14c6485198bb7045921f8ca677a7e50123d8ad717d259f31e4f4808f"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48)
connect$unix(r6, &(0x7f0000000300)=@abs={0x1, 0x0, 0x4e21}, 0x6e)
ioctl$TUNSETFILTEREBPF(r5, 0x800454e1, &(0x7f00000001c0)=r8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r9 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r9, &(0x7f0000019680)=""/102392, 0x18ff8)
getpid()
sched_setscheduler(0x0, 0x0, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)

53.075737213s ago: executing program 4 (id=1561):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x9005}, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, 0x0, 0x0)

52.537820622s ago: executing program 4 (id=1562):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x5, 0x0, 0x0, 0x5}, 0x90)
r1 = socket(0x10, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
syz_init_net_socket$ax25(0x3, 0x5, 0x0)
connect$rose(r2, &(0x7f0000000040)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x40)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x7fffffff, '\x00', 0x0, 0x0, 0x0, 0x10000000}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000040)={'virt_wifi0\x00', &(0x7f0000000540)=@ethtool_per_queue_op={0x4b, 0x0, [0x0, 0x0, 0x2, 0x0, 0x2, 0x10001, 0x0, 0xe3b, 0x9, 0x0, 0x8, 0x20200000, 0x1000, 0x0, 0x5, 0x0, 0x1ec5, 0x0, 0x200, 0x0, 0x2b15, 0x0, 0x800, 0x0, 0xb69d, 0x100, 0x0, 0x8, 0x2, 0x9, 0x0, 0x0, 0x0, 0xbb, 0xff, 0x2, 0x14, 0x5, 0x1, 0x3, 0x0, 0x957d, 0x0, 0x101, 0x0, 0x0, 0x81, 0x0, 0x400, 0x81, 0x55700000, 0x9, 0x2, 0x7, 0x5, 0xfffffffd, 0x0, 0x0, 0x400, 0x0, 0x1000, 0x5, 0x0, 0x0, 0x20, 0xff, 0x0, 0x0, 0x3, 0x8, 0x2, 0x1800, 0x0, 0x1, 0xfd, 0x0, 0x0, 0x3, 0x0, 0x0, 0xc0000000, 0xca, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x401, 0x40, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1, 0x0, 0xffffff0c, 0x3, 0x0, 0xfb02, 0x20004000, 0x8001, 0x0, 0x7fff, 0x80000001, 0x4, 0x81, 0x800, 0x8, 0x4, 0x8, 0x1, 0x0, 0x1f, 0x0, 0x0, 0x1ff, 0x1000, 0x20, 0x100, 0x0, 0xbad, 0xffffffff, 0x0, 0x10000, 0x7, 0x3], "db2f57dc93785221d96de93dc54b417f58381766c5421f3ba7f1110f868f007f0e05a3208c34787969839f29d080e8b471c0937f1666571d60a86e6ab3321cdd4e322dc289a9bcff077c6ce1af2da848345b68a2b556934cd564b92178919afba6d2e0ddfc528bb6df27b37f12eeffd9217de2cb5a84ea9f27347d0117d4957241f3a09729f7ff1b792005adc58ceca0f6a82a3916ea2cbc73793ad782fa519230ace37faf4ca21532f2868ed3f5a7912aebda6099ed658a9baa59d73d71b511407c18668fca9d55d9dd8cc8898447e181628052debc224f8ca74605b12b568bfc60e4c5e9f14cb0de3f7c55de820cb0563170987f1fd298cc0223c920bb1ce901b988ece93653b45c3434c936437a46851c4ea1095876c9b275ddeaf48f35ff242f2875904fd73201adeaf5285ae6cc1d16d3c3b2115947f8d94f4ad260da3b64256c865a6a3dc3c669463ca03384f9a022913b655226daf00882c5baee4d714319a0f1f3eddcd784ee582ca8f62019aa8952ea46805dafcfefb66b350d17c453a6ab0177b67998368b7bc3d804e3d6a02f7c9d14072cacae74fa24417746fc7ba6b0c87fe51d77d0d3c766205b0ab4d971a3cf31645e035e950a6e7e6bc058714a916988ac455ee597a2b6742bc6ec8f30f4aa0efd570b1738a18c81c1fb4f73f57e0a1edbd4258e95982baa2465aac5a3c6d24f1899fb36a585edf11a889bd11ccb2c1e6a8ce1eb2b7cb972729664109fa639a75b841c19703e96c9b2ff805380cc0bfe847ea907eef30ea10fa1754333cbb845cc59cd1d4bf8808373638008eb2f870a6b1d4c64664f9d2adca04697525d3aa15baec8a5841732f07e625f29f7fe24b3b7730047da454811fb6da5a95b806534122884c895fedebca9762f1f4daade1ebff9c6326f1987eb1ec18984e626c167ced3d941a5f52ff6f4e23109cef10547d10733291b56aa51e9c07a58e348661e1332f3dc89f53ff8ba57b186ba4ea022bd1a3d2a11151c5c7e44e2d65316ebee724c6d936299ba8b0a9d07df2fc81ea20d18d02c1de566186d61f2f79d2e95f44a97479ec86d1a26fbb69556a923751ff22ecbeebc3458e299acb286ab7c641a84f4288b4503b92a2884d6e12806360345b05df9a538c71a109380e2d4d2abc720d40b514ef3a53af79b9ed528f8b4aa917c380d9aa1d7028f23bab17884aea6dd03ea4e88306f5946c5a2001f3f4770f50f0afcd94e4d756bc4e87c7899087c2a80267624c439d746fb91d5d2d010b50c452932b38b2639a3759346f3115cf07807f29f82b9ebe8c65926aff06c802ca4919a4288e195627aee82539a0956586eabf83babe011989f5a0394f8d53c54fbeab6e134b69d3519d4013bd9a495217f6cea2de17c4b2a7442978881558da1670b83f80f2671be6fe13d365bcddd25cebac645274226de5f6adc98a865ad7a12c2671a662f8d7531af8f06fa7854d97df58c61f92bb2c3a3f11dfd1715041160e3d9bf2efb78e4f0141306d6d314335b51c8969a32ba881660067560dff0869b4662a0e97a9dc99fa260429bfb48cc438db2dd928793f18a2bf5d77ca5a31833beef15ca41a3e2efabd541a759e7a2f511297a3b6f170075eb18684983978dfad487146933664978bc3fc4a08b15dd0ed963752a330e999d237d7f757a1cc70dc56b59ef1fe4c7880cf1780c2b0edcda6c361e5abad113c4da177952bfbd0dcb6ef3d281f4f10c0544045e145e0a4f7c7fb34ce0137246ac48f44fe5b7c3541a469f5946686869ebfec67eaf43bd5b75414c28ee3e1c65a0a0ea0c286114ae2d02e3e19cd193109ed9c2c0e10f84c0ac059ef110a52748cce23649559b9b12f4ba209d761587300885c871130204775dcd773c59e8878281f8f343cff475224b2b7ee57b014b27e90857a4a4f5d43b1ee2e52a0e04a1998035f80965101a3afa0f7c6f11ea692c9e3cb1a053e1bf270c5b4a3419846bcb66c58cfe48dd5c2c53530bceb3028a2894f5cdec3bf44ab8610625d6080e6e5ee4169167bd5436a75946e6fd1701359dbc57d4f5032321f9cbf713f38a5f782b8d2a0d11b7549c03ece5690f6ca8303cd8ad578f125a3be88ef2e41896bacb3808971ad72f25141694a6b166d7064c15bc3f8ee76041a73b5b0de6211331502ec311adb7ea307062ed0f84d40a84a0975322f485167fb9825a253d8fc1ad69336ba16dbb961e637fab63e7d3a7aedb401dce1e0feeeabc1b7edfe8011ac13ffc729f0e49c6a0a46b82e1c68662caa6f663bf2f4f10ac1a43dd1270a528a2dfaa92c6a100095270e6fe85fd4b5a9b7ad2480f3bf382baea97308670759ac4ae0d1ebb39c9b658f21f0be61b783091685cdf7acc63d15d10b77e1ce9a5016d8ba0889b6b2dcc2c7ae6fec4a60f50a6d80d0044582d6205207a350c247884aaf3bfc9b12f519aa73b54b8ba0dde352e4168d6636cb46a9ff791141560a47f83a8a527f015a013aae836bc16064e4bfd0443f4475bba62440222f0f81cdc99e59fe93939bf03627c08b500c766d541f8f9d93bb58abae2f80c4bcf232dde8fdb9865716b9c4645d48d85f14ef7bf83b3b96f776f008219a06de0ff5eafc7e619f48789111d03c7b13ed6611d392e6a832b2bfa391dbd8d83fc1aaccf09b5c57f3047964ecc57b1255b4745c0f40c76bbb37d845586830f8e131dec9d770ef082e447b57f59918e1dccdf525024e78b22f5b692e62c4dcbbacf50ed82227460b713ea54d3bd9b57467f5ce3fc0165a74c9575a9e03f0f23a06899c9e3efb414f23f5842f94ebe3e7c401b89b17c3563eed691fc7a5283335acf48b002ef2663a1f9a82d6361b492c7cb4ae41fe413a709ab3d9bf5dd51945d62493ce2ec0f5dba5b"}})
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="040983dbc8"], 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x1a, 0xf, &(0x7f00000003c0)=ANY=[@ANYRES16, @ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002180), 0xe98}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000001000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000000400000000000052cf1f56e9c18a3e3fc20f15320c748e2a5e3113d868320f8dfb0b895f2863b2e6911d7e869f337f2075fe9f9b1d5002bebf61f74db734dcdfeb4a5645e578a18d33673b5c397f9cdea937d52aa4e28826832fe6584c2dcb5e53c183bfae08ea84"], 0x0, 0x26}, 0x20)

49.694340582s ago: executing program 4 (id=1569):
mkdir(0x0, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xb, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
r3 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={0xffffffffffffffff}, 0x4)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000001c0)={@cgroup, 0x31, 0x1, 0x0, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6, 0x0, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r4=>0x0}, 0x40)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000280)={0xffffffffffffffff, 0x0, 0x25, 0x0, @val=@netkit={@prog_fd=r3, r4}}, 0x40)
socket$vsock_stream(0x28, 0x1, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r5 = socket$igmp(0x2, 0x3, 0x2)
sendmsg$IPSET_CMD_LIST(0xffffffffffffffff, 0x0, 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r5, 0x0, 0xd2, 0x0, 0x0)
setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, 0x0, 0x0)
setsockopt$MRT_ADD_MFC(r5, 0x0, 0xcc, &(0x7f0000000200)={@empty, @private, 0x0, "606b177019716ea6ac38f5bd6e0630e369c7b35d21ff1f4d7ed79c31e2b0f1da"}, 0x3c)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCXONC(r6, 0x560d, 0x0)
r7 = syz_usb_connect$cdc_ecm(0x2, 0x7d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x6b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x86, 0x2, 0x6, 0x0, 0x0, {{0x9, 0x24, 0x6, 0x0, 0x0, "002dd5d8"}, {0x5}, {0xd}, [@acm={0x4, 0x24, 0x2, 0x4}, @call_mgmt={0x5, 0x24, 0x1, 0x2, 0x80}, @country_functional={0xc, 0x24, 0x7, 0x80, 0xfc00, [0x0, 0x0, 0x3]}, @country_functional={0xa, 0x24, 0x7, 0x9, 0x0, [0xb, 0x9]}, @acm={0x4, 0x24, 0x2, 0xa}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x40, 0x81}}], {{0x9, 0x5, 0x82, 0x2, 0x400}}, {{0x9, 0x5, 0x3, 0x2, 0x20}}}}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r7, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r7, 0x0, 0x0)

45.739427436s ago: executing program 4 (id=1579):
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
timer_settime(0x0, 0x0, &(0x7f00000001c0)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000100)=ANY=[], 0x4c)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f0000000940)={'security\x00', 0x5, "549304a79b"}, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_PKTINFO(r1, 0x10e, 0x3, &(0x7f0000002040)=0x4, 0x4)
sendmsg$NL80211_CMD_GET_MPP(r1, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000180)=ANY=[], 0x28}}, 0x44000800)
recvmmsg(r1, &(0x7f0000000800)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=""/91, 0x5b}}, {{&(0x7f0000000000)=@isdn, 0x0, &(0x7f0000000640)=[{&(0x7f0000000080)=""/225}, {&(0x7f00000001c0)=""/65}, {&(0x7f0000000d40)=""/4096}, {&(0x7f0000000240)=""/99}, {&(0x7f00000002c0)=""/122}, {&(0x7f0000000340)=""/217}, {&(0x7f00000008c0)=""/35}, {&(0x7f0000000500)=""/227}, {&(0x7f0000000600)=""/1}]}}, {{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000700)=""/27}], 0x0, &(0x7f0000000780)=""/112}}], 0x40000000000024a, 0x40002002, 0x0)
r2 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz', 0x3}, &(0x7f0000000480)="3b12feb666ca6ec151de7fbe50b28a17217975227018af772b45155da1570c24d96815c605c84ba4a3f9961b27ca5a02ef78f8fb7795c03ba15a18475fbd760100c3acbd388d2c43f88cbe01da5c03bbe2972679e59f74", 0x57, 0xfffffffffffffffe)
add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0x5ba8, 0xfffffffffffffffd)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000300), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_HARDIF(r0, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0x5c, r3, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x7}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x3ff}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x3}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0xea6a}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xfffffffc}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4000010}, 0x4444)
keyctl$read(0xb, r2, &(0x7f0000000240)=""/112, 0x349b7f55)
socketpair$unix(0x1, 0x0, 0x0, 0x0)
fcntl$lock(0xffffffffffffffff, 0x0, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
syz_socket_connect_nvme_tcp()
socketpair(0x6, 0x1, 0x81, &(0x7f0000001c40)={0xffffffffffffffff, <r5=>0xffffffffffffffff})
socket$nl_generic(0x10, 0x3, 0x10)
accept4$packet(r5, &(0x7f00000009c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000980)=0x14, 0x800)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000000c0)={'wlan1\x00'})

43.222816788s ago: executing program 4 (id=1588):
openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x9)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
socket$can_bcm(0x1d, 0x2, 0x2)
r2 = socket$inet6(0xa, 0x3, 0x3a)
setsockopt$inet6_int(r2, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4)
setsockopt$inet6_mreq(r2, 0x29, 0x14, &(0x7f0000000200)={@mcast1}, 0x14)
bind$inet6(r2, &(0x7f0000000180)={0xa, 0x0, 0x0, @loopback={0xfec0ffff00000000}}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sendmsg$sock(0xffffffffffffffff, 0x0, 0x0)
syz_emit_ethernet(0x82, &(0x7f0000000040)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x48, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @mcast1, [@hopopts={0x3a, 0x1, '\x00', [@calipso={0x7, 0x8}]}]}}}}}}}, 0x0)
pipe(&(0x7f0000000080))
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0x2, 0x0)
write$FUSE_NOTIFY_STORE(r3, 0x0, 0x28)
r4 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000240)=<r5=>0x0, &(0x7f0000000040)=<r6=>0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r8, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10)
syz_io_uring_submit(r5, r6, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0x5, 0x0, 0x0})
io_uring_enter(r4, 0x47f6, 0x0, 0x0, 0x0, 0x0)
syz_open_dev$loop(0x0, 0x0, 0x0)
sendfile(r0, r7, 0x0, 0x4b4)
r9 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r9, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r9, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x1c, &(0x7f0000000340)=[@in6={0xa, 0x4e21, 0xf5, @rand_addr=' \x01\x00', 0xffffff00}]}, &(0x7f0000000100)=0x10)

22.936903898s ago: executing program 0 (id=1620):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_tx_ring(r0, 0x107, 0x5, 0x0, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000017000/0x4000)=nil, 0x4000, 0x0, 0x28011, r1, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)

22.740711231s ago: executing program 0 (id=1624):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x9005}, 0x4)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_LINKMODES_GET(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0)

21.723557276s ago: executing program 0 (id=1626):
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c)
shutdown(r1, 0x1)
setsockopt$inet_sctp6_SCTP_ADD_STREAMS(r1, 0x84, 0x79, &(0x7f0000000000), 0x8)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
move_pages(0x0, 0x1, &(0x7f0000000000)=[&(0x7f0000ffc000/0x1000)=nil], &(0x7f0000001180), 0xfffffffffffffffe, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000300)=ANY=[@ANYRES64=r0], &(0x7f0000000000)='GPL\x00', 0x0, 0xffffffffffffffa9}, 0x90)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
add_key$fscrypt_v1(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
msgsnd(0x0, 0x0, 0x17, 0x0)
msgget(0x1, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x0, 0x0)
pipe(0x0)
msgsnd(0x0, 0x0, 0x9d, 0x0)
msgrcv(0x0, 0x0, 0x0, 0x3, 0x3000)
msgget$private(0x0, 0x0)
msgrcv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
msgsnd(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="03"], 0xe4, 0x0)
recvmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)

15.100381577s ago: executing program 0 (id=1637):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ieee802154(&(0x7f0000000180), r0)
r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYRES32=0x0, @ANYBLOB, @ANYRES8=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
socket$kcm(0x21, 0x2, 0x2)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000280)='./file0\x00', &(0x7f0000000440)='./file0/../file0/file0\x00', 0x0, 0x2809c11, 0x0)
mount$bind(&(0x7f00000006c0)='./file0\x00', 0x0, 0x0, 0xadc51, 0x0)
mount$bind(0x0, &(0x7f0000000400)='./file0/../file0/file0\x00', 0x0, 0x2885013, 0x0)
syz_open_procfs(0x0, &(0x7f00000001c0)='mounts\x00')
r5 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$DRM_IOCTL_VERSION(r5, 0xc0406441, &(0x7f0000000040)={0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
move_mount(0xffffffffffffffff, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file0/../file0\x00', 0x0)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r6, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x0, 0xf, &(0x7f0000000500)=ANY=[@ANYBLOB="0000000000000000b702000014000000b7020000000000008500000883000000bc09000000000000550942fa3900dd3edbd7270100000000009500000000000000bf9100000015000000000000000000008500000000040000b7000000000000009500000000000000"], &(0x7f0000000200)='syzkaller\x00', 0x6, 0x1003, &(0x7f0000001e40)=""/4099}, 0x90)
mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=ANY=[@ANYBLOB="18080000796400000000000000000000851000000600000018000000", @ANYRES32, @ANYBLOB="00000000000000006608000000000000180000000000000000000000000000009500000000000000360a020000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b50a00000000000085000000060000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x8}, 0x90)

14.141517796s ago: executing program 0 (id=1638):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="380000006c0015000000d9fece23b82000000000", @ANYRES32, @ANYBLOB="000080000000000018003480"], 0x38}, 0x1, 0x300}, 0x0)
r0 = socket(0x10, 0x3, 0x0)
sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0)

11.009672541s ago: executing program 0 (id=1645):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYRES64=r0], 0x80}}, 0x48000)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, 0x0, 0x10000)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x0)
prlimit64(0x0, 0x0, 0x0, 0x0)
sched_setscheduler(0x0, 0x7, &(0x7f0000000180)=0xfffffff8)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
creat(&(0x7f0000000440)='./file0\x00', 0x0)
link(&(0x7f0000000200)='./file0\x00', &(0x7f0000000280)='./file1\x00')
mount(&(0x7f0000000240)=@nbd={'/dev/nbd', 0x0}, &(0x7f00000002c0)='./file1\x00', &(0x7f0000000300)='ocfs2\x00', 0x0, &(0x7f0000000340)='\x00')
sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000000))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r6, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)

10.803094486s ago: executing program 1 (id=1647):
r0 = io_uring_setup(0x3055, &(0x7f00000001c0))
r1 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000300)={0x2c, &(0x7f00000000c0)={0x0, 0x0, 0x7, {0x7, 0x0, "78df705a90"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/206, 0xce}], 0x1, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

9.436018886s ago: executing program 1 (id=1651):
r0 = io_uring_setup(0x3055, &(0x7f00000001c0))
r1 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io(r1, &(0x7f0000000300)={0x2c, &(0x7f00000000c0)={0x0, 0x0, 0x7, {0x7, 0x0, "78df705a90"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x0)
preadv(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000340)=""/206, 0xce}], 0x1, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0) (fail_nth: 1)

9.420654075s ago: executing program 2 (id=1652):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
mknodat$loop(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1042, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaa"], 0x0)
sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="48f056c0", @ANYBLOB="000127bd7000ffdbdf250b00000008000300", @ANYRES32=0x0, @ANYBLOB="090007000000001c00000000090007002e82aead52000000040028000400508008006e800400010008003700010000001c006e80040002000400010004000200040002000400010004000200"], 0x68}, 0x1, 0x0, 0x0, 0x18}, 0x24008080)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x82, &(0x7f0000000040)={r6}, 0x8)
ptrace$ARCH_SHSTK_STATUS(0x1e, 0x0, 0x0, 0x5005)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000a80)={{0x2, 0x0, @private}, {0x0, @random="ca1597489704"}, 0x8, {0x2, 0x0, @empty}, 'veth0\x00'})
preadv(0xffffffffffffffff, 0x0, 0x0, 0xfff, 0x0)
r8 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000600)={'team0\x00', <r9=>0x0})
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=@newqdisc={0x98, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x68, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x3, [0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x2, 0x8, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}]}}]}, 0x98}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x16, &(0x7f0000000400)=ANY=[@ANYBLOB="1808000003004300010000b0000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca9000000000000350901000000000095000000000000000473d0d7ff7f00001835000001000000000000000000000095000000000000001836000005000000000000000000000006910800080000007f9800000000000056080000000000008500000084000000b7000000000000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x26, '\x00', r9, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

7.032042866s ago: executing program 1 (id=1653):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x10d, &(0x7f00000003c0)={0x0, 0xefc1}, &(0x7f0000000380), &(0x7f00000001c0))
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r3=>0x0})
r4 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$unix(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)="c6", 0x33fe0}], 0x1}, 0xc0)
recvmsg(r6, &(0x7f0000003b00)={0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000001980)=""/4096, 0x1000}], 0x1}, 0x0)
bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes192\x00'}, 0x58)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r7, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x8e, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaa4038b1bd00000086dd608a35f200580600fe800000000000005e10db97226e6d4cfe8000000000000080000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="600000009078000001080a0000000000000000010502080a0000000000000000051a000000000000000000000000000000000000000000000000220dce2781a9dfe9bc8597d90a0002000000"], 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000080)="a0", 0x1)
writev(0xffffffffffffffff, &(0x7f0000002240)=[{0x0, 0x4}, {&(0x7f0000002200)="cd0a18e9dc5a58ce50de990b1c5c95009d0c2f37a4e27987056f6b6879f9ea9d33b7debb96fe781f39f710b31517d430445d21efd5d941", 0x37}], 0x2)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002400), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_KEY(0xffffffffffffffff, &(0x7f0000002500)={&(0x7f00000023c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000024c0)={&(0x7f0000002440)={0x80, r8, 0x200, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY={0x38, 0x50, 0x0, 0x1, [@NL80211_KEY_SEQ={0x5, 0x4, "d0"}, @NL80211_KEY_TYPE={0x8}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "196f2d5860"}, @NL80211_KEY_DEFAULT_TYPES={0x18, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}]}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0xc, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "1ec2586b2c97ded713964abb59"}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40811)
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r3, @ANYBLOB="11002a00dd0b6162636465666768696a76157238ab83b50fd95a1e4e00000010002d800a"], 0x40}}, 0x0)

6.912050848s ago: executing program 2 (id=1654):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x5, 0x0, 0x0, 0x5}, 0x90)
r1 = socket(0x10, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
syz_init_net_socket$ax25(0x3, 0x5, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x7fffffff, '\x00', 0x0, 0x0, 0x0, 0x10000000}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000040)={'virt_wifi0\x00', &(0x7f0000000540)=@ethtool_per_queue_op={0x4b, 0x0, [0x0, 0x0, 0x2, 0x0, 0x2, 0x10001, 0x0, 0xe3b, 0x9, 0x0, 0x8, 0x20200000, 0x1000, 0x0, 0x5, 0x0, 0x1ec5, 0x0, 0x200, 0x0, 0x2b15, 0x0, 0x800, 0x0, 0xb69d, 0x100, 0x0, 0x8, 0x2, 0x9, 0x0, 0x0, 0x0, 0xbb, 0xff, 0x2, 0x14, 0x5, 0x1, 0x3, 0x0, 0x957d, 0x0, 0x101, 0x0, 0x0, 0x81, 0x0, 0x400, 0x81, 0x55700000, 0x9, 0x2, 0x7, 0x5, 0xfffffffd, 0x0, 0x0, 0x400, 0x0, 0x1000, 0x5, 0x0, 0x0, 0x20, 0xff, 0x0, 0x0, 0x3, 0x8, 0x2, 0x1800, 0x0, 0x1, 0xfd, 0x0, 0x0, 0x3, 0x0, 0x0, 0xc0000000, 0xca, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x401, 0x40, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1, 0x0, 0xffffff0c, 0x3, 0x0, 0xfb02, 0x20004000, 0x8001, 0x0, 0x7fff, 0x80000001, 0x4, 0x81, 0x800, 0x8, 0x4, 0x8, 0x1, 0x0, 0x1f, 0x0, 0x0, 0x1ff, 0x1000, 0x20, 0x100, 0x0, 0xbad, 0xffffffff, 0x0, 0x10000, 0x7, 0x3], "db2f57dc93785221d96de93dc54b417f58381766c5421f3ba7f1110f868f007f0e05a3208c34787969839f29d080e8b471c0937f1666571d60a86e6ab3321cdd4e322dc289a9bcff077c6ce1af2da848345b68a2b556934cd564b92178919afba6d2e0ddfc528bb6df27b37f12eeffd9217de2cb5a84ea9f27347d0117d4957241f3a09729f7ff1b792005adc58ceca0f6a82a3916ea2cbc73793ad782fa519230ace37faf4ca21532f2868ed3f5a7912aebda6099ed658a9baa59d73d71b511407c18668fca9d55d9dd8cc8898447e181628052debc224f8ca74605b12b568bfc60e4c5e9f14cb0de3f7c55de820cb0563170987f1fd298cc0223c920bb1ce901b988ece93653b45c3434c936437a46851c4ea1095876c9b275ddeaf48f35ff242f2875904fd73201adeaf5285ae6cc1d16d3c3b2115947f8d94f4ad260da3b64256c865a6a3dc3c669463ca03384f9a022913b655226daf00882c5baee4d714319a0f1f3eddcd784ee582ca8f62019aa8952ea46805dafcfefb66b350d17c453a6ab0177b67998368b7bc3d804e3d6a02f7c9d14072cacae74fa24417746fc7ba6b0c87fe51d77d0d3c766205b0ab4d971a3cf31645e035e950a6e7e6bc058714a916988ac455ee597a2b6742bc6ec8f30f4aa0efd570b1738a18c81c1fb4f73f57e0a1edbd4258e95982baa2465aac5a3c6d24f1899fb36a585edf11a889bd11ccb2c1e6a8ce1eb2b7cb972729664109fa639a75b841c19703e96c9b2ff805380cc0bfe847ea907eef30ea10fa1754333cbb845cc59cd1d4bf8808373638008eb2f870a6b1d4c64664f9d2adca04697525d3aa15baec8a5841732f07e625f29f7fe24b3b7730047da454811fb6da5a95b806534122884c895fedebca9762f1f4daade1ebff9c6326f1987eb1ec18984e626c167ced3d941a5f52ff6f4e23109cef10547d10733291b56aa51e9c07a58e348661e1332f3dc89f53ff8ba57b186ba4ea022bd1a3d2a11151c5c7e44e2d65316ebee724c6d936299ba8b0a9d07df2fc81ea20d18d02c1de566186d61f2f79d2e95f44a97479ec86d1a26fbb69556a923751ff22ecbeebc3458e299acb286ab7c641a84f4288b4503b92a2884d6e12806360345b05df9a538c71a109380e2d4d2abc720d40b514ef3a53af79b9ed528f8b4aa917c380d9aa1d7028f23bab17884aea6dd03ea4e88306f5946c5a2001f3f4770f50f0afcd94e4d756bc4e87c7899087c2a80267624c439d746fb91d5d2d010b50c452932b38b2639a3759346f3115cf07807f29f82b9ebe8c65926aff06c802ca4919a4288e195627aee82539a0956586eabf83babe011989f5a0394f8d53c54fbeab6e134b69d3519d4013bd9a495217f6cea2de17c4b2a7442978881558da1670b83f80f2671be6fe13d365bcddd25cebac645274226de5f6adc98a865ad7a12c2671a662f8d7531af8f06fa7854d97df58c61f92bb2c3a3f11dfd1715041160e3d9bf2efb78e4f0141306d6d314335b51c8969a32ba881660067560dff0869b4662a0e97a9dc99fa260429bfb48cc438db2dd928793f18a2bf5d77ca5a31833beef15ca41a3e2efabd541a759e7a2f511297a3b6f170075eb18684983978dfad487146933664978bc3fc4a08b15dd0ed963752a330e999d237d7f757a1cc70dc56b59ef1fe4c7880cf1780c2b0edcda6c361e5abad113c4da177952bfbd0dcb6ef3d281f4f10c0544045e145e0a4f7c7fb34ce0137246ac48f44fe5b7c3541a469f5946686869ebfec67eaf43bd5b75414c28ee3e1c65a0a0ea0c286114ae2d02e3e19cd193109ed9c2c0e10f84c0ac059ef110a52748cce23649559b9b12f4ba209d761587300885c871130204775dcd773c59e8878281f8f343cff475224b2b7ee57b014b27e90857a4a4f5d43b1ee2e52a0e04a1998035f80965101a3afa0f7c6f11ea692c9e3cb1a053e1bf270c5b4a3419846bcb66c58cfe48dd5c2c53530bceb3028a2894f5cdec3bf44ab8610625d6080e6e5ee4169167bd5436a75946e6fd1701359dbc57d4f5032321f9cbf713f38a5f782b8d2a0d11b7549c03ece5690f6ca8303cd8ad578f125a3be88ef2e41896bacb3808971ad72f25141694a6b166d7064c15bc3f8ee76041a73b5b0de6211331502ec311adb7ea307062ed0f84d40a84a0975322f485167fb9825a253d8fc1ad69336ba16dbb961e637fab63e7d3a7aedb401dce1e0feeeabc1b7edfe8011ac13ffc729f0e49c6a0a46b82e1c68662caa6f663bf2f4f10ac1a43dd1270a528a2dfaa92c6a100095270e6fe85fd4b5a9b7ad2480f3bf382baea97308670759ac4ae0d1ebb39c9b658f21f0be61b783091685cdf7acc63d15d10b77e1ce9a5016d8ba0889b6b2dcc2c7ae6fec4a60f50a6d80d0044582d6205207a350c247884aaf3bfc9b12f519aa73b54b8ba0dde352e4168d6636cb46a9ff791141560a47f83a8a527f015a013aae836bc16064e4bfd0443f4475bba62440222f0f81cdc99e59fe93939bf03627c08b500c766d541f8f9d93bb58abae2f80c4bcf232dde8fdb9865716b9c4645d48d85f14ef7bf83b3b96f776f008219a06de0ff5eafc7e619f48789111d03c7b13ed6611d392e6a832b2bfa391dbd8d83fc1aaccf09b5c57f3047964ecc57b1255b4745c0f40c76bbb37d845586830f8e131dec9d770ef082e447b57f59918e1dccdf525024e78b22f5b692e62c4dcbbacf50ed82227460b713ea54d3bd9b57467f5ce3fc0165a74c9575a9e03f0f23a06899c9e3efb414f23f5842f94ebe3e7c401b89b17c3563eed691fc7a5283335acf48b002ef2663a1f9a82d6361b492c7cb4ae41fe413a709ab3d9bf5dd51945d62493ce2ec0f5dba5b"}})
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="040983dbc8"], 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x1a, 0xf, &(0x7f00000003c0)=ANY=[@ANYRES16=r3, @ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x10)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000002180), 0xe98}}, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000001000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000000400000000000052cf1f56e9c18a3e3fc20f15320c748e2a5e3113d868320f8dfb0b895f2863b2e6911d7e869f337f2075fe9f9b1d5002bebf61f74db734dcdfeb4a5645e578a18d33673b5c397f9cdea937d52aa4e28826832fe6584c2dcb5e53c183bfae08ea84"], 0x0, 0x26}, 0x20)

6.911447595s ago: executing program 3 (id=1655):
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f00000001c0)=ANY=[@ANYBLOB="18080000000000000000000000000000851000000600000018100000", @ANYRES32=r0, @ANYBLOB="0000000000000000660000000000180018000000000000000000000000000000950000fc00000000a60a000000000000180000002020782500000000002020207b1af8ff00000000bfa10000000000000700000002feffffb702000008160000b703000000000000a50000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x2, 0xde, &(0x7f0000000340)=""/222}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x4, 0x1c, &(0x7f0000000d80)=ANY=[@ANYBLOB="18080000000000000000000005000000181100", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000035090100000000009500000000070000b7020000000000007b9a00fe000000006609000000000000dbaaf0ff50000000bf86"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = signalfd(r1, &(0x7f0000000040)={[0x2]}, 0x8)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000100)={'vxcan0\x00', <r5=>0x0})
r6 = socket$can_raw(0x1d, 0x3, 0x1)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r7}, 0x10)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r8, 0x0)
bpf$ENABLE_STATS(0x20, &(0x7f0000000000), 0x4)
bind$can_raw(r6, &(0x7f0000000000)={0x1d, r5}, 0x10)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0)
setsockopt$RDS_GET_MR_FOR_DEST(r2, 0x114, 0x7, &(0x7f0000000280)={@ll={0x11, 0x1, r5, 0x1, 0x2, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, {&(0x7f0000000080)}, &(0x7f00000000c0), 0x48}, 0xa0)

5.967403934s ago: executing program 3 (id=1656):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x10d, &(0x7f00000003c0)={0x0, 0xefc1}, &(0x7f0000000380), &(0x7f00000001c0))
socket$netlink(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'wlan1\x00'})
r1 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$unix(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)="c6", 0x33fe0}], 0x1}, 0xc0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
recvmsg(r3, &(0x7f0000003b00)={0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000001980)=""/4096, 0x1000}], 0x1}, 0x0)
bind$alg(r1, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes192\x00'}, 0x58)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r4, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x8e, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaa4038b1bd00000086dd608a35f200580600fe800000000000005e10db97226e6d4cfe8000000000000080000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="600000009078000001080a0000000000000000010502080a0000000000000000051a000000000000000000000000000000000000000000000000220dce2781a9dfe9bc8597d90a0002000000"], 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)

5.949417428s ago: executing program 1 (id=1657):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x10d, &(0x7f00000003c0)={0x0, 0xefc1}, &(0x7f0000000380), &(0x7f00000001c0))
socket$netlink(0x10, 0x3, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'wlan1\x00'})
r1 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$unix(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)="c6", 0x33fe0}], 0x1}, 0xc0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
recvmsg(r3, &(0x7f0000003b00)={0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000001980)=""/4096, 0x1000}], 0x1}, 0x0)
bind$alg(r1, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes192\x00'}, 0x58)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r4, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x8e, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaa4038b1bd00000086dd608a35f200580600fe800000000000005e10db97226e6d4cfe8000000000000080000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="600000009078000001080a0000000000000000010502080a0000000000000000051a000000000000000000000000000000000000000000000000220dce2781a9dfe9bc8597d90a0002000000"], 0x0)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, 0x0, 0x0)

4.826986057s ago: executing program 1 (id=1658):
semget$private(0x0, 0x4, 0x0)
syz_open_dev$evdev(0x0, 0x0, 0x0)
syz_open_dev$evdev(0x0, 0x0, 0x0)
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0)
mbind(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x6002, &(0x7f0000000040)=0xa, 0x7, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f0000000100)={{0x12, 0x1, 0x0, 0x6c, 0x79, 0x8, 0x10, 0x14aa, 0x22b, 0x8e53, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xd7, 0x2a, 0xc8}}]}}]}}, 0x0)
syz_usb_connect$printer(0x0, 0x36, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000001c0), &(0x7f0000000080)=0xc)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000540)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="300000000000000017e2ffff010000001800000045f43a7ce45002bdb85e47ab3e39597e422ffab456dd963a00000000180000000000000017010000040000000602000000400000180000000000000017010000030000000100000000000079240809000000ac87448793609bd8299d6dfc465829b711ce28eb8f568438917ebd0699be96bd1485f6aaa8486e00000000e301f2e09aebda6eeb1c61f96b6d3f91c0f8c1ffbb85cfdd5b8b437a3720ba4cdfb681516c3a240207b6bbdfb37747cc7411"], 0x60}], 0x1, 0x0)
syz_emit_ethernet(0x289, &(0x7f0000000880)=ANY=[@ANYBLOB], 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
dup(r1)
openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x6, 0x0, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x408600}, 0xc, &(0x7f0000000140)={&(0x7f0000000900)=@deltfilter={0x2bc, 0x2d, 0x200, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xa, 0xa}, {0x0, 0xfff3}, {0xe, 0xe}}, [@TCA_CHAIN={0x8, 0xb, 0x8}, @TCA_RATE={0x6, 0x5, {0x10, 0x3}}, @filter_kind_options=@f_flow={{0x9}, {0x27c, 0x2, [@TCA_FLOW_ACT={0x268, 0x9, 0x0, 0x1, [@m_vlan={0x8c, 0x10, 0x0, 0x0, {{0x9}, {0x24, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x2}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x3}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x3}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x2}]}, {0x3e, 0x6, "a3ea96b7e9016a742052e522eadd52a1db838040e07350a1ebd40a08ee1f69300d02d2deedcfefe2ca2fc7c77c0cd898c61a10991e85e1106a1f"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_vlan={0xa4, 0x19, 0x0, 0x0, {{0x9}, {0x78, 0x2, 0x0, 0x1, [@TCA_VLAN_PARMS={0x1c, 0x2, {{0x0, 0xeed, 0x5, 0x0, 0x3}, 0x1}}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x5, 0xfff, 0x4, 0x1, 0x1}, 0x3}}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x2}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x760, 0x3, 0x7, 0x1d1, 0x81}, 0x1}}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x88a8}, @TCA_VLAN_PUSH_VLAN_PRIORITY={0x5, 0x6, 0x3}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}, @m_skbedit={0x134, 0x1d, 0x0, 0x0, {{0xc}, {0x5c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x5}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x6}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x10000}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x2}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x2}, @TCA_SKBEDIT_PRIORITY={0x8, 0x3, {0xffff, 0xfff1}}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x3}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x8000}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0x9, 0xc457, 0xffffffffffffffff, 0x8, 0x752}}]}, {0xaf, 0x6, "d65b0577c7d74e75dbe08f18b4ec643c7cc1e2eb5aa72ae0d992dab0307a76251a8acac72cdd56dc50f4d8cbf9a1ecf828857c7d1d7bd54cc8782e33fdb41105682fe99d04ee4f66bc8224a7b37ffe3c3af07feccff5f977cab931861df74974650055c37a14e2d83fdce5809e74cae25953214a16da67c6aa02b1e62c1a435168f5c85b7a166739b02986645ff74a1b892f03837b33859165cab70d8197c8067d89e43e924df68a9b39dc"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}, @TCA_FLOW_DIVISOR={0x8}, @TCA_FLOW_ADDEND={0x8}]}}]}, 0x2bc}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r4 = fsmount(r2, 0x0, 0x0)
r5 = openat$cgroup_subtree(r4, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000080)={[{0x2b, 'rdma'}, {0x2d, 'io'}]}, 0xa)

4.803774226s ago: executing program 2 (id=1659):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x10d, &(0x7f00000003c0)={0x0, 0xefc1}, &(0x7f0000000380), &(0x7f00000001c0))
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r3=>0x0})
r4 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$unix(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)="c6", 0x33fe0}], 0x1}, 0xc0)
recvmsg(r6, &(0x7f0000003b00)={0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000001980)=""/4096, 0x1000}], 0x1}, 0x0)
bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes192\x00'}, 0x58)
r7 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r7, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r7, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x8e, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaa4038b1bd00000086dd608a35f200580600fe800000000000005e10db97226e6d4cfe8000000000000080000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="600000009078000001080a0000000000000000010502080a0000000000000000051a000000000000000000000000000000000000000000000000220dce2781a9dfe9bc8597d90a0002000000"], 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000080)="a0", 0x1)
writev(0xffffffffffffffff, &(0x7f0000002240)=[{0x0, 0x4}, {&(0x7f0000002200)="cd0a18e9dc5a58ce50de990b1c5c95009d0c2f37a4e27987056f6b6879f9ea9d33b7debb96fe781f39f710b31517d430445d21efd5d941", 0x37}], 0x2)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002400), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_KEY(0xffffffffffffffff, &(0x7f0000002500)={&(0x7f00000023c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000024c0)={&(0x7f0000002440)={0x80, r8, 0x200, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY={0x38, 0x50, 0x0, 0x1, [@NL80211_KEY_SEQ={0x5, 0x4, "d0"}, @NL80211_KEY_TYPE={0x8}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "196f2d5860"}, @NL80211_KEY_DEFAULT_TYPES={0x18, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}]}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0xc, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "1ec2586b2c97ded713964abb59"}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40811)
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r3, @ANYBLOB="11002a00dd0b6162636465666768696a76157238ab83b50fd95a1e4e00000010002d800a"], 0x40}}, 0x0)

4.786688949s ago: executing program 3 (id=1660):
socket$nl_route(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x5, 0x0, 0x0, 0x5}, 0x90)
r1 = socket(0x10, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
syz_init_net_socket$ax25(0x3, 0x5, 0x0)
connect$rose(r2, &(0x7f0000000040)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x0, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x40)
sendmsg$nl_generic(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0)
r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x7fffffff, '\x00', 0x0, 0x0, 0x0, 0x10000000}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r4=>0xffffffffffffffff})
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f0000000040)={'virt_wifi0\x00', &(0x7f0000000540)=@ethtool_per_queue_op={0x4b, 0x0, [0x0, 0x0, 0x2, 0x0, 0x2, 0x10001, 0x0, 0xe3b, 0x9, 0x0, 0x8, 0x20200000, 0x1000, 0x0, 0x5, 0x0, 0x1ec5, 0x0, 0x200, 0x0, 0x2b15, 0x0, 0x800, 0x0, 0xb69d, 0x100, 0x0, 0x8, 0x2, 0x9, 0x0, 0x0, 0x0, 0xbb, 0xff, 0x2, 0x14, 0x5, 0x1, 0x3, 0x0, 0x957d, 0x0, 0x101, 0x0, 0x0, 0x81, 0x0, 0x400, 0x81, 0x55700000, 0x9, 0x2, 0x7, 0x5, 0xfffffffd, 0x0, 0x0, 0x400, 0x0, 0x1000, 0x5, 0x0, 0x0, 0x20, 0xff, 0x0, 0x0, 0x3, 0x8, 0x2, 0x1800, 0x0, 0x1, 0xfd, 0x0, 0x0, 0x3, 0x0, 0x0, 0xc0000000, 0xca, 0x0, 0x0, 0x1, 0x0, 0x3, 0x0, 0x401, 0x40, 0x0, 0x0, 0x0, 0x0, 0x400, 0x1, 0x0, 0xffffff0c, 0x3, 0x0, 0xfb02, 0x20004000, 0x8001, 0x0, 0x7fff, 0x80000001, 0x4, 0x81, 0x800, 0x8, 0x4, 0x8, 0x1, 0x0, 0x1f, 0x0, 0x0, 0x1ff, 0x1000, 0x20, 0x100, 0x0, 0xbad, 0xffffffff, 0x0, 0x10000, 0x7, 0x3], "db2f57dc93785221d96de93dc54b417f58381766c5421f3ba7f1110f868f007f0e05a3208c34787969839f29d080e8b471c0937f1666571d60a86e6ab3321cdd4e322dc289a9bcff077c6ce1af2da848345b68a2b556934cd564b92178919afba6d2e0ddfc528bb6df27b37f12eeffd9217de2cb5a84ea9f27347d0117d4957241f3a09729f7ff1b792005adc58ceca0f6a82a3916ea2cbc73793ad782fa519230ace37faf4ca21532f2868ed3f5a7912aebda6099ed658a9baa59d73d71b511407c18668fca9d55d9dd8cc8898447e181628052debc224f8ca74605b12b568bfc60e4c5e9f14cb0de3f7c55de820cb0563170987f1fd298cc0223c920bb1ce901b988ece93653b45c3434c936437a46851c4ea1095876c9b275ddeaf48f35ff242f2875904fd73201adeaf5285ae6cc1d16d3c3b2115947f8d94f4ad260da3b64256c865a6a3dc3c669463ca03384f9a022913b655226daf00882c5baee4d714319a0f1f3eddcd784ee582ca8f62019aa8952ea46805dafcfefb66b350d17c453a6ab0177b67998368b7bc3d804e3d6a02f7c9d14072cacae74fa24417746fc7ba6b0c87fe51d77d0d3c766205b0ab4d971a3cf31645e035e950a6e7e6bc058714a916988ac455ee597a2b6742bc6ec8f30f4aa0efd570b1738a18c81c1fb4f73f57e0a1edbd4258e95982baa2465aac5a3c6d24f1899fb36a585edf11a889bd11ccb2c1e6a8ce1eb2b7cb972729664109fa639a75b841c19703e96c9b2ff805380cc0bfe847ea907eef30ea10fa1754333cbb845cc59cd1d4bf8808373638008eb2f870a6b1d4c64664f9d2adca04697525d3aa15baec8a5841732f07e625f29f7fe24b3b7730047da454811fb6da5a95b806534122884c895fedebca9762f1f4daade1ebff9c6326f1987eb1ec18984e626c167ced3d941a5f52ff6f4e23109cef10547d10733291b56aa51e9c07a58e348661e1332f3dc89f53ff8ba57b186ba4ea022bd1a3d2a11151c5c7e44e2d65316ebee724c6d936299ba8b0a9d07df2fc81ea20d18d02c1de566186d61f2f79d2e95f44a97479ec86d1a26fbb69556a923751ff22ecbeebc3458e299acb286ab7c641a84f4288b4503b92a2884d6e12806360345b05df9a538c71a109380e2d4d2abc720d40b514ef3a53af79b9ed528f8b4aa917c380d9aa1d7028f23bab17884aea6dd03ea4e88306f5946c5a2001f3f4770f50f0afcd94e4d756bc4e87c7899087c2a80267624c439d746fb91d5d2d010b50c452932b38b2639a3759346f3115cf07807f29f82b9ebe8c65926aff06c802ca4919a4288e195627aee82539a0956586eabf83babe011989f5a0394f8d53c54fbeab6e134b69d3519d4013bd9a495217f6cea2de17c4b2a7442978881558da1670b83f80f2671be6fe13d365bcddd25cebac645274226de5f6adc98a865ad7a12c2671a662f8d7531af8f06fa7854d97df58c61f92bb2c3a3f11dfd1715041160e3d9bf2efb78e4f0141306d6d314335b51c8969a32ba881660067560dff0869b4662a0e97a9dc99fa260429bfb48cc438db2dd928793f18a2bf5d77ca5a31833beef15ca41a3e2efabd541a759e7a2f511297a3b6f170075eb18684983978dfad487146933664978bc3fc4a08b15dd0ed963752a330e999d237d7f757a1cc70dc56b59ef1fe4c7880cf1780c2b0edcda6c361e5abad113c4da177952bfbd0dcb6ef3d281f4f10c0544045e145e0a4f7c7fb34ce0137246ac48f44fe5b7c3541a469f5946686869ebfec67eaf43bd5b75414c28ee3e1c65a0a0ea0c286114ae2d02e3e19cd193109ed9c2c0e10f84c0ac059ef110a52748cce23649559b9b12f4ba209d761587300885c871130204775dcd773c59e8878281f8f343cff475224b2b7ee57b014b27e90857a4a4f5d43b1ee2e52a0e04a1998035f80965101a3afa0f7c6f11ea692c9e3cb1a053e1bf270c5b4a3419846bcb66c58cfe48dd5c2c53530bceb3028a2894f5cdec3bf44ab8610625d6080e6e5ee4169167bd5436a75946e6fd1701359dbc57d4f5032321f9cbf713f38a5f782b8d2a0d11b7549c03ece5690f6ca8303cd8ad578f125a3be88ef2e41896bacb3808971ad72f25141694a6b166d7064c15bc3f8ee76041a73b5b0de6211331502ec311adb7ea307062ed0f84d40a84a0975322f485167fb9825a253d8fc1ad69336ba16dbb961e637fab63e7d3a7aedb401dce1e0feeeabc1b7edfe8011ac13ffc729f0e49c6a0a46b82e1c68662caa6f663bf2f4f10ac1a43dd1270a528a2dfaa92c6a100095270e6fe85fd4b5a9b7ad2480f3bf382baea97308670759ac4ae0d1ebb39c9b658f21f0be61b783091685cdf7acc63d15d10b77e1ce9a5016d8ba0889b6b2dcc2c7ae6fec4a60f50a6d80d0044582d6205207a350c247884aaf3bfc9b12f519aa73b54b8ba0dde352e4168d6636cb46a9ff791141560a47f83a8a527f015a013aae836bc16064e4bfd0443f4475bba62440222f0f81cdc99e59fe93939bf03627c08b500c766d541f8f9d93bb58abae2f80c4bcf232dde8fdb9865716b9c4645d48d85f14ef7bf83b3b96f776f008219a06de0ff5eafc7e619f48789111d03c7b13ed6611d392e6a832b2bfa391dbd8d83fc1aaccf09b5c57f3047964ecc57b1255b4745c0f40c76bbb37d845586830f8e131dec9d770ef082e447b57f59918e1dccdf525024e78b22f5b692e62c4dcbbacf50ed82227460b713ea54d3bd9b57467f5ce3fc0165a74c9575a9e03f0f23a06899c9e3efb414f23f5842f94ebe3e7c401b89b17c3563eed691fc7a5283335acf48b002ef2663a1f9a82d6361b492c7cb4ae41fe413a709ab3d9bf5dd51945d62493ce2ec0f5dba5b"}})
syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="040983dbc8"], 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x1a, 0xf, &(0x7f00000003c0)=ANY=[@ANYRES16=r3, @ANYBLOB], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000001000)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000000400000000000052cf1f56e9c18a3e3fc20f15320c748e2a5e3113d868320f8dfb0b895f2863b2e6911d7e869f337f2075fe9f9b1d5002bebf61f74db734dcdfeb4a5645e578a18d33673b5c397f9cdea937d52aa4e28826832fe6584c2dcb5e53c183bfae08ea84"], 0x0, 0x26}, 0x20)
socket$inet6(0xa, 0x2, 0x3a)

3.072415531s ago: executing program 3 (id=1661):
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$packet(0x11, 0x0, 0x300)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nbd(&(0x7f0000000a80), 0xffffffffffffffff)
ioctl$FS_IOC_GETFLAGS(0xffffffffffffffff, 0x80086601, 0xfffffffffffffffe)
socket$nl_route(0x10, 0x3, 0x0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0)
r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0100000000000000000007000000080009000104000008000b00000000"], 0x24}}, 0x0)
r6 = socket$rds(0x15, 0x5, 0x0)
fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f00000000c0)=0x1)
bind$rds(r6, &(0x7f00000021c0)={0x2, 0x0, @local}, 0x10)
sendmsg$rds(r6, &(0x7f0000002180)={&(0x7f0000000100)={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0, 0x0, &(0x7f0000001fc0)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000001780)=[{&(0x7f00000006c0)=""/4096, 0x1000}], 0x1}}, @rdma_args={0x48, 0x114, 0x1, {{}, {0x0}, &(0x7f0000001ec0)=[{&(0x7f0000001a00)=""/154, 0x9a}], 0x1}}], 0x90}, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
openat$cgroup_devices(r7, &(0x7f0000000080)='devices.allow\x00', 0x2, 0x0)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000001c0), r0)

3.01890085s ago: executing program 2 (id=1662):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
mknodat$loop(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1042, 0x0)
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaa"], 0x0)
sendmsg$NL80211_CMD_NEW_KEY(r0, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="48f056c0", @ANYBLOB="000127bd7000ffdbdf250b00000008000300", @ANYRES32=0x0, @ANYBLOB="090007000000001c00000000090007002e82aead52000000040028000400508008006e800400010008003700010000001c006e80040002000400010004000200040002000400010004000200"], 0x68}, 0x1, 0x0, 0x0, 0x18}, 0x24008080)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
r5 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r6=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r4, 0x84, 0x82, &(0x7f0000000040)={r6}, 0x8)
ptrace$ARCH_SHSTK_STATUS(0x1e, 0x0, 0x0, 0x5005)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r7 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000a80)={{0x2, 0x0, @private}, {0x0, @random="ca1597489704"}, 0x8, {0x2, 0x0, @empty}, 'veth0\x00'})
preadv(0xffffffffffffffff, 0x0, 0x0, 0xfff, 0x0)
r8 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r8, 0x8933, &(0x7f0000000600)={'team0\x00', <r9=>0x0})
r10 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r10, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=@newqdisc={0x98, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x68, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x3, [0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x2, 0x8, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}]}}]}, 0x98}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x16, &(0x7f0000000400)=ANY=[@ANYBLOB="1808000003004300010000b0000000000018110000", @ANYRES32=r7, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca9000000000000350901000000000095000000000000000473d0d7ff7f00001835000001000000000000000000000095000000000000001836000005000000000000000000000006910800080000007f9800000000000056080000000000008500000084000000b7000000000000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x26, '\x00', r9, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

1.644209815s ago: executing program 1 (id=1663):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1042, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_emit_ethernet(0x4a, 0x0, 0x0)
sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="48f0", @ANYRES16=0x0, @ANYBLOB="000127bd7000ffdbdf250b00000008000300", @ANYRES32=0x0, @ANYBLOB="090007000000001c00000000090007002e82aead52000000040028000400508008006e800400010008003700010000001c006e80040002000400010004000200040002000400010004000200"], 0x68}, 0x1, 0x0, 0x0, 0x18}, 0x24008080)
socket$inet6_sctp(0xa, 0x5, 0x84)
r3 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8)
ptrace$ARCH_SHSTK_STATUS(0x1e, 0x0, 0x0, 0x5005)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000a80)={{0x2, 0x0, @private}, {0x0, @random="ca1597489704"}, 0x8, {0x2, 0x0, @empty}, 'veth0\x00'})
preadv(0xffffffffffffffff, 0x0, 0x0, 0xfff, 0x0)
r5 = socket(0x11, 0x800000003, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000600)={'team0\x00', <r6=>0x0})
r7 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000280)=@newqdisc={0x98, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x68, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x3, [0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x0, [0x8, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x2, 0x8, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x4}]}}]}, 0x98}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0x16, &(0x7f0000000400)=ANY=[@ANYBLOB="1808000003004300010000b0000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bca9000000000000350901000000000095000000000000000473d0d7ff7f00001835000001000000000000000000000095000000000000001836000005000000000000000000000006910800080000007f9800000000000056080000000000008500000084000000b7000000000000009500000000000000"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x26, '\x00', r6, 0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

1.643748244s ago: executing program 3 (id=1664):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x10d, &(0x7f00000003c0)={0x0, 0xefc1}, &(0x7f0000000380), &(0x7f00000001c0))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00'})
r2 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$unix(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)="c6", 0x33fe0}], 0x1}, 0xc0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
recvmsg(r4, &(0x7f0000003b00)={0x0, 0x0, &(0x7f0000003a40)=[{&(0x7f0000001980)=""/4096, 0x1000}], 0x1}, 0x0)
bind$alg(r2, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes192\x00'}, 0x58)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r5, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r5, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x8e, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaa4038b1bd00000086dd608a35f200580600fe800000000000005e10db97226e6d4cfe8000000000000080000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="600000009078000001080a0000000000000000010502080a0000000000000000051a000000000000000000000000000000000000000000000000220dce2781a9dfe9bc8597d90a0002000000"], 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)

1.543787849s ago: executing program 2 (id=1665):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x48)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/ip6_flowlabel\x00')
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000200)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16, @ANYBLOB, @ANYRES32=0x0, @ANYBLOB="0800030002000000"], 0x98}}, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f00000001c0)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c00f3266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
rt_sigprocmask(0x0, &(0x7f0000000100)={[0xfffffffffffe]}, 0x0, 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0xcc71)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102370, 0x18fe2}], 0x1, 0x0, 0x0)
syz_pidfd_open(0x0, 0x0)
setns(0xffffffffffffffff, 0x3c020000)
r4 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
ioctl$VIDIOC_QUERY_EXT_CTRL(r4, 0xc0e85667, &(0x7f0000000500)={0x40000000, 0x101, "0a1f511f900700427ff44fba1abc61019d30fd87819aba0a3fb25f2167d30b0e", 0x0, 0x0, 0x2, 0x0, 0x0, 0x8})
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000140)={0xfffeffff})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x9}]})
r5 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r5)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r6 = inotify_init1(0x0)
r7 = syz_clone(0x0, &(0x7f0000001040)="b5", 0x1, &(0x7f00000010c0), &(0x7f0000001100), &(0x7f0000001140))
fcntl$setown(r6, 0x8, r7)
fcntl$getownex(r6, 0x10, &(0x7f0000000140)={0x0, <r8=>0x0})
openat$hwrng(0xffffffffffffff9c, 0x0, 0xb4b81, 0x0)
syz_open_procfs(r8, &(0x7f0000000600)='fd/4\x00')

326.412776ms ago: executing program 3 (id=1666):
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
syz_io_uring_setup(0x10d, &(0x7f00000003c0)={0x0, 0xefc1}, &(0x7f0000000380), &(0x7f00000001c0))
socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r3=>0x0})
r4 = socket$alg(0x26, 0x5, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff})
sendmsg$unix(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)="c6", 0x33fe0}], 0x1}, 0xc0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
bind$alg(r4, &(0x7f0000000140)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes192\x00'}, 0x58)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r6, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r6, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @dev, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x8e, &(0x7f0000000340)=ANY=[@ANYBLOB="aaaaaaaaaa4038b1bd00000086dd608a35f200580600fe800000000000005e10db97226e6d4cfe8000000000000080000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="600000009078000001080a0000000000000000010502080a0000000000000000051a000000000000000000000000000000000000000000000000220dce2781a9dfe9bc8597d90a0002000000"], 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f0000000080)="a0", 0x1)
writev(0xffffffffffffffff, &(0x7f0000002240)=[{0x0, 0x4}, {&(0x7f0000002200)="cd0a18e9dc5a58ce50de990b1c5c95009d0c2f37a4e27987056f6b6879f9ea9d33b7debb96fe781f39f710b31517d430445d21efd5d941", 0x37}], 0x2)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000002400), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_KEY(0xffffffffffffffff, &(0x7f0000002500)={&(0x7f00000023c0)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000024c0)={&(0x7f0000002440)={0x80, r7, 0x200, 0x70bd28, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY={0x38, 0x50, 0x0, 0x1, [@NL80211_KEY_SEQ={0x5, 0x4, "d0"}, @NL80211_KEY_TYPE={0x8}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "196f2d5860"}, @NL80211_KEY_DEFAULT_TYPES={0x18, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}]}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0xc, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY_TYPE={0x8, 0x37, 0x1}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "1ec2586b2c97ded713964abb59"}]}, 0x80}, 0x1, 0x0, 0x0, 0x4000000}, 0x40811)
sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r2, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r3, @ANYBLOB="11002a00dd0b6162636465666768696a76157238ab83b50fd95a1e4e00000010002d800a"], 0x40}}, 0x0)

0s ago: executing program 2 (id=1667):
mmap(&(0x7f000001a000/0x2000)=nil, 0x2000, 0x0, 0x810, 0xffffffffffffffff, 0x28118000)
socket$inet_smc(0x2b, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000380)={@cgroup, 0xffffffffffffffff, 0x1a, 0x4024}, 0x20)
sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x4)
r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f00000001c0)='cgroup.threads\x00', 0x2, 0x0)
open_by_handle_at(r3, &(0x7f0000000100)=@ocfs2={0xc, 0xfe, {0x4}}, 0x260040)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000180)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$KDENABIO(0xffffffffffffffff, 0x4b36)
prctl$PR_MCE_KILL(0x48, 0x0, 0x0)
r7 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600000, 0x200000, 0x0, &(0x7f0000a00000/0x600000)=nil)
r8 = syz_open_procfs$pagemap(0x0, &(0x7f0000000040))
ioctl$PAGEMAP_SCAN(r8, 0xc0606610, &(0x7f00000004c0)={0x60, 0x0, &(0x7f0000165000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, &(0x7f0000000000)=[{}], 0x1})
dup(r7)

kernel console output (not intermixed with test programs):

T9] usb 5-1: Using ep0 maxpacket: 16
[  463.238337][    T9] usb 5-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  463.248228][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.256516][    T9] usb 5-1: Product: syz
[  463.261368][    T9] usb 5-1: Manufacturer: syz
[  463.266627][    T9] usb 5-1: SerialNumber: syz
[  463.291340][    T9] usb 5-1: config 0 descriptor??
[  463.309341][    T9] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  463.319260][ T5266] usb 1-1: Using ep0 maxpacket: 8
[  463.329523][ T5266] usb 1-1: config 135 has an invalid interface number: 230 but max is 0
[  463.338814][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  463.345823][ T5266] usb 1-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config
[  463.362798][    T9] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  463.378244][ T5266] usb 1-1: config 135 has no interface number 0
[  463.405847][ T5266] usb 1-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  463.440025][ T5266] usb 1-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a
[  463.450902][ T5266] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  463.478283][ T5266] usb 1-1: Product: syz
[  463.484341][ T5266] usb 1-1: Manufacturer: syz
[  463.490326][ T5266] usb 1-1: SerialNumber: syz
[  463.568846][ T5272] usb 4-1: USB disconnect, device number 45
[  463.584368][    T9] usb 5-1: USB disconnect, device number 46
[  463.593256][ T5266] usb 1-1: Found UVC 0.00 device syz (18ec:3288)
[  463.610036][ T5266] usb 1-1: No valid video chain found.
[  463.908557][ T9761] tmpfs: Bad value for 'mpol'
[  464.808721][ T5264] usb 1-1: USB disconnect, device number 58
[  467.651249][ T9786] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1154'.
[  468.584803][ T9792] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1155'.
[  469.227998][ T9795] FAULT_INJECTION: forcing a failure.
[  469.227998][ T9795] name failslab, interval 1, probability 0, space 0, times 0
[  469.308098][ T9795] CPU: 1 UID: 0 PID: 9795 Comm: syz.1.1157 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  469.318462][ T9795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  469.328504][ T9795] Call Trace:
[  469.331771][ T9795]  <TASK>
[  469.334682][ T9795]  dump_stack_lvl+0x241/0x360
[  469.339351][ T9795]  ? __pfx_dump_stack_lvl+0x10/0x10
[  469.344532][ T9795]  ? __pfx__printk+0x10/0x10
[  469.349645][ T9795]  ? __kmalloc_noprof+0xb0/0x400
[  469.354852][ T9795]  ? __pfx___might_resched+0x10/0x10
[  469.360214][ T9795]  ? crypto_create_tfm_node+0x88/0x3d0
[  469.365675][ T9795]  should_fail_ex+0x3b0/0x4e0
[  469.370349][ T9795]  ? drbg_init_hash_kernel+0x116/0x220
[  469.375805][ T9795]  should_failslab+0xac/0x100
[  469.380474][ T9795]  ? drbg_init_hash_kernel+0x116/0x220
[  469.385925][ T9795]  __kmalloc_noprof+0xd8/0x400
[  469.390696][ T9795]  drbg_init_hash_kernel+0x116/0x220
[  469.395972][ T9795]  drbg_kcapi_seed+0x832/0xfb0
[  469.400819][ T9795]  ? __pfx___might_resched+0x10/0x10
[  469.406095][ T9795]  ? __pfx_drbg_kcapi_seed+0x10/0x10
[  469.411372][ T9795]  ? __might_fault+0xaa/0x120
[  469.416035][ T9795]  crypto_rng_reset+0x7b/0x110
[  469.420794][ T9795]  ? __pfx_rng_setkey+0x10/0x10
[  469.425632][ T9795]  alg_setkey+0x170/0x1b0
[  469.429951][ T9795]  alg_setsockopt+0x383/0x450
[  469.434617][ T9795]  ? __pfx_alg_setsockopt+0x10/0x10
[  469.439799][ T9795]  do_sock_setsockopt+0x3af/0x720
[  469.444828][ T9795]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  469.450361][ T9795]  ? __fget_files+0x29/0x470
[  469.454939][ T9795]  ? __fget_files+0x3f6/0x470
[  469.459606][ T9795]  __sys_setsockopt+0x1ae/0x250
[  469.464448][ T9795]  __x64_sys_setsockopt+0xb5/0xd0
[  469.469465][ T9795]  do_syscall_64+0xf3/0x230
[  469.473960][ T9795]  ? clear_bhb_loop+0x35/0x90
[  469.478626][ T9795]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  469.484514][ T9795] RIP: 0033:0x7fc377577299
[  469.488917][ T9795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  469.508511][ T9795] RSP: 002b:00007fc3782f1048 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  469.516910][ T9795] RAX: ffffffffffffffda RBX: 00007fc377705f80 RCX: 00007fc377577299
[  469.524882][ T9795] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003
[  469.532839][ T9795] RBP: 00007fc3782f10a0 R08: 0000000000000000 R09: 0000000000000000
[  469.540792][ T9795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  469.548747][ T9795] R13: 000000000000000b R14: 00007fc377705f80 R15: 00007ffc0865e0f8
[  469.556713][ T9795]  </TASK>
[  469.686221][ T9798] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1158'.
[  472.243521][ T9817] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1161'.
[  473.041642][ T9828] FAULT_INJECTION: forcing a failure.
[  473.041642][ T9828] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  473.137712][ T9828] CPU: 1 UID: 0 PID: 9828 Comm: syz.2.1167 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  473.148089][ T9828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  473.158155][ T9828] Call Trace:
[  473.161440][ T9828]  <TASK>
[  473.164376][ T9828]  dump_stack_lvl+0x241/0x360
[  473.169069][ T9828]  ? __pfx_dump_stack_lvl+0x10/0x10
[  473.174279][ T9828]  ? __pfx__printk+0x10/0x10
[  473.178885][ T9828]  ? snprintf+0xda/0x120
[  473.183146][ T9828]  should_fail_ex+0x3b0/0x4e0
[  473.187842][ T9828]  _copy_to_user+0x2f/0xb0
[  473.192275][ T9828]  simple_read_from_buffer+0xca/0x150
[  473.197668][ T9828]  proc_fail_nth_read+0x1e9/0x250
[  473.202710][ T9828]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  473.208272][ T9828]  ? rw_verify_area+0x520/0x6b0
[  473.213132][ T9828]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  473.218695][ T9828]  vfs_read+0x204/0xbc0
[  473.222860][ T9828]  ? __pfx_lock_release+0x10/0x10
[  473.227905][ T9828]  ? __pfx_vfs_read+0x10/0x10
[  473.232589][ T9828]  ? __fget_files+0x29/0x470
[  473.237185][ T9828]  ? __fget_files+0x3f6/0x470
[  473.241878][ T9828]  ksys_read+0x1a0/0x2c0
[  473.246142][ T9828]  ? __pfx_ksys_read+0x10/0x10
[  473.250910][ T9828]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  473.257252][ T9828]  ? do_syscall_64+0xb6/0x230
[  473.261941][ T9828]  do_syscall_64+0xf3/0x230
[  473.266452][ T9828]  ? clear_bhb_loop+0x35/0x90
[  473.271146][ T9828]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  473.277049][ T9828] RIP: 0033:0x7fc434f75d7c
[  473.281473][ T9828] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  473.301097][ T9828] RSP: 002b:00007fc435cfa040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  473.309523][ T9828] RAX: ffffffffffffffda RBX: 00007fc435105f80 RCX: 00007fc434f75d7c
[  473.317498][ T9828] RDX: 000000000000000f RSI: 00007fc435cfa0b0 RDI: 0000000000000004
[  473.325481][ T9828] RBP: 00007fc435cfa0a0 R08: 0000000000000000 R09: 0000000000000000
[  473.333449][ T9828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  473.341410][ T9828] R13: 000000000000000b R14: 00007fc435105f80 R15: 00007ffddb0a8348
[  473.349381][ T9828]  </TASK>
[  473.426264][ T9835] tmpfs: Bad value for 'mpol'
[  473.769638][ T9840] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1170'.
[  474.702395][ T9847] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1168'.
[  474.748350][ T9849] Bluetooth: MGMT ver 1.23
[  474.865898][ T9842] [U] 00000000000000000000
[  481.292523][ T9874] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1181'.
[  481.634282][ T9878] FAULT_INJECTION: forcing a failure.
[  481.634282][ T9878] name failslab, interval 1, probability 0, space 0, times 0
[  481.649665][ T9878] CPU: 0 UID: 0 PID: 9878 Comm: syz.2.1182 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  481.660023][ T9878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  481.670087][ T9878] Call Trace:
[  481.673377][ T9878]  <TASK>
[  481.676309][ T9878]  dump_stack_lvl+0x241/0x360
[  481.681005][ T9878]  ? __pfx_dump_stack_lvl+0x10/0x10
[  481.686217][ T9878]  ? __pfx__printk+0x10/0x10
[  481.690909][ T9878]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  481.696385][ T9878]  ? __pfx___might_resched+0x10/0x10
[  481.701684][ T9878]  should_fail_ex+0x3b0/0x4e0
[  481.706384][ T9878]  should_failslab+0xac/0x100
[  481.711072][ T9878]  ? __io_uring_add_tctx_node+0x14a/0x540
[  481.716808][ T9878]  __kmalloc_cache_noprof+0x6c/0x2c0
[  481.722107][ T9878]  __io_uring_add_tctx_node+0x14a/0x540
[  481.727652][ T9878]  ? __pfx___io_uring_add_tctx_node+0x10/0x10
[  481.733709][ T9878]  ? __fget_files+0x29/0x470
[  481.738286][ T9878]  ? __fget_files+0x3f6/0x470
[  481.742951][ T9878]  ? __fget_files+0x29/0x470
[  481.747528][ T9878]  __io_uring_add_tctx_node_from_submit+0x93/0x130
[  481.754023][ T9878]  __se_sys_io_uring_enter+0x20c9/0x2670
[  481.759651][ T9878]  ? vfs_write+0x7c4/0xc90
[  481.764068][ T9878]  ? __pfx_vfs_write+0x10/0x10
[  481.768823][ T9878]  ? __pfx___se_sys_io_uring_enter+0x10/0x10
[  481.774786][ T9878]  ? __fget_files+0x3f6/0x470
[  481.779460][ T9878]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  481.785434][ T9878]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  481.791752][ T9878]  ? do_syscall_64+0x100/0x230
[  481.796503][ T9878]  ? __x64_sys_io_uring_enter+0x21/0xf0
[  481.802040][ T9878]  do_syscall_64+0xf3/0x230
[  481.806536][ T9878]  ? clear_bhb_loop+0x35/0x90
[  481.811210][ T9878]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  481.817093][ T9878] RIP: 0033:0x7fc434f77299
[  481.821500][ T9878] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  481.841095][ T9878] RSP: 002b:00007fc435cfa048 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa
[  481.849518][ T9878] RAX: ffffffffffffffda RBX: 00007fc435105f80 RCX: 00007fc434f77299
[  481.857487][ T9878] RDX: 0000000000000000 RSI: 0000000000000b15 RDI: 0000000000000004
[  481.865452][ T9878] RBP: 00007fc435cfa0a0 R08: 0000000000000000 R09: 0000000000000000
[  481.873416][ T9878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  481.881376][ T9878] R13: 000000000000000b R14: 00007fc435105f80 R15: 00007ffddb0a8348
[  481.889349][ T9878]  </TASK>
[  482.531126][ T9889] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1184'.
[  483.470460][ T9892] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1185'.
[  485.450349][   T55] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  485.459905][   T55] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  485.467928][   T55] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  485.477874][   T55] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  485.489738][   T55] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[  485.901465][   T55] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  486.695401][ T9908] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1191'.
[  487.936826][ T9909] chnl_net:caif_netlink_parms(): no params data found
[  487.958022][ T5227] Bluetooth: hci5: command tx timeout
[  488.696915][ T9944] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1198'.
[  489.184321][ T9933] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1196'.
[  489.227991][ T9909] bridge0: port 1(bridge_slave_0) entered blocking state
[  489.239550][ T9909] bridge0: port 1(bridge_slave_0) entered disabled state
[  489.249061][ T9909] bridge_slave_0: entered allmulticast mode
[  489.258532][ T9909] bridge_slave_0: entered promiscuous mode
[  489.287084][ T9909] bridge0: port 2(bridge_slave_1) entered blocking state
[  489.333966][ T9909] bridge0: port 2(bridge_slave_1) entered disabled state
[  489.359759][ T9909] bridge_slave_1: entered allmulticast mode
[  489.377310][ T9909] bridge_slave_1: entered promiscuous mode
[  490.015361][    T9] usb 4-1: new high-speed USB device number 46 using dummy_hcd
[  490.023685][ T9909] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  490.043001][ T5227] Bluetooth: hci5: command tx timeout
[  490.057070][ T9909] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  490.144641][ T9909] team0: Port device team_slave_0 added
[  490.156247][ T9909] team0: Port device team_slave_1 added
[  490.202131][ T9909] batman_adv: batadv0: Adding interface: batadv_slave_0
[  490.209224][ T9909] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  490.225436][    T9] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  490.246753][ T9909] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  490.273349][ T9909] batman_adv: batadv0: Adding interface: batadv_slave_1
[  490.280301][ T9909] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  490.280700][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  490.312627][ T9909] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  490.335025][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  490.347456][    T9] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  490.385658][    T9] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  490.394926][    T9] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  490.409057][    T9] usb 4-1: Product: syz
[  490.413317][    T9] usb 4-1: Manufacturer: syz
[  490.501115][    T9] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22
[  490.547075][ T9909] hsr_slave_0: entered promiscuous mode
[  490.556634][ T9909] hsr_slave_1: entered promiscuous mode
[  490.816952][ T9909] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  490.826298][ T9909] Cannot create hsr debugfs directory
[  492.087363][ T5272] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  492.163089][ T5227] Bluetooth: hci5: command tx timeout
[  492.403388][ T5272] usb 2-1: Using ep0 maxpacket: 16
[  492.412913][ T5272] usb 2-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  492.438148][ T5272] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  492.457084][ T5272] usb 2-1: Product: syz
[  492.462384][ T5272] usb 2-1: Manufacturer: syz
[  492.474318][ T5272] usb 2-1: SerialNumber: syz
[  492.494670][ T5272] usb 2-1: config 0 descriptor??
[  492.521687][ T5272] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  492.532149][ T5272] dvb-usb: bulk message failed: -22 (2/0)
[  492.538135][ T5272] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  492.693837][ T9909] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  492.794492][ T9981] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1209'.
[  492.885391][ T5272] usb 2-1: USB disconnect, device number 51
[  493.136031][ T9909] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  493.214708][ T9909] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  493.310207][ T9909] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  493.460612][ T9986] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1210'.
[  494.205282][ T5227] Bluetooth: hci5: command tx timeout
[  494.230009][    T9] usb 4-1: USB disconnect, device number 46
[  494.253938][    C1] eth0: bad gso: type: 1, size: 1408
[  494.261642][    C1] eth0: bad gso: type: 1, size: 1408
[  494.377578][ T9909] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  494.398247][ T9909] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  494.415032][ T9909] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  494.439862][ T9909] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  494.782241][ T9909] 8021q: adding VLAN 0 to HW filter on device bond0
[  494.805250][ T9909] 8021q: adding VLAN 0 to HW filter on device team0
[  494.829645][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  494.837007][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  494.872206][   T59] bridge0: port 2(bridge_slave_1) entered blocking state
[  494.879452][   T59] bridge0: port 2(bridge_slave_1) entered forwarding state
[  495.936965][T10016] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1219'.
[  496.380709][ T9909] 8021q: adding VLAN 0 to HW filter on device batadv0
[  496.621975][T10025] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1222'.
[  496.809829][  T941] usb 1-1: new high-speed USB device number 59 using dummy_hcd
[  497.203617][T10017] netlink: 'syz.1.1220': attribute type 1 has an invalid length.
[  497.442997][  T941] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  497.451654][  T941] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  497.528127][  T941] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  497.662183][   T59] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  497.662910][  T941] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  497.760304][  T941] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  497.778116][  T941] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  497.786927][T10033] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1223'.
[  497.787052][  T941] usb 1-1: Product: syz
[  497.840933][  T941] usb 1-1: Manufacturer: syz
[  498.100515][   T59] usb 2-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  498.175692][  T941] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22
[  498.178522][   T59] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  498.248829][   T59] usb 2-1: config 0 descriptor??
[  498.456258][T10043] FAULT_INJECTION: forcing a failure.
[  498.456258][T10043] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  498.474205][ T9909] veth0_vlan: entered promiscuous mode
[  498.475953][T10043] CPU: 0 UID: 0 PID: 10043 Comm: syz.2.1225 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  498.487946][ T9909] veth1_vlan: entered promiscuous mode
[  498.490053][T10043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  498.490068][T10043] Call Trace:
[  498.490077][T10043]  <TASK>
[  498.490085][T10043]  dump_stack_lvl+0x241/0x360
[  498.490117][T10043]  ? __pfx_dump_stack_lvl+0x10/0x10
[  498.521684][T10043]  ? __pfx__printk+0x10/0x10
[  498.525658][ T9909] veth0_macvtap: entered promiscuous mode
[  498.526279][T10043]  ? snprintf+0xda/0x120
[  498.526312][T10043]  should_fail_ex+0x3b0/0x4e0
[  498.526343][T10043]  _copy_to_user+0x2f/0xb0
[  498.540001][ T9909] veth1_macvtap: entered promiscuous mode
[  498.541008][T10043]  simple_read_from_buffer+0xca/0x150
[  498.541046][T10043]  proc_fail_nth_read+0x1e9/0x250
[  498.560167][ T9909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  498.561506][T10043]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  498.561542][T10043]  ? rw_verify_area+0x520/0x6b0
[  498.572154][ T9909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  498.577441][T10043]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  498.577472][T10043]  vfs_read+0x204/0xbc0
[  498.577491][T10043]  ? __pfx_lock_release+0x10/0x10
[  498.585388][ T9909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  498.592079][T10043]  ? __pfx_sock_common_getsockopt+0x10/0x10
[  498.592112][T10043]  ? __pfx_vfs_read+0x10/0x10
[  498.592139][T10043]  ? __fget_files+0x29/0x470
[  498.597863][ T9909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  498.601793][T10043]  ? __fget_files+0x3f6/0x470
[  498.601829][T10043]  ksys_read+0x1a0/0x2c0
[  498.601854][T10043]  ? __pfx_ksys_read+0x10/0x10
[  498.606912][ T9909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  498.617400][T10043]  ? do_syscall_64+0x100/0x230
[  498.617427][T10043]  ? do_syscall_64+0xb6/0x230
[  498.617451][T10043]  do_syscall_64+0xf3/0x230
[  498.617473][T10043]  ? clear_bhb_loop+0x35/0x90
[  498.617499][T10043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  498.617519][T10043] RIP: 0033:0x7fc434f75d7c
[  498.617537][T10043] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  498.617553][T10043] RSP: 002b:00007fc435cfa040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  498.617575][T10043] RAX: ffffffffffffffda RBX: 00007fc435105f80 RCX: 00007fc434f75d7c
[  498.617589][T10043] RDX: 000000000000000f RSI: 00007fc435cfa0b0 RDI: 0000000000000004
[  498.617602][T10043] RBP: 00007fc435cfa0a0 R08: 0000000000000000 R09: 0000000000000000
[  498.617614][T10043] R10: 0000000020000000 R11: 0000000000000246 R12: 0000000000000001
[  498.617627][T10043] R13: 000000000000000b R14: 00007fc435105f80 R15: 00007ffddb0a8348
[  498.617657][T10043]  </TASK>
[  498.796081][ T9909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  498.816504][ T9909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  498.836118][ T9909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  498.846659][   T59] pegasus 2-1:0.0: probe with driver pegasus failed with error -71
[  498.846884][ T9909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  498.885722][ T9909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  498.890202][   T59] usb 2-1: USB disconnect, device number 52
[  498.921290][ T9909] batman_adv: batadv0: Interface activated: batadv_slave_0
[  498.944756][ T9909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  498.970113][ T9909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  498.989953][ T9909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  499.007373][ T9909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  499.017937][ T9909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  499.028944][ T9909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  499.038817][ T9909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  499.050692][ T9909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  499.062232][ T9909] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  499.073162][ T9909] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  499.094242][ T9909] batman_adv: batadv0: Interface activated: batadv_slave_1
[  499.125720][ T9909] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  499.176274][ T9909] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  499.189253][ T9909] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  499.209946][ T9909] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  499.246904][T10049] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1227'.
[  499.341030][ T7612] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  499.351309][ T7612] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  499.408979][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  499.437803][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  500.099989][    C1] eth0: bad gso: type: 1, size: 1408
[  500.124255][   T59] usb 1-1: USB disconnect, device number 59
[  501.097209][T10069] FAULT_INJECTION: forcing a failure.
[  501.097209][T10069] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  501.149662][T10069] CPU: 1 UID: 0 PID: 10069 Comm: syz.0.1231 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  501.160114][T10069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  501.170182][T10069] Call Trace:
[  501.173478][T10069]  <TASK>
[  501.176419][T10069]  dump_stack_lvl+0x241/0x360
[  501.181118][T10069]  ? __pfx_dump_stack_lvl+0x10/0x10
[  501.186334][T10069]  ? __pfx__printk+0x10/0x10
[  501.190946][T10069]  ? snprintf+0xda/0x120
[  501.195208][T10069]  should_fail_ex+0x3b0/0x4e0
[  501.199909][T10069]  _copy_to_user+0x2f/0xb0
[  501.204340][T10069]  simple_read_from_buffer+0xca/0x150
[  501.209713][T10069]  proc_fail_nth_read+0x1e9/0x250
[  501.214739][T10069]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  501.220278][T10069]  ? rw_verify_area+0x520/0x6b0
[  501.225117][T10069]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  501.230654][T10069]  vfs_read+0x204/0xbc0
[  501.234803][T10069]  ? __pfx_lock_release+0x10/0x10
[  501.239821][T10069]  ? do_sock_setsockopt+0x3e2/0x720
[  501.245014][T10069]  ? __pfx_vfs_read+0x10/0x10
[  501.249679][T10069]  ? __fget_files+0x29/0x470
[  501.254263][T10069]  ? __fget_files+0x3f6/0x470
[  501.258941][T10069]  ksys_read+0x1a0/0x2c0
[  501.263180][T10069]  ? __pfx_ksys_read+0x10/0x10
[  501.267933][T10069]  ? do_syscall_64+0x100/0x230
[  501.272698][T10069]  ? do_syscall_64+0xb6/0x230
[  501.277368][T10069]  do_syscall_64+0xf3/0x230
[  501.281860][T10069]  ? clear_bhb_loop+0x35/0x90
[  501.286543][T10069]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  501.292425][T10069] RIP: 0033:0x7fa40cd75d7c
[  501.296829][T10069] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  501.316423][T10069] RSP: 002b:00007fa40c7de040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  501.324827][T10069] RAX: ffffffffffffffda RBX: 00007fa40cf06058 RCX: 00007fa40cd75d7c
[  501.332787][T10069] RDX: 000000000000000f RSI: 00007fa40c7de0b0 RDI: 0000000000000004
[  501.340753][T10069] RBP: 00007fa40c7de0a0 R08: 0000000000000000 R09: 0000000000000000
[  501.348718][T10069] R10: 0000000020000940 R11: 0000000000000246 R12: 0000000000000001
[  501.356680][T10069] R13: 000000000000006e R14: 00007fa40cf06058 R15: 00007ffddacaaa08
[  501.364664][T10069]  </TASK>
[  501.367741][    C1] vkms_vblank_simulate: vblank timer overrun
[  501.575145][T10073] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1233'.
[  502.224095][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  502.230511][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  503.404837][    T9] usb 5-1: new high-speed USB device number 47 using dummy_hcd
[  503.583987][T10101] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1242'.
[  504.838871][    T9] usb 5-1: Using ep0 maxpacket: 16
[  504.885026][    T9] usb 5-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  504.906277][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  504.914293][    T9] usb 5-1: Product: syz
[  505.084106][    T9] usb 5-1: Manufacturer: syz
[  505.089192][    T9] usb 5-1: SerialNumber: syz
[  505.168821][    T9] usb 5-1: config 0 descriptor??
[  505.270659][    T9] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  505.280898][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  505.286934][    T9] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  506.033633][T10113] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1247'.
[  506.371552][ T5272] usb 5-1: USB disconnect, device number 47
[  506.451876][T10123] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1248'.
[  507.078156][    C1] eth0: bad gso: type: 1, size: 1408
[  507.096345][    C1] eth0: bad gso: type: 1, size: 1408
[  507.432384][T10135] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1252'.
[  507.647035][T10141] FAULT_INJECTION: forcing a failure.
[  507.647035][T10141] name failslab, interval 1, probability 0, space 0, times 0
[  507.668847][T10141] CPU: 1 UID: 0 PID: 10141 Comm: syz.0.1253 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  507.679382][T10141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  507.689451][T10141] Call Trace:
[  507.692745][T10141]  <TASK>
[  507.695777][T10141]  dump_stack_lvl+0x241/0x360
[  507.700480][T10141]  ? __pfx_dump_stack_lvl+0x10/0x10
[  507.705699][T10141]  ? __pfx__printk+0x10/0x10
[  507.710312][T10141]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  507.716310][T10141]  ? __pfx___might_resched+0x10/0x10
[  507.721591][T10141]  should_fail_ex+0x3b0/0x4e0
[  507.726261][T10141]  should_failslab+0xac/0x100
[  507.730940][T10141]  ? __alloc_skb+0x1c3/0x440
[  507.735537][T10141]  kmem_cache_alloc_node_noprof+0x71/0x320
[  507.741348][T10141]  __alloc_skb+0x1c3/0x440
[  507.745760][T10141]  ? __pfx___alloc_skb+0x10/0x10
[  507.750691][T10141]  ? netlink_autobind+0xd6/0x2f0
[  507.755624][T10141]  ? netlink_autobind+0x2b0/0x2f0
[  507.760645][T10141]  netlink_sendmsg+0x638/0xcb0
[  507.765411][T10141]  ? __pfx_netlink_sendmsg+0x10/0x10
[  507.770688][T10141]  ? __import_iovec+0x536/0x820
[  507.775531][T10141]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  507.780809][T10141]  ? security_socket_sendmsg+0x87/0xb0
[  507.786263][T10141]  ? __pfx_netlink_sendmsg+0x10/0x10
[  507.791539][T10141]  __sock_sendmsg+0x221/0x270
[  507.796211][T10141]  ____sys_sendmsg+0x525/0x7d0
[  507.800978][T10141]  ? __pfx_____sys_sendmsg+0x10/0x10
[  507.806270][T10141]  __sys_sendmsg+0x2b0/0x3a0
[  507.810858][T10141]  ? __pfx___sys_sendmsg+0x10/0x10
[  507.815960][T10141]  ? vfs_write+0x7c4/0xc90
[  507.820394][T10141]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  507.826731][T10141]  ? do_syscall_64+0x100/0x230
[  507.831499][T10141]  ? do_syscall_64+0xb6/0x230
[  507.836171][T10141]  do_syscall_64+0xf3/0x230
[  507.840678][T10141]  ? clear_bhb_loop+0x35/0x90
[  507.845355][T10141]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  507.851328][T10141] RIP: 0033:0x7fa40cd77299
[  507.855734][T10141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  507.875334][T10141] RSP: 002b:00007fa40c7ff048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  507.883763][T10141] RAX: ffffffffffffffda RBX: 00007fa40cf05f80 RCX: 00007fa40cd77299
[  507.891728][T10141] RDX: 0000000000000000 RSI: 0000000020004340 RDI: 0000000000000003
[  507.899707][T10141] RBP: 00007fa40c7ff0a0 R08: 0000000000000000 R09: 0000000000000000
[  507.907670][T10141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  507.915630][T10141] R13: 000000000000000b R14: 00007fa40cf05f80 R15: 00007ffddacaaa08
[  507.923607][T10141]  </TASK>
[  507.926766][    C1] vkms_vblank_simulate: vblank timer overrun
[  508.497351][T10151] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1256'.
[  510.332269][T10165] FAULT_INJECTION: forcing a failure.
[  510.332269][T10165] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  510.381540][T10165] CPU: 1 UID: 0 PID: 10165 Comm: syz.4.1260 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  510.391989][T10165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  510.402062][T10165] Call Trace:
[  510.405359][T10165]  <TASK>
[  510.408295][T10165]  dump_stack_lvl+0x241/0x360
[  510.412999][T10165]  ? __pfx_dump_stack_lvl+0x10/0x10
[  510.418218][T10165]  ? __pfx__printk+0x10/0x10
[  510.422830][T10165]  ? __pfx_lock_release+0x10/0x10
[  510.427861][T10165]  ? vfs_write+0x7c4/0xc90
[  510.432278][T10165]  should_fail_ex+0x3b0/0x4e0
[  510.436974][T10165]  _copy_from_user+0x2f/0xe0
[  510.441577][T10165]  __sys_bpf+0x1a4/0x810
[  510.445834][T10165]  ? __pfx___sys_bpf+0x10/0x10
[  510.450616][T10165]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  510.456621][T10165]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  510.462968][T10165]  ? do_syscall_64+0x100/0x230
[  510.467758][T10165]  __x64_sys_bpf+0x7c/0x90
[  510.472191][T10165]  do_syscall_64+0xf3/0x230
[  510.476710][T10165]  ? clear_bhb_loop+0x35/0x90
[  510.481410][T10165]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  510.487327][T10165] RIP: 0033:0x7fa998377299
[  510.491756][T10165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  510.511377][T10165] RSP: 002b:00007fa999064048 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  510.519812][T10165] RAX: ffffffffffffffda RBX: 00007fa998505f80 RCX: 00007fa998377299
[  510.527796][T10165] RDX: 0000000000000090 RSI: 0000000020000400 RDI: 0000000000000005
[  510.535777][T10165] RBP: 00007fa9990640a0 R08: 0000000000000000 R09: 0000000000000000
[  510.543759][T10165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  510.551740][T10165] R13: 000000000000000b R14: 00007fa998505f80 R15: 00007ffe9eb902b8
[  510.559748][T10165]  </TASK>
[  510.562856][    C1] vkms_vblank_simulate: vblank timer overrun
[  510.653154][T10168] netlink: 'syz.2.1261': attribute type 1 has an invalid length.
[  510.989478][   T47] usb 4-1: new high-speed USB device number 47 using dummy_hcd
[  511.088255][ T5272] usb 3-1: new high-speed USB device number 59 using dummy_hcd
[  511.155729][T10178] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1264'.
[  511.832585][   T47] usb 4-1: Using ep0 maxpacket: 16
[  511.842014][   T47] usb 4-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  511.860990][   T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  511.871852][   T47] usb 4-1: Product: syz
[  511.881976][   T47] usb 4-1: Manufacturer: syz
[  511.896198][   T47] usb 4-1: SerialNumber: syz
[  511.904328][ T5272] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[  511.914150][ T5272] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  511.930624][   T47] usb 4-1: config 0 descriptor??
[  511.939863][   T47] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  511.959657][ T5272] usb 3-1: config 0 descriptor??
[  511.965960][   T47] dvb-usb: bulk message failed: -22 (2/0)
[  511.971726][   T47] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  512.753394][   T47] usb 4-1: USB disconnect, device number 47
[  512.777956][ T5272] pegasus 3-1:0.0: probe with driver pegasus failed with error -71
[  512.923833][T10188] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1267'.
[  513.096755][ T5272] usb 3-1: USB disconnect, device number 59
[  513.385418][    C1] eth0: bad gso: type: 1, size: 1408
[  513.534364][ T5262] usb 2-1: new high-speed USB device number 53 using dummy_hcd
[  513.963168][T10217] FAULT_INJECTION: forcing a failure.
[  513.963168][T10217] name failslab, interval 1, probability 0, space 0, times 0
[  513.976192][T10217] CPU: 1 UID: 0 PID: 10217 Comm: syz.2.1275 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  513.986621][T10217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  513.996664][T10217] Call Trace:
[  513.999933][T10217]  <TASK>
[  514.002849][T10217]  dump_stack_lvl+0x241/0x360
[  514.007515][T10217]  ? __pfx_dump_stack_lvl+0x10/0x10
[  514.012699][T10217]  ? __pfx__printk+0x10/0x10
[  514.017280][T10217]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  514.023257][T10217]  ? __pfx___might_resched+0x10/0x10
[  514.028537][T10217]  should_fail_ex+0x3b0/0x4e0
[  514.033213][T10217]  should_failslab+0xac/0x100
[  514.037880][T10217]  ? __alloc_skb+0x1c3/0x440
[  514.042461][T10217]  kmem_cache_alloc_node_noprof+0x71/0x320
[  514.048350][T10217]  __alloc_skb+0x1c3/0x440
[  514.052765][T10217]  ? safesetid_security_capable+0xb2/0x1d0
[  514.058565][T10217]  ? __pfx___alloc_skb+0x10/0x10
[  514.063503][T10217]  ? ns_capable+0x8a/0xf0
[  514.067832][T10217]  netlink_sendmsg+0x638/0xcb0
[  514.072597][T10217]  ? __pfx_netlink_sendmsg+0x10/0x10
[  514.077876][T10217]  ? __import_iovec+0x536/0x820
[  514.082719][T10217]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  514.087994][T10217]  ? security_socket_sendmsg+0x87/0xb0
[  514.093439][T10217]  ? __pfx_netlink_sendmsg+0x10/0x10
[  514.098903][T10217]  __sock_sendmsg+0x221/0x270
[  514.103598][T10217]  ____sys_sendmsg+0x525/0x7d0
[  514.108368][T10217]  ? __pfx_____sys_sendmsg+0x10/0x10
[  514.113665][T10217]  __sys_sendmsg+0x2b0/0x3a0
[  514.118257][T10217]  ? __pfx___sys_sendmsg+0x10/0x10
[  514.123363][T10217]  ? vfs_write+0x7c4/0xc90
[  514.127799][T10217]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  514.134122][T10217]  ? do_syscall_64+0x100/0x230
[  514.138881][T10217]  ? do_syscall_64+0xb6/0x230
[  514.143550][T10217]  do_syscall_64+0xf3/0x230
[  514.148054][T10217]  ? clear_bhb_loop+0x35/0x90
[  514.152739][T10217]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  514.158631][T10217] RIP: 0033:0x7fc434f77299
[  514.163050][T10217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  514.182647][T10217] RSP: 002b:00007fc435cfa048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  514.191052][T10217] RAX: ffffffffffffffda RBX: 00007fc435105f80 RCX: 00007fc434f77299
[  514.199015][T10217] RDX: 0000000000004000 RSI: 00000000200002c0 RDI: 0000000000000005
[  514.206981][T10217] RBP: 00007fc435cfa0a0 R08: 0000000000000000 R09: 0000000000000000
[  514.214939][T10217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  514.223091][T10217] R13: 000000000000000b R14: 00007fc435105f80 R15: 00007ffddb0a8348
[  514.231062][T10217]  </TASK>
[  514.234180][    C1] vkms_vblank_simulate: vblank timer overrun
[  514.358342][ T5262] usb 2-1: Using ep0 maxpacket: 16
[  514.435072][ T5262] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  514.524906][ T5262] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  514.565072][ T5262] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00
[  514.695048][T10223] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1276'.
[  515.379353][ T5262] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  515.762222][ T5262] usb 2-1: config 0 descriptor??
[  516.212310][T10232] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1279'.
[  516.785375][T10233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  516.827921][T10233] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  517.111759][T10242] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1281'.
[  517.847939][ T5262] usbhid 2-1:0.0: can't add hid device: -71
[  517.856260][ T7612] bridge_slave_1: left allmulticast mode
[  517.873708][ T5262] usbhid 2-1:0.0: probe with driver usbhid failed with error -71
[  517.881848][ T7612] bridge_slave_1: left promiscuous mode
[  517.892125][ T7612] bridge0: port 2(bridge_slave_1) entered disabled state
[  517.901094][ T5262] usb 2-1: USB disconnect, device number 53
[  518.164435][ T7612] bridge_slave_0: left allmulticast mode
[  518.174693][ T7612] bridge_slave_0: left promiscuous mode
[  518.184888][ T7612] bridge0: port 1(bridge_slave_0) entered disabled state
[  519.765248][  T941] usb 1-1: new high-speed USB device number 60 using dummy_hcd
[  519.959832][  T941] usb 1-1: Using ep0 maxpacket: 16
[  519.976322][T10262] netlink: 3068 bytes leftover after parsing attributes in process `syz.3.1287'.
[  520.000369][  T941] usb 1-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  520.018464][  T941] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  520.044119][  T941] usb 1-1: Product: syz
[  520.058545][  T941] usb 1-1: Manufacturer: syz
[  520.067571][  T941] usb 1-1: SerialNumber: syz
[  520.079363][T10262] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.1287'.
[  520.110186][  T941] usb 1-1: config 0 descriptor??
[  520.127276][  T941] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  520.175464][  T941] dvb-usb: bulk message failed: -22 (2/0)
[  520.187383][  T941] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  520.348401][  T941] usb 1-1: USB disconnect, device number 60
[  521.159922][ T7612] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  521.177668][ T7612] bond_slave_0: left promiscuous mode
[  521.188187][ T7612] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  521.569955][ T7612] bond_slave_1: left promiscuous mode
[  521.577078][ T7612] bond0 (unregistering): Released all slaves
[  521.796811][ T7612] tipc: Left network mode
[  522.082970][ T5227] Bluetooth: hci5: Unknown advertising packet type: 0x7f
[  522.092599][T10288] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1293'.
[  522.222704][ T7612] hsr_slave_0: left promiscuous mode
[  522.228705][ T7612] hsr_slave_1: left promiscuous mode
[  522.235221][ T7612] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  522.243902][ T7612] batman_adv: batadv0: Removing interface: batadv_slave_0
[  522.255066][ T7612] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  522.265368][ T7612] batman_adv: batadv0: Removing interface: batadv_slave_1
[  522.286625][ T7612] veth1_macvtap: left promiscuous mode
[  522.292799][ T7612] veth0_macvtap: left promiscuous mode
[  522.298435][ T7612] veth1_vlan: left promiscuous mode
[  522.303979][ T7612] veth0_vlan: left promiscuous mode
[  522.891850][T10297] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1295'.
[  524.160146][ T7612] team0 (unregistering): Port device team_slave_1 removed
[  524.302711][ T7612] team0 (unregistering): Port device team_slave_0 removed
[  525.244802][   T55] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  525.267799][   T55] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  525.287738][   T55] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  525.298599][   T55] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  525.307393][   T55] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  525.317815][   T55] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  525.642383][T10299] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1296'.
[  527.149542][T10310] chnl_net:caif_netlink_parms(): no params data found
[  527.386124][ T5227] Bluetooth: hci4: command tx timeout
[  527.409560][ T5265] usb 4-1: new high-speed USB device number 48 using dummy_hcd
[  527.604920][ T5265] usb 4-1: Using ep0 maxpacket: 16
[  527.708733][ T5265] usb 4-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  527.795077][ T5265] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  527.833620][ T5265] usb 4-1: Product: syz
[  527.865055][ T5265] usb 4-1: Manufacturer: syz
[  527.880517][ T5265] usb 4-1: SerialNumber: syz
[  527.913684][T10310] bridge0: port 1(bridge_slave_0) entered blocking state
[  527.923424][T10310] bridge0: port 1(bridge_slave_0) entered disabled state
[  527.941294][ T5265] usb 4-1: config 0 descriptor??
[  527.958716][ T5265] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  527.968477][ T5265] dvb-usb: bulk message failed: -22 (2/0)
[  527.974244][ T5265] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  527.975280][T10310] bridge_slave_0: entered allmulticast mode
[  528.031027][T10310] bridge_slave_0: entered promiscuous mode
[  528.044724][T10310] bridge0: port 2(bridge_slave_1) entered blocking state
[  528.057470][T10310] bridge0: port 2(bridge_slave_1) entered disabled state
[  528.064829][T10310] bridge_slave_1: entered allmulticast mode
[  528.082637][T10310] bridge_slave_1: entered promiscuous mode
[  528.383745][ T5265] usb 4-1: USB disconnect, device number 48
[  528.404708][T10310] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  528.833561][T10310] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  529.112434][T10310] team0: Port device team_slave_0 added
[  529.159248][T10310] team0: Port device team_slave_1 added
[  529.289603][T10310] batman_adv: batadv0: Adding interface: batadv_slave_0
[  529.307175][T10310] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  529.466287][ T5227] Bluetooth: hci4: command tx timeout
[  529.496167][ T5265] usb 1-1: new high-speed USB device number 61 using dummy_hcd
[  529.506277][T10310] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  529.882284][T10310] batman_adv: batadv0: Adding interface: batadv_slave_1
[  529.894397][T10310] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  529.922230][T10310] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  529.982384][ T5265] usb 1-1: Using ep0 maxpacket: 8
[  530.008676][ T5265] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  530.050408][ T5265] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  530.075054][ T5265] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  530.107653][T10310] hsr_slave_0: entered promiscuous mode
[  530.115473][ T5265] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  530.130551][ T5265] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  530.130727][T10310] hsr_slave_1: entered promiscuous mode
[  530.139823][ T5265] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  530.467845][T10310] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  530.608834][T10310] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  530.731407][T10310] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  530.843311][T10310] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  531.165535][T10310] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  531.175419][T10310] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  531.203159][T10310] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  531.258324][T10310] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  531.301894][T10407] FAULT_INJECTION: forcing a failure.
[  531.301894][T10407] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  531.360418][T10407] CPU: 0 UID: 0 PID: 10407 Comm: syz.4.1324 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  531.370948][T10407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  531.381014][T10407] Call Trace:
[  531.384293][T10407]  <TASK>
[  531.387230][T10407]  dump_stack_lvl+0x241/0x360
[  531.391906][T10407]  ? __pfx_dump_stack_lvl+0x10/0x10
[  531.397096][T10407]  ? __pfx__printk+0x10/0x10
[  531.401677][T10407]  ? tomoyo_path_number_perm+0x71a/0x880
[  531.407300][T10407]  ? __pfx_lock_release+0x10/0x10
[  531.412350][T10407]  should_fail_ex+0x3b0/0x4e0
[  531.417061][T10407]  _copy_from_user+0x2f/0xe0
[  531.421663][T10407]  copy_arg_from_user+0x59/0x90
[  531.426506][T10407]  media_device_ioctl+0x1c7/0x3c0
[  531.431608][T10407]  ? __pfx_media_device_ioctl+0x10/0x10
[  531.437160][T10407]  ? __pfx_media_device_ioctl+0x10/0x10
[  531.442695][T10407]  ? media_ioctl+0x100/0x120
[  531.447284][T10407]  ? __pfx_media_ioctl+0x10/0x10
[  531.452219][T10407]  __se_sys_ioctl+0xfc/0x170
[  531.456801][T10407]  do_syscall_64+0xf3/0x230
[  531.461314][T10407]  ? clear_bhb_loop+0x35/0x90
[  531.466005][T10407]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  531.471892][T10407] RIP: 0033:0x7fa998377299
[  531.476308][T10407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  531.495903][T10407] RSP: 002b:00007fa997dff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  531.504308][T10407] RAX: ffffffffffffffda RBX: 00007fa998506058 RCX: 00007fa998377299
[  531.512281][T10407] RDX: 0000000020000280 RSI: 00000000c0487c04 RDI: 0000000000000005
[  531.520258][T10407] RBP: 00007fa997dff0a0 R08: 0000000000000000 R09: 0000000000000000
[  531.528232][T10407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  531.536203][T10407] R13: 000000000000006e R14: 00007fa998506058 R15: 00007ffe9eb902b8
[  531.544198][T10407]  </TASK>
[  531.550015][ T5227] Bluetooth: hci4: command tx timeout
[  531.623019][T10310] 8021q: adding VLAN 0 to HW filter on device bond0
[  531.656165][T10310] 8021q: adding VLAN 0 to HW filter on device team0
[  531.686735][    T9] bridge0: port 1(bridge_slave_0) entered blocking state
[  531.693844][    T9] bridge0: port 1(bridge_slave_0) entered forwarding state
[  531.730439][    T9] bridge0: port 2(bridge_slave_1) entered blocking state
[  531.737562][    T9] bridge0: port 2(bridge_slave_1) entered forwarding state
[  532.066025][   T47] usb 1-1: USB disconnect, device number 61
[  532.119251][T10310] 8021q: adding VLAN 0 to HW filter on device batadv0
[  532.213001][T10310] veth0_vlan: entered promiscuous mode
[  532.233186][T10310] veth1_vlan: entered promiscuous mode
[  532.358584][T10310] veth0_macvtap: entered promiscuous mode
[  532.401621][ T5272] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  532.403473][T10310] veth1_macvtap: entered promiscuous mode
[  532.460853][T10310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  532.471485][T10310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  532.768437][ T5272] usb 2-1: Using ep0 maxpacket: 32
[  532.782284][ T5272] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  532.797827][T10310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  532.809037][T10310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  532.818972][ T5272] usb 2-1: New USB device found, idVendor=0458, idProduct=4018, bcdDevice= 0.00
[  532.832678][T10310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  532.844370][ T5272] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  532.860471][ T5272] usb 2-1: config 0 descriptor??
[  532.862582][T10310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  532.868752][ T5272] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  532.892790][T10310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  532.906546][T10310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  532.918488][T10310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  532.929759][T10310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  532.966989][T10310] batman_adv: batadv0: Interface activated: batadv_slave_0
[  533.001740][T10310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  533.014901][T10310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  533.046426][T10310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  533.067287][T10310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  533.091073][T10310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  533.106288][T10310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  533.117683][T10310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  533.134587][T10310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  533.146334][T10310] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  533.173546][T10310] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  533.178902][T10413] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  533.276932][T10310] batman_adv: batadv0: Interface activated: batadv_slave_1
[  533.298993][ T5265] usb 2-1: USB disconnect, device number 54
[  533.337474][T10310] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  533.360371][T10310] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  533.390713][T10310] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  533.408738][T10310] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  533.599263][ T5227] Bluetooth: hci4: command tx timeout
[  533.666285][   T63] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  533.699379][   T63] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  533.784957][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  533.803370][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  534.017382][ T5272] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  534.990698][ T5272] usb 5-1: Using ep0 maxpacket: 16
[  534.992423][   T29] audit: type=1800 audit(1722113611.648:217): pid=10454 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.2.1339" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0
[  535.000076][ T5272] usb 5-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  535.818764][ T5272] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  535.842719][ T5272] usb 5-1: Product: syz
[  535.848006][ T5272] usb 5-1: Manufacturer: syz
[  535.872997][ T5272] usb 5-1: SerialNumber: syz
[  535.897236][ T5272] usb 5-1: config 0 descriptor??
[  536.043233][ T5272] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  536.070773][   T47] usb 3-1: new high-speed USB device number 60 using dummy_hcd
[  536.099825][ T5272] dvb-usb: bulk message failed: -22 (2/0)
[  536.111529][ T5272] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  536.270526][   T47] usb 3-1: Using ep0 maxpacket: 32
[  536.280138][   T47] usb 3-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91
[  536.290870][   T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  536.292238][ T5265] usb 5-1: USB disconnect, device number 48
[  536.305540][   T47] usb 3-1: config 0 descriptor??
[  536.315951][   T47] gspca_main: sunplus-2.14.0 probing 0458:7006
[  536.522703][T10454] =======================================================
[  536.522703][T10454] WARNING: The mand mount option has been deprecated and
[  536.522703][T10454]          and is ignored by this kernel. Remove the mand
[  536.522703][T10454]          option from the mount to silence this warning.
[  536.522703][T10454] =======================================================
[  537.065707][T10480] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1345'.
[  537.690713][   T47] gspca_sunplus: reg_w_riv err -110
[  537.702538][T10482] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR
[  537.706388][T10454] futex_wake_op: syz.2.1339 tries to shift op by 32; fix this program
[  537.709068][   T47] sunplus 3-1:0.0: probe with driver sunplus failed with error -110
[  539.244532][   T29] audit: type=1326 audit(1722113615.605:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10496 comm="syz.3.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5181177299 code=0x7ffc0000
[  539.283782][   T29] audit: type=1326 audit(1722113615.615:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10496 comm="syz.3.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=240 compat=0 ip=0x7f5181177299 code=0x7ffc0000
[  539.308037][   T29] audit: type=1326 audit(1722113615.625:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10496 comm="syz.3.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5181177299 code=0x7ffc0000
[  539.373854][   T29] audit: type=1326 audit(1722113615.625:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10496 comm="syz.3.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=245 compat=0 ip=0x7f5181177299 code=0x7ffc0000
[  539.409218][   T29] audit: type=1326 audit(1722113615.625:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10496 comm="syz.3.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5181177299 code=0x7ffc0000
[  539.446539][   T29] audit: type=1326 audit(1722113615.635:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10496 comm="syz.3.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f5181177299 code=0x7ffc0000
[  539.477744][   T47] usb 3-1: USB disconnect, device number 60
[  539.495965][   T29] audit: type=1326 audit(1722113615.645:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10496 comm="syz.3.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5181177299 code=0x7ffc0000
[  539.556353][   T29] audit: type=1326 audit(1722113615.645:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10496 comm="syz.3.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f5181177299 code=0x7ffc0000
[  539.600206][   T29] audit: type=1326 audit(1722113615.655:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10496 comm="syz.3.1349" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5181177299 code=0x7ffc0000
[  539.726467][T10518] FAULT_INJECTION: forcing a failure.
[  539.726467][T10518] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  539.802808][T10518] CPU: 0 UID: 0 PID: 10518 Comm: syz.3.1355 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  539.813253][T10518] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  539.823323][T10518] Call Trace:
[  539.826615][T10518]  <TASK>
[  539.829560][T10518]  dump_stack_lvl+0x241/0x360
[  539.834261][T10518]  ? __pfx_dump_stack_lvl+0x10/0x10
[  539.839478][T10518]  ? __pfx__printk+0x10/0x10
[  539.844088][T10518]  ? __pfx_lock_release+0x10/0x10
[  539.849238][T10518]  should_fail_ex+0x3b0/0x4e0
[  539.853942][T10518]  _copy_from_user+0x2f/0xe0
[  539.858547][T10518]  copy_msghdr_from_user+0xae/0x680
[  539.863769][T10518]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[  539.869608][T10518]  do_recvmmsg+0x40f/0xae0
[  539.874044][T10518]  ? __pfx_lock_release+0x10/0x10
[  539.879085][T10518]  ? __pfx_do_recvmmsg+0x10/0x10
[  539.884050][T10518]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  539.889959][T10518]  ? ksys_write+0x23e/0x2c0
[  539.894471][T10518]  ? __pfx_lock_release+0x10/0x10
[  539.899519][T10518]  ? vfs_write+0x7c4/0xc90
[  539.903948][T10518]  ? __mutex_unlock_slowpath+0x21d/0x750
[  539.909601][T10518]  ? __fget_files+0x3f6/0x470
[  539.914311][T10518]  __x64_sys_recvmmsg+0x199/0x250
[  539.919357][T10518]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  539.924919][T10518]  ? do_syscall_64+0x100/0x230
[  539.929699][T10518]  ? do_syscall_64+0xb6/0x230
[  539.934392][T10518]  do_syscall_64+0xf3/0x230
[  539.938908][T10518]  ? clear_bhb_loop+0x35/0x90
[  539.943604][T10518]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  539.949520][T10518] RIP: 0033:0x7f5181177299
[  539.953953][T10518] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  539.973578][T10518] RSP: 002b:00007f5180bff048 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  539.982014][T10518] RAX: ffffffffffffffda RBX: 00007f5181306058 RCX: 00007f5181177299
[  539.990001][T10518] RDX: 0000000000001800 RSI: 0000000020001dc0 RDI: 0000000000000006
[  539.997982][T10518] RBP: 00007f5180bff0a0 R08: 0000000000000000 R09: 0000000000000000
[  540.005962][T10518] R10: 0000000000002002 R11: 0000000000000246 R12: 0000000000000001
[  540.013943][T10518] R13: 000000000000006e R14: 00007f5181306058 R15: 00007ffc3de4c918
[  540.021927][T10518]  </TASK>
[  540.183127][ T5265] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  540.213179][    C1] eth0: bad gso: type: 1, size: 1408
[  540.363168][ T5265] usb 5-1: Using ep0 maxpacket: 16
[  540.385459][ T5265] usb 5-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  540.399552][ T5265] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  540.413505][ T5265] usb 5-1: Product: syz
[  540.417781][ T5265] usb 5-1: Manufacturer: syz
[  540.422592][ T5265] usb 5-1: SerialNumber: syz
[  540.431532][ T5265] usb 5-1: config 0 descriptor??
[  540.522251][ T5265] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  540.533245][ T5265] dvb-usb: bulk message failed: -22 (2/0)
[  540.534074][ T5272] usb 2-1: new high-speed USB device number 55 using dummy_hcd
[  540.538999][ T5265] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  540.763352][ T5272] usb 2-1: Using ep0 maxpacket: 16
[  540.780102][ T5272] usb 2-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  540.797327][ T5272] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  540.818400][ T5272] usb 2-1: Product: syz
[  540.822674][ T5272] usb 2-1: Manufacturer: syz
[  540.832501][ T5272] usb 2-1: SerialNumber: syz
[  540.838450][ T5265] usb 5-1: USB disconnect, device number 49
[  540.870316][ T5272] usb 2-1: config 0 descriptor??
[  540.894271][ T5272] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  540.908658][ T5272] dvb-usb: bulk message failed: -22 (2/0)
[  540.915084][ T5272] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  540.963434][T10539] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1363'.
[  541.093836][ T5214] usb 2-1: USB disconnect, device number 55
[  541.487494][T10544] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1365'.
[  541.550528][T10547] netlink: 300 bytes leftover after parsing attributes in process `syz.4.1366'.
[  541.593940][T10547] netlink: 'syz.4.1366': attribute type 4 has an invalid length.
[  541.946201][T10559] fuse: Unknown parameter 'f™ƒc%(Ú\ï•cxŒ*�5 A ¾÷¾Çh'
[  541.974200][T10559] fuse: Unknown parameter 'f™ƒc%(Ú\ï•cxŒ*�5 A ¾÷¾Çh'
[  541.997939][T10559] fuse: Unknown parameter 'f™ƒc%(Ú\ï•cxŒ*�5 A ¾÷¾Çh'
[  542.435277][T10567] ipt_ECN: cannot use operation on non-tcp rule
[  543.403349][T10581] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1377'.
[  543.494271][T10583] FAULT_INJECTION: forcing a failure.
[  543.494271][T10583] name failslab, interval 1, probability 0, space 0, times 0
[  543.524934][T10583] CPU: 0 UID: 0 PID: 10583 Comm: syz.0.1378 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  543.535384][T10583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  543.545456][T10583] Call Trace:
[  543.548751][T10583]  <TASK>
[  543.551696][T10583]  dump_stack_lvl+0x241/0x360
[  543.556397][T10583]  ? __pfx_dump_stack_lvl+0x10/0x10
[  543.561612][T10583]  ? __pfx__printk+0x10/0x10
[  543.566221][T10583]  ? __kmalloc_noprof+0xb0/0x400
[  543.571201][T10583]  ? __pfx___might_resched+0x10/0x10
[  543.576519][T10583]  should_fail_ex+0x3b0/0x4e0
[  543.581235][T10583]  ? io_alloc_page_table+0x96/0x120
[  543.586460][T10583]  should_failslab+0xac/0x100
[  543.591172][T10583]  ? io_alloc_page_table+0x96/0x120
[  543.594619][ T5227] Bluetooth: hci5: unexpected event 0x09 length: 13 > 3
[  543.596378][T10583]  __kmalloc_noprof+0xd8/0x400
[  543.608113][T10583]  io_alloc_page_table+0x96/0x120
[  543.613182][T10583]  io_rsrc_data_alloc+0x9a/0x270
[  543.618152][T10583]  io_sqe_buffers_register+0x1ca/0x700
[  543.623639][T10583]  ? __mutex_unlock_slowpath+0x21d/0x750
[  543.629298][T10583]  ? __se_sys_io_uring_register+0x1b8/0x15d0
[  543.635298][T10583]  ? __pfx_vfs_write+0x10/0x10
[  543.640080][T10583]  ? __pfx_io_sqe_buffers_register+0x10/0x10
[  543.646102][T10583]  ? __fget_files+0x29/0x470
[  543.650719][T10583]  __se_sys_io_uring_register+0xb22/0x15d0
[  543.656561][T10583]  ? __pfx___se_sys_io_uring_register+0x10/0x10
[  543.662823][T10583]  ? do_syscall_64+0x100/0x230
[  543.667608][T10583]  ? do_syscall_64+0xb6/0x230
[  543.672307][T10583]  do_syscall_64+0xf3/0x230
[  543.676831][T10583]  ? clear_bhb_loop+0x35/0x90
[  543.681527][T10583]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.687438][T10583] RIP: 0033:0x7fa40cd77299
[  543.691867][T10583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  543.711666][T10583] RSP: 002b:00007fa40c7ff048 EFLAGS: 00000246 ORIG_RAX: 00000000000001ab
[  543.720103][T10583] RAX: ffffffffffffffda RBX: 00007fa40cf05f80 RCX: 00007fa40cd77299
[  543.728092][T10583] RDX: 00000000200002c0 RSI: 0000000000000000 RDI: 0000000000000003
[  543.736075][T10583] RBP: 00007fa40c7ff0a0 R08: 0000000000000000 R09: 0000000000000000
[  543.744063][T10583] R10: 100000000000011a R11: 0000000000000246 R12: 0000000000000001
[  543.752051][T10583] R13: 000000000000000b R14: 00007fa40cf05f80 R15: 00007ffddacaaa08
[  543.760051][T10583]  </TASK>
[  543.847075][ T5265] usb 2-1: new high-speed USB device number 56 using dummy_hcd
[  544.044982][ T5265] usb 2-1: Using ep0 maxpacket: 16
[  544.064030][ T5272] usb 3-1: new high-speed USB device number 61 using dummy_hcd
[  544.065798][ T5265] usb 2-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  544.083350][ T5265] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  544.092460][ T5265] usb 2-1: Product: syz
[  544.133336][ T5265] usb 2-1: Manufacturer: syz
[  544.140021][ T5265] usb 2-1: SerialNumber: syz
[  544.172976][ T5265] usb 2-1: config 0 descriptor??
[  544.198887][ T5265] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  544.357477][ T5265] dvb-usb: bulk message failed: -22 (2/0)
[  544.379731][ T5265] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  544.496193][ T5264] usb 1-1: new high-speed USB device number 62 using dummy_hcd
[  544.525304][ T5272] usb 3-1: Using ep0 maxpacket: 16
[  544.578549][ T5272] usb 3-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  544.590488][ T5272] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  544.601123][ T5272] usb 3-1: Product: syz
[  544.606993][ T5272] usb 3-1: Manufacturer: syz
[  544.611765][ T5272] usb 3-1: SerialNumber: syz
[  544.633996][ T5272] usb 3-1: config 0 descriptor??
[  544.655846][ T5272] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  544.695426][ T5264] usb 1-1: Using ep0 maxpacket: 16
[  545.006884][ T5264] usb 1-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  545.059374][ T5272] dvb-usb: bulk message failed: -22 (2/0)
[  545.071850][ T5272] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  545.145831][ T5264] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  545.157344][ T5264] usb 1-1: Product: syz
[  545.161595][ T5264] usb 1-1: Manufacturer: syz
[  545.175779][ T5272] usb 3-1: USB disconnect, device number 61
[  545.189252][ T5264] usb 1-1: SerialNumber: syz
[  545.199146][ T5264] usb 1-1: config 0 descriptor??
[  545.207402][ T5265] usb 2-1: USB disconnect, device number 56
[  545.212063][ T5264] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  545.225639][ T5264] dvb-usb: bulk message failed: -22 (2/0)
[  545.231413][ T5264] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  545.443507][ T5272] usb 1-1: USB disconnect, device number 62
[  545.485795][ T5214] usb 4-1: new high-speed USB device number 49 using dummy_hcd
[  545.669512][ T5214] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  545.679495][T10608] FAULT_INJECTION: forcing a failure.
[  545.679495][T10608] name failslab, interval 1, probability 0, space 0, times 0
[  545.685329][ T5214] usb 4-1: New USB device found, idVendor=0586, idProduct=330b, bcdDevice=d9.9c
[  545.705388][T10608] CPU: 1 UID: 0 PID: 10608 Comm: syz.4.1386 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  545.715838][T10608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  545.725888][T10608] Call Trace:
[  545.729151][T10608]  <TASK>
[  545.732062][T10608]  dump_stack_lvl+0x241/0x360
[  545.736731][T10608]  ? __pfx_dump_stack_lvl+0x10/0x10
[  545.741908][T10608]  ? __pfx__printk+0x10/0x10
[  545.746481][T10608]  ? fs_reclaim_acquire+0x93/0x140
[  545.751571][T10608]  ? __pfx___might_resched+0x10/0x10
[  545.756853][T10608]  should_fail_ex+0x3b0/0x4e0
[  545.761568][T10608]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  545.767366][T10608]  should_failslab+0xac/0x100
[  545.772029][T10608]  ? tomoyo_realpath_from_path+0xcf/0x5e0
[  545.777733][T10608]  __kmalloc_noprof+0xd8/0x400
[  545.782477][T10608]  ? kfree+0x4e/0x360
[  545.786445][T10608]  tomoyo_realpath_from_path+0xcf/0x5e0
[  545.791980][T10608]  tomoyo_path_number_perm+0x23a/0x880
[  545.797423][T10608]  ? tomoyo_path_number_perm+0x208/0x880
[  545.803045][T10608]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  545.809024][T10608]  ? __fget_files+0x29/0x470
[  545.813594][T10608]  ? __fget_files+0x3f6/0x470
[  545.818251][T10608]  ? __fget_files+0x29/0x470
[  545.822824][T10608]  security_file_ioctl+0x75/0xb0
[  545.827743][T10608]  __se_sys_ioctl+0x47/0x170
[  545.832314][T10608]  do_syscall_64+0xf3/0x230
[  545.836802][T10608]  ? clear_bhb_loop+0x35/0x90
[  545.841468][T10608]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  545.847358][T10608] RIP: 0033:0x7fa998377299
[  545.851840][T10608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  545.871433][T10608] RSP: 002b:00007fa997dff048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  545.879834][T10608] RAX: ffffffffffffffda RBX: 00007fa998506058 RCX: 00007fa998377299
[  545.887788][T10608] RDX: 0000000020000240 RSI: 000000000000541b RDI: 0000000000000009
[  545.895741][T10608] RBP: 00007fa997dff0a0 R08: 0000000000000000 R09: 0000000000000000
[  545.903694][T10608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  545.911734][T10608] R13: 000000000000006e R14: 00007fa998506058 R15: 00007ffe9eb902b8
[  545.919700][T10608]  </TASK>
[  545.924884][ T5214] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  545.925519][T10608] ERROR: Out of memory at tomoyo_realpath_from_path.
[  545.974558][ T5214] usb 4-1: config 0 descriptor??
[  545.999943][T10611] ipt_ECN: cannot use operation on non-tcp rule
[  546.019116][ T5214] cxacru 4-1:0.0: cxacru_bind: interface has incorrect endpoints
[  546.039968][ T5214] cxacru 4-1:0.0: usbatm_usb_probe: bind failed: -19!
[  546.080134][T10616] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1389'.
[  546.147441][T10621] ptrace attach of "./syz-executor exec"[5211] was attempted by "./syz-executor exec"[10621]
[  546.175420][T10621] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  546.190617][T10621] macvlan2: entered allmulticast mode
[  546.200538][T10621] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[  546.225125][T10621] netdevsim netdevsim1 netdevsim0: left promiscuous mode
[  546.245986][ T5264] usb 4-1: USB disconnect, device number 49
[  546.534293][   T29] kauditd_printk_skb: 7 callbacks suppressed
[  546.534311][   T29] audit: type=1326 audit(1722113623.191:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10624 comm="syz.0.1391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa40cd77299 code=0x7fc00000
[  546.669221][   T29] audit: type=1804 audit(1722113623.321:235): pid=10631 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.1393" name="/newroot/41/bus/file1" dev="overlay" ino=244 res=1 errno=0
[  547.935436][   T29] audit: type=1326 audit(1722113624.591:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10624 comm="syz.0.1391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7fa40cd77299 code=0x7fc00000
[  548.030239][   T29] audit: type=1326 audit(1722113624.591:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10624 comm="syz.0.1391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa40cd77299 code=0x7fc00000
[  548.075848][   T29] audit: type=1326 audit(1722113624.591:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10624 comm="syz.0.1391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa40cd77299 code=0x7fc00000
[  548.115256][ T5227] Bluetooth: hci4: unexpected event 0x09 length: 13 > 3
[  548.169637][   T29] audit: type=1326 audit(1722113624.591:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10624 comm="syz.0.1391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa40cd77299 code=0x7fc00000
[  548.394515][   T29] audit: type=1326 audit(1722113624.591:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10624 comm="syz.0.1391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa40cd77299 code=0x7fc00000
[  548.487546][   T29] audit: type=1326 audit(1722113624.591:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10624 comm="syz.0.1391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa40cd77299 code=0x7fc00000
[  548.571220][   T29] audit: type=1326 audit(1722113624.591:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10624 comm="syz.0.1391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa40cd77299 code=0x7fc00000
[  548.647526][   T29] audit: type=1326 audit(1722113624.591:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=10624 comm="syz.0.1391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa40cd77299 code=0x7fc00000
[  548.703816][T10657] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1399'.
[  548.895358][T10669] trusted_key: encrypted_key: insufficient parameters specified
[  548.987631][ T5264] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  549.027636][ T5272] usb 2-1: new high-speed USB device number 57 using dummy_hcd
[  551.058622][ T5272] usb 2-1: Using ep0 maxpacket: 16
[  552.045396][ T5272] usb 2-1: device descriptor read/all, error -71
[  552.169439][ T5264] usb 5-1: device not accepting address 50, error -71
[  555.217968][ T5227] Bluetooth: hci4: unexpected event 0x09 length: 13 > 3
[  557.886361][T10703] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1411'.
[  558.043049][T10712] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1412'.
[  559.043014][T10723] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1417'.
[  559.173671][    C1] eth0: bad gso: type: 1, size: 1408
[  559.282623][ T5272] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  560.132893][ T5272] usb 5-1: Using ep0 maxpacket: 16
[  560.158545][ T5272] usb 5-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  560.172929][ T5272] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  560.188578][ T5272] usb 5-1: Product: syz
[  560.197525][ T5272] usb 5-1: Manufacturer: syz
[  560.208493][ T5272] usb 5-1: SerialNumber: syz
[  560.215578][ T5272] usb 5-1: config 0 descriptor??
[  560.376547][ T5272] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  560.392257][ T5272] dvb-usb: bulk message failed: -22 (2/0)
[  560.398128][ T5272] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  563.069133][ T5264] usb 5-1: USB disconnect, device number 52
[  563.797185][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  563.824787][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  564.187185][T10760] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1428'.
[  565.449240][    C1] eth0: bad gso: type: 1, size: 1408
[  565.985539][ T5214] usb 5-1: new high-speed USB device number 53 using dummy_hcd
[  566.815772][ T5214] usb 5-1: Using ep0 maxpacket: 16
[  566.832476][ T5214] usb 5-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  566.848004][ T5214] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  566.862558][ T5214] usb 5-1: Product: syz
[  566.867102][ T5214] usb 5-1: Manufacturer: syz
[  566.882846][ T5214] usb 5-1: SerialNumber: syz
[  566.893982][T10780] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1431'.
[  566.910092][ T5214] usb 5-1: config 0 descriptor??
[  567.058096][ T5214] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  567.069961][ T5214] dvb-usb: bulk message failed: -22 (2/0)
[  567.076841][ T5214] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  567.349599][ T5262] usb 5-1: USB disconnect, device number 53
[  568.603840][T10801] ipt_ECN: cannot use operation on non-tcp rule
[  569.056920][T10810] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1441'.
[  569.330405][    T9] usb 4-1: new high-speed USB device number 50 using dummy_hcd
[  569.726930][    T9] usb 4-1: Using ep0 maxpacket: 16
[  569.740087][    T9] usb 4-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  569.798751][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  569.847417][    T9] usb 4-1: Product: syz
[  569.851626][    T9] usb 4-1: Manufacturer: syz
[  569.856240][    T9] usb 4-1: SerialNumber: syz
[  569.897595][    T9] usb 4-1: config 0 descriptor??
[  569.915566][    T9] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  572.856976][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  572.912482][    T9] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  573.317433][    C1] eth0: bad gso: type: 1, size: 1408
[  573.335352][    T9] usb 4-1: USB disconnect, device number 50
[  574.238527][   T47] usb 2-1: new high-speed USB device number 59 using dummy_hcd
[  575.229400][   T47] usb 2-1: Using ep0 maxpacket: 16
[  575.241100][   T47] usb 2-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  575.260012][   T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  575.268640][   T47] usb 2-1: Product: syz
[  575.274160][T10827] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1447'.
[  575.289375][   T47] usb 2-1: Manufacturer: syz
[  575.294125][   T47] usb 2-1: SerialNumber: syz
[  575.385871][   T47] usb 2-1: config 0 descriptor??
[  575.444089][T10850] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1453'.
[  575.909093][T10852] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1452'.
[  575.982867][   T47] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  575.992973][   T47] dvb-usb: bulk message failed: -22 (2/0)
[  575.999013][   T47] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  576.517990][ T5262] usb 2-1: USB disconnect, device number 59
[  578.494015][T10870] FAULT_INJECTION: forcing a failure.
[  578.494015][T10870] name failslab, interval 1, probability 0, space 0, times 0
[  578.647048][T10870] CPU: 0 UID: 0 PID: 10870 Comm: syz.4.1460 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  578.657498][T10870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  578.667538][T10870] Call Trace:
[  578.670802][T10870]  <TASK>
[  578.673718][T10870]  dump_stack_lvl+0x241/0x360
[  578.678383][T10870]  ? __pfx_dump_stack_lvl+0x10/0x10
[  578.683565][T10870]  ? __pfx__printk+0x10/0x10
[  578.688142][T10870]  ? kmem_cache_alloc_node_noprof+0x49/0x320
[  578.694118][T10870]  ? __pfx___might_resched+0x10/0x10
[  578.699408][T10870]  should_fail_ex+0x3b0/0x4e0
[  578.704090][T10870]  should_failslab+0xac/0x100
[  578.708761][T10870]  ? __alloc_skb+0x1c3/0x440
[  578.713347][T10870]  kmem_cache_alloc_node_noprof+0x71/0x320
[  578.719151][T10870]  __alloc_skb+0x1c3/0x440
[  578.723567][T10870]  ? __pfx___alloc_skb+0x10/0x10
[  578.728503][T10870]  ? netlink_autobind+0xd6/0x2f0
[  578.733434][T10870]  ? netlink_autobind+0x2b0/0x2f0
[  578.738454][T10870]  netlink_sendmsg+0x638/0xcb0
[  578.743227][T10870]  ? __pfx_netlink_sendmsg+0x10/0x10
[  578.748536][T10870]  ? __import_iovec+0x536/0x820
[  578.753382][T10870]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  578.758660][T10870]  ? security_socket_sendmsg+0x87/0xb0
[  578.764201][T10870]  ? __pfx_netlink_sendmsg+0x10/0x10
[  578.769481][T10870]  __sock_sendmsg+0x221/0x270
[  578.774157][T10870]  ____sys_sendmsg+0x525/0x7d0
[  578.778922][T10870]  ? __pfx_____sys_sendmsg+0x10/0x10
[  578.784390][T10870]  __sys_sendmsg+0x2b0/0x3a0
[  578.788977][T10870]  ? __pfx___sys_sendmsg+0x10/0x10
[  578.794083][T10870]  ? vfs_write+0x7c4/0xc90
[  578.798523][T10870]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  578.804849][T10870]  ? do_syscall_64+0x100/0x230
[  578.809615][T10870]  ? do_syscall_64+0xb6/0x230
[  578.814286][T10870]  do_syscall_64+0xf3/0x230
[  578.818785][T10870]  ? clear_bhb_loop+0x35/0x90
[  578.823485][T10870]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  578.829373][T10870] RIP: 0033:0x7fa998377299
[  578.833784][T10870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  578.853385][T10870] RSP: 002b:00007fa999064048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  578.861807][T10870] RAX: ffffffffffffffda RBX: 00007fa998505f80 RCX: 00007fa998377299
[  578.869773][T10870] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000007
[  578.877740][T10870] RBP: 00007fa9990640a0 R08: 0000000000000000 R09: 0000000000000000
[  578.885703][T10870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  578.893679][T10870] R13: 000000000000000b R14: 00007fa998505f80 R15: 00007ffe9eb902b8
[  578.901757][T10870]  </TASK>
[  579.677730][  T941] usb 1-1: new high-speed USB device number 63 using dummy_hcd
[  579.985563][T10882] FAULT_INJECTION: forcing a failure.
[  579.985563][T10882] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  579.998956][T10882] CPU: 1 UID: 0 PID: 10882 Comm: syz.4.1463 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  580.009377][T10882] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  580.012233][  T941] usb 1-1: Using ep0 maxpacket: 16
[  580.019587][T10882] Call Trace:
[  580.019601][T10882]  <TASK>
[  580.030867][T10882]  dump_stack_lvl+0x241/0x360
[  580.035534][T10882]  ? __pfx_dump_stack_lvl+0x10/0x10
[  580.040718][T10882]  ? __pfx__printk+0x10/0x10
[  580.045305][T10882]  ? __pfx_lock_release+0x10/0x10
[  580.050319][T10882]  ? __lock_acquire+0x137a/0x2040
[  580.055340][T10882]  should_fail_ex+0x3b0/0x4e0
[  580.060019][T10882]  _copy_from_user+0x2f/0xe0
[  580.064606][T10882]  kstrtouint_from_user+0xc6/0x190
[  580.069716][T10882]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  580.075447][T10882]  ? __pfx_lock_acquire+0x10/0x10
[  580.080494][T10882]  proc_fail_nth_write+0xaa/0x2d0
[  580.085525][T10882]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[  580.091418][T10882]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  580.097052][T10882]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  580.102681][T10882]  vfs_write+0x2a2/0xc90
[  580.106920][T10882]  ? __pfx_vfs_write+0x10/0x10
[  580.111675][T10882]  ? __fget_files+0x29/0x470
[  580.116259][T10882]  ? __fget_files+0x3f6/0x470
[  580.120938][T10882]  ksys_write+0x1a0/0x2c0
[  580.125260][T10882]  ? __pfx_ksys_write+0x10/0x10
[  580.130099][T10882]  ? do_syscall_64+0x100/0x230
[  580.134858][T10882]  ? do_syscall_64+0xb6/0x230
[  580.139528][T10882]  do_syscall_64+0xf3/0x230
[  580.144024][T10882]  ? clear_bhb_loop+0x35/0x90
[  580.148699][T10882]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  580.154585][T10882] RIP: 0033:0x7fa998375e1f
[  580.158992][T10882] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48
[  580.178592][T10882] RSP: 002b:00007fa997dff040 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  580.186997][T10882] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fa998375e1f
[  580.194959][T10882] RDX: 0000000000000001 RSI: 00007fa997dff0b0 RDI: 0000000000000005
[  580.202920][T10882] RBP: 00007fa997dff0a0 R08: 0000000000000000 R09: 0000000000000000
[  580.210880][T10882] R10: 00000000200001c0 R11: 0000000000000293 R12: 0000000000000001
[  580.218839][T10882] R13: 000000000000006e R14: 00007fa998506058 R15: 00007ffe9eb902b8
[  580.226812][T10882]  </TASK>
[  580.251235][  T941] usb 1-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  580.270705][  T941] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  580.290219][  T941] usb 1-1: Product: syz
[  580.310464][  T941] usb 1-1: Manufacturer: syz
[  580.322757][  T941] usb 1-1: SerialNumber: syz
[  580.334027][  T941] usb 1-1: config 0 descriptor??
[  580.360326][  T941] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  580.557192][  T941] dvb-usb: bulk message failed: -22 (2/0)
[  580.846434][  T941] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  580.898018][T10890] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1465'.
[  581.400398][ T5264] usb 1-1: USB disconnect, device number 63
[  581.440133][T10893] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1466'.
[  581.504294][T10893] batadv0: entered promiscuous mode
[  581.533185][T10893] macvtap1: entered promiscuous mode
[  581.552290][T10893] macvtap1: entered allmulticast mode
[  581.568386][T10893] batadv0: entered allmulticast mode
[  581.590860][T10893] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  582.743898][T10896] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1467'.
[  583.303403][T10896] batadv0: entered promiscuous mode
[  583.323270][T10896] macvtap1: entered promiscuous mode
[  583.653344][T10896] macvtap1: entered allmulticast mode
[  583.665851][T10896] batadv0: entered allmulticast mode
[  583.680986][T10896] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  583.694928][T10906] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1467'.
[  583.714169][T10906] batadv0: left allmulticast mode
[  583.737702][T10906] batadv0: left promiscuous mode
[  583.755824][T10906] macvtap1: left promiscuous mode
[  583.767079][T10906] macvtap1: left allmulticast mode
[  585.056832][T10926] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1476'.
[  585.186728][T10922] overlayfs: statfs failed on './file0'
[  585.209893][T10930] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1477'.
[  589.855651][    C1] eth0: bad gso: type: 1, size: 1408
[  590.124759][T10974] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1490'.
[  593.596030][T11009] FAULT_INJECTION: forcing a failure.
[  593.596030][T11009] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  593.610212][T11009] CPU: 0 UID: 0 PID: 11009 Comm: syz.2.1500 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  593.620622][T11009] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  593.630667][T11009] Call Trace:
[  593.633930][T11009]  <TASK>
[  593.636846][T11009]  dump_stack_lvl+0x241/0x360
[  593.641510][T11009]  ? __pfx_dump_stack_lvl+0x10/0x10
[  593.646690][T11009]  ? __pfx__printk+0x10/0x10
[  593.651264][T11009]  ? __pfx_lock_release+0x10/0x10
[  593.656276][T11009]  should_fail_ex+0x3b0/0x4e0
[  593.660942][T11009]  _copy_from_iter+0x1f6/0x1960
[  593.665775][T11009]  ? __virt_addr_valid+0x183/0x530
[  593.670883][T11009]  ? __pfx_lock_release+0x10/0x10
[  593.675898][T11009]  ? __pfx__copy_from_iter+0x10/0x10
[  593.681173][T11009]  ? __virt_addr_valid+0x183/0x530
[  593.686265][T11009]  ? __virt_addr_valid+0x183/0x530
[  593.691372][T11009]  ? __virt_addr_valid+0x45f/0x530
[  593.696832][T11009]  ? __check_object_size+0x49c/0x900
[  593.702119][T11009]  hci_sock_sendmsg+0x4f1/0x11c0
[  593.707677][T11009]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  593.713839][T11009]  ? bpf_lsm_socket_sendmsg+0x9/0x10
[  593.719551][T11009]  ? security_socket_sendmsg+0x87/0xb0
[  593.724996][T11009]  ? __pfx_hci_sock_sendmsg+0x10/0x10
[  593.730349][T11009]  __sock_sendmsg+0x221/0x270
[  593.735013][T11009]  sock_write_iter+0x2dd/0x400
[  593.739762][T11009]  ? __pfx_sock_write_iter+0x10/0x10
[  593.745034][T11009]  ? bpf_lsm_file_permission+0x9/0x10
[  593.750569][T11009]  ? security_file_permission+0x7f/0xa0
[  593.756735][T11009]  vfs_write+0xa72/0xc90
[  593.760963][T11009]  ? __pfx_sock_write_iter+0x10/0x10
[  593.766234][T11009]  ? __pfx_vfs_write+0x10/0x10
[  593.770991][T11009]  ksys_write+0x1a0/0x2c0
[  593.775315][T11009]  ? __pfx_ksys_write+0x10/0x10
[  593.780148][T11009]  ? do_syscall_64+0x100/0x230
[  593.784898][T11009]  ? do_syscall_64+0xb6/0x230
[  593.789561][T11009]  do_syscall_64+0xf3/0x230
[  593.794049][T11009]  ? clear_bhb_loop+0x35/0x90
[  593.798714][T11009]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  593.804600][T11009] RIP: 0033:0x7fd952177299
[  593.809003][T11009] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  593.828599][T11009] RSP: 002b:00007fd952fd3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  593.836998][T11009] RAX: ffffffffffffffda RBX: 00007fd952305f80 RCX: 00007fd952177299
[  593.844953][T11009] RDX: 0000000000000006 RSI: 0000000020000340 RDI: 0000000000000004
[  593.852902][T11009] RBP: 00007fd952fd30a0 R08: 0000000000000000 R09: 0000000000000000
[  593.861726][T11009] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  593.869698][T11009] R13: 000000000000000b R14: 00007fd952305f80 R15: 00007fff27e337f8
[  593.877846][T11009]  </TASK>
[  594.404838][ T5272] usb 5-1: new high-speed USB device number 54 using dummy_hcd
[  595.207125][T11014] overlayfs: statfs failed on './file0'
[  595.225373][ T5272] usb 5-1: Using ep0 maxpacket: 16
[  595.249560][ T5272] usb 5-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  595.265175][ T5272] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  595.273266][ T5272] usb 5-1: Product: syz
[  595.297828][ T5272] usb 5-1: Manufacturer: syz
[  595.302705][ T5272] usb 5-1: SerialNumber: syz
[  595.335957][ T5272] usb 5-1: config 0 descriptor??
[  595.354975][ T5272] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  595.373773][ T5272] dvb-usb: bulk message failed: -22 (2/0)
[  595.381516][ T5272] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  596.529134][T11038] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1507'.
[  596.584993][    T9] usb 5-1: USB disconnect, device number 54
[  596.622759][T11038] netlink: 'syz.2.1507': attribute type 2 has an invalid length.
[  600.764813][T11073] overlayfs: statfs failed on './file0'
[  600.960922][ T5227] Bluetooth: hci5: unexpected event 0x09 length: 13 > 3
[  602.077801][T11087] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1523'.
[  602.557463][    T9] usb 1-1: new high-speed USB device number 64 using dummy_hcd
[  602.817312][    T9] usb 1-1: Using ep0 maxpacket: 16
[  602.835306][    T9] usb 1-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  602.898503][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  603.057609][T11100] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1525'.
[  603.367428][    T9] usb 1-1: Product: syz
[  603.377422][    T9] usb 1-1: Manufacturer: syz
[  604.098176][    T9] usb 1-1: SerialNumber: syz
[  604.116031][    T9] usb 1-1: config 0 descriptor??
[  604.249140][    T9] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  604.269640][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  604.275429][    T9] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  605.379489][    T9] usb 1-1: USB disconnect, device number 64
[  606.433306][ T5227] Bluetooth: hci4: unexpected event 0x09 length: 13 > 3
[  610.452847][T11159] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1544'.
[  610.542553][   T29] kauditd_printk_skb: 1 callbacks suppressed
[  610.542572][   T29] audit: type=1326 audit(1722113687.178:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11165 comm="syz.1.1545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc377577299 code=0x7ffc0000
[  610.581365][   T29] audit: type=1326 audit(1722113687.178:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11165 comm="syz.1.1545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc377577299 code=0x7ffc0000
[  610.604887][   T29] audit: type=1326 audit(1722113687.178:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11165 comm="syz.1.1545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc377577299 code=0x7ffc0000
[  610.767758][   T29] audit: type=1326 audit(1722113687.178:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11165 comm="syz.1.1545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc377577299 code=0x7ffc0000
[  610.767958][   T29] audit: type=1326 audit(1722113687.178:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11165 comm="syz.1.1545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc377577299 code=0x7ffc0000
[  610.768147][   T29] audit: type=1326 audit(1722113687.178:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11165 comm="syz.1.1545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc377577299 code=0x7ffc0000
[  610.768339][   T29] audit: type=1326 audit(1722113687.178:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11165 comm="syz.1.1545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc377577299 code=0x7ffc0000
[  610.768526][   T29] audit: type=1326 audit(1722113687.178:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11165 comm="syz.1.1545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7fc377577299 code=0x7ffc0000
[  610.768744][   T29] audit: type=1326 audit(1722113687.178:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11165 comm="syz.1.1545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc377577299 code=0x7ffc0000
[  610.768931][   T29] audit: type=1326 audit(1722113687.178:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11165 comm="syz.1.1545" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc377577299 code=0x7ffc0000
[  610.993981][    T9] usb 4-1: new high-speed USB device number 51 using dummy_hcd
[  611.709579][   T11] kworker/u8:0 (11) used greatest stack depth: 18736 bytes left
[  611.879357][ T5227] Bluetooth: hci5: command 0x0406 tx timeout
[  611.899431][    T9] usb 4-1: Using ep0 maxpacket: 16
[  611.903331][    T9] usb 4-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  611.903362][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  611.903384][    T9] usb 4-1: Product: syz
[  611.903400][    T9] usb 4-1: Manufacturer: syz
[  611.903417][    T9] usb 4-1: SerialNumber: syz
[  611.909163][    T9] usb 4-1: config 0 descriptor??
[  611.920551][    T9] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  611.920599][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  611.920641][    T9] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  612.049932][  T941] usb 3-1: new full-speed USB device number 62 using dummy_hcd
[  612.167447][T11188] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1552'.
[  612.189951][T11188] pimreg: entered allmulticast mode
[  612.205349][T11188] pimreg: left allmulticast mode
[  612.231222][    T9] usb 4-1: USB disconnect, device number 51
[  614.003606][T11200] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1555'.
[  615.350680][T11174] tty tty25: ldisc open failed (-12), clearing slot 24
[  615.377754][T11192] tty tty1: ldisc open failed (-12), clearing slot 0
[  616.580683][T11209] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1557'.
[  617.225250][T11216] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1559'.
[  617.681217][  T941] usb 3-1: unable to get BOS descriptor or descriptor too short
[  617.697675][  T941] usb 3-1: unable to read config index 0 descriptor/start: -32
[  617.713883][  T941] usb 3-1: chopping to 0 config(s)
[  617.719042][  T941] usb 3-1: can't read configurations, error -32
[  618.211044][ T5267] usb 1-1: new high-speed USB device number 65 using dummy_hcd
[  618.441375][ T5267] usb 1-1: Using ep0 maxpacket: 16
[  618.796739][ T5267] usb 1-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  618.806642][ T5267] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  618.820186][ T5267] usb 1-1: Product: syz
[  618.824871][ T5267] usb 1-1: Manufacturer: syz
[  618.844095][ T5267] usb 1-1: SerialNumber: syz
[  619.005849][ T5267] usb 1-1: config 0 descriptor??
[  619.043276][ T5267] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  619.489554][   T55] Bluetooth: hci5: unexpected event 0x09 length: 13 > 3
[  619.530237][ T5267] dvb-usb: bulk message failed: -22 (2/0)
[  619.690749][ T5267] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  619.761770][ T5267] usb 1-1: USB disconnect, device number 65
[  619.798357][T11241] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1566'.
[  621.591338][T11255] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1568'.
[  622.325773][T11264] FAULT_INJECTION: forcing a failure.
[  622.325773][T11264] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  622.344986][T11264] CPU: 0 UID: 0 PID: 11264 Comm: syz.2.1573 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  622.355448][T11264] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  622.365692][T11264] Call Trace:
[  622.369857][T11264]  <TASK>
[  622.372813][T11264]  dump_stack_lvl+0x241/0x360
[  622.377522][T11264]  ? __pfx_dump_stack_lvl+0x10/0x10
[  622.382830][T11264]  ? __pfx__printk+0x10/0x10
[  622.387454][T11264]  ? snprintf+0xda/0x120
[  622.392255][T11264]  should_fail_ex+0x3b0/0x4e0
[  622.396972][T11264]  _copy_to_user+0x2f/0xb0
[  622.401403][T11264]  simple_read_from_buffer+0xca/0x150
[  622.406871][T11264]  proc_fail_nth_read+0x1e9/0x250
[  622.411912][T11264]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  622.417638][T11264]  ? rw_verify_area+0x520/0x6b0
[  622.422493][T11264]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  622.428044][T11264]  vfs_read+0x204/0xbc0
[  622.432189][T11264]  ? __pfx_lock_release+0x10/0x10
[  622.437207][T11264]  ? __pfx_vfs_read+0x10/0x10
[  622.441871][T11264]  ? __fget_files+0x29/0x470
[  622.446445][T11264]  ? __fget_files+0x3f6/0x470
[  622.451468][T11264]  ksys_read+0x1a0/0x2c0
[  622.455704][T11264]  ? __pfx_ksys_read+0x10/0x10
[  622.460457][T11264]  ? do_syscall_64+0x100/0x230
[  622.465646][T11264]  ? do_syscall_64+0xb6/0x230
[  622.470315][T11264]  do_syscall_64+0xf3/0x230
[  622.474894][T11264]  ? clear_bhb_loop+0x35/0x90
[  622.479560][T11264]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  622.485490][T11264] RIP: 0033:0x7fd952175d7c
[  622.490068][T11264] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  622.509748][T11264] RSP: 002b:00007fd952fd3040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  622.518146][T11264] RAX: ffffffffffffffda RBX: 00007fd952305f80 RCX: 00007fd952175d7c
[  622.526103][T11264] RDX: 000000000000000f RSI: 00007fd952fd30b0 RDI: 0000000000000004
[  622.534327][T11264] RBP: 00007fd952fd30a0 R08: 0000000000000000 R09: 0000000000000000
[  622.542284][T11264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  622.550335][T11264] R13: 000000000000000b R14: 00007fd952305f80 R15: 00007fff27e337f8
[  622.558307][T11264]  </TASK>
[  622.624311][T11268] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1574'.
[  622.783065][ T5267] usb 5-1: new full-speed USB device number 55 using dummy_hcd
[  623.454439][ T5267] usb 5-1: too many endpoints for config 1 interface 0 altsetting 0: 134, using maximum allowed: 30
[  623.529571][ T5267] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  623.675232][ T5267] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 134
[  623.705718][ T5267] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  623.722051][ T5267] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  623.742281][ T5267] usb 5-1: SerialNumber: syz
[  624.295966][T11283] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1578'.
[  624.500282][ T5267] usb 5-1: can't set config #1, error -71
[  624.538988][ T5267] usb 5-1: USB disconnect, device number 55
[  624.578101][T11279] FAULT_INJECTION: forcing a failure.
[  624.578101][T11279] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  624.642595][T11279] CPU: 1 UID: 0 PID: 11279 Comm: syz.0.1577 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  624.653544][T11279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  624.663714][T11279] Call Trace:
[  624.667097][T11279]  <TASK>
[  624.670039][T11279]  dump_stack_lvl+0x241/0x360
[  624.674731][T11279]  ? __pfx_dump_stack_lvl+0x10/0x10
[  624.680352][T11279]  ? __pfx__printk+0x10/0x10
[  624.685022][T11279]  ? snprintf+0xda/0x120
[  624.689954][T11279]  should_fail_ex+0x3b0/0x4e0
[  624.694627][T11279]  _copy_to_user+0x2f/0xb0
[  624.699028][T11279]  simple_read_from_buffer+0xca/0x150
[  624.704395][T11279]  proc_fail_nth_read+0x1e9/0x250
[  624.709430][T11279]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  624.715402][T11279]  ? rw_verify_area+0x520/0x6b0
[  624.720234][T11279]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  624.726290][T11279]  vfs_read+0x204/0xbc0
[  624.730427][T11279]  ? __pfx_lock_release+0x10/0x10
[  624.735452][T11279]  ? __pfx_vfs_read+0x10/0x10
[  624.740131][T11279]  ? __fget_files+0x29/0x470
[  624.744717][T11279]  ? __fget_files+0x3f6/0x470
[  624.749394][T11279]  ksys_read+0x1a0/0x2c0
[  624.753633][T11279]  ? __pfx_ksys_read+0x10/0x10
[  624.758398][T11279]  ? do_syscall_64+0x100/0x230
[  624.763178][T11279]  ? do_syscall_64+0xb6/0x230
[  624.767853][T11279]  do_syscall_64+0xf3/0x230
[  624.772615][T11279]  ? clear_bhb_loop+0x35/0x90
[  624.777288][T11279]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  624.783264][T11279] RIP: 0033:0x7fa40cd75d7c
[  624.787672][T11279] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48
[  624.807445][T11279] RSP: 002b:00007fa40c7ff040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  624.815864][T11279] RAX: ffffffffffffffda RBX: 00007fa40cf05f80 RCX: 00007fa40cd75d7c
[  624.824363][T11279] RDX: 000000000000000f RSI: 00007fa40c7ff0b0 RDI: 0000000000000006
[  624.832337][T11279] RBP: 00007fa40c7ff0a0 R08: 0000000000000000 R09: 0000000000000000
[  624.840304][T11279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  624.848356][T11279] R13: 000000000000000b R14: 00007fa40cf05f80 R15: 00007ffddacaaa08
[  624.856690][T11279]  </TASK>
[  624.937984][T11293] trusted_key: encrypted_key: insufficient parameters specified
[  625.172214][ T1267] ieee802154 phy0 wpan0: encryption failed: -22
[  625.179229][ T1267] ieee802154 phy1 wpan1: encryption failed: -22
[  625.559296][T11299] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1581'.
[  627.027400][T11305] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1583'.
[  627.167357][T11314] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1589'.
[  627.692829][ T5267] usb 4-1: new high-speed USB device number 52 using dummy_hcd
[  627.802741][  T941] usb 2-1: new high-speed USB device number 60 using dummy_hcd
[  628.191300][   T55] Bluetooth: hci4: unexpected event 0x09 length: 13 > 3
[  628.299854][T11327] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1592'.
[  629.059328][ T5267] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  629.081844][ T5267] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2
[  629.112310][  T941] usb 2-1: Using ep0 maxpacket: 8
[  629.121458][  T941] usb 2-1: config 0 has an invalid interface number: 5 but max is 0
[  629.129814][ T5267] usb 4-1: config 1 has no interface number 0
[  629.192699][ T5267] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  629.203979][  T941] usb 2-1: config 0 has no interface number 0
[  629.337609][ T5267] usb 4-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  629.349891][T11330] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1593'.
[  629.352707][ T5267] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  629.398953][  T941] usb 2-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=f0.ff
[  629.410558][ T5267] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  629.433653][  T941] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  629.834114][ T5267] usb 4-1: Product: syz
[  630.032940][ T5267] usb 4-1: Manufacturer: syz
[  630.037665][  T941] usb 2-1: Product: syz
[  630.041852][  T941] usb 2-1: Manufacturer: syz
[  630.055330][ T5267] usb 4-1: SerialNumber: syz
[  630.061343][  T941] usb 2-1: SerialNumber: syz
[  630.070439][ T5267] usb 4-1: selecting invalid altsetting 1
[  630.077946][  T941] usb 2-1: config 0 descriptor??
[  630.250059][ T5264] usb 2-1: USB disconnect, device number 60
[  630.333340][ T5267] cdc_ncm 4-1:1.1: bind() failure
[  630.678619][ T5267] usb 4-1: USB disconnect, device number 52
[  636.971825][ T5227] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  636.998053][ T5227] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  637.009052][ T5227] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  637.018598][ T5227] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  637.027766][ T5227] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  637.035160][ T5227] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  637.144965][T11363] IPVS: set_ctl: invalid protocol: 59 0.0.0.0:0
[  637.151390][ T5264] IPVS: starting estimator thread 0...
[  637.316491][T11364] IPVS: using max 33 ests per chain, 79200 per kthread
[  637.957844][T11376] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1605'.
[  638.391382][   T35] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  638.442441][T11372] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1604'.
[  638.577511][   T35] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  638.783279][T11385] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1607'.
[  639.475024][   T55] Bluetooth: hci2: command tx timeout
[  639.659615][   T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  640.985410][   T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  641.165414][ T5273] usb 1-1: new high-speed USB device number 66 using dummy_hcd
[  641.645226][   T55] Bluetooth: hci2: command tx timeout
[  641.932266][T11361] chnl_net:caif_netlink_parms(): no params data found
[  642.630006][ T5273] usb 1-1: Using ep0 maxpacket: 8
[  643.453859][T11417] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1613'.
[  643.686553][ T5273] usb 1-1: unable to read config index 0 descriptor/start: -71
[  643.719421][ T5273] usb 1-1: can't read configurations, error -71
[  643.729481][   T55] Bluetooth: hci2: command tx timeout
[  644.095708][   T35] bridge_slave_1: left allmulticast mode
[  644.105841][   T35] bridge_slave_1: left promiscuous mode
[  644.119797][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  645.795942][ T5227] Bluetooth: hci2: command tx timeout
[  645.886064][ T5273] usb 1-1: new high-speed USB device number 67 using dummy_hcd
[  645.922780][   T35] bridge_slave_0: left allmulticast mode
[  645.935737][   T35] bridge_slave_0: left promiscuous mode
[  645.989791][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  646.162762][T11435] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1619'.
[  646.537739][ T5273] usb 1-1: Using ep0 maxpacket: 8
[  646.813919][ T5273] usb 1-1: config 0 has an invalid interface number: 5 but max is 0
[  646.838109][ T5273] usb 1-1: config 0 has no interface number 0
[  646.860067][ T5273] usb 1-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=f0.ff
[  646.869249][ T5273] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  646.878394][ T5273] usb 1-1: Product: syz
[  646.882572][ T5273] usb 1-1: Manufacturer: syz
[  646.887407][ T5273] usb 1-1: SerialNumber: syz
[  646.894490][ T5273] usb 1-1: config 0 descriptor??
[  647.210404][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  647.224014][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  647.234551][   T35] bond0 (unregistering): Released all slaves
[  647.368988][ T5273] usb 1-1: USB disconnect, device number 67
[  647.513258][T11442] netlink: 9286 bytes leftover after parsing attributes in process `syz.3.1621'.
[  647.544615][T11361] bridge0: port 1(bridge_slave_0) entered blocking state
[  647.572420][T11361] bridge0: port 1(bridge_slave_0) entered disabled state
[  647.718642][ T5227] Bluetooth: hci4: command 0x0406 tx timeout
[  647.730881][T11361] bridge_slave_0: entered allmulticast mode
[  647.744432][T11361] bridge_slave_0: entered promiscuous mode
[  648.581331][T11361] bridge0: port 2(bridge_slave_1) entered blocking state
[  648.648477][T11361] bridge0: port 2(bridge_slave_1) entered disabled state
[  648.655828][T11361] bridge_slave_1: entered allmulticast mode
[  648.664022][T11361] bridge_slave_1: entered promiscuous mode
[  648.960242][T11464] FAULT_INJECTION: forcing a failure.
[  648.960242][T11464] name failslab, interval 1, probability 0, space 0, times 0
[  648.993208][T11361] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  649.128449][T11464] CPU: 0 UID: 0 PID: 11464 Comm: syz.3.1628 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  649.138903][T11464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  649.148986][T11464] Call Trace:
[  649.152272][T11464]  <TASK>
[  649.155210][T11464]  dump_stack_lvl+0x241/0x360
[  649.159911][T11464]  ? __pfx_dump_stack_lvl+0x10/0x10
[  649.165123][T11464]  ? __pfx__printk+0x10/0x10
[  649.169722][T11464]  ? __kmalloc_cache_noprof+0x44/0x2c0
[  649.175279][T11464]  ? __pfx___might_resched+0x10/0x10
[  649.180580][T11464]  should_fail_ex+0x3b0/0x4e0
[  649.185275][T11464]  should_failslab+0xac/0x100
[  649.189963][T11464]  ? __se_sys_mount+0x15a/0x3c0
[  649.194829][T11464]  __kmalloc_cache_noprof+0x6c/0x2c0
[  649.200128][T11464]  ? memdup_user+0x9f/0xc0
[  649.204554][T11464]  __se_sys_mount+0x15a/0x3c0
[  649.209241][T11464]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  649.215239][T11464]  ? __pfx___se_sys_mount+0x10/0x10
[  649.220446][T11464]  ? do_syscall_64+0x100/0x230
[  649.225223][T11464]  ? __x64_sys_mount+0x20/0xc0
[  649.229998][T11464]  do_syscall_64+0xf3/0x230
[  649.234511][T11464]  ? clear_bhb_loop+0x35/0x90
[  649.239202][T11464]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  649.245102][T11464] RIP: 0033:0x7f5181177299
[  649.249524][T11464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  649.269136][T11464] RSP: 002b:00007f5180bff048 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[  649.277558][T11464] RAX: ffffffffffffffda RBX: 00007f5181306058 RCX: 00007f5181177299
[  649.285532][T11464] RDX: 0000000020000440 RSI: 0000000020000400 RDI: 0000000000000000
[  649.293506][T11464] RBP: 00007f5180bff0a0 R08: 00000000200005c0 R09: 0000000000000000
[  649.301480][T11464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  649.309451][T11464] R13: 000000000000006e R14: 00007f5181306058 R15: 00007ffc3de4c918
[  649.317447][T11464]  </TASK>
[  649.776561][ T5262] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  649.915107][T11361] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  650.847437][ T5262] usb 3-1: Using ep0 maxpacket: 8
[  650.891482][   T35] hsr_slave_0: left promiscuous mode
[  650.892159][ T5262] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  650.926863][ T5262] usb 3-1: config 179 has no interface number 0
[  650.933355][ T5262] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  650.954810][   T35] hsr_slave_1: left promiscuous mode
[  650.981958][ T5262] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  651.007834][ T5262] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  651.032088][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  651.460589][ T5262] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  651.474250][ T5262] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  651.474422][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  651.483405][ T5262] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  651.486487][T11461] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  651.664131][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  651.673992][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  651.702734][  T941] usb 3-1: USB disconnect, device number 64
[  651.702806][    C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  651.716879][    C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  651.795591][   T35] veth1_macvtap: left promiscuous mode
[  651.814621][   T35] veth0_macvtap: left promiscuous mode
[  651.822124][   T35] veth1_vlan: left promiscuous mode
[  651.835025][   T35] veth0_vlan: left promiscuous mode
[  652.167112][T11489] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1633'.
[  654.062034][   T35] team0 (unregistering): Port device team_slave_1 removed
[  654.140751][   T35] team0 (unregistering): Port device team_slave_0 removed
[  655.372457][T11361] team0: Port device team_slave_0 added
[  655.869778][T11361] team0: Port device team_slave_1 added
[  656.488517][T11361] batman_adv: batadv0: Adding interface: batadv_slave_0
[  656.507506][T11361] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  657.222177][T11361] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  657.428064][T11521] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1640'.
[  658.071402][T11361] batman_adv: batadv0: Adding interface: batadv_slave_1
[  658.078715][T11361] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  658.106065][T11361] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  658.415734][ T5264] usb 4-1: new high-speed USB device number 53 using dummy_hcd
[  659.264147][T11361] hsr_slave_0: entered promiscuous mode
[  659.281288][T11361] hsr_slave_1: entered promiscuous mode
[  659.333779][T11361] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  659.343920][T11361] Cannot create hsr debugfs directory
[  659.372075][T11528] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1644'.
[  659.388655][ T5264] usb 4-1: Using ep0 maxpacket: 8
[  659.402075][ T5264] usb 4-1: config 179 has an invalid interface number: 65 but max is 0
[  659.420850][ T5264] usb 4-1: config 179 has no interface number 0
[  659.441358][ T5264] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  659.480788][ T5264] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  659.519832][ T5264] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  659.554671][ T5264] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  659.607260][ T5264] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  659.647655][ T5264] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  659.707571][ T5264] usb 4-1: can't set config #179, error -71
[  659.735419][ T5264] usb 4-1: USB disconnect, device number 53
[  660.041808][T11539] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1649'.
[  660.632955][   T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  660.675644][   T55] Bluetooth: hci4: unexpected event 0x09 length: 13 > 3
[  660.740053][   T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  660.804691][ T5227] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  660.816838][ T5227] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  660.833305][ T5227] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  660.856290][ T5227] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  660.901806][ T5227] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  660.910833][ T5227] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  660.940223][   T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  661.180844][T11547] FAULT_INJECTION: forcing a failure.
[  661.180844][T11547] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  661.196146][T11547] CPU: 1 UID: 0 PID: 11547 Comm: syz.1.1651 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  661.206578][T11547] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  661.216618][T11547] Call Trace:
[  661.219879][T11547]  <TASK>
[  661.222790][T11547]  dump_stack_lvl+0x241/0x360
[  661.227457][T11547]  ? __pfx_dump_stack_lvl+0x10/0x10
[  661.232639][T11547]  ? __pfx__printk+0x10/0x10
[  661.237214][T11547]  ? __pfx_lock_release+0x10/0x10
[  661.242226][T11547]  should_fail_ex+0x3b0/0x4e0
[  661.246893][T11547]  _copy_from_iter+0x1f6/0x1960
[  661.251741][T11547]  ? trace_contention_end+0x3c/0x120
[  661.257029][T11547]  ? __mutex_lock+0x2ef/0xd70
[  661.261691][T11547]  ? cgroup_rstat_updated+0x13b/0xc60
[  661.267073][T11547]  ? __pfx__copy_from_iter+0x10/0x10
[  661.272339][T11547]  ? pipe_write+0x1c9/0x1a40
[  661.276914][T11547]  ? __pfx___mutex_lock+0x10/0x10
[  661.281925][T11547]  ? page_copy_sane+0x46/0x260
[  661.286671][T11547]  copy_page_from_iter+0x7a/0x100
[  661.291679][T11547]  pipe_write+0x7fa/0x1a40
[  661.296106][T11547]  ? __pfx_pipe_write+0x10/0x10
[  661.300965][T11547]  ? bpf_lsm_file_permission+0x9/0x10
[  661.306335][T11547]  ? security_file_permission+0x7f/0xa0
[  661.311880][T11547]  vfs_write+0xa72/0xc90
[  661.316114][T11547]  ? __pfx_pipe_write+0x10/0x10
[  661.321131][T11547]  ? __pfx_vfs_write+0x10/0x10
[  661.325907][T11547]  ksys_write+0x1a0/0x2c0
[  661.330230][T11547]  ? __pfx_ksys_write+0x10/0x10
[  661.335072][T11547]  ? exc_page_fault+0x590/0x8c0
[  661.339915][T11547]  ? do_syscall_64+0xb6/0x230
[  661.344583][T11547]  do_syscall_64+0xf3/0x230
[  661.349112][T11547]  ? clear_bhb_loop+0x35/0x90
[  661.353785][T11547]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  661.359668][T11547] RIP: 0033:0x7fc377575e1f
[  661.364072][T11547] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48
[  661.383667][T11547] RSP: 002b:00007fc3782eed40 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[  661.392072][T11547] RAX: ffffffffffffffda RBX: 0000000000000029 RCX: 00007fc377575e1f
[  661.400034][T11547] RDX: 0000000000000029 RSI: 00007fc3782eef40 RDI: 0000000000000002
[  661.408257][T11547] RBP: 00007fc3782eef40 R08: 0000000000000000 R09: 0000000000000000
[  661.416222][T11547] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000029
[  661.424192][T11547] R13: 00007fc3776d5620 R14: 0000000000000029 R15: 00007fc3776d6c80
[  661.432191][T11547]  </TASK>
[  663.004705][ T5227] Bluetooth: hci1: command tx timeout
[  663.604316][   T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  663.698943][T11562] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1653'.
[  664.403736][ T5227] Bluetooth: hci4: unexpected event 0x09 length: 13 > 3
[  665.244935][ T5227] Bluetooth: hci1: command tx timeout
[  665.389718][   T35] bridge_slave_1: left allmulticast mode
[  665.395508][   T35] bridge_slave_1: left promiscuous mode
[  665.401399][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  665.410186][   T35] bridge_slave_0: left allmulticast mode
[  665.415874][   T35] bridge_slave_0: left promiscuous mode
[  665.436349][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  665.891916][T11581] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1659'.
[  666.538935][ T5264] usb 2-1: new high-speed USB device number 61 using dummy_hcd
[  666.728961][ T5264] usb 2-1: Using ep0 maxpacket: 16
[  666.737459][ T5264] usb 2-1: New USB device found, idVendor=14aa, idProduct=022b, bcdDevice=8e.53
[  666.746697][ T5264] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  666.754715][ T5264] usb 2-1: Product: syz
[  666.760319][ T5264] usb 2-1: Manufacturer: syz
[  666.764934][ T5264] usb 2-1: SerialNumber: syz
[  666.772066][ T5264] usb 2-1: config 0 descriptor??
[  666.782026][ T5264] dvb-usb: found a 'WideView WT-220U PenType Receiver (based on ZL353)' in warm state.
[  666.791794][ T5264] dvb-usb: bulk message failed: -22 (2/0)
[  666.797574][ T5264] dvb-usb: WideView WT-220U PenType Receiver (based on ZL353) error while loading driver (-22)
[  666.989478][ T5264] usb 2-1: USB disconnect, device number 61
[  667.130108][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  667.142452][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  667.152727][   T35] bond0 (unregistering): Released all slaves
[  667.176847][T11361] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  667.223590][T11361] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  667.296039][T11361] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  667.302909][   T35] tipc: Left network mode
[  667.344037][T11361] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  667.553607][ T5227] Bluetooth: hci1: command tx timeout
[  668.933704][T11541] chnl_net:caif_netlink_parms(): no params data found
[  668.995088][   T35] hsr_slave_0: left promiscuous mode
[  669.009982][   T35] hsr_slave_1: left promiscuous mode
[  669.639496][ T5227] Bluetooth: hci1: command tx timeout
[  669.717398][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  669.725217][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  669.736272][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  669.768982][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  669.830790][   T35] veth1_macvtap: left promiscuous mode
[  669.839667][   T35] veth0_macvtap: left promiscuous mode
[  669.847936][   T35] veth1_vlan: left promiscuous mode
[  669.865853][   T35] veth0_vlan: left promiscuous mode
[  670.264458][T11616] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1666'.
[  670.812091][   T30] INFO: task syz.2.1277:10219 blocked for more than 143 seconds.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  670.897337][   T30]       Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  671.049458][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  671.058168][   T30] task:syz.2.1277      state:D stack:23376 pid:10219 tgid:10219 ppid:5221   flags:0x00004004
[  671.074846][   T30] Call Trace:
[  671.078162][   T30]  <TASK>
[  671.081189][   T30]  __schedule+0x17ae/0x4a10
[  671.085740][   T30]  ? __pfx___schedule+0x10/0x10
[  671.090739][   T30]  ? __pfx_lock_release+0x10/0x10
[  671.095877][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  671.101932][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  671.108283][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  671.113497][   T30]  ? schedule+0x90/0x320
[  671.117762][   T30]  schedule+0x14b/0x320
[  671.122002][   T30]  ? do_exit+0x4ff/0x27f0
[  671.126342][   T30]  do_exit+0x57c/0x27f0
[  671.130922][   T30]  ? __pfx_do_exit+0x10/0x10
[  671.135521][   T30]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  671.141170][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  671.147225][   T30]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  671.154159][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  671.159291][   T30]  do_group_exit+0x207/0x2c0
[  671.163979][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  671.169200][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  671.174441][   T30]  get_signal+0x1695/0x1730
[  671.178962][   T30]  ? __pfx_get_signal+0x10/0x10
[  671.183828][   T30]  arch_do_signal_or_restart+0x96/0x860
[  671.189408][   T30]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  671.195567][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  671.201620][   T30]  ? syscall_exit_to_user_mode+0xa3/0x370
[  671.207338][   T30]  syscall_exit_to_user_mode+0xc9/0x370
[  671.212929][   T30]  do_syscall_64+0x100/0x230
[  671.217529][   T30]  ? clear_bhb_loop+0x35/0x90
[  671.222232][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  671.228114][   T30] RIP: 0033:0x7fc434f77299
[  671.232667][   T30] RSP: 002b:00007ffddb0a84a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  671.243201][   T30] RAX: fffffffffffffdfc RBX: 000000000007db44 RCX: 00007fc434f77299
[  671.251501][   T30] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc435105f8c
[  671.259603][   T30] RBP: 00007fc435105f8c R08: 00007fc435105f80 R09: 00007ffddb0a878f
[  671.267580][   T30] R10: 00007ffddb0a85a0 R11: 0000000000000246 R12: 0000000000000032
[  671.275687][   T30] R13: 00007ffddb0a85a0 R14: 00007ffddb0a85c0 R15: 000000000007db12
[  671.283908][   T30]  </TASK>
[  671.287039][   T30] INFO: task syz.2.1277:10222 blocked for more than 144 seconds.
[  671.295071][   T30]       Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  671.302494][   T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  671.311287][   T30] task:syz.2.1277      state:D stack:21600 pid:10222 tgid:10219 ppid:5221   flags:0x00004004
[  671.321575][   T30] Call Trace:
[  671.328355][   T30]  <TASK>
[  671.331423][   T30]  __schedule+0x17ae/0x4a10
[  671.336095][   T30]  ? __pfx___schedule+0x10/0x10
[  671.341004][   T30]  ? __pfx_lock_release+0x10/0x10
[  671.346060][   T30]  ? schedule+0x90/0x320
[  671.359160][   T30]  schedule+0x14b/0x320
[  671.363376][   T30]  schedule_timeout+0xb0/0x310
[  671.368157][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[  671.374685][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  671.388124][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  671.393556][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  671.398773][   T30]  __wait_for_common+0x3ea/0x6d0
[  671.403965][   T30]  ? __pfx_schedule_timeout+0x10/0x10
[  671.409353][   T30]  ? __pfx___wait_for_common+0x10/0x10
[  671.422574][   T30]  ? _raw_spin_lock_irq+0xdf/0x120
[  671.427709][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  671.441222][   T30]  wait_for_completion_state+0x1c/0x40
[  671.446800][   T30]  do_coredump+0x984/0x2a30
[  671.451567][   T30]  ? __pfx_lock_release+0x10/0x10
[  671.456617][   T30]  ? __kasan_slab_free+0x37/0x60
[  671.470821][   T30]  ? arch_do_signal_or_restart+0x96/0x860
[  671.476591][   T30]  ? __pfx_do_coredump+0x10/0x10
[  671.489329][   T30]  ? _raw_spin_unlock_irq+0x23/0x50
[  671.494733][   T30]  ? lockdep_hardirqs_on+0x99/0x150
[  671.505401][   T30]  get_signal+0x13ee/0x1730
[  671.510026][   T30]  ? _raw_spin_unlock_irqrestore+0x8f/0x140
[  671.515928][   T30]  ? __pfx_get_signal+0x10/0x10
[  671.521331][   T30]  arch_do_signal_or_restart+0x96/0x860
[  671.526907][   T30]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[  671.533162][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  671.539210][   T30]  ? syscall_exit_to_user_mode+0xa3/0x370
[  671.545338][   T30]  syscall_exit_to_user_mode+0xc9/0x370
[  671.551033][   T30]  do_syscall_64+0x100/0x230
[  671.555632][   T30]  ? clear_bhb_loop+0x35/0x90
[  671.560389][   T30]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  671.566294][   T30] RIP: 0033:0x7fc434f77299
[  671.570729][   T30] RSP: 002b:00007fc435cfa048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  671.579148][   T30] RAX: ffffffffffffffda RBX: 00007fc435105f80 RCX: 00007fc434f77299
[  671.587679][   T30] RDX: 0000000000000000 RSI: 0000000020000000 RDI: ffffffffffffff9c
[  671.595790][   T30] RBP: 00007fc434fe48e6 R08: 0000000000000000 R09: 0000000000000000
[  671.603906][   T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  671.611964][   T30] R13: 000000000000000b R14: 00007fc435105f80 R15: 00007ffddb0a8348
[  671.620015][   T30]  </TASK>
[  671.623061][   T30] 
[  671.623061][   T30] Showing all locks held in the system:
[  671.632110][   T30] 1 lock held by khungtaskd/30:
[  671.636988][   T30]  #0: ffffffff8e737660 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0
[  671.648384][   T30] 5 locks held by kworker/u8:2/35:
[  671.653541][   T30]  #0: ffff8880162e3148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  671.664545][   T30]  #1: ffffc90000ab7d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  671.675139][   T30]  #2: ffffffff8fa5f710 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[  671.684701][   T30]  #3: ffffffff8fa6c288 (rtnl_mutex){+.+.}-{3:3}, at: default_device_exit_batch+0xe9/0xa90
[  671.696000][   T30]  #4: ffffffff8e73ca38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830
[  671.707011][   T30] 3 locks held by kworker/u8:3/53:
[  671.713169][   T30]  #0: ffff88802a267948 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  671.725036][   T30]  #1: ffffc90000bd7d00 ((work_completion)(&(&ifa->dad_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  671.737990][   T30]  #2: ffffffff8fa6c288 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_dad_work+0xd0/0x16f0
[  671.747827][   T30] 2 locks held by kworker/u8:7/2481:
[  671.754268][   T30]  #0: ffff8880b923e9d8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140
[  671.764207][   T30]  #1: ffffffff8e737660 (rcu_read_lock){....}-{1:2}, at: bpf_trace_run4+0x244/0x590
[  671.773686][   T30] 2 locks held by getty/4966:
[  671.778340][   T30]  #0: ffff88802ae440a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  671.788102][   T30]  #1: ffffc9000312b2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[  671.798241][   T30] 2 locks held by kworker/1:3/5262:
[  671.803694][   T30]  #0: ffff888015480948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  671.814710][   T30]  #1: ffffc90003ba7d00 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  671.825080][   T30] 3 locks held by kworker/0:6/5267:
[  671.830331][   T30]  #0: ffff888015480948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  671.841352][   T30]  #1: ffffc90003e1fd00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  671.852730][   T30]  #2: ffffffff8fa6c288 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  671.862901][   T30] 3 locks held by kworker/u8:12/7940:
[  671.868263][   T30]  #0: ffff888015489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  671.880605][   T30]  #1: ffffc90009bbfd00 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  671.893330][   T30]  #2: ffff8880635a8768 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: cfg80211_wiphy_work+0xd9/0x490
[  671.903439][   T30] 2 locks held by syz.2.1277/10224:
[  671.908615][   T30]  #0: ffffffff8fad1990 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[  671.916820][   T30]  #1: ffffffff8ea04ce8 (nfsd_mutex){+.+.}-{3:3}, at: nfsd_nl_listener_set_doit+0x12d/0x1a90
[  671.927038][   T30] 1 lock held by syz-executor/11361:
[  671.932438][   T30]  #0: ffffffff8fa6c288 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  671.941941][   T30] 1 lock held by syz-executor/11541:
[  671.947391][   T30]  #0: ffffffff8fa6c288 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  671.956828][   T30] 1 lock held by syz.1.1663/11610:
[  671.966713][   T30]  #0: ffffffff8fa6c288 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x6e6/0xcf0
[  671.976707][   T30] 2 locks held by syz.3.1666/11615:
[  671.982033][   T30]  #0: ffffffff8fad1990 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[  671.990351][   T30]  #1: ffffffff8fa6c288 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5f/0x8b0
[  671.999704][   T30] 2 locks held by syz.3.1666/11616:
[  672.004936][   T30]  #0: ffffffff8fad1990 (cb_lock){++++}-{3:3}, at: genl_rcv+0x19/0x40
[  672.013236][   T30]  #1: ffffffff8fa6c288 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x5f/0x8b0
[  672.023449][   T30] 4 locks held by syz.2.1667/11618:
[  672.028657][   T30]  #0: ffff888018ed8d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_unregister_dev+0x203/0x510
[  672.038610][   T30]  #1: ffff888018ed8078 (&hdev->lock){+.+.}-{3:3}, at: hci_dev_close_sync+0x572/0x11a0
[  672.048625][   T30]  #2: ffffffff8fbd7a68 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_hash_flush+0xa6/0x240
[  672.059439][   T30]  #3: ffffffff8e73ca38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x451/0x830
[  672.070652][   T30] 
[  672.073071][   T30] =============================================
[  672.073071][   T30] 
[  672.094574][   T30] NMI backtrace for cpu 0
[  672.098923][   T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  672.109078][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  672.119123][   T30] Call Trace:
[  672.122397][   T30]  <TASK>
[  672.125317][   T30]  dump_stack_lvl+0x241/0x360
[  672.129994][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  672.135184][   T30]  ? __pfx__printk+0x10/0x10
[  672.139764][   T30]  ? vprintk_emit+0x631/0x770
[  672.144436][   T30]  ? __pfx_vprintk_emit+0x10/0x10
[  672.149457][   T30]  nmi_cpu_backtrace+0x49c/0x4d0
[  672.154401][   T30]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  672.159853][   T30]  ? _printk+0xd5/0x120
[  672.163999][   T30]  ? __pfx__printk+0x10/0x10
[  672.168577][   T30]  ? __wake_up_klogd+0xcc/0x110
[  672.173420][   T30]  ? __pfx__printk+0x10/0x10
[  672.178004][   T30]  ? __rcu_read_unlock+0xa1/0x110
[  672.183020][   T30]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  672.188990][   T30]  nmi_trigger_cpumask_backtrace+0x198/0x320
[  672.194968][   T30]  watchdog+0xfee/0x1030
[  672.199207][   T30]  ? watchdog+0x1ea/0x1030
[  672.203620][   T30]  ? __pfx_watchdog+0x10/0x10
[  672.208292][   T30]  kthread+0x2f0/0x390
[  672.212349][   T30]  ? __pfx_watchdog+0x10/0x10
[  672.217017][   T30]  ? __pfx_kthread+0x10/0x10
[  672.221593][   T30]  ret_from_fork+0x4b/0x80
[  672.226009][   T30]  ? __pfx_kthread+0x10/0x10
[  672.230585][   T30]  ret_from_fork_asm+0x1a/0x30
[  672.235349][   T30]  </TASK>
[  672.238888][   T30] Sending NMI from CPU 0 to CPUs 1:
[  672.244167][    C1] NMI backtrace for cpu 1
[  672.244180][    C1] CPU: 1 UID: 0 PID: 63 Comm: kworker/u8:4 Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  672.244200][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  672.244211][    C1] Workqueue: bat_events batadv_nc_worker
[  672.244232][    C1] RIP: 0010:lock_release+0x62c/0xa30
[  672.244257][    C1] Code: 4c 89 f3 48 c1 eb 03 42 80 3c 3b 00 74 08 4c 89 f7 e8 a8 c0 87 00 48 c7 84 24 90 00 00 00 00 00 00 00 9c 8f 84 24 90 00 00 00 <42> 80 3c 3b 00 74 08 4c 89 f7 e8 95 bf 87 00 f6 84 24 91 00 00 00
[  672.244272][    C1] RSP: 0018:ffffc900015e7a20 EFLAGS: 00000046
[  672.244286][    C1] RAX: 0000000000000001 RBX: 1ffff920002bcf56 RCX: ffffc900015e7a03
[  672.244299][    C1] RDX: 0000000000000002 RSI: ffffffff8beae720 RDI: ffffffff8c3f9560
[  672.244311][    C1] RBP: ffffc900015e7b48 R08: ffffffff8ff65cef R09: 1ffffffff1fecb9d
[  672.244324][    C1] R10: dffffc0000000000 R11: fffffbfff1fecb9e R12: 1ffff920002bcf50
[  672.244337][    C1] R13: 0000000000000246 R14: ffffc900015e7ab0 R15: dffffc0000000000
[  672.244349][    C1] FS:  0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000
[  672.244364][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  672.244376][    C1] CR2: 0000000000000000 CR3: 000000000e534000 CR4: 00000000003506f0
[  672.244390][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  672.244400][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  672.244411][    C1] Call Trace:
[  672.244423][    C1]  <NMI>
[  672.244430][    C1]  ? nmi_cpu_backtrace+0x3c2/0x4d0
[  672.244453][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  672.244477][    C1]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  672.244504][    C1]  ? nmi_handle+0x2a/0x5a0
[  672.244529][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  672.244549][    C1]  ? nmi_handle+0x14f/0x5a0
[  672.244565][    C1]  ? nmi_handle+0x2a/0x5a0
[  672.244581][    C1]  ? lock_release+0x62c/0xa30
[  672.244602][    C1]  ? default_do_nmi+0x63/0x160
[  672.244628][    C1]  ? exc_nmi+0x123/0x1f0
[  672.244650][    C1]  ? end_repeat_nmi+0xf/0x53
[  672.244678][    C1]  ? lock_release+0x62c/0xa30
[  672.244700][    C1]  ? lock_release+0x62c/0xa30
[  672.244723][    C1]  ? lock_release+0x62c/0xa30
[  672.244744][    C1]  </NMI>
[  672.244750][    C1]  <TASK>
[  672.244760][    C1]  ? batadv_nc_worker+0xcb/0x610
[  672.244777][    C1]  ? __pfx_lock_release+0x10/0x10
[  672.244801][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  672.244825][    C1]  ? batadv_nc_worker+0xcb/0x610
[  672.244843][    C1]  batadv_nc_worker+0x28b/0x610
[  672.244860][    C1]  ? batadv_nc_worker+0xcb/0x610
[  672.244877][    C1]  ? process_scheduled_works+0x945/0x1830
[  672.244898][    C1]  process_scheduled_works+0xa2c/0x1830
[  672.244934][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  672.244960][    C1]  ? assign_work+0x364/0x3d0
[  672.244983][    C1]  worker_thread+0x86d/0xd40
[  672.245012][    C1]  ? __kthread_parkme+0x169/0x1d0
[  672.245051][    C1]  ? __pfx_worker_thread+0x10/0x10
[  672.245072][    C1]  kthread+0x2f0/0x390
[  672.245087][    C1]  ? __pfx_worker_thread+0x10/0x10
[  672.245107][    C1]  ? __pfx_kthread+0x10/0x10
[  672.245123][    C1]  ret_from_fork+0x4b/0x80
[  672.245144][    C1]  ? __pfx_kthread+0x10/0x10
[  672.245159][    C1]  ret_from_fork_asm+0x1a/0x30
[  672.245193][    C1]  </TASK>
[  672.248188][   T30] Kernel panic - not syncing: hung_task: blocked tasks
[  672.570548][   T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.10.0-syzkaller-12710-g3a7e02c040b1 #0
[  672.580707][   T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
[  672.590766][   T30] Call Trace:
[  672.594039][   T30]  <TASK>
[  672.596953][   T30]  dump_stack_lvl+0x241/0x360
[  672.601632][   T30]  ? __pfx_dump_stack_lvl+0x10/0x10
[  672.606831][   T30]  ? __pfx__printk+0x10/0x10
[  672.611424][   T30]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  672.617411][   T30]  ? vscnprintf+0x5d/0x90
[  672.621748][   T30]  panic+0x349/0x860
[  672.625644][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  672.631881][   T30]  ? __pfx_panic+0x10/0x10
[  672.636275][   T30]  ? tick_nohz_tick_stopped+0x82/0xb0
[  672.641641][   T30]  ? __irq_work_queue_local+0x137/0x410
[  672.647186][   T30]  ? preempt_schedule_thunk+0x1a/0x30
[  672.652541][   T30]  ? nmi_trigger_cpumask_backtrace+0x244/0x320
[  672.658683][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d4/0x320
[  672.664995][   T30]  ? nmi_trigger_cpumask_backtrace+0x2d9/0x320
[  672.671160][   T30]  watchdog+0x102d/0x1030
[  672.675502][   T30]  ? watchdog+0x1ea/0x1030
[  672.679917][   T30]  ? __pfx_watchdog+0x10/0x10
[  672.684603][   T30]  kthread+0x2f0/0x390
[  672.688666][   T30]  ? __pfx_watchdog+0x10/0x10
[  672.693331][   T30]  ? __pfx_kthread+0x10/0x10
[  672.697899][   T30]  ret_from_fork+0x4b/0x80
[  672.702308][   T30]  ? __pfx_kthread+0x10/0x10
[  672.706893][   T30]  ret_from_fork_asm+0x1a/0x30
[  672.711652][   T30]  </TASK>
[  672.714869][   T30] Kernel Offset: disabled
[  672.719180][   T30] Rebooting in 86400 seconds..