last executing test programs:

18.257849421s ago: executing program 1 (id=2319):
memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0)
ioctl$SOUND_MIXER_READ_DEVMASK(0xffffffffffffffff, 0x80044dfe, &(0x7f00000000c0))
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x3a, 0x301, 0x70bd20, 0xfffffffc, {0x4}}, 0x14}}, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(&(0x7f0000000140)=@loop={'/dev/loop', 0x0}, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x2209006, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x1, 0x56d, 0x2}, 0x50)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x19, 0x4, 0x4, 0x4, 0x0, 0x1, 0xfffffffc}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000010000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800002c0000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b70400000000000085000000330000009500000000000000", @ANYRES32=r3, @ANYBLOB="000000000000000000001100"/22, @ANYRESHEX=r3, @ANYRES32=r0, @ANYRES16=r2], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc83, 0x0, 0x0, 0x0, 0xc00000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r4, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
recvmsg(r1, &(0x7f0000000f00)={0x0, 0x0, 0x0}, 0x100)
syz_emit_ethernet(0x86, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x3, 0x1, "56805c734ee222c29de4125f81f6e030a5441a99f362cd24e0a1ac2291500733", "467f517bd818d5a4a8d26ae61b4cbf13", {"31ffc21d2e9bfb1eb3c03976ed837b6f", "876605ac29dcb96a8901e0711afb3db3"}}}}}}}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x6c}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x5, 0x0, 0x0, 0x60ff78ce1cb3c070}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={0xffffffffffffffff, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

16.965332384s ago: executing program 1 (id=2322):
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{0x77359400}, {0x77359400}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
fcntl$lock(r1, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
utimes(&(0x7f0000000280)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/../file0\x00', 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="040000000400000004"], 0x48)
r3 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_int(r3, 0x107, 0x9, &(0x7f0000000000), 0x4)
cachestat(r3, &(0x7f0000000580)={0x4, 0x2}, &(0x7f00000005c0), 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r4, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="780000000007010100000000000000c208000540000000000900010073797a30000000000c000240e8565724310c80020c00034000000004000000204afd0609000000000300000408000540000000010c0b03400000da9a000000ff0900010073797a3000000000"], 0x78}, 0x1, 0x0, 0x0, 0x20000010}, 0x4084)
r5 = socket(0x1d, 0x1, 0x20004)
setsockopt$inet6_group_source_req(r5, 0x29, 0x2e, &(0x7f00000001c0)={0x3, {{0xa, 0x4e24, 0x2, @mcast1, 0xff7ffffd}}, {{0xa, 0x4e08, 0x4a3, @local, 0x4f1}}}, 0x108)
setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f0000000d40)=ANY=[@ANYBLOB="030000000a004e230000000cff010000000000000000000000000001f8ffffff00"/48], 0x210)
r6 = syz_genetlink_get_family_id$tipc(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_GET_NODES(r5, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x1c, r6, 0x100, 0x70bd29, 0x25dfdbff, {}, ["", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x8800)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000540)={'syztnl2\x00', &(0x7f00000004c0)={'syztnl2\x00', <r7=>0x0, 0x4, 0xa3, 0x3, 0x575, 0x0, @mcast1, @mcast1, 0x1, 0x7800, 0x431b17bf, 0x7a3e}})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', r7, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r8 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r8, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
r9 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r9, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c)
bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94)
r10 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r10, 0x0, 0x0)

14.860392716s ago: executing program 1 (id=2329):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0), 0x88002, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
dup(r1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
userfaultfd(0x80001)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0a00000016000000b30000007f"], 0x48)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r6}, @generic={0x66}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2}, 0x94)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r7, 0x58, &(0x7f0000000500)}, 0x10)

11.548586287s ago: executing program 1 (id=2337):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
chdir(&(0x7f0000000100)='./file0\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuset.effective_cpus\x00', 0x275a, 0x0)
pwritev2(r0, &(0x7f0000000980)=[{&(0x7f0000000500)="be", 0x20013}], 0x1, 0x5, 0xa, 0x14)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, 0x0)
r1 = getpid()
r2 = syz_pidfd_open(r1, 0x0)
setns(r2, 0x24020000)
mount(0x0, &(0x7f00000002c0)='.\x00', 0x0, 0x22, 0x0)
r3 = syz_clone(0xb2b60000, 0x0, 0xfffffffffffffcd1, 0x0, 0x0, 0x0)
r4 = syz_pidfd_open(r3, 0x0)
setns(r4, 0x24020000)
mount(0x0, &(0x7f0000000040)='.\x00', 0x0, 0x11828, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
r7 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0x7ffe}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq_codel={{0xd}, {0x14, 0x2, [@TCA_FQ_CODEL_LIMIT={0x8, 0x2, 0x8}, @TCA_FQ_CODEL_CE_THRESHOLD_SELECTOR={0x5, 0xa, 0x84}]}}]}, 0x48}}, 0x40)
sendmsg$nl_route_sched(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000780)=@newtfilter={0x44, 0x2c, 0xd27, 0x170bd2b, 0x2, {0x0, 0x0, 0x0, r8, {0x0, 0x10}, {}, {0x8, 0xffe0}}, [@filter_kind_options=@f_flow={{0x9}, {0x3, 0x2, [@TCA_FLOW_MODE={0x8, 0x2, 0x1}, @TCA_FLOW_KEYS={0x8, 0x1, 0x13c16}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x884}, 0x2)
close(r6)
socket(0x10, 0x3, 0x0)
ioctl$SIOCSIFHWADDR(r6, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
r9 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r9, 0x107, 0xf, &(0x7f0000000600), 0x56)
sendmsg$kcm(r9, &(0x7f0000000280)={&(0x7f0000000540)=@xdp={0x2c, 0x0, r8, 0x42}, 0x80, &(0x7f00000000c0)=[{&(0x7f00000002c0)="27030200dc0f14000e00073c001400004000ff1100000066c1532cc10200000003125ce882cbf490d90812533f00", 0x2e}], 0x1}, 0x4005)

10.617719312s ago: executing program 1 (id=2339):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
fcntl$addseals(r0, 0x409, 0x1)
ioctl$KVM_CAP_VM_DISABLE_NX_HUGE_PAGES(r2, 0x4068aea3, &(0x7f0000000040))
sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000005d00)={0x114, 0x2e, 0x1, 0x0, 0x25dfdbfb, "", [@nested={0x104, 0x117, 0x0, 0x1, [@typed={0xc, 0x16, 0x0, 0x0, @u64=0xfac06}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @empty}}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f00ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817c8a66c29be82", @typed={0x4, 0xeb}]}]}, 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)

10.617304214s ago: executing program 2 (id=2340):
socket$inet(0x2, 0x802, 0x1)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYRESDEC=0x0], 0xa8}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x48})
socket$netlink(0x10, 0x3, 0x0)
add_key(&(0x7f0000000140)='syzkaller\x00', &(0x7f0000000180), &(0x7f0000000300)="0fbc0c33530bde30697af232e6c80b41a26c09", 0x13, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000003c0)=@bpf_lsm={0x1e, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000005c0)=ANY=[@ANYRES32, @ANYRES32=r1, @ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00', @ANYRES32, @ANYBLOB="ef3247f3bd5ffd73956aec48c90ecd2153ae5f47bf710a4ff13a150cfd4240ccbbf3561fe60d1de72b01d3c661f0efbcc416b7807bf7fe98c169c75fcb55f94b0102d1145c05a04cca19d04732afc9491cdc1f73682b3b33a28c582178fcc463037c876eaacb34c476e39d076b6cba0b349abf3d9db5d1b4ef7badfec8f8346cab8d4dc737527326023a9997048b35d90f82ab3f36b4f999b8c3696585f2bd2d0c987774d5b84afe612b606bca855361e56df1dd38b9eea1b7f46377cdbe002d9a936344e70269cbc0afb4d8a44b551ffa5c43da3901d63ec3e4aec366bf412c769f13dd760b6f1767eff4c497fc97ec4c39d135badae9125b9ad5c045510d8d62d85170ec8bc72d1adb738e7de9433d83547bb3d60c70a1e0ac1065c6008bd8aae04cb59be937a43fdf1e5abc9fe599d223bbc54a6f92e3a4fa058528475bc9dd1e3b4baf196474d9912d2eb011e3515b724e351a4fe38694351a022a42528c93d6095aff1c8b8185496df899ea62629911cf5c6331f7", @ANYRES32=r1, @ANYBLOB, @ANYRES64=0x0], 0x20)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x3, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18020000ff0700ff00000000fe01000085000000180000009500000000000000"], &(0x7f0000000180)='GPL\x00', 0xffffffff, 0x0, 0x0, 0x41100, 0x46, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
socket$qrtr(0x2a, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1f, 0x5, &(0x7f0000000bc0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
syz_emit_ethernet(0x74, &(0x7f0000000780)=ANY=[@ANYBLOB="0180ac5ecebe0000000000000800450300ac1414aa00000000fe9a90780200000000000000da670fd25e9f11fa4668f00d489bcc02be18654267ab40cffcb9b6e9e1c2ad62fcb15e5efc1098e51b2da7e83e44c1534b21dcc423d0a1c498e5ba2126eb3fac60f9c228bc83131fdb0946df885cdf1bdb6c5c3d8dbe"], 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000001c0)={0x7, 0x0, 0x20d, 0x45a, 0x5, 0x38, 0x7, 0xe79}, &(0x7f0000000340)=0x20)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
fcntl$dupfd(0xffffffffffffffff, 0x2, 0xffffffffffffffff)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0301, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000001340))
ioctl$SNDCTL_DSP_CHANNELS(r3, 0xc0045006, &(0x7f0000000180)=0x6f)
write$dsp(r3, &(0x7f00000012c0)="a52876830a602214f6b4e928d758f38a5a7cb4b31c4c09289e9ebb6286784ca3", 0x4000)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x3, 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)

10.037772783s ago: executing program 1 (id=2342):
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000100)={0x6}, 0x8)
r0 = socket$kcm(0xa, 0x1, 0x0)
close(0x3)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x23000, 0x1000, 0x0, 0x3}, 0x20)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x141040, 0x42)
mount(&(0x7f0000000000)=@sr0, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x100080f, 0x0)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
r2 = socket$kcm(0x2a, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x1, 0xfffffffb)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r4=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff)
fcntl$dupfd(r2, 0x406, r2)
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40811}, 0x20)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r8, 0x4188aec6, &(0x7f0000000040))
dup2(r7, r8)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x4})
r9 = openat$ndctl0(0xffffffffffffff9c, &(0x7f0000000040), 0x2103, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(r9, 0xc008640a, &(0x7f0000000140))
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f00000001c0))
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x2, 0x24, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000005000000000000000200000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018000000ffffffff000000000600000018210000", @ANYRES32=r9, @ANYBLOB="00000000070300ec99b6d92448594754b40000305ce39400000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000950000000000000018270000", @ANYRES32=r9, @ANYBLOB="00000000e50500001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000010000008500000006000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r6, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40088d1}, 0x10)
bind$xdp(r1, &(0x7f0000000180)={0x2c, 0x2, r4, 0xfffffffd}, 0x10)
recvmsg$kcm(r0, &(0x7f0000001ec0)={0x0, 0x0, 0x0}, 0x102)

9.913982421s ago: executing program 32 (id=2342):
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000100)={0x6}, 0x8)
r0 = socket$kcm(0xa, 0x1, 0x0)
close(0x3)
r1 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x23000, 0x1000, 0x0, 0x3}, 0x20)
setsockopt$XDP_UMEM_COMPLETION_RING(r1, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4)
openat$dir(0xffffffffffffff9c, &(0x7f0000001a00)='./file1\x00', 0x141040, 0x42)
mount(&(0x7f0000000000)=@sr0, &(0x7f0000004a00)='./file1\x00', &(0x7f0000000040)='udf\x00', 0x100080f, 0x0)
setsockopt$XDP_RX_RING(r1, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4)
r2 = socket$kcm(0x2a, 0x2, 0x0)
r3 = socket$inet6(0xa, 0x1, 0xfffffffb)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r4=>0x0})
setsockopt$XDP_UMEM_FILL_RING(r1, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff)
fcntl$dupfd(r2, 0x406, r2)
sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40811}, 0x20)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
ioctl$KVM_SET_CLOCK(r8, 0x4188aec6, &(0x7f0000000040))
dup2(r7, r8)
fcntl$lock(0xffffffffffffffff, 0x7, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x4})
r9 = openat$ndctl0(0xffffffffffffff9c, &(0x7f0000000040), 0x2103, 0x0)
ioctl$DRM_IOCTL_GEM_FLINK(r9, 0xc008640a, &(0x7f0000000140))
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f00000001c0))
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x2, 0x24, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000005000000000000000200000018110000", @ANYRES32=r9, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018000000ffffffff000000000600000018210000", @ANYRES32=r9, @ANYBLOB="00000000070300ec99b6d92448594754b40000305ce39400000018120000", @ANYRES32=r9, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000950000000000000018270000", @ANYRES32=r9, @ANYBLOB="00000000e50500001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000010000008500000006000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000600)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r6, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40088d1}, 0x10)
bind$xdp(r1, &(0x7f0000000180)={0x2c, 0x2, r4, 0xfffffffd}, 0x10)
recvmsg$kcm(r0, &(0x7f0000001ec0)={0x0, 0x0, 0x0}, 0x102)

8.056182156s ago: executing program 2 (id=2349):
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000001300)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x43f9}}, './file0\x00'})
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000340)=@newqdisc={0x84, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x54, 0x2, {{0x3, 0x7, 0x9b, 0x5, 0xffffffff, 0x6}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0x7ff, 0x100000000, 0x6eb, 0x0, 0x7, 0x2c0b}}, @TCA_NETEM_CORRUPT={0xc, 0x4, {0x40000000, 0x6}}]}}}]}, 0x84}, 0x1, 0x0, 0x0, 0x240080c1}, 0x0)
connect$can_bcm(r0, &(0x7f0000001340)={0x1d, r3}, 0x10)
r4 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000240), 0x80040, 0x0)
ioctl$RFKILL_IOCTL_NOINPUT(r4, 0x5218)
r5 = socket$vsock_stream(0x28, 0x1, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000008c0)={'bridge_slave_1\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=ANY=[@ANYBLOB="300000007100250428bd70507f00000007000000", @ANYRES32=r7, @ANYBLOB="0c00018008000100c10001080c000180a9000100020001006bd0b5a41f302f725aee1e334e7d4903112c45af32"], 0x30}, 0x1, 0x0, 0x0, 0x4000001}, 0x4040010)
connect$vsock_stream(r5, &(0x7f0000000040)={0x28, 0x0, 0xffffffff, @hyper}, 0x10)
connect$vsock_stream(r5, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10)
unshare(0x62040200)
ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000001440)={0x9, 0x76, 0x2})
r8 = openat$vimc0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$VIDIOC_DQBUF(r8, 0xc0585611, &(0x7f0000000400)=@multiplanar_overlay={0xe2, 0xa, 0x4, 0x2, 0x2004, {}, {0x1, 0x0, 0x6, 0x20, 0x6, 0x6, "5abfca90"}, 0xfffffff7, 0x3, {0x0}, 0xffffffff})
syz_usb_connect(0x2, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201100131f3d840e11d02c19dfb010203010902"], 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001380)=ANY=[@ANYBLOB="240000001800090000000000000000001c140000fe000001000000000800010000000400460d6351097c1ba0098aae2d8192752b0d693f1b9a4e2f1cd923bd36d6a42b90bda2cc7e555c50c25f2dfdf2dbed95118a51e079984f1790b151e1f5a4a16bbb790293c93df36885ee85d0baaaace01f180adb212b5cc9e14cdbaff3be63b30b9286e25700042808045eef122c807831d250720e0dac35f938bf9b0756a923b08b699578f5bdd0ec9b60f40e5598"], 0x24}}, 0x0)
r10 = socket$inet(0xa, 0x80000, 0x27f)
ioprio_set$uid(0x3, 0x0, 0x0)
add_key(0x0, &(0x7f0000000280)={'syz', 0x1}, &(0x7f00000002c0)="1d", 0x1, 0xfffffffffffffffe)
getsockopt$IPT_SO_GET_INFO(r10, 0x29, 0x40, &(0x7f0000000000)={'security\x00', 0x0, [0x8, 0x6, 0x3, 0xffffdffe, 0xb]}, &(0x7f0000000200)=0x54)
r11 = socket(0x11, 0x80005, 0x0)
sendto$inet6(r11, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback, 0xeede}, 0x1c)
sendmsg$DCCPDIAG_GETSOCK(r11, &(0x7f00000012c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000001280)={&(0x7f0000001480)=ANY=[@ANYBLOB="e8110000130000002bbd7000fcdbdf25220c02004e204e24000000000900000047b500000000000003000000080000000002000006000000", @ANYRES32=0x0, @ANYBLOB="01800000010000000000000300006022c90001005eab08bd4d506d18bc4d34df69e901dfa844a6e9b29507b32f57d20f389a4a9c0802d494de1ae897782ddd6b74f48dee74bbd71c430586815c0e61e863674d3c7c604d3e9123b3e0f6485dd25f444466fd020fb03efb8443c0e45fee0f2f43ca25d4ece53c3d14ef49bf05183da8a6b48a14f404cbd155f2b4e79c21529f9594e4a03608e885ae0e8fc43d75f7adda4162e1befd4e5cbe0e63775a626cd25776ef77920f9aaa8139df54aa93ad6a481fe5ad0c23bf20c875da824ba7f108eb8342ca928889000000cc00010024b039586c74fe8724cc465a96e3cfd8ed28138d355b09e92074c5d35dfd7632eb265b2090358439bea2d1f600cddd9c7ca6e6ae9b566532ef2a2952771373dda1b54387d93dfa8dbc2aac62d798931671e6f6627a4561c580da323cb675c1977183a201bdcacf4609a651140a78f9f1536d26a3eec92a95b4cbf88fb2fd6e2b745de93f29ca1a72fe239b65ff357c3c0eb04f3efcaee3bc16440b034ee0c1ada9dc3a23db95a9df4f0972baa4d8d1f52de4d98df20b42fd6ee2237f96547347e3399493f572bf5e04100100688972e4d80f10062035be4a25978300254dee1957217e0660951e8e20a7156083a28922702e5a22c06796d77cf26cf9ed553aeef0e2bbc8ba8939e25cea47f0b0c459a781073f90822ef04799f7e2c94b898aa986b24cd41562467a63bfee657769159458b0287490020078cb0b249cbac3e8eb25f80c2b9995dc8c15aa0b0911ea8e2d749833652426b650c10a417b1466e9eafbff87c996ab783f94312e75d9eca68f3ddba24e7d3f58af4197791d508a4e02e6e061eec05a4b801d24d7eeac03d44101af9ed5d3d8c04f90b3214d695ba5f7b12fe74054cc6eac4cbf32a6b3d1e64427d62bde693ebd6af20932d2b53c6a2172c802ade35f407369a4dca4b65bab4a86d01055c0fdef88699faa031e3ae9b6293f0c1315d174bacf6858685f135d1e5d214753f246d25ba20ff0d4659be032c924b96e17c532682c6ea753950fa8d98384c75bffc271be916a790b2d25bb0781c269214f807c4d05a75a5924adf55d00fda1c36724fdf1fb9d9e42100a1780dc7896d580b3c1204140e6a6e761b5f0d6a93ad6bd211f215eb8bb54d2369bc885e10c31ed48f2fcaa58ed1154018ffd77315a91b3b6203e13f12fa4a8c51302afce1027883ce229a6426456b9cd3134b18236c621b08575d294384acc4eb818c9dbed99628f026cb1684bb463da429b592b744905d4a6a0e90234f43d24558945e4a1fb2473e50e7ffc812bc308aa90c460912d43972a39031ba24ad02ab9948ab09b2bc8bf218bed69d5263f2deb39f525edefcf2b1680bd1d491a1509ef974238b7f132424f441546e7c2ca9380b9c0bb2ffc6b85a755e7c2c31a9b79493c6d79f786ba637931724c2be1949f0a941692c98a570ecba1e489a87fa713c74d7e7e04025985b21d9811fd21e59a2d87ae379b563c178b3e12ad39d3fc224fa6d39171f460f7047b0ca5a96b192cdd1ccfc5718f5fdd8f8bf38d21399adfaa15afc30670f3fa3084fd0157a60ebe596cb2d743a02988b4ad34cade1e1aa1b8562cbeadcf5bfe3c9a20de9e49355a7b2db1fc4011bf18e0c477f3e45f1a4cc53e9be1f50bf57e143ad117780de1e4b49264e8321e3a7c2226a6f81ad1b6120b9170254f52878f18485edb0a4f4da56cba4429866e03880eb23e0eb63e82e5249c69dc6642bc3ed8623ff0c3fcebfc4d166e6e16202fefac414d48189dff34b4f281c269125babf910fac367797646c4d00d7dceb884aaece3d11d4f4a1c7e5633d423a5de5ccbc89a0a3df108930532246fc5d2f6482be1552d89e563bdc5ccf6ac67a5b21b6f7fb8adb901cfe3a4fbd32a9aed70b7d2b695e685b1d690d5335fdf39e6c110dc2b95334ee746e6903cab1351876d95f1eb2c219c4468b1253e36e448adc354eaa8f5ed1b71c57fd0928eff67946bf17a209b53db33707fd022000ebd2e2e5ab1158b1c64043861a9493d6ff572a8c116bd282c00bb21d3f5e66361740fbb5a1ca5c9680a4fd39fe846bc13a7eb71020d04ebdd9625d69d06bd359531c2e9fe05f4c01a89c31919c5817ec8de266c1763dec16573e50121408593fa0f693b9415fe2b3ecf74dca5aac5785312f0adaa85e4fd2b9c0e37a330db4e81a9a99777a535d94da6448f7707b74b59c113740a724b86b753570711829d745d26b704389770f79b144cb0f63d7e8db2db631037c2c4677b70d49c482ce1694c2220a7d4310428e1126746769a6a4af1a8c43dcfdb7e0f1edbce8f5aaeddbb2a17d3e1f3480e843d1ebe2a02deaded6d809feadbdf29bba327ef6ee7cf766520715bf562f5f62c41fc464d9d5cedf2c5804d8e0cea3d09183e9e9f170cbff900756566a3f29aba2984a6c9df2c61993ba41538430fc9da9346286974573e737ac177476f3ea824ca7bdf5a3118336e31d6438202deca6bb3fee9de66df031c60bee91bea2c9eb0d8de81c6e6d5d3ea7b2d2ea3b7b73ba42458a12beeb13b359ea365783cc3ce43d836eb5cdc0fea20780718ac1f865773e804e5c6759ca42028bf04d0b2e2d58a777b5042035f990ce27447e7f3e5d8bd3fb3b14be4aa3000501ceebfbc31d3bf2ae2e94be30dfceee71bdaa451c014d646315c84c4cdce3e6e968720089775894d0fe361948cd24d81fc0e9b0dd49d3c0e23827befcfd559551232ba595a98d675a4f6d212e3a3a1ff0de213c8188bddb2f2d3d722d0bccc2bac415d6a377f7058ff85852f54b8d34a88e3fb578e1fbb576eed57ef1e6346e2e8686923ec04b7f5050ca83a07e63eda0f2c68c18fd9fbfffeec5e2b5418422c5f059d341769e6d0b8374b88b01c7212d367aa31a754cbb093ff54bccd39345f8be889c05d80a4ae732b4013356d4edd8914678540aeabd9fe0c89629a4580523af016b2134772fdab1eff8bf61b6cff4e2b1b3391a33bfe5c7d728389f3941b4cafdcfcf210168db49057f5aa23831340c99944a12fff5b391a8d7bbe5c7d9890b2524a8699627c8ac1d38b7c182800820b9193541e2cdda416f5e332002f74380146327dcb38505ad378b86e5c8735b9236a7d1ec113464a413ffef44cf0c320b4b644cc416def19384a728c1bae75f0e91038e9479d4c268edf330d0fe2ea9d6ad64366135cd91598f0369c0cd0c681d343494ca8a7dee473f477b06c06b036058f5eb8bb1af8464b89bb1846dec27aee1188712182256e574f5747a91de8783a0a9dcb627d50575ddf811d6674d874c32c988a3714ebd7dda09752a9e81054d083a62d647927b9583da19608765695bcf2f57c7ffa71e78a84de8e127b2be8691647d1417b1a8023634756736ec24af066933896346f2edf7e0830e0c12778b8055c13e407354796f79d66ded484b03cd1d8a2fa8266625036702f9d40e70452be7369df95a82de71a547d3ee3a3bb1ff42b0b3b0bec02a5b823e86eaca32378e09b50ddecf63095244dfae3330b9dc5067759a2879e4c9efc1741cb8944fc10f2a8ad7294ad2f87236b055a90dff83977abe0a222805b9187c00bf561e3f83c2c9de1221d4cd5b686d81a516c139249cda7e9956d0dcc1d6d5a78e5728a03d7584907e27a81aaf386a3101bf4a5cc739199bc86b9ec3daf4cfee463495d41dee7199c422d19f77f17a77d9083f83cbc92138029647713188391bad835d65c33f00a5f634fb3a8321235fa01254f92939bbe9b9df20f1ad4df30818bd2faabd3b0c313dc45a89a6ef3b4767fbd4b3be03d460abebe0542d0f991e2e6300f75c6efe52014f82e8461dc2c8b9c9c8f1320864f16a4ddf2259f6aa348115a2f52981be73c22c8c07c5a9b62476c81ed6dbcbd82ca50392610bd11e3a9777bc4bef00f8c11bb1f11601f29793069cb0c508da446c7da4f38c3246b556c35cec8e03f6cf47719f37c54d449f61d932a1b0763b94b5ff469678e15b57b240b148cc8498d9ae8578587451790fa76265a627414104190a52ea010892693b3f2059210a3b6f8ad1960cf842de6e80ab52acb31842733c14420128cecf7c7148440bafdcb1b4ace9b21aac29dd39cd8989bafc46dbb622ce188be0bf88a5adf17ea9d899c30672019ed4a6cf956fd97f56446bdd76b3bfb27c71c853b06455d5e8f111bbf876bab83e5775e7f728f9a593dc6cb67bc6c651a85dfb809406b3f07c884f92967579192bf5d1589e7c016b7d3a41fb92b537e7191f69ffb63cb430893faa57319d066d28581bc085b77c27dfc2b0090c9b18793218162968f59167150cf5e0e000d265c827c1fde79e89450d98ae7d56b772f8205f6220df83265c9374e94e7fe0a284beb99fdb262af5e5816b252cec0e63c70f6d125422ed1c5006b567266bdbeb324525d2833f52cee43d2fecb874e979acf9abc600cedf1de6c9823085e220956de91f6c913c412188097d303cb7305e03ca8eec830f84c814a239f861db6c344a66332b1919c9a75d3bdb6101b36edeeda052afab8f83a61e153a525a5f0087d2940bf9c9ce284d6e157ccceaed207940ffbf98fe2112c68cf3099f9bc721ccfb4ce2e12ca3e3b6c64565a1794e703f583a1d932f5ba684be9b17e78d07d3e30c3192c6593b0d94b0053cedae3ba248f25d8c852b59a3d5ef38c71f2f076e9c67fc1a6e33fc31bf6b20064efe45d17b2044ea81c8981c1f9ee7f2c2203bca89af7428250bd703f9fe6b7a40b5169c95a6271fb560f960c27d91cd5a3615bd2a25c8256f14fbb5f3a900cbbe417ad8498035d168293896162bc0bb23e387cc6b08e4cee91aa020a8509879f86c2a981febf461f0c7e8ee91d2d0d601c91655c5c65c4ed05582a6e72dbac97b4975f4668724673bcd8254f8d7b66cd5ac713e3074eaa8a58e0a102ef8bad842a4cd9b14d9e3bcdab9364f708179b5498eaf8a1a2b5b9bd96637ee9c5047ef507b51e9efd5873d9269d241d535701e0f748fc081ce2ce0ed388f2525eaf306f56e40b7866f7e09f676bd80d38da126f8e624e65a8749c3647c44435979cba58d9ae5cdb044b5e79af24aa0222be37f98d573cefaa71626431044a9878cd939fe54d563a1a2beee27eb489b34833e15c182422d09ce0e42e04b186598a24051d656c13e266c4dee5ec81a9d1d08b606ac9e424d3e11b807cf4fb7b1db13b47f388aab0ac48b6846efb89dd67d4bc571c8785ccd2cde95844d26f2eec4134e05f2edd78a2cd5237e92f3429f06fde321ffd7155136bbbcf6ea7b10513935f7a3255a95eaeb3a10b0a9646d2806f88aeb5e24c562f90df9405e16fa57d77a0ea9f1f0befd9dd4ba481ed8fafff34e9a30512bd786344618a246bc2379a43f0a40d55a512a3e2220cc8c7cbc35333b255551447ec89a2a7b77d3b4aefaeef8fa7e01d6069e274a36d2b1859f1ad05c735b4154bcb2c90d2797144ee5f176779194f8e755a31734c4a9459eb6c9681294c0b70628c87fe335753752e8ed5b39b01bc3fd248b1f574a836e39fefe54d1795f70edc55da62286ac224af9c9f84d0ef504f27fcd7d730c49c0676bd750c316769f645524aa48b39d52c6bc97c4e8b61626df14e27343fe5af53697b55c65e0983c18ab01afe4fa82839eb9363807b991636abf6ee6f0bd15202301267d09e12b86ad16f0f3cff8f9cb599505789f72834778cce54efd7fea1846f59c2aa8500073185674b3fa138a9da17fe22dbe080579d7204e1d58bd447fd9012c51557de68d90e113c398cac65a969cdb2dfe1367fa2edf83a27dd7562109f41f8c68ae43fca16010c982e60048f9643b7b184bc3d6934e9c9840307000000000000005910978a7d7713415a1e1d4c3ecb46b298a2f07bdbf37edfd3bfbe4e3cc7b0c50b901e8e37f02692abf0fb28d48681076f6fa66ab75a25c0a11ae6cfb2be5ebbca7ca78b16a6483a94f5a0510e35439fd04db74d806c76926db789b61f11af30e879878fc2eb08186de961dac3067acc7c6fefd56c16dedd3594a9e2bd64efe1e662fb5b7fd80a9645c64d7e4dc4a217929b621a7eb7c5c06e8b2693012513e013afb9445e9c3e471cd110b25c9af68ae42fe5a927349d768b68de03086d000e007ec9f385709ca5fa7bf802a4a5259089341137bcc4de449743ab7be93d3b8e9619ccf81c8919bce356d2b61cb998b02a044abaefdf573cb04d943e9677a0558acffbe2972e2a0e2817634603fec47c7b553ecd75609a200a22e9e1a0727d9b07ade9dc047d9a355c0e09aefd2b5657a629f08870ac9394bec34aecd5d94eb7bb85ba7196472d9f32e60946e61938770a59f202bd89f393cfeee10de7905f90ab41b044d47ea0cde6e3e5178b14c4fb12b1a113a7f6c8cb297c14b068b14d6b12e4c1d2c9c17685fd651a8f9bd0ad16ad12a09b714142bcc80a673c92cfab6e3e9c2358d94668c50f3a57c5aaaeb96999c9fcef09946aee9099545e60f6d1c239aa593a8800d7b97039840d71398e67ae9e6bba071c536f586a2746a8be97c217dbf01728861d78f9eccc252a0b89e923e10134fcfe29c456714abab129828945c109e9681e0e7d20186a635fffc91ca025c75b97524f13cbb51aae5d8dba128a5ed8e6550bd934b18236fd389417fa4c14321b3e8048fa8da3c0448860dd539948b430e622cfcf530d18e10ea365411a49170086fe159c1be05f1f792443907dc0a382cb0fe6be6a5f1235e5d708888ba23b6cb7a6051302734edb"], 0x11e8}, 0x1, 0x0, 0x0, 0x4}, 0x4100)
r12 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
lseek(r12, 0xffffffffffffff80, 0x3)

7.187224006s ago: executing program 0 (id=2353):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mount(0x0, 0x0, 0x0, 0x44021, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140c0000160001030000"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
getsockopt$llc_int(0xffffffffffffffff, 0x10c, 0x2, &(0x7f0000000200), 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000600)={r3, r3, 0x8, 0x0, 0x0, 0x6, 0xfe, 0x10cf, 0x5, 0x5, 0x2, 0x1, 'syz0\x00'})
shutdown(r3, 0x1)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
unshare(0x6a040000)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000002c0)=0x11)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000100)=0x2)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000440)={0x7, 0x9, {0xffffffffffffffff}, {0xee01}, 0x4, 0x8001})
mmap(&(0x7f00005f7000/0x1000)=nil, 0x1000, 0x0, 0x80010, 0xffffffffffffffff, 0xffffd000)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0x5, 0x4, 0x2}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1e, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x80000001}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x94)

6.67715788s ago: executing program 2 (id=2355):
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r0 = socket$inet(0x2, 0x802, 0x1)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x70, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x2}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x48, 0x4, 0x0, 0x1, [{0x44, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x34, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x9}, @NFTA_EXTHDR_FLAGS={0x8, 0x5, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xe4}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe"], 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r3 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x48})
r4 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmmsg$unix(r6, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@rights={{0x10, 0x1, 0x1, [r4]}}], 0x10, 0x8014}}], 0x1, 0x2000c810)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r7 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
r8 = memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x5)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000005c0)=ANY=[@ANYRESDEC=r8, @ANYRESHEX=r8], 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000080)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r9 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0)
read$msr(r9, &(0x7f0000032680)=""/102400, 0x19000)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x10, 0xe, &(0x7f0000000a80)=ANY=[@ANYBLOB="b7000000639d0000bca30000000000002403000030feffff720af0ffa4ffffff71a4f0ff000000001f030000000000002e100200000000002604f8ffffff000414010000000300001d130000000000007a0a00fe0020001f0f14000000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb150c537bf2085651d6dd6ce9bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf0134c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff61623604000000000000006a89adaf17b0a6041bdeebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4136dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91ff073e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b702396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb11883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcd857ab15e355713767c536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ced301efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f40b1888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fc08001011e32f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e3f753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30c1675767999d146aef7799738b292fd64bb25b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963342aece449a0d80010f5c653d22d49030a8c2a4ab000000000000003f8dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc090000000000000061563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9901010000b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba435926b61c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0aa81192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e5789c6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b8074bf7df8b5e783637da740800000000000000c55a4385e9a617aa6c8e10d4202c5afeb06eef98aee88ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a274000000000000000000000000000000000000000000000009dd14b38f2f4426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4100260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06ee0ff698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d34d3757b1450fdb0a9a69f432e277f3a0386eb2bd3305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e913ac1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07618b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e040000003c3ffad44d2a376def42e41e9fc31678257e040fa7cf32c221aaac08000000000000001a00000000000000000000173570f0c11ae694b0f7a4f9c2f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d641ef02e495295d756e110522a7a945b93fb705b95b6aae27a8fb33732ce1da1c0b1af8eb9222a06e984ab1e6984c8bdc12360627137ab67b6b68ab08acb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481efe46a4ce86be0b1d8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0c6cb4bed8594a39bd76d3ef8a7ab014e787596db796bd93a36c2880423291e3bccc86f66ba792ff4d87b3f80e5908779e51c5e9055fc5b23605cd000c723187ef09dcf4b07b06a9342f3f62ee7acddff292082c1f4d8eb9561f80873a09a1ae0c9af1121175e5600f43a1179484502009759264a5729f07c2b218fa36ba2316a99aaad0130df83d0bda1e711290f78c143ea143967b00adcd77e6ad5e48d839ea61aadb83e4d071c54691924a3830d3e7b5c198bb0ed623153590000060000000000004b985ea1702f34f2f85b168c083e810ed567e3f1979b9ed1a4bf6a10dac825c96a0828b335de445a4880bb6474157efd1a72ca46ae4cbe3ab648c9bc4867a5a4cb87d7d6d55475b34b3cb6aa9e2337d4e04a37e35109752522ac9b186ddd80c47da6a2f4ef7bb909c97552606ffff97e86dc995604346262a177b06c634969a31b5717c416f8224662f4dd46d6081cb96dd607410ee222ec8f206c4b74"], &(0x7f00000001c0)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_msg, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0)={0x0, 0x0, 0xfffffffd}, 0x35861afe2a15ad58}, 0x48)
sendmsg$DEVLINK_CMD_SB_TC_POOL_BIND_GET(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)={0x20, r7, 0x1, 0x70bd25, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}, {0x8, 0xb, 0x7}, {0x6, 0x16, 0x6}, {0x5}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000000}, 0x4008850)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f0000000000)=0x4, 0x4)
socket$kcm(0x29, 0x7, 0x0)
write(r0, &(0x7f0000000080)="08008edf773c8000", 0xfd)
r10 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VM(r10, 0xae01, 0x0)
ioctl$KVM_CREATE_VCPU(r11, 0xae41, 0x0)

4.94877351s ago: executing program 4 (id=2360):
memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0)
ioctl$SOUND_MIXER_READ_DEVMASK(0xffffffffffffffff, 0x80044dfe, &(0x7f00000000c0))
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x3a, 0x301, 0x70bd20, 0xfffffffc, {0x4}}, 0x14}}, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(&(0x7f0000000140)=@loop={'/dev/loop', 0x0}, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x2209006, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x1, 0x56d, 0x2}, 0x50)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x19, 0x4, 0x4, 0x4, 0x0, 0x1, 0xfffffffc}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000010000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800002c0000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b70400000000000085000000330000009500000000000000", @ANYRES32=r3, @ANYBLOB="000000000000000000001100"/22, @ANYRESHEX=r3, @ANYRES32=r0, @ANYRES16=r2], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc83, 0x0, 0x0, 0x0, 0xc00000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r4, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
recvmsg(r1, &(0x7f0000000f00)={0x0, 0x0, 0x0}, 0x100)
syz_emit_ethernet(0x86, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x3, 0x1, "56805c734ee222c29de4125f81f6e030a5441a99f362cd24e0a1ac2291500733", "467f517bd818d5a4a8d26ae61b4cbf13", {"31ffc21d2e9bfb1eb3c03976ed837b6f", "876605ac29dcb96a8901e0711afb3db3"}}}}}}}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x6c}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x5, 0x0, 0x0, 0x60ff78ce1cb3c070}, 0x94)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000007300)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000006200)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41000, 0x4c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)

4.25566011s ago: executing program 0 (id=2361):
r0 = fsopen(&(0x7f0000000ac0)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
write$vga_arbiter(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="6c6f636b20696f2b6d656d00d890"], 0xc)
r3 = epoll_create(0xb398)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000140))
write$vga_arbiter(r2, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xb4, 0x19, 0x1, 0x0, 0x0, {{@in6=@rand_addr=' \x01\x00', @in=@rand_addr=0x64010102, 0x0, 0x5, 0x0, 0x3, 0x2, 0x20, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xac, 0xfff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x7fffffff, 0x10000}, {0x2, 0xa04, 0x40800000000000, 0x800000000000000}, 0x0, 0x0, 0x1, 0x0, 0x3, 0x3}}, 0xb4}}, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100000000000000000000000000fc01000000000000000000000000000000000000000000000a0000"], 0xfc}}, 0x0)
r5 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r5, &(0x7f0000002dc0)={&(0x7f0000001640)=@l2tp6={0xa, 0x0, 0x6, @local, 0x7}, 0x80, &(0x7f0000000440)=[{&(0x7f00000000c0)="c4", 0x1}], 0x1}, 0x240280d1)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000010880)=@base={0xa, 0x4, 0x8, 0xc}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xd, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6}, [@call={0x85, 0x0, 0x0, 0x83}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket(0x10, 0x803, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x2, 0x1, 0x0, 0x2, 0x2}, 0x10}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r9=>0x0})
r10 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r9, @ANYBLOB="00000000100000001c001a80", @ANYRES16=r10], 0x44}}, 0x2000800)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x82000, 0xe1)
ioctl$SG_GET_VERSION_NUM(r1, 0x2282, &(0x7f0000000040))
ioctl$CDROMREADMODE2(r1, 0x530c, &(0x7f0000000b00)={0x0, 0x3, 0x10, 0x3, 0x9, 0x7})

4.206582416s ago: executing program 0 (id=2362):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xc, 0x4, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x77}, [@call={0x85, 0x0, 0x0, 0x1a}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x8}, 0x80)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
close(r2)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc080003400000001408000c4000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000003c0)="d800000018007b18e00212ba0d8105040a0a1100fe0f040b067c55a1bc0009001e0006990300000015000500fe80000a000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b01602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef", 0xbe}], 0x1, 0x0, 0x0, 0x2663}, 0x0)
sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000018000000000000000000500000a480000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c0001c006000100d9030000080003400000000114000000110001"], 0x70}, 0x1, 0x0, 0x0, 0x40008d0}, 0x40)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="400000000d0a010800000000000000000a00fffe0900020073797a31000000000900010073797a310000000014000380100000800c00018006000100"], 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000003100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x60, r1, 0x1, 0x70bd23, 0x25dfdbfa, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_KEY={0x44, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPES={0x4}, @NL80211_KEY_DEFAULT_TYPES={0x10, 0x8, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}, @NL80211_KEY_DEFAULT_TYPE_MULTICAST={0x4}]}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac01}, @NL80211_KEY_SEQ={0xd, 0x4, "d8d432e617b0aad176"}, @NL80211_KEY_MODE={0x5, 0x9, 0x1}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "0c7106e8ef"}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x2000c054}, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x5}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r10, {0xa, 0x9}, {}, {0xc, 0x8}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_CLASSID={0x8, 0x1, {0x1, 0xd}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x60000080}, 0x20000000)
r11 = socket$nl_route(0x10, 0x3, 0x0)
r12 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r12, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r13=>0x0})
r14 = openat$qrtrtun(0xffffff9c, &(0x7f0000000180), 0x40000)
fcntl$addseals(r14, 0x409, 0xf)
sendmsg$nl_route_sched(r11, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r13, {0x0, 0x6}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_qfg={0x8}]}, 0x2c}}, 0x24040084)

3.818162586s ago: executing program 2 (id=2363):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e21, @local}, 0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000440)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x0, 0x1, 0x401, 0x0, 0xa9, 0x8000000000000000, 0x8, 0x7, 0x8000003}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x1, &(0x7f0000000140)=@raw=[@ldst={0x1, 0x2, 0x4, 0x0, 0x1, 0x4}], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc1002}]})
pipe2$watch_queue(0x0, 0x80)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r3 = shmget$private(0x0, 0x800000, 0x880, &(0x7f0000173000/0x800000)=nil)
r4 = socket$inet6(0xa, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b4050000ffe0f50571103f00000000006700000000800080950000000000000072c2f98cb7333011f1cf97f165ac0dc8c84c1ed04a84f6243cec3706bd2d671c2c28c7a0bd13871d815bbc06c2fa221f1a91d63e4bdbf3cbdd4ff4738d969857122ea180b8b25ad6c006c3e4e86dd319c92d683f6d593cb860187c7640045af58adcfc943a215f12b50493e62b5a127771fc659f39d1470e7d85"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94)
ioctl$sock_inet6_SIOCSIFDSTADDR(r4, 0x8918, &(0x7f0000000080)={@private2, 0x29})
shmctl$IPC_RMID(r3, 0x0)
r5 = fsopen(&(0x7f0000000140)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x9)
fchdir(r6)
r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
lseek(r7, 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0)
r8 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='net/fib_triestat\x00')
preadv(r8, &(0x7f00000018c0)=[{&(0x7f0000000480)=""/178, 0xb2}, {&(0x7f0000000540)=""/120, 0x78}, {&(0x7f00000006c0)=""/172, 0xac}, {&(0x7f0000000780)=""/224, 0xe0}, {&(0x7f0000000880)}, {&(0x7f0000001a00)=""/4096, 0x1000}], 0x6, 0x2, 0x1c)
accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x80000)
r9 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x28182, 0x0)
ioctl$AUTOFS_IOC_FAIL(r9, 0x4c80, 0xffffffffffffffb6)
socket$inet6(0xa, 0x3, 0x5)

3.65152623s ago: executing program 0 (id=2364):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0), 0x88002, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
dup(r1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
userfaultfd(0x80001)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0a00000016000000b30000007f"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r6}, @generic={0x66}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78)
bpf$BPF_GET_MAP_INFO(0xf, 0x0, 0x0)

3.469369872s ago: executing program 4 (id=2366):
open$dir(&(0x7f0000000140)='./file0\x00', 0x2, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0xe22, 0x0, @rand_addr, 0xfffffffc}, 0x1c)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000001080)={0xa, 0x4eae, 0x7, @dev={0xfe, 0x80, '\x00', 0x22}, 0x442}, 0x1c)
socket$netlink(0x10, 0x3, 0x8000000004)
ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f00006ca000/0x4000)=nil, 0x4000, 0x2000004, 0xfff, 0x4000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x3)
socket$nl_route(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$vimc2(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0xfffffffd, 0x0, 0xb49, 0x2, 0x8, 0x0, 0x3}, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x1000000)
mkdirat(0xffffffffffffff9c, 0x0, 0x19)
mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x1e4062, &(0x7f0000000000)={[{}]})
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0/file0\x00', 0x80)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000180), 0x42, 0x0)
read$FUSE(r2, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_DESTROY(r3, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)={0x1c, 0x3, 0x6, 0x301, 0x0, 0x0, {0x0, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x10)
sendmsg$IPSET_CMD_LIST(r3, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x7, 0x6, 0x5, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x800}, 0x40040)

3.278201793s ago: executing program 3 (id=2367):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x4)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f0000000140), 0x8)
sendmsg$kcm(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000840)="89000000120081ae08060cdc030000fe7f03214e0003ff000001ffca1b1f0000000024c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00153d00014003080c00bdad446b31007a46e3988285dcdf12f21308f868fece01955fed0009d78f0a947e", 0x75}, {&(0x7f0000000140)="11d6cb557c8496a2fe7a81f38210bfa9b70ee09c", 0x14}], 0x2}, 0x4000000)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, 0x0)
sendmmsg$inet(r0, &(0x7f0000001680)=[{{0x0, 0x0, &(0x7f0000001dc0)}}, {{0x0, 0x0, &(0x7f0000000800)=[{&(0x7f0000000fc0)="31fdff", 0x3}], 0x1}}, {{0x0, 0x0, &(0x7f0000000a00)=[{&(0x7f0000000640)="42e013913edbeb683c44e18a52b5a2462064ddd92caaba941de80d06047dedb7eeeff3a27eacf4c416b6979d6c918608807c44d01535dbaab3b390086e4fd43c6b5931187023646d6beac2340fdc7a0d81214ac76a818f64d287311e8828dfd3e3dd67efdb129a6e52745d1540e570", 0x6f}], 0x1}}], 0x3, 0x2090)
setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0)
sendto$inet(r0, &(0x7f0000000380), 0xfffffffffffffecd, 0x4000, 0x0, 0x0)

2.53119973s ago: executing program 4 (id=2368):
r0 = fsopen(&(0x7f0000000ac0)='configfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x1c0002, 0x0)
write$vga_arbiter(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="6c6f636b20696f2b6d656d00d890"], 0xc)
r3 = epoll_create(0xb398)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000140))
write$vga_arbiter(r2, &(0x7f0000000040)=@other={'decodes', ' ', 'none'}, 0xd)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100000000000000000000000000fc01000000000000000000000000000000000000000000000a0000"], 0xfc}}, 0x0)
r5 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r5, &(0x7f0000002dc0)={&(0x7f0000001640)=@l2tp6={0xa, 0x0, 0x6, @local, 0x7}, 0x80, &(0x7f0000000440)=[{&(0x7f00000000c0)="c4", 0x1}], 0x1}, 0x240280d1)
r6 = bpf$MAP_CREATE(0x0, &(0x7f0000010880)=@base={0xa, 0x4, 0x8, 0xc}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0xd, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6}, [@call={0x85, 0x0, 0x0, 0x83}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket(0x10, 0x803, 0x0)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x2, 0x1, 0x0, 0x2, 0x2}, 0x10}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000002c0)={'bridge_slave_0\x00', <r9=>0x0})
r10 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001300a7cc4a372eaf541d002007000000", @ANYRES32=r9, @ANYBLOB="00000000100000001c001a80", @ANYRES16=r10], 0x44}}, 0x2000800)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x82000, 0xe1)
ioctl$SG_GET_VERSION_NUM(r1, 0x2282, &(0x7f0000000040))
ioctl$CDROMREADMODE2(r1, 0x530c, &(0x7f0000000b00)={0x0, 0x3, 0x10, 0x3, 0x9, 0x7})

2.46821584s ago: executing program 2 (id=2369):
listen(0xffffffffffffffff, 0x0)
listen(0xffffffffffffffff, 0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x810)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x22)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r2, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0])
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
recvmmsg(r0, &(0x7f0000001e80), 0x0, 0x22, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x800, 0x0)
ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xa8)
r5 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(0xffffffffffffffff, 0x13, &(0x7f0000000400)=[0xe758, 0x100f8de], 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x5, 0xf, &(0x7f0000000080)=ANY=[@ANYBLOB="f572c10000a88c43c226f0a6380778c72739a0", @ANYRESOCT=r0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
unshare(0x6a040000)
mmap(&(0x7f00005f7000/0x1000)=nil, 0x1000, 0x100000d, 0x13, r5, 0xfc07d000)
r7 = openat$pmem0(0xffffffffffffff9c, &(0x7f0000002340), 0x80d01, 0x0)
pwrite64(r7, &(0x7f0000000000)="a5", 0xfffffe8c, 0x2)
r8 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r8, 0x8004e500, &(0x7f0000000280))

2.378046143s ago: executing program 3 (id=2370):
pipe(&(0x7f0000002680)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0)
fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000005c0)='fd', 0x0, r0)
getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000002c0)=<r2=>0x0, &(0x7f0000000300)=0x4)
r3 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000340)=0xffffffffffffffff, 0x4)
r4 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f00000005c0)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x1, 0xfffffffd}, 0x28)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r4, 0x20, &(0x7f0000000100)={0x0, 0x0, <r5=>0x0, 0x0}}, 0x10)
bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000001840)=r5, 0x4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x16, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500000070000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r6, 0x0, 0x10, 0xfffffffffffffffe, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x60ff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c)
bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x20, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x10100, 0x0, 0x0, 0x0, 0xff}, [@ldst={0x0, 0x0, 0x3, 0x0, 0x8, 0xffffffffffffffc0, 0x5}, @func]}, &(0x7f0000000040)='syzkaller\x00', 0xffffff93, 0x83, &(0x7f0000000200)=""/131, 0x41000, 0x0, '\x00', r2, @netfilter=0x2d, r3, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000380)={0x3, 0xb, 0x0, 0x7fffffff}, 0x10, r5, 0xffffffffffffffff, 0x3, 0x0, &(0x7f00000003c0)=[{0x1, 0x2, 0xb, 0x3}, {0x3, 0x4, 0x6, 0x7}, {0x3, 0x1, 0x8}], 0x10, 0x2}, 0x94)
setrlimit(0x0, &(0x7f0000000980)={0x0, 0x62})
setitimer(0x2, &(0x7f0000000040)={{0x0, 0x2710}, {0x0, 0x2710}}, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r7, &(0x7f0000000000)={0x0, 0x5, &(0x7f0000000280)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400400142603600e122f00160006000600a8000600200002400700027c035c0461c1d67f6f94007134cf6efb807ca007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0x0)
r8 = fsmount(r1, 0x0, 0x2)
fchdir(r8)
r9 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
setpgid(r9, r9)
setpgid(0x0, r9)
socket$inet_udp(0x2, 0x2, 0x0)
r10 = syz_open_dev$sndctrl(&(0x7f00000005c0), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r10, 0xc0485510, &(0x7f0000002140))
quotactl$Q_SYNC(0xffffffff80000100, 0x0, 0x0, 0x0)

2.377436543s ago: executing program 4 (id=2371):
r0 = socket(0x2, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', <r1=>0x0})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0xfffffef9, 0x0, 0x0, 0x10, 0xff}, 0x94)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x2e}, 0x94)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000040)={0x0, 0xfe, &(0x7f00000001c0)={&(0x7f0000000080)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xffff}, {0x8, 0xfff3}, {0x0, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x48080}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x80)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)=ANY=[@ANYBLOB="74000000090601020000000000000000030000000900020073797a310000000005000100070000004c0007801800018014000240fe8000000000000000000300000000aa1800148014000240fc000000000000000000000000000000060004404e1f0000050007008400000006000540"], 0x74}, 0x1, 0x0, 0x0, 0x10040003}, 0x0)

2.226666472s ago: executing program 3 (id=2372):
memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0)
ioctl$SOUND_MIXER_READ_DEVMASK(0xffffffffffffffff, 0x80044dfe, &(0x7f00000000c0))
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x3a, 0x301, 0x70bd20, 0xfffffffc, {0x4}}, 0x14}}, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(&(0x7f0000000140)=@loop={'/dev/loop', 0x0}, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x2209006, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x1, 0x56d, 0x2}, 0x50)
r1 = socket$inet6(0xa, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x19, 0x4, 0x4, 0x4, 0x0, 0x1, 0xfffffffc}, 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000010000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b70800002c0000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b70400000000000085000000330000009500000000000000", @ANYRES32=r3, @ANYBLOB="000000000000000000001100"/22, @ANYRESHEX=r3, @ANYRES32=r0, @ANYRES16=r2], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc83, 0x0, 0x0, 0x0, 0xc00000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r4, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
recvmsg(r1, &(0x7f0000000f00)={0x0, 0x0, 0x0}, 0x100)
syz_emit_ethernet(0x86, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x3, 0x1, "56805c734ee222c29de4125f81f6e030a5441a99f362cd24e0a1ac2291500733", "467f517bd818d5a4a8d26ae61b4cbf13", {"31ffc21d2e9bfb1eb3c03976ed837b6f", "876605ac29dcb96a8901e0711afb3db3"}}}}}}}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x6c}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x5, 0x0, 0x0, 0x60ff78ce1cb3c070}, 0x94)
r5 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000007300)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000006200)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41000, 0x4c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r5, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(r1, 0x0, 0x0, 0x2, 0x0)

2.178240858s ago: executing program 4 (id=2373):
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x6) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0xa7) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x4) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x6) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x7) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x5)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0xd8d2) (async)
r0 = openat$vhost_vsock(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000040))
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x5) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x5) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x8) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x5) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x1000) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0xffffff80) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x7) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x1ff) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x8000) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x5) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x7fffffff) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x0)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x5)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x8) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x1) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x5644) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x2) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x2) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x4) (async)
syz_open_dev$video4linux(&(0x7f0000000080), 0x200, 0x2001) (async)
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x5)

1.903392629s ago: executing program 4 (id=2374):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f00000000c0), 0x88002, 0x0)
ioctl$TIOCSETD(r0, 0x5423, 0x0)
r1 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0)
dup(r1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
userfaultfd(0x80001)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r3 = getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f0000000040), 0x80002c1, 0x2, 0x0)
r6 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=ANY=[@ANYBLOB="0a00000016000000b30000007f"], 0x48)
r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r6}, @generic={0x66}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222}, 0x78)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={r7, 0x0, 0x0}, 0x10)

1.743515529s ago: executing program 0 (id=2375):
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet_udp(0x2, 0x2, 0x0)
r0 = getpgid(0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, r0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB], 0x48)
r4 = io_uring_setup(0x585f, &(0x7f00000001c0)={0x0, 0x2c28, 0x80, 0x0, 0x10000000})
io_uring_enter(r4, 0x0, 0x2, 0xf, &(0x7f0000000000), 0x18)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000002480), 0xce4, r3}, 0x38)
bpf$MAP_UPDATE_BATCH(0x1b, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000600), 0x0, 0x3ff, r3, 0x0, 0x100000000000000}, 0x38)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)={0x44, 0x2, 0x6, 0x3, 0x0, 0x0, {0xd}, [@IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_LIST(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x1c, 0x7, 0x6, 0x401, 0x0, 0x0, {0x5, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20004055}, 0x48000)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xff, 0x7fff7ffc}]})
r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r7 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r6, &(0x7f0000006a00)={@val={0xa}, @void, @eth={@multicast, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x29}, @void, {@ipv6={0x86dd, @generic={0xf, 0x6, "42b16b", 0x0, 0x32, 0x0, @private1, @mcast2}}}}}, 0x3a)

1.255392228s ago: executing program 3 (id=2376):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1f, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x1, @tid=r0}, &(0x7f0000000300))
fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f0000000040)={0x0, 0x0, 0xfd8b, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb320a000)
r1 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
fcntl$lock(r1, 0x410, &(0x7f00000000c0)={0x1, 0x1, 0x1, 0xfffe})
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
symlinkat(0x0, 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00')
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f00000001c0)=ANY=[], 0x0, 0x5}, 0x94)
r2 = socket$kcm(0x2, 0x1, 0x84)
setsockopt$sock_attach_bpf(r2, 0x84, 0x84, &(0x7f0000000000), 0x90)
sendmsg$inet(r2, &(0x7f0000000e40)={&(0x7f0000000280)={0x2, 0x4e23, @remote}, 0x10, &(0x7f0000000600)=[{&(0x7f0000000400)="d4", 0x1}], 0x1}, 0x40)
r3 = socket$packet(0x11, 0x2, 0x300)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=@framed={{0x18, 0x2, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x8000}, [@call={0x85, 0x0, 0x0, 0x75}]}, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x2}, 0x94)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2a, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r4, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
setsockopt$sock_attach_bpf(r3, 0x1, 0x32, &(0x7f0000000180)=r5, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)

1.123624625s ago: executing program 3 (id=2377):
memfd_create(&(0x7f00000000c0)='-B\xd5N4\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\x8a\xd7Uw\x00\xbc\xa92\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x19\xea\xef\xe3\xe1@\x84\x13\xefZb:\x8f\t\x01B\xec\xde\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@Ip]D\xd6\r\xac\v#co\xd5\xb9\xc806\xa8\x99\xffs7\xa1b1\xb1;i)j\x0e\x1e\xedI\xa2\x80\x89\x1d\xd9p!\xc86s\xe07(\xee\xf9<\"\xf0\xc8\xae\x96J\xe2]\x01\x86\xb7.<\xf5N\xd3\x94W1\xff\x18z>\xa7q,\xf7\x96\xb8{\x8e\xbf4\xe0\x95\x1ce\xe4\x85\xcdi\xed\xd3>\xeb\xa5\xaf\x87\x90@\xd1\xbd`^\xfa\xb6\x9cj\x13/\xc5\\W\x04\br\x17X\xe3\xfb\xc8\xd4\xaeX\xc9s\xd18\xd9L\xbf\xa0\xa6\xdf2\a\x99i\xb1/\x19@\x1cq\xeb?\xc1z:\x913\xfa8\xac\xd3q\xe4vPGU', 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x32, 0x0)
ioctl$SOUND_MIXER_READ_DEVMASK(0xffffffffffffffff, 0x80044dfe, &(0x7f00000000c0))
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x3a, 0x301, 0x70bd20, 0xfffffffc, {0x4}}, 0x14}}, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(&(0x7f0000000140)=@loop={'/dev/loop', 0x0}, &(0x7f0000000040)='./cgroup\x00', 0x0, 0x2209006, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x1, 0x56d, 0x2}, 0x50)
bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x19, 0x4, 0x4, 0x4, 0x0, 0x1, 0xfffffffc}, 0x50)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x10, &(0x7f00000004c0)=ANY=[@ANYBLOB="1800000000010000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800002c0000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b70400000000000085000000330000009500000000000000", @ANYRES32=r2, @ANYBLOB="000000000000000000001100"/22, @ANYRESHEX=r2, @ANYRES32=r0, @ANYRES16=r1], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffc83, 0x0, 0x0, 0x0, 0xc00000}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r3, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50)
recvmsg(0xffffffffffffffff, &(0x7f0000000f00)={0x0, 0x0, 0x0}, 0x100)
syz_emit_ethernet(0x86, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x64, 0x0, @wg=@response={0x2, 0x3, 0x1, "56805c734ee222c29de4125f81f6e030a5441a99f362cd24e0a1ac2291500733", "467f517bd818d5a4a8d26ae61b4cbf13", {"31ffc21d2e9bfb1eb3c03976ed837b6f", "876605ac29dcb96a8901e0711afb3db3"}}}}}}}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x6c}}, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x5, 0x0, 0x0, 0x60ff78ce1cb3c070}, 0x94)
r4 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000007300)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000006200)='syzkaller\x00', 0x7, 0x0, 0x0, 0x41000, 0x4c, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r4, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)

860.641626ms ago: executing program 2 (id=2378):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'cts(cbc(serpent))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000538acc089c0e00001e5b0102030109021b00010000000009040000014b34ef000905", @ANYRES16, @ANYRES16], 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000003880), 0x4, 0x2)
ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000700)=[0x1, 0x2ff])
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r6, @ANYBLOB="1f003300d0", @ANYRES8=r4], 0x3c}}, 0x0)
r7 = getpid()
sched_setscheduler(r7, 0x2, &(0x7f0000000200)=0x6)
sched_setaffinity(r7, 0x8, &(0x7f0000000240)=0x2)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000008280)=<r8=>0x0)
r9 = syz_clone(0x80, &(0x7f00000082c0)="90b227cda39d39628e9d73", 0xb, &(0x7f0000008300), &(0x7f0000008340), &(0x7f0000008380))
ioctl$NS_GET_OWNER_UID(r4, 0xb704, &(0x7f00000083c0)=<r10=>0x0)
getgroups(0x4, &(0x7f0000008400)=[0x0, 0xee01, <r11=>0xffffffffffffffff, 0xee01])
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000008540)=[{{&(0x7f0000000440)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000840)=[{&(0x7f00000005c0)="aa26d7b1ca6fc90699a5e4a4613c4dbcc76a5b9acaf81ff3f75f23edd88ce0435bf59ab74d780a54e31a1db8cc625f09b18cd03955fd0d59732785dfae851778009d435fa20a8dd5501bb536e905365370b76803edd22eb97b0d20c8f9587d767f36d1bfd3e74dcfe5fb36901aa6def82afad668d67213138225230b45cb2f8f4f807b1fa1fc9abc044483955c85156b8bc5a49296ffa9e6ad9dd3e8a3bdd1b6b43f83a461903f831cf503db455b446ad3300f3750ad468de2b08f512801cfeea43f69d29de7c6befe871464602549bf9564a98a92fc5e723b62fe1e3d52393db73d736e047a", 0xe6}, {&(0x7f0000000740)="2d69a4edbfd38ee7130c65e824f55f8d59a4e321473f36b2305ea36093d6a333c2c0cbe167632251ede4974f9d39ece9021ad56a32b737d1f8327ec2ca9d4c1287f8c67d2eb3eaf4aaf3c0b8662a09f8b9a77f9f97161f582e3a3422f43e04388a625d3ba6fd4577f9bb3737ebda3cdc1a04b6cf19ceea8fe9f165fac60feaf85dabb0eb0c493ac891062f81256d02a17775eea92c191efd48ca70e0d6c0a383e6f27f9ceab2cfe7857bdda094358f61b06bb1eae71a710c6e4b655e6430f0882f1ba7c7", 0xc4}], 0x2, &(0x7f00000008c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x10, 0x1, 0x1, [r0]}}], 0x24, 0x20000040}}, {{&(0x7f0000000900)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000001ac0), 0x0, &(0x7f0000001b40)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, r2]}}, @rights={{0x24, 0x1, 0x1, [r3, 0xffffffffffffffff, r1, r2, r2, r0]}}], 0x38, 0x4000000}}, {{&(0x7f0000001b80)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001e00)=[{&(0x7f0000001c00)="4987ea097d3383774321adcc0f0358935ca9976e7af3875b4f0c4d9e922fbfb4b6444859fde721154ad3079858db9e73ae7bdd06d0510e2d368c008cf36c1163a58206d80c02ffda15887fcfed6870f08b3013baaa04d938a29cd86249cd371b5f25e627c04f3382a5d3b222e506b4fe69a8f225129ee45d690f0383198775fcfb6a0dba2f6a8bf530d8000d66fc0fccc5fb101a8a5839cca7177fe011559caf847da276d8e5cbb44f221fc4f3a739ce3c18daf6a7f9fe55f6a13de2f600833a0219a9d8123acd0b19", 0xc9}, {&(0x7f0000001d00)="6e83c42009f45a88561669b6d09f965c4d9919971f0978d00f3690a074ba221a5e9775b1b6bf38c5d63826f2b6a5ed5eb6ad6e0870c7a1d4d4286e05e59b1b58fa8c171c21b6f1cae0cda364a981637a", 0x50}, {&(0x7f0000001d80)="24ac2f0c81f3441230ff6e559c1c5a4c1de2fadf2a246fa84a6baed4019215d6c19f694aa6f60e9b9d8ac5104f82bbf46a784512b3c590ee74f6882fb1439ce1230fcc86b95c2bf6047087e7959418a554f33ab39b178b0e49795afc5d4ccd54f2fac4843e4a7da7f417ad6855", 0x6d}], 0x3, &(0x7f0000006ec0)=[@rights={{0x24, 0x1, 0x1, [r2, r2, r3, 0xffffffffffffffff, r3, r3]}}, @cred={{0x18}}], 0x3c, 0x24000840}}, {{0x0, 0x0, &(0x7f0000008000)=[{&(0x7f0000006f00)="bb30db01ca67956e25a00bb68f5b831d0b2842c278d3c4b6439dea61a01018dd22ddb1a5872c409f216f5f843ef2634f8fe749073295a3553eb59b2f3dcda63b00ade4864510be2579c553cd5c993c94b08238a1591c81f35439ea41026dd8cb549058aadd8018395bc28882f08013bb6dae34a3666084f524fef480ced31f873780c035f51ba6a654a7ba0e3b593c262616710ab916cf638a967d33235d6b76d85fcfe640995c1f50ec3a67b818eb7db81f267d90b3c91ee89cd877fa93a662f49a197fb5c66c76c2d14a4de51f54948a7c6c8961dc98f05a222d62dfdfed3b5a73127bfa34f2800f37207af423b20d2c2601ac64cba87e05c2d0d7a77cc56c6edead976a641c7a695822e60861ddbc8bf1c17c76848ab0cdbc15bd6d4e9349f3434f34781dc0226df10cf2d167b2edb24a4cb68b2248999aae877ba5f4e32d305d8aadb0b4f81d481723c0dc6dd9282e45bf1586b3665b42d41170af567967b9202b830c08f082856a0face16cb87ec1632bf635a39167bb17b6f3fb3693c781fd9ca899ef8f3538c1df188f9b59d8e46376c4a67d023b3a6d4d0e02760cd73db224ba8414122db058ea6f2ee8e1aac05506c3fdee01b2976f3738759c7896b2816ffe82b6ea5fa278e07a82c7212249f0ee974cf9d146fab5ad7ea3e4841bd11290afa7a28128b98fdce2db31a5ae26e34a9cd4966b57457af4cd58b7ac67a9b486dc75754d4847aff7686defe6084c20ec5c840015992807b9c4982513745e61037af5a2ec06a46160dbd0b2010d5c1847e3e91636f8bfade316fb06819e205395411eb9b986a4514b0fe68a0cab7111f64f33ced0b72697007b25c8e995580a478a7c1b228cfb4e8aa1cb33748490fbe2a357d1be342070cbb0bdfa49da5c7309b3227542b3d61b9bf4e55e8522afca05cf3e3d44ceead4f11de536d75a86c8eabbd564a37c008e3aa9a83f0bbc5976537ed7050767669b9aeddd06b4363a1900e44315275d7420f227b98958e645e624d65e07ac0f5e97f8af4ea14f59a30a26e3b3f29f26eeb4c4e9d7df0bab31431d4ac577060cbe36c3003f47a77e0df5ca8b3531b5bc4380e1ade643346587d032178f3f9335e41f26f1fc1351daa3659fa222f177d76b73549fe3ecb99ef0cbeb65578d934629d2c33fbabded5c816f934117dc97452fe027d73aae14aec42100f90cc637bf497428f28cabf67a8a1ea861b450493910497d09dc038575861a86be0f07cbef49100bf7ef5f7c68c7df305ac018f42b252d629d176fe7fc25a82995d56a0fdd615e9741e8c98cb67f3a78b583375b8de50d94cd8bbf5e06a046dd706f3bc0e55012fee90021a6c5dd85fa6086c7888dd276477b5996857699650f3687d57de3742b13ee5d4c50dae4e18fbec5ee3de4d13eaf884ba77933bc1acfcc61b62eda933cc3c65fe3b6495e56fda15ed8a4b764a9a6f1e920f168d413b9c87937e34c2c7bb856495edae6e6f6cfb4ce7a9e36aec59aa8b81d359bcb91fdec9cf438718c18f1f78468088bb1807a9208d8b64cd606b49f71606b1340cb0b68d78333ddbf24ae808ee615bd634afe756e590e7f6e40dd96e273b4439b767b2d61c9e97240ca0d152ef077e3d68a957b60fb0d7051a9ecdca9f16cd9810fc21a71f710b3d908445ea3990d0750bae9484e8ff1b42ead6d7dcbf575fec77689ac8453ef8224e688ba967454b710e7d05a8c92c8bb34dbb3ca1c74a536c1bf28513244fba8fd9d260475a371e1e9a21832abca8853ff101ff84de36f00a4e9b1cefb09bc28b8c25b95bf2202fffca6d5a53104322e68cde56b056ba010bfb2d4d4a666400a52ff9784f79d562b82d4f8fcdda195586c1ea272dfa2451fcd0acd2ebc7a89fccda775e84a0776d9a6f175b1df3b1b26265002c8d78f143acececb40090fe474829a06f4e718de78090a5641998d3f775da1d194c4c34c9c8e95628db4018ff39f9531d9a9344d57a93b199d1ed9a054e5956af102e88f67aec1f0ec09f342364315e9a799974eed481550daf6083d3f9401e07e0cb847d12950b4f60e864e3a2857a0f929c26fff1c6fd83efdce8d00cba1ef65bd1be9dbd196a5df61588211cc3fd2a22999dd6d15f11ae969267021d6603b3e735ca0978a1337ee9dbba8e9b1965208c2d999ef3a1d9f35065696a1364d90e7551e28a246d91745e0f1ea824066b7e68cac307d95ba125b9c2ef412819a7af11a7d14f091920a80d15a840a83800d00bf307c29015dc9921cfa5f5b3a7d30c090c43b33f375bed6670d15ae62ea1762ab8dd87291cc702a19adc6491d298bf015d881b28cc2d2cf787dda6bf216f81bf39fa932935d4a310853383eb9393ee9f7dfcf19e8a628b592564b2d6dd68cee590b7340e82954f8c5bf40183cf7b45a0705ab8eb9547d285d2ae5fd6442816e652276aa1c27c622501d05bd7b06ee826cdd050b76979d3a07e640cdcad9b71d5634ffc066671206db6ec8d3bab81c7c9496735e7cd80c8be17ada492a1abeded78164f152745b867e8f6fd7961f131dfd37d76066c4c92489f6d9bb87bf07265ca9d5398a1634a3d8a9ad1e5df431d45a32e2f13cbe0c459f98d7f1b0a89fef958c5efd92aac4b64b5aae831aa3795ae32e302113b32bc59bd822171d9613efe292c337d9c91af0db993c7e7c48551ccd4b9d982466a016905ab81848b5ad838e6b04038785bfb0700ed6478a9588d8be38bf773d608b06ab925006e52e2288f16db9760b5d5707f1ad7d727e6f9e637e6d45420fb36a5d07aa34c3b243ec9b73e57eb4990f9517b59da2439f35d64631b1be043f7eb57b24e011a452ace097b6ba35ae478f35bb13a73b256235cbba05e59bad8256531bfa1da40be8a360b514e284bc73ccb203941eba6f4a0a99cb971f528e42066b690cccca982e37193de06d36f4d03e02c6f316f6a45d7624c4414585a7d030f695fb5aba7a5e30975a6d379ff8e356a7766c10b9ae52ebe6124c3523e910ca996272f343601a6dab3b347d1e6b3eb3e8311c327a5865ad7e680e0b350911f00efbe1c51c7de4342ee2c9fdc9335237c13d45846c3ab3c3a6c700a25c96959205910bf5185ac7979548083a62c1d406f2a8000aed8b8315eeb34c2ca0acecc934be15075ce05c95d24af156e0d60e7fde830bcef452ec3e330174f4980b776cdf0e95900895599751cae5dbe4526189afbdcf5c1ecbde9096d77786d41d557045c8125fd5a9fcef2324c5792684d7d64f19db3a36e1039dfe67bbbf713d10f0f5102e791c1eb1cc79feed0dc96eb50929bb871289459e1cb9861be579ac8c6d7809ad33e3c17e14947bf84106eb0ee236d104c42d75337aad2bf1e1961bd1efe289f0475ae3c811cabe94b026755d6b5017f2e1cada802e8aa8720bdd843008d87127f5ed02176cd4da12e445bf204594e6a48fe47a7116088914abef05f15e7c61d51d761de252b23b545fa0ef405a4950ebba7933fd40f27976395c7674ffcb8e8023220a229705d14510647a7507b90f585185d928b2b29f968fee043daf966fddc4e73c0799c2c16d79f81f90361d4f1c6cd7932ae26f0f02a45221b3ed905b501f6204f90119874530fcdf7bad77377590d153199a53a1920abb3538413357c30ffde924f039714d39730b4da508abaed0bdbb548812aab0ac1109ed6b844d9c99b7dcf27eb46f405093c03cc1298cb1e95946f649cf9a6194ef884262fe31efa9cf16199330c10e769d09e884f276a8aab6a5ee61dc61dee63e697cc8d55de3bc79f911996b6a15a900aec333cfcb881e9a4b793c311620988c15f016db8f415f0943ab087176c1b4a4d25c99d4e8718ecbc808c965ff717748b1b9d9bdbb442f1b93a0a97c26f795a59b295d31e7c1fb7b87b8a00014dd7b1a756b84039bd574cf6a0d57957b9d5fc3413bfeecdcf34afe9a00ad61c264c90f8eb196c7284535c79f2bc02a784a65652728a69591663dabe61ae8b465b4e5dde8a8af6b8d3ed2702ee9ebe545f872e1cab416c53f25b761ea2757f1ae66e545ea772cb39e3bb7651653a552f88694ff73939d2954a9bb64966d88552cf5146ee930828a3beb869355351a6e94138719c65e917bd96b258ad3b317faeb807fb4adfadd9520f0c4c867716760c96fa855f472a5845d6f6d021716cb1f87508f568c1b3b3d7dfe6cdf18600eb82a5726849af727e8df536ed43cbd5833625757d075c13f22c52fcc7294d9d388f9b098eda61d0af0af9c0e0a9bc12b51ee32d51ad6a401ce59dcaffe93f48c7a12f8233b3abbff6aa82bb9ef408016e1aa278c65b49fb85fc1f96a67e0ecb3e9b52104b84fe9fae7b3e3be69c4df1d3aa1b2a6dbda27f33416b48948cd7d20bafa76186052ef62bec4dfc4ab99e19b8b7bd4e6771e794a85a3030cf46984e9195e275f05d621957cd00a124a90f9c2b5559cd9b5b26123f979730cbf5d9786109a5df1f4e996a8b9ffcbbddaadf089bc019fcfbc510892e83ee9690eaec3ed894825f48b0152028843f1ad801def8411107681b14360f7f220f62649f496cb3a60d8e44f924e45c7ee6757b2d6622fa819bf46aec6fdf658d7882385edd0ee1a42d8f560b8f9b4b5ca6fe67160f5b63566e0ef01696ef267d46b16071c342d9667983283dd0973cc577776fa77d025a29aaa84382b51968eac0735fc9a48f18ca25ecb5ec14e74a1d050c53370a951b25a2d6ab57129a6b52be2fe510a6e5b4431365741053758dbf6123010016d7d349876908ecbd6f3fe9339ae2eb9f1761728da9728b21d652779ee01a7f417e5ac7d2736edb76ce9bdc105d1b17550233bffba0200dd58f6b55fb71ff2da464cecc4803ada9c980236f8d23cebc398d5ceb47481997168ced10ef64b543606b59bef2d6adf022e05a0c4fa57c4d3c3427c98a475f544e0894b9cdb5abcb67cecf72f7446cd8015d881b375faade8f1d1c3bca0d80c0d5879d0c4fc13f73905cada9bc28da25a968ed5a68f384de3c75680a40e35e4730ef350d7416d2d1ee753b4e7f6eebe9f1846f1cbc3578f5a868850f9c02f1f30523975e21bdc71baf37c54e4fa2e4120017139d19dc2590d43314b63f21a10d27c1a55523aec991336c04a7606502de50606b2b8a510c4058de8902cbbb1cb49cb419b294d28efafcfd2203fb43f4cc76b7c2620e455e193a7009bce82e086d7b1549ca1806f9691938ac5eda696dd27d18d0d6ae8ffec70fa014662dde18dcaff57c615bd7ed6cc5f2450a29beba013bcee71d41beab4d8202013c24f33400097abd6abd644e7bd95789719715a275668d902bfa89bb8543d8c875521682f6329cfd84d704fa79d72add2638c5c2a159f41b8b92d0bc2bb268e12ff8f4d8ef45d1fd2c6540f553d67d966f625bf78446a011346fd8b62c4e921b38ccb46810ce4e0345823762ef18a2ea10f406ff51c26ab11fe06a0ca42a80dbf2dd95ae73bd4b63ca9b70e234fc378972b52f4847fc5e3eec1684208cd40cd28e2a88a2e3659d35d2a2f9f88942b30823bb0f4dd1ddf5aeda25e4ac337a05c747f0b13019b3c0c4d76e617c68be55a5ac9383751b07d67807f9fd27904edd7bcfc44e89b1480ac831f9af90059ee2e99bcf36bad63bdfdebffc4ec37c743774c2b3ac39ebd78e3685fd6c2decbbdcd9d3af83deaade9556cdb7c88ba37e1d178521c7138804d1e39b9de9b75fea029510890fc05c8665fc8aa895b134072406146e425cd93e3704fae048142c870c17e406a6e50bdfafee3cc1d18e31980e3720b6b1b0459", 0x1000}, {&(0x7f0000007f00)="efa0ba42deb0e15128d299c796e56693aa53d05e1fc24deb42e74d7c4d96f66f0e11fdd9cf0c83a881ba7cb57ecaa95dcbe204f1eba5431ca6603668937215ba302f9660f021f5b41fd1662a467d4b9f2081befa0e1d7b2a436acf242f56553c087fd004b6b4f5416fae4c33020c76ddea393f2509bd30bd4de4490acecad3babb6b39e5afc4374dc34d72cea21b3265292f5fff8e417e5a556ebfb478", 0x9d}, {&(0x7f0000007fc0)="3828b39b069963b6016b878b09399f034cb5b85586cb599b201a7f149c0285f7ed4a131a4dc2a7", 0x27}], 0x3, &(0x7f0000008440)=[@cred={{0x18}}, @cred={{0x18}}, @rights={{0x1c, 0x1, 0x1, [r4, 0xffffffffffffffff, r2, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [r1, r2, r0, r0, r3, 0xffffffffffffffff, r3, r3]}}, @cred={{0x18}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r0, r2, r0]}}, @cred={{0x18, 0x1, 0x2, {r7, r8}}}, @cred={{0x18, 0x1, 0x2, {r9, r10, r11}}}, @rights={{0xc}}], 0xe8, 0x4000000}}], 0x4, 0x800)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'bridge0\x00', <r12=>0x0})
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000580)=ANY=[@ANYBLOB="48000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r12, @ANYBLOB="0a0001"], 0x48}, 0x1, 0x0, 0x0, 0x45844}, 0x4000080)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@RTM_NEWMDB={0x78, 0x55, 0x2e5, 0x70bd2c, 0x0, {}, [@MDBA_SET_ENTRY={0x20, 0x1, {r12, 0x0, 0x0, 0xfe0f, {@ip4=@empty}}}, @MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x1, 0x0, 0x0, {@ip4=@rand_addr=0x3ff, 0x800}}}, @MDBA_SET_ENTRY={0x20, 0x1, {0x0, 0x0, 0x1, 0x0, {@ip4=@broadcast, 0x436e}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x44}, 0x20000100)
ioctl$EVIOCSKEYCODE_V2(r1, 0x40284504, &(0x7f0000004e40)={0xfb, 0x11, 0x0, 0xf0, "4d512c91002a4950676142687108dcd3f82acf5a895bd90fca2bb40bb4fbf29c"})
r13 = accept4(r0, 0x0, 0x0, 0x0)
sendmsg$nl_generic(r13, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[], 0x3bfc}, 0x1, 0x0, 0x0, 0x4000}, 0x40044)
recvmsg$can_raw(r13, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040), 0x4f}, 0x3121)
r14 = openat$rdma_cm(0xffffff9c, &(0x7f0000000180), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x1, &(0x7f00000001c0)={<r15=>0xffffffffffffffff}, 0x2, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_ACCEPT(r14, &(0x7f00000002c0)={0x8, 0x120, 0xfa00, {0x3, {0x0, 0x8000, "335c25eb5f807afd4c7c52c61c12d7fe638c8e2514fd4865d0d9c782de8a42fa341d7806043267a00055ee05d4295521eed811789d1e02ce5a4cb8df17dcaa0de659838c8a2cf8f046f3e11099fa07ddca282b6b43bdc09dd2ca23e26974f0c6d17bea1530c8232800a42c1e9098a38f55260ab14ffd260019b1fea3d58c61e6cab3c04e7cae64e89e41f7de163ad85cf7772efff91df3d849d0ae07c9e800982fc8b33c7939fdf6d93dbb3ee29e902213f0bc5212d05ec15185b5d2927ab71811723f041ecf9977004d8f6f63cc5b91a4e79f5835fa6280f238f4a4ab272d558a945ca1e286c1ccce3147a2827dd4df5096e8b0ad36c232fce8178aae5dda70", 0xff, 0x7d, 0x5, 0x2e, 0xf8, 0x40, 0x2, 0x1}, r15}}, 0x128)

99.776601ms ago: executing program 3 (id=2379):
r0 = openat$fuse(0xffffff9c, &(0x7f0000000000), 0x2, 0x0)
read$FUSE(r0, &(0x7f0000000040)={0x2020, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x2020)
r2 = syz_open_dev$usbfs(&(0x7f0000002080), 0xfffffffc, 0x0)
ioctl$USBDEVFS_ALLOW_SUSPEND(r2, 0x5522)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f00000020c0)={0x1, [<r4=>0x0]}, &(0x7f0000002100)=0x8)
getsockopt$inet_sctp_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000002140)=@assoc_id=<r5=>r4, &(0x7f0000002180)=0x4)
truncate(&(0x7f00000021c0)='./file0\x00', 0x3)
r6 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
mknodat$loop(r6, &(0x7f0000002200)='./file0\x00', 0x8000, 0x1)
syz_open_dev$sndpcmc(&(0x7f0000002240), 0x5, 0x0)
r7 = openat$fuse(0xffffff9c, &(0x7f0000002280), 0x2, 0x0)
getsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r3, 0x84, 0x7b, &(0x7f00000022c0)={r5, 0x9}, &(0x7f0000002300)=0x8)
ioctl$IOC_PR_RELEASE(r6, 0x401070ca, &(0x7f0000002340)={0x0, 0x1})
r8 = inotify_init()
inotify_add_watch(r8, &(0x7f0000002380)='./file0\x00', 0x80000060)
ioctl$AUTOFS_DEV_IOCTL_FAIL(r6, 0xc0189377, &(0x7f00000023c0)={{0x1, 0x1, 0x18, <r9=>r7, {0x35, 0x2}}, '.\x00'})
sendmsg$IPVS_CMD_GET_INFO(r9, &(0x7f0000002500)={&(0x7f0000002400)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000024c0)={&(0x7f0000002440)={0x54, 0x0, 0x100, 0x70bd2d, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}, @IPVS_CMD_ATTR_DAEMON={0x20, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private0={0xfc, 0x0, '\x00', 0x1}}]}, @IPVS_CMD_ATTR_SERVICE={0x10, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x9, 0x6, 'none\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}]}, 0x54}, 0x1, 0x0, 0x0, 0x4040880}, 0x41)
fcntl$getownex(r6, 0x10, &(0x7f0000002540)={0x0, <r10=>0x0})
sched_setscheduler(r10, 0x2, &(0x7f0000002580)=0xfffffe01)
ioctl$DRM_IOCTL_GET_CLIENT(r9, 0xc0186405, &(0x7f0000002640)={0x2, 0x7fff, {r10}, {<r11=>0xee01}, 0x6, 0x9})
lsetxattr$security_capability(&(0x7f00000025c0)='./file0\x00', &(0x7f0000002600), &(0x7f0000002680)=@v3={0x3000000, [{0x1, 0x5}, {0xa03, 0x21}], r11}, 0x18, 0x1)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r9, 0x80dc5521, &(0x7f00000026c0)=""/15)
ioctl$DMA_HEAP_IOCTL_ALLOC(r9, 0xc0184800, &(0x7f0000002700)={0x1, r3, 0x1})
ioctl$TIOCSPGRP(r6, 0x5410, &(0x7f0000002740)=r1)
openat$ttyprintk(0xffffff9c, &(0x7f0000002780), 0x400001, 0x0)
ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f00000027c0)={0xaa, 0x14})
write(r9, &(0x7f0000002800)="ad86575ef473444ce0dfc40f3a15018f5ba5f29ce7fc6e860778080ea9ff9ba45fe05acc156804018883d72d74ed1c0e7ad5c5cca45af93059adc1a068456eed2df71878201cd90116810be624a70d1346653ea7b7a2d4638e1ef56e06a6c3f64dc3fdf0ba7905841e0ee5acc4d5a66f7098558929b40e99ded5324fd55cf671479dc250d23fd01e3f5e3ad4eedbc11b80bb50c567cc0b8587b383fc8b95e96b910534b61687deb951e8ac442ba4896bec8c950540cce01b11e13895f1d624f2504369a357b27cf44ec2722fdca34a34f16a644c", 0xd4)
fcntl$F_SET_RW_HINT(r9, 0x40c, &(0x7f0000002900)=0x1)
ioctl$BLKPG(r9, 0x1269, &(0x7f0000002a00)={0x2, 0x0, 0x94, &(0x7f0000002940)={0x200, 0xe04, 0xe}})

0s ago: executing program 0 (id=2380):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
mount(0x0, 0x0, 0x0, 0x44021, 0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140c00001600010300000000fcf3df"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
getsockopt$llc_int(0xffffffffffffffff, 0x10c, 0x2, &(0x7f0000000200), 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
r4 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000000600)={r3, r3, 0x8, 0x0, 0x0, 0x6, 0xfe, 0x10cf, 0x5, 0x5, 0x2, 0x1, 'syz0\x00'})
shutdown(r3, 0x1)
ioctl$sock_bt_hidp_HIDPGETCONNLIST(r4, 0x800448d2, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
unshare(0x6a040000)
r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000002c0)=0x11)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000100)=0x2)
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0186405, &(0x7f0000000440)={0x7, 0x9, {0xffffffffffffffff}, {0xee01}, 0x4, 0x8001})
mmap(&(0x7f00005f7000/0x1000)=nil, 0x1000, 0x0, 0x80010, 0xffffffffffffffff, 0xffffd000)
r6 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=@base={0x12, 0x5, 0x4, 0x2}, 0x50)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x17, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sysctl=0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1e, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x80000001}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r6}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r7, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x94)

kernel console output (not intermixed with test programs):

9:0007:0077.0027: unknown main item tag 0x1
[  497.307106][ T5531] hid-generic 0009:0007:0077.0027: unexpected long global item
[  497.309829][ T5531] hid-generic 0009:0007:0077.0027: probe with driver hid-generic failed with error -22
[  498.907502][ T5745] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  499.384091][ T5859] usb 5-1: USB disconnect, device number 30
[  499.399514][ T5850] usb 8-1: new high-speed USB device number 35 using dummy_hcd
[  499.564810][ T5850] usb 8-1: Using ep0 maxpacket: 8
[  499.568600][ T5850] usb 8-1: unable to get BOS descriptor or descriptor too short
[  499.572778][ T5850] usb 8-1: config 0 has an invalid interface number: 88 but max is 0
[  499.576712][ T5850] usb 8-1: config 0 has no interface number 0
[  499.579215][ T5850] usb 8-1: config 0 interface 88 altsetting 8 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  499.583587][ T5850] usb 8-1: config 0 interface 88 altsetting 8 endpoint 0x86 has invalid wMaxPacketSize 0
[  499.589190][ T5850] usb 8-1: config 0 interface 88 has no altsetting 0
[  499.596080][ T5850] usb 8-1: language id specifier not provided by device, defaulting to English
[  499.603951][ T5850] usb 8-1: New USB device found, idVendor=0460, idProduct=0004, bcdDevice=96.31
[  499.610925][ T5850] usb 8-1: New USB device strings: Mfr=1, Product=84, SerialNumber=3
[  499.614224][ T5850] usb 8-1: Product: syz
[  499.617052][ T5850] usb 8-1: SerialNumber: syz
[  499.624547][ T5850] usb 8-1: config 0 descriptor??
[  499.665057][  T961] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[  499.832210][  T961] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  499.837690][  T961] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  499.842463][  T961] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  499.846893][  T961] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  499.858543][T13616] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  499.876209][  T961] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  499.898686][ T5850] input: syz as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.88/input/input48
[  499.934758][  T843] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  499.940080][ T5850] usb 8-1: USB disconnect, device number 35
[  500.003240][ T5757] udevd[5757]: Error opening device "/dev/input/event4": No such file or directory
[  500.008832][ T5757] udevd[5757]: Unable to EVIOCGABS device "/dev/input/event4"
[  500.015198][ T5757] udevd[5757]: Unable to EVIOCGABS device "/dev/input/event4"
[  500.104716][  T843] usb 5-1: Using ep0 maxpacket: 32
[  500.108406][  T843] usb 5-1: config 0 has an invalid interface number: 119 but max is 0
[  500.111543][  T843] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  500.116090][  T843] usb 5-1: config 0 has no interface number 0
[  500.118928][  T843] usb 5-1: config 0 interface 119 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  500.126298][  T843] usb 5-1: New USB device found, idVendor=05ac, idProduct=0292, bcdDevice=88.73
[  500.130487][  T843] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  500.133603][  T843] usb 5-1: Product: syz
[  500.136071][  T843] usb 5-1: Manufacturer: syz
[  500.138043][  T843] usb 5-1: SerialNumber: syz
[  500.142600][  T843] usb 5-1: config 0 descriptor??
[  500.147944][  T843] input: bcm5974 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.119/input/input49
[  500.197943][T13632] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1914'.
[  500.469745][ T9011] usb 5-1: USB disconnect, device number 31
[  501.898337][T13641] /dev/sr0: Can't open blockdev
[  502.804536][ T5859] usb 7-1: USB disconnect, device number 31
[  504.345192][  T961] usb 8-1: new high-speed USB device number 36 using dummy_hcd
[  504.646244][  T961] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  505.339376][  T961] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  505.359830][  T961] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  505.363588][  T961] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  505.372317][T13665] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  505.378004][  T961] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  505.580597][T13665] FAULT_INJECTION: forcing a failure.
[  505.580597][T13665] name failslab, interval 1, probability 0, space 0, times 0
[  505.595566][T13665] CPU: 3 UID: 0 PID: 13665 Comm: syz.3.1926 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  505.595587][T13665] Tainted: [L]=SOFTLOCKUP
[  505.595591][T13665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  505.595597][T13665] Call Trace:
[  505.595602][T13665]  <TASK>
[  505.595607][T13665]  dump_stack_lvl+0x100/0x190
[  505.595625][T13665]  should_fail_ex.cold+0x5/0xa
[  505.595641][T13665]  ? tomoyo_encode2+0xfb/0x3c0
[  505.595657][T13665]  should_failslab+0xc2/0x120
[  505.595671][T13665]  __kmalloc_noprof+0xe0/0x850
[  505.595682][T13665]  ? d_absolute_path+0x136/0x1b0
[  505.595698][T13665]  tomoyo_encode2+0xfb/0x3c0
[  505.595715][T13665]  tomoyo_encode+0x29/0x50
[  505.595729][T13665]  tomoyo_realpath_from_path+0x18c/0x690
[  505.595748][T13665]  tomoyo_check_open_permission+0x2af/0x3c0
[  505.595762][T13665]  ? __pfx_tomoyo_check_open_permission+0x10/0x10
[  505.595781][T13665]  ? hook_file_open+0x24e/0x7a0
[  505.595805][T13665]  ? path_get+0x61/0x80
[  505.595824][T13665]  tomoyo_file_open+0x6b/0x90
[  505.595843][T13665]  security_file_open+0xb5/0x1e0
[  505.595861][T13665]  do_dentry_open+0x5aa/0x1660
[  505.595882][T13665]  ? security_inode_permission+0xbf/0x250
[  505.595905][T13665]  vfs_open+0x82/0x3f0
[  505.595934][T13665]  path_openat+0x208c/0x31a0
[  505.595961][T13665]  ? do_fast_syscall_32+0x32/0x70
[  505.595985][T13665]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  505.596009][T13665]  ? __pfx_path_openat+0x10/0x10
[  505.596029][T13665]  do_file_open+0x20e/0x430
[  505.596045][T13665]  ? __pfx_do_file_open+0x10/0x10
[  505.596069][T13665]  ? _raw_spin_unlock+0x28/0x50
[  505.596086][T13665]  ? alloc_fd+0x476/0x790
[  505.596105][T13665]  do_sys_openat2+0x10d/0x1e0
[  505.596122][T13665]  ? __pfx_do_sys_openat2+0x10/0x10
[  505.596140][T13665]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  505.596156][T13665]  __ia32_compat_sys_openat+0x12d/0x210
[  505.596168][T13665]  ? __pfx___ia32_compat_sys_openat+0x10/0x10
[  505.596180][T13665]  ? fput+0x79/0x100
[  505.596195][T13665]  ? ksys_write+0x1ac/0x250
[  505.596209][T13665]  ? rcu_is_watching+0x12/0xc0
[  505.596226][T13665]  __do_fast_syscall_32+0xe7/0x950
[  505.596237][T13665]  ? lockdep_hardirqs_on+0x78/0x100
[  505.596249][T13665]  do_fast_syscall_32+0x32/0x70
[  505.596261][T13665]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  505.596275][T13665] RIP: 0023:0xf704ef7c
[  505.596284][T13665] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  505.596296][T13665] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000127
[  505.596307][T13665] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 0000000080000240
[  505.596314][T13665] RDX: 00000000000c2882 RSI: 0000000000000000 RDI: 0000000000000000
[  505.596329][T13665] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  505.596335][T13665] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  505.596342][T13665] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  505.596356][T13665]  </TASK>
[  505.596397][T13665] ERROR: Out of memory at tomoyo_realpath_from_path.
[  505.718891][ T5531] usb 8-1: USB disconnect, device number 36
[  506.350461][ T1432] ieee802154 phy1 wpan1: encryption failed: -22
[  507.168847][T13695] can0: slcan on ttyS3.
[  507.296906][T13696] can0 (unregistered): slcan off ttyS3.
[  508.035871][ T5821] usb 7-1: new high-speed USB device number 32 using dummy_hcd
[  508.155528][ T5531] usb 6-1: new full-speed USB device number 39 using dummy_hcd
[  508.190745][ T5821] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  508.202300][ T5821] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  508.210149][ T5821] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  508.214795][ T5821] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  508.221348][T13700] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  508.226330][ T5821] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  508.307414][ T5531] usb 6-1: config 0 has no interfaces?
[  508.312378][ T5531] usb 6-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=fb.9d
[  508.316706][ T5531] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  508.320373][ T5531] usb 6-1: Product: syz
[  508.322119][ T5531] usb 6-1: Manufacturer: syz
[  508.324044][ T5531] usb 6-1: SerialNumber: syz
[  508.335268][ T5531] usb 6-1: config 0 descriptor??
[  508.564421][  T961] usb 7-1: USB disconnect, device number 32
[  508.747091][ T5859] usb 6-1: USB disconnect, device number 39
[  509.087073][T13718] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  510.479836][T13739] ubi: mtd0 is already attached to ubi16
[  510.491705][T13739] netlink: 'syz.3.1943': attribute type 21 has an invalid length.
[  510.495531][T13739] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1943'.
[  510.503062][T13739] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1943'.
[  510.574315][   T59] Bluetooth: Error in BCSP hdr checksum
[  510.829050][   T59] Bluetooth: Error in BCSP hdr checksum
[  511.088309][   T59] Bluetooth: Error in BCSP hdr checksum
[  511.368547][   T40] kauditd_printk_skb: 5 callbacks suppressed
[  511.368566][   T40] audit: type=1326 audit(1779801372.921:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13746 comm="syz.1.1948" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef7c code=0x7ffc0000
[  511.384730][   T40] audit: type=1326 audit(1779801372.921:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13746 comm="syz.1.1948" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef7c code=0x7ffc0000
[  511.395497][   T40] audit: type=1326 audit(1779801372.931:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13746 comm="syz.1.1948" exe="/syz-executor" sig=0 arch=40000003 syscall=351 compat=1 ip=0xf70bef7c code=0x7ffc0000
[  511.408237][   T40] audit: type=1326 audit(1779801372.931:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13746 comm="syz.1.1948" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef7c code=0x7ffc0000
[  511.417677][   T40] audit: type=1326 audit(1779801372.931:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13746 comm="syz.1.1948" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef7c code=0x7ffc0000
[  511.427492][   T40] audit: type=1326 audit(1779801372.931:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13746 comm="syz.1.1948" exe="/syz-executor" sig=0 arch=40000003 syscall=297 compat=1 ip=0xf70bef7c code=0x7ffc0000
[  511.443139][   T40] audit: type=1326 audit(1779801372.931:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13746 comm="syz.1.1948" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef7c code=0x7ffc0000
[  511.453118][   T40] audit: type=1326 audit(1779801372.941:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13746 comm="syz.1.1948" exe="/syz-executor" sig=0 arch=40000003 syscall=358 compat=1 ip=0xf70bef7c code=0x7ffc0000
[  511.507049][   T40] audit: type=1326 audit(1779801373.051:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13746 comm="syz.1.1948" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef7c code=0x7ffc0000
[  511.518764][   T40] audit: type=1326 audit(1779801373.051:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13746 comm="syz.1.1948" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70bef7c code=0x7ffc0000
[  512.346054][ T5759] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  512.346096][ T5745] Bluetooth: hci4: command 0x1003 tx timeout
[  512.651933][T13759] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  512.735751][T13758] fuse: Bad value for 'group_id'
[  512.738042][T13758] fuse: Bad value for 'group_id'
[  513.902181][T13766] can0: slcan on ttyS3.
[  514.016385][T13767] can0 (unregistered): slcan off ttyS3.
[  514.047261][T13765] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1951'.
[  514.826822][  T101] Bluetooth: Error in BCSP hdr checksum
[  515.100569][   T41] Bluetooth: Error in BCSP hdr checksum
[  515.608052][T13811] ubi: mtd0 is already attached to ubi16
[  515.613350][T13811] netlink: 'syz.1.1962': attribute type 21 has an invalid length.
[  515.615924][T13811] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1962'.
[  515.619965][T13811] netlink: 3 bytes leftover after parsing attributes in process `syz.1.1962'.
[  515.653551][  T961] hid (null): invalid report_size 51505
[  515.654816][T13813] xt_TCPMSS: Only works on TCP SYN packets
[  515.655936][  T961] hid (null): unknown global tag 0xc
[  515.663571][  T961] hid (null): unknown global tag 0xc
[  515.665322][  T961] hid (null): unknown global tag 0x9f
[  515.675935][  T961] hid (null): unknown global tag 0xc
[  515.683345][  T961] hid (null): unknown global tag 0x42
[  515.688184][  T961] hid (null): unknown global tag 0xd
[  515.692889][  T961] hid (null): unknown global tag 0xc
[  515.694829][  T961] hid (null): unknown global tag 0xc
[  515.698440][  T961] hid (null): report_id 0 is invalid
[  515.700184][  T961] hid (null): unknown global tag 0xe
[  515.702022][  T961] hid (null): report_id 16697 is invalid
[  515.703840][  T961] hid (null): bogus close delimiter
[  515.705583][  T961] hid (null): unknown global tag 0xc
[  515.707467][  T961] hid (null): invalid report_size 1234625101
[  515.709396][  T961] hid (null): unknown global tag 0xd
[  515.711110][  T961] hid (null): unknown global tag 0xd
[  515.712957][  T961] hid (null): invalid report_size -2125375034
[  515.714913][  T961] hid (null): report_id 0 is invalid
[  515.716765][  T961] hid (null): invalid report_count -1724469666
[  515.718780][  T961] hid (null): unknown global tag 0xc
[  515.720477][  T961] hid (null): unknown global tag 0xd
[  515.722293][  T961] hid (null): global environment stack overflow
[  515.724365][  T961] hid (null): unknown global tag 0xe
[  515.726469][  T961] hid (null): unknown global tag 0xc
[  515.728258][  T961] hid (null): unknown global tag 0xc
[  515.741508][  T961] hid-generic 0009:0007:0077.0028: unknown main item tag 0x1
[  515.741859][T13823] ubi: mtd0 is already attached to ubi16
[  515.743947][  T961] hid-generic 0009:0007:0077.0028: reserved main item tag 0xd
[  515.750483][  T961] hid-generic 0009:0007:0077.0028: unknown main item tag 0x1
[  515.752987][  T961] hid-generic 0009:0007:0077.0028: unexpected long global item
[  515.754943][T13823] netlink: 'syz.3.1966': attribute type 21 has an invalid length.
[  515.755591][  T961] hid-generic 0009:0007:0077.0028: probe with driver hid-generic failed with error -22
[  515.758588][T13823] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1966'.
[  515.759826][T13823] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1966'.
[  516.036671][  T961] usb 6-1: new full-speed USB device number 40 using dummy_hcd
[  516.225517][  T961] usb 6-1: config 0 has no interfaces?
[  516.239139][  T961] usb 6-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=fb.9d
[  516.243498][  T961] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  516.247495][  T961] usb 6-1: Product: syz
[  516.249451][  T961] usb 6-1: Manufacturer: syz
[  516.251692][  T961] usb 6-1: SerialNumber: syz
[  516.275107][  T961] usb 6-1: config 0 descriptor??
[  516.576383][ T5745] Bluetooth: hci4: command 0x1003 tx timeout
[  516.585588][ T5759] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  516.719607][  T961] usb 6-1: USB disconnect, device number 40
[  516.873590][T13843] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1972'.
[  516.928448][T13843] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1972'.
[  516.960552][T13850] ubi: mtd0 is already attached to ubi16
[  516.964611][T13850] netlink: 'syz.2.1973': attribute type 21 has an invalid length.
[  516.967568][T13850] netlink: 128 bytes leftover after parsing attributes in process `syz.2.1973'.
[  516.970519][T13850] netlink: 3 bytes leftover after parsing attributes in process `syz.2.1973'.
[  516.999740][T13838] /dev/sr0: Can't open blockdev
[  517.044052][T13852] FAULT_INJECTION: forcing a failure.
[  517.044052][T13852] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  517.048553][T13852] CPU: 1 UID: 0 PID: 13852 Comm: syz.3.1971 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  517.048592][T13852] Tainted: [L]=SOFTLOCKUP
[  517.048598][T13852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  517.048608][T13852] Call Trace:
[  517.048614][T13852]  <TASK>
[  517.048620][T13852]  dump_stack_lvl+0x100/0x190
[  517.048643][T13852]  should_fail_ex.cold+0x5/0xa
[  517.048663][T13852]  _copy_from_user+0x2e/0xd0
[  517.048681][T13852]  memdup_user+0x6b/0xe0
[  517.048698][T13852]  strndup_user+0x78/0xe0
[  517.048714][T13852]  __ia32_sys_fsopen+0xa0/0x230
[  517.048730][T13852]  __do_fast_syscall_32+0xe7/0x950
[  517.048746][T13852]  ? lockdep_hardirqs_on+0x78/0x100
[  517.048761][T13852]  do_fast_syscall_32+0x32/0x70
[  517.048776][T13852]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  517.048795][T13852] RIP: 0023:0xf704ef7c
[  517.048807][T13852] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  517.048821][T13852] RSP: 002b:00000000f53fb50c EFLAGS: 00000292 ORIG_RAX: 00000000000001ae
[  517.048836][T13852] RAX: ffffffffffffffda RBX: 0000000080000280 RCX: 0000000000000000
[  517.048851][T13852] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  517.048860][T13852] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  517.048868][T13852] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  517.048876][T13852] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  517.048895][T13852]  </TASK>
[  517.777430][   T41] Bluetooth: Error in BCSP hdr checksum
[  518.036547][   T73] Bluetooth: Error in BCSP hdr checksum
[  518.303314][T13876] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1981'.
[  518.615805][T13880] /dev/sr0: Can't open blockdev
[  518.621376][T13878] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1982'.
[  518.841694][T13889] ubi: mtd0 is already attached to ubi16
[  518.848045][T13889] netlink: 'syz.3.1985': attribute type 21 has an invalid length.
[  519.067034][ T9011] hid (null): invalid report_size 51505
[  519.069802][ T9011] hid (null): unknown global tag 0xc
[  519.072464][ T9011] hid (null): unknown global tag 0xc
[  519.074953][ T9011] hid (null): unknown global tag 0x9f
[  519.078070][ T9011] hid (null): unknown global tag 0xc
[  519.080859][ T9011] hid (null): unknown global tag 0x42
[  519.083325][ T9011] hid (null): unknown global tag 0xd
[  519.085659][ T9011] hid (null): unknown global tag 0xc
[  519.086618][ T5821] usb 5-1: new full-speed USB device number 32 using dummy_hcd
[  519.088131][ T9011] hid (null): unknown global tag 0xc
[  519.092687][ T9011] hid (null): report_id 0 is invalid
[  519.094965][ T9011] hid (null): unknown global tag 0xe
[  519.097750][ T9011] hid (null): report_id 16697 is invalid
[  519.100284][ T9011] hid (null): bogus close delimiter
[  519.102568][ T9011] hid (null): unknown global tag 0xc
[  519.104971][ T9011] hid (null): invalid report_size 1234625101
[  519.107657][ T9011] hid (null): unknown global tag 0xd
[  519.109841][ T9011] hid (null): unknown global tag 0xd
[  519.112041][ T9011] hid (null): invalid report_size -2125375034
[  519.114215][ T9011] hid (null): report_id 0 is invalid
[  519.115986][ T9011] hid (null): invalid report_count -1724469666
[  519.118878][ T9011] hid (null): unknown global tag 0xc
[  519.120929][ T9011] hid (null): unknown global tag 0xd
[  519.122669][ T9011] hid (null): global environment stack overflow
[  519.124640][ T9011] hid (null): unknown global tag 0xe
[  519.126793][ T9011] hid (null): unknown global tag 0xc
[  519.129003][ T9011] hid (null): unknown global tag 0xc
[  519.133112][ T9011] hid-generic 0009:0007:0077.0029: unknown main item tag 0x1
[  519.136058][ T9011] hid-generic 0009:0007:0077.0029: reserved main item tag 0xd
[  519.139293][ T9011] hid-generic 0009:0007:0077.0029: unknown main item tag 0x1
[  519.141633][ T9011] hid-generic 0009:0007:0077.0029: unexpected long global item
[  519.144208][ T9011] hid-generic 0009:0007:0077.0029: probe with driver hid-generic failed with error -22
[  519.248423][ T5821] usb 5-1: config 0 has no interfaces?
[  519.253174][ T5821] usb 5-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=fb.9d
[  519.256686][ T5821] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  519.259264][ T5821] usb 5-1: Product: syz
[  519.260644][ T5821] usb 5-1: Manufacturer: syz
[  519.262159][ T5821] usb 5-1: SerialNumber: syz
[  519.267925][ T5821] usb 5-1: config 0 descriptor??
[  519.359217][T13907] kvm: apic: phys broadcast and lowest prio
[  519.482425][ T5821] usb 5-1: USB disconnect, device number 32
[  519.536692][ T5759] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  519.537443][ T5745] Bluetooth: hci4: command 0x1003 tx timeout
[  519.740109][   T40] kauditd_printk_skb: 29 callbacks suppressed
[  519.740121][   T40] audit: type=1326 audit(1779801381.290:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13909 comm="syz.1.1991" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70bef7c code=0x0
[  519.879472][T13912] /dev/sr0: Can't open blockdev
[  520.120104][T13920] ubi: mtd0 is already attached to ubi16
[  520.131679][T13920] netlink: 'syz.0.1994': attribute type 21 has an invalid length.
[  521.097603][T13928] can0: slcan on ttyS3.
[  521.485940][T13928] can0 (unregistered): slcan off ttyS3.
[  521.734042][T13947] Bluetooth: MGMT ver 1.23
[  521.887286][  T101] Bluetooth: Error in BCSP hdr checksum
[  522.147430][  T163] Bluetooth: Error in BCSP hdr checksum
[  522.377879][T13958] /dev/sr0: Can't open blockdev
[  522.407017][  T163] Bluetooth: Error in BCSP hdr checksum
[  522.627079][   T40] audit: type=1326 audit(1779801384.180:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13962 comm="syz.0.2003" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x0
[  522.946838][T11585] usb 6-1: new full-speed USB device number 41 using dummy_hcd
[  523.108709][T11585] usb 6-1: config 0 has no interfaces?
[  523.113809][T11585] usb 6-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=fb.9d
[  523.117202][T11585] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  523.119856][T11585] usb 6-1: Product: syz
[  523.121213][T11585] usb 6-1: Manufacturer: syz
[  523.122717][T11585] usb 6-1: SerialNumber: syz
[  523.128037][T11585] usb 6-1: config 0 descriptor??
[  523.346952][ T5821] usb 6-1: USB disconnect, device number 41
[  523.696975][ T5745] Bluetooth: hci4: command 0x1003 tx timeout
[  523.700289][ T5759] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  523.749181][T13977] __nla_validate_parse: 4 callbacks suppressed
[  523.749197][T13977] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2005'.
[  523.764206][T13977] bond0: left allmulticast mode
[  523.766188][T13977] ip6gretap1: left allmulticast mode
[  523.769301][T13977] bond0: left promiscuous mode
[  523.771292][T13977] ip6gretap1: left promiscuous mode
[  523.783924][  T101] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 256 - 0
[  523.789368][  T101] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 256 - 0
[  523.795538][  T101] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 256 - 0
[  523.802814][  T101] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 256 - 0
[  524.173109][T13985] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2008'.
[  525.411512][T13991] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2009'.
[  525.578710][T13993] /dev/sr0: Can't open blockdev
[  525.714559][T13997] FAULT_INJECTION: forcing a failure.
[  525.714559][T13997] name failslab, interval 1, probability 0, space 0, times 0
[  525.722553][T13997] CPU: 3 UID: 0 PID: 13997 Comm: syz.1.2011 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  525.722575][T13997] Tainted: [L]=SOFTLOCKUP
[  525.722580][T13997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  525.722588][T13997] Call Trace:
[  525.722604][T13997]  <TASK>
[  525.722611][T13997]  dump_stack_lvl+0x100/0x190
[  525.722630][T13997]  should_fail_ex.cold+0x5/0xa
[  525.722647][T13997]  should_failslab+0xc2/0x120
[  525.722665][T13997]  __kmalloc_cache_noprof+0x7a/0x6f0
[  525.722683][T13997]  ? binder_alloc_new_buf+0x1bb/0x30b0
[  525.722708][T13997]  binder_alloc_new_buf+0x1bb/0x30b0
[  525.722727][T13997]  ? binder_debug+0xe0/0x190
[  525.722741][T13997]  ? __pfx_binder_debug+0x10/0x10
[  525.722772][T13997]  ? __pfx_binder_alloc_new_buf+0x10/0x10
[  525.722795][T13997]  binder_transaction+0x1eb0/0x9c10
[  525.722824][T13997]  ? __lock_acquire+0x4a5/0x2630
[  525.722838][T13997]  ? __lock_acquire+0x4a5/0x2630
[  525.722849][T13997]  ? __pfx_binder_transaction+0x10/0x10
[  525.722869][T13997]  ? __lock_acquire+0x4a5/0x2630
[  525.722883][T13997]  ? __lock_acquire+0x4a5/0x2630
[  525.722898][T13997]  ? __lock_acquire+0x4a5/0x2630
[  525.722918][T13997]  ? __lock_acquire+0x4a5/0x2630
[  525.722930][T13997]  ? __lock_acquire+0x4a5/0x2630
[  525.722942][T13997]  ? is_bpf_text_address+0x94/0x1a0
[  525.722964][T13997]  ? find_held_lock+0x2b/0x80
[  525.722979][T13997]  ? __might_fault+0xc5/0x140
[  525.722996][T13997]  ? __might_fault+0xc5/0x140
[  525.723021][T13997]  binder_thread_write+0x1303/0x4db0
[  525.723044][T13997]  ? __lock_acquire+0x4a5/0x2630
[  525.723055][T13997]  ? __pfx_binder_thread_write+0x10/0x10
[  525.723073][T13997]  ? binder_debug+0xe0/0x190
[  525.723088][T13997]  ? __pfx_binder_debug+0x10/0x10
[  525.723103][T13997]  ? binder_debug+0xe0/0x190
[  525.723117][T13997]  ? __pfx_binder_debug+0x10/0x10
[  525.723140][T13997]  ? __pfx_binder_ioctl+0x10/0x10
[  525.723162][T13997]  binder_ioctl+0x28f8/0x7550
[  525.723182][T13997]  ? find_held_lock+0x2b/0x80
[  525.723197][T13997]  ? tomoyo_path_number_perm+0x28f/0x580
[  525.723211][T13997]  ? tomoyo_path_number_perm+0x28f/0x580
[  525.723227][T13997]  ? tomoyo_path_number_perm+0x188/0x580
[  525.723242][T13997]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  525.723256][T13997]  ? __pfx_binder_ioctl+0x10/0x10
[  525.723276][T13997]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  525.723295][T13997]  ? do_vfs_ioctl+0x226/0x13e0
[  525.723309][T13997]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  525.723325][T13997]  ? find_held_lock+0x2b/0x80
[  525.723340][T13997]  ? __fget_files+0x215/0x3d0
[  525.723354][T13997]  ? hook_file_ioctl_common+0x149/0x410
[  525.723371][T13997]  ? __fget_files+0x21f/0x3d0
[  525.723387][T13997]  ? __pfx_binder_ioctl+0x10/0x10
[  525.723403][T13997]  compat_ptr_ioctl+0x6e/0xa0
[  525.723414][T13997]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[  525.723425][T13997]  __ia32_compat_sys_ioctl+0x2cf/0x360
[  525.723439][T13997]  __do_fast_syscall_32+0xe7/0x950
[  525.723452][T13997]  ? lockdep_hardirqs_on+0x78/0x100
[  525.723464][T13997]  do_fast_syscall_32+0x32/0x70
[  525.723476][T13997]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  525.723491][T13997] RIP: 0023:0xf70bef7c
[  525.723502][T13997] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  525.723514][T13997] RSP: 002b:00000000f54ad50c EFLAGS: 00000292 ORIG_RAX: 0000000000000036
[  525.723525][T13997] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201
[  525.723532][T13997] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000
[  525.723539][T13997] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  525.723545][T13997] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  525.723552][T13997] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  525.723566][T13997]  </TASK>
[  526.668329][T14005] can0: slcan on ttyS3.
[  526.748819][T14005] can0 (unregistered): slcan off ttyS3.
[  527.257487][T13986] Bluetooth: Error in BCSP hdr checksum
[  527.387543][T11585] usb 6-1: new full-speed USB device number 42 using dummy_hcd
[  527.517541][   T41] Bluetooth: Error in BCSP hdr checksum
[  527.558744][T11585] usb 6-1: config 0 has no interfaces?
[  527.562415][T11585] usb 6-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=fb.9d
[  527.565542][T11585] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  527.568472][T11585] usb 6-1: Product: syz
[  527.570267][T11585] usb 6-1: Manufacturer: syz
[  527.571928][T11585] usb 6-1: SerialNumber: syz
[  527.578302][T11585] usb 6-1: config 0 descriptor??
[  527.777623][   T41] Bluetooth: Error in BCSP hdr checksum
[  527.805751][T11585] usb 6-1: USB disconnect, device number 42
[  528.095379][T14029] trusted_key: encrypted_key: keyword 'loadU�cryptfs' not recognized
[  528.651180][T14043] can0: slcan on ttyS3.
[  528.743729][   T40] audit: type=1326 audit(1779801390.300:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14047 comm="syz.3.2023" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf704ef7c code=0x0
[  528.751429][T14039] can0 (unregistered): slcan off ttyS3.
[  529.062551][ T5759] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  530.596805][  T961] hid (null): invalid report_size 51505
[  530.600037][  T961] hid (null): unknown global tag 0xc
[  530.607468][  T961] hid (null): unknown global tag 0xc
[  530.609346][  T961] hid (null): unknown global tag 0x9f
[  530.613882][  T961] hid (null): unknown global tag 0xc
[  530.615708][  T961] hid (null): unknown global tag 0x42
[  530.620510][  T961] hid (null): unknown global tag 0xd
[  530.622603][  T961] hid (null): unknown global tag 0xc
[  530.624383][  T961] hid (null): unknown global tag 0xc
[  530.626160][  T961] hid (null): report_id 0 is invalid
[  530.628340][  T961] hid (null): unknown global tag 0xe
[  530.630077][  T961] hid (null): report_id 16697 is invalid
[  530.632039][  T961] hid (null): bogus close delimiter
[  530.633996][  T961] hid (null): unknown global tag 0xc
[  530.636032][  T961] hid (null): invalid report_size 1234625101
[  530.638609][  T961] hid (null): unknown global tag 0xd
[  530.639502][T14085] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8)
[  530.640413][  T961] hid (null): unknown global tag 0xd
[  530.642691][T14085] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  530.647036][  T961] hid (null): invalid report_size -2125375034
[  530.649412][  T961] hid (null): report_id 0 is invalid
[  530.649802][T14085] vhci_hcd vhci_hcd.0: Device attached
[  530.651151][  T961] hid (null): invalid report_count -1724469666
[  530.655046][  T961] hid (null): unknown global tag 0xc
[  530.656769][  T961] hid (null): unknown global tag 0xd
[  530.660096][  T961] hid (null): global environment stack overflow
[  530.662117][  T961] hid (null): unknown global tag 0xe
[  530.662913][T14085] FAULT_INJECTION: forcing a failure.
[  530.662913][T14085] name failslab, interval 1, probability 0, space 0, times 0
[  530.664091][  T961] hid (null): unknown global tag 0xc
[  530.668387][T14085] CPU: 0 UID: 0 PID: 14085 Comm: syz.3.2031 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  530.668407][T14085] Tainted: [L]=SOFTLOCKUP
[  530.668413][T14085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  530.668422][T14085] Call Trace:
[  530.668428][T14085]  <TASK>
[  530.668434][T14085]  dump_stack_lvl+0x100/0x190
[  530.668459][T14085]  should_fail_ex.cold+0x5/0xa
[  530.668475][T14085]  should_failslab+0xc2/0x120
[  530.668489][T14085]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  530.668501][T14085]  ? ptlock_alloc+0x1f/0x70
[  530.668520][T14085]  ptlock_alloc+0x1f/0x70
[  530.668536][T14085]  pte_alloc_one+0x82/0x3d0
[  530.668553][T14085]  __pte_alloc+0x6d/0x3e0
[  530.668566][T14085]  ? __pfx___pte_alloc+0x10/0x10
[  530.668579][T14085]  ? __lock_acquire+0x4a5/0x2630
[  530.668596][T14085]  ? bpf_ksym_find+0x124/0x1c0
[  530.668623][T14085]  do_anonymous_page+0x13c6/0x2050
[  530.668648][T14085]  ? __pfx_pgd_none+0x10/0x10
[  530.668676][T14085]  __handle_mm_fault+0x1d2c/0x2a00
[  530.668703][T14085]  ? mt_find+0x45e/0x8e0
[  530.668718][T14085]  ? __pfx___handle_mm_fault+0x10/0x10
[  530.668734][T14085]  ? __pfx_mt_find+0x10/0x10
[  530.668754][T14085]  ? find_vma+0xbf/0x140
[  530.668766][T14085]  ? __pfx_find_vma+0x10/0x10
[  530.668780][T14085]  handle_mm_fault+0x36d/0xa20
[  530.668800][T14085]  do_user_addr_fault+0x74c/0x12f0
[  530.668816][T14085]  ? trace_page_fault_kernel+0x7a/0x200
[  530.668831][T14085]  exc_page_fault+0x6f/0xd0
[  530.668850][T14085]  asm_exc_page_fault+0x26/0x30
[  530.668862][T14085] RIP: 0010:_copy_to_user+0x9f/0xd0
[  530.668876][T14085] Code: 89 ee 48 89 ef e8 01 72 10 fd 4d 85 ff 75 26 e8 d7 77 10 fd 89 de 4c 89 e7 e8 fd 4c 7d fd 0f 01 cb 48 89 d9 48 89 ef 4c 89 e6 <f3> a4 0f 1f 00 0f 01 ca 48 89 cb e8 b1 77 10 fd 48 89 d8 5b 5d 41
[  530.668887][T14085] RSP: 0018:ffffc900005cfce8 EFLAGS: 00050297
[  530.668896][T14085] RAX: 0000000000000001 RBX: 0000000000000004 RCX: 0000000000000004
[  530.668903][T14085] RDX: 0000000000000001 RSI: ffffc900005cfda0 RDI: 0000000080bbdffc
[  530.668910][T14085] RBP: 0000000080bbdffc R08: 0000000000000000 R09: fffff520000b9fb4
[  530.668917][T14085] R10: 0000000000000003 R11: 0000000000000000 R12: ffffc900005cfda0
[  530.668924][T14085] R13: 0000000080bbe000 R14: 00007ffffffff000 R15: 0000000000000000
[  530.668938][T14085]  ? _copy_to_user+0x93/0xd0
[  530.668951][T14085]  do_timer_create+0x6d9/0x1480
[  530.668968][T14085]  ? __pfx_do_timer_create+0x10/0x10
[  530.668982][T14085]  ? __fget_files+0x215/0x3d0
[  530.668998][T14085]  ? __asan_memset+0x23/0x50
[  530.669016][T14085]  __ia32_compat_sys_timer_create+0x17c/0x1c0
[  530.669036][T14085]  ? __pfx___ia32_compat_sys_timer_create+0x10/0x10
[  530.669063][T14085]  ? rcu_is_watching+0x12/0xc0
[  530.669087][T14085]  __do_fast_syscall_32+0xe7/0x950
[  530.669105][T14085]  ? lockdep_hardirqs_on+0x78/0x100
[  530.669121][T14085]  do_fast_syscall_32+0x32/0x70
[  530.669138][T14085]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  530.669161][T14085] RIP: 0023:0xf704ef7c
[  530.669174][T14085] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  530.669184][T14085] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000103
[  530.669194][T14085] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080533fa0
[  530.669201][T14085] RDX: 0000000080bbdffc RSI: 0000000000000000 RDI: 0000000000000000
[  530.669207][T14085] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  530.669213][T14085] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  530.669220][T14085] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  530.669234][T14085]  </TASK>
[  530.798919][  T961] hid (null): unknown global tag 0xc
[  530.805070][  T961] hid-generic 0009:0007:0077.002A: unknown main item tag 0x1
[  530.808360][  T961] hid-generic 0009:0007:0077.002A: reserved main item tag 0xd
[  530.810870][  T961] hid-generic 0009:0007:0077.002A: unknown main item tag 0x1
[  530.813329][  T961] hid-generic 0009:0007:0077.002A: unexpected long global item
[  530.816072][  T961] hid-generic 0009:0007:0077.002A: probe with driver hid-generic failed with error -22
[  530.837649][  T843] vhci_hcd vhci_hcd.3: vhci_device speed not set
[  530.860817][T14094] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2032'.
[  530.909228][  T843] usb 43-1: new full-speed USB device number 2 using vhci_hcd
[  530.909419][T14096] ubi: mtd0 is already attached to ubi16
[  530.924250][T14096] netlink: 'syz.2.2033': attribute type 21 has an invalid length.
[  530.931587][T14096] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2033'.
[  530.941282][T14096] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2033'.
[  531.065689][T14101] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2034'.
[  531.460172][T14087] vhci_hcd: connection reset by peer
[  531.470914][  T163] vhci_hcd vhci_hcd.3: stop threads
[  531.473349][  T163] vhci_hcd vhci_hcd.3: release socket
[  531.481477][  T163] vhci_hcd vhci_hcd.3: disconnect device
[  531.879666][   T41] Bluetooth: Error in BCSP hdr checksum
[  531.989910][T14112] /dev/sr0: Can't open blockdev
[  532.137852][   T41] Bluetooth: Error in BCSP hdr checksum
[  533.253295][ T5850] hid (null): invalid report_size 51505
[  533.255360][ T5850] hid (null): unknown global tag 0xc
[  533.257412][ T5850] hid (null): unknown global tag 0xc
[  533.259087][ T5850] hid (null): unknown global tag 0x9f
[  533.260945][ T5850] hid (null): unknown global tag 0xc
[  533.262695][ T5850] hid (null): unknown global tag 0x42
[  533.264458][ T5850] hid (null): unknown global tag 0xd
[  533.266187][ T5850] hid (null): unknown global tag 0xc
[  533.268067][ T5850] hid (null): unknown global tag 0xc
[  533.269746][ T5850] hid (null): report_id 0 is invalid
[  533.271622][ T5850] hid (null): unknown global tag 0xe
[  533.273400][ T5850] hid (null): report_id 16697 is invalid
[  533.275414][ T5850] hid (null): bogus close delimiter
[  533.277132][ T5850] hid (null): unknown global tag 0xc
[  533.279223][ T5850] hid (null): invalid report_size 1234625101
[  533.281211][ T5850] hid (null): unknown global tag 0xd
[  533.283212][ T5850] hid (null): unknown global tag 0xd
[  533.284890][ T5850] hid (null): invalid report_size -2125375034
[  533.286961][ T5850] hid (null): report_id 0 is invalid
[  533.288686][ T5850] hid (null): invalid report_count -1724469666
[  533.290621][ T5850] hid (null): unknown global tag 0xc
[  533.292426][ T5850] hid (null): unknown global tag 0xd
[  533.294164][ T5850] hid (null): global environment stack overflow
[  533.296352][ T5850] hid (null): unknown global tag 0xe
[  533.300529][ T5850] hid (null): unknown global tag 0xc
[  533.304911][ T5850] hid (null): unknown global tag 0xc
[  533.312549][ T5850] hid-generic 0009:0007:0077.002B: unknown main item tag 0x1
[  533.317517][ T5850] hid-generic 0009:0007:0077.002B: reserved main item tag 0xd
[  533.320221][ T5850] hid-generic 0009:0007:0077.002B: unknown main item tag 0x1
[  533.322759][ T5850] hid-generic 0009:0007:0077.002B: unexpected long global item
[  533.325652][ T5850] hid-generic 0009:0007:0077.002B: probe with driver hid-generic failed with error -22
[  533.595325][T14136] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2044'.
[  533.697524][ T5745] Bluetooth: hci4: command 0x1003 tx timeout
[  533.699878][ T5759] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  534.610236][   T40] audit: type=1326 audit(1779801908.164:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14145 comm="syz.1.2047" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70bef7c code=0x0
[  534.621130][T14143] /dev/sr0: Can't open blockdev
[  535.230182][   T40] audit: type=1326 audit(1779801908.774:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14151 comm="syz.0.2048" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x0
[  536.007451][  T843] vhci_hcd vhci_hcd.3: vhci_device speed not set
[  536.231087][ T5850] hid (null): invalid report_size 51505
[  536.237610][ T5850] hid (null): unknown global tag 0xc
[  536.239315][ T5850] hid (null): unknown global tag 0xc
[  536.241517][ T5850] hid (null): unknown global tag 0x9f
[  536.243780][ T5850] hid (null): unknown global tag 0xc
[  536.245480][ T5850] hid (null): unknown global tag 0x42
[  536.247164][ T5850] hid (null): unknown global tag 0xd
[  536.248826][ T5850] hid (null): unknown global tag 0xc
[  536.250394][ T5850] hid (null): unknown global tag 0xc
[  536.252134][ T5850] hid (null): report_id 0 is invalid
[  536.253763][ T5850] hid (null): unknown global tag 0xe
[  536.255485][ T5850] hid (null): report_id 16697 is invalid
[  536.258016][ T5850] hid (null): bogus close delimiter
[  536.259610][ T5850] hid (null): unknown global tag 0xc
[  536.261237][ T5850] hid (null): invalid report_size 1234625101
[  536.263213][ T5850] hid (null): unknown global tag 0xd
[  536.264892][ T5850] hid (null): unknown global tag 0xd
[  536.266629][ T5850] hid (null): invalid report_size -2125375034
[  536.268950][ T5850] hid (null): report_id 0 is invalid
[  536.270536][ T5850] hid (null): invalid report_count -1724469666
[  536.272487][ T5850] hid (null): unknown global tag 0xc
[  536.274211][ T5850] hid (null): unknown global tag 0xd
[  536.275970][ T5850] hid (null): global environment stack overflow
[  536.277980][ T5850] hid (null): unknown global tag 0xe
[  536.279604][ T5850] hid (null): unknown global tag 0xc
[  536.281264][ T5850] hid (null): unknown global tag 0xc
[  536.288760][ T5850] hid-generic 0009:0007:0077.002C: unknown main item tag 0x1
[  536.291784][ T5850] hid-generic 0009:0007:0077.002C: reserved main item tag 0xd
[  536.294094][ T5850] hid-generic 0009:0007:0077.002C: unknown main item tag 0x1
[  536.298703][ T5850] hid-generic 0009:0007:0077.002C: unexpected long global item
[  536.302373][ T5850] hid-generic 0009:0007:0077.002C: probe with driver hid-generic failed with error -22
[  536.471312][ T5899] usb 7-1: new full-speed USB device number 33 using dummy_hcd
[  537.535671][   T40] audit: type=1326 audit(1779801911.084:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14186 comm="syz.0.2058" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x0
[  537.548718][ T5899] usb 7-1: config 0 has no interfaces?
[  537.552065][ T5899] usb 7-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=fb.9d
[  537.554816][ T5899] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  537.557146][ T5899] usb 7-1: Product: syz
[  537.558510][ T5899] usb 7-1: Manufacturer: syz
[  537.559918][ T5899] usb 7-1: SerialNumber: syz
[  537.562636][ T5899] usb 7-1: config 0 descriptor??
[  537.934778][ T5859] usb 7-1: USB disconnect, device number 33
[  538.347534][ T5759] Bluetooth: hci4: command 0x1003 tx timeout
[  538.347567][ T5745] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  539.226384][T14206] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2061'.
[  539.241871][T14206] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2061'.
[  540.319354][T14209] /dev/sr0: Can't open blockdev
[  540.506798][T14219] IPv6: Can't replace route, no match found
[  540.927150][T14225] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2068'.
[  540.939963][T14225] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2068'.
[  540.976164][   T40] audit: type=1326 audit(1779801914.524:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14227 comm="syz.1.2069" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70bef7c code=0x0
[  542.037818][   T41] Bluetooth: Error in BCSP hdr checksum
[  542.298518][   T41] Bluetooth: Error in BCSP hdr checksum
[  542.570179][ T3555] Bluetooth: Error in BCSP hdr checksum
[  543.195622][T14248] can0: slcan on ttyS3.
[  543.270242][T14248] can0 (unregistered): slcan off ttyS3.
[  543.317572][ T5859] usb 6-1: new full-speed USB device number 43 using dummy_hcd
[  543.488736][ T5859] usb 6-1: config 0 has no interfaces?
[  543.493940][ T5859] usb 6-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=fb.9d
[  543.498413][ T5859] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  543.502770][ T5859] usb 6-1: Product: syz
[  543.506638][ T5859] usb 6-1: Manufacturer: syz
[  543.510129][ T5859] usb 6-1: SerialNumber: syz
[  543.519678][ T5859] usb 6-1: config 0 descriptor??
[  543.655262][T14267] can0: slcan on ttyS3.
[  543.743148][ T5859] usb 6-1: USB disconnect, device number 43
[  543.789691][ T5745] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  543.819873][T14266] can0 (unregistered): slcan off ttyS3.
[  544.365994][   T40] audit: type=1326 audit(1779801917.914:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14286 comm="syz.1.2078" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70bef7c code=0x0
[  544.826454][  T961] hid (null): invalid report_size 51505
[  544.829694][  T961] hid (null): unknown global tag 0xc
[  544.832137][  T961] hid (null): unknown global tag 0xc
[  544.834627][  T961] hid (null): unknown global tag 0x9f
[  544.837199][  T961] hid (null): unknown global tag 0xc
[  544.839921][  T961] hid (null): unknown global tag 0x42
[  544.842322][  T961] hid (null): unknown global tag 0xd
[  544.844740][  T961] hid (null): unknown global tag 0xc
[  544.846994][  T961] hid (null): unknown global tag 0xc
[  544.849345][  T961] hid (null): report_id 0 is invalid
[  544.851581][  T961] hid (null): unknown global tag 0xe
[  544.853839][  T961] hid (null): report_id 16697 is invalid
[  544.856398][  T961] hid (null): bogus close delimiter
[  544.858699][  T961] hid (null): unknown global tag 0xc
[  544.860966][  T961] hid (null): invalid report_size 1234625101
[  544.863505][  T961] hid (null): unknown global tag 0xd
[  544.865719][  T961] hid (null): unknown global tag 0xd
[  544.868880][  T961] hid (null): invalid report_size -2125375034
[  544.871529][  T961] hid (null): report_id 0 is invalid
[  544.873753][  T961] hid (null): invalid report_count -1724469666
[  544.876327][  T961] hid (null): unknown global tag 0xc
[  544.879012][  T961] hid (null): unknown global tag 0xd
[  544.881280][  T961] hid (null): global environment stack overflow
[  544.884027][  T961] hid (null): unknown global tag 0xe
[  544.886366][  T961] hid (null): unknown global tag 0xc
[  544.889324][  T961] hid (null): unknown global tag 0xc
[  544.896342][  T961] hid-generic 0009:0007:0077.002D: unknown main item tag 0x1
[  544.899686][  T961] hid-generic 0009:0007:0077.002D: reserved main item tag 0xd
[  544.902872][  T961] hid-generic 0009:0007:0077.002D: unknown main item tag 0x1
[  544.905952][  T961] hid-generic 0009:0007:0077.002D: unexpected long global item
[  544.910113][  T961] hid-generic 0009:0007:0077.002D: probe with driver hid-generic failed with error -22
[  545.491443][T14304] ubi: mtd0 is already attached to ubi16
[  545.513902][T14304] netlink: 'syz.0.2082': attribute type 21 has an invalid length.
[  545.516835][T14304] netlink: 128 bytes leftover after parsing attributes in process `syz.0.2082'.
[  545.523569][T14304] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2082'.
[  546.079029][T14309] /dev/sr0: Can't open blockdev
[  546.524965][ T3555] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  546.541598][ T3555] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  546.553589][ T3555] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  546.569241][ T3555] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  546.785538][T14327] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2088'.
[  547.177830][ T5899] usb 7-1: new full-speed USB device number 34 using dummy_hcd
[  547.345332][ T5899] usb 7-1: config 0 has no interfaces?
[  547.360340][ T5899] usb 7-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=fb.9d
[  547.364348][ T5899] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  547.370503][ T5899] usb 7-1: Product: syz
[  547.372615][ T5899] usb 7-1: Manufacturer: syz
[  547.374770][ T5899] usb 7-1: SerialNumber: syz
[  547.418992][ T5899] usb 7-1: config 0 descriptor??
[  547.707495][ T5899] usb 7-1: USB disconnect, device number 34
[  547.897488][ T5850] usb 5-1: new full-speed USB device number 33 using dummy_hcd
[  548.077920][ T5850] usb 5-1: config 0 has no interfaces?
[  548.081932][ T5850] usb 5-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=fb.9d
[  548.085638][ T5850] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  548.089330][ T5850] usb 5-1: Product: syz
[  548.090778][ T5850] usb 5-1: Manufacturer: syz
[  548.092701][ T5850] usb 5-1: SerialNumber: syz
[  548.097978][ T5850] usb 5-1: config 0 descriptor??
[  548.180858][T14342] ubi: mtd0 is already attached to ubi16
[  548.189094][T14342] netlink: 'syz.3.2091': attribute type 21 has an invalid length.
[  548.192381][T14342] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2091'.
[  548.196764][T14342] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2091'.
[  548.341628][T14321] can0: slcan on ttyS3.
[  548.359983][ T5531] hid (null): invalid report_size 51505
[  548.386447][ T5531] hid (null): unknown global tag 0xc
[  548.392999][ T5899] usb 5-1: USB disconnect, device number 33
[  548.405863][ T5531] hid (null): unknown global tag 0xc
[  548.407720][ T5531] hid (null): unknown global tag 0x9f
[  548.424394][ T5531] hid (null): unknown global tag 0xc
[  548.429086][ T5531] hid (null): unknown global tag 0x42
[  548.434513][ T5531] hid (null): unknown global tag 0xd
[  548.437503][ T5531] hid (null): unknown global tag 0xc
[  548.439977][ T5531] hid (null): unknown global tag 0xc
[  548.443552][ T5531] hid (null): report_id 0 is invalid
[  548.446901][ T5531] hid (null): unknown global tag 0xe
[  548.451908][ T5531] hid (null): report_id 16697 is invalid
[  548.454497][ T5531] hid (null): bogus close delimiter
[  548.456729][ T5531] hid (null): unknown global tag 0xc
[  548.461119][ T5531] hid (null): invalid report_size 1234625101
[  548.467207][ T5531] hid (null): unknown global tag 0xd
[  548.474435][T14340] can0 (unregistered): slcan off ttyS3.
[  548.481616][ T5531] hid (null): unknown global tag 0xd
[  548.492274][ T5531] hid (null): invalid report_size -2125375034
[  548.502915][ T5531] hid (null): report_id 0 is invalid
[  548.505317][ T5531] hid (null): invalid report_count -1724469666
[  548.508431][ T5531] hid (null): unknown global tag 0xc
[  548.511247][ T5531] hid (null): unknown global tag 0xd
[  548.513333][ T5531] hid (null): global environment stack overflow
[  548.518682][ T5531] hid (null): unknown global tag 0xe
[  548.524369][ T5531] hid (null): unknown global tag 0xc
[  548.534615][ T5531] hid (null): unknown global tag 0xc
[  548.547915][ T5531] hid-generic 0009:0007:0077.002E: unknown main item tag 0x1
[  548.550946][ T5531] hid-generic 0009:0007:0077.002E: reserved main item tag 0xd
[  548.553422][ T5531] hid-generic 0009:0007:0077.002E: unknown main item tag 0x1
[  548.556102][ T5531] hid-generic 0009:0007:0077.002E: unexpected long global item
[  548.562221][ T5531] hid-generic 0009:0007:0077.002E: probe with driver hid-generic failed with error -22
[  548.897685][T14363] /dev/sr0: Can't open blockdev
[  550.739605][ T5850] usb 5-1: new full-speed USB device number 34 using dummy_hcd
[  552.481911][   T73] Bluetooth: Error in BCSP hdr checksum
[  552.499251][ T5850] usb 5-1: config 0 has no interfaces?
[  552.502746][ T5850] usb 5-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=fb.9d
[  552.506215][ T5850] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  552.508885][ T5850] usb 5-1: Product: syz
[  552.510219][ T5850] usb 5-1: Manufacturer: syz
[  552.511773][ T5850] usb 5-1: SerialNumber: syz
[  552.515232][ T5850] usb 5-1: config 0 descriptor??
[  552.619641][T14411] /dev/sr0: Can't open blockdev
[  552.654810][T14408] can0: slcan on ttyS3.
[  552.728194][T14408] can0 (unregistered): slcan off ttyS3.
[  552.760368][ T5899] usb 5-1: USB disconnect, device number 34
[  553.777477][ T5759] Bluetooth: hci4: command 0x1003 tx timeout
[  553.784689][ T5745] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  554.231347][T14443] ubi: mtd0 is already attached to ubi16
[  554.267606][T14443] netlink: 'syz.3.2108': attribute type 21 has an invalid length.
[  554.287369][T14443] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2108'.
[  554.290924][T14443] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2108'.
[  555.491201][T14453] netlink: zone id is out of range
[  555.503829][T14453] netlink: zone id is out of range
[  555.526573][T14453] netlink: zone id is out of range
[  555.528334][T14453] netlink: zone id is out of range
[  555.532915][T14453] netlink: zone id is out of range
[  555.537617][T14453] netlink: zone id is out of range
[  555.540863][T14453] netlink: zone id is out of range
[  555.681824][T14453] netlink: zone id is out of range
[  555.683817][T14453] netlink: zone id is out of range
[  555.685441][T14453] netlink: zone id is out of range
[  555.687733][T14453] FAULT_INJECTION: forcing a failure.
[  555.687733][T14453] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  555.693885][T14453] CPU: 1 UID: 0 PID: 14453 Comm: syz.2.2112 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  555.693916][T14453] Tainted: [L]=SOFTLOCKUP
[  555.693922][T14453] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  555.693929][T14453] Call Trace:
[  555.693934][T14453]  <TASK>
[  555.693939][T14453]  dump_stack_lvl+0x100/0x190
[  555.693970][T14453]  should_fail_ex.cold+0x5/0xa
[  555.693986][T14453]  _copy_from_user+0x2e/0xd0
[  555.694001][T14453]  kstrtouint_from_user+0xd6/0x1d0
[  555.694017][T14453]  ? __pfx_kstrtouint_from_user+0x10/0x10
[  555.694032][T14453]  ? __lock_acquire+0x4a5/0x2630
[  555.694051][T14453]  proc_fail_nth_write+0x83/0x220
[  555.694063][T14453]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  555.694078][T14453]  vfs_write+0x2aa/0x1070
[  555.694093][T14453]  ? __pfx_proc_fail_nth_write+0x10/0x10
[  555.694105][T14453]  ? __pfx_vfs_write+0x10/0x10
[  555.694117][T14453]  ? find_held_lock+0x2b/0x80
[  555.694132][T14453]  ? __fget_files+0x215/0x3d0
[  555.694154][T14453]  ? __fget_files+0x21f/0x3d0
[  555.694171][T14453]  ksys_write+0x12a/0x250
[  555.694184][T14453]  ? __pfx_ksys_write+0x10/0x10
[  555.694199][T14453]  ? rcu_is_watching+0x12/0xc0
[  555.694215][T14453]  do_int80_emulation+0x141/0x700
[  555.694229][T14453]  asm_int80_emulation+0x1a/0x20
[  555.694242][T14453] RIP: 0023:0xf71161ab
[  555.694251][T14453] Code: 57 56 53 8b 44 24 14 f6 00 08 75 23 8b 44 24 18 8b 5c 24 1c 8b 4c 24 20 8b 54 24 24 8b 74 24 28 8b 7c 24 2c 8b 6c 24 30 cd 80 <5b> 5e 5f 5d c3 5b 5e 5f 5d e9 f7 a1 ff ff 66 90 66 90 66 90 90 53
[  555.694263][T14453] RSP: 002b:00000000f53cd4bc EFLAGS: 00000246 ORIG_RAX: 0000000000000004
[  555.694273][T14453] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f53cd5d0
[  555.694281][T14453] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000
[  555.694287][T14453] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  555.694294][T14453] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  555.694300][T14453] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  555.694315][T14453]  </TASK>
[  555.978880][T14459] /dev/sr0: Can't open blockdev
[  556.383400][T14472] netlink: 'syz.2.2115': attribute type 1 has an invalid length.
[  556.412121][T14472] 8021q: adding VLAN 0 to HW filter on device bond4
[  556.979236][ T5850] usb 5-1: new high-speed USB device number 35 using dummy_hcd
[  557.152772][ T5850] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  557.166413][ T5850] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  557.170502][ T5850] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  557.177559][ T5850] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  557.185431][ T5850] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  557.200946][ T5850] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  557.203844][ T5850] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  557.206355][ T5850] usb 5-1: Product: syz
[  557.208101][ T5850] usb 5-1: Manufacturer: syz
[  557.214804][ T5850] cdc_wdm 5-1:1.0: skipping garbage
[  557.216563][ T5850] cdc_wdm 5-1:1.0: skipping garbage
[  557.221941][ T5850] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  557.223877][ T5850] cdc_wdm 5-1:1.0: Unknown control protocol
[  557.937923][  T857] usb 5-1: USB disconnect, device number 35
[  558.756551][T14507] ubi: mtd0 is already attached to ubi16
[  558.865397][T14504] /dev/sr0: Can't open blockdev
[  559.497728][T14519] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  559.502735][T14519] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2127'.
[  561.894748][T14538] can0: slcan on ttyS3.
[  562.068449][T14538] can0 (unregistered): slcan off ttyS3.
[  562.838628][T14551] netlink: 830 bytes leftover after parsing attributes in process `syz.3.2136'.
[  562.929008][T14547] /dev/sr0: Can't open blockdev
[  563.037520][  T857] hid (null): invalid report_size 51505
[  563.039930][  T857] hid (null): unknown global tag 0xc
[  563.041674][  T857] hid (null): unknown global tag 0xc
[  563.043499][  T857] hid (null): unknown global tag 0x9f
[  563.045218][  T857] hid (null): unknown global tag 0xc
[  563.046962][  T857] hid (null): unknown global tag 0x42
[  563.048962][  T857] hid (null): unknown global tag 0xd
[  563.050808][  T857] hid (null): unknown global tag 0xc
[  563.052607][  T857] hid (null): unknown global tag 0xc
[  563.054755][  T857] hid (null): report_id 0 is invalid
[  563.056544][  T857] hid (null): unknown global tag 0xe
[  563.058759][  T857] hid (null): report_id 16697 is invalid
[  563.061012][  T857] hid (null): bogus close delimiter
[  563.062736][  T857] hid (null): unknown global tag 0xc
[  563.064629][  T857] hid (null): invalid report_size 1234625101
[  563.066873][  T857] hid (null): unknown global tag 0xd
[  563.069181][  T857] hid (null): unknown global tag 0xd
[  563.071786][  T857] hid (null): invalid report_size -2125375034
[  563.074671][  T857] hid (null): report_id 0 is invalid
[  563.077184][  T857] hid (null): invalid report_count -1724469666
[  563.079599][  T857] hid (null): unknown global tag 0xc
[  563.082170][  T857] hid (null): unknown global tag 0xd
[  563.083982][  T857] hid (null): global environment stack overflow
[  563.086535][  T857] hid (null): unknown global tag 0xe
[  563.088547][  T857] hid (null): unknown global tag 0xc
[  563.090415][  T857] hid (null): unknown global tag 0xc
[  563.098214][T14563] mac80211_hwsim hwsim6 syzkaller0: left promiscuous mode
[  563.100957][T14563] mac80211_hwsim hwsim6 syzkaller0: left allmulticast mode
[  563.128501][  T857] hid-generic 0009:0007:0077.002F: unknown main item tag 0x1
[  563.131695][  T857] hid-generic 0009:0007:0077.002F: reserved main item tag 0xd
[  563.134281][  T857] hid-generic 0009:0007:0077.002F: unknown main item tag 0x1
[  563.136881][  T857] hid-generic 0009:0007:0077.002F: unexpected long global item
[  563.147185][  T857] hid-generic 0009:0007:0077.002F: probe with driver hid-generic failed with error -22
[  564.018617][T14573] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2141'.
[  564.970050][T14585] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2145'.
[  565.219525][  T857] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[  565.367524][  T857] usb 6-1: Using ep0 maxpacket: 8
[  565.377416][  T857] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  565.385773][  T857] usb 6-1: config 0 has no interface number 0
[  565.393894][  T857] usb 6-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  565.400944][  T857] usb 6-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[  565.412713][  T857] usb 6-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  565.423632][  T857] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  565.437455][  T857] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  565.443521][  T857] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  565.459644][  T857] usb 6-1: config 0 descriptor??
[  565.466361][  T857] ldusb 6-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[  565.569598][T14587] /dev/sr0: Can't open blockdev
[  566.667657][ T5531] usb 6-1: USB disconnect, device number 44
[  566.667687][    C3] ldusb 6-1:0.55: usb_submit_urb failed (-19)
[  566.809648][ T5531] ldusb 6-1:0.55: LD USB Device #0 now disconnected
[  566.823364][T14585] ldusb: No device or device unplugged -19
[  567.107665][  T188] Bluetooth: Error in BCSP hdr checksum
[  567.378066][   T41] Bluetooth: Error in BCSP hdr checksum
[  567.647887][   T41] Bluetooth: Error in BCSP hdr checksum
[  567.788977][ T1432] ieee802154 phy1 wpan1: encryption failed: -22
[  568.020370][ T5531] hid (null): invalid report_size 51505
[  568.023348][ T5531] hid (null): unknown global tag 0xc
[  568.025696][ T5531] hid (null): unknown global tag 0xc
[  568.028099][ T5531] hid (null): unknown global tag 0x9f
[  568.030405][ T5531] hid (null): unknown global tag 0xc
[  568.032664][ T5531] hid (null): unknown global tag 0x42
[  568.034822][ T5531] hid (null): unknown global tag 0xd
[  568.037093][ T5531] hid (null): unknown global tag 0xc
[  568.039637][ T5531] hid (null): unknown global tag 0xc
[  568.041770][ T5531] hid (null): report_id 0 is invalid
[  568.044055][ T5531] hid (null): unknown global tag 0xe
[  568.046231][ T5531] hid (null): report_id 16697 is invalid
[  568.048712][ T5531] hid (null): bogus close delimiter
[  568.050896][ T5531] hid (null): unknown global tag 0xc
[  568.053040][ T5531] hid (null): invalid report_size 1234625101
[  568.055573][ T5531] hid (null): unknown global tag 0xd
[  568.057936][ T5531] hid (null): unknown global tag 0xd
[  568.060074][ T5531] hid (null): invalid report_size -2125375034
[  568.062644][ T5531] hid (null): report_id 0 is invalid
[  568.064893][ T5531] hid (null): invalid report_count -1724469666
[  568.068183][ T5531] hid (null): unknown global tag 0xc
[  568.070516][ T5531] hid (null): unknown global tag 0xd
[  568.072658][ T5531] hid (null): global environment stack overflow
[  568.075858][ T5531] hid (null): unknown global tag 0xe
[  568.078583][ T5531] hid (null): unknown global tag 0xc
[  568.081157][ T5531] hid (null): unknown global tag 0xc
[  568.085316][ T5531] hid-generic 0009:0007:0077.0030: unknown main item tag 0x1
[  568.088713][ T5531] hid-generic 0009:0007:0077.0030: reserved main item tag 0xd
[  568.091855][ T5531] hid-generic 0009:0007:0077.0030: unknown main item tag 0x1
[  568.094990][ T5531] hid-generic 0009:0007:0077.0030: unexpected long global item
[  568.098754][ T5531] hid-generic 0009:0007:0077.0030: probe with driver hid-generic failed with error -22
[  568.902084][ T5759] Bluetooth: hci4: command 0x1003 tx timeout
[  568.905572][ T5745] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  569.407650][T14643] can0: slcan on ttyS3.
[  569.712919][T14642] can0 (unregistered): slcan off ttyS3.
[  571.033827][T14667] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  571.037891][T14667] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2160'.
[  571.838909][T14676] syz.0.2163 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  571.967872][ T5899] hid (null): invalid report_size 51505
[  571.969893][ T5899] hid (null): unknown global tag 0xc
[  571.971648][ T5899] hid (null): unknown global tag 0xc
[  571.973489][ T5899] hid (null): unknown global tag 0x9f
[  571.975196][ T5899] hid (null): unknown global tag 0xc
[  571.976984][ T5899] hid (null): unknown global tag 0x42
[  571.981554][ T5899] hid (null): unknown global tag 0xd
[  571.983260][ T5899] hid (null): unknown global tag 0xc
[  571.985030][ T5899] hid (null): unknown global tag 0xc
[  571.986636][ T5899] hid (null): report_id 0 is invalid
[  571.989504][ T5899] hid (null): unknown global tag 0xe
[  571.991163][ T5899] hid (null): report_id 16697 is invalid
[  571.993141][ T5899] hid (null): bogus close delimiter
[  571.994787][ T5899] hid (null): unknown global tag 0xc
[  571.996447][ T5899] hid (null): invalid report_size 1234625101
[  571.998728][ T5899] hid (null): unknown global tag 0xd
[  572.000394][ T5899] hid (null): unknown global tag 0xd
[  572.002238][ T5899] hid (null): invalid report_size -2125375034
[  572.004170][ T5899] hid (null): report_id 0 is invalid
[  572.006088][ T5899] hid (null): invalid report_count -1724469666
[  572.008794][ T5899] hid (null): unknown global tag 0xc
[  572.010505][ T5899] hid (null): unknown global tag 0xd
[  572.012285][ T5899] hid (null): global environment stack overflow
[  572.014172][ T5899] hid (null): unknown global tag 0xe
[  572.015966][ T5899] hid (null): unknown global tag 0xc
[  572.018809][ T5899] hid (null): unknown global tag 0xc
[  572.029609][ T5899] hid-generic 0009:0007:0077.0031: unknown main item tag 0x1
[  572.033037][ T5899] hid-generic 0009:0007:0077.0031: reserved main item tag 0xd
[  572.035669][ T5899] hid-generic 0009:0007:0077.0031: unknown main item tag 0x1
[  572.038341][ T5899] hid-generic 0009:0007:0077.0031: unexpected long global item
[  572.040914][ T5899] hid-generic 0009:0007:0077.0031: probe with driver hid-generic failed with error -22
[  572.387858][   T41] Bluetooth: Error in BCSP hdr checksum
[  572.649681][  T101] Bluetooth: Error in BCSP hdr checksum
[  574.177561][ T5745] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  574.177913][ T5759] Bluetooth: hci4: command 0x1003 tx timeout
[  574.438146][ T5821] hid (null): invalid report_size 51505
[  574.441916][ T5821] hid (null): unknown global tag 0xc
[  574.457053][ T5821] hid (null): unknown global tag 0xc
[  574.461505][ T5821] hid (null): unknown global tag 0x9f
[  574.464084][ T5821] hid (null): unknown global tag 0xc
[  574.466650][ T5821] hid (null): unknown global tag 0x42
[  574.471621][ T5821] hid (null): unknown global tag 0xd
[  574.473928][ T5821] hid (null): unknown global tag 0xc
[  574.476182][ T5821] hid (null): unknown global tag 0xc
[  574.478756][ T5821] hid (null): report_id 0 is invalid
[  574.481122][ T5821] hid (null): unknown global tag 0xe
[  574.483299][ T5821] hid (null): report_id 16697 is invalid
[  574.485724][ T5821] hid (null): bogus close delimiter
[  574.488381][ T5821] hid (null): unknown global tag 0xc
[  574.490595][ T5821] hid (null): invalid report_size 1234625101
[  574.493041][ T5821] hid (null): unknown global tag 0xd
[  574.495312][ T5821] hid (null): unknown global tag 0xd
[  574.498367][ T5821] hid (null): invalid report_size -2125375034
[  574.500958][ T5821] hid (null): report_id 0 is invalid
[  574.503153][ T5821] hid (null): invalid report_count -1724469666
[  574.505796][ T5821] hid (null): unknown global tag 0xc
[  574.508722][ T5821] hid (null): unknown global tag 0xd
[  574.511066][ T5821] hid (null): global environment stack overflow
[  574.513643][ T5821] hid (null): unknown global tag 0xe
[  574.516022][ T5821] hid (null): unknown global tag 0xc
[  574.518757][ T5821] hid (null): unknown global tag 0xc
[  574.522553][ T5821] hid-generic 0009:0007:0077.0032: unknown main item tag 0x1
[  574.528883][ T5821] hid-generic 0009:0007:0077.0032: reserved main item tag 0xd
[  574.531987][ T5821] hid-generic 0009:0007:0077.0032: unknown main item tag 0x1
[  574.534947][ T5821] hid-generic 0009:0007:0077.0032: unexpected long global item
[  574.539023][ T5821] hid-generic 0009:0007:0077.0032: probe with driver hid-generic failed with error -22
[  576.236602][  T961] hid (null): invalid report_size 51505
[  576.240597][  T961] hid (null): unknown global tag 0xc
[  576.242970][  T961] hid (null): unknown global tag 0xc
[  576.245314][  T961] hid (null): unknown global tag 0x9f
[  576.248223][  T961] hid (null): unknown global tag 0xc
[  576.250703][  T961] hid (null): unknown global tag 0x42
[  576.252986][  T961] hid (null): unknown global tag 0xd
[  576.255231][  T961] hid (null): unknown global tag 0xc
[  576.258376][  T961] hid (null): unknown global tag 0xc
[  576.260811][  T961] hid (null): report_id 0 is invalid
[  576.263056][  T961] hid (null): unknown global tag 0xe
[  576.265489][  T961] hid (null): report_id 16697 is invalid
[  576.268514][  T961] hid (null): bogus close delimiter
[  576.271026][  T961] hid (null): unknown global tag 0xc
[  576.273271][  T961] hid (null): invalid report_size 1234625101
[  576.275829][  T961] hid (null): unknown global tag 0xd
[  576.278683][  T961] hid (null): unknown global tag 0xd
[  576.280918][  T961] hid (null): invalid report_size -2125375034
[  576.283656][  T961] hid (null): report_id 0 is invalid
[  576.285943][  T961] hid (null): invalid report_count -1724469666
[  576.288958][  T961] hid (null): unknown global tag 0xc
[  576.295304][  T961] hid (null): unknown global tag 0xd
[  576.298577][  T961] hid (null): global environment stack overflow
[  576.301159][  T961] hid (null): unknown global tag 0xe
[  576.303425][  T961] hid (null): unknown global tag 0xc
[  576.305888][  T961] hid (null): unknown global tag 0xc
[  576.311298][  T961] hid-generic 0009:0007:0077.0033: unknown main item tag 0x1
[  576.314684][  T961] hid-generic 0009:0007:0077.0033: reserved main item tag 0xd
[  576.318325][  T961] hid-generic 0009:0007:0077.0033: unknown main item tag 0x1
[  576.321387][  T961] hid-generic 0009:0007:0077.0033: unexpected long global item
[  576.324900][  T961] hid-generic 0009:0007:0077.0033: probe with driver hid-generic failed with error -22
[  576.372700][T14722] /dev/sr0: Can't open blockdev
[  577.055667][T14737] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  577.061856][T14737] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2178'.
[  577.556515][T14752] can0: slcan on ttyS3.
[  577.591229][  T101] Bluetooth: Error in BCSP hdr checksum
[  577.857675][  T101] Bluetooth: Error in BCSP hdr checksum
[  578.117593][ T3555] Bluetooth: Error in BCSP hdr checksum
[  578.358711][T14755] can0 (unregistered): slcan off ttyS3.
[  579.377456][ T5759] Bluetooth: hci4: command 0x1003 tx timeout
[  579.382525][ T5745] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  579.478510][T14773] /dev/sr0: Can't open blockdev
[  579.502732][T14776] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2186'.
[  579.557266][ T5899] hid (null): invalid report_size 51505
[  579.560889][T14780] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2188'.
[  579.566242][ T5899] hid (null): unknown global tag 0xc
[  579.570551][ T5899] hid (null): unknown global tag 0xc
[  579.575213][ T5899] hid (null): unknown global tag 0x9f
[  579.576935][ T5899] hid (null): unknown global tag 0xc
[  579.576950][ T5899] hid (null): unknown global tag 0x42
[  579.576962][ T5899] hid (null): unknown global tag 0xd
[  579.576974][ T5899] hid (null): unknown global tag 0xc
[  579.576985][ T5899] hid (null): unknown global tag 0xc
[  579.576993][ T5899] hid (null): report_id 0 is invalid
[  579.577013][ T5899] hid (null): unknown global tag 0xe
[  579.592645][ T5899] hid (null): report_id 16697 is invalid
[  579.594491][ T5899] hid (null): bogus close delimiter
[  579.596180][ T5899] hid (null): unknown global tag 0xc
[  579.598209][ T5899] hid (null): invalid report_size 1234625101
[  579.600246][ T5899] hid (null): unknown global tag 0xd
[  579.601930][ T5899] hid (null): unknown global tag 0xd
[  579.603634][ T5899] hid (null): invalid report_size -2125375034
[  579.605542][ T5899] hid (null): report_id 0 is invalid
[  579.607212][ T5899] hid (null): invalid report_count -1724469666
[  579.609821][ T5899] hid (null): unknown global tag 0xc
[  579.611554][ T5899] hid (null): unknown global tag 0xd
[  579.615978][ T5899] hid (null): global environment stack overflow
[  579.626125][ T5899] hid (null): unknown global tag 0xe
[  579.632136][ T5899] hid (null): unknown global tag 0xc
[  579.634377][ T5899] hid (null): unknown global tag 0xc
[  579.689203][ T5899] hid-generic 0009:0007:0077.0034: unknown main item tag 0x1
[  579.696813][ T5899] hid-generic 0009:0007:0077.0034: reserved main item tag 0xd
[  579.699718][ T5899] hid-generic 0009:0007:0077.0034: unknown main item tag 0x1
[  579.702445][ T5899] hid-generic 0009:0007:0077.0034: unexpected long global item
[  579.711801][ T5899] hid-generic 0009:0007:0077.0034: probe with driver hid-generic failed with error -22
[  581.777429][   T62] Bluetooth: hci3: command 0x0406 tx timeout
[  582.029297][  T101] Bluetooth: Error in BCSP hdr checksum
[  582.287706][  T101] Bluetooth: Error in BCSP hdr checksum
[  582.549294][  T163] Bluetooth: Error in BCSP hdr checksum
[  583.541055][T11585] hid (null): invalid report_size 51505
[  583.544535][T11585] hid (null): unknown global tag 0xc
[  583.546893][T11585] hid (null): unknown global tag 0xc
[  583.549910][T11585] hid (null): unknown global tag 0x9f
[  583.552715][T11585] hid (null): unknown global tag 0xc
[  583.555040][T11585] hid (null): unknown global tag 0x42
[  583.557849][T11585] hid (null): unknown global tag 0xd
[  583.560210][T11585] hid (null): unknown global tag 0xc
[  583.562473][T11585] hid (null): unknown global tag 0xc
[  583.564645][T11585] hid (null): report_id 0 is invalid
[  583.567010][T11585] hid (null): unknown global tag 0xe
[  583.569375][T11585] hid (null): report_id 16697 is invalid
[  583.571861][T11585] hid (null): bogus close delimiter
[  583.573968][T11585] hid (null): unknown global tag 0xc
[  583.576148][T11585] hid (null): invalid report_size 1234625101
[  583.578878][T11585] hid (null): unknown global tag 0xd
[  583.581051][T11585] hid (null): unknown global tag 0xd
[  583.583240][T11585] hid (null): invalid report_size -2125375034
[  583.585764][T11585] hid (null): report_id 0 is invalid
[  583.588539][T11585] hid (null): invalid report_count -1724469666
[  583.591255][T11585] hid (null): unknown global tag 0xc
[  583.593537][T11585] hid (null): unknown global tag 0xd
[  583.596628][T11585] hid (null): global environment stack overflow
[  583.600906][T11585] hid (null): unknown global tag 0xe
[  583.603390][T11585] hid (null): unknown global tag 0xc
[  583.605718][T11585] hid (null): unknown global tag 0xc
[  583.608846][T11585] hid-generic 0009:0007:0077.0035: unknown main item tag 0x1
[  583.611375][T11585] hid-generic 0009:0007:0077.0035: reserved main item tag 0xd
[  583.613980][T11585] hid-generic 0009:0007:0077.0035: unknown main item tag 0x1
[  583.616375][T11585] hid-generic 0009:0007:0077.0035: unexpected long global item
[  583.619326][T11585] hid-generic 0009:0007:0077.0035: probe with driver hid-generic failed with error -22
[  583.777445][   T62] Bluetooth: hci4: command 0x1003 tx timeout
[  583.782646][ T5759] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  585.865866][T14863] FAULT_INJECTION: forcing a failure.
[  585.865866][T14863] name failslab, interval 1, probability 0, space 0, times 0
[  585.870572][T14863] CPU: 1 UID: 0 PID: 14863 Comm: syz.3.2209 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  585.870598][T14863] Tainted: [L]=SOFTLOCKUP
[  585.870604][T14863] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  585.870614][T14863] Call Trace:
[  585.870620][T14863]  <TASK>
[  585.870627][T14863]  dump_stack_lvl+0x100/0x190
[  585.870653][T14863]  should_fail_ex.cold+0x5/0xa
[  585.870676][T14863]  should_failslab+0xc2/0x120
[  585.870697][T14863]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  585.870715][T14863]  ? __alloc_skb+0x140/0x710
[  585.870732][T14863]  ? __alloc_skb+0x5b7/0x710
[  585.870753][T14863]  __alloc_skb+0x140/0x710
[  585.870770][T14863]  ? __alloc_skb+0x5b7/0x710
[  585.870787][T14863]  ? __pfx___alloc_skb+0x10/0x10
[  585.870806][T14863]  ? __pfx___might_resched+0x10/0x10
[  585.870832][T14863]  netlink_alloc_large_skb+0x69/0x150
[  585.870860][T14863]  netlink_sendmsg+0x680/0xda0
[  585.870890][T14863]  ? __pfx_netlink_sendmsg+0x10/0x10
[  585.870917][T14863]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  585.870947][T14863]  ____sys_sendmsg+0x9e1/0xb70
[  585.870971][T14863]  ? __pfx_netlink_sendmsg+0x10/0x10
[  585.870998][T14863]  ? __pfx_____sys_sendmsg+0x10/0x10
[  585.871032][T14863]  ___sys_sendmsg+0x190/0x1e0
[  585.871050][T14863]  ? __pfx____sys_sendmsg+0x10/0x10
[  585.871076][T14863]  ? find_held_lock+0x2b/0x80
[  585.871113][T14863]  __sys_sendmsg+0x170/0x220
[  585.871134][T14863]  ? __pfx___sys_sendmsg+0x10/0x10
[  585.871152][T14863]  ? __fget_files+0x21f/0x3d0
[  585.871202][T14863]  ? ksys_write+0x1ac/0x250
[  585.871225][T14863]  ? rcu_is_watching+0x12/0xc0
[  585.871248][T14863]  __do_fast_syscall_32+0xe7/0x950
[  585.871266][T14863]  ? lockdep_hardirqs_on+0x78/0x100
[  585.871290][T14863]  do_fast_syscall_32+0x32/0x70
[  585.871307][T14863]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  585.871328][T14863] RIP: 0023:0xf704ef7c
[  585.871343][T14863] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  585.871358][T14863] RSP: 002b:00000000f543d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  585.871374][T14863] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080004340
[  585.871384][T14863] RDX: 00000000000000c0 RSI: 0000000000000000 RDI: 0000000000000000
[  585.871394][T14863] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  585.871403][T14863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  585.871413][T14863] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  585.871435][T14863]  </TASK>
[  586.034989][T14865] sctp: [Deprecated]: syz.3.2210 (pid 14865) Use of struct sctp_assoc_value in delayed_ack socket option.
[  586.034989][T14865] Use struct sctp_sack_info instead
[  586.044038][T14865] sctp: [Deprecated]: syz.3.2210 (pid 14865) Use of struct sctp_assoc_value in delayed_ack socket option.
[  586.044038][T14865] Use struct sctp_sack_info instead
[  586.052164][T14865] binder: 14864:14865 ioctl 400c620e 80000100 returned -22
[  586.777816][   T41] Bluetooth: Error in BCSP hdr checksum
[  588.647635][ T5759] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  589.609037][T14894] /dev/sr0: Can't open blockdev
[  589.657701][T14904] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2221'.
[  589.663901][T14904] netlink: 120 bytes leftover after parsing attributes in process `syz.0.2221'.
[  589.947569][  T857] usb 6-1: new full-speed USB device number 46 using dummy_hcd
[  591.009131][  T857] usb 6-1: config 0 has no interfaces?
[  591.012987][  T857] usb 6-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=fb.9d
[  591.015848][  T857] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  591.018724][  T857] usb 6-1: Product: syz
[  591.970536][  T857] usb 6-1: Manufacturer: syz
[  591.972658][  T857] usb 6-1: SerialNumber: syz
[  591.986110][  T857] usb 6-1: config 0 descriptor??
[  592.303836][   T40] audit: type=1326 audit(1779801965.854:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14924 comm="syz.3.2226" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf704ef7c code=0x0
[  592.323063][  T857] usb 6-1: USB disconnect, device number 46
[  592.372726][T14926] can0: slcan on ttyS3.
[  592.526205][T14926] can0 (unregistered): slcan off ttyS3.
[  594.000036][T14955] /dev/sr0: Can't open blockdev
[  594.207546][   T50] usb 5-1: new full-speed USB device number 36 using dummy_hcd
[  594.360244][   T50] usb 5-1: config 0 has no interfaces?
[  594.366683][   T50] usb 5-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=fb.9d
[  594.367605][T14970] random: crng reseeded on system resumption
[  594.371102][   T50] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  594.376192][   T50] usb 5-1: Product: syz
[  594.378637][   T50] usb 5-1: Manufacturer: syz
[  594.380714][   T50] usb 5-1: SerialNumber: syz
[  594.388038][   T50] usb 5-1: config 0 descriptor??
[  594.654633][  T857] usb 5-1: USB disconnect, device number 36
[  594.926609][T14977] netlink: 'syz.3.2236': attribute type 4 has an invalid length.
[  594.933725][T14977] netlink: 'syz.3.2236': attribute type 4 has an invalid length.
[  594.937900][T14977] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2236'.
[  595.064565][T14985] tipc: Started in network mode
[  595.066697][T14985] tipc: Node identity ac14140f, cluster identity 4711
[  595.070817][T14985] tipc: New replicast peer: 255.255.255.255
[  595.073571][T14985] tipc: Enabled bearer <udp:syz2>, priority 10
[  595.169403][T14988] can0: slcan on ttyS3.
[  595.549739][T14997] nvme_fabrics: unknown parameter or missing value 'syz0' in ctrl creation request
[  595.687925][T14988] can0 (unregistered): slcan off ttyS3.
[  595.757486][   T40] audit: type=1326 audit(1779801969.224:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14992 comm="syz.0.2237" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x7ffc0000
[  595.771886][   T40] audit: type=1326 audit(1779801969.224:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14992 comm="syz.0.2237" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x7ffc0000
[  595.781085][   T40] audit: type=1326 audit(1779801969.234:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14992 comm="syz.0.2237" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x7ffc0000
[  595.794616][   T40] audit: type=1326 audit(1779801969.234:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14992 comm="syz.0.2237" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x7ffc0000
[  595.804748][   T40] audit: type=1326 audit(1779801969.234:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14992 comm="syz.0.2237" exe="/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf702ef7c code=0x7ffc0000
[  595.831175][   T40] audit: type=1326 audit(1779801969.234:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14992 comm="syz.0.2237" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x7ffc0000
[  595.844695][   T40] audit: type=1326 audit(1779801969.234:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14992 comm="syz.0.2237" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x7ffc0000
[  595.853703][   T40] audit: type=1326 audit(1779801969.234:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14992 comm="syz.0.2237" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf702ef7c code=0x7ffc0000
[  596.102138][ T5899] tipc: Node number set to 2886997007
[  596.645014][T15005] vxfs: unable to read disk superblock at 1
[  596.648301][T15005] vxfs: unable to read disk superblock at 8
[  596.650218][T15005] vxfs: can't find superblock.
[  596.833595][   T40] audit: type=1326 audit(1779801970.384:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15008 comm="syz.3.2240" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf704ef7c code=0x0
[  596.938533][T15011] /dev/sr0: Can't open blockdev
[  597.050086][T15021] netlink: 'syz.2.2244': attribute type 1 has an invalid length.
[  597.052626][T15021] netlink: 'syz.2.2244': attribute type 2 has an invalid length.
[  602.271807][T15053] /dev/sr0: Can't open blockdev
[  602.321450][   T40] audit: type=1326 audit(1779801975.874:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15057 comm="syz.0.2256" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x0
[  602.365672][T15060] QAT: Stopping all acceleration devices.
[  602.375126][T15062] ubi: mtd0 is already attached to ubi16
[  602.381388][T15062] netlink: 'syz.3.2258': attribute type 21 has an invalid length.
[  602.383952][T15062] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2258'.
[  602.386772][T15062] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2258'.
[  602.746427][T15072] can0: slcan on ttyS3.
[  602.798656][T15072] can0 (unregistered): slcan off ttyS3.
[  603.253973][T15091] ubi: mtd0 is already attached to ubi16
[  603.261259][T15091] netlink: 'syz.1.2262': attribute type 21 has an invalid length.
[  603.264693][T15091] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2262'.
[  603.269798][T15091] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2262'.
[  603.488079][ T5899] usb 7-1: new full-speed USB device number 35 using dummy_hcd
[  603.650323][T15100] /dev/sr0: Can't open blockdev
[  603.690369][ T5899] usb 7-1: config 0 has no interfaces?
[  603.699861][ T5899] usb 7-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=fb.9d
[  603.704258][ T5899] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  603.713881][ T5899] usb 7-1: Product: syz
[  603.715250][ T5899] usb 7-1: Manufacturer: syz
[  603.724002][ T5899] usb 7-1: SerialNumber: syz
[  603.735808][ T5899] usb 7-1: config 0 descriptor??
[  603.761779][T15104] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[  603.791522][T15106] loop4: detected capacity change from 0 to 2640
[  603.801909][T15104] trusted_key: encrypted_key: hex blob is missing
[  603.817970][T15106] buffer_io_error: 14 callbacks suppressed
[  603.817983][T15106] Buffer I/O error on dev loop4, logical block 0, lost async page write
[  603.823004][T15106] Buffer I/O error on dev loop4, logical block 1, lost async page write
[  603.825809][T15106] Buffer I/O error on dev loop4, logical block 2, lost async page write
[  603.828819][T15106] Buffer I/O error on dev loop4, logical block 3, lost async page write
[  603.831905][T15106] Buffer I/O error on dev loop4, logical block 4, lost async page write
[  603.835114][T15106] Buffer I/O error on dev loop4, logical block 5, lost async page write
[  603.838612][T15106] Buffer I/O error on dev loop4, logical block 6, lost async page write
[  603.841431][T15106] Buffer I/O error on dev loop4, logical block 7, lost async page write
[  603.844152][T15106] Buffer I/O error on dev loop4, logical block 8, lost async page write
[  603.847031][T15106] Buffer I/O error on dev loop4, logical block 9, lost async page write
[  604.061455][  T857] usb 7-1: USB disconnect, device number 35
[  604.133369][T15111] syzkaller1: entered promiscuous mode
[  604.135731][T15111] syzkaller1: entered allmulticast mode
[  605.126188][   T40] audit: type=1326 audit(1779801978.674:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15119 comm="syz.1.2270" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70bef7c code=0x0
[  605.593474][T15139] tipc: New replicast peer: 255.255.255.255
[  605.598356][T15139] tipc: Enabled bearer <udp:syz2>, priority 10
[  605.857566][ T5531] usb 8-1: new full-speed USB device number 37 using dummy_hcd
[  605.963501][T15145] input: syz0 as /devices/virtual/input/input50
[  606.126641][T15136] can0: slcan on ttyS3.
[  606.298043][T15136] can0 (unregistered): slcan off ttyS3.
[  606.401296][ T5531] usb 8-1: config 0 has no interfaces?
[  606.410119][ T5531] usb 8-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=fb.9d
[  606.413146][ T5531] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  606.415954][ T5531] usb 8-1: Product: syz
[  606.417629][ T5531] usb 8-1: Manufacturer: syz
[  606.419404][ T5531] usb 8-1: SerialNumber: syz
[  606.427476][ T5531] usb 8-1: config 0 descriptor??
[  606.784200][  T961] usb 8-1: USB disconnect, device number 37
[  606.907512][T13986] Bluetooth: Error in BCSP hdr checksum
[  607.168984][T13986] Bluetooth: Error in BCSP hdr checksum
[  607.433332][  T188] Bluetooth: Error in BCSP hdr checksum
[  607.821968][T15159] tracefs: Unknown parameter '00000000000000000000�[�:�
���U�a\M�On������Ơ��?���*�5�m�S�n�����}V��U�F�/��H�*yR�:Y?P��qq��
��Ϊ��^I(�����`Λ���be}�|�ӋIc!�]WI���)t��|�B��18446744073709551615'
[  608.455560][T15166] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  608.461895][T15166] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2282'.
[  608.624427][T15171] ubi: mtd0 is already attached to ubi16
[  608.638549][T15171] netlink: 'syz.2.2285': attribute type 21 has an invalid length.
[  608.641092][T15171] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2285'.
[  608.644088][T15171] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2285'.
[  608.657484][ T5759] Bluetooth: hci4: command 0x1003 tx timeout
[  608.657536][   T62] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  608.847941][ T5899] hid (null): invalid report_size 51505
[  608.853127][ T5899] hid (null): unknown global tag 0xc
[  608.854935][ T5899] hid (null): unknown global tag 0xc
[  608.856760][ T5899] hid (null): unknown global tag 0x9f
[  608.859033][ T5899] hid (null): unknown global tag 0xc
[  608.860740][ T5899] hid (null): unknown global tag 0x42
[  608.862613][ T5899] hid (null): unknown global tag 0xd
[  608.864397][ T5899] hid (null): unknown global tag 0xc
[  608.869375][ T5899] hid (null): unknown global tag 0xc
[  608.873991][ T5899] hid (null): report_id 0 is invalid
[  608.875773][ T5899] hid (null): unknown global tag 0xe
[  608.881305][ T5899] hid (null): report_id 16697 is invalid
[  608.883591][ T5899] hid (null): bogus close delimiter
[  608.886036][ T5899] hid (null): unknown global tag 0xc
[  608.888514][ T5899] hid (null): invalid report_size 1234625101
[  608.890533][ T5899] hid (null): unknown global tag 0xd
[  608.892312][ T5899] hid (null): unknown global tag 0xd
[  608.895859][ T5899] hid (null): invalid report_size -2125375034
[  608.898260][ T5899] hid (null): report_id 0 is invalid
[  608.900082][ T5899] hid (null): invalid report_count -1724469666
[  608.902568][ T5899] hid (null): unknown global tag 0xc
[  608.905673][ T5899] hid (null): unknown global tag 0xd
[  608.909317][ T5899] hid (null): global environment stack overflow
[  608.912012][ T5899] hid (null): unknown global tag 0xe
[  608.916943][ T5899] hid (null): unknown global tag 0xc
[  608.919343][ T5899] hid (null): unknown global tag 0xc
[  608.925710][ T5899] hid-generic 0009:0007:0077.0036: unknown main item tag 0x1
[  608.932693][ T5899] hid-generic 0009:0007:0077.0036: reserved main item tag 0xd
[  608.936237][ T5899] hid-generic 0009:0007:0077.0036: unknown main item tag 0x1
[  608.939721][ T5899] hid-generic 0009:0007:0077.0036: unexpected long global item
[  608.946381][ T5899] hid-generic 0009:0007:0077.0036: probe with driver hid-generic failed with error -22
[  608.957274][   T40] audit: type=1326 audit(1779801982.504:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15180 comm="syz.0.2288" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x7ffc0000
[  608.985268][   T40] audit: type=1326 audit(1779801982.504:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15180 comm="syz.0.2288" exe="/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf702ef7c code=0x7ffc0000
[  609.015113][   T40] audit: type=1326 audit(1779801982.504:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15180 comm="syz.0.2288" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x7ffc0000
[  609.035955][   T40] audit: type=1326 audit(1779801982.504:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15180 comm="syz.0.2288" exe="/syz-executor" sig=0 arch=40000003 syscall=311 compat=1 ip=0xf702ef7c code=0x7ffc0000
[  609.062599][T11955] syz_tun (unregistering): left allmulticast mode
[  609.069342][   T40] audit: type=1326 audit(1779801982.504:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15180 comm="syz.0.2288" exe="/syz-executor" sig=0 arch=40000003 syscall=175 compat=1 ip=0xf702ef7c code=0x7ffc0000
[  609.076513][   T40] audit: type=1326 audit(1779801982.504:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15180 comm="syz.0.2288" exe="/syz-executor" sig=0 arch=40000003 syscall=291 compat=1 ip=0xf702ef7c code=0x7ffc0000
[  609.088090][   T40] audit: type=1326 audit(1779801982.504:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15180 comm="syz.0.2288" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x7ffc0000
[  609.127610][   T40] audit: type=1326 audit(1779801982.504:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15180 comm="syz.0.2288" exe="/syz-executor" sig=0 arch=40000003 syscall=354 compat=1 ip=0xf702ef7c code=0x7ffc0000
[  609.135822][ T5759] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  609.146381][ T5759] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  609.155061][ T5759] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  609.161296][ T5759] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  609.167661][   T40] audit: type=1326 audit(1779801982.504:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15180 comm="syz.0.2288" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702ef7c code=0x7ffc0000
[  609.175155][   T40] audit: type=1326 audit(1779801982.504:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15180 comm="syz.0.2288" exe="/syz-executor" sig=0 arch=40000003 syscall=146 compat=1 ip=0xf702ef7c code=0x7ffc0000
[  609.184844][ T5759] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  609.374526][T13986] netdevsim netdevsim3 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  609.510448][T13986] netdevsim netdevsim3 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  609.563068][T13986] netdevsim netdevsim3 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  609.626273][T13986] netdevsim netdevsim3 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  609.925288][T13986] veth1_macvtap: left allmulticast mode
[  609.936715][T13986] bridge0: port 3(veth1_macvtap) entered disabled state
[  609.944913][T15208] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2292'.
[  609.997512][T15209] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input51
[  610.463031][T13986] bond0 (unregistering): Released all slaves
[  610.473050][T13986] bond1 (unregistering): (slave veth5): Releasing active interface
[  610.478602][T13986] bond1 (unregistering): Released all slaves
[  610.491239][T13986] bond2 (unregistering): Released all slaves
[  610.544814][ T5454] 8021q: adding VLAN 0 to HW filter on device eth2
[  610.587188][T15222] can0: slcan on ttyS3.
[  610.860523][T15226] /dev/sr0: Can't open blockdev
[  610.904655][T13986] tipc: Disabling bearer <udp:syz2>
[  610.927719][T13986] tipc: Left network mode
[  610.948666][T15203] can0 (unregistered): slcan off ttyS3.
[  611.219800][ T5759] Bluetooth: hci4: command tx timeout
[  611.375314][ T5454] 8021q: adding VLAN 0 to HW filter on device eth3
[  611.680641][T13986] hsr_slave_0: left promiscuous mode
[  611.756522][T13986] hsr_slave_1: left promiscuous mode
[  611.870712][T15253] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  611.876837][T15253] netlink: 72 bytes leftover after parsing attributes in process `syz.1.2297'.
[  611.882673][T13986] pim6reg (unregistering): left allmulticast mode
[  612.081283][   T50] hid (null): invalid report_size 51505
[  612.083725][   T50] hid (null): unknown global tag 0xc
[  612.086045][   T50] hid (null): unknown global tag 0xc
[  612.088515][   T50] hid (null): unknown global tag 0x9f
[  612.090931][   T50] hid (null): unknown global tag 0xc
[  612.093224][   T50] hid (null): unknown global tag 0x42
[  612.095580][   T50] hid (null): unknown global tag 0xd
[  612.098964][   T50] hid (null): unknown global tag 0xc
[  612.102071][   T50] hid (null): unknown global tag 0xc
[  612.104097][   T50] hid (null): report_id 0 is invalid
[  612.105926][   T50] hid (null): unknown global tag 0xe
[  612.108510][   T50] hid (null): report_id 16697 is invalid
[  612.110466][   T50] hid (null): bogus close delimiter
[  612.112290][   T50] hid (null): unknown global tag 0xc
[  612.114128][   T50] hid (null): invalid report_size 1234625101
[  612.116248][   T50] hid (null): unknown global tag 0xd
[  612.119068][   T50] hid (null): unknown global tag 0xd
[  612.121576][   T50] hid (null): invalid report_size -2125375034
[  612.124433][   T50] hid (null): report_id 0 is invalid
[  612.126892][   T50] hid (null): invalid report_count -1724469666
[  612.131004][   T50] hid (null): unknown global tag 0xc
[  612.134595][   T50] hid (null): unknown global tag 0xd
[  612.139119][   T50] hid (null): global environment stack overflow
[  612.141969][   T50] hid (null): unknown global tag 0xe
[  612.144377][   T50] hid (null): unknown global tag 0xc
[  612.146836][   T50] hid (null): unknown global tag 0xc
[  612.148083][T13986] smc: removing net device vcan0 with user defined pnetid SYZ1
[  612.158129][   T50] hid-generic 0009:0007:0077.0037: unknown main item tag 0x1
[  612.160607][   T50] hid-generic 0009:0007:0077.0037: reserved main item tag 0xd
[  612.163435][   T50] hid-generic 0009:0007:0077.0037: unknown main item tag 0x1
[  612.166738][   T50] hid-generic 0009:0007:0077.0037: unexpected long global item
[  612.170757][   T50] hid-generic 0009:0007:0077.0037: probe with driver hid-generic failed with error -22
[  612.236618][ T5454] 8021q: adding VLAN 0 to HW filter on device eth4
[  612.255706][T15178] bridge0: port 1(bridge_slave_0) entered blocking state
[  612.269224][T15178] bridge0: port 1(bridge_slave_0) entered disabled state
[  612.275347][T15178] bridge_slave_0: entered allmulticast mode
[  612.290344][T15178] bridge_slave_0: entered promiscuous mode
[  612.323945][T15178] bridge0: port 2(bridge_slave_1) entered blocking state
[  612.338933][T15178] bridge0: port 2(bridge_slave_1) entered disabled state
[  612.377640][T15178] bridge_slave_1: entered allmulticast mode
[  612.380674][T15178] bridge_slave_1: entered promiscuous mode
[  612.402330][T15178] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  612.411325][T15178] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  612.435562][T15178] team0: Port device team_slave_0 added
[  612.440845][T15178] team0: Port device team_slave_1 added
[  612.474110][T15178] batman_adv: batadv0: Adding interface: batadv_slave_0
[  612.478617][T15178] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  612.489570][T15178] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  612.496343][T15178] batman_adv: batadv0: Adding interface: batadv_slave_1
[  612.501361][T15178] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  612.512967][T15178] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  612.554615][T15178] hsr_slave_0: entered promiscuous mode
[  612.560008][T15178] hsr_slave_1: entered promiscuous mode
[  612.782574][ T5454] 8021q: adding VLAN 0 to HW filter on device eth5
[  613.267930][T15294] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  613.279170][T15294] xt_TPROXY: Can be used only with -p tcp or -p udp
[  613.318872][ T5759] Bluetooth: hci4: command tx timeout
[  613.546441][T13986] IPVS: stop unused estimator thread 0...
[  614.454065][T15178] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  614.478487][T15178] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  614.482629][T15178] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  614.488963][T15178] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  614.505482][T15178] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  614.516328][T15178] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  614.523586][T15178] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  614.534523][T15178] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  614.658664][T15178] 8021q: adding VLAN 0 to HW filter on device bond0
[  614.681093][T15178] 8021q: adding VLAN 0 to HW filter on device team0
[  614.698173][   T73] bridge0: port 1(bridge_slave_0) entered blocking state
[  614.701211][   T73] bridge0: port 1(bridge_slave_0) entered forwarding state
[  614.721581][   T73] bridge0: port 2(bridge_slave_1) entered blocking state
[  614.724541][   T73] bridge0: port 2(bridge_slave_1) entered forwarding state
[  615.138066][T15178] 8021q: adding VLAN 0 to HW filter on device batadv0
[  615.176410][T15178] veth0_vlan: entered promiscuous mode
[  615.195307][T15178] veth1_vlan: entered promiscuous mode
[  615.220684][T15178] veth0_macvtap: entered promiscuous mode
[  615.227524][T15178] veth1_macvtap: entered promiscuous mode
[  615.263960][T15178] batman_adv: batadv0: Interface activated: batadv_slave_0
[  615.273234][T15178] batman_adv: batadv0: Interface activated: batadv_slave_1
[  615.293504][T13986] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  615.307519][T13986] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  615.311266][T13986] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  615.313998][T13986] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  615.353727][T15349] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[  615.355848][T15349] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  615.360956][T15349] vhci_hcd vhci_hcd.0: Device attached
[  615.387910][ T5759] Bluetooth: hci4: command tx timeout
[  615.425107][   T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  615.442111][   T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  615.470093][   T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  615.476720][   T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  615.668200][ T5531] usb 38-1: SetAddress Request (2) to port 0
[  615.668239][ T5531] usb 38-1: new SuperSpeed USB device number 2 using vhci_hcd
[  615.674086][T15354] geneve3: entered allmulticast mode
[  615.713747][T15352] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input52
[  615.850881][T15365] tmpfs: Too few inodes for current use
[  615.851265][T15365] ubi: mtd0 is already attached to ubi16
[  616.165567][T15369] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  616.166288][T15350] vhci_hcd: connection reset by peer
[  616.182541][T15369] netlink: 72 bytes leftover after parsing attributes in process `syz.3.2306'.
[  616.183653][   T59] vhci_hcd vhci_hcd.0: stop threads
[  616.188595][   T59] vhci_hcd vhci_hcd.0: release socket
[  616.195726][   T59] vhci_hcd vhci_hcd.0: disconnect device
[  617.457606][ T5759] Bluetooth: hci4: command tx timeout
[  618.501574][T15408] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  618.511414][T15408] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2315'.
[  618.558577][T15406] /dev/sr0: Can't open blockdev
[  620.051085][T15435] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  620.055035][T15435] netlink: 72 bytes leftover after parsing attributes in process `syz.2.2324'.
[  620.537530][ T5823] usb 7-1: new high-speed USB device number 36 using dummy_hcd
[  620.703120][ T5823] usb 7-1: config 0 has no interfaces?
[  620.714095][ T5823] usb 7-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  620.717530][ T5823] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  620.720896][ T5823] usb 7-1: Product: syz
[  620.722505][ T5823] usb 7-1: Manufacturer: syz
[  620.724174][ T5823] usb 7-1: SerialNumber: syz
[  620.735576][ T5823] usb 7-1: config 0 descriptor??
[  620.738257][ T5531] usb 38-1: device descriptor read/8, error -110
[  621.120471][  T857] usb 7-1: USB disconnect, device number 36
[  621.433952][ T5531] usb usb38-port1: attempt power cycle
[  621.991483][T15452] batman_adv: batadv0: Adding interface: macvtap3
[  621.994208][T15452] batman_adv: batadv0: The MTU of interface macvtap3 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  622.004927][T15452] batman_adv: batadv0: Not using interface macvtap3 (retrying later): interface not active
[  622.030457][ T5531] usb usb38-port1: unable to enumerate USB device
[  622.040931][ T5823] usb 7-1: new high-speed USB device number 37 using dummy_hcd
[  622.077169][T15452] batman_adv: batadv0: Removing interface: macvtap3
[  622.485241][ T5823] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  622.510777][ T5823] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  622.536464][ T5823] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  622.571872][ T5823] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  622.807623][T15450] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  622.930336][ T5823] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  623.069248][T15462] FAULT_INJECTION: forcing a failure.
[  623.069248][T15462] name failslab, interval 1, probability 0, space 0, times 0
[  623.076263][T15462] CPU: 2 UID: 0 PID: 15462 Comm: syz.2.2327 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  623.076284][T15462] Tainted: [L]=SOFTLOCKUP
[  623.076289][T15462] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  623.076296][T15462] Call Trace:
[  623.076301][T15462]  <TASK>
[  623.076306][T15462]  dump_stack_lvl+0x100/0x190
[  623.076328][T15462]  should_fail_ex.cold+0x5/0xa
[  623.076346][T15462]  should_failslab+0xc2/0x120
[  623.076362][T15462]  __kmalloc_cache_noprof+0x7a/0x6f0
[  623.076380][T15462]  ? snd_seq_port_connect+0x61/0x550
[  623.076399][T15462]  ? snd_seq_port_use_ptr+0x136/0x1a0
[  623.076415][T15462]  ? snd_seq_port_use_ptr+0x136/0x1a0
[  623.076432][T15462]  snd_seq_port_connect+0x61/0x550
[  623.076449][T15462]  ? _raw_read_unlock+0x28/0x50
[  623.076470][T15462]  ? check_subscription_permission.isra.0+0x146/0x240
[  623.076489][T15462]  snd_seq_ioctl_subscribe_port+0x219/0x490
[  623.076508][T15462]  ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10
[  623.076532][T15462]  call_seq_client_ctl+0xa3/0x130
[  623.076551][T15462]  snd_seq_kernel_client_ctl+0x77/0xd0
[  623.076574][T15462]  snd_seq_oss_midi_open+0x596/0x690
[  623.076595][T15462]  ? __pfx_snd_seq_oss_midi_open+0x10/0x10
[  623.076614][T15462]  ? snd_seq_oss_midi_reset+0x11a/0x4c0
[  623.076642][T15462]  ? __mutex_lock+0x26d/0x1b10
[  623.076662][T15462]  ? odev_release+0x44/0x70
[  623.076691][T15462]  snd_seq_oss_synth_reset+0x439/0x890
[  623.076714][T15462]  ? __pfx_snd_seq_oss_synth_reset+0x10/0x10
[  623.076735][T15462]  ? __pfx___fsnotify_parent+0x10/0x10
[  623.076757][T15462]  snd_seq_oss_reset+0x73/0x290
[  623.076774][T15462]  ? __pfx_odev_release+0x10/0x10
[  623.076791][T15462]  snd_seq_oss_release+0x7c/0x180
[  623.076809][T15462]  ? __pfx_odev_release+0x10/0x10
[  623.076824][T15462]  odev_release+0x4c/0x70
[  623.076839][T15462]  __fput+0x3ff/0xb50
[  623.076860][T15462]  fput_close_sync+0x118/0x250
[  623.076878][T15462]  ? __pfx_fput_close_sync+0x10/0x10
[  623.076899][T15462]  __ia32_sys_close+0x8b/0x120
[  623.076910][T15462]  __do_fast_syscall_32+0xe7/0x950
[  623.076923][T15462]  ? lockdep_hardirqs_on+0x78/0x100
[  623.076935][T15462]  do_fast_syscall_32+0x32/0x70
[  623.076947][T15462]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  623.076963][T15462] RIP: 0023:0xf6fdef7c
[  623.076974][T15462] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  623.076985][T15462] RSP: 002b:00000000f53ac50c EFLAGS: 00000292 ORIG_RAX: 0000000000000006
[  623.076997][T15462] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000
[  623.077004][T15462] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  623.077011][T15462] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  623.077017][T15462] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  623.077024][T15462] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  623.077039][T15462]  </TASK>
[  624.138431][T15466] bond0: entered promiscuous mode
[  624.140338][T15466] bond_slave_0: entered promiscuous mode
[  624.142940][T15466] bond_slave_1: entered promiscuous mode
[  624.836669][ T5899] usb 7-1: USB disconnect, device number 37
[  625.280229][ T5899] usb 7-1: new high-speed USB device number 38 using dummy_hcd
[  625.432422][ T5899] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  625.435246][ T5899] usb 7-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config
[  625.438744][ T5899] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  625.443284][ T5899] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 48, changing to 9
[  625.446715][ T5899] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8240, setting to 1024
[  625.458376][ T5899] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  625.461351][ T5899] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  625.463973][ T5899] usb 7-1: Product: syz
[  625.465357][ T5899] usb 7-1: Manufacturer: syz
[  625.472097][ T5899] cdc_wdm 7-1:1.0: skipping garbage
[  625.476054][ T5899] cdc_wdm 7-1:1.0: skipping garbage
[  625.479052][ T5899] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  625.480973][ T5899] cdc_wdm 7-1:1.0: Unknown control protocol
[  625.642892][T15486] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2337'.
[  625.768811][    C1] wdm_int_callback: 127 callbacks suppressed
[  625.768837][    C1] cdc_wdm 7-1:1.0: nonzero urb status received: -71
[  625.769581][ T5850] usb 7-1: USB disconnect, device number 38
[  625.771400][    C1] wdm_int_callback: 127 callbacks suppressed
[  625.771420][    C1] cdc_wdm 7-1:1.0: wdm_int_callback - 0 bytes
[  625.771435][    C1] cdc_wdm 7-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  626.750132][T15498] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input53
[  626.947745][T15498] can0: slcan on ttyS3.
[  627.108340][T15498] can0 (unregistered): slcan off ttyS3.
[  627.222016][   T62] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  627.234443][   T62] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  627.240041][   T62] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  627.243813][   T62] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  627.248640][   T62] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  627.904012][T15532] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  628.071971][T15509] bridge0: port 1(bridge_slave_0) entered blocking state
[  628.075072][T15509] bridge0: port 1(bridge_slave_0) entered disabled state
[  628.078372][T15509] bridge_slave_0: entered allmulticast mode
[  628.082293][T15509] bridge_slave_0: entered promiscuous mode
[  628.086948][T15509] bridge0: port 2(bridge_slave_1) entered blocking state
[  628.090103][T15509] bridge0: port 2(bridge_slave_1) entered disabled state
[  628.093192][T15509] bridge_slave_1: entered allmulticast mode
[  628.096999][T15509] bridge_slave_1: entered promiscuous mode
[  628.125722][T15509] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  628.135542][T15509] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  628.160325][T15509] team0: Port device team_slave_0 added
[  628.165339][T15509] team0: Port device team_slave_1 added
[  628.187971][T15509] batman_adv: batadv0: Adding interface: batadv_slave_0
[  628.190846][T15509] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  628.201628][T15509] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  628.212623][T15509] batman_adv: batadv0: Adding interface: batadv_slave_1
[  628.215546][T15509] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  628.226112][T15509] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  628.262069][T15509] hsr_slave_0: entered promiscuous mode
[  628.264360][T15509] hsr_slave_1: entered promiscuous mode
[  628.266447][T15509] debugfs: 'hsr0' already exists in 'hsr'
[  628.268424][T15509] Cannot create hsr debugfs directory
[  628.373233][T15509] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  628.377265][T15509] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  628.380166][T15509] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  628.384154][T15509] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  628.386868][T15509] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  628.391087][T15509] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  628.393786][T15509] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  628.397727][T15509] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  628.413856][T15509] bridge0: port 2(bridge_slave_1) entered blocking state
[  628.416204][T15509] bridge0: port 2(bridge_slave_1) entered forwarding state
[  628.418823][T15509] bridge0: port 1(bridge_slave_0) entered blocking state
[  628.421369][T15509] bridge0: port 1(bridge_slave_0) entered forwarding state
[  628.452678][T15509] 8021q: adding VLAN 0 to HW filter on device bond0
[  628.485140][   T73] bridge0: port 1(bridge_slave_0) entered disabled state
[  628.497930][   T73] bridge0: port 2(bridge_slave_1) entered disabled state
[  628.511770][T15509] 8021q: adding VLAN 0 to HW filter on device team0
[  628.514902][T15545] FAULT_INJECTION: forcing a failure.
[  628.514902][T15545] name failslab, interval 1, probability 0, space 0, times 0
[  628.518719][T15545] CPU: 2 UID: 0 PID: 15545 Comm: syz.0.2346 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  628.518737][T15545] Tainted: [L]=SOFTLOCKUP
[  628.518741][T15545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  628.518748][T15545] Call Trace:
[  628.518753][T15545]  <TASK>
[  628.518757][T15545]  dump_stack_lvl+0x100/0x190
[  628.518776][T15545]  should_fail_ex.cold+0x5/0xa
[  628.518792][T15545]  should_failslab+0xc2/0x120
[  628.518806][T15545]  kmem_cache_alloc_noprof+0x7b/0x6e0
[  628.518818][T15545]  ? radix_tree_node_alloc.constprop.0+0x66/0x340
[  628.518838][T15545]  radix_tree_node_alloc.constprop.0+0x66/0x340
[  628.518856][T15545]  idr_get_free+0x52e/0xa00
[  628.518878][T15545]  idr_alloc_u32+0x1ac/0x320
[  628.518897][T15545]  ? __pfx_idr_alloc_u32+0x10/0x10
[  628.518916][T15545]  ? tcf_exts_init_ex+0x1b8/0x690
[  628.518935][T15545]  basic_change+0xb8f/0x1200
[  628.518956][T15545]  ? __pfx_basic_change+0x10/0x10
[  628.518980][T15545]  ? __pfx_basic_change+0x10/0x10
[  628.518995][T15545]  tc_new_tfilter+0x9df/0x24a0
[  628.519028][T15545]  ? __pfx_tc_new_tfilter+0x10/0x10
[  628.519061][T15545]  ? __lock_acquire+0x4a5/0x2630
[  628.519085][T15545]  ? find_held_lock+0x2b/0x80
[  628.519100][T15545]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  628.519118][T15545]  ? __pfx_tc_new_tfilter+0x10/0x10
[  628.519136][T15545]  rtnetlink_rcv_msg+0x95e/0xe90
[  628.519152][T15545]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  628.519170][T15545]  ? __lock_acquire+0x4a5/0x2630
[  628.519183][T15545]  netlink_rcv_skb+0x159/0x420
[  628.519201][T15545]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  628.519217][T15545]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  628.519239][T15545]  ? netlink_deliver_tap+0x1ae/0xcc0
[  628.519258][T15545]  netlink_unicast+0x585/0x850
[  628.519278][T15545]  ? __pfx_netlink_unicast+0x10/0x10
[  628.519299][T15545]  netlink_sendmsg+0x8b0/0xda0
[  628.519319][T15545]  ? __pfx_netlink_sendmsg+0x10/0x10
[  628.519338][T15545]  ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[  628.519361][T15545]  ____sys_sendmsg+0x9e1/0xb70
[  628.519380][T15545]  ? __pfx_netlink_sendmsg+0x10/0x10
[  628.519405][T15545]  ? __pfx_____sys_sendmsg+0x10/0x10
[  628.519438][T15545]  ___sys_sendmsg+0x190/0x1e0
[  628.519451][T15545]  ? __pfx____sys_sendmsg+0x10/0x10
[  628.519469][T15545]  ? find_held_lock+0x2b/0x80
[  628.519492][T15545]  __sys_sendmsg+0x170/0x220
[  628.519507][T15545]  ? __pfx___sys_sendmsg+0x10/0x10
[  628.519520][T15545]  ? __fget_files+0x21f/0x3d0
[  628.519538][T15545]  ? ksys_write+0x1ac/0x250
[  628.519553][T15545]  ? rcu_is_watching+0x12/0xc0
[  628.519568][T15545]  __do_fast_syscall_32+0xe7/0x950
[  628.519585][T15545]  ? lockdep_hardirqs_on+0x78/0x100
[  628.519598][T15545]  do_fast_syscall_32+0x32/0x70
[  628.519610][T15545]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  628.519625][T15545] RIP: 0023:0xf702ef7c
[  628.519635][T15545] Code: d2 74 05 c1 e8 0c 89 02 8b 5d fc 31 c0 c9 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 2e 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 58 b8
[  628.519647][T15545] RSP: 002b:00000000f541d50c EFLAGS: 00000292 ORIG_RAX: 0000000000000172
[  628.519658][T15545] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 00000000800001c0
[  628.519665][T15545] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  628.519672][T15545] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  628.519678][T15545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  628.519684][T15545] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  628.519698][T15545]  </TASK>
[  628.643642][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  628.646000][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  628.651546][  T188] bridge0: port 2(bridge_slave_1) entered blocking state
[  628.653843][  T188] bridge0: port 2(bridge_slave_1) entered forwarding state
[  628.874514][T15557] IPVS: set_ctl: invalid protocol: 2 0.0.0.0:20002
[  628.974267][T15566] netlink: 'syz.3.2350': attribute type 1 has an invalid length.
[  629.056502][T15509] 8021q: adding VLAN 0 to HW filter on device batadv0
[  629.209962][ T5821] usb 7-1: new full-speed USB device number 39 using dummy_hcd
[  629.221325][ T1432] ieee802154 phy1 wpan1: encryption failed: -22
[  629.261187][T15509] veth0_vlan: entered promiscuous mode
[  629.273763][T15509] veth1_vlan: entered promiscuous mode
[  629.303469][   T62] Bluetooth: hci1: command tx timeout
[  629.335332][T15509] veth0_macvtap: entered promiscuous mode
[  629.342457][T15509] veth1_macvtap: entered promiscuous mode
[  629.359939][T15509] batman_adv: batadv0: Interface activated: batadv_slave_0
[  629.371689][T15509] batman_adv: batadv0: Interface activated: batadv_slave_1
[  629.382652][   T59] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  629.383984][ T5821] usb 7-1: config 0 has no interfaces?
[  629.385514][   T59] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  629.392092][   T59] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  629.395106][   T59] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  629.405968][ T5821] usb 7-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=fb.9d
[  629.430934][ T5821] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  629.441467][ T5821] usb 7-1: Product: syz
[  629.443146][ T5821] usb 7-1: Manufacturer: syz
[  629.453141][ T5821] usb 7-1: SerialNumber: syz
[  629.471853][ T5821] usb 7-1: config 0 descriptor??
[  629.535819][T13986] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  629.545523][T13986] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  629.566395][T13986] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  629.570229][T13986] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  629.697838][T15092] usb 7-1: USB disconnect, device number 39
[  630.304305][T15599] The dccp option matching is deprecated and scheduled to be removed in 2027.
[  630.304305][T15599] Please contact the netfilter-devel mailing list or update your nftables rules.
[  631.174249][T15601] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2355'.
[  631.417760][   T62] Bluetooth: hci1: command tx timeout
[  631.671396][T15603] syzkaller0: entered promiscuous mode
[  631.673188][T15603] syzkaller0: entered allmulticast mode
[  631.922760][T15608] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  631.932691][T15608] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2359'.
[  632.171278][T15594] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input54
[  632.358676][T15596] can0: slcan on ttyS3.
[  632.617545][T15596] can0 (unregistered): slcan off ttyS3.
[  632.728943][T15619] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2361'.
[  633.183572][   T40] kauditd_printk_skb: 17 callbacks suppressed
[  633.183584][   T40] audit: type=1326 audit(1779802006.734:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15628 comm="syz.2.2363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef7c code=0x7ffc0000
[  633.193173][   T40] audit: type=1326 audit(1779802006.744:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15628 comm="syz.2.2363" exe="/syz-executor" sig=0 arch=40000003 syscall=331 compat=1 ip=0xf6fdef7c code=0x7ffc0000
[  633.203174][   T40] audit: type=1326 audit(1779802006.744:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15628 comm="syz.2.2363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef7c code=0x7ffc0000
[  633.211175][   T40] audit: type=1326 audit(1779802006.744:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15628 comm="syz.2.2363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef7c code=0x7ffc0000
[  633.218834][   T40] audit: type=1326 audit(1779802006.774:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15628 comm="syz.2.2363" exe="/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf6fdef7c code=0x7ffc0000
[  633.227844][   T40] audit: type=1326 audit(1779802006.784:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15628 comm="syz.2.2363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef7c code=0x7ffc0000
[  633.235554][   T40] audit: type=1326 audit(1779802006.784:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15628 comm="syz.2.2363" exe="/syz-executor" sig=0 arch=40000003 syscall=395 compat=1 ip=0xf6fdef7c code=0x7ffc0000
[  633.295615][   T40] audit: type=1326 audit(1779802006.844:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15628 comm="syz.2.2363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef7c code=0x7ffc0000
[  633.324044][   T40] audit: type=1326 audit(1779802006.854:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15628 comm="syz.2.2363" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf6fdef7c code=0x7ffc0000
[  633.388633][   T40] audit: type=1326 audit(1779802006.934:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15628 comm="syz.2.2363" exe="/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf6fdef7c code=0x7ffc0000
[  633.457696][   T62] Bluetooth: hci1: command tx timeout
[  633.519132][T15637] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2365'.
[  634.481388][T15647] bochs-drm 0000:00:01.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem
[  634.486760][T15647] netlink: 72 bytes leftover after parsing attributes in process `syz.4.2368'.
[  634.618479][T15653] netlink: 'syz.3.2370': attribute type 21 has an invalid length.
[  634.619524][T15654] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2371'.
[  634.624291][T15654] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  634.627374][T15653] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2370'.
[  634.639229][T15654] batman_adv: batadv0: Removing interface: batadv_slave_1
[  634.651380][T15653] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2370'.
[  635.540155][   T62] Bluetooth: hci1: command tx timeout
[  636.428719][ T5821] usb 7-1: new full-speed USB device number 40 using dummy_hcd
[  636.651343][ T5821] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  636.657526][ T5821] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[  636.667762][ T5821] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 64
[  636.684152][ T5821] usb 7-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[  636.697645][ T5821] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  636.706475][ T5821] usb 7-1: Product: syz
[  636.708374][ T5821] usb 7-1: Manufacturer: syz
[  636.709897][ T5821] usb 7-1: SerialNumber: syz
[  636.718221][ T5821] usb 7-1: config 0 descriptor??
[  636.725173][T15687] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  636.787400][ T5821] rc_core: IR keymap rc-streamzap not found
[  636.789279][ T5821] Registered IR keymap rc-empty
[  636.801527][ T5821] rc rc0: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0
[  636.810013][ T5821] input: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input55
[  636.943147][T15692] sctp: [Deprecated]: syz.3.2379 (pid 15692) Use of int in maxseg socket option.
[  636.943147][T15692] Use struct sctp_assoc_value instead
[  636.965667][T15687] bridge0: port 1(batadv0) entered blocking state
[  636.968347][T15687] bridge0: port 1(batadv0) entered disabled state
[  636.970819][T15687] batadv0: entered allmulticast mode
[  636.973535][T15687] batadv0: entered promiscuous mode
[  636.975280][T15693] ------------[ cut here ]------------
[  636.978512][T15693] !valid_signal(sig)
[  636.978524][T15693] WARNING: kernel/signal.c:2174 at do_notify_parent+0xea8/0x10b0, CPU#0: syz.2.2378/15693
[  636.984775][T15693] Modules linked in:
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  636.987191][T15693] CPU: 0 UID: 0 PID: 15693 Comm: syz.2.2378 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  636.992066][T15693] Tainted: [L]=SOFTLOCKUP
[  636.994118][T15693] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  636.998554][T15693] RIP: 0010:do_notify_parent+0xea8/0x10b0
[  637.001073][T15693] Code: f4 ff ff e8 4a a7 3d 00 41 c1 ff 08 c7 84 24 90 00 00 00 01 00 00 00 44 89 bc 24 a0 00 00 00 e9 92 f8 ff ff e8 29 a7 3d 00 90 <0f> 0b 90 45 31 f6 e9 f5 f9 ff ff e8 18 a7 3d 00 90 0f 0b 90 e9 43
[  637.009434][T15693] RSP: 0018:ffffc9000403fcd0 EFLAGS: 00010093
[  637.012040][T15693] RAX: 0000000000000000 RBX: ffff888024dba500 RCX: ffffffff81ca58ab
[  637.015522][T15693] RDX: ffff888024dba500 RSI: ffffffff81ca6697 RDI: ffff888024dba500
[  637.018924][T15693] RBP: 0000000000000080 R08: 0000000000000007 R09: 0000000000000040
[  637.022475][T15693] R10: 0000000000000080 R11: 0000000000000000 R12: 1ffff92000807f9d
[  637.025875][T15693] R13: dffffc0000000000 R14: 0000000000000080 R15: ffff888029d52500
[  637.029542][T15693] FS:  0000000000000000(0000) GS:ffff888097171000(0000) knlGS:0000000000000000
[  637.033447][T15693] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  637.036362][T15693] CR2: 00000000f7148710 CR3: 000000002a870000 CR4: 0000000000352ef0
[  637.039807][T15693] Call Trace:
[  637.041422][T15693]  <TASK>
[  637.042785][T15693]  ? __pfx_do_notify_parent+0x10/0x10
[  637.045122][T15693]  ? do_raw_spin_lock+0x128/0x260
[  637.047429][T15693]  ? lockdep_hardirqs_on+0x78/0x100
[  637.049753][T15693]  ? _raw_write_lock_irq+0x45/0x50
[  637.051984][T15693]  do_exit+0x1b84/0x2af0
[  637.053939][T15693]  ? exc_page_fault+0x6f/0xd0
[  637.056033][T15693]  ? __pfx_do_exit+0x10/0x10
[  637.058162][T15693]  __ia32_sys_exit+0x42/0x50
[  637.060169][T15693]  ia32_sys_call+0x19ef/0x19f0
[  637.062352][T15693]  __do_fast_syscall_32+0xe7/0x950
[  637.064568][T15693]  do_fast_syscall_32+0x32/0x70
[  637.066785][T15693]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  637.069571][T15693] RIP: 0023:0xf6fdef7c
[  637.071371][T15693] Code: Unable to access opcode bytes at 0xf6fdef52.
[  637.074257][T15693] RSP: 002b:000000008000766c EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[  637.077956][T15693] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 000000008000774c
[  637.081385][T15693] RDX: 000000008000774c RSI: 0000000000000000 RDI: 0000000000000000
[  637.084956][T15693] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  637.088392][T15693] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  637.091870][T15693] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  637.095245][T15693]  </TASK>
[  637.096692][T15693] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  637.099958][T15693] CPU: 0 UID: 0 PID: 15693 Comm: syz.2.2378 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  637.104649][T15693] Tainted: [L]=SOFTLOCKUP
[  637.106656][T15693] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  637.111005][T15693] Call Trace:
[  637.112504][T15693]  <TASK>
[  637.113829][T15693]  dump_stack_lvl+0x100/0x190
[  637.115898][T15693]  vpanic+0x552/0x970
[  637.117224][T15693]  ? __pfx_vpanic+0x10/0x10
[  637.118865][T15693]  panic+0xd1/0xe0
[  637.120638][T15693]  ? __pfx_panic+0x10/0x10
[  637.122616][T15693]  ? check_panic_on_warn+0x1f/0x90
[  637.124931][T15693]  check_panic_on_warn.cold+0x19/0x34
[  637.127243][T15693]  ? do_notify_parent+0xea8/0x10b0
[  637.129525][T15693]  __warn.cold+0x191/0x328
[  637.131477][T15693]  __report_bug+0x296/0x3d0
[  637.133560][T15693]  ? do_notify_parent+0xea8/0x10b0
[  637.135869][T15693]  ? __pfx___report_bug+0x10/0x10
[  637.138041][T15693]  ? exit_fs+0x12c/0x180
[  637.140099][T15693]  ? kasan_save_stack+0x3f/0x50
[  637.142248][T15693]  ? kasan_save_stack+0x30/0x50
[  637.144451][T15693]  ? kasan_save_track+0x14/0x30
[  637.146587][T15693]  ? kasan_save_free_info+0x3b/0x70
[  637.148941][T15693]  ? __kasan_slab_free+0x5f/0x80
[  637.151186][T15693]  ? kmem_cache_free+0x127/0x6c0
[  637.153320][T15693]  ? exit_fs+0x12c/0x180
[  637.155299][T15693]  ? do_exit+0x1843/0x2af0
[  637.157243][T15693]  ? __ia32_sys_exit+0x42/0x50
[  637.159416][T15693]  ? ia32_sys_call+0x19ef/0x19f0
[  637.161578][T15693]  ? __do_fast_syscall_32+0xe7/0x950
[  637.163950][T15693]  ? do_fast_syscall_32+0x32/0x70
[  637.166147][T15693]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  637.169116][T15693]  ? do_notify_parent+0xea8/0x10b0
[  637.171315][T15693]  report_bug+0xb2/0x220
[  637.173148][T15693]  ? do_notify_parent+0xea8/0x10b0
[  637.175460][T15693]  handle_bug+0x16a/0x2a0
[  637.177440][T15693]  exc_invalid_op+0x17/0x50
[  637.179460][T15693]  asm_exc_invalid_op+0x1a/0x20
[  637.181656][T15693] RIP: 0010:do_notify_parent+0xea8/0x10b0
[  637.184098][T15693] Code: f4 ff ff e8 4a a7 3d 00 41 c1 ff 08 c7 84 24 90 00 00 00 01 00 00 00 44 89 bc 24 a0 00 00 00 e9 92 f8 ff ff e8 29 a7 3d 00 90 <0f> 0b 90 45 31 f6 e9 f5 f9 ff ff e8 18 a7 3d 00 90 0f 0b 90 e9 43
[  637.192420][T15693] RSP: 0018:ffffc9000403fcd0 EFLAGS: 00010093
[  637.195118][T15693] RAX: 0000000000000000 RBX: ffff888024dba500 RCX: ffffffff81ca58ab
[  637.198269][T15693] RDX: ffff888024dba500 RSI: ffffffff81ca6697 RDI: ffff888024dba500
[  637.201664][T15693] RBP: 0000000000000080 R08: 0000000000000007 R09: 0000000000000040
[  637.205076][T15693] R10: 0000000000000080 R11: 0000000000000000 R12: 1ffff92000807f9d
[  637.208552][T15693] R13: dffffc0000000000 R14: 0000000000000080 R15: ffff888029d52500
[  637.211966][T15693]  ? do_notify_parent+0xbb/0x10b0
[  637.214201][T15693]  ? do_notify_parent+0xea7/0x10b0
[  637.216545][T15693]  ? __pfx_do_notify_parent+0x10/0x10
[  637.218846][T15693]  ? do_raw_spin_lock+0x128/0x260
[  637.221137][T15693]  ? lockdep_hardirqs_on+0x78/0x100
[  637.223476][T15693]  ? _raw_write_lock_irq+0x45/0x50
[  637.225680][T15693]  do_exit+0x1b84/0x2af0
[  637.227660][T15693]  ? exc_page_fault+0x6f/0xd0
[  637.229696][T15693]  ? __pfx_do_exit+0x10/0x10
[  637.231467][T15693]  __ia32_sys_exit+0x42/0x50
[  637.233051][T15693]  ia32_sys_call+0x19ef/0x19f0
[  637.234612][T15693]  __do_fast_syscall_32+0xe7/0x950
[  637.236263][T15693]  do_fast_syscall_32+0x32/0x70
[  637.237850][T15693]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  637.239929][T15693] RIP: 0023:0xf6fdef7c
[  637.241213][T15693] Code: Unable to access opcode bytes at 0xf6fdef52.
[  637.243386][T15693] RSP: 002b:000000008000766c EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[  637.246094][T15693] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 000000008000774c
[  637.248647][T15693] RDX: 000000008000774c RSI: 0000000000000000 RDI: 0000000000000000
[  637.251224][T15693] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  637.253785][T15693] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000
[  637.256297][T15693] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  637.258875][T15693]  </TASK>
[  637.260829][T15693] Kernel Offset: disabled
[  637.262251][T15693] Rebooting in 86400 seconds..