last executing test programs:

1m50.561019455s ago: executing program 0 (id=673):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0xf, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffff000}, 0x40)

1m50.511801722s ago: executing program 0 (id=675):
prlimit64(0x0, 0xe, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mlockall(0x7)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x1, 0x1ff, 0x0, 0x8009}, 0x10)
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f00003f00020000000200000800040001000000", 0x24)

1m50.311822302s ago: executing program 0 (id=679):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x200a})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x4c, 0x0, &(0x7f00000006c0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x48, 0x18, &(0x7f00000005c0)={@flat=@binder={0x66646185, 0x1, 0x1, 0x1000000}, @flat=@binder={0x73622a85, 0x190b, 0x3, 0x1000000}, @fd}, &(0x7f0000000140)={0x0, 0x18, 0x30}}, 0x40}], 0x0, 0x1000000000000, 0x0})

1m50.3112762s ago: executing program 0 (id=682):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r0 = syz_open_dev$radio(&(0x7f0000000000), 0x0, 0x2)
ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f00000004c0)={0x0, 0x1, 0x1000000, 0x0, 0x100000, 0x0, 0x300})

1m50.237772545s ago: executing program 0 (id=684):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@nat={'nat\x00', 0x2, 0x5, 0x628, 0x398, 0x398, 0xffffffff, 0x0, 0x0, 0x558, 0x558, 0xffffffff, 0x558, 0x558, 0x5, 0x0, {[{{@uncond, 0x0, 0x220, 0x268, 0x0, {}, [@common=@rt={{0x138}, {0x0, [0x0, 0x800], 0x0, 0xf23d8cefb056ae2b, 0x7, [@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @private0, @rand_addr=' \x01\x00', @ipv4={'\x00', '\xff\xff', @remote}, @loopback, @rand_addr=' \x01\x00', @remote, @rand_addr=' \x01\x00', @private0={0xfc, 0x0, '\x00', 0x1}, @private2={0xfc, 0x2, '\x00', 0x1}, @empty, @dev={0xfe, 0x80, '\x00', 0x2b}, @dev={0xfe, 0x80, '\x00', 0x39}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @remote], 0x9}}, @common=@unspec=@connlimit={{0x40}, {[0x0, 0xffffffff, 0xffffffff, 0xff000000], 0xffffff7f, 0x1, {0x4}}}]}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x0, @ipv4=@empty, @ipv6=@remote, @port=0x4e22, @gre_key}}}, {{@uncond, 0x0, 0xe8, 0x130, 0x0, {}, [@common=@unspec=@connlimit={{0x40}, {[0x0, 0x0, 0xff]}}]}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x3, @ipv6=@local, @ipv4=@multicast2, @port=0x4e24, @port=0x4e21}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0xa}, @ipv6=@rand_addr=' \x01\x00', @gre_key, @gre_key}}}, {{@ipv6={@remote, @mcast1, [0xff0000ff, 0xff000000], [0xffffffff], 'veth1_macvtap\x00', 'pim6reg\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x688) (async)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="5c0000000206050800000000000000000000000005000400000000000900020073797a30000000001400078008001340000000000800064000000000050005000000000005000100060000000d000300686173683a6d6163"], 0x5c}, 0x1, 0x0, 0x0, 0x28000090}, 0x0) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000080)={0x8}) (async)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)

1m50.237472682s ago: executing program 0 (id=686):
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04140600c9"], 0x9)

1m35.205417475s ago: executing program 32 (id=686):
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04140600c9"], 0x9)

17.710100126s ago: executing program 3 (id=2441):
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000001580), 0x0, 0x0)
read$msr(r0, &(0x7f00000003c0)=""/74, 0x19) (async)
io_uring_setup(0x129, &(0x7f0000000300)={0x0, 0x5009, 0x2000, 0x2, 0xa5, 0x0, r0})
r1 = socket$nl_route(0x10, 0x3, 0x0) (async)
pipe2$9p(&(0x7f0000000100)={<r2=>0xffffffffffffffff}, 0xc80)
r3 = socket(0x1, 0x2, 0x0)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r4=>0x0}, &(0x7f0000cab000)=0xc)
setresuid(0x0, r4, r4) (async)
r5 = getuid()
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x80, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid={'access', 0x3d, r4}}, {@privport}, {@cache_readahead}, {@version_L}, {@cache_none}, {@version_u}, {@directio}, {@noxattr}, {@access_client}], [{@appraise}, {@obj_type={'obj_type', 0x3d, 'bridge_slave_0\x00'}}, {@mask={'mask', 0x3d, '^MAY_EXEC'}}, {@dont_appraise}, {@uid_gt={'uid>', r5}}, {@seclabel}, {@obj_role={'obj_role', 0x3d, '.@\x82[+['}}]}}) (async)
sendmsg$nl_route(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newlink={0x58, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, 0xe59bca127d81b0fa, 0xc574450d1af3b5bc}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_MODE={0x5, 0x4, 0x1}]}}}, @IFLA_IFNAME={0x14, 0x3, 'bridge_slave_0\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x20044010}, 0x4040)
ioctl$FITRIM(r1, 0xc0185879, &(0x7f0000000040)={0x800, 0x8, 0x80000000})

17.64040985s ago: executing program 3 (id=2443):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$inet6_opts(r2, 0x29, 0x3b, &(0x7f0000000480)=@dstopts={0x67, 0x32, '\x00', [@jumbo={0xc2, 0x4, 0x1}, @hao={0xc9, 0x10, @remote}, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @generic={0x2, 0x43, "7a062f687319caa4dd1fb24ed670f87d5dd673cf8c967f007c95ae6e894f58773d5fac3ae2629a659850c13815e4dd69beac87f3157a2b733c86aea37699df621c0af2"}, @jumbo={0xc2, 0x4, 0x10000}, @calipso={0x7, 0x38, {0x2, 0xc, 0x3, 0x6, [0x6, 0xc, 0x1, 0x3ff, 0x101, 0x3]}}, @enc_lim={0x4, 0x1, 0x80}, @generic={0x73, 0xe5, "6c4509c09657185ea1da987da0b94aecad43f8745a998162d84617063de3028a9e9d8e819d6b70dad6430a579db108dc80fecbf482f0f5f3dbe66b4fba271cc614044747b04d95f97934bd207837aa54f78afef9fcd18d55f410f6f15ed48986888db3a5a6f031a9d677269161eca385845ca582fbe5342c36a5768296c1ec570f3b0bc723fc615cf2db74c81f46509b220300ea0ec17a64e31665595037e2de81354a339ea72fcc60657ecfc62bfacf2de9f649cca95f0b779539c424997ecebee590e2422b88c339fcc340f1da61a84290a8ed831cbb1b6767f1f78af5b441000783a867"}]}, 0x1a0)
ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x800038, 0x7, 0x3, 0x180, 0x6, 0x10, 0xf1, 0x100000001, 0x1, 0xca0, 0x0, 0x2000000002d, 0x0, 0x6, 0x0, 0xbd9], 0xffff1001, 0x43100})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x1fe, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000003c0)={[0x7, 0x1000000000, 0x0, 0x200000000000043, 0x2000004, 0x0, 0x2004cb, 0x0, 0xa7c, 0x68ff, 0x7, 0x100008000000009, 0x803, 0x0, 0x9], 0xeeee8000, 0x202})
ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x3000, 0x1, 0x8, 0x8, 0xb, 0xe6, 0x40, 0x0, 0x0, 0x81, 0x80}, {0x5000, 0x3000, 0x3, 0x0, 0x42, 0x9, 0x75, 0x6, 0x36, 0x0, 0x2, 0xb4}, {0x0, 0xdddd0000, 0xe, 0x5, 0x3, 0x7, 0x0, 0x11, 0x1, 0xa4, 0x5, 0x5}, {0x8000000, 0xeeee0000, 0x9, 0x6, 0x5, 0x42, 0xb, 0xff, 0x8, 0x7, 0xe, 0x4}, {0xf000, 0xd000, 0xf, 0x3, 0x16, 0x7, 0xab, 0x8, 0x9, 0x9, 0xf7, 0x97}, {0xeeefa000, 0xdddd0000, 0x6, 0xa0, 0xb1, 0x8, 0xfe, 0xa0, 0x82, 0x2f, 0x1, 0x7}, {0x3000, 0x3000, 0xf, 0x5, 0x7, 0x5, 0x7, 0x3, 0x8, 0x81, 0x40, 0x70}, {0xdddd0000, 0x4000, 0xa, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x2, 0xc, 0xb0, 0x81}, {0xeeee0000, 0x30}, {0x8000000, 0x7}, 0x80000031, 0x0, 0x3000, 0x24, 0x2, 0x0, 0x100000, [0x6800000000000000, 0x4, 0x3, 0x8]})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

17.408620232s ago: executing program 3 (id=2447):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c00000010000104000000000000000000460000", @ANYRES32=0x0, @ANYBLOB="5d580000000000001c001a8018000a801400070000000000000000000000000000000001140003006970766c616e310000000000000000001c00790727c35df39725766c"], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x0)

17.40699963s ago: executing program 3 (id=2448):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006180)={0x2020, 0x0, <r1=>0x0}, 0x2020)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x3)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000002c0)=0x15)
syz_fuse_handle_req(r0, &(0x7f0000004180)="92756f43b31ffe542788ef586b7c5a344424e3acac2590be6bbe37adface4a8f2e534ffe76a83a93f0b3680a72fddfde83f96d01982384e8d689219cb9669b14dbaa1b799f82ea1fc926126a4163618e16d4f94143a4e0f27c44fcef3920a0b3805ed4e78098d8689cc7791bd86648070718d238664332948d87866c8d2590fc0f017f9853abd9ed60b99f1aa6ae2dbd24ab6dbcebdb055246815ace147cc50fa3b2861148fcda374d5b203e51d72c45e4dde3e9ee9a47ffe458baf7bb49035135a8194aa1f0a83fa2abed56398f90daff679634619453f533f22583a6e0a4dc09e9de46684d5e0136e229510f3702cf3a4cd0065d3e5d3c419e38a80b070ca55010e082a9c510fd18cc0b26bb5e8e459e747befbc5c6b60ace80bf41417b7b78cf57e5b3984f0cdddc615c5e0000454d3f4a196fb6d18aa629cf0b0245f95ba958d86dc175616f8cd3ac473057dc3a5ff7107973326350107f4468e7ecd48d689b82c12d22ae5f1858302a1b4cfde8fd347a99ddcde40d1c49d9b5099fbccf09e782212be4b2ce36a2bc3c9ee794abffe72a5501e6c4f3f7f68b74761ffd6620609224a3bf11f655dadb5c8a5813b02fb46830e9ac6825f5d0e89910352eb3a58c0dd82d094f94dd2c85666f684a8f437bbd0e66b9f4d366117b67a054d212c4fbc287848cb0578391335d5d616b14d99a2e3df8e8a152d5de99bcefcaab5bb5cc71f3ddd66b379c104648e190e0b28a180d3aecc5423575d4ba7dbf31215c717da7b87dd454b6efcd36c91aaa631127f5bd88723d221752f102bc0c7ac6c5c7a1ad6747af40d01b6d39eab7b0e1292b44683c586386ad00acf60fb8f9bac551a6eb5bab7317b5d89f64db10bd9018dfa6d65d93862e851afbc30fd70fe5f0de322462045177231852ca80e4e78da4fea0c79ba354333026c8bc77d308a8d256a19ec45d2088c196691d3f9aac28ded36004a65ee1ce49ba9599ceee84534bb61d02d04a6732f1e27d72962f74b59f3522bf844c5022986d55934e48b8681b7f5b7532391448caeef00315d28320a46d8bd7813544e1e4bf994e14a519c2654ff20b42bdb69c262897e28eca528f0999840b00ed8256597d27cfc20d71d5f40d0bbca759f7594c6034aa1e16a84ed152fad0fdc1c303a7f61225712714f823afc5ea241d482d3585759623af8c97ca6a84a2033b3d7314ea0ef7ba9b288b362a294c92c8b9736829c16f61c5a1ee04aca965d71162292274595ea62c9c2918e8279c99f5d2830c617c58211fd7452330184b9428d5ec1d5cd75ddcc6de3326fdc70e891104b3b013c30ffccfaf3308d9671b01f6b080a930dac2052c6f39817a662121d90d40d6a1facfb50bec7d408030b6d0ae3e744f3bcc327c35dc43cf86b743db78ff2e593b19923235ed6467f299b08718fe1840c16a748935dff941150fb08b30573b37bf9af5c86cc8d9e229a832e4ef25ec91f71120f2b3e9062485976c280a2d172386029e2f2a4801197fca0a13514edacf5ddbac5a62e8bb13dd1572657a821a8739297f72e29239d1cdddf3e30cbe9af3141f2275ee4ae85d86ec888fe9a6751f252057e95b8beb055e276439581afee93cd44f1e92f70e5f725451d3ab662918ffbb1269509fbd511e95a00ec717f9d60d643864abd6ad1cc4dd7f933379a6078a86c2158db8076e7b660366fca7b1c46d09d2c8e67a6494bfb4c2c6750e76593895b5e2b2bc78093840c3c4a807826bc2750a96b4e1dd5b82b492bb2215518c92064d1763c37132604e52e73fac3f4511f791753aeecfbb19816e0da7a1bfbea9eeaa0f256eaedcb119a61f7d0ea0f5cd4969d45cb014800f2c888d5c2217cf0f69a7507779883b57352bb8883cc584891950d6e792537074f4fc4337aa19b9bf60e18edd939d289fb4a6b7aa6c66da20774e249ca4f779d3c910b1a9a8e4c38af6adecc87d5481d181fd66023ffff246f4e2556b218fe8110acebe20b1675f1de6f265b6d1d8514a53522396bf0e2f2b153c498e48b36d16f8b9bd56f45d7f5b9397d7f1339117a176d0bad0b68e800682416d3e18fe2197c7f8dc20600feb95cc6ba86ad47f113e159bd4389e30eab2874bd27eebc56020c4dab9973b13f3e82aa62a7e0a151d73de48cb811e32be63ffd303f5a6ea6f097ed763fbf36c430821e451146de79922348354ce285af0997bf3c66e6ef02942e24b8f1ccdd542f09cfe65c0da0094c0b5fd26bbc061538b41e5ed2cbb390ee29b10a4b7a696009e1b5b86c44c0a561a257c15415feaeb1433ea275ed6e4b228503fe71ee5942665164faaed6697112206be0fe7863aebd4bbe951d5dea1da294dba0793196385f4d5141c9d6c4b0fa22b2e200cfb70b52aca31655e71e5a576ccb8ccb5b1364748aa981edbb81a813b1aebc67be1f7619e7e197622d981280429f6ca5145c5b3b05e6bace9191e5c58fbf140f71f594cbfd4db0e9f6923f1758ff9464a61a720a5d4f09c622c3ce3f5d0d3a1d191111168108f41f12b16e9eaf3617c353715cd35260560cbfd0555d51ce5c40bbdb7c95ceaeadadb8902974de50b0863348183864f5ea682e678286a06a6f396af29a7c7fb33a3579e25835963612f3c0d4cf369d85959a0adeda94d35824050e6fba7f83f90867583f713d7783323c7010e94c9be331f860db395dbde6face5bfdb616fcefa9c6b01f6963daa840a31ff554a458c0c50cb5e09f91f54f63234589decaf45bbfbaef0dcbff4ae6e65ca26a530261c491ef8eb9a855a1d7463391c9b66be96cf24c3c321ee5a5bdc857f60b582683c6ae1e3775b62a9f19ff8fa51380ca8a2a3c6de79012f5727ba12025e7e6723a23a81e067ca6e54c7b38ff64880d235d21e7ee5258953dcbf9e2a962f006ca4ffe870859242c850cbae4222b3b72c4f86934379ba2ead1dcde906241b994d95c88355af5a9a30ace9c933a6942f341ad221dd825846a8fd44c03e2eaa9311c26e15a1bd7cbba961a22ef23d7ebba0e34cec5ef09b1ce72814a97e33bd29f3d9ec80a4f45d1d29486accf15c11f1a800bd84918e7626f678275d7c7acb02cc0e6e34bb766ba6b75c3ad14fca9352e09c3b69390c045cfc842ff9ade8ca693c07fadc7047a946e6e570c3afc5b501c964103397f5ddadc2d59a048348dd42f07cfe31bc9b5ae453f5086bb41bba4c8a3e518e30b0855184b053f923025dd72ce1bcbf41231978b34a8547c71d7313992165078903c61d312b0d9469413c9fd97ccdf0ea270fb6c47ec8861a1c8d909eeace761b5a06ba46e25785ff87f867777abb237c6c980687991f1ed0157d58492260c712cec34c1fc0962103955db4d5090b6e8409cf3c3c79d0e691cf4fbc0b2251a016dcd456969cd32e5429533bf0d6f8bda84c05f0e2040de8b53bfb8676eec4b76c3df6f46b1e43732035dda577e75f640777f6ae90fd2f1af42ba462dac732019c599bfef01acd6a0d4d1796bcb8f58519d6f9ad9a3206704a94d472516b988141f44ecd2e6f28a49aa0c449db87972fc995a97379914546ea43143ea2cf779a9cbe81f111fe89129db3610492164ab2598eca7e60d9a6963d8ba03a86729db86e420fd96d61b8fb11edc2b339b57a740074ae5b775eaf60cd85dc934e604bf2b4bd58ee01205b4df57ac20ff8db45a05982b579643882407050c005102a2e71f1e56dc76dbf5331112e83e48bfb5cf2a78a893190d78426175c162ffaa7278a43b9932318fc17fb8cb0dfac610b1ad235b91f9cb7623b155117e07f7b876a3c37627aa31eafed141cc0c5491c4f621a66b6d837a144d78719c46511c04a093cf65fce9fabe5bd6d499eceb63538ece3cf19053550a239bf978c08c879f9954485a4e3e0d5bedb84b407ced85c4dfc4d75af116815992c29f0bc927c4a990c38ae4fcc9feb90fec1b1b555e04d010423010855394d5ccfc8ed21164190cd8f83be5debb70290c3547f07e4dc42814f1e001798e6ceee2558b0c6ff8c1759f90269ee226131116332b99ac8dd104c92088e1f91ace3198c0f59bfb75c4e4a697660eed43a29c831a552de37fce6dce96fa51b6e2111f3071a4e94422d15e102e5f67da7ca6cae6bed7743ebffacb8a811a143605791d17232181a517e872f71262c3c73668f0ef83aad498f67fa26bae698cf78f24c2dbecd399a190e6b8d0684e929f2e8083765eb2c67793a1adbb89d36b58bfb197cdc5f3c894ac9d886e8f3b0936fabd233c09de8fab8099f72a74d908ba5c5e4d39790b0bf9e45b710f5587b7c937c76690c5c5fce621a53a9fd03b0a4ee6d8d1abbe2ed561820a77f12a08cad0755540ab6dd1604b7c30a8652995ab80b85e919011de9438a4637eb0291124ed4b745e782cff98510cb03be79c2a81351abf276584d75cdd96b9c97e73eb71000b3ab7c3c19c2cab4497298fcb3052b5d4503d05e7f310318be6f848547b1a4f4db82caee190801478be28065036aa4d91f290c1f396343e73a5fe8bb5ccf0a317177ed1f77acda1a4a49dccfcab8d1b5d79f015f788b6d5e9f8228a8bcdc0696e6b19f5edffbcd7e9509c87fbe1f726b93bf8c6d8d37428763e142560c46c9e894f7317859000c25abc4f3691ebcd020171e0d4911b5d97a238109aedeb00b2eb475c1e7b45175f8aa85193b5c0f43b434c15de01610c4d022646cd6e3637f349a434a77f571ac1c5d698452d1b991e267f78dca5e592ecd31ccafcad84e4e98d134b4adc525b81bd6843428883023a6ea407201738c8bf16b541ff7280274a34d4cf14819f2dbae167ca0cae8471c495e006b45194ad91c4516f21cbb10e0d26fd5d734cd7725df5b3fbe92955f4a9bb3b9b813aeeff79d6ed5db92def19d060a208c3ec8c42c110786f1e1496c50a7249b03fc792764366894a35320b99d0bef9fd0b6a246c36a357c6b985dc83a37a8d9b8b9ad643dea94860cbe763bb73cc8422b69d4d12332242c8954075fb7117a6679638073617abcdb4619855b2036af160647f66b3531645a3bf047ae290d6ae2249f114e7a8464278bae1486022bcc7c37390c8d9a0efb0e1cfa0da8ef7a5e072f99a47ecc75e4e442880375193db49bb82ba34901286ca473ed5b63e4048db4dc455e74b3fdd2e7898ca3f4c3a02d435cde6141eea645055123a7dcf0d22057f8d425701afc55859f5147954e719d58c7486b1e02ac16cb799b77632c66bb78e6e52e11017c1736424fa4d433f1e19b4c881d23f0b2a12d5fae3ae24339088088d9b496ad97bd9f6e20a8597d1452a0c72dcf43dbbda8f18166585c06d21fbffe5fe7b55f71c9b9f1b34a02bd05ca63c7c1b1bebbb9dd24fb10291b04c665d45154dd28b85d821ce7e613119128996785e1006a8dabc4899b10d2671107d5a0658ed363b9d4b39d02f8cc5e350fbf0a31048adecd1f9e2ca749bd86f195eb48e9b4605f050de03d642940d79184618f7f88a9a0a4683ad84d6134e395305bc1d4d9d17cc334b97653529d6682a87a5fac80a6d46d6e72fc22e58be7b8f8617b3372ef2622110ab1ec448717118b257acffe55d18c7855e9e8710ad977a6792b2315a189eb4468c68641e9b60c0dab7016ac1ad63cd8004b6eca8fc88b1e4263acc00499255c16b11487a0af858075f9c892dc8044c4146e5a5677c4a2cb24bde5e078985020d4ab1e4c87492e76b7e6f4bbd71d84bab1885c9702849e70cf728776b1a94c2a8fb8c7ca01b6111ef6f2032a290949bfe473fe215273b8b5b3ad540f187490f63077dccbca6f62f0a7a66717c596cdef412f2560b10685ede967b3ee68b8c951959aeb1d7564c3b9d806b2ce858381393a79916b78f7e90beadae30ffc0b2b614380f1c2cc551a44565209db3516be379ef566ab00c673fd8aaeeecdcf1168c1960e9a477b9e13757498a44ff089351d1f27abf9fd76816f924504647d1247715ca861ebe624172c322146d66eb2b247f8ecb3e1b5ddca89b287c57510cec40fcf89d802cf4368a861af320e01e34f7a6177d4bc549181b5e87ecdfe02f78c9a59a3bf91ebb6364023ec06410e7b4476ec4e3685bfa3bfe9ef9ecc12dcd899abe0f3c7f16b4686801c0c0a949aa26bed57df56f2bc54ef19af7fcbc7b0d691075f42a4a67acf980b568acb2342f42249f7c1ee3527c13182b096064ecd250887a942d26f637e1c4041b139659d2462a68680bb04387a3b399e396b9fe74de10356125fa47d0a20827370cbf36a79b6fffade91c439dd6cfff4bbe0dd3efefb61c491ee32f935d62307cba369ac8c20f6fe3d4857ce6d240ece5e4d149f0587155a8350fcc18efae2ff11cdbe15218a82499a1996df8b5462ee170b284321e76bbe5c3f4158387644d95f087c598e3d46fbe27f63fa784bda239512113424045a2c5dbc6bc3662ca730a86d13cf8f6fe2743224ca7b535caf6b4701a7dae9cfad3d7290104bbba15b6a064ae6e909a099f75fbe47c9e654d8e3b8dc0f3dbffe829e6c56f7a241e565136812a857f59ab565a9991c6b1d8abcc94c6b33bba314f6e5060e657e4647f969a551dd6c51dfca0ff5d9e4f401fedbc2c927eb1ed95ef25f4e5accba4999322ba1539499310dd5875433a22835cfd42fd77fd4680b7fe767d7aa5c33acde04a65bd3a663fcde4c80e9f2af498f13bf9abbaa1c1265edc691e94abdcc92270c05811cd2a8104eb18efbfec9e4ba9ae5cde211b9b93082ce034b6cd5fbe9cfbac4f7e2404ef159766124f73017cc3600f3c81cd78db25fc3459629eaf20dfdb062c7e502aa69412381d847a9d254d5befc451cda3606f0bc8ae62e0aee928f9ed0b21d705a8d31b899e16445ee064563d32f7b6bb5ad197023cf528d9b329ec67815c6ddf27d2a6ffa7328bb993407cde3d166159fd49fe469254b84c2916daea8df9d69bef019f1351b9bce193e30278835b82ea5f60dc0bdd7f7452b7a820ae7cd6dc29d7ac6a6c1b6411711a96338b1e769146b2a385d282bfaae61b041166efafab2d89a4567b9460cc22d752f8e9aacaaa0db7c84879f5359662d55df6570d4214740851c74574ced733807cbb54571110410892394c3dea07bd4154d0e5689d57c3360207dac951f96a358e9c466a5c5113f3a632e184f57f075edef4dcc9721b963beb95df09dedf848260cbc1ebfdc7408218eaba6d2c51928cd37c4c0c9f321fbb0994a56947cfd9643056db5dbea60a241f8f004c932bc8e645b2ec2eb9bc4e9e2f4156293234d05e70cb26b8a370b0206c756bda6defc11c5eb386640f535a4ffb714168defc6d82f40d8f5ba8768537ead5773c53bd779ca899a2dd31c9138569ff5107c2fb12b804375c3b3dc9b828bfd550328adf358f71e86a0c49fb119f5ef9e06c13855cbfc7d1a62ca2ea655ed912a6dc7bb8b18656e8923fc7a1702ab36947d79384d681c31923e98cf40209f776bc2b219a7ccd139e756a905aa351e6eaae90770c8a193f96cd5c66e4d77a357985556e14333716d80204a5c390e0d76f4081afe917f99ad8a0976b3342f51854b374b4baa9a7f22124d2b82749446e30d9795acb9c3c3a305a6d273ac528e8e9c95c37a78e765fdda55982c2961fbc85a14fc095a78b4654ee6dfc3298749a639ab9c8e155af3a77f8a420c35322f9cf8060550a140f774d77d732b3b4ca5bc41fa4488ce5957ce219b032ae1f585273748d81b19edcf3e6cb9a93ec24e41c6b3c472f9baf3ca46cb8b9a91df18acebe7d83bd4473750c4f26806da2f95b9ea48b342460af729ab15e9f033eda67feec645f985d4b9489cf6ceec1b100d007bf46c74be53c7ea17296f9c5b5cbae736491213c93b513009ebdecfcd60d46d7b86c6e3b5e288f2ba5867c07936e7bd1b00de52191eb8630ff82ccafb27a59295164751811bf74eff1e5e2abdf3c93bc5dc9814be83b2562477935e2fa30db7ebb6ec380170cf10c1f98f8c5eb71c730c2b31b55a1dd1c12a64802ab95b63c529e0a96cec8f38680221d6089926d8309796c79994d63b67bfb62f66b4a502f30ed12be41e896e88bc45a160a526fbd5f002e677322f116ec5740d7563cd23ee853c008b84998e38fdf158556e28a532573956e7c00f91f08ca245c295a3d5e003a99ea727f61d12893b435d4c8f2f5cce00c6a3091e2a47f290c07168975c53d7529b71d10faf42d2bac9db8d53669cf59c709c25e9e40b5feaed4c37dde8b84c4961c00712326fb6aaa06e80d766b40b72480f3971def61d1d129676df2478e778d899ed317426ec33e496d1fdd2ec27128f8faee92828e13da72d6aee8330a7988ea1cc8b64ec4d8b20990864c16c52c4be6d00b304b87d97bffdd9c66a740b517223089d9f3f414abedc53c768dab9220b980e6c18d5f20ba8994cc8886d7bdee213442f456d79fce1b1eb48fbf600a666c8ade24d118e6328251cf7b57a6285c650e019850f392b1c29aec5c8fc489a3819d60d5de377d4c11b8ee5625b7c02c5d50d2af3397006f2e2a41a06f039229eef5878ed91f9f6be7e988924dbaeb8455f616275e8698d93fb536e2c839b203aa69bceceddbf9c53f8addba53d50ca0f7a4729a42ac6eb757f1b408ad4a0147546173e62f7621eb18a9e1681510cceb48e0a30ab7a1bf71d56742d5f034f2d725e7ea68a011dbb100fa6eefe4ee093873de366d34f4240ca027a25c5b979c9ac47dd1dcb6ed82c4aee09dcc23cf329a8644f89b5cf00e5683934b1837574e9b39b31b1009f276e15aa040959fdf100838ca3f5ab17e45036668d06044e3a13f3a0a6f68579e50d5b0164f900d7bcfcde78396cf30f0b1dff76dc397ab1a5a44b207eb1eaaf73b945c575029ae2dce20724991e6550155ded6a42672609f2439c5aab4882b2ffaf7da787b71d05d15516bd68c6f1a9d79b675395845f24ee853f877e72c14b6c6702f7b8775ca1bfabbbcf4019f7bccf07f1c211531dfc66a7a1df79e92a20dd1cbe1b22e1209e7e3ecb9d3c2450fc22a57bfe09bd735f61c361cdac2488ae0adc7885edc0712655daaf535e1de96ccbe7869d531d8bf3db512fbd17c772332a3f8cf1e052ee0202eb99a36a0f8d7219888acbb57090cdaf3b28e1e62e8fc2ec237bdf18592a7afe4d8390dcb5e7fcc31bf4f797e6f5710070902265cc2e8c459b7da1451046abd6c8c5b02c0be2d2f505a65376266563ac7b59ef3b4e2570a6cb0bd94d46ad861317c743ce1de12bfa2295a98cdded4414d87a1580b1e4675bbdf73a22cac4a1d8d456d089e0b60cbfd16158f073bd1dac481db49fa5d8801d0fb0844b4afec1bab4e61fa0f381fa667880a1cd8163953be7b591cc9dfd7f91902370b783ae8a0f3c7cbefa7d229a37c00f523529e159b11d2e240629b64af2d11404773e991207a722c320221ce23baed7cbe40a440c5680814b122cfba9092fe03478f85adcbdeacb76d6cbf2491eafae98327b278e267821a0e1cd06ef90cb0328e246c19d8c63b9332291a89bc9f989effc675c79a870ac024756c6f5a7e32babd69625d61487ae7399490b70dd0fade7d70ad9b0757300a2dde77abaff4f63a0303853589d44efa968e10d36561f04408ad0cc227fc6b2f904cead189a0fcca9b2e6cbde5498652e0b3bc9d8b7921474403718feb5cc750dc70f5a9b1a0ae2c642015b6a1a8ab0572182b4e39e0c869cbdc60c9465f5d564d18ba2f5b3bc3e05a458744077430c5ea031ee02dd8f0a65d7dd8d90dd9b8717f77d202239a5778719423fb2aec7ca86eb07c39de65a34b988d65377a7473e9145f16d79593e96903330bbf3a8024fc15519d9baa0fae2018786f4b1846fca355ff0fccf65cccad1896309a5ccf2056dd542c929850cc91cd655962360fe316557ab3fb378328f77a07d9da24447d3fa2020b382ed2e808ec9529a01273434c64b0b7c35a06a019e4ab51cdc9c0f266ab25b6984338a0ba910d1060283b636c5d7e8a3f969c1ee1c99b54bba7ff3679fbeecbb70349f076480a867cc4ee4cacaea39c80f642533599486d2ffb77b8c9109a9d25fa0b06e58eca764f7d56469eb9547036bbea9d5c3d35b4c1fbc3d39a372c2b7ad184965cad3819c8928f1588d00949949c0c4c93d30ac7f6665247c0108bd89dff3aafe780ac66febfacc8c6a3cc387d09da6de700487a80e2c8d56df94d7ebd3e1d9e06411a6c5f7eb6da41c6f52997b5ad47ba985261103fdf12eb4a2828b248f652ef00b6abccab2eb161b878b9dbc0aa911405b6f67adda83c16187748d7b524ffe6381f489f432d592e6171bd9ccb2cd52f977143f57fbf2ab0b823d449ae55f02440972334344cda01837b93afa4f46a2fdefe27e92764cf9596780846de2e3b1ea83e62ee43b1c05aee675e25363504addfaa68e7c53ed685413f5ba951f120d0a646e474872c81e5a887464c19f8460ae814ffff24cb51dd2dca28d597ab2ea60949f8dbbe67f263e722fdb51bce4e328a19f5ff1218e1f63b8da6d40dbd5490964499b2522ea323310634893ead661407966207a66ab13adfcf1a725ed14339c46011c0e0401f2386b47cd9f902fdf84bc85e74d3ae7cc544e4d65670a554a537712c6ee9f75191631d2a4c4da06fc38423b1d5b828d7201235b2974164f52aa16bee70ee509250752f4fdd6b9f8d021943df8320682a6f80ff0d67ab7a4ceea807bd5b3b7b6380b0c7f0caa67b0208ba71317f0355a3b755af0e2c007186389438615df80b7b25104a733fc90625b62682198733c0f1625dfaa08cf81e3df043094b7b5a098b3b36f803b5b0f10a057bf814ae3579932c0a5f208985bab3d817f975283b8838ae5cb709be72b58df7425e059fdbf4e0ee51b3da01fe0b44963c1196baee5ec5909ad80d9d1660f3edd90374952a0bf8b3bece2c2f944593f4de7de5e05ded096b8f4f05d65dfc2e806f78220d84b3db564fb12f4e5e8f5eab316591f004e9374cce8e787263bc3827affe6793c130b8621d3bbb2a86fd87f070ea21718281ee7aec4bb3bb71af4bf5721cecd139c4be8c9df4ec8dfb09a5cf1d86a25d39faa9f064a997c214f334e4410917fc3b4d67ada8d87a38c0f86b02bf653dddaeb5b75b300f8bcfd792858bef8ab23e063421939c59212964c9ed5dd56e215db58cef53d31a966bb8ce4ed56287fecb3a85ba435e0b41b20ba1164b9c9f2c49fa0f7b17a89e0ec47eefe992d63ee29c8c0a1ece2664fee8edadd43636a54c48519b4fcf55b0d9103602b92441a5f85cf8c5e406d0f5815f8f37309934bd78fbc2acf0a03b051b4528db4f7c09de7d0aabafca3736b8259c818ca338ca6754e0747717c2794d664a1cacc1e9c52764a308e6df73d975638630b74cce6c49b1bac16454e96852c4f9d8ed118e86d2f1c8dc33bccd4a07be128db5e80f5684ddcc1158e744411acde590f902f0987cfb750bb5bfeed53bff076868986b566d7701f48ddfcacbd325c8d930bcef26713bf60585d5c991e2a6cc33ccbc27f7ddfba18f998497c2eb378cc8f2cc07a1b4f141c5e0fb6f52e18242e505bcf6dd20e33a469d056a0b4fd5e72d0da9d0bcce1e2f9e9dc7d1c7b6cb0f3604287eca", 0x2000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x90, 0x0, 0x0, {0x5, 0x2, 0xfffffffffffffffe, 0x8, 0x0, 0x0, {0x40, 0x3, 0x6, 0xffff, 0x1000, 0xfffffffffffffffc, 0x0, 0x0, 0x120, 0x2000, 0x0, 0x0, 0x0, 0x501, 0x4}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
write$FUSE_INIT(r0, &(0x7f0000000440)={0x50, 0x0, r1, {0x7, 0x29, 0x2, 0x14c0348, 0x40, 0x1, 0xfffffff1, 0x0, 0x0, 0x0, 0x80, 0x7fffffff}}, 0x50)
r3 = openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0)
ioctl$TCSETSF2(r3, 0x402c542d, &(0x7f0000000080)={0x4ae, 0x1, 0x10000009, 0xfffffffe, 0x4, "c5da8205ed8c029f78a9030057cd38d3e06635", 0x2, 0x200})
mbind(&(0x7f00000a2000/0x4000)=nil, 0x4000, 0x4002, &(0x7f0000000200)=0x2000000000000008, 0x5, 0x3)
syz_clone3(&(0x7f0000000080)={0x2001080, 0x0, 0x0, 0x0, {0x25}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r4 = syz_io_uring_setup(0x1e1e, &(0x7f0000000200)={0x0, 0x9e3a, 0x10100, 0x80000, 0x1bd}, &(0x7f0000002000)=<r5=>0x0, &(0x7f0000000000)=<r6=>0x0)
r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f0000000040)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0xc, 0x0, 0x0, 0x0, 0x12345, 0x0, 0x0, 0x1, {0x0, r7}})
io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f0000000580)=[{&(0x7f0000000180)=""/113, 0x71}], 0x1)
syz_clone(0x80040000, 0x0, 0x0, 0x0, 0x0, 0x0)

17.211204586s ago: executing program 3 (id=2449):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeeb, 0x8031, 0xffffffffffffffff, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0)
r1 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x540)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r1, 0xc01864c6, &(0x7f0000000040)={0x0})
ioctl$DRM_IOCTL_MODE_LIST_LESSEES(r1, 0xc01064c7, &(0x7f0000000080)={0x28, 0x0, 0x0})
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x10003, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, &(0x7f0000000280)={0x7})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, 0x0}], 0x1, 0xe, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000500)="b8010000000f01c10f22a10f20e035800000000f22e066ba610066b80a0066ef66b832000f00d0b8010000000f01c166ba4300b0beee0f793c1e2e643e2e3e650f79288fc878c15b0e3f", 0x4a}], 0x1, 0x21, 0x0, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
r4 = syz_open_dev$loop(&(0x7f0000000080), 0x40000047ffffe, 0x1a2c42)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r6 = socket(0xa, 0x5, 0x0)
ioctl$BLKFINISHZONE(r4, 0x40101288, &(0x7f0000000040)={0x2, 0x5})
connect$inet(r6, &(0x7f0000000080)={0x2, 0x4e20, @rand_addr=0x64010100}, 0x10)
ioctl$BLKDISCARDZEROES(r4, 0x127c, &(0x7f0000000000))
ptrace(0x10, r5)
ptrace$PTRACE_SECCOMP_GET_METADATA(0x420d, r5, 0x10, &(0x7f0000000100)={0x1})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.numa_stat\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f0000000500)={'#! ', './file2'}, 0xb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x28011, r7, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r7, 0x0, &(0x7f0000000180))
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NBD_CMD_STATUS(r8, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x1c, r9, 0x1, 0x70bd26, 0x25dfdbfc, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x60046000)
syz_genetlink_get_family_id$nfc(&(0x7f00000001c0), r8)

16.861247341s ago: executing program 3 (id=2451):
prlimit64(0x0, 0xe, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mlockall(0x7)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x1, 0x1ff, 0x0, 0x8009}, 0x10)
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000000200000002000008000400010000ff", 0x24)

16.831432709s ago: executing program 33 (id=2451):
prlimit64(0x0, 0xe, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
mlockall(0x7)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0x1, 0x1ff, 0x0, 0x8009}, 0x10)
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904001f000000000200000002000008000400010000ff", 0x24)

2.689824402s ago: executing program 2 (id=2669):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0)
r2 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$FUSE_NOTIFY_DELETE(r2, &(0x7f0000001fc0)=ANY=[@ANYBLOB='E\x00\x00\x00\b'], 0x45)
getsockname$packet(r1, &(0x7f0000000600)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000040)={0xf0f007, 0x9})
write$binfmt_misc(r4, &(0x7f0000000000)="a5ce", 0xfed0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000100)=r4, 0x4)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)=ANY=[@ANYBLOB="3c0000001000850600000000ff6122314a000800", @ANYRES32=r3, @ANYBLOB="f5ff0f00252155b21c0012000c000100626f6e64000000000c0002000800010001"], 0x3c}}, 0x40000)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000005c0)=ANY=[@ANYBLOB="8c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000005000128009000100766c616e000000004000028006000100fe0f000004000480280003800c000100400000000600000082370c4ad9d73df1ff6ad058724338000c000100ff0400003f8c0000d8fd010006000000", @ANYRES32, @ANYBLOB="08000500", @ANYRES16=r3], 0x8c}, 0x1, 0xba01, 0x0, 0x4004001}, 0x80)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x700, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1006}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x440b0)

2.480865765s ago: executing program 2 (id=2672):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000680)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4800000010000104000000000007000000000000", @ANYRES32=r2, @ANYBLOB="3f00000006020400280012800b0036036272696467650000180002800c002e0003000000030000000500070008"], 0x48}, 0x1, 0x0, 0x0, 0x404c808}, 0x0)

2.418970929s ago: executing program 2 (id=2673):
ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, &(0x7f0000000280)=""/162)
r0 = socket(0x2, 0x2, 0x1)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, 0x0, 0x0)
r2 = accept(r1, 0x0, 0x0)
sendmmsg$alg(r2, 0x0, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x40001, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
sendmsg$NL80211_CMD_STOP_NAN(r0, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x20, 0x0, 0x8, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x6, 0x73}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x45)
ioctl$TCFLSH(r4, 0x400455c8, 0x200000008)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000040)=0x8)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a70000000060a0b04000000000000000002000000440004802c0001800b0001006e756d67656e00001c000280080002400000000208000340000000000800014000000015140001800b00010072656a6563740000040002800900010073797a30000000000900020073797a32"], 0x98}}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000800), r5)
sendmsg$NLBL_MGMT_C_LISTALL(r5, &(0x7f0000000a40)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000980)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="819b08fafffffadbdf2503000000"], 0x14}, 0x1, 0x0, 0x0, 0x894}, 0x800)
syz_clone(0xa0200011, 0x0, 0xfffffeb9, 0x0, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="22000000040000001000000012"], 0x48)
socket$kcm(0x2, 0x5, 0x106)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$PIO_UNIMAP(r4, 0x4b67, &(0x7f0000000180)={0xa, &(0x7f0000000080)=[{0xff65, 0xff27}, {0xb}, {0xe}, {0x9, 0x1}, {0x0, 0x800}, {0x4, 0x2}, {0x5, 0x8}, {0x8, 0xa874}, {0x4, 0x9}, {0xf08}]})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000008c0)={'bridge_slave_1\x00', <r9=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="300000001d00010029bd7000fedbdf2507000000", @ANYRES32=r9, @ANYBLOB="80007e0a0a000200aaaaaaaaaaeeffff05000500"], 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x4040000)
r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000100)={0x1b, 0x0, 0x0, 0x1, 0x0, r7, 0x2, '\x00', 0x0, r3}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000ee06000000000008000800000018110000bd3c50dfe0d811704a7fd51410cccfd90a04c350f2b6cef43262b1acfbaef461c7d323563a348d5fde058b7d00d74cce8c281d2ff713f8a42b62ddfe5267078d40329603a33943ca7d7555e5f6b94b865039da174d8240d4b28e07c031aa9af0767100"/132, @ANYRES32=r10, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)

1.766492316s ago: executing program 2 (id=2680):
set_mempolicy(0x4000, &(0x7f0000000080)=0x8000, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x1a1) (async)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bsg/2:0:0:0\x00', 0x40, 0x0)
ioctl$SG_SET_DEBUG(r0, 0x227e, &(0x7f00000001c0)=0x1)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080)='mqueue\x00', 0x200011, 0x0) (async)
faccessat2(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x3, 0x300) (async)
r1 = socket$netlink(0x10, 0x3, 0x8000000004)
writev(r1, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001500add427323b472545b4560a117fff0b0082001b5980000efffeffe809000000ff0000f03ac7100003ffffffffffffffffffffff62fa86b3c67992f7d4f78c24f9", 0x46}, {&(0x7f00000000c0)="abd9", 0x2}, {&(0x7f0000000180)="3346252f5a393a2808d91260734f8244", 0x10}], 0x3) (async)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00')
r3 = socket$inet6(0xa, 0x1, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x89b0, &(0x7f0000000100)={'vlan0\x00', &(0x7f0000000080)=@ethtool_cmd={0x0, 0x3, 0x0, 0xfff6, 0x0, 0x0, 0x2, 0x9b, 0x4, 0x5, 0x4, 0x0, 0xfff9, 0x6, 0x44, 0x0, [0x0, 0x58f0]}})
pread64(r2, &(0x7f0000001c00)=""/4108, 0x100c, 0x3)

1.509246019s ago: executing program 2 (id=2686):
unshare(0x64040400)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000000000001900000000000000950000000000000a"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
r1 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r0, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000002a80)=ANY=[@ANYBLOB="140100002300010000000000fcdbdf250101f2800f0018007d3a2e9c5bc85c23277d000014000200fc02000000000000000000000000000050bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46ae449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f009264337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc3580400e900000000"], 0x114}], 0x1, 0x0, 0x0, 0x48000}, 0x0)
r3 = socket(0x40000000015, 0x5, 0x0)
r4 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaef2, 0x1000, 0x2, 0xbfcffffc}, &(0x7f0000000000)=<r5=>0x0, &(0x7f0000000280)=<r6=>0x0)
getgroups(0x27, &(0x7f0000002540))
timer_create(0x0, &(0x7f0000000000)={0x0, 0x21}, &(0x7f0000000040))
r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x8000, 0x0)
ioctl$TUNSETIFF(r7, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r8 = socket(0x400000000010, 0x3, 0x0)
r9 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
sendmsg$nl_route_sched(r8, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r10, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r8, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=@newtfilter={0x44, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r10, {0x0, 0xffe0}, {}, {0x7, 0xf}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_BOS={0x5, 0x44, 0x8}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4811}, 0x2008c014)
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
futex(&(0x7f0000002980)=0x2, 0x80, 0x2, &(0x7f00000029c0)={0x0, 0x989680}, 0x0, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xffffbffc, 0x0, 0x4)
getsockopt$PNPIPE_IFINDEX(r3, 0x113, 0x2, &(0x7f00000001c0)=<r11=>0x0, &(0x7f0000000340)=0x4)
ioctl$sock_inet6_SIOCSIFDSTADDR(r3, 0x8918, &(0x7f0000000380)={@empty, 0x3f, r11})
r12 = io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0)
syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x0, 0x0, r3, 0x0, 0x0, 0x0, 0x2000, 0x0, {0x2, r12}})
r13 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_TUNNEL_GET(r13, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="7c0000004f8d9c7ae8e3c35c4d83276e500005394c5560fbe2d7cf6df6c7bc1a511f274b230edbc7a5d1dda5987bca7edb279faec9b972aabde726eefce0dbc3222720b7832974060e", @ANYRES16=0x0, @ANYBLOB="04002dbd7000ffdbdf250400000006001a004e20000008001800ac1414bb050005000000000006001a004e23000008000a000400000014002000fc01000000000000000000000000000108001900ac141427140008007665746830000000000000000000000008000b00000000000500050001000000"], 0x7c}, 0x1, 0x0, 0x0, 0x50}, 0x24000000)
bpf$LINK_DETACH(0x22, &(0x7f0000000100)=r1, 0x4)

1.450706483s ago: executing program 4 (id=2688):
ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, &(0x7f0000000280)=""/162)
r0 = socket(0x2, 0x2, 0x1)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, 0x0, 0x0)
r2 = accept(r1, 0x0, 0x0)
sendmmsg$alg(r2, 0x0, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x40001, 0x0)
ioctl$TIOCSETD(r4, 0x5423, &(0x7f00000000c0)=0xf)
sendmsg$NL80211_CMD_STOP_NAN(r0, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x20, 0x0, 0x8, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x6, 0x73}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x45)
ioctl$TCFLSH(r4, 0x400455c8, 0x200000008)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000040)=0x8)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a70000000060a0b04000000000000000002000000440004802c0001800b0001006e756d67656e00001c000280080002400000000208000340000000000800014000000015140001800b00010072656a6563740000040002800900010073797a30000000000900020073797a32"], 0x98}}, 0x0)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000800), r5)
sendmsg$NLBL_MGMT_C_LISTALL(r5, &(0x7f0000000a40)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000980)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="819b08fafffffadbdf2503000000"], 0x14}, 0x1, 0x0, 0x0, 0x894}, 0x800)
syz_clone(0xa0200011, 0x0, 0xfffffeb9, 0x0, 0x0, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="22000000040000001000000012"], 0x48)
socket$kcm(0x2, 0x5, 0x106)
r8 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$PIO_UNIMAP(r4, 0x4b67, &(0x7f0000000180)={0xa, &(0x7f0000000080)=[{0xff65, 0xff27}, {0xb}, {0xe}, {0x9, 0x1}, {0x0, 0x800}, {0x4, 0x2}, {0x5, 0x8}, {0x8, 0xa874}, {0x4, 0x9}, {0xf08}]})
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f00000008c0)={'bridge_slave_1\x00', <r9=>0x0})
sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="300000001d00010029bd7000fedbdf2507000000", @ANYRES32=r9, @ANYBLOB="80007e0a0a000200aaaaaaaaaaeeffff05000500"], 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x4040000)
r10 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000100)={0x1b, 0x0, 0x0, 0x1, 0x0, r7, 0x2, '\x00', 0x0, r3}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000ee06000000000008000800000018110000bd3c50dfe0d811704a7fd51410cccfd90a04c350f2b6cef43262b1acfbaef461c7d323563a348d5fde058b7d00d74cce8c281d2ff713f8a42b62ddfe5267078d40329603a33943ca7d7555e5f6b94b865039da174d8240d4b28e07c031aa9af0767100"/132, @ANYRES32=r10, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)

1.190872264s ago: executing program 2 (id=2694):
r0 = syz_open_dev$evdev(0x0, 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$lan78xx(0x2, 0x3f, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0x424, 0x7850, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0)
ioctl$EVIOCRMFF(r0, 0x4004550e, 0x0)

818.20538ms ago: executing program 4 (id=2696):
r0 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x40000)
ioctl$SG_IO(r0, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffffffffffb, 0x10, 0x0, @buffer={0x0, 0x0, 0x0}, &(0x7f0000000040)="8f7d0a01007d79710600060000000000", 0x0, 0x10, 0x1001a, 0x0, 0x0})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_POLICER_SET(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x54, r2, 0x1, 0x0, 0x0, {0x1d}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}, {0xc}, {0xc}}]}, 0x54}}, 0x0)

740.403788ms ago: executing program 1 (id=2698):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000840)='./bus\x00', 0x0)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x6, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="18020000f9ffffff0000000000000000850000002c00000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x20}, 0x94)
r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000080)=ANY=[@ANYBLOB="9feb010018000000000000001c0000001c00000003000000010000000000000e0200000000000000000000000000000504000000002e"], 0x0, 0x37}, 0x20)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xa, 0x4, 0x3, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r2, 0x2, 0x1}, 0x50)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000340)={r1, r3, 0x25, 0x0, @val=@iter={0x0}}, 0x20)
syz_emit_ethernet(0xfdef, &(0x7f0000000180)=ANY=[], 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@uuid_null}, {@redirect_dir_follow}]})
chdir(&(0x7f00000003c0)='./bus\x00')
lsetxattr$security_ima(&(0x7f0000000180)='./file1\x00', &(0x7f00000001c0), 0x0, 0x0, 0x2)
open(&(0x7f0000000100)='./file1\x00', 0x14927e, 0xe0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0cb00714"], 0xf)

682.915165ms ago: executing program 1 (id=2699):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c0000001000010400000000000000fffe000000", @ANYRES32=0x0, @ANYBLOB="5d580000000000001c001a8018000a801400070000000000000000000000000000000001140003006970766c616e310000000000000000001c00790727c35df39725766c"], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x0)

630.742226ms ago: executing program 1 (id=2700):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x200a})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0)

630.507832ms ago: executing program 4 (id=2701):
r0 = socket(0x400000000010, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r1, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0xdd008d5803396e68}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000007c0)=@newtfilter={0x3c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r1, {0xb, 0xd}, {}, {0x7, 0xffe0}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8035}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
ioctl$KVM_CAP_X86_APIC_BUS_CYCLES_NS(r4, 0x4068aea3, &(0x7f0000000040)={0xed, 0x0, 0x3ba})
r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000080)=0x2)
ioctl$TIOCSTI(r6, 0x5412, &(0x7f00000001c0)=0x3)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000200)=0xc)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=ANY=[@ANYBLOB="8d19c2fc43bcae9a00783b90eb8a1b74d3ecb2b76753893c277669a167842a705cb289b2242fca12cf13c2992beaa4ca478f24a43b9afcfbc404ccdcf6db8a6f5768f6d7e4b134e3000000002ae00cbacf63f145c166f6ec05e3d67dc1988205c3381ade90a193692a13a8536691d96e35549194b51ffcadd9dc6c3db86cb38f8877cba5dfc3bf6acb33c07b64f4a91755a0946cabce49f2b2fc4d744a0e84700000000000000000000000000000875e0491d2d62bc2fc9b711697210723a29604dabe740974", @ANYRES16=r5, @ANYBLOB="310428bd7000ffffffff1600000018000180140002006e657464657673696d3000000000600005000200000000000500040001000000050003"], 0x44}}, 0x0)

629.883936ms ago: executing program 1 (id=2702):
unshare(0x62040200)
unshare(0x12010000)
unshare(0xe000900)
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$IPT_SO_GET_ENTRIES(r0, 0x0, 0x41, &(0x7f00000002c0)=ANY=[@ANYBLOB="6d616e676c65000000000000000000000000000000000000000000000000000094000000731610cc3c0ab488b5ea0728a1fa4bbc6fa8499f617fb2bc3549971fd981c195d1f7d5004956e47d0b690cb77a3b1a0e5a99a86fac346eb4e431b5b2e08a72d77ee32df977282be5d9e0b2059b3120c12245131e7906e0b07ef4972f0a7753f768c2b8a15276e5ef939fcb32edd64e0db385fe51d4ceb3e9b167c218775d9a3ae7f95037b63b1d3a7e47167850c30af98060daae"], &(0x7f0000000080)=0xb8)
unshare(0x2a000400)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="170000001400030400000000000000542d"], 0x44}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$rxrpc(0x21, 0x2, 0x2)
setsockopt$RXRPC_SECURITY_KEY(r3, 0x110, 0x1, &(0x7f0000000000)='\'!]\\\x00', 0x5)
r4 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_GET(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x14, r4, 0x701, 0x0, 0x0, {0x45}}, 0x14}}, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f0000000200)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
r6 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r5, 0x0, 0x2d, 0x0, @val=@netfilter={0x2, 0x4, 0x600, 0x1}}, 0x20)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
bpf$LINK_DETACH(0x22, &(0x7f0000000100)=r6, 0x4)

510.167767ms ago: executing program 1 (id=2703):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="5d58fffffffe00001c001a8018000a801400070000000000000000000000000000000001140003006970766c616e310000000000000000001c00790727c35df39725766c616e00000c0002800600010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x0)

509.95822ms ago: executing program 4 (id=2704):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)=@newtaction={0x64, 0x30, 0x9e54f29ff072a93b, 0x0, 0x25dfdbfc, {}, [{0x50, 0x1, [@m_csum={0x4c, 0x1, 0x0, 0x0, {{0x9}, {0x20, 0x2, 0x0, 0x1, [@TCA_CSUM_PARMS={0x1c, 0x1, {{0x4}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x44)
r1 = syz_open_dev$video4linux(&(0x7f0000000000), 0xfff, 0x402)
ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r1, 0xc040564a, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1})

509.732294ms ago: executing program 1 (id=2705):
ioctl$EVIOCGBITSW(0xffffffffffffffff, 0x80404525, &(0x7f0000000280)=""/162)
r0 = socket(0x2, 0x2, 0x1)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, 0x0, 0x0)
r2 = accept(r1, 0x0, 0x0)
sendmmsg$alg(r2, 0x0, 0x0, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x40001, 0x0)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r2)
sendmsg$NL80211_CMD_STOP_NAN(r0, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x20, r5, 0x8, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x6, 0x73}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x45)
ioctl$TCFLSH(r4, 0x400455c8, 0x200000008)
ioctl$TIOCSTI(r4, 0x5412, &(0x7f0000000040)=0x8)
sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000980)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a70000000060a0b04000000000000000002000000440004802c0001800b0001006e756d67656e00001c000280080002400000000208000340000000000800014000000015140001800b00010072656a6563740000040002800900010073797a30000000000900020073797a32"], 0x98}}, 0x0)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000800), r6)
sendmsg$NLBL_MGMT_C_LISTALL(r6, &(0x7f0000000a40)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000980)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="819b08fafffffadbdf2503000000"], 0x14}, 0x1, 0x0, 0x0, 0x894}, 0x800)
syz_clone(0xa0200011, 0x0, 0xfffffeb9, 0x0, 0x0, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="22000000040000001000000012"], 0x48)
socket$kcm(0x2, 0x5, 0x106)
r9 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$PIO_UNIMAP(r4, 0x4b67, &(0x7f0000000180)={0xa, &(0x7f0000000080)=[{0xff65, 0xff27}, {0xb}, {0xe}, {0x9, 0x1}, {0x0, 0x800}, {0x4, 0x2}, {0x5, 0x8}, {0x8, 0xa874}, {0x4, 0x9}, {0xf08}]})
ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000008c0)={'bridge_slave_1\x00', <r10=>0x0})
sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="300000001d00010029bd7000fedbdf2507000000", @ANYRES32=r10, @ANYBLOB="80007e0a0a000200aaaaaaaaaaeeffff05000500"], 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x4040000)
r11 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000100)={0x1b, 0x0, 0x0, 0x1, 0x0, r8, 0x2, '\x00', 0x0, r3}, 0x50)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x18, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000ee06000000000008000800000018110000bd3c50dfe0d811704a7fd51410cccfd90a04c350f2b6cef43262b1acfbaef461c7d323563a348d5fde058b7d00d74cce8c281d2ff713f8a42b62ddfe5267078d40329603a33943ca7d7555e5f6b94b865039da174d8240d4b28e07c031aa9af0767100"/132, @ANYRES32=r11, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b7000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)

450.784418ms ago: executing program 4 (id=2706):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20008050) (async)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0)
ioctl$VIDIOC_G_FMT(r0, 0xc0205648, &(0x7f0000000040)={0xf010000, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}}) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0) (async)
r2 = socket(0xb, 0x2, 0xfffffffe)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, &(0x7f0000000340)={0x1, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0x6}}, {{0xa, 0xfffe, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x3}}}, 0x108) (async)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2e, 0x0, 0x0) (async)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="4800000010000108fdffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="000000000000000008001b000000000010001a800c000a800500080001000000080004006d"], 0x48}}, 0x0)

380.655153ms ago: executing program 4 (id=2707):
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000002140)={0xffffffffffffffff, 0x0, 0x1000, 0x1000, &(0x7f0000000000)="99f4232c2546cc7cd4c657e6df441bb30ffcb2134f4e3d8baeec8049fdd3bd6c249a052f7370b03f41bbf432c4b05ada7f0911e88d0347397ea56c423b7be1c3e7836d4cc810e1d54e6dadd408bdf53ad997a6f18c94f9b0f16faf80843f558e0e867d16058f7814a544a4d55885bdc5d69a2a8e5679130b70aea931fe09b09824b11d5581c4147b2ced27956e485f33a0fd993a19d58d37c0d8caf8bef003abb00dd92a9218c5dcf9d86b8b48d1c5bd511841ba471fcfe0e3be47d58ff6a673a5cea992c7aa79b992288fc778288853e3f3444989a90844a6985652f6c328c99bc11a25ead88de1ca2fa72c7c73496c089d937ed79f49aadb78dfaae294de378fc505cc218ee0d6df42235e8a4dd43f487eaa52831728a7968c5ca95b434bdbd6f4a2f425c0aa838d01a57c456ed43479d8d3c6ee0017655038377fb5550070dd34a70cf156dd30173e8645361603244a3f5b729120db084e87fb23141c4b99c9482137dc907d69fa36b60dd25f9b18efa71a2a3c867e185a909aa2e182fa76df5fa535fdcec062ad1a342ab3729d1c07def5cfc8de62b59d9af7f26a747bc500fe90e98431899e91e2def30e16d58ed580f6f742fccbed0fdb173aebe0a844451628267ae857d110eb888ed75e0d38acc9d256f6661bd4b34dc37489f9dfbde853347ca1d50fe6eab1e516587177c10cbd9c7139922bbedb9ad123595aa55d90be61587df60fe0057e5a639dac89439a7dc11ff441938cd284aaa41dfea4d367dfa4f68e30114b5e003b0e599d34702b50afe44f461b8a0b33dde34dbdc6d5f78daa931014b11038711e24f9d3073a2c69eeb10c74172b754937925613db9d196e6c81b85e9db0cfa56dda682fd05b967c5c70851a1c2c567b7fb3e18fcbbfb3f5d68d9bedc6bfd34fc35f533b5c7a7ff148323945083f081a5c6fa69435849f752abedfaab4b0224a6fffaf60ae555ca6f01d7d7ee17b0d4163633364a4e4155397fc86ba117132b4b16fbfa8a57edf70a47ea08ef4c780b91d879888f732e9c91e541a0ae248c1dbe331bce92d7fbb828e4e512e0dd0bfb4aaa3075c1d27cee6e72f89ff6e249746251af41e17f676d279a8784cd6f29e4c53ea5944202f12441089ca6dfb26b4624b23cca65288c6ab282d9f9674b8e3b45332d18167d032467599bcdd27e5b9b35f59579629cf738a0c82325abf8c89171b01b8d70b970031360f3fec4bf66e98a7c1df2a52231bc3c0f099e005333d2b4fc91db30ba65038708130309ea92dfcf7c422b6c4459786bbc58eb25316f80bce79b553ab39af26fe398817761f7d8e5f9386aab980c4fbe7bcdebbb202381e6e841cfbfa789d7ddecdaefbe7dcb1c34f35c2ce7d948c2f7ed38205d36c01cc5692f2ba1e85de84a5a24d60f0a2e2b5e4d0f935a4ff10df99e7327cc07fe3b9ce4da538ae2d7e4c6b137fdacc9fb29ea8b9b9ddebf3a8c5dd292b54ed7d00ae8111fa9c635c0d9ef8f391d01ee6dd27db2b49667dcdf8e49a06f0e542af7377d6d51dab643adcfb27c903af7d5f69c8cbaba34843738dcfb7af2ce79c03808bd6b9b3fcf4b98ed4e38978413bc40be47ab8ad421ba514c2512a50d3781e7b193cc5c083feb902c0b94f20ab2b6334783aa866522336f6001dc0c74bbaaadd0bdf4482e98cbbd2421accda3fc38b87162fc84cbc8ed8a39dd70aae9f42eb69b521b5a66147d2ee307ca01b7b6c82a8a5f8d6b4ec5790f4f9ee64e8ca273e57317730c58e8e308963bd19c149c5a7bbc42ca9ce4e349e7726b6dfe855a0f8bd3f248b642fba43743b9d7991e62de2ca53b87dae538d0bd46e6ae9916055dae01501dc1d5ec200463fc164e43cc61f32b21e41b9a01b42cdb11c988185979ea0fbaf73b3409967961738b511d22e048a57a993be4a2b1fbc6a4979f8107f3d14146bd308c170115975fe41ae9b0c3349a5a5cbd8caf36a8c077c5bd64f34da115eced3fcce712dea254b1b984cf92d80c63d086b120cc5652bed59e695630f1887ab0b2ace22567c6c9ad99def31735d3d6437dbabb8ff46dfc54c2699cc4ca2a217e8a058538f0ad9ac17f7fa96b183117700e0f8856396ae21168020afa9adf86e1689bf93a7c9647b1e948674553a4ff69ae789d326b745294ccb145fbeb28a3de1fd7a88e3c575603ef65e751d871cd2ab351daf7e3e5cf87c3544e9650138d7d579a9cb2b89b23c18e5783c079e304bc4ab9af24e30c4134469b7a8c7ec884410fbd826fac673546af972287a5484cba8a9573faa4630fe6b31d25111bd59a54ecc6c77a96c287dc853c5af32dbbdcd25b0f3b418d6379f2a969b190de2cab6a0673b27000984fb0e2bf4351201ec89173a7a9b6a11842c3b01dafb6da5579c5ab4d04ce8c18cf5f00963f5cdd7e3334f546d42af25341bc6c139f2b1ff33f61833d06546d329693e8e615ed8301d5bc52abbfe68515b04fdea6f1812cabfd63784dfb287234ffe41c1ac84e322e7a0d568adf689a7e624436a4e3051601a9478837345a669d111038c8e9fe7d4e2528a9d8b522b809c800fde3949dfd2a8d2790c7df09eafbbfc14f8a2c6920bfa0e8bc1d03ac025771724e20cb793381661105239cb7bb2eeddd48d2f5e648c1832135f30779d217c523cbf9a6be5b9780f30d8639bb4e6e4a990525fb41b6476d653a259774c18d6120e28a99f9048dc99ea8373f4fa58989b84665cba4bbf010b7040837df5b2251d7c94c393d60db1603d57d4e132814a3a3e0d2fdf86c44eea5aa5e0f009520a06ed0189a00ae143b63b10c47f9c252375c961ce6d3b57a5ffcfe3273af14e50853f8dc33c7036fff158939be8e88d9c779c49e49d99d808c8424990a517b211a9e4d725bb9c6acdf3cba48a0372f541c0c2329bc28e8ec55170233b728b852e1e389d59db428aeccaf2e3f11a5c052db4770975eacdf049a9b37291e0864dd0d17d34a74c748a7a10974b54770325a096abaa5661f1e32eb0489a256082c0db3aa9e8eded11eecaf9308de7143c1381bb489a35b7f2028c23454e88e2d911de61dfd43cc4b6533c4b4ffd6e8501fe54eef78765b03ec193a0448575c224bf6bdc053b0f23a6d404120749667d4468068f16efbc3de75ad95a0994977e286280b66b105f419ddf699db6c71d8a5c31d0d359b2b1bb7cc7ae68672fc4dd56d3c54d0b647adc50060e45660a0b284376495fb134c3d53e5dc0162cd22f06fa6dbad77877445142f075627c13957866a4a801b348cdf292809d1d4739e73a29a6110882fc254dc1c285de8540898246b4ee6cad9afc310b60e6b2f5aee1596bb8092a9ee72287b58cc7812d93241904d64b129329b98a6e5c2b50794541de1fea4ae400fadba8c20b77a633bbdfcbc953d2dfc73888d4c2f4415597bbdf1395d993919a82e4148a9bd50530c33e2691950ef35a819acfd0b062c80c1f372eaa781578d0033ef9e95422a4f37e50f174129d4069349a74b0bf06177137c0049ec1bb434fb05aa2f7606a0a326d2f4c640c0c1009cac57aa513b5bd3f103f69a23244dffc03524204586099ecda23bf36ee6f49b4671fc59c51127f86ea8800db6993c6f375c799e2efbdfe6e00b3618745a7f8e5a857cb1691dbcf075d039ecb71aa95033ce9d7d4d637d92d0cb983604d1bda6a516961a467c155c1ac7b7ad0973a2efa70d66c680a513e469196cae7082fa6748384bb60bd5409cabd393bcc157f2feab9e456f53c4ff7f50448b4d461aa0c179cbc6937875de7ca6f2e6a51f7720a7d2113cb5eaebf333889d63c19c28d0a9a106cb105d4448978c2a4c57362678b2802cd0f5a4ac1f91361973a534b0ec123276530dc18056a3e18ded3b2504d46295721ac627ab937a4594cfd17207c03de85684da58384b058ba50095d436eece4458f7bcee25f05baad964067f7213b6761b4910397f9a51e629c487fa1cb7485c48bc699a06319c8ec68cd69e1f9aab5b0b3aff4bc49c792067edbc407fb130844e9f4aa802f919724e75fd09c440348b4f7659e833e9e08f2ea0f57259b273fe42db967b3ac285fcdd4bff019f6eb62bd4514c929217d1175979137a1e0a81eb9d5c7abd620d11d5f369fdf74173277b7ac77d6925a9731dc3f725be5692d083cea7e2cbd65e22853f1741f40641fa47a521e2b4461b4e219e242f422ed2cf1bc98223dcc55721c9cdba89bbe75fab5e18d3c6b859b3a3f553fb6259d300fbcffd0273c53bf39261ee4a7278430157eb12be3a0a3cf50f2836ce1d6aab11785c29af3e97a89b47397e1e19e6b36c96d7f155f2b30aa6c25f2dc41b97d70f23fa55a9de5253bec236f53115b1ce235a81f383b85a0b8d55189f0078e2425495b0f52aa0f5ec67c35c252e3e8d11804decdbf8f07603e6fa2d78d8992147b40079bf6fbbeff1c2b792bb220fec76e508e5faaca0b7a323312e8cdaf2984dfe9602a57280387278f7ec5d71ed6df9ac5507584eb5986a5282e20fe021189091a6f608f804d0d6b87a4ea609fbf77c0d37e729e8fe5ed12278ea3cec10c5a6e5f8f7be6ba297d83a74579e3ca4a24c961af7577f8e092d6203055d8a8bd1bee5fb49a378279bb7d903f880a1417d0a947ac786907af993b89a95489359f998eae36927d8a925fd707d9c8c085a363b54c27f2739fc82e030177185d544406f75ecb3b8f6faaec2abecdbc2d2f8cc73f941aa5d637b6eb907a0501420662a8630b8ccacc9bb53ed75c2e9d8608270b2803cfc45df72d930f1f3685ccaf2657bdfc4a6d488d716665f91d3817f581b44fe3a2bb2cf993b7a53b8d167331c2ca3bf4141925446a6f94fb1f7bb63791222e949913d94be44d4fba96fca19c26d2f2a20a39692e6c88183d4c1680ce9e558d52ce66c52e038cac747a8efab8c55a9effb8ac2c0642921572f46362bedb0245d11cd58fb0e34afb951ddd0a1b6c2acce71b843d23ce0064f37f67f5b81cd54e661760120e15d352ae6d7efa65f981fdb28496f795c4147b63dd9ac9a87604b9332889b1a8cff414b921bc0bb4a8908fa608bf15b16b1ea0209e52c0f813b900ac405878faf4462769140d7352cdbdd7fb93eacc128a7524b798e9a9698a92bee2bdb7ae6d3f848fcae09a7e5cb2d922aec569b74672b64883b617676b1b5d202b7c5fcd74be1cd28bebf979d073f1a68f88fc58121fcfa4c8aae127ce4ea4ffe4144d54aae52344e5841082445bb66c89a4ecbee8aaaac9847de8df8a6d3ed7d070c9c8708eaaf7ba14da9f13e21a9694edc562842e20b826a02daef97f34aa2d5e6376378074c6285ac1138b43baeba6fb74fe93380bda795af4fce1fb06f01c5c9f7096aa742893137d69064226efbdc6a6e0601c815bf698cd1ebadcb9557c242225dd82d63b0a06ab5cd502e56349ae0f43da26539b5a32058755d971f23f1c80b8f544413ed17677fa7e130219b44778dbf2b571d666f21e218b2277048374fdf17bacc6fecd0c211f48031940f4743a4241cd168c6993a02022c067254aa03908807476b8bf9b146cab7112bbeb670bce7761e9daa04718290698b385c0345f330ffdaf49aacaede88977b1af8baee0e80ae9bc7f72830b18aa4f83ba3b4e01e3eb7cb9ca000a499806e12b3b213eb9573ad7f4a314f32cd021c732fd384f19bef63cd35b463c145e70c3ba28bf4684a7e1a7146fe6a311f9a5ae724f85bad4bfe2e187c57075fc9022b3eda9fa55c5cedc1ec2b275a9944c085ccf78be248cd5e4edc9f5d6859385e3147bb90e295028687098482f6d696a37d8", &(0x7f0000001000)=""/4096, 0xf, 0x0, 0x37, 0xe3, &(0x7f0000002000)="3d20f380a5590dc459a387f6a935be386c2f1754626830155987f0c5082043e4ec841b0c2029881a6b93b6902729dc68d5ca964cbc4d69", &(0x7f0000002040)="1135e1d0ad259e55c9b2500e2e09b6ea749f159657125c0c806572bffc44e006c3bd8853eeadbb6af6c36fae19aa0172be842266e2937356721c36936d435c4d278f7887600d0268cb8372317fa4054856a2c43d801771b5b3630257b8810b2d1656aa7f8f0d6dfc44126dc18635a82bdec5e09c062864e3ad14c29e3c0d9b2e8c04ebfaf4f62555545c1bfcf47178bd698daa0b42595586fe618bbe19c41e365d87157dc65049a72e22f364668387100304a5ef9503338c0417bfa81871a088a8dc36c0a3f181f5adf2c4efb1f41cd2f832009b43ad331e1bf970c1b5ad35f04efc1e", 0x1, 0x0, 0x5}, 0x50)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000021c0)='coredump_filter\x00')
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000003400)={'syztnl1\x00', &(0x7f0000003300)={'syztnl0\x00', <r1=>0x0, 0x80, 0x80, 0x5, 0x5, {{0x2c, 0x4, 0x1, 0x2, 0xb0, 0x65, 0x0, 0x3, 0x4, 0x0, @broadcast, @local, {[@end, @noop, @timestamp={0x44, 0x8, 0xbe, 0x0, 0x4, [0x78f]}, @lsrr={0x83, 0x1b, 0xff, [@dev={0xac, 0x14, 0x14, 0x33}, @private=0xa010102, @remote, @local, @broadcast, @remote]}, @cipso={0x86, 0x18, 0x0, [{0x5, 0x2}, {0x6, 0xd, "4c897340d3a074d493b354"}, {0x7, 0x3, "1e"}]}, @cipso={0x86, 0x5c, 0x2, [{0x7, 0x9, "55d8d43291ea53"}, {0x0, 0xc, "aa530d45ae5f5848cf49"}, {0x2, 0x9, "97d3fc0fc907b9"}, {0x1, 0xd, "88a32125d363b29636a104"}, {0x5, 0x3, "13"}, {0x6, 0xb, "2d3705a5b2d9f75828"}, {0x5fd2df4b14078f50, 0x5, "4a820a"}, {0x0, 0xe, "3591d0e56c7f69db53170a95"}, {0x5, 0x5, "d8c387"}, {0x0, 0x5, '\t\x002'}]}]}}}}})
ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000003440)={0x2, <r2=>0xffffffffffffffff, 'id0\x00'})
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000003540)={0x3}, 0x8) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000003540)={0x3, <r3=>0x0}, 0x8)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000003580)={{0x1, 0x1, 0x18, <r4=>0xffffffffffffffff, {0x2}}, './file0\x00'})
bpf$MAP_CREATE(0x0, &(0x7f00000035c0)=@bloom_filter={0x1e, 0x7, 0xfffffffe, 0x9, 0x4, 0x1, 0xf7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x3, 0x1}, 0x50) (async)
r5 = bpf$MAP_CREATE(0x0, &(0x7f00000035c0)=@bloom_filter={0x1e, 0x7, 0xfffffffe, 0x9, 0x4, 0x1, 0xf7, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x5, 0x3, 0x1}, 0x50)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000036c0)={0x20, 0x13, &(0x7f0000002200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0xa}, [@printk={@li, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x9}}, @ldst={0x1, 0x1, 0x4, 0x9, 0x1, 0x50, 0xffffffffffffffff}, @cb_func={0x18, 0xb, 0x4, 0x0, 0xfffffffffffffffd}, @generic={0x0, 0x2, 0xd, 0x7ff, 0x5}, @map_idx={0x18, 0x5, 0x5, 0x0, 0x5}, @map_val={0x18, 0x4, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x10000}]}, &(0x7f00000022c0)='GPL\x00', 0x3, 0x1000, &(0x7f0000002300)=""/4096, 0x40f00, 0x18, '\x00', r1, @fallback=0x20, r2, 0x8, &(0x7f00000034c0)={0x7, 0x1}, 0x8, 0x10, &(0x7f0000003500)={0x1, 0xd, 0x2, 0x140}, 0x10, r3, r4, 0x1, &(0x7f0000003640)=[r5], &(0x7f0000003680)=[{0x1, 0x5, 0x1, 0x2}], 0x10, 0x8}, 0x94)
waitid$P_PIDFD(0x3, r4, &(0x7f0000003780), 0x1, &(0x7f0000003800))
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, &(0x7f00000038c0)={0x0, @in6={{0xa, 0x4e23, 0xffffffff, @private0, 0x1}}}, &(0x7f0000003980)=0x84) (async)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r4, 0x84, 0x6, &(0x7f00000038c0)={<r7=>0x0, @in6={{0xa, 0x4e23, 0xffffffff, @private0, 0x1}}}, &(0x7f0000003980)=0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f00000039c0)={r7, 0x4}, &(0x7f0000003a00)=0x8) (async)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f00000039c0)={r7, 0x4}, &(0x7f0000003a00)=0x8)
r8 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000003c40)={0x11, 0x4, &(0x7f0000003a40)=@framed={{0x18, 0x0, 0x0, 0x0, 0x47, 0x0, 0x0, 0x0, 0x7fffffff}, [@jmp={0x5, 0x0, 0x0, 0x6, 0x3, 0x8}]}, &(0x7f0000003a80)='syzkaller\x00', 0x1ff, 0x3d, &(0x7f0000003ac0)=""/61, 0x41000, 0x3, '\x00', r1, 0x0, r2, 0x8, &(0x7f0000003b00)={0x4, 0x1}, 0x8, 0x10, &(0x7f0000003b40)={0x4, 0x2, 0x2, 0x800}, 0x10, 0x0, 0x0, 0x5, &(0x7f0000003b80)=[r4, r2, r0], &(0x7f0000003bc0)=[{0x1, 0x4, 0xc, 0xa}, {0x0, 0x2, 0x3, 0x4}, {0x0, 0x4, 0xe, 0x6}, {0x5, 0x4, 0x8, 0xb}, {0x5, 0x1, 0xd, 0x2}]}, 0x94)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000003e00)={@ifindex=r1, 0x1e, 0x1, 0x9, &(0x7f0000003d00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xa, 0x0, &(0x7f0000003d40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000003d80)=[0x0, 0x0], &(0x7f0000003dc0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, 0x40) (async)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000003e00)={@ifindex=r1, 0x1e, 0x1, 0x9, &(0x7f0000003d00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0xa, 0x0, &(0x7f0000003d40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000003d80)=[0x0, 0x0], &(0x7f0000003dc0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], <r9=>0x0}, 0x40)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000004140)={r6, 0xe0, &(0x7f0000004040)={0x0, <r10=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000003e80)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000003ec0)=[0x0, 0x0, 0x0], &(0x7f0000003f00)=[0x0], 0x0, 0x79, &(0x7f0000003f40)=[{}], 0x8, 0x10, &(0x7f0000003f80), &(0x7f0000003fc0), 0x8, 0x61, 0x8, 0x8, &(0x7f0000004000)}}, 0x10)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000003e40)={@ifindex=r1, r8, 0x25, 0x2c, 0x0, @void, @void, @void, @value=r10, r9}, 0x20) (async)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000003e40)={@ifindex=r1, r8, 0x25, 0x2c, 0x0, @void, @void, @void, @value=r10, r9}, 0x20)
dup(r4) (async)
r11 = dup(r4)
r12 = openat2(r0, &(0x7f00000043c0)='./file1\x00', &(0x7f0000004400)={0x200, 0xe0, 0x2}, 0x18)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f00000044c0)=@bpf_tracing={0x1a, 0x19, &(0x7f0000004180)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x80}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@alu={0x4, 0x1, 0x8, 0x1, 0x8, 0x20, 0x8}, @tail_call={{0x18, 0x2, 0x1, 0x0, r5}}, @cb_func={0x18, 0xb, 0x4, 0x0, 0x8}, @map_val={0x18, 0x1, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x40}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000004280)='GPL\x00', 0xfffffff7, 0x56, &(0x7f00000042c0)=""/86, 0x41100, 0x50, '\x00', 0x0, 0x1c, 0xffffffffffffffff, 0x8, &(0x7f0000004340)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000004380)={0x4, 0x4, 0x464, 0x2}, 0x10, 0x2ef4, r11, 0x2, &(0x7f0000004440)=[r0, r0, r12, r2, r5], &(0x7f0000004480)=[{0x4, 0x3, 0x9, 0xb}, {0x5, 0x1, 0x1, 0x3}], 0x10, 0x2}, 0x94)
r13 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000004580), 0x2002, 0x0)
ioctl$BTRFS_IOC_LOGICAL_INO_V2(r13, 0xc038943b, &(0x7f0000004600)={0x40000000000, 0x8, '\x00', 0x1, &(0x7f00000045c0)=[0x0]})
r14 = openat2(r0, &(0x7f0000004640)='./file0\x00', &(0x7f0000004680)={0x1, 0x51, 0x18}, 0x18)
r15 = syz_genetlink_get_family_id$fou(&(0x7f0000004700), r13)
sendmsg$FOU_CMD_DEL(r14, &(0x7f00000047c0)={&(0x7f00000046c0)={0x10, 0x0, 0x0, 0x20000008}, 0xc, &(0x7f0000004780)={&(0x7f0000004740)={0x3c, r15, 0x8, 0x70bd26, 0x25dfdbfb, {}, [@FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_TYPE={0x5, 0x4, 0x2}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_PORT={0x6, 0x1, 0x4e24}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @remote}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40811)
ioctl$AUTOFS_IOC_EXPIRE_MULTI(r4, 0x40049366, &(0x7f0000004800)=0x4)
syz_io_uring_setup(0x1921, &(0x7f0000004840)={0x0, 0x54ad, 0x2, 0x3, 0x95}, &(0x7f00000048c0), &(0x7f0000004900))
r16 = socket$isdn_base(0x22, 0x3, 0x0)
ioctl$IMGETCOUNT(r16, 0x80044943, &(0x7f0000004940)) (async)
ioctl$IMGETCOUNT(r16, 0x80044943, &(0x7f0000004940))
ioctl$KVM_HAS_DEVICE_ATTR_vcpu(r4, 0x4018aee3, &(0x7f00000049c0)=@attr_pmu_filter={0x0, 0x1, 0x1, &(0x7f0000004980)={0xf18c, 0x9, 0x1}})
bind(r16, &(0x7f0000004a00)=@qipcrtr={0x2a, 0xffffffffffffffff}, 0x80) (async)
bind(r16, &(0x7f0000004a00)=@qipcrtr={0x2a, 0xffffffffffffffff}, 0x80)
getsockopt$inet6_mreq(r14, 0x29, 0x15, &(0x7f0000004a80)={@private0}, &(0x7f0000004ac0)=0x14) (async)
getsockopt$inet6_mreq(r14, 0x29, 0x15, &(0x7f0000004a80)={@private0}, &(0x7f0000004ac0)=0x14)

249.643918ms ago: executing program 5 (id=2709):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000080)="2c80fce256052b06f8148e045f9b2dec", 0x10)
setsockopt$inet6_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000b80)="d7d42f9134461c21d42a97f0ebd55245", 0x10)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x670, 0x2e0, 0xd0, 0x2e0, 0xd0, 0xd0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x5}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x11}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0x100, 0x128, 0x0, {}, [@common=@unspec=@connmark={{0x30}}, @common=@inet=@socket1={{0x28}}]}, @common=@unspec=@MARK={0x28}}, {{@uncond, 0x0, 0x120, 0x148, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}}]}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0x138, 0x178, 0x0, {}, [@common=@dst={{0x48}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6d0)

160.878122ms ago: executing program 5 (id=2710):
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PPPIOCSDEBUG(r0, 0x40047440, &(0x7f0000000000)=0x7)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000080)={'team0\x00', <r1=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000380)={r0, 0xe0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r2=>0x0, 0x0, 0x0, 0x0, 0x3, 0x2, &(0x7f0000000100)=[0x0, 0x0, 0x0], &(0x7f0000000140)=[0x0, 0x0], 0x0, 0xa2, &(0x7f0000000180)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f00000001c0), &(0x7f0000000200), 0x8, 0x25, 0x8, 0x8, &(0x7f0000000240)}}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000440)={'ip6gre0\x00', &(0x7f00000003c0)={'syztnl0\x00', <r3=>0x0, 0x4, 0x6, 0x9, 0x2, 0x75, @ipv4={'\x00', '\xff\xff', @local}, @mcast1, 0x8, 0x40, 0x6, 0xb5}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000740)={r0, 0xe0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000480)=[0x0], ""/16, <r4=>0x0, 0x0, 0x0, 0x0, 0x4, 0x4, &(0x7f00000004c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x56, &(0x7f0000000540)=[{}, {}], 0x10, 0x10, &(0x7f0000000580), &(0x7f00000005c0), 0x8, 0xb6, 0x8, 0x8, &(0x7f0000000600)}}, 0x10)
getsockname$packet(r0, &(0x7f0000000780)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f00000007c0)=0x14)
getsockopt$PNPIPE_IFINDEX(r0, 0x113, 0x2, &(0x7f0000000800)=<r6=>0x0, &(0x7f0000000840)=0x4)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000b40)={r0, 0xe0, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000880)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r7=>0x0, 0x0, 0x0, 0x0, 0x3, 0xa, &(0x7f00000008c0)=[0x0, 0x0, 0x0], &(0x7f0000000900)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xe, &(0x7f0000000940)=[{}, {}], 0x10, 0x10, &(0x7f0000000980), &(0x7f00000009c0), 0x8, 0x93, 0x8, 0x8, &(0x7f0000000a00)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000b80)={'team0\x00', <r8=>0x0})
getsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000bc0)={@multicast1, @broadcast, <r9=>0x0}, &(0x7f0000000c00)=0xc)
sendmsg$TEAM_CMD_NOOP(r0, &(0x7f0000000f80)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000f40)={&(0x7f0000000c40)={0x2f4, 0x0, 0x800, 0x70bd2a, 0x25dfdbfc, {}, [{{0x8, 0x1, r1}, {0x78, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r3}}}]}}, {{0x8}, {0x140, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x146f}}, {0x8, 0x6, r4}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80000001}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}, {{0x8, 0x1, r5}, {0x80, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r6}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}]}}, {{0x8, 0x1, r8}, {0x88, 0x2, 0x0, 0x1, [{0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8, 0x6, r9}}}]}}]}, 0x2f4}, 0x1, 0x0, 0x0, 0x4040801}, 0xc808)
r10 = accept4$x25(r0, 0x0, &(0x7f0000000fc0), 0x800)
r11 = dup2(r10, r0)
r12 = socket$inet_mptcp(0x2, 0x1, 0x106)
getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r11, 0x84, 0x6d, &(0x7f0000001000)={<r13=>0x0, 0xac, "b0fd25f963ec7768296bbddca6d381b5173b6add10a1a6c6ffc3092e2d980db880be1206c1f1d1024f8ea5109d2b2335db7e7b59aa9897592821d24e5c81ca4c6557191b82a390ea6e73eceeb8d2d8bc241716491533d0ddf06c74adc1adccd1e8e9691fc811880eb0cb231d26899b69eaf92bc314e4de1e9e6213dd518a15102c7f5e20cd2f7f73e6eeb3a45e1008470bfc175ee583b71528d0f915e4c142c38ff5f328a4fff91b9e1dc613"}, &(0x7f00000010c0)=0xb4)
getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000001100)={<r14=>r13, 0x3}, &(0x7f0000001140)=0x8)
r15 = syz_genetlink_get_family_id$nl80211(&(0x7f00000011c0), r11)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000001200)={'wlan1\x00', <r16=>0x0})
sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r11, &(0x7f00000012c0)={&(0x7f0000001180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001280)={&(0x7f0000001240)={0x40, r15, 0x100, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r16}, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x67}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0xd}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x52}]}, 0x40}, 0x1, 0x0, 0x0, 0x20000080}, 0x10)
ioctl$SNDRV_PCM_IOCTL_INFO(r11, 0x81204101, &(0x7f0000001300))
r17 = syz_genetlink_get_family_id$mptcp(&(0x7f0000001480), r0)
sendmsg$MPTCP_PM_CMD_FLUSH_ADDRS(r11, &(0x7f0000001600)={&(0x7f0000001440)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000015c0)={&(0x7f00000014c0)={0xe8, r17, 0x400, 0x70bd29, 0x25dfdbfd, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x7}, @MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x2}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x10}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @mcast2}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}]}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8}, @MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x588}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x4}, @MPTCP_PM_ATTR_ADDR={0x4c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x9}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x64}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r9}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @empty}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private0}]}, @MPTCP_PM_ATTR_ADDR={0x38, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @initdev={0xac, 0x1e, 0x1, 0x0}}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x5}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xa}]}]}, 0xe8}}, 0x84)
fcntl$notify(r0, 0x402, 0x21)
setsockopt$SO_ATTACH_FILTER(r12, 0x1, 0x1a, &(0x7f0000001680)={0x1, &(0x7f0000001640)=[{0xfeff, 0xe7, 0xb, 0xffffffff}]}, 0x10)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000016c0)={r14, 0x9}, 0x8)
r18 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_LEAVE_IBSS(r18, &(0x7f00000017c0)={&(0x7f0000001700)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000001780)={&(0x7f0000001740)={0x20, r15, 0x200, 0x70bd27, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0x7fc4, 0x2f}}}}, ["", "", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
sendmsg$NL80211_CMD_RADAR_DETECT(r0, &(0x7f0000001900)={&(0x7f0000001800)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000018c0)={&(0x7f0000001840)={0x68, r15, 0x800, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r16}, @val={0xc, 0x99, {0x3, 0x50}}}}, [@NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x8}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x1}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x202}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x5}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xa}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}, @NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x65}]}, 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x20004004)
getsockname$packet(r11, &(0x7f0000001940)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001980)=0x14)

160.619312ms ago: executing program 5 (id=2711):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x200a})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x1000000000000, 0x0})

90.901356ms ago: executing program 5 (id=2712):
unshare(0x62040200)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x20, 0x3, &(0x7f0000000080)=ANY=[@ANYBLOB="00000019b7a739572e52dc85d67714ea0000000000000000000400e1009593000000000000"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x20, &(0x7f00000000c0)={&(0x7f0000000240)=""/217, 0xd9, 0x0, &(0x7f0000000140)=""/126, 0x7e}}, 0x10)
r1 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000002380)={r0, 0x0, 0x2d, 0x0, @void}, 0x10)
unshare(0x40000980)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r2 = socket$inet(0x2, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4)
bind$inet(r2, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0x10)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f0000000200)=[{0x6}]}, 0x10)
listen(r2, 0x0)
bpf$LINK_DETACH(0x22, &(0x7f0000000040)=r1, 0x4)
bpf$LINK_DETACH(0x22, &(0x7f0000000100)=r1, 0x4)

1.021654ms ago: executing program 5 (id=2713):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="6c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="5d58c3ffffff00001c001a8018000a801400070000000000000000000000000000000001140003006970766c616e310000000000000000001c00790727c35df39725766c616e00000c0002800600010000000000"], 0x6c}, 0x1, 0x0, 0x0, 0x840}, 0x0)

0s ago: executing program 5 (id=2714):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_ethernet(0x86, &(0x7f0000000100)={@multicast, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010101, @local}, @time_exceeded={0x3, 0x3, 0x0, 0x3, 0x0, 0x0, {0x17, 0x4, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @dev, @remote, {[@noop, @timestamp_addr={0x44, 0x44, 0x0, 0x1, 0x0, [{@remote}, {@remote}, {@dev, 0xfffffffc}, {}, {@multicast2}, {@loopback}, {@local}, {@multicast1}]}]}}}}}}}, 0x0)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), 0xffffffffffffffff)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
openat(0xffffffffffffff9c, 0x0, 0x80642, 0x150)
syz_emit_ethernet(0x32, &(0x7f00000000c0)={@random="f1a2610faca2", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0xe000, 0x3, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x10, 0x0, @gue={{0x2, 0x1, 0x2, 0x4, 0x0, @val=0x80}}}}}}}, 0x0)
r2 = syz_open_dev$I2C(&(0x7f0000003000), 0x0, 0x0)
ioctl$I2C_SMBUS(r2, 0x720, &(0x7f0000003080)={0x1, 0x0, 0x6, 0x0})
syz_emit_ethernet(0x2a, &(0x7f0000000600)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1d}, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x4e22, 0x7, 0x8}}}}}, 0x0)
sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="310428bd7000ffffffff1600000018000180140002006e657464657673696d3000000000600005000200000000000500040001000000050003"], 0x44}}, 0x0)

0s ago: executing program 4 (id=2715):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x2, 0x2000)
ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f00000000c0)={<r1=>0x0, 0x1})
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0x20, &(0x7f0000000440)={&(0x7f00000002c0)=""/82, 0x52, <r2=>0x0, &(0x7f0000000340)=""/201, 0xc9}}, 0x10)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000540)=@bpf_lsm={0x1d, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x1}, [@alu={0x17c16ccaea78e051, 0x1, 0x3, 0x50c126131b0d7e1d, 0x9, 0xffffffffffffffc4, 0x4}]}, &(0x7f0000000140)='syzkaller\x00', 0x9, 0x97, &(0x7f0000000180)=""/151, 0x41000, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, &(0x7f0000000240)={0x1, 0x4}, 0x8, 0x10, &(0x7f0000000280)={0x0, 0x8, 0x1000, 0x10001}, 0x10, r2, 0x0, 0x6, 0x0, &(0x7f00000004c0)=[{0x3, 0x5, 0xd, 0x7}, {0x5, 0x1, 0xf, 0x2}, {0x2, 0x3, 0xe, 0xb}, {0x4, 0x4, 0x5, 0x7}, {0x3, 0x4, 0x3, 0xc}, {0x4, 0x4, 0x2, 0x3}], 0x10, 0xffff8000}, 0x94)
ioctl$DRM_IOCTL_SYNCOBJ_QUERY(r0, 0xc01864cb, &(0x7f0000000040)={&(0x7f0000000080)=[r1], 0x0, 0x40000138, 0x1})

kernel console output (not intermixed with test programs):

 __vxlan_dev_create+0x15a/0x680
[  170.613814][T11651]  ? __pfx___vxlan_dev_create+0x10/0x10
[  170.613843][T11651]  vxlan_newlink+0x135/0x1e0
[  170.613866][T11651]  ? __pfx_vxlan_newlink+0x10/0x10
[  170.613899][T11651]  ? rtnl_create_link+0xa4a/0xf60
[  170.613916][T11651]  ? __pfx_vxlan_newlink+0x10/0x10
[  170.613940][T11651]  rtnl_newlink+0xc19/0x1f50
[  170.613965][T11651]  ? __pfx_rtnl_newlink+0x10/0x10
[  170.613980][T11651]  ? find_held_lock+0x2b/0x80
[  170.614003][T11651]  ? avc_has_perm_noaudit+0x117/0x3b0
[  170.614038][T11651]  ? avc_has_perm_noaudit+0x149/0x3b0
[  170.614083][T11651]  ? find_held_lock+0x2b/0x80
[  170.614103][T11651]  ? __pfx_rtnl_newlink+0x10/0x10
[  170.614119][T11651]  ? __pfx_rtnl_newlink+0x10/0x10
[  170.614135][T11651]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  170.614153][T11651]  ? __pfx_rtnl_newlink+0x10/0x10
[  170.614171][T11651]  rtnetlink_rcv_msg+0x95e/0xe90
[  170.614190][T11651]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  170.614214][T11651]  ? ref_tracker_free+0x37c/0x830
[  170.614240][T11651]  netlink_rcv_skb+0x158/0x420
[  170.614259][T11651]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  170.614278][T11651]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  170.614306][T11651]  ? netlink_deliver_tap+0x1ae/0xd30
[  170.614329][T11651]  netlink_unicast+0x5aa/0x870
[  170.614352][T11651]  ? __pfx_netlink_unicast+0x10/0x10
[  170.614381][T11651]  netlink_sendmsg+0x8c8/0xdd0
[  170.614403][T11651]  ? __pfx_netlink_sendmsg+0x10/0x10
[  170.614432][T11651]  ____sys_sendmsg+0xa5d/0xc30
[  170.614453][T11651]  ? copy_msghdr_from_user+0x10a/0x160
[  170.614469][T11651]  ? __pfx_____sys_sendmsg+0x10/0x10
[  170.614492][T11651]  ? __pfx__kstrtoull+0x10/0x10
[  170.614515][T11651]  ___sys_sendmsg+0x134/0x1d0
[  170.614533][T11651]  ? __pfx____sys_sendmsg+0x10/0x10
[  170.614573][T11651]  ? __pfx___might_resched+0x10/0x10
[  170.614594][T11651]  __sys_sendmmsg+0x200/0x420
[  170.614614][T11651]  ? __pfx___sys_sendmmsg+0x10/0x10
[  170.614639][T11651]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  170.614670][T11651]  ? fput+0x70/0xf0
[  170.614685][T11651]  ? ksys_write+0x1ac/0x250
[  170.614703][T11651]  ? __pfx_ksys_write+0x10/0x10
[  170.614726][T11651]  __x64_sys_sendmmsg+0x9c/0x100
[  170.614742][T11651]  ? lockdep_hardirqs_on+0x7c/0x110
[  170.614762][T11651]  do_syscall_64+0xcd/0xf80
[  170.614784][T11651]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  170.614801][T11651] RIP: 0033:0x7f89d458f7c9
[  170.614816][T11651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  170.614832][T11651] RSP: 002b:00007f89d27f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  170.614848][T11651] RAX: ffffffffffffffda RBX: 00007f89d47e5fa0 RCX: 00007f89d458f7c9
[  170.614859][T11651] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[  170.614869][T11651] RBP: 00007f89d27f6090 R08: 0000000000000000 R09: 0000000000000000
[  170.614880][T11651] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  170.614889][T11651] R13: 00007f89d47e6038 R14: 00007f89d47e5fa0 R15: 00007ffc23de4b98
[  170.614914][T11651]  </TASK>
[  170.686733][T11643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  170.793359][ T5938] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  170.796046][T11643] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  170.800200][ T5938] Bluetooth: hci3: ACL packet for unknown connection handle 200
[  170.805416][  T829] usb 8-1: USB disconnect, device number 36
[  170.984988][   T40] kauditd_printk_skb: 10 callbacks suppressed
[  170.985013][   T40] audit: type=1400 audit(1766880315.494:621): avc:  denied  { append } for  pid=11663 comm="syz.4.2130" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  171.248164][   T60] usb 7-1: USB disconnect, device number 24
[  171.552579][T11707] overlay: Bad value for 'workdir'
[  171.565718][   T40] audit: type=1400 audit(1766880316.074:622): avc:  denied  { name_bind } for  pid=11699 comm="syz.2.2144" src=3618 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1
[  171.628029][ T5938] Bluetooth: hci4: unexpected event for opcode 0x202f
[  171.754172][   T40] audit: type=1400 audit(1766880316.264:623): avc:  denied  { create } for  pid=11723 comm="syz.4.2153" name="file0" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  171.764567][   T40] audit: type=1400 audit(1766880316.274:624): avc:  denied  { unlink } for  pid=8470 comm="syz-executor" name="file0" dev="tmpfs" ino=1156 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  171.811266][T11728] netlink: 'syz.4.2155': attribute type 1 has an invalid length.
[  171.839222][   T60] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  171.948868][   T40] audit: type=1400 audit(1766880316.464:625): avc:  denied  { ioctl } for  pid=11735 comm="syz.2.2159" path="socket:[40552]" dev="sockfs" ino=40552 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1
[  172.009648][   T60] usb 6-1: config index 0 descriptor too short (expected 45, got 36)
[  172.013730][   T60] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  172.018685][   T60] usb 6-1: config 0 has no interfaces?
[  172.021153][   T60] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  172.025352][   T60] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  172.031808][   T60] usb 6-1: config 0 descriptor??
[  172.171664][T11743] netlink: 'syz.4.2161': attribute type 30 has an invalid length.
[  172.175415][T11743] FAULT_INJECTION: forcing a failure.
[  172.175415][T11743] name failslab, interval 1, probability 0, space 0, times 0
[  172.181306][T11743] CPU: 0 UID: 0 PID: 11743 Comm: syz.4.2161 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  172.181335][T11743] Tainted: [L]=SOFTLOCKUP
[  172.181342][T11743] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  172.181353][T11743] Call Trace:
[  172.181359][T11743]  <TASK>
[  172.181367][T11743]  dump_stack_lvl+0x16c/0x1f0
[  172.181415][T11743]  should_fail_ex+0x512/0x640
[  172.181458][T11743]  ? __kvmalloc_node_noprof+0x129/0xa40
[  172.181481][T11743]  should_failslab+0xc2/0x120
[  172.181504][T11743]  __kvmalloc_node_noprof+0x14a/0xa40
[  172.181526][T11743]  ? alloc_netdev_mqs+0xf8a/0x1550
[  172.181552][T11743]  ? alloc_netdev_mqs+0xf8a/0x1550
[  172.181569][T11743]  alloc_netdev_mqs+0xf8a/0x1550
[  172.181595][T11743]  rtnl_create_link+0xc08/0xf60
[  172.181619][T11743]  rtnl_newlink+0xb3b/0x1f50
[  172.181647][T11743]  ? __pfx_rtnl_newlink+0x10/0x10
[  172.181665][T11743]  ? find_held_lock+0x2b/0x80
[  172.181692][T11743]  ? avc_has_perm_noaudit+0x117/0x3b0
[  172.181728][T11743]  ? avc_has_perm_noaudit+0x149/0x3b0
[  172.181777][T11743]  ? find_held_lock+0x2b/0x80
[  172.181801][T11743]  ? __pfx_rtnl_newlink+0x10/0x10
[  172.181818][T11743]  ? __pfx_rtnl_newlink+0x10/0x10
[  172.181835][T11743]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  172.181855][T11743]  ? __pfx_rtnl_newlink+0x10/0x10
[  172.181875][T11743]  rtnetlink_rcv_msg+0x95e/0xe90
[  172.181896][T11743]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  172.181924][T11743]  ? ref_tracker_free+0x37c/0x830
[  172.181954][T11743]  netlink_rcv_skb+0x158/0x420
[  172.181973][T11743]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  172.181994][T11743]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  172.182025][T11743]  ? netlink_deliver_tap+0x1ae/0xd30
[  172.182050][T11743]  netlink_unicast+0x5aa/0x870
[  172.182075][T11743]  ? __pfx_netlink_unicast+0x10/0x10
[  172.182106][T11743]  netlink_sendmsg+0x8c8/0xdd0
[  172.182131][T11743]  ? __pfx_netlink_sendmsg+0x10/0x10
[  172.182161][T11743]  ____sys_sendmsg+0xa5d/0xc30
[  172.182185][T11743]  ? copy_msghdr_from_user+0x10a/0x160
[  172.182202][T11743]  ? __pfx_____sys_sendmsg+0x10/0x10
[  172.182228][T11743]  ? __pfx__kstrtoull+0x10/0x10
[  172.182253][T11743]  ___sys_sendmsg+0x134/0x1d0
[  172.182273][T11743]  ? __pfx____sys_sendmsg+0x10/0x10
[  172.182315][T11743]  ? __pfx___might_resched+0x10/0x10
[  172.182338][T11743]  __sys_sendmmsg+0x200/0x420
[  172.182359][T11743]  ? __pfx___sys_sendmmsg+0x10/0x10
[  172.182386][T11743]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  172.182417][T11743]  ? fput+0x70/0xf0
[  172.182433][T11743]  ? ksys_write+0x1ac/0x250
[  172.182453][T11743]  ? __pfx_ksys_write+0x10/0x10
[  172.182480][T11743]  __x64_sys_sendmmsg+0x9c/0x100
[  172.182497][T11743]  ? lockdep_hardirqs_on+0x7c/0x110
[  172.182519][T11743]  do_syscall_64+0xcd/0xf80
[  172.182543][T11743]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  172.182561][T11743] RIP: 0033:0x7f89d458f7c9
[  172.182576][T11743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  172.182593][T11743] RSP: 002b:00007f89d27f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  172.182609][T11743] RAX: ffffffffffffffda RBX: 00007f89d47e5fa0 RCX: 00007f89d458f7c9
[  172.182621][T11743] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[  172.182632][T11743] RBP: 00007f89d27f6090 R08: 0000000000000000 R09: 0000000000000000
[  172.182643][T11743] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  172.182653][T11743] R13: 00007f89d47e6038 R14: 00007f89d47e5fa0 R15: 00007ffc23de4b98
[  172.182678][T11743]  </TASK>
[  172.201246][   T40] audit: type=1400 audit(1766880316.704:626): avc:  denied  { read } for  pid=11744 comm="syz.2.2162" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  172.215723][T11746] sctp: [Deprecated]: syz.3.2160 (pid 11746) Use of int in maxseg socket option.
[  172.215723][T11746] Use struct sctp_assoc_value instead
[  172.240857][   T40] audit: type=1400 audit(1766880316.754:627): avc:  denied  { read } for  pid=11744 comm="syz.2.2162" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  173.067057][T11748] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  173.070320][T11748] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  173.080374][T11710] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  173.088495][T11710] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  173.093982][   T59] usb 6-1: USB disconnect, device number 11
[  173.252226][   T40] audit: type=1400 audit(1766880317.764:628): avc:  denied  { write } for  pid=11761 comm="syz.3.2167" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  173.309119][T11765] sysfs: cannot create duplicate filename '/class/ieee80211/4Ï€!F�õïVl‘uc'f`å”Þ†’;�œ1µx%ñ†‹M¹Fœ-ôÁõîI'
[  173.313106][T11765] CPU: 3 UID: 0 PID: 11765 Comm: syz.3.2168 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  173.313125][T11765] Tainted: [L]=SOFTLOCKUP
[  173.313129][T11765] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  173.313136][T11765] Call Trace:
[  173.313140][T11765]  <TASK>
[  173.313145][T11765]  dump_stack_lvl+0x16c/0x1f0
[  173.313165][T11765]  sysfs_warn_dup+0x7f/0xa0
[  173.313178][T11765]  sysfs_do_create_link_sd+0x124/0x140
[  173.313191][T11765]  sysfs_create_link+0x61/0xc0
[  173.313204][T11765]  device_add+0x652/0x1980
[  173.313219][T11765]  ? __pfx_device_add+0x10/0x10
[  173.313230][T11765]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  173.313244][T11765]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  173.313260][T11765]  wiphy_register+0x1ea1/0x2cc0
[  173.313275][T11765]  ? __rtnl_unlock+0x68/0xf0
[  173.313288][T11765]  ? __netdev_update_features+0xba0/0x1fe0
[  173.313302][T11765]  ? __pfx_wiphy_register+0x10/0x10
[  173.313317][T11765]  ? __asan_memset+0x23/0x50
[  173.313332][T11765]  ? ieee80211_init_rate_ctrl_alg+0x125/0x680
[  173.313349][T11765]  ieee80211_register_hw+0x2bb2/0x4160
[  173.313369][T11765]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  173.313384][T11765]  ? __pfx___debug_object_init+0x10/0x10
[  173.313400][T11765]  ? find_held_lock+0x2b/0x80
[  173.313416][T11765]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  173.313429][T11765]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  173.313441][T11765]  ? __hrtimer_setup+0x176/0x280
[  173.313457][T11765]  mac80211_hwsim_new_radio+0x3323/0x5150
[  173.313481][T11765]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  173.313498][T11765]  ? __asan_memcpy+0x3c/0x60
[  173.313510][T11765]  hwsim_new_radio_nl+0xba2/0x1330
[  173.313527][T11765]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  173.313547][T11765]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  173.313563][T11765]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  173.313580][T11765]  genl_family_rcv_msg_doit+0x209/0x2f0
[  173.313596][T11765]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  173.313615][T11765]  ? bpf_lsm_capable+0x9/0x10
[  173.313626][T11765]  ? security_capable+0x7e/0x260
[  173.313638][T11765]  ? ns_capable+0xd7/0x110
[  173.313653][T11765]  genl_rcv_msg+0x55c/0x800
[  173.313669][T11765]  ? __pfx_genl_rcv_msg+0x10/0x10
[  173.313683][T11765]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  173.313700][T11765]  ? __lock_acquire+0x436/0x2890
[  173.313714][T11765]  netlink_rcv_skb+0x158/0x420
[  173.313727][T11765]  ? __pfx_genl_rcv_msg+0x10/0x10
[  173.313751][T11765]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  173.313770][T11765]  ? netlink_deliver_tap+0x1ae/0xd30
[  173.313786][T11765]  genl_rcv+0x28/0x40
[  173.313799][T11765]  netlink_unicast+0x5aa/0x870
[  173.313814][T11765]  ? __pfx_netlink_unicast+0x10/0x10
[  173.313834][T11765]  netlink_sendmsg+0x8c8/0xdd0
[  173.313850][T11765]  ? __pfx_netlink_sendmsg+0x10/0x10
[  173.313869][T11765]  ____sys_sendmsg+0xa5d/0xc30
[  173.313885][T11765]  ? copy_msghdr_from_user+0x10a/0x160
[  173.313895][T11765]  ? __pfx_____sys_sendmsg+0x10/0x10
[  173.313912][T11765]  ? __pfx_futex_wake_mark+0x10/0x10
[  173.313925][T11765]  ___sys_sendmsg+0x134/0x1d0
[  173.313936][T11765]  ? __pfx____sys_sendmsg+0x10/0x10
[  173.313946][T11765]  ? futex_private_hash_put+0x160/0x1b0
[  173.313976][T11765]  __sys_sendmsg+0x16d/0x220
[  173.313987][T11765]  ? __pfx___sys_sendmsg+0x10/0x10
[  173.313997][T11765]  ? __x64_sys_futex+0x1e0/0x4c0
[  173.314020][T11765]  do_syscall_64+0xcd/0xf80
[  173.314035][T11765]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  173.314046][T11765] RIP: 0033:0x7fa940b8f7c9
[  173.314056][T11765] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  173.314066][T11765] RSP: 002b:00007fa941a0d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  173.314077][T11765] RAX: ffffffffffffffda RBX: 00007fa940de5fa0 RCX: 00007fa940b8f7c9
[  173.314084][T11765] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  173.314090][T11765] RBP: 00007fa940c13f91 R08: 0000000000000000 R09: 0000000000000000
[  173.314096][T11765] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  173.314102][T11765] R13: 00007fa940de6038 R14: 00007fa940de5fa0 R15: 00007ffcda7e1358
[  173.314117][T11765]  </TASK>
[  173.516476][T11778] __nla_validate_parse: 1 callbacks suppressed
[  173.516493][T11778] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2173'.
[  173.651812][T11788] netlink: 'syz.1.2177': attribute type 4 has an invalid length.
[  173.980251][   T40] audit: type=1400 audit(1766880318.494:629): avc:  denied  { module_load } for  pid=11810 comm="syz.1.2183" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=system permissive=1
[  174.061217][T11818] sysfs: cannot create duplicate filename '/class/ieee80211/4Ï€!F�õïVl‘uc'f`å”Þ†’;�œ1µx%ñ†‹M¹Fœ-ôÁõîI'
[  174.067010][T11818] CPU: 0 UID: 0 PID: 11818 Comm: syz.1.2186 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  174.067043][T11818] Tainted: [L]=SOFTLOCKUP
[  174.067050][T11818] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  174.067062][T11818] Call Trace:
[  174.067069][T11818]  <TASK>
[  174.067077][T11818]  dump_stack_lvl+0x16c/0x1f0
[  174.067105][T11818]  sysfs_warn_dup+0x7f/0xa0
[  174.067126][T11818]  sysfs_do_create_link_sd+0x124/0x140
[  174.067148][T11818]  sysfs_create_link+0x61/0xc0
[  174.067166][T11818]  device_add+0x652/0x1980
[  174.067186][T11818]  ? __pfx_device_add+0x10/0x10
[  174.067202][T11818]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  174.067223][T11818]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  174.067249][T11818]  wiphy_register+0x1ea1/0x2cc0
[  174.067270][T11818]  ? __rtnl_unlock+0x68/0xf0
[  174.067291][T11818]  ? __netdev_update_features+0xba0/0x1fe0
[  174.067315][T11818]  ? __pfx_wiphy_register+0x10/0x10
[  174.067337][T11818]  ? __asan_memset+0x23/0x50
[  174.067360][T11818]  ? ieee80211_init_rate_ctrl_alg+0x125/0x680
[  174.067384][T11818]  ieee80211_register_hw+0x2bb2/0x4160
[  174.067417][T11818]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  174.067438][T11818]  ? __pfx___debug_object_init+0x10/0x10
[  174.067462][T11818]  ? find_held_lock+0x2b/0x80
[  174.067487][T11818]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  174.067506][T11818]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  174.067524][T11818]  ? __hrtimer_setup+0x176/0x280
[  174.067549][T11818]  mac80211_hwsim_new_radio+0x3323/0x5150
[  174.067587][T11818]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  174.067613][T11818]  ? __asan_memcpy+0x3c/0x60
[  174.067632][T11818]  hwsim_new_radio_nl+0xba2/0x1330
[  174.067658][T11818]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  174.067688][T11818]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  174.067711][T11818]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  174.067739][T11818]  genl_family_rcv_msg_doit+0x209/0x2f0
[  174.067772][T11818]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  174.067803][T11818]  ? bpf_lsm_capable+0x9/0x10
[  174.067820][T11818]  ? security_capable+0x7e/0x260
[  174.067839][T11818]  ? ns_capable+0xd7/0x110
[  174.067863][T11818]  genl_rcv_msg+0x55c/0x800
[  174.067911][T11818]  ? __pfx_genl_rcv_msg+0x10/0x10
[  174.067935][T11818]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  174.067962][T11818]  ? __lock_acquire+0x436/0x2890
[  174.067985][T11818]  netlink_rcv_skb+0x158/0x420
[  174.068021][T11818]  ? __pfx_genl_rcv_msg+0x10/0x10
[  174.068046][T11818]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  174.068079][T11818]  ? netlink_deliver_tap+0x1ae/0xd30
[  174.068103][T11818]  genl_rcv+0x28/0x40
[  174.068122][T11818]  netlink_unicast+0x5aa/0x870
[  174.068166][T11818]  ? __pfx_netlink_unicast+0x10/0x10
[  174.068199][T11818]  netlink_sendmsg+0x8c8/0xdd0
[  174.068225][T11818]  ? __pfx_netlink_sendmsg+0x10/0x10
[  174.068256][T11818]  ____sys_sendmsg+0xa5d/0xc30
[  174.068278][T11818]  ? copy_msghdr_from_user+0x10a/0x160
[  174.068295][T11818]  ? __pfx_____sys_sendmsg+0x10/0x10
[  174.068322][T11818]  ? __pfx_futex_wake_mark+0x10/0x10
[  174.068342][T11818]  ___sys_sendmsg+0x134/0x1d0
[  174.068360][T11818]  ? __pfx____sys_sendmsg+0x10/0x10
[  174.068376][T11818]  ? futex_private_hash_put+0x160/0x1b0
[  174.068426][T11818]  __sys_sendmsg+0x16d/0x220
[  174.068443][T11818]  ? __pfx___sys_sendmsg+0x10/0x10
[  174.068460][T11818]  ? __x64_sys_futex+0x1e0/0x4c0
[  174.068496][T11818]  do_syscall_64+0xcd/0xf80
[  174.068519][T11818]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.068537][T11818] RIP: 0033:0x7f5fa518f7c9
[  174.068554][T11818] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  174.068569][T11818] RSP: 002b:00007f5fa5fcc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  174.068585][T11818] RAX: ffffffffffffffda RBX: 00007f5fa53e5fa0 RCX: 00007f5fa518f7c9
[  174.068596][T11818] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  174.068606][T11818] RBP: 00007f5fa5213f91 R08: 0000000000000000 R09: 0000000000000000
[  174.068617][T11818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  174.068627][T11818] R13: 00007f5fa53e6038 R14: 00007f5fa53e5fa0 R15: 00007fff43f210f8
[  174.068651][T11818]  </TASK>
[  174.310704][T11823] isofs_fill_super: bread failed, dev=sr0, iso_blknum=32, block=32
[  174.375470][T11836] netlink: 'syz.1.2192': attribute type 30 has an invalid length.
[  174.380445][T11836] FAULT_INJECTION: forcing a failure.
[  174.380445][T11836] name failslab, interval 1, probability 0, space 0, times 0
[  174.385016][T11836] CPU: 1 UID: 0 PID: 11836 Comm: syz.1.2192 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  174.385034][T11836] Tainted: [L]=SOFTLOCKUP
[  174.385038][T11836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  174.385044][T11836] Call Trace:
[  174.385049][T11836]  <TASK>
[  174.385054][T11836]  dump_stack_lvl+0x16c/0x1f0
[  174.385072][T11836]  should_fail_ex+0x512/0x640
[  174.385088][T11836]  ? __kvmalloc_node_noprof+0x129/0xa40
[  174.385102][T11836]  should_failslab+0xc2/0x120
[  174.385117][T11836]  __kvmalloc_node_noprof+0x14a/0xa40
[  174.385130][T11836]  ? bucket_table_alloc.isra.0+0x88/0x460
[  174.385148][T11836]  ? bucket_table_alloc.isra.0+0x88/0x460
[  174.385161][T11836]  bucket_table_alloc.isra.0+0x88/0x460
[  174.385176][T11836]  rhashtable_init_noprof+0x41a/0x7e0
[  174.385191][T11836]  vxlan_init+0x30/0x5b0
[  174.385205][T11836]  ? kasan_save_track+0x14/0x30
[  174.385217][T11836]  ? __pfx_vxlan_init+0x10/0x10
[  174.385229][T11836]  register_netdevice+0x653/0x21d0
[  174.385250][T11836]  ? vxlan_vni_in_use+0x2d0/0x370
[  174.385271][T11836]  ? find_held_lock+0x2b/0x80
[  174.385296][T11836]  ? __pfx_register_netdevice+0x10/0x10
[  174.385315][T11836]  ? __asan_memcpy+0x3c/0x60
[  174.385327][T11836]  ? vxlan_config_apply+0x653/0x7e0
[  174.385342][T11836]  __vxlan_dev_create+0x15a/0x680
[  174.385360][T11836]  ? __pfx___vxlan_dev_create+0x10/0x10
[  174.385380][T11836]  vxlan_newlink+0x135/0x1e0
[  174.385396][T11836]  ? __pfx_vxlan_newlink+0x10/0x10
[  174.385418][T11836]  ? rtnl_create_link+0xa4a/0xf60
[  174.385430][T11836]  ? __pfx_vxlan_newlink+0x10/0x10
[  174.385447][T11836]  rtnl_newlink+0xc19/0x1f50
[  174.385463][T11836]  ? __pfx_rtnl_newlink+0x10/0x10
[  174.385473][T11836]  ? find_held_lock+0x2b/0x80
[  174.385489][T11836]  ? avc_has_perm_noaudit+0x117/0x3b0
[  174.385508][T11836]  ? avc_has_perm_noaudit+0x149/0x3b0
[  174.385536][T11836]  ? find_held_lock+0x2b/0x80
[  174.385551][T11836]  ? __pfx_rtnl_newlink+0x10/0x10
[  174.385562][T11836]  ? __pfx_rtnl_newlink+0x10/0x10
[  174.385572][T11836]  ? rtnetlink_rcv_msg+0x93a/0xe90
[  174.385584][T11836]  ? __pfx_rtnl_newlink+0x10/0x10
[  174.385596][T11836]  rtnetlink_rcv_msg+0x95e/0xe90
[  174.385609][T11836]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  174.385625][T11836]  ? ref_tracker_free+0x37c/0x830
[  174.385643][T11836]  netlink_rcv_skb+0x158/0x420
[  174.385657][T11836]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[  174.385669][T11836]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  174.385687][T11836]  ? netlink_deliver_tap+0x1ae/0xd30
[  174.385702][T11836]  netlink_unicast+0x5aa/0x870
[  174.385717][T11836]  ? __pfx_netlink_unicast+0x10/0x10
[  174.385734][T11836]  netlink_sendmsg+0x8c8/0xdd0
[  174.385749][T11836]  ? __pfx_netlink_sendmsg+0x10/0x10
[  174.385768][T11836]  ____sys_sendmsg+0xa5d/0xc30
[  174.385782][T11836]  ? copy_msghdr_from_user+0x10a/0x160
[  174.385793][T11836]  ? __pfx_____sys_sendmsg+0x10/0x10
[  174.385809][T11836]  ? __pfx__kstrtoull+0x10/0x10
[  174.385823][T11836]  ___sys_sendmsg+0x134/0x1d0
[  174.385834][T11836]  ? __pfx____sys_sendmsg+0x10/0x10
[  174.385858][T11836]  ? __pfx___might_resched+0x10/0x10
[  174.385871][T11836]  __sys_sendmmsg+0x200/0x420
[  174.385884][T11836]  ? __pfx___sys_sendmmsg+0x10/0x10
[  174.385899][T11836]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[  174.385919][T11836]  ? fput+0x70/0xf0
[  174.385934][T11836]  ? ksys_write+0x1ac/0x250
[  174.385947][T11836]  ? __pfx_ksys_write+0x10/0x10
[  174.385962][T11836]  __x64_sys_sendmmsg+0x9c/0x100
[  174.385972][T11836]  ? lockdep_hardirqs_on+0x7c/0x110
[  174.385986][T11836]  do_syscall_64+0xcd/0xf80
[  174.386000][T11836]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  174.386012][T11836] RIP: 0033:0x7f5fa518f7c9
[  174.386022][T11836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  174.386032][T11836] RSP: 002b:00007f5fa5fcc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  174.386042][T11836] RAX: ffffffffffffffda RBX: 00007f5fa53e5fa0 RCX: 00007f5fa518f7c9
[  174.386049][T11836] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000003
[  174.386055][T11836] RBP: 00007f5fa5fcc090 R08: 0000000000000000 R09: 0000000000000000
[  174.386062][T11836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  174.386068][T11836] R13: 00007f5fa53e6038 R14: 00007f5fa53e5fa0 R15: 00007fff43f210f8
[  174.386082][T11836]  </TASK>
[  174.406284][   T40] audit: type=1400 audit(1766880318.904:630): avc:  denied  { read } for  pid=11837 comm="syz.4.2193" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  174.519154][ T5938] Bluetooth: hci4: command 0x0c1a tx timeout
[  174.586892][T11844] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.2191'.
[  174.824625][T11862] kvm: requested 130742 ns i8254 timer period limited to 200000 ns
[  174.831630][T11862] kvm: requested 68723 ns i8254 timer period limited to 200000 ns
[  174.835990][T11862] kvm: requested 177676 ns i8254 timer period limited to 200000 ns
[  174.842151][T11862] kvm: requested 10057 ns i8254 timer period limited to 200000 ns
[  174.847131][T11862] kvm: requested 108952 ns i8254 timer period limited to 200000 ns
[  174.852132][T11862] kvm: requested 191085 ns i8254 timer period limited to 200000 ns
[  174.856200][T11862] kvm: requested 122361 ns i8254 timer period limited to 200000 ns
[  174.860101][T11862] kvm: requested 113981 ns i8254 timer period limited to 200000 ns
[  174.864010][T11862] kvm: requested 169295 ns i8254 timer period limited to 200000 ns
[  175.078260][ T5938] Bluetooth: hci3: command 0x040f tx timeout
[  175.094858][T11870] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  175.233784][T11877] bridge0: entered allmulticast mode
[  175.380599][T11889] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2211'.
[  175.758390][   T60] delete_channel: no stack
[  175.765978][T11907] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  175.768771][T11907] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  175.770705][T11919] netlink: 'syz.2.2221': attribute type 4 has an invalid length.
[  175.942756][ T5290] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  175.949505][ T5290] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  175.953686][ T5290] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  175.956975][ T5290] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  175.960210][ T5290] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  176.036906][T11935] bridge0: entered allmulticast mode
[  176.087087][   T40] kauditd_printk_skb: 3 callbacks suppressed
[  176.087097][   T40] audit: type=1400 audit(1766880320.594:634): avc:  denied  { bind } for  pid=11937 comm="syz.3.2228" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  176.100492][   T40] audit: type=1400 audit(1766880320.614:635): avc:  denied  { cmd } for  pid=11937 comm="syz.3.2228" path="socket:[41899]" dev="sockfs" ino=41899 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  176.139796][T11942] netlink: 'syz.3.2230': attribute type 4 has an invalid length.
[  176.192287][   T40] audit: type=1400 audit(1766880320.704:636): avc:  denied  { create } for  pid=11948 comm="syz.1.2233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  176.200852][   T40] audit: type=1400 audit(1766880320.704:637): avc:  denied  { bind } for  pid=11948 comm="syz.1.2233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  176.211206][   T40] audit: type=1400 audit(1766880320.704:638): avc:  denied  { setopt } for  pid=11948 comm="syz.1.2233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  176.221095][   T40] audit: type=1400 audit(1766880320.704:639): avc:  denied  { accept } for  pid=11948 comm="syz.1.2233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  176.232918][   T40] audit: type=1400 audit(1766880320.704:640): avc:  denied  { write } for  pid=11948 comm="syz.1.2233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  176.241263][   T40] audit: type=1400 audit(1766880320.704:641): avc:  denied  { read } for  pid=11948 comm="syz.1.2233" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  176.253603][T11925] chnl_net:caif_netlink_parms(): no params data found
[  176.292296][   T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  176.298013][   T13] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.325680][T11958] netlink: 830 bytes leftover after parsing attributes in process `syz.4.2236'.
[  176.444679][   T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  176.451794][   T13] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.475272][T11969] sysfs: cannot create duplicate filename '/class/ieee80211/4Ï€!F�õïVl‘uc'f`å”Þ†’;�œ1µx%ñ†‹M¹Fœ-ôÁõîI'
[  176.481241][T11969] CPU: 1 UID: 0 PID: 11969 Comm: syz.4.2238 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  176.481277][T11969] Tainted: [L]=SOFTLOCKUP
[  176.481285][T11969] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  176.481300][T11969] Call Trace:
[  176.481307][T11969]  <TASK>
[  176.481316][T11969]  dump_stack_lvl+0x16c/0x1f0
[  176.481378][T11969]  sysfs_warn_dup+0x7f/0xa0
[  176.481406][T11969]  sysfs_do_create_link_sd+0x124/0x140
[  176.481429][T11969]  sysfs_create_link+0x61/0xc0
[  176.481449][T11969]  device_add+0x652/0x1980
[  176.481473][T11969]  ? __pfx_device_add+0x10/0x10
[  176.481492][T11969]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  176.481515][T11969]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  176.481542][T11969]  wiphy_register+0x1ea1/0x2cc0
[  176.481564][T11969]  ? __rtnl_unlock+0x68/0xf0
[  176.481586][T11969]  ? __netdev_update_features+0xba0/0x1fe0
[  176.481611][T11969]  ? __pfx_wiphy_register+0x10/0x10
[  176.481635][T11969]  ? __asan_memset+0x23/0x50
[  176.481660][T11969]  ? ieee80211_init_rate_ctrl_alg+0x125/0x680
[  176.481685][T11969]  ieee80211_register_hw+0x2bb2/0x4160
[  176.481717][T11969]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  176.481740][T11969]  ? __pfx___debug_object_init+0x10/0x10
[  176.481766][T11969]  ? find_held_lock+0x2b/0x80
[  176.481792][T11969]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  176.481813][T11969]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  176.481835][T11969]  ? __hrtimer_setup+0x176/0x280
[  176.481864][T11969]  mac80211_hwsim_new_radio+0x3323/0x5150
[  176.481912][T11969]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  176.481943][T11969]  ? __asan_memcpy+0x3c/0x60
[  176.481965][T11969]  hwsim_new_radio_nl+0xba2/0x1330
[  176.481995][T11969]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  176.482035][T11969]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  176.482061][T11969]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  176.482092][T11969]  genl_family_rcv_msg_doit+0x209/0x2f0
[  176.482118][T11969]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  176.482151][T11969]  ? bpf_lsm_capable+0x9/0x10
[  176.482170][T11969]  ? security_capable+0x7e/0x260
[  176.482189][T11969]  ? ns_capable+0xd7/0x110
[  176.482232][T11969]  genl_rcv_msg+0x55c/0x800
[  176.482261][T11969]  ? __pfx_genl_rcv_msg+0x10/0x10
[  176.482287][T11969]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  176.482317][T11969]  ? __lock_acquire+0x436/0x2890
[  176.482341][T11969]  netlink_rcv_skb+0x158/0x420
[  176.482362][T11969]  ? __pfx_genl_rcv_msg+0x10/0x10
[  176.482386][T11969]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  176.482417][T11969]  ? netlink_deliver_tap+0x1ae/0xd30
[  176.482441][T11969]  genl_rcv+0x28/0x40
[  176.482461][T11969]  netlink_unicast+0x5aa/0x870
[  176.482484][T11969]  ? __pfx_netlink_unicast+0x10/0x10
[  176.482514][T11969]  netlink_sendmsg+0x8c8/0xdd0
[  176.482539][T11969]  ? __pfx_netlink_sendmsg+0x10/0x10
[  176.482570][T11969]  ____sys_sendmsg+0xa5d/0xc30
[  176.482593][T11969]  ? copy_msghdr_from_user+0x10a/0x160
[  176.482610][T11969]  ? __pfx_____sys_sendmsg+0x10/0x10
[  176.482637][T11969]  ? __pfx_futex_wake_mark+0x10/0x10
[  176.482657][T11969]  ___sys_sendmsg+0x134/0x1d0
[  176.482675][T11969]  ? __pfx____sys_sendmsg+0x10/0x10
[  176.482692][T11969]  ? futex_private_hash_put+0x160/0x1b0
[  176.482743][T11969]  __sys_sendmsg+0x16d/0x220
[  176.482761][T11969]  ? __pfx___sys_sendmsg+0x10/0x10
[  176.482778][T11969]  ? __x64_sys_futex+0x1e0/0x4c0
[  176.482815][T11969]  do_syscall_64+0xcd/0xf80
[  176.482840][T11969]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  176.482859][T11969] RIP: 0033:0x7f89d458f7c9
[  176.482873][T11969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  176.482896][T11969] RSP: 002b:00007f89d27f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  176.482913][T11969] RAX: ffffffffffffffda RBX: 00007f89d47e5fa0 RCX: 00007f89d458f7c9
[  176.482924][T11969] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  176.482936][T11969] RBP: 00007f89d4613f91 R08: 0000000000000000 R09: 0000000000000000
[  176.482946][T11969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  176.482957][T11969] R13: 00007f89d47e6038 R14: 00007f89d47e5fa0 R15: 00007ffc23de4b98
[  176.482985][T11969]  </TASK>
[  176.684741][T11925] bridge0: port 1(bridge_slave_0) entered blocking state
[  176.689009][T11925] bridge0: port 1(bridge_slave_0) entered disabled state
[  176.692351][T11925] bridge_slave_0: entered allmulticast mode
[  176.697450][T11925] bridge_slave_0: entered promiscuous mode
[  176.704504][T11925] bridge0: port 2(bridge_slave_1) entered blocking state
[  176.707634][T11925] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.719602][T11925] bridge_slave_1: entered allmulticast mode
[  176.724273][T11925] bridge_slave_1: entered promiscuous mode
[  176.757079][   T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  176.766213][   T13] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.803553][T11925] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  176.819423][T11925] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  176.875099][   T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  176.879538][   T13] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  176.901422][T11925] team0: Port device team_slave_0 added
[  176.905046][T11925] team0: Port device team_slave_1 added
[  176.920203][T11925] batman_adv: batadv0: Adding interface: batadv_slave_0
[  176.922522][T11925] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  176.931160][T11925] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  176.935569][T11925] batman_adv: batadv0: Adding interface: batadv_slave_1
[  176.937836][T11925] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  176.946363][T11925] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  176.981201][T11925] hsr_slave_0: entered promiscuous mode
[  176.983628][T11925] hsr_slave_1: entered promiscuous mode
[  176.986237][T11925] debugfs: 'hsr0' already exists in 'hsr'
[  176.989177][T11925] Cannot create hsr debugfs directory
[  177.056330][T11992] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2246'.
[  177.078065][   T13] bridge_slave_1: left allmulticast mode
[  177.080454][   T13] bridge_slave_1: left promiscuous mode
[  177.082871][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  177.093803][   T13] bridge_slave_0: left allmulticast mode
[  177.096176][   T13] bridge_slave_0: left promiscuous mode
[  177.098764][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  177.112065][ T5938] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  177.308632][   T60] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  177.468593][   T60] usb 6-1: Using ep0 maxpacket: 32
[  177.473782][   T60] usb 6-1: config 0 has an invalid interface number: 12 but max is 0
[  177.476568][   T60] usb 6-1: config 0 has no interface number 0
[  177.479170][   T60] usb 6-1: config 0 interface 12 has no altsetting 0
[  177.482968][   T60] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  177.486042][   T60] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.488792][   T60] usb 6-1: Product: syz
[  177.490144][   T60] usb 6-1: Manufacturer: syz
[  177.491705][   T60] usb 6-1: SerialNumber: syz
[  177.495142][   T60] usb 6-1: config 0 descriptor??
[  177.498489][   T60] f81534 6-1:0.12: required endpoints missing
[  177.530188][   T13] .` (unregistering): (slave bond_slave_0): Releasing backup interface
[  177.535609][   T13] .` (unregistering): (slave bond_slave_1): Releasing backup interface
[  177.539663][   T13] .` (unregistering): Released all slaves
[  177.544240][   T13] bond0 (unregistering): Released all slaves
[  177.644231][   T13] : left promiscuous mode
[  177.698759][   T60] usb 6-1: USB disconnect, device number 12
[  177.718050][ T5938] Bluetooth: hci4: command 0x0c1a tx timeout
[  177.733480][   T40] audit: type=1400 audit(1766880322.244:642): avc:  denied  { getopt } for  pid=12004 comm="syz.3.2249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  177.752700][   T13] tipc: Left network mode
[  177.808725][ T5938] Bluetooth: hci3: command 0x040f tx timeout
[  177.835976][T12015] netlink: 'syz.4.2254': attribute type 4 has an invalid length.
[  178.040088][ T5938] Bluetooth: hci1: command tx timeout
[  178.066897][   T13] hsr_slave_0: left promiscuous mode
[  178.069759][   T13] hsr_slave_1: left promiscuous mode
[  178.072569][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  178.075319][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  178.079842][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  178.083013][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  178.097821][   T13] veth1_macvtap: left promiscuous mode
[  178.099926][   T13] veth0_macvtap: left promiscuous mode
[  178.102028][   T13] veth1_vlan: left promiscuous mode
[  178.104274][   T13] veth0_vlan: left promiscuous mode
[  178.166356][   T40] audit: type=1400 audit(1766880322.674:643): avc:  denied  { wake_alarm } for  pid=12032 comm="syz.3.2258" capability=35  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  178.203503][T12042] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+
[  178.216409][T12042] block device autoloading is deprecated and will be removed.
[  178.281488][T12033] md: superblock version 761475689 not known
[  178.284826][T12033] md: couldn't set array info. -22
[  178.534851][   T13] team0 (unregistering): Port device team_slave_1 removed
[  178.568884][   T13] team0 (unregistering): Port device team_slave_0 removed
[  178.956354][T12058] netlink: 'syz.3.2262': attribute type 4 has an invalid length.
[  178.969577][T11925] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  178.988094][T11925] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  179.026560][T11925] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  179.029510][ T5938] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  179.033560][ T5938] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  179.041350][T11925] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  179.129032][T11925] 8021q: adding VLAN 0 to HW filter on device bond0
[  179.140268][T11925] 8021q: adding VLAN 0 to HW filter on device team0
[  179.145634][ T9370] bridge0: port 1(bridge_slave_0) entered blocking state
[  179.148066][ T9370] bridge0: port 1(bridge_slave_0) entered forwarding state
[  179.153621][T12078] sysfs: cannot create duplicate filename '/class/ieee80211/4Ï€!F�õïVl‘uc'f`å”Þ†’;�œ1µx%ñ†‹M¹Fœ-ôÁõîI'
[  179.157361][T12078] CPU: 3 UID: 0 PID: 12078 Comm: syz.1.2268 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  179.157381][T12078] Tainted: [L]=SOFTLOCKUP
[  179.157385][T12078] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  179.157392][T12078] Call Trace:
[  179.157397][T12078]  <TASK>
[  179.157402][T12078]  dump_stack_lvl+0x16c/0x1f0
[  179.157419][T12078]  sysfs_warn_dup+0x7f/0xa0
[  179.157433][T12078]  sysfs_do_create_link_sd+0x124/0x140
[  179.157447][T12078]  sysfs_create_link+0x61/0xc0
[  179.157462][T12078]  device_add+0x652/0x1980
[  179.157478][T12078]  ? __pfx_device_add+0x10/0x10
[  179.157488][T12078]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  179.157502][T12078]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  179.157519][T12078]  wiphy_register+0x1ea1/0x2cc0
[  179.157532][T12078]  ? __rtnl_unlock+0x68/0xf0
[  179.157545][T12078]  ? __netdev_update_features+0xba0/0x1fe0
[  179.157560][T12078]  ? __pfx_wiphy_register+0x10/0x10
[  179.157575][T12078]  ? __asan_memset+0x23/0x50
[  179.157590][T12078]  ? ieee80211_init_rate_ctrl_alg+0x125/0x680
[  179.157607][T12078]  ieee80211_register_hw+0x2bb2/0x4160
[  179.157627][T12078]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  179.157641][T12078]  ? __pfx___debug_object_init+0x10/0x10
[  179.157658][T12078]  ? find_held_lock+0x2b/0x80
[  179.157674][T12078]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  179.157686][T12078]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  179.157698][T12078]  ? __hrtimer_setup+0x176/0x280
[  179.157715][T12078]  mac80211_hwsim_new_radio+0x3323/0x5150
[  179.157740][T12078]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  179.157758][T12078]  ? __asan_memcpy+0x3c/0x60
[  179.157770][T12078]  hwsim_new_radio_nl+0xba2/0x1330
[  179.157787][T12078]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  179.157806][T12078]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  179.157822][T12078]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  179.157839][T12078]  genl_family_rcv_msg_doit+0x209/0x2f0
[  179.157855][T12078]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  179.157888][T12078]  ? bpf_lsm_capable+0x9/0x10
[  179.157903][T12078]  ? security_capable+0x7e/0x260
[  179.157921][T12078]  ? ns_capable+0xd7/0x110
[  179.157941][T12078]  genl_rcv_msg+0x55c/0x800
[  179.157958][T12078]  ? __pfx_genl_rcv_msg+0x10/0x10
[  179.157988][T12078]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  179.158007][T12078]  ? __lock_acquire+0x436/0x2890
[  179.158023][T12078]  netlink_rcv_skb+0x158/0x420
[  179.158037][T12078]  ? __pfx_genl_rcv_msg+0x10/0x10
[  179.158053][T12078]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  179.158073][T12078]  ? netlink_deliver_tap+0x1ae/0xd30
[  179.158088][T12078]  genl_rcv+0x28/0x40
[  179.158103][T12078]  netlink_unicast+0x5aa/0x870
[  179.158118][T12078]  ? __pfx_netlink_unicast+0x10/0x10
[  179.158141][T12078]  netlink_sendmsg+0x8c8/0xdd0
[  179.158157][T12078]  ? __pfx_netlink_sendmsg+0x10/0x10
[  179.158175][T12078]  ____sys_sendmsg+0xa5d/0xc30
[  179.158190][T12078]  ? copy_msghdr_from_user+0x10a/0x160
[  179.158200][T12078]  ? __pfx_____sys_sendmsg+0x10/0x10
[  179.158216][T12078]  ? __pfx_futex_wake_mark+0x10/0x10
[  179.158229][T12078]  ___sys_sendmsg+0x134/0x1d0
[  179.158240][T12078]  ? __pfx____sys_sendmsg+0x10/0x10
[  179.158251][T12078]  ? futex_private_hash_put+0x160/0x1b0
[  179.158281][T12078]  __sys_sendmsg+0x16d/0x220
[  179.158292][T12078]  ? __pfx___sys_sendmsg+0x10/0x10
[  179.158302][T12078]  ? __x64_sys_futex+0x1e0/0x4c0
[  179.158325][T12078]  do_syscall_64+0xcd/0xf80
[  179.158340][T12078]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.158351][T12078] RIP: 0033:0x7f5fa518f7c9
[  179.158360][T12078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.158370][T12078] RSP: 002b:00007f5fa5fcc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  179.158381][T12078] RAX: ffffffffffffffda RBX: 00007f5fa53e5fa0 RCX: 00007f5fa518f7c9
[  179.158388][T12078] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  179.158394][T12078] RBP: 00007f5fa5213f91 R08: 0000000000000000 R09: 0000000000000000
[  179.158400][T12078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  179.158407][T12078] R13: 00007f5fa53e6038 R14: 00007f5fa53e5fa0 R15: 00007fff43f210f8
[  179.158421][T12078]  </TASK>
[  179.304975][ T1145] bridge0: port 2(bridge_slave_1) entered blocking state
[  179.307422][ T1145] bridge0: port 2(bridge_slave_1) entered forwarding state
[  179.337776][T11925] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  179.350497][T12083] bridge0: entered allmulticast mode
[  179.364436][   T13] IPVS: stop unused estimator thread 0...
[  179.456287][T11925] 8021q: adding VLAN 0 to HW filter on device batadv0
[  179.502307][T11925] veth0_vlan: entered promiscuous mode
[  179.508766][T11925] veth1_vlan: entered promiscuous mode
[  179.531312][T11925] veth0_macvtap: entered promiscuous mode
[  179.541798][T11925] veth1_macvtap: entered promiscuous mode
[  179.556281][T11925] batman_adv: batadv0: Interface activated: batadv_slave_0
[  179.564975][T11925] batman_adv: batadv0: Interface activated: batadv_slave_1
[  179.579633][ T1145] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  179.588833][ T1145] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  179.592116][ T1145] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  179.595768][ T1145] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  179.681321][ T9366] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  179.685227][ T9366] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  179.723325][ T9362] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  179.726256][ T9362] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  179.801108][T12113] sysfs: cannot create duplicate filename '/class/ieee80211/4Ï€!F�õïVl‘uc'f`å”Þ†’;�œ1µx%ñ†‹M¹Fœ-ôÁõîI'
[  179.805202][T12113] CPU: 2 UID: 0 PID: 12113 Comm: syz.4.2277 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  179.805221][T12113] Tainted: [L]=SOFTLOCKUP
[  179.805225][T12113] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  179.805231][T12113] Call Trace:
[  179.805237][T12113]  <TASK>
[  179.805242][T12113]  dump_stack_lvl+0x16c/0x1f0
[  179.805260][T12113]  sysfs_warn_dup+0x7f/0xa0
[  179.805274][T12113]  sysfs_do_create_link_sd+0x124/0x140
[  179.805289][T12113]  sysfs_create_link+0x61/0xc0
[  179.805303][T12113]  device_add+0x652/0x1980
[  179.805317][T12113]  ? __pfx_device_add+0x10/0x10
[  179.805328][T12113]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  179.805342][T12113]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  179.805359][T12113]  wiphy_register+0x1ea1/0x2cc0
[  179.805373][T12113]  ? __rtnl_unlock+0x68/0xf0
[  179.805385][T12113]  ? __netdev_update_features+0xba0/0x1fe0
[  179.805401][T12113]  ? __pfx_wiphy_register+0x10/0x10
[  179.805415][T12113]  ? __asan_memset+0x23/0x50
[  179.805430][T12113]  ? ieee80211_init_rate_ctrl_alg+0x125/0x680
[  179.805446][T12113]  ieee80211_register_hw+0x2bb2/0x4160
[  179.805466][T12113]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  179.805481][T12113]  ? __pfx___debug_object_init+0x10/0x10
[  179.805512][T12113]  ? find_held_lock+0x2b/0x80
[  179.805528][T12113]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  179.805540][T12113]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  179.805553][T12113]  ? __hrtimer_setup+0x176/0x280
[  179.805577][T12113]  mac80211_hwsim_new_radio+0x3323/0x5150
[  179.805602][T12113]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  179.805619][T12113]  ? __asan_memcpy+0x3c/0x60
[  179.805633][T12113]  hwsim_new_radio_nl+0xba2/0x1330
[  179.805651][T12113]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  179.805672][T12113]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  179.805688][T12113]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  179.805708][T12113]  genl_family_rcv_msg_doit+0x209/0x2f0
[  179.805727][T12113]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  179.805748][T12113]  ? bpf_lsm_capable+0x9/0x10
[  179.805760][T12113]  ? security_capable+0x7e/0x260
[  179.805771][T12113]  ? ns_capable+0xd7/0x110
[  179.805787][T12113]  genl_rcv_msg+0x55c/0x800
[  179.805803][T12113]  ? __pfx_genl_rcv_msg+0x10/0x10
[  179.805818][T12113]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  179.805837][T12113]  ? __lock_acquire+0x436/0x2890
[  179.805851][T12113]  netlink_rcv_skb+0x158/0x420
[  179.805863][T12113]  ? __pfx_genl_rcv_msg+0x10/0x10
[  179.805878][T12113]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  179.805897][T12113]  ? netlink_deliver_tap+0x1ae/0xd30
[  179.805911][T12113]  genl_rcv+0x28/0x40
[  179.805924][T12113]  netlink_unicast+0x5aa/0x870
[  179.805939][T12113]  ? __pfx_netlink_unicast+0x10/0x10
[  179.805957][T12113]  netlink_sendmsg+0x8c8/0xdd0
[  179.805972][T12113]  ? __pfx_netlink_sendmsg+0x10/0x10
[  179.805991][T12113]  ____sys_sendmsg+0xa5d/0xc30
[  179.806005][T12113]  ? copy_msghdr_from_user+0x10a/0x160
[  179.806016][T12113]  ? __pfx_____sys_sendmsg+0x10/0x10
[  179.806028][T12113]  ? preempt_schedule_thunk+0x16/0x30
[  179.806042][T12113]  ? try_to_wake_up+0xa67/0x1860
[  179.806060][T12113]  ___sys_sendmsg+0x134/0x1d0
[  179.806072][T12113]  ? __pfx____sys_sendmsg+0x10/0x10
[  179.806082][T12113]  ? futex_private_hash_put+0x160/0x1b0
[  179.806113][T12113]  __sys_sendmsg+0x16d/0x220
[  179.806124][T12113]  ? __pfx___sys_sendmsg+0x10/0x10
[  179.806134][T12113]  ? __x64_sys_futex+0x1e0/0x4c0
[  179.806158][T12113]  do_syscall_64+0xcd/0xf80
[  179.806172][T12113]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.806183][T12113] RIP: 0033:0x7f89d458f7c9
[  179.806194][T12113] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  179.806204][T12113] RSP: 002b:00007f89d27f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  179.806215][T12113] RAX: ffffffffffffffda RBX: 00007f89d47e5fa0 RCX: 00007f89d458f7c9
[  179.806222][T12113] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  179.806228][T12113] RBP: 00007f89d4613f91 R08: 0000000000000000 R09: 0000000000000000
[  179.806234][T12113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  179.806240][T12113] R13: 00007f89d47e6038 R14: 00007f89d47e5fa0 R15: 00007ffc23de4b98
[  179.806255][T12113]  </TASK>
[  179.908215][ T5938] Bluetooth: hci3: command 0x040f tx timeout
[  179.946872][T12119] bridge0: entered allmulticast mode
[  180.010869][ T5938] Bluetooth: hci4: unexpected event 0x1c length: 3 < 5
[  180.018303][ T5938] Bluetooth: hci4: unexpected event 0x1c length: 3 < 5
[  180.119472][ T5938] Bluetooth: hci1: command tx timeout
[  180.127868][T12132] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2285'.
[  180.134202][T12123] kvm: MONITOR instruction emulated as NOP!
[  180.166217][T12132] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=12132 comm=syz.3.2285
[  180.173139][T12132] [U] VÔ3¸ÂFÙ¾"SÇÁ/ÉÊ4:ÃXTZ“W¡T‘’LWµ«=
[  180.322290][T12131] [U] J"—E:ÀÆ"


[  180.362823][T12140] netlink: 'syz.3.2287': attribute type 30 has an invalid length.
[  180.504282][T12143] sysfs: cannot create duplicate filename '/class/ieee80211/4Ï€!F�õïVl‘uc'f`å”Þ†’;�œ1µx%ñ†‹M¹Fœ-ôÁõîI'
[  180.518491][T12143] CPU: 0 UID: 0 PID: 12143 Comm: syz.4.2288 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  180.518514][T12143] Tainted: [L]=SOFTLOCKUP
[  180.518518][T12143] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  180.518525][T12143] Call Trace:
[  180.518531][T12143]  <TASK>
[  180.518536][T12143]  dump_stack_lvl+0x16c/0x1f0
[  180.518581][T12143]  sysfs_warn_dup+0x7f/0xa0
[  180.518602][T12143]  sysfs_do_create_link_sd+0x124/0x140
[  180.518623][T12143]  sysfs_create_link+0x61/0xc0
[  180.518642][T12143]  device_add+0x652/0x1980
[  180.518663][T12143]  ? __pfx_device_add+0x10/0x10
[  180.518683][T12143]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  180.518705][T12143]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  180.518733][T12143]  wiphy_register+0x1ea1/0x2cc0
[  180.518756][T12143]  ? __rtnl_unlock+0x68/0xf0
[  180.518772][T12143]  ? __netdev_update_features+0xba0/0x1fe0
[  180.518787][T12143]  ? __pfx_wiphy_register+0x10/0x10
[  180.518802][T12143]  ? __asan_memset+0x23/0x50
[  180.518819][T12143]  ? ieee80211_init_rate_ctrl_alg+0x125/0x680
[  180.518836][T12143]  ieee80211_register_hw+0x2bb2/0x4160
[  180.518860][T12143]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  180.518876][T12143]  ? __pfx___debug_object_init+0x10/0x10
[  180.518901][T12143]  ? find_held_lock+0x2b/0x80
[  180.518919][T12143]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  180.518933][T12143]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  180.518947][T12143]  ? __hrtimer_setup+0x176/0x280
[  180.518965][T12143]  mac80211_hwsim_new_radio+0x3323/0x5150
[  180.518993][T12143]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  180.519011][T12143]  ? __asan_memcpy+0x3c/0x60
[  180.519025][T12143]  hwsim_new_radio_nl+0xba2/0x1330
[  180.519043][T12143]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  180.519064][T12143]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  180.519080][T12143]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  180.519099][T12143]  genl_family_rcv_msg_doit+0x209/0x2f0
[  180.519116][T12143]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  180.519136][T12143]  ? bpf_lsm_capable+0x9/0x10
[  180.519148][T12143]  ? security_capable+0x7e/0x260
[  180.519161][T12143]  ? ns_capable+0xd7/0x110
[  180.519178][T12143]  genl_rcv_msg+0x55c/0x800
[  180.519195][T12143]  ? __pfx_genl_rcv_msg+0x10/0x10
[  180.519210][T12143]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  180.519227][T12143]  ? __lock_acquire+0x436/0x2890
[  180.519242][T12143]  netlink_rcv_skb+0x158/0x420
[  180.519255][T12143]  ? __pfx_genl_rcv_msg+0x10/0x10
[  180.519270][T12143]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  180.519290][T12143]  ? netlink_deliver_tap+0x1ae/0xd30
[  180.519305][T12143]  genl_rcv+0x28/0x40
[  180.519318][T12143]  netlink_unicast+0x5aa/0x870
[  180.519334][T12143]  ? __pfx_netlink_unicast+0x10/0x10
[  180.519353][T12143]  netlink_sendmsg+0x8c8/0xdd0
[  180.519370][T12143]  ? __pfx_netlink_sendmsg+0x10/0x10
[  180.519389][T12143]  ____sys_sendmsg+0xa5d/0xc30
[  180.519404][T12143]  ? copy_msghdr_from_user+0x10a/0x160
[  180.519415][T12143]  ? __pfx_____sys_sendmsg+0x10/0x10
[  180.519433][T12143]  ? __pfx_futex_wake_mark+0x10/0x10
[  180.519446][T12143]  ___sys_sendmsg+0x134/0x1d0
[  180.519458][T12143]  ? __pfx____sys_sendmsg+0x10/0x10
[  180.519469][T12143]  ? futex_private_hash_put+0x160/0x1b0
[  180.519502][T12143]  __sys_sendmsg+0x16d/0x220
[  180.519513][T12143]  ? __pfx___sys_sendmsg+0x10/0x10
[  180.519523][T12143]  ? __x64_sys_futex+0x1e0/0x4c0
[  180.519548][T12143]  do_syscall_64+0xcd/0xf80
[  180.519563][T12143]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  180.519575][T12143] RIP: 0033:0x7f89d458f7c9
[  180.519585][T12143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  180.519597][T12143] RSP: 002b:00007f89d27f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  180.519607][T12143] RAX: ffffffffffffffda RBX: 00007f89d47e5fa0 RCX: 00007f89d458f7c9
[  180.519615][T12143] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  180.519621][T12143] RBP: 00007f89d4613f91 R08: 0000000000000000 R09: 0000000000000000
[  180.519628][T12143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  180.519634][T12143] R13: 00007f89d47e6038 R14: 00007f89d47e5fa0 R15: 00007ffc23de4b98
[  180.519651][T12143]  </TASK>
[  180.718955][T12149] bridge0: left allmulticast mode
[  180.812695][T12161] netlink: 'syz.3.2295': attribute type 4 has an invalid length.
[  180.969790][T12176] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2300'.
[  181.006596][T12180] sysfs: cannot create duplicate filename '/class/ieee80211/4Ï€!F�õïVl‘uc'f`å”Þ†’;�œ1µx%ñ†‹M¹Fœ-ôÁõîI'
[  181.010982][T12180] CPU: 1 UID: 0 PID: 12180 Comm: syz.4.2301 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  181.011002][T12180] Tainted: [L]=SOFTLOCKUP
[  181.011007][T12180] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  181.011014][T12180] Call Trace:
[  181.011028][T12180]  <TASK>
[  181.011033][T12180]  dump_stack_lvl+0x16c/0x1f0
[  181.011067][T12180]  sysfs_warn_dup+0x7f/0xa0
[  181.011086][T12180]  sysfs_do_create_link_sd+0x124/0x140
[  181.011101][T12180]  sysfs_create_link+0x61/0xc0
[  181.011112][T12180]  device_add+0x652/0x1980
[  181.011127][T12180]  ? __pfx_device_add+0x10/0x10
[  181.011139][T12180]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  181.011154][T12180]  ? ieee80211_set_bitrate_flags+0x243/0x6b0
[  181.011171][T12180]  wiphy_register+0x1ea1/0x2cc0
[  181.011185][T12180]  ? __rtnl_unlock+0x68/0xf0
[  181.011201][T12180]  ? __netdev_update_features+0xba0/0x1fe0
[  181.011224][T12180]  ? __pfx_wiphy_register+0x10/0x10
[  181.011243][T12180]  ? __asan_memset+0x23/0x50
[  181.011265][T12180]  ? ieee80211_init_rate_ctrl_alg+0x125/0x680
[  181.011292][T12180]  ieee80211_register_hw+0x2bb2/0x4160
[  181.011320][T12180]  ? __pfx_ieee80211_register_hw+0x10/0x10
[  181.011334][T12180]  ? __pfx___debug_object_init+0x10/0x10
[  181.011350][T12180]  ? find_held_lock+0x2b/0x80
[  181.011366][T12180]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  181.011378][T12180]  ? __pfx_mac80211_hwsim_beacon+0x10/0x10
[  181.011391][T12180]  ? __hrtimer_setup+0x176/0x280
[  181.011407][T12180]  mac80211_hwsim_new_radio+0x3323/0x5150
[  181.011431][T12180]  ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[  181.011447][T12180]  ? __asan_memcpy+0x3c/0x60
[  181.011460][T12180]  hwsim_new_radio_nl+0xba2/0x1330
[  181.011476][T12180]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  181.011496][T12180]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[  181.011511][T12180]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[  181.011529][T12180]  genl_family_rcv_msg_doit+0x209/0x2f0
[  181.011544][T12180]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  181.011563][T12180]  ? bpf_lsm_capable+0x9/0x10
[  181.011575][T12180]  ? security_capable+0x7e/0x260
[  181.011586][T12180]  ? ns_capable+0xd7/0x110
[  181.011601][T12180]  genl_rcv_msg+0x55c/0x800
[  181.011617][T12180]  ? __pfx_genl_rcv_msg+0x10/0x10
[  181.011632][T12180]  ? __pfx_hwsim_new_radio_nl+0x10/0x10
[  181.011649][T12180]  ? __lock_acquire+0x436/0x2890
[  181.011663][T12180]  netlink_rcv_skb+0x158/0x420
[  181.011676][T12180]  ? __pfx_genl_rcv_msg+0x10/0x10
[  181.011690][T12180]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  181.011709][T12180]  ? netlink_deliver_tap+0x1ae/0xd30
[  181.011723][T12180]  genl_rcv+0x28/0x40
[  181.011735][T12180]  netlink_unicast+0x5aa/0x870
[  181.011749][T12180]  ? __pfx_netlink_unicast+0x10/0x10
[  181.011767][T12180]  netlink_sendmsg+0x8c8/0xdd0
[  181.011782][T12180]  ? __pfx_netlink_sendmsg+0x10/0x10
[  181.011801][T12180]  ____sys_sendmsg+0xa5d/0xc30
[  181.011815][T12180]  ? copy_msghdr_from_user+0x10a/0x160
[  181.011825][T12180]  ? __pfx_____sys_sendmsg+0x10/0x10
[  181.011845][T12180]  ? __pfx_futex_wake_mark+0x10/0x10
[  181.011862][T12180]  ___sys_sendmsg+0x134/0x1d0
[  181.011890][T12180]  ? __pfx____sys_sendmsg+0x10/0x10
[  181.011924][T12180]  ? futex_private_hash_put+0x160/0x1b0
[  181.011976][T12180]  __sys_sendmsg+0x16d/0x220
[  181.011992][T12180]  ? __pfx___sys_sendmsg+0x10/0x10
[  181.012010][T12180]  ? __x64_sys_futex+0x1e0/0x4c0
[  181.012037][T12180]  do_syscall_64+0xcd/0xf80
[  181.012052][T12180]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  181.012063][T12180] RIP: 0033:0x7f89d458f7c9
[  181.012072][T12180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  181.012082][T12180] RSP: 002b:00007f89d27f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  181.012093][T12180] RAX: ffffffffffffffda RBX: 00007f89d47e5fa0 RCX: 00007f89d458f7c9
[  181.012100][T12180] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000004
[  181.012106][T12180] RBP: 00007f89d4613f91 R08: 0000000000000000 R09: 0000000000000000
[  181.012112][T12180] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  181.012118][T12180] R13: 00007f89d47e6038 R14: 00007f89d47e5fa0 R15: 00007ffc23de4b98
[  181.012133][T12180]  </TASK>
[  181.246544][T12185] bridge0: left allmulticast mode
[  181.430000][T12187] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2304'.
[  181.510746][T12191] netlink: 'syz.4.2305': attribute type 4 has an invalid length.
[  181.671220][T12173] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  181.674248][T12173] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  181.677688][T12173] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  181.681033][T12173] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  181.690873][T12173] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  181.720738][T12202] binder: BINDER_SET_CONTEXT_MGR already set
[  181.723266][T12202] binder: 12201:12202 ioctl 4018620d 2000000002c0 returned -16
[  181.819142][   T40] kauditd_printk_skb: 10 callbacks suppressed
[  181.819157][   T40] audit: type=1400 audit(1766880326.334:654): avc:  denied  { read } for  pid=12205 comm="syz.1.2312" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  181.986036][T12224] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2318'.
[  182.021296][T12224] bridge0: port 1(bridge_slave_0) entered disabled state
[  182.026175][T12225] netlink: 36 bytes leftover after parsing attributes in process `syz.4.2318'.
[  182.139140][   T40] audit: type=1400 audit(1766880326.654:655): avc:  denied  { accept } for  pid=12228 comm="syz.4.2319" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  182.333053][T12246] netlink: 'syz.4.2325': attribute type 1 has an invalid length.
[  182.383735][T12246] netlink: 'syz.4.2325': attribute type 4 has an invalid length.
[  182.386889][T12246] netlink: 'syz.4.2325': attribute type 4 has an invalid length.
[  182.820152][T12231] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  182.822876][T12231] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  182.825712][T12231] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  182.876332][T12272] 8021q: adding VLAN 0 to HW filter on device bond0
[  182.883217][T12272] bond0: (slave rose0): Enslaving as an active interface with an up link
[  182.948532][T12281] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2339'.
[  182.952050][T12281] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2339'.
[  183.005088][T12287] netlink: 'syz.1.2341': attribute type 8 has an invalid length.
[  183.011325][T12287] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2341'.
[  183.020038][T12287] bond0: entered promiscuous mode
[  183.022254][T12287] bond_slave_0: entered promiscuous mode
[  183.024846][T12287] bond_slave_1: entered promiscuous mode
[  183.029591][T12287] gretap0: entered promiscuous mode
[  183.033340][T12287] hsr1: entered promiscuous mode
[  183.078244][ T1026] usb 8-1: new high-speed USB device number 37 using dummy_hcd
[  183.267020][ T1026] usb 8-1: config index 0 descriptor too short (expected 45, got 36)
[  183.277949][ T1026] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  183.282187][ T1026] usb 8-1: config 0 has no interfaces?
[  183.288362][ T1026] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  183.292153][ T1026] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  183.296295][ T1026] usb 8-1: config 0 descriptor??
[  183.503628][ T6022] usb 8-1: USB disconnect, device number 37
[  183.856676][T12305] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  183.860100][T12305] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  183.862576][T12305] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  184.118027][   T24] usb 8-1: new full-speed USB device number 38 using dummy_hcd
[  184.162786][T12340] overlayfs: failed to resolve './file0': -2
[  184.239921][T12346] netlink: 'syz.4.2347': attribute type 11 has an invalid length.
[  184.242589][T12346] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2347'.
[  184.255635][T12349] ntfs3(sr0): Primary boot signature is not NTFS.
[  184.259406][T12349] ntfs3(sr0): try to read out of volume at offset 0xf800
[  184.267492][   T40] audit: type=1400 audit(1766880328.774:656): avc:  denied  { mounton } for  pid=12347 comm="syz.1.2358" path="/122/file0" dev="tmpfs" ino=662 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[  184.269804][   T24] usb 8-1: config index 0 descriptor too short (expected 45, got 36)
[  184.284525][T12352] netlink: 'syz.4.2360': attribute type 4 has an invalid length.
[  184.286809][   T24] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  184.293212][   T24] usb 8-1: config 0 has no interfaces?
[  184.295611][   T24] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  184.299979][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  184.310150][   T24] usb 8-1: config 0 descriptor??
[  184.362267][   T40] audit: type=1400 audit(1766880328.874:657): avc:  denied  { shutdown } for  pid=12355 comm="syz.4.2362" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  184.467754][   T40] audit: type=1400 audit(1766880328.974:658): avc:  denied  { ioctl } for  pid=12365 comm="syz.1.2365" path="user:[4026531837]" dev="nsfs" ino=4026531837 ioctlcmd=0xb704 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[  184.475168][T12368] efs: cannot read volume header
[  184.486147][T12370] netlink: 160 bytes leftover after parsing attributes in process `syz.2.2367'.
[  184.515672][   T24] usb 8-1: USB disconnect, device number 38
[  184.552649][T12376] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0)
[  184.632835][T12381] xt_nfacct: accounting object `syz0' does not exist
[  184.669237][T12370] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  184.673427][T12370] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  184.676376][T12370] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  184.846209][ T5938] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  184.918760][ T9373] Bluetooth: hci2: Frame reassembly failed (-84)
[  184.932932][T12396] SELinux: ebitmap: empty map
[  184.939335][T12396] SELinux: failed to load policy
[  184.942348][T12396] Bluetooth: received HCILL_WAKE_UP_IND in state 2
[  185.213202][T12401] binder: BINDER_SET_CONTEXT_MGR already set
[  185.215349][T12401] binder: 12400:12401 ioctl 4018620d 2000000002c0 returned -16
[  185.317641][T12407] i801_smbus 0000:00:1f.3: Illegal SMBus block read size 0
[  185.331093][   T40] audit: type=1400 audit(1766880329.844:659): avc:  denied  { append } for  pid=12406 comm="syz.1.2383" name="ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  185.346112][   T40] audit: type=1400 audit(1766880329.854:660): avc:  denied  { accept } for  pid=12406 comm="syz.1.2383" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  185.396818][T12414] __nla_validate_parse: 1 callbacks suppressed
[  185.396830][T12414] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2383'.
[  185.428493][T12411] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2385'.
[  185.438296][   T40] audit: type=1400 audit(1766880329.944:661): avc:  denied  { nlmsg_read } for  pid=12410 comm="syz.3.2385" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[  185.686168][T12418] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  185.690136][T12418] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  185.693124][T12418] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  185.991946][T12438] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2394'.
[  185.995937][T12438] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2394'.
[  186.076635][T12446] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2396'.
[  186.081946][T12446] SELinux:  Context Ü is not valid (left unmapped).
[  186.131171][   T40] audit: type=1400 audit(1766880330.644:662): avc:  denied  { getopt } for  pid=12448 comm="syz.4.2397" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  186.301101][   T40] audit: type=1400 audit(1766880330.814:663): avc:  denied  { read write } for  pid=12460 comm="syz.1.2401" name="rdma_cm" dev="devtmpfs" ino=1294 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:infiniband_device_t tclass=chr_file permissive=1
[  186.303752][T12461] program syz.1.2401 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  186.359349][   T60] usb 8-1: new full-speed USB device number 39 using dummy_hcd
[  186.504506][T12462] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  186.507578][T12462] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  186.515838][T12462] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  186.520894][   T60] usb 8-1: unable to get BOS descriptor or descriptor too short
[  186.529453][   T60] usb 8-1: not running at top speed; connect to a high speed hub
[  186.534231][   T60] usb 8-1: config 1 interface 0 altsetting 6 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  186.540493][   T60] usb 8-1: config 1 interface 0 has no altsetting 0
[  186.545850][   T60] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.4e
[  186.550467][   T60] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  186.554061][   T60] usb 8-1: Product: syz
[  186.555973][   T60] usb 8-1: Manufacturer: syz
[  186.558770][   T60] usb 8-1: SerialNumber: syz
[  186.695227][T12473] netlink: 112 bytes leftover after parsing attributes in process `syz.4.2405'.
[  186.841754][ T5290] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  186.898093][   T53] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  186.918342][ T5290] Bluetooth: hci2: command 0x1003 tx timeout
[  186.921621][ T5938] Bluetooth: hci2: Opcode 0x1003 failed: -110
[  187.050862][   T53] usb 6-1: config index 0 descriptor too short (expected 45, got 36)
[  187.054238][   T53] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  187.058282][   T53] usb 6-1: config 0 has no interfaces?
[  187.060251][   T53] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  187.063932][   T53] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  187.069026][   T53] usb 6-1: config 0 descriptor??
[  187.077852][T12486] FAULT_INJECTION: forcing a failure.
[  187.077852][T12486] name failslab, interval 1, probability 0, space 0, times 0
[  187.083030][T12486] CPU: 3 UID: 0 PID: 12486 Comm: syz.2.2410 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  187.083054][T12486] Tainted: [L]=SOFTLOCKUP
[  187.083059][T12486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  187.083069][T12486] Call Trace:
[  187.083076][T12486]  <TASK>
[  187.083083][T12486]  dump_stack_lvl+0x16c/0x1f0
[  187.083127][T12486]  should_fail_ex+0x512/0x640
[  187.083155][T12486]  ? fs_reclaim_acquire+0xae/0x150
[  187.083177][T12486]  should_failslab+0xc2/0x120
[  187.083197][T12486]  __kmalloc_noprof+0xeb/0x910
[  187.083219][T12486]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  187.083243][T12486]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  187.083261][T12486]  tomoyo_realpath_from_path+0xc2/0x6e0
[  187.083283][T12486]  ? tomoyo_profile+0x47/0x60
[  187.083306][T12486]  tomoyo_path_number_perm+0x245/0x580
[  187.083323][T12486]  ? tomoyo_path_number_perm+0x237/0x580
[  187.083341][T12486]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  187.083360][T12486]  ? find_held_lock+0x2b/0x80
[  187.083401][T12486]  ? find_held_lock+0x2b/0x80
[  187.083421][T12486]  ? hook_file_ioctl_common+0x144/0x410
[  187.083447][T12486]  ? __fget_files+0x20e/0x3c0
[  187.083471][T12486]  security_file_ioctl+0x9b/0x240
[  187.083491][T12486]  __x64_sys_ioctl+0xb7/0x210
[  187.083510][T12486]  do_syscall_64+0xcd/0xf80
[  187.083531][T12486]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.083546][T12486] RIP: 0033:0x7f732718f7c9
[  187.083559][T12486] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  187.083580][T12486] RSP: 002b:00007f732800d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  187.083594][T12486] RAX: ffffffffffffffda RBX: 00007f73273e5fa0 RCX: 00007f732718f7c9
[  187.083605][T12486] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  187.083614][T12486] RBP: 00007f732800d090 R08: 0000000000000000 R09: 0000000000000000
[  187.083623][T12486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  187.083632][T12486] R13: 00007f73273e6038 R14: 00007f73273e5fa0 R15: 00007ffcf59404c8
[  187.083655][T12486]  </TASK>
[  187.083661][T12486] ERROR: Out of memory at tomoyo_realpath_from_path.
[  187.281188][   T40] kauditd_printk_skb: 2 callbacks suppressed
[  187.281203][   T40] audit: type=1400 audit(1766880331.794:666): avc:  denied  { block_suspend } for  pid=12470 comm="syz.1.2404" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  187.301086][ T1462] usb 6-1: USB disconnect, device number 13
[  187.457150][T12498] netlink: 112 bytes leftover after parsing attributes in process `syz.2.2414'.
[  187.539283][T12508] netlink: 'syz.4.2417': attribute type 11 has an invalid length.
[  187.542992][T12508] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2417'.
[  187.557628][T12508] erspan1: entered promiscuous mode
[  187.768217][ T6022] usb 6-1: new full-speed USB device number 14 using dummy_hcd
[  187.802779][T12512] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  187.805795][T12512] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  187.808572][T12512] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  187.838067][ T1462] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  187.921078][T12471] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  187.924783][T12471] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  187.988007][ T1462] usb 9-1: Using ep0 maxpacket: 8
[  188.000410][ T1462] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  188.003711][ T1462] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  188.008850][ T1462] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  188.013825][ T1462] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  188.018772][ T1462] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  188.024871][ T1462] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  188.028277][ T1462] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  188.032992][ T1462] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  188.038963][ T1462] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  188.047969][ T1462] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  188.054177][ T1462] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  188.057487][ T1462] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  188.062276][ T1462] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  188.067399][ T1462] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  188.072655][ T1462] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  188.080363][ T1462] usb 9-1: string descriptor 0 read error: -22
[  188.083211][ T1462] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  188.087200][ T1462] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.101932][ T1462] adutux 9-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  188.129121][T12519] FAULT_INJECTION: forcing a failure.
[  188.129121][T12519] name failslab, interval 1, probability 0, space 0, times 0
[  188.134712][T12519] CPU: 2 UID: 0 PID: 12519 Comm: syz.2.2420 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  188.134739][T12519] Tainted: [L]=SOFTLOCKUP
[  188.134745][T12519] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  188.134756][T12519] Call Trace:
[  188.134764][T12519]  <TASK>
[  188.134772][T12519]  dump_stack_lvl+0x16c/0x1f0
[  188.134820][T12519]  should_fail_ex+0x512/0x640
[  188.134852][T12519]  ? fs_reclaim_acquire+0xae/0x150
[  188.134878][T12519]  should_failslab+0xc2/0x120
[  188.134900][T12519]  __kmalloc_noprof+0xeb/0x910
[  188.134926][T12519]  ? tomoyo_encode2+0x100/0x3e0
[  188.134954][T12519]  ? tomoyo_encode2+0x100/0x3e0
[  188.134975][T12519]  tomoyo_encode2+0x100/0x3e0
[  188.135002][T12519]  tomoyo_encode+0x29/0x50
[  188.135024][T12519]  tomoyo_realpath_from_path+0x18f/0x6e0
[  188.135050][T12519]  ? tomoyo_profile+0x47/0x60
[  188.135077][T12519]  tomoyo_path_number_perm+0x245/0x580
[  188.135097][T12519]  ? tomoyo_path_number_perm+0x237/0x580
[  188.135119][T12519]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  188.135141][T12519]  ? find_held_lock+0x2b/0x80
[  188.135189][T12519]  ? find_held_lock+0x2b/0x80
[  188.135214][T12519]  ? hook_file_ioctl_common+0x144/0x410
[  188.135245][T12519]  ? __fget_files+0x20e/0x3c0
[  188.135273][T12519]  security_file_ioctl+0x9b/0x240
[  188.135297][T12519]  __x64_sys_ioctl+0xb7/0x210
[  188.135319][T12519]  do_syscall_64+0xcd/0xf80
[  188.135343][T12519]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  188.135362][T12519] RIP: 0033:0x7f732718f7c9
[  188.135376][T12519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  188.135392][T12519] RSP: 002b:00007f732800d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  188.135409][T12519] RAX: ffffffffffffffda RBX: 00007f73273e5fa0 RCX: 00007f732718f7c9
[  188.135420][T12519] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  188.135430][T12519] RBP: 00007f732800d090 R08: 0000000000000000 R09: 0000000000000000
[  188.135440][T12519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  188.135450][T12519] R13: 00007f73273e6038 R14: 00007f73273e5fa0 R15: 00007ffcf59404c8
[  188.135475][T12519]  </TASK>
[  188.135493][T12519] ERROR: Out of memory at tomoyo_realpath_from_path.
[  188.305611][ T1462] usb 9-1: USB disconnect, device number 13
[  188.531030][ T6022] usb 6-1: unable to read config index 0 descriptor/start: -71
[  188.540159][ T6022] usb 6-1: can't read configurations, error -71
[  188.605021][   T40] audit: type=1400 audit(1766880333.114:667): avc:  denied  { read } for  pid=12526 comm="syz.1.2423" name="usbmon0" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  188.619783][   T40] audit: type=1400 audit(1766880333.114:668): avc:  denied  { open } for  pid=12526 comm="syz.1.2423" path="/dev/usbmon0" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  188.670692][T12531] 9pnet_virtio: no channels available for device syz
[  188.952094][T12551] netlink: 112 bytes leftover after parsing attributes in process `syz.1.2432'.
[  189.100128][ T1026] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  189.136258][   T60] usb 8-1: USB disconnect, device number 39
[  189.193896][   T40] audit: type=1400 audit(1766880333.704:669): avc:  denied  { setopt } for  pid=12568 comm="syz.2.2440" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[  189.205486][   T40] audit: type=1400 audit(1766880333.714:670): avc:  denied  { lock } for  pid=12568 comm="syz.2.2440" path="socket:[48271]" dev="sockfs" ino=48271 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  189.254889][ T1026] usb 9-1: config index 0 descriptor too short (expected 18221, got 36)
[  189.258966][ T1026] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  189.269428][ T1026] usb 9-1: config 0 has no interfaces?
[  189.274246][ T1026] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  189.279075][ T1026] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  189.287407][ T1026] usb 9-1: config 0 descriptor??
[  189.378083][ T6022] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  189.446680][T12582] fuse: Unknown parameter '000000000000000000110x000000000000000b0x0000000000000006û'
[  189.453288][T12582] xt_l2tp: invalid flags combination: 8
[  189.529622][ T6022] usb 6-1: Using ep0 maxpacket: 16
[  189.538812][ T6022] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0
[  189.543032][ T6022] usb 6-1: config 0 interface 0 altsetting 1 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  189.548633][ T6022] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  189.553664][ T6022] usb 6-1: config 0 interface 0 altsetting 1 endpoint 0x8F has invalid wMaxPacketSize 0
[  189.553689][ T6022] usb 6-1: config 0 interface 0 has no altsetting 0
[  189.559580][ T6022] usb 6-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb
[  189.559605][ T6022] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.559622][ T6022] usb 6-1: Product: syz
[  189.559635][ T6022] usb 6-1: Manufacturer: syz
[  189.559648][ T6022] usb 6-1: SerialNumber: syz
[  189.562880][ T6022] usb 6-1: config 0 descriptor??
[  189.794710][ T6022] input: syz syz as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.0/input/input11
[  189.801892][ T5325] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  189.809758][ T5325] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  189.821637][ T5325] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  189.827475][T12592] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  189.831232][ T5325] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  189.838813][T12592] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  189.840962][T12592] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  189.845418][T12546] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  189.859545][T12546] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  189.865093][ T1462] usb 9-1: USB disconnect, device number 14
[  189.865545][ T5325] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  189.885376][ T5951] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  189.890218][ T5325] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  189.900849][ T5325] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  189.907619][ T5325] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  190.006038][T12597] XFS (nullb0): Invalid superblock magic number
[  190.059136][T12557] synaptics_usb 6-1:0.0: synusb_open - usb_submit_urb failed, error: -90
[  190.080862][ T6022] usb 6-1: USB disconnect, device number 15
[  190.085526][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.163922][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.170878][T12608] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2454'.
[  190.173927][ T5290] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  190.179206][ T5290] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  190.182399][ T5290] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  190.185468][ T5290] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  190.189026][ T5290] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  190.237187][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.339267][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  190.351463][T12609] chnl_net:caif_netlink_parms(): no params data found
[  190.415681][T12609] bridge0: port 1(bridge_slave_0) entered blocking state
[  190.419420][T12609] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.422644][T12609] bridge_slave_0: entered allmulticast mode
[  190.422998][T12623] kvm: requested 130742 ns i8254 timer period limited to 200000 ns
[  190.426439][T12609] bridge_slave_0: entered promiscuous mode
[  190.433200][T12609] bridge0: port 2(bridge_slave_1) entered blocking state
[  190.435633][T12623] kvm: requested 68723 ns i8254 timer period limited to 200000 ns
[  190.436651][T12609] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.441294][T12623] kvm: requested 177676 ns i8254 timer period limited to 200000 ns
[  190.442647][T12609] bridge_slave_1: entered allmulticast mode
[  190.447432][T12623] kvm: requested 10057 ns i8254 timer period limited to 200000 ns
[  190.449004][T12609] bridge_slave_1: entered promiscuous mode
[  190.454328][T12623] kvm: requested 108952 ns i8254 timer period limited to 200000 ns
[  190.461435][T12623] kvm: requested 191085 ns i8254 timer period limited to 200000 ns
[  190.469955][T12623] kvm: requested 122361 ns i8254 timer period limited to 200000 ns
[  190.471132][T12631] binder: 12630:12631 ioctl 4018620d 0 returned -22
[  190.474352][T12623] kvm: requested 113981 ns i8254 timer period limited to 200000 ns
[  190.483375][T12609] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  190.485959][T12623] kvm: requested 169295 ns i8254 timer period limited to 200000 ns
[  190.505719][T12609] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  190.532586][T12633] overlayfs: missing 'lowerdir'
[  190.562150][T12609] team0: Port device team_slave_0 added
[  190.566506][T12609] team0: Port device team_slave_1 added
[  190.591197][   T12] bridge_slave_1: left allmulticast mode
[  190.593288][   T12] bridge_slave_1: left promiscuous mode
[  190.595454][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  190.613263][   T12] bridge_slave_0: left allmulticast mode
[  190.615365][   T12] bridge_slave_0: left promiscuous mode
[  190.617446][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.635196][   T12] veth0_to_bond: left allmulticast mode
[  190.637326][   T12] veth0_to_bond: left promiscuous mode
[  190.640328][   T12] bridge5: port 2(veth0_to_bond) entered disabled state
[  190.649077][   T12] gretap0: left allmulticast mode
[  190.651242][   T12] gretap0: left promiscuous mode
[  190.653496][   T12] bridge5: port 1(gretap0) entered disabled state
[  191.210646][   T12] .` (unregistering): (slave bond_slave_0): Releasing backup interface
[  191.214603][   T12] .` (unregistering): (slave bond_slave_1): Releasing backup interface
[  191.218102][   T12] .` (unregistering): Released all slaves
[  191.223108][   T12] bond0 (unregistering): Released all slaves
[  191.290401][   T12] bond1 (unregistering): Released all slaves
[  191.325156][T12609] batman_adv: batadv0: Adding interface: batadv_slave_0
[  191.328387][T12609] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  191.338024][T12609] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  191.344180][T12609] batman_adv: batadv0: Adding interface: batadv_slave_1
[  191.347575][T12609] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  191.359078][T12609] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  191.402684][   T12] tipc: Left network mode
[  191.405453][T12609] hsr_slave_0: entered promiscuous mode
[  191.409051][T12609] hsr_slave_1: entered promiscuous mode
[  191.411770][T12609] debugfs: 'hsr0' already exists in 'hsr'
[  191.414224][T12609] Cannot create hsr debugfs directory
[  191.421569][T12651] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  191.425463][T12651] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  191.428993][T12651] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  191.431672][T12651] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  191.434147][T12651] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  191.443607][T12651] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  191.670122][   T12] hsr_slave_0: left promiscuous mode
[  191.676027][   T12] hsr_slave_1: left promiscuous mode
[  191.679090][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  191.682312][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  191.687025][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  191.690736][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  191.698028][ T6022] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  191.705184][   T12] veth1_macvtap: left promiscuous mode
[  191.707136][   T12] veth0_macvtap: left promiscuous mode
[  191.709195][   T12] veth1_vlan: left promiscuous mode
[  191.711328][   T12] veth0_vlan: left promiscuous mode
[  191.730537][T12671] binder: 12670:12671 ioctl 4018620d 0 returned -22
[  191.869615][ T6022] usb 7-1: config index 0 descriptor too short (expected 45, got 36)
[  191.873149][ T6022] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  191.876425][ T6022] usb 7-1: config 0 has no interfaces?
[  191.878367][ T6022] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  191.881590][ T6022] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.885931][ T6022] usb 7-1: config 0 descriptor??
[  192.039412][   T12] team0 (unregistering): Port device team_slave_1 removed
[  192.061084][   T12] team0 (unregistering): Port device team_slave_0 removed
[  192.348941][T12609] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  192.354713][T12609] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  192.359009][T12655] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  192.363302][T12655] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  192.369107][ T6028] usb 7-1: USB disconnect, device number 25
[  192.375937][T12609] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  192.390954][T12609] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  192.461720][T12680] kvm: requested 130742 ns i8254 timer period limited to 200000 ns
[  192.470456][T12609] 8021q: adding VLAN 0 to HW filter on device bond0
[  192.491648][T12609] 8021q: adding VLAN 0 to HW filter on device team0
[  192.521586][ T9366] bridge0: port 1(bridge_slave_0) entered blocking state
[  192.524770][ T9366] bridge0: port 1(bridge_slave_0) entered forwarding state
[  192.533952][ T9362] bridge0: port 2(bridge_slave_1) entered blocking state
[  192.537136][ T9362] bridge0: port 2(bridge_slave_1) entered forwarding state
[  192.603874][   T12] IPVS: stop unused estimator thread 0...
[  192.689530][T12609] 8021q: adding VLAN 0 to HW filter on device batadv0
[  192.895957][T12609] veth0_vlan: entered promiscuous mode
[  192.902531][T12609] veth1_vlan: entered promiscuous mode
[  192.924470][T12724] i801_smbus 0000:00:1f.3: Illegal SMBus block read size 0
[  192.929029][T12725] netlink: 'syz.2.2475': attribute type 4 has an invalid length.
[  192.947406][T12724] bond3: ARP target 4.0.0.0 is already present
[  192.950892][T12724] bond3: option arp_ip_target: invalid value (4)
[  192.955461][T12724] bond3 (unregistering): Released all slaves
[  192.975581][T12609] veth0_macvtap: entered promiscuous mode
[  192.983631][T12725] netlink: 'syz.2.2475': attribute type 4 has an invalid length.
[  192.984449][T12609] veth1_macvtap: entered promiscuous mode
[  193.002181][T12609] batman_adv: batadv0: Interface activated: batadv_slave_0
[  193.025707][T12609] batman_adv: batadv0: Interface activated: batadv_slave_1
[  193.034504][ T9362] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  193.037406][ T9362] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  193.058233][ T9362] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  193.064429][ T9362] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  193.082604][T12735] __nla_validate_parse: 1 callbacks suppressed
[  193.082622][T12735] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2478'.
[  193.185265][ T9370] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  193.198211][ T9370] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  193.261986][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  193.266293][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  193.474235][T12764] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2485'.
[  193.478115][ T6028] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  193.478426][ T5290] Bluetooth: hci0: command 0x041b tx timeout
[  193.479678][ T5938] Bluetooth: hci1: command 0x0419 tx timeout
[  193.479722][ T5938] Bluetooth: hci3: command 0x040f tx timeout
[  193.479741][ T5938] Bluetooth: hci4: command 0x0c1a tx timeout
[  193.486905][T12764] netlink: 'syz.4.2485': attribute type 8 has an invalid length.
[  193.493222][T12764] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2485'.
[  193.558064][T12769] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2487'.
[  193.559092][T12770] random: crng reseeded on system resumption
[  193.634851][ T6028] usb 7-1: config index 0 descriptor too short (expected 45, got 36)
[  193.638715][ T6028] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  193.642519][ T6028] usb 7-1: config 0 has no interfaces?
[  193.644342][ T6028] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  193.647294][ T6028] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  193.666826][ T6028] usb 7-1: config 0 descriptor??
[  193.952181][T12788] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  193.955013][T12788] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  193.957737][T12788] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  193.960905][T12788] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  193.981252][T12799] binder: 12798:12799 ioctl c0306201 0 returned -14
[  194.028058][T12801] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2496'.
[  194.075749][T12751] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  194.079551][T12751] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  194.083240][ T6028] usb 7-1: USB disconnect, device number 26
[  194.190223][T12813] FAULT_INJECTION: forcing a failure.
[  194.190223][T12813] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  194.195330][T12813] CPU: 3 UID: 0 PID: 12813 Comm: syz.4.2501 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  194.195357][T12813] Tainted: [L]=SOFTLOCKUP
[  194.195363][T12813] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  194.195374][T12813] Call Trace:
[  194.195381][T12813]  <TASK>
[  194.195388][T12813]  dump_stack_lvl+0x16c/0x1f0
[  194.195437][T12813]  should_fail_ex+0x512/0x640
[  194.195473][T12813]  _copy_from_user+0x2e/0xd0
[  194.195499][T12813]  __sys_bpf+0x248/0x4980
[  194.195528][T12813]  ? __pfx___sys_bpf+0x10/0x10
[  194.195550][T12813]  ? find_held_lock+0x2b/0x80
[  194.195580][T12813]  ? find_held_lock+0x2b/0x80
[  194.195611][T12813]  ? __mutex_unlock_slowpath+0x161/0x790
[  194.195647][T12813]  ? fput+0x70/0xf0
[  194.195663][T12813]  ? ksys_write+0x1ac/0x250
[  194.195683][T12813]  ? __pfx_ksys_write+0x10/0x10
[  194.195708][T12813]  __x64_sys_bpf+0x78/0xc0
[  194.195731][T12813]  ? lockdep_hardirqs_on+0x7c/0x110
[  194.195751][T12813]  do_syscall_64+0xcd/0xf80
[  194.195773][T12813]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  194.195796][T12813] RIP: 0033:0x7f89d458f7c9
[  194.195811][T12813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  194.195827][T12813] RSP: 002b:00007f89d27f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  194.195843][T12813] RAX: ffffffffffffffda RBX: 00007f89d47e5fa0 RCX: 00007f89d458f7c9
[  194.195854][T12813] RDX: 0000000000000004 RSI: 0000200000000100 RDI: 0000000000000022
[  194.195865][T12813] RBP: 00007f89d27f6090 R08: 0000000000000000 R09: 0000000000000000
[  194.195875][T12813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  194.195885][T12813] R13: 00007f89d47e6038 R14: 00007f89d47e5fa0 R15: 00007ffc23de4b98
[  194.195910][T12813]  </TASK>
[  194.430441][   T40] audit: type=1326 audit(1766880338.944:671): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=12836 comm="syz.1.2508" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5fa518f7c9 code=0x0
[  194.610446][T12849] FAULT_INJECTION: forcing a failure.
[  194.610446][T12849] name failslab, interval 1, probability 0, space 0, times 0
[  194.615120][T12849] CPU: 3 UID: 0 PID: 12849 Comm: syz.4.2512 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  194.615139][T12849] Tainted: [L]=SOFTLOCKUP
[  194.615143][T12849] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  194.615149][T12849] Call Trace:
[  194.615154][T12849]  <TASK>
[  194.615158][T12849]  dump_stack_lvl+0x16c/0x1f0
[  194.615177][T12849]  should_fail_ex+0x512/0x640
[  194.615193][T12849]  ? __kvmalloc_node_noprof+0x129/0xa40
[  194.615208][T12849]  should_failslab+0xc2/0x120
[  194.615222][T12849]  __kvmalloc_node_noprof+0x14a/0xa40
[  194.615236][T12849]  ? __nf_hook_entries_try_shrink+0x164/0x400
[  194.615252][T12849]  ? __nf_hook_entries_try_shrink+0x164/0x400
[  194.615264][T12849]  __nf_hook_entries_try_shrink+0x164/0x400
[  194.615280][T12849]  __nf_unregister_net_hook+0x2af/0x660
[  194.615295][T12849]  nf_unregister_net_hook+0xd5/0x110
[  194.615307][T12849]  bpf_nf_link_detach+0xce/0x210
[  194.615324][T12849]  ? __pfx_bpf_nf_link_detach+0x10/0x10
[  194.615338][T12849]  __sys_bpf+0x1e39/0x4980
[  194.615356][T12849]  ? __pfx___sys_bpf+0x10/0x10
[  194.615371][T12849]  ? find_held_lock+0x2b/0x80
[  194.615390][T12849]  ? find_held_lock+0x2b/0x80
[  194.615409][T12849]  ? __mutex_unlock_slowpath+0x161/0x790
[  194.615431][T12849]  ? fput+0x70/0xf0
[  194.615443][T12849]  ? ksys_write+0x1ac/0x250
[  194.615456][T12849]  ? __pfx_ksys_write+0x10/0x10
[  194.615471][T12849]  __x64_sys_bpf+0x78/0xc0
[  194.615486][T12849]  ? lockdep_hardirqs_on+0x7c/0x110
[  194.615499][T12849]  do_syscall_64+0xcd/0xf80
[  194.615514][T12849]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  194.615525][T12849] RIP: 0033:0x7f89d458f7c9
[  194.615534][T12849] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  194.615545][T12849] RSP: 002b:00007f89d27f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141
[  194.615556][T12849] RAX: ffffffffffffffda RBX: 00007f89d47e5fa0 RCX: 00007f89d458f7c9
[  194.615563][T12849] RDX: 0000000000000004 RSI: 0000200000000100 RDI: 0000000000000022
[  194.615569][T12849] RBP: 00007f89d27f6090 R08: 0000000000000000 R09: 0000000000000000
[  194.615575][T12849] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  194.615581][T12849] R13: 00007f89d47e6038 R14: 00007f89d47e5fa0 R15: 00007ffc23de4b98
[  194.615595][T12849]  </TASK>
[  194.778017][   T24] usb 10-1: new low-speed USB device number 2 using dummy_hcd
[  194.799413][T12859] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2515'.
[  194.844824][T12861] kvm: kvm [12860]: vcpu5, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x1
[  194.908014][   T24] usb 10-1: device descriptor read/64, error -71
[  194.948051][   T60] usb 7-1: new high-speed USB device number 27 using dummy_hcd
[  195.108057][   T60] usb 7-1: Using ep0 maxpacket: 8
[  195.111735][   T60] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  195.114984][   T60] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  195.118474][   T60] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  195.122024][   T60] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  195.126444][   T60] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  195.131923][   T60] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  195.168647][   T24] usb 10-1: new low-speed USB device number 3 using dummy_hcd
[  195.298077][   T24] usb 10-1: device descriptor read/64, error -71
[  195.348552][   T60] usb 7-1: GET_CAPABILITIES returned 0
[  195.350957][   T60] usbtmc 7-1:16.0: can't read capabilities
[  195.351462][T12855] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2513'.
[  195.356251][T12855] bridge_slave_1: left allmulticast mode
[  195.359653][T12855] bridge_slave_1: left promiscuous mode
[  195.361741][T12855] bridge0: port 2(bridge_slave_1) entered disabled state
[  195.365602][T12855] bridge_slave_0: left allmulticast mode
[  195.367308][T12855] bridge_slave_0: left promiscuous mode
[  195.371969][T12855] bridge0: port 1(bridge_slave_0) entered disabled state
[  195.408408][   T24] usb usb10-port1: attempt power cycle
[  195.457975][ T6022] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  195.561016][   T59] usb 7-1: USB disconnect, device number 27
[  195.608547][ T6022] usb 9-1: Using ep0 maxpacket: 16
[  195.614154][ T6022] usb 9-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  195.619007][ T6022] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.622492][ T6022] usb 9-1: Product: syz
[  195.624355][ T6022] usb 9-1: Manufacturer: syz
[  195.626412][ T6022] usb 9-1: SerialNumber: syz
[  195.637608][ T6022] r8152-cfgselector 9-1: Unknown version 0x0000
[  195.642631][ T6022] r8152-cfgselector 9-1: config 0 descriptor??
[  195.750046][   T24] usb 10-1: new low-speed USB device number 4 using dummy_hcd
[  195.778385][   T24] usb 10-1: device descriptor read/8, error -71
[  195.853589][T12891] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2527'.
[  195.861644][ T5290] Bluetooth: hci4: Unknown advertising packet type: 0x17
[  195.861741][ T5290] Bluetooth: hci4: Malformed LE Event: 0x0d
[  195.867606][T12867] serio: Serial port ptm0
[  195.878109][ T5290] Bluetooth: hci4: command 0x0c1a tx timeout
[  195.927597][ T6022] r8152-cfgselector 9-1: Unknown version 0x0000
[  195.927828][ T6022] r8152-cfgselector 9-1: bad CDC descriptors
[  195.938301][ T6022] r8152-cfgselector 9-1: USB disconnect, device number 15
[  196.018320][   T24] usb 10-1: new low-speed USB device number 5 using dummy_hcd
[  196.048400][   T64] Bluetooth: hci1: command 0x0419 tx timeout
[  196.048420][ T5938] Bluetooth: hci3: command 0x040f tx timeout
[  196.054015][ T5290] Bluetooth: hci0: command 0x041b tx timeout
[  196.054404][   T24] usb 10-1: device descriptor read/8, error -71
[  196.178233][   T24] usb usb10-port1: unable to enumerate USB device
[  196.180961][   T40] audit: type=1400 audit(1766880340.694:672): avc:  denied  { create } for  pid=12915 comm="syz.1.2536" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  196.198008][   T40] audit: type=1400 audit(1766880340.694:673): avc:  denied  { setopt } for  pid=12915 comm="syz.1.2536" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  196.481904][T12933] SELinux:  truncated policydb string identifier
[  196.484136][T12933] SELinux: failed to load policy
[  196.488049][T12933] EXT4-fs: Conflicting test_dummy_encryption options
[  196.599159][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  196.603108][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  196.669972][   T40] audit: type=1400 audit(1766880341.184:674): avc:  denied  { read } for  pid=12948 comm="syz.4.2547" name="loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  196.670039][T12949] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2546'.
[  196.681016][   T40] audit: type=1400 audit(1766880341.184:675): avc:  denied  { open } for  pid=12948 comm="syz.4.2547" path="/dev/loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  196.695142][   T40] audit: type=1400 audit(1766880341.194:676): avc:  denied  { ioctl } for  pid=12948 comm="syz.4.2547" path="/dev/loop-control" dev="devtmpfs" ino=657 ioctlcmd=0x4c80 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[  196.732137][   T40] audit: type=1400 audit(1766880341.244:677): avc:  denied  { mount } for  pid=12948 comm="syz.4.2547" name="/" dev="pstore" ino=3495 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  196.742125][   T40] audit: type=1400 audit(1766880341.254:678): avc:  denied  { remount } for  pid=12948 comm="syz.4.2547" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  196.818211][T12956] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2548'.
[  196.871343][T12961] loop9: detected capacity change from 0 to 7
[  196.877183][ T7173] Dev loop9: unable to read RDB block 7
[  196.879848][ T7173]  loop9: unable to read partition table
[  196.882953][ T7173] loop9: partition table beyond EOD, truncated
[  196.889113][T12961] Dev loop9: unable to read RDB block 7
[  196.891525][T12961]  loop9: unable to read partition table
[  196.893576][T12961] loop9: partition table beyond EOD, truncated
[  196.898295][T12961] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑàYz) failed (rc=-5)
[  197.005403][T12967] kAFS: Can only specify source 'none' with -o dyn
[  197.033157][   T40] audit: type=1400 audit(1766880341.544:679): avc:  denied  { unmount } for  pid=8470 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:pstore_t tclass=filesystem permissive=1
[  197.162487][T12976] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4)
[  197.164858][T12976] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  197.167552][T12977] vhci_hcd vhci_hcd.0: pdev(1) rhport(1) sockfd(6)
[  197.169888][T12977] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  197.172618][T12976] vhci_hcd vhci_hcd.0: Device attached
[  197.176517][T12977] vhci_hcd vhci_hcd.0: Device attached
[  197.242652][T12979] vhci_hcd: connection closed
[  197.242726][T12978] vhci_hcd: connection closed
[  197.245667][   T13] vhci_hcd vhci_hcd.1: stop threads
[  197.249780][   T13] vhci_hcd vhci_hcd.1: release socket
[  197.251581][   T13] vhci_hcd vhci_hcd.1: disconnect device
[  197.254026][   T13] vhci_hcd vhci_hcd.1: stop threads
[  197.255818][   T13] vhci_hcd vhci_hcd.1: release socket
[  197.257685][   T13] vhci_hcd vhci_hcd.1: disconnect device
[  197.337704][T12996] batman_adv: batadv0: Adding interface: gretap1
[  197.340262][T12996] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  197.349703][T12996] batman_adv: batadv0: Interface activated: gretap1
[  197.394991][T12985] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  197.397495][T12985] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  197.400095][T12985] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  197.402510][T12985] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  197.513623][ T6021] libceph: connect (1)[c::]:6789 error -101
[  197.516812][ T6021] libceph: mon0 (1)[c::]:6789 connect error
[  197.587701][ T6022] libceph: connect (1)[b::]:6789 error -101
[  197.605920][ T6022] libceph: mon0 (1)[b::]:6789 connect error
[  197.608926][   T40] audit: type=1400 audit(1766880342.124:680): avc:  denied  { read write } for  pid=13012 comm="syz.1.2565" name="vhost-net" dev="devtmpfs" ino=1300 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  197.659283][T13022] bridge_slave_0: default FDB implementation only supports local addresses
[  197.782252][ T6021] libceph: connect (1)[c::]:6789 error -101
[  197.784757][ T6021] libceph: mon0 (1)[c::]:6789 connect error
[  197.879174][ T6022] libceph: connect (1)[b::]:6789 error -101
[  197.881837][ T6022] libceph: mon0 (1)[b::]:6789 connect error
[  197.889488][   T12] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  197.977962][T13045] IPVS: sync thread started: state = BACKUP, mcast_ifn = wlan1, syncid = 0, id = 0
[  198.013508][T13036] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  198.015842][T13036] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  198.020825][T13036] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  198.023814][T13036] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  198.177014][T13051] bridge0: port 4(veth0_to_bridge) entered blocking state
[  198.181659][T13051] bridge0: port 4(veth0_to_bridge) entered disabled state
[  198.184935][T13051] veth0_to_bridge: entered allmulticast mode
[  198.189452][T13051] veth0_to_bridge: entered promiscuous mode
[  198.192517][T13051] bridge0: adding interface veth0_to_bridge with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:1)
[  198.199758][T13051] bridge0: port 4(veth0_to_bridge) entered blocking state
[  198.202914][T13051] bridge0: port 4(veth0_to_bridge) entered forwarding state
[  198.289257][ T6021] libceph: connect (1)[c::]:6789 error -101
[  198.291964][ T6021] libceph: mon0 (1)[c::]:6789 connect error
[  198.331457][T12999] ceph: No mds server is up or the cluster is laggy
[  198.332598][T13002] ceph: No mds server is up or the cluster is laggy
[  198.446868][T13068] dvmrp1: tun_chr_ioctl cmd 1074025677
[  198.450674][T13068] dvmrp1: linktype set to 519
[  198.478429][T13072] __nla_validate_parse: 3 callbacks suppressed
[  198.478445][T13072] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2586'.
[  198.485074][T13072] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2586'.
[  198.593183][T13086] 9pnet_virtio: no channels available for device syz
[  198.628210][ T6070] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  198.802596][ T6070] usb 6-1: config index 0 descriptor too short (expected 45, got 36)
[  198.805499][ T6070] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  198.815874][ T6070] usb 6-1: config 0 has no interfaces?
[  198.818178][ T6070] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  198.821308][ T6070] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.825776][ T6070] usb 6-1: config 0 descriptor??
[  198.869950][T13097] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  198.875419][T13097] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  198.882059][T13097] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  198.885764][T13097] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  198.940582][T13108] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2595'.
[  199.060890][T13122] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2600'.
[  199.162390][ T1421] ieee802154 phy0 wpan0: encryption failed: -22
[  199.164631][ T1421] ieee802154 phy1 wpan1: encryption failed: -22
[  199.251697][T13060] netlink: 'syz.1.2582': attribute type 7 has an invalid length.
[  199.251793][T13134] kernel profiling enabled (shift: 17)
[  199.256587][T13060] netlink: 'syz.1.2582': attribute type 7 has an invalid length.
[  199.265938][T13060] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  199.266229][T13060] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  199.276509][ T6070] usb 6-1: USB disconnect, device number 16
[  199.571042][T13154] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2610'.
[  199.665014][T13150] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  199.667232][T13150] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  199.671450][T13150] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  199.673795][T13150] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  199.867111][T13179] binder: 13176:13179 ioctl 4018620d 0 returned -22
[  199.910977][T13183] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2619'.
[  200.019348][T13192] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2621'.
[  200.024921][T13193] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2621'.
[  200.096823][T13205] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2622'.
[  200.131867][T13207] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  200.148340][T13207] CIFS: Unable to determine destination address
[  200.388333][T13217] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  200.391317][T13217] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  200.394315][T13217] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  200.396771][T13217] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  200.487500][   T40] kauditd_printk_skb: 3 callbacks suppressed
[  200.487517][   T40] audit: type=1400 audit(1766880344.994:684): avc:  denied  { bind } for  pid=13222 comm="syz.2.2628" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  200.502464][   T40] audit: type=1400 audit(1766880344.994:685): avc:  denied  { node_bind } for  pid=13222 comm="syz.2.2628" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1
[  200.515150][T13228] netlink: 'syz.5.2629': attribute type 9 has an invalid length.
[  200.522726][T13228] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2629'.
[  200.528489][T13228] ieee802154 phy0 wpan0: encryption failed: -22
[  200.570059][T13232] netlink: 'syz.5.2631': attribute type 1 has an invalid length.
[  201.083062][T13264] program syz.1.2638 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  201.380743][T13268] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  201.384440][T13268] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  201.387548][T13268] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  201.398372][T13268] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  201.495871][T13279] binder: 13278:13279 ioctl c0306201 0 returned -14
[  201.648121][ T6070] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  201.809638][ T6070] usb 6-1: config index 0 descriptor too short (expected 45, got 36)
[  201.812400][ T6070] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  201.816123][ T6070] usb 6-1: config 0 has no interfaces?
[  201.822737][ T6070] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  201.826190][ T6070] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  201.835698][ T6070] usb 6-1: config 0 descriptor??
[  202.252615][T13311] binder: 13310:13311 ioctl c0306201 0 returned -14
[  202.358462][ T9366] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  202.369493][T13237] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  202.555629][T13298] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  202.558595][T13298] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  202.561307][T13298] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  202.563976][T13298] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  202.567459][T13277] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  202.574523][T13277] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  202.580370][ T6070] usb 6-1: USB disconnect, device number 17
[  202.811339][   T40] audit: type=1400 audit(1766880347.324:686): avc:  denied  { name_bind 0x1000000 } for  pid=13332 comm="syz.2.2658" path="socket:[56370]" dev="sockfs" ino=56370 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  202.969402][   T40] audit: type=1400 audit(1766880347.484:687): avc:  denied  { create } for  pid=13342 comm="syz.2.2660" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  202.979293][   T40] audit: type=1400 audit(1766880347.494:688): avc:  denied  { ioctl } for  pid=13342 comm="syz.2.2660" path="socket:[55433]" dev="sockfs" ino=55433 ioctlcmd=0x940c scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  202.990297][   T40] audit: type=1400 audit(1766880347.494:689): avc:  denied  { setattr } for  pid=13342 comm="syz.2.2660" name="RXRPC" dev="sockfs" ino=55433 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  203.008108][   T24] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  203.182205][   T24] usb 9-1: config index 0 descriptor too short (expected 45, got 36)
[  203.190885][   T24] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  203.195313][   T24] usb 9-1: config 0 has no interfaces?
[  203.205532][   T24] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  203.210038][   T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  203.227203][   T24] usb 9-1: config 0 descriptor??
[  203.649053][ T9366] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  203.691990][T13354] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  203.694722][T13354] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  203.697186][T13354] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  203.700388][T13354] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  203.705649][ T6022] usb 9-1: USB disconnect, device number 16
[  203.964536][T13377] netlink: 'syz.1.2665': attribute type 2 has an invalid length.
[  203.969319][   T40] audit: type=1400 audit(1766880348.484:690): avc:  denied  { connect } for  pid=13376 comm="syz.1.2665" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  204.035462][   T40] audit: type=1400 audit(1766880348.544:691): avc:  denied  { append } for  pid=13376 comm="syz.1.2665" name="sg0" dev="devtmpfs" ino=721 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:scsi_generic_device_t tclass=chr_file permissive=1
[  204.050227][T13385] program syz.1.2665 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  204.079941][T13391] __nla_validate_parse: 2 callbacks suppressed
[  204.079958][T13391] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2668'.
[  204.086652][T13391] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  204.117865][T13391] batman_adv: batadv0: Removing interface: batadv_slave_1
[  204.199844][    C3] vcan0: j1939_tp_rxtimer: 0xffff888035154800: rx timeout, send abort
[  204.218334][   T40] audit: type=1400 audit(1766880348.724:692): avc:  denied  { read } for  pid=5322 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  204.224559][T13399] netlink: 'syz.2.2669': attribute type 1 has an invalid length.
[  204.245253][T13399] bond1: entered promiscuous mode
[  204.249141][   T40] audit: type=1400 audit(1766880348.734:693): avc:  denied  { search } for  pid=5322 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  204.252785][T13399] 8021q: adding VLAN 0 to HW filter on device bond1
[  204.294433][T13399] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2669'.
[  204.300737][T13399] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2669'.
[  204.304839][T13399] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2669'.
[  204.336193][T13399] bond1: (slave bridge1): making interface the new active one
[  204.339164][T13399] bridge1: entered promiscuous mode
[  204.342174][T13399] bond1: (slave bridge1): Enslaving as an active interface with an up link
[  204.394619][T13406] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2671'.
[  204.704916][    C3] vcan0: j1939_tp_rxtimer: 0xffff888035154800: abort rx timeout. Force session deactivation
[  205.101361][T13412] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  205.104507][T13412] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  205.107377][T13412] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  205.110546][T13412] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  205.197780][T13455] binder: 13454:13455 ioctl c0306201 0 returned -14
[  205.429830][T13472] ªªªªªª: renamed from lo
[  205.454342][T13473] netlink: 220 bytes leftover after parsing attributes in process `syz.2.2686'.
[  205.543740][T13485] binder: 13484:13485 ioctl c0306201 0 returned -14
[  205.600815][   T40] kauditd_printk_skb: 8 callbacks suppressed
[  205.600831][   T40] audit: type=1400 audit(1766880350.114:702): avc:  denied  { ioctl } for  pid=13469 comm="syz.2.2686" path="socket:[55491]" dev="sockfs" ino=55491 ioctlcmd=0x8918 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  205.638698][ T1026] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  205.799609][ T1026] usb 10-1: config index 0 descriptor too short (expected 39, got 27)
[  205.803047][ T1026] usb 10-1: config 0 interface 0 altsetting 251 has an invalid descriptor for endpoint zero, skipping
[  205.807185][ T1026] usb 10-1: config 0 interface 0 has no altsetting 0
[  205.813050][ T1026] usb 10-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  205.816070][ T1026] usb 10-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  205.818965][ T1026] usb 10-1: Product: syz
[  205.820586][ T1026] usb 10-1: Manufacturer: syz
[  205.822167][ T1026] usb 10-1: SerialNumber: syz
[  205.825388][ T1026] usb 10-1: config 0 descriptor??
[  205.830160][ T1026] hub 10-1:0.0: bad descriptor, ignoring hub
[  205.832873][ T1026] hub 10-1:0.0: probe with driver hub failed with error -5
[  205.869955][ T1026] snd-usb-audio 10-1:0.0: probe with driver snd-usb-audio failed with error -22
[  205.894154][ T7173] udevd[7173]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb10/10-1/10-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  206.045139][T13478] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  206.047764][T13478] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  206.050644][T13478] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  206.053458][T13478] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  206.184938][T13504] overlayfs: option "workdir=./file0" is useless in a non-upper mount, ignore
[  206.189790][T13504] overlayfs: missing 'lowerdir'
[  206.193499][ T5290] Bluetooth: hci3: unexpected event for opcode 0x1407
[  206.238205][ T6070] usb 10-1: USB disconnect, device number 6
[  206.283326][T13508] binder: 13507:13508 ioctl c0306201 0 returned -14
[  206.300761][ T1026] usb 7-1: new full-speed USB device number 28 using dummy_hcd
[  206.358440][   T40] audit: type=1400 audit(1766880350.874:703): avc:  denied  { setopt } for  pid=13511 comm="syz.1.2702" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  206.452402][ T1026] usb 7-1: unable to read config index 0 descriptor/start: -71
[  206.455645][ T1026] usb 7-1: can't read configurations, error -71
[  206.468207][T13528] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2706'.
[  206.475908][T13528] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  206.708236][T13537] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING
[  206.874106][   T40] audit: type=1400 audit(1766880351.384:704): avc:  denied  { name_bind } for  pid=13542 comm="syz.5.2712" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  206.925190][T13521] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  206.927334][T13521] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  206.929869][T13521] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  206.932186][T13521] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  206.965370][T13551] ------------[ cut here ]------------
[  206.967861][T13551] WARNING: mm/page_alloc.c:5186 at __alloc_frozen_pages_noprof+0x309/0x2430, CPU#3: syz.4.2715/13551
[  206.972645][T13551] Modules linked in:
[  206.974525][T13551] CPU: 3 UID: 0 PID: 13551 Comm: syz.4.2715 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  206.978840][   T40] audit: type=1400 audit(1766880351.494:705): avc:  denied  { write } for  pid=5921 comm="syz-executor" path="pipe:[3760]" dev="pipefs" ino=3760 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[  206.979324][T13551] Tainted: [L]=SOFTLOCKUP
[  206.991620][T13551] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  206.996055][T13551] RIP: 0010:__alloc_frozen_pages_noprof+0x309/0x2430
[  206.998714][T13551] Code: f0 5b 5d 41 5c 41 5d 41 5e 41 5f e9 d1 4f 60 09 83 fe 0a 0f 86 0c fe ff ff 80 3d d9 4b 56 0e 00 75 0b c6 05 d0 4b 56 0e 01 90 <0f> 0b 90 45 31 f6 eb 81 4d 85 f6 74 22 44 89 fa 89 ee 4c 89 f7 e8
[  207.005171][T13551] RSP: 0018:ffffc90007aef758 EFLAGS: 00010246
[  207.007119][T13551] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  207.009792][T13551] RDX: 0000000000000000 RSI: 0000000000000015 RDI: 0000000000040cc0
[  207.012394][T13551] RBP: 0000000000000015 R08: 0000000000000005 R09: 0000000000000009
[  207.014920][T13551] R10: 0000000000000015 R11: ffff888054858b30 R12: 0000000000040cc0
[  207.017506][T13551] R13: 1ffff92000f5df01 R14: ffffffff9ac42ac4 R15: 0000000000000015
[  207.020279][T13551] FS:  00007f89d27f66c0(0000) GS:ffff8880d6bf5000(0000) knlGS:0000000000000000
[  207.023049][T13551] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  207.025344][T13551] CR2: 000000110c37fc08 CR3: 000000002b0e8000 CR4: 0000000000352ef0
[  207.028228][T13551] Call Trace:
[  207.029410][T13551]  <TASK>
[  207.030603][T13551]  ? find_held_lock+0x2b/0x80
[  207.032176][T13551]  ? is_bpf_text_address+0x8a/0x1a0
[  207.034104][T13551]  ? bpf_ksym_find+0x127/0x1c0
[  207.035814][T13551]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  207.037996][T13551]  ? is_bpf_text_address+0x94/0x1a0
[  207.039683][T13551]  ? kernel_text_address+0x8d/0x100
[  207.041644][T13551]  ? __kernel_text_address+0xd/0x40
[  207.043531][T13551]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  207.045834][T13551]  ? stack_trace_save+0x8e/0xc0
[  207.047851][T13551]  ? __pfx_stack_trace_save+0x10/0x10
[  207.050015][T13551]  ? stack_depot_save_flags+0x29/0x9b0
[  207.051931][T13551]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  207.053968][T13551]  ? policy_nodemask+0xea/0x4e0
[  207.055807][T13551]  alloc_pages_mpol+0x1fb/0x550
[  207.057662][T13551]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  207.059483][T13551]  ___kmalloc_large_node+0x10c/0x150
[  207.061582][T13551]  __kmalloc_large_node_noprof+0x1c/0x70
[  207.063654][T13551]  __kmalloc_noprof.cold+0xc/0x62
[  207.065333][T13551]  ? drm_syncobj_array_find+0x35/0x3c0
[  207.067306][T13551]  ? drm_syncobj_array_find+0x35/0x3c0
[  207.069369][T13551]  drm_syncobj_array_find+0x35/0x3c0
[  207.071488][T13551]  ? __lock_acquire+0x436/0x2890
[  207.073263][T13551]  drm_syncobj_query_ioctl+0x27e/0xbe0
[  207.075276][T13551]  ? lockdep_hardirqs_on+0x7c/0x110
[  207.077292][T13551]  ? __pfx_drm_syncobj_query_ioctl+0x10/0x10
[  207.079436][T13551]  ? find_held_lock+0x2b/0x80
[  207.081229][T13551]  ? drm_dev_exit+0x41/0x60
[  207.082849][T13551]  drm_ioctl_kernel+0x1f4/0x3e0
[  207.084567][T13551]  ? __pfx_drm_syncobj_query_ioctl+0x10/0x10
[  207.086643][T13551]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  207.088722][T13551]  drm_ioctl+0x5c9/0xc30
[  207.090225][T13551]  ? __pfx_drm_syncobj_query_ioctl+0x10/0x10
[  207.092631][T13551]  ? __pfx_drm_ioctl+0x10/0x10
[  207.094290][T13551]  ? selinux_file_ioctl+0x180/0x270
[  207.096281][T13551]  ? selinux_file_ioctl+0xb4/0x270
[  207.098154][T13551]  ? __pfx_drm_ioctl+0x10/0x10
[  207.099733][T13551]  __x64_sys_ioctl+0x18e/0x210
[  207.101397][T13551]  do_syscall_64+0xcd/0xf80
[  207.102943][T13551]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.105260][T13551] RIP: 0033:0x7f89d458f7c9
[  207.106813][T13551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  207.113730][T13551] RSP: 002b:00007f89d27f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  207.116665][T13551] RAX: ffffffffffffffda RBX: 00007f89d47e5fa0 RCX: 00007f89d458f7c9
[  207.119433][T13551] RDX: 0000200000000040 RSI: 00000000c01864cb RDI: 0000000000000003
[  207.122320][T13551] RBP: 00007f89d4613f91 R08: 0000000000000000 R09: 0000000000000000
[  207.125047][T13551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  207.127809][T13551] R13: 00007f89d47e6038 R14: 00007f89d47e5fa0 R15: 00007ffc23de4b98
[  207.130706][T13551]  </TASK>
[  207.131866][T13551] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  207.134471][T13551] CPU: 3 UID: 0 PID: 13551 Comm: syz.4.2715 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  207.138093][T13551] Tainted: [L]=SOFTLOCKUP
[  207.139626][T13551] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  207.143491][T13551] Call Trace:
[  207.144628][T13551]  <TASK>
[  207.145767][T13551]  dump_stack_lvl+0x3d/0x1f0
[  207.147350][T13551]  vpanic+0x640/0x6f0
[  207.148873][T13551]  ? __alloc_frozen_pages_noprof+0x309/0x2430
[  207.151074][T13551]  panic+0xca/0xd0
[  207.152775][T13551]  ? __pfx_panic+0x10/0x10
[  207.154698][T13551]  check_panic_on_warn+0xab/0xb0
[  207.156546][T13551]  __warn+0x108/0x3c0
[  207.158076][T13551]  __report_bug+0x2a0/0x520
[  207.159688][T13551]  ? __alloc_frozen_pages_noprof+0x309/0x2430
[  207.161737][T13551]  ? __pfx___report_bug+0x10/0x10
[  207.163432][T13551]  ? __lock_acquire+0x436/0x2890
[  207.165302][T13551]  ? __alloc_frozen_pages_noprof+0x309/0x2430
[  207.167400][T13551]  report_bug+0xb2/0x220
[  207.168847][T13551]  ? __alloc_frozen_pages_noprof+0x309/0x2430
[  207.171087][T13551]  handle_bug+0x127/0x260
[  207.172928][T13551]  exc_invalid_op+0x17/0x50
[  207.174944][T13551]  asm_exc_invalid_op+0x1a/0x20
[  207.176991][T13551] RIP: 0010:__alloc_frozen_pages_noprof+0x309/0x2430
[  207.179352][T13551] Code: f0 5b 5d 41 5c 41 5d 41 5e 41 5f e9 d1 4f 60 09 83 fe 0a 0f 86 0c fe ff ff 80 3d d9 4b 56 0e 00 75 0b c6 05 d0 4b 56 0e 01 90 <0f> 0b 90 45 31 f6 eb 81 4d 85 f6 74 22 44 89 fa 89 ee 4c 89 f7 e8
[  207.186390][T13551] RSP: 0018:ffffc90007aef758 EFLAGS: 00010246
[  207.188585][T13551] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  207.191047][T13551] RDX: 0000000000000000 RSI: 0000000000000015 RDI: 0000000000040cc0
[  207.193581][T13551] RBP: 0000000000000015 R08: 0000000000000005 R09: 0000000000000009
[  207.196027][T13551] R10: 0000000000000015 R11: ffff888054858b30 R12: 0000000000040cc0
[  207.198581][T13551] R13: 1ffff92000f5df01 R14: ffffffff9ac42ac4 R15: 0000000000000015
[  207.201088][T13551]  ? find_held_lock+0x2b/0x80
[  207.202644][T13551]  ? is_bpf_text_address+0x8a/0x1a0
[  207.204292][T13551]  ? bpf_ksym_find+0x127/0x1c0
[  207.205825][T13551]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  207.207781][T13551]  ? is_bpf_text_address+0x94/0x1a0
[  207.209450][T13551]  ? kernel_text_address+0x8d/0x100
[  207.211145][T13551]  ? __kernel_text_address+0xd/0x40
[  207.212968][T13551]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  207.215159][T13551]  ? stack_trace_save+0x8e/0xc0
[  207.216956][T13551]  ? __pfx_stack_trace_save+0x10/0x10
[  207.218728][T13551]  ? stack_depot_save_flags+0x29/0x9b0
[  207.220491][T13551]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  207.222431][T13551]  ? policy_nodemask+0xea/0x4e0
[  207.224012][T13551]  alloc_pages_mpol+0x1fb/0x550
[  207.225609][T13551]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  207.227346][T13551]  ___kmalloc_large_node+0x10c/0x150
[  207.229091][T13551]  __kmalloc_large_node_noprof+0x1c/0x70
[  207.230922][T13551]  __kmalloc_noprof.cold+0xc/0x62
[  207.232965][T13551]  ? drm_syncobj_array_find+0x35/0x3c0
[  207.234740][T13551]  ? drm_syncobj_array_find+0x35/0x3c0
[  207.236492][T13551]  drm_syncobj_array_find+0x35/0x3c0
[  207.238199][T13551]  ? __lock_acquire+0x436/0x2890
[  207.239773][T13551]  drm_syncobj_query_ioctl+0x27e/0xbe0
[  207.241552][T13551]  ? lockdep_hardirqs_on+0x7c/0x110
[  207.243757][T13551]  ? __pfx_drm_syncobj_query_ioctl+0x10/0x10
[  207.245676][T13551]  ? find_held_lock+0x2b/0x80
[  207.247154][T13551]  ? drm_dev_exit+0x41/0x60
[  207.248640][T13551]  drm_ioctl_kernel+0x1f4/0x3e0
[  207.250250][T13551]  ? __pfx_drm_syncobj_query_ioctl+0x10/0x10
[  207.252612][T13551]  ? __pfx_drm_ioctl_kernel+0x10/0x10
[  207.254626][T13551]  drm_ioctl+0x5c9/0xc30
[  207.256038][T13551]  ? __pfx_drm_syncobj_query_ioctl+0x10/0x10
[  207.258568][T13551]  ? __pfx_drm_ioctl+0x10/0x10
[  207.260580][T13551]  ? selinux_file_ioctl+0x180/0x270
[  207.262737][T13551]  ? selinux_file_ioctl+0xb4/0x270
[  207.264915][T13551]  ? __pfx_drm_ioctl+0x10/0x10
[  207.266929][T13551]  __x64_sys_ioctl+0x18e/0x210
[  207.268897][T13551]  do_syscall_64+0xcd/0xf80
[  207.270403][T13551]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  207.272382][T13551] RIP: 0033:0x7f89d458f7c9
[  207.273844][T13551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  207.280707][T13551] RSP: 002b:00007f89d27f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  207.284196][T13551] RAX: ffffffffffffffda RBX: 00007f89d47e5fa0 RCX: 00007f89d458f7c9
[  207.286842][T13551] RDX: 0000200000000040 RSI: 00000000c01864cb RDI: 0000000000000003
[  207.289459][T13551] RBP: 00007f89d4613f91 R08: 0000000000000000 R09: 0000000000000000
[  207.292050][T13551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  207.294781][T13551] R13: 00007f89d47e6038 R14: 00007f89d47e5fa0 R15: 00007ffc23de4b98
[  207.297481][T13551]  </TASK>
[  207.299233][T13551] Kernel Offset: disabled
[  207.300758][T13551] Rebooting in 86400 seconds..