last executing test programs:

2.845172496s ago: executing program 2 (id=433):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="020086dd0300000000003000000060ec970012302c00fe8000000000000000000000000000aaff0200000000000000000000004000013a"], 0xfdef)

2.671386216s ago: executing program 2 (id=434):
openat(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.net/devices.allow\x00', 0x2, 0x48)
r0 = syz_clone(0x24100000, 0x0, 0x0, 0x0, 0x0, 0x0)
socket(0x10, 0x803, 0x0)
socket$unix(0x1, 0x1, 0x0)
r1 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000680)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x3, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x8, &(0x7f0000000000)=ANY=[@ANYBLOB="1808000000000000000000000300000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000000000850000002f000000b70900000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_pidfd_open(r0, 0x0)
socket$kcm(0x2, 0x3, 0x2)
socket$packet(0x11, 0x2, 0x300)
socket$kcm(0xa, 0x1, 0x106)
socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000000000)={0x10, 0x2})
r3 = socket$nl_sock_diag(0x10, 0x3, 0x4)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYRES8=r3], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50)
pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe)
r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r4, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r4, &(0x7f0000000000), 0xd)
r5 = syz_open_dev$video4linux(&(0x7f0000000000), 0x7fffffffffffffff, 0x121001)
ioctl$VIDIOC_S_FREQUENCY(r5, 0x402c5639, &(0x7f0000000040)={0x100000, 0x2, 0xf})
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@userxattr}, {@metacopy_on}]})

2.38007348s ago: executing program 2 (id=436):
r0 = openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000002140)=ANY=[])
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0xdfffffff, 0x5e490420, 0x2, 0xffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f000000e3c0)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d838aae8c05dd22d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)={0x20, 0x0, 0x3731, {0x0, 0x7f69ff17f1e1ab77}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000001380)={'team0\x00', &(0x7f0000001280)=@ethtool_drvinfo={0x3, "8e83cc9e88b009a8ced008a45a9b15655db53c38758b5d267d47b1a109528e05", "94ec533ac1530fb40d6713ad954eedb14180e9936a9d353caa877653bce1b892", "d39af0372b17ec044525bd6635d3fbdebcba911f0bc93222ad196c2097456bcb", "b039149dc172700e784f8e8f3aa3f18ce4081bf171e8077c02deb94d5f29bf66", "64c7a53e3a3b85ee0f3612d286625fe9778737fb81d24f685563b9e6fa32b055", "1f6869027ad2ecb6a95b1575", 0xfffff591, 0x4, 0x3, 0xa92c, 0x3}})
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0xc5001, 0x104)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x800)
r3 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000100)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_clone(0xa0001000, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0)

1.381145741s ago: executing program 1 (id=446):
r0 = gettid()
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x1, 0x0)
syz_open_procfs$namespace(r0, &(0x7f0000000040)='ns/cgroup\x00')

1.260247923s ago: executing program 3 (id=449):
r0 = syz_create_resource$binfmt(&(0x7f0000000040)='./file1\x00')
r1 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00')
r2 = openat$binfmt(0xffffffffffffff9c, r1, 0x42, 0x1ff)
r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x6, 0x25, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000001000000000000000fdffffff180140002020782500000000002020207b1af8ff00000000902235260000000007010000f8ffffaffd02000008000000b703000000000000850000000600000018120000", @ANYRES32=0x1, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000c000000850000000600000007c903000200000085200000020000001858000003000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70200000000000085000000860000001866000008000000000000000300000018280000", @ANYRES32=0x1, @ANYBLOB="00000000020000008a1b3000040000009500000000000000"], &(0x7f0000000000)='syzkaller\x00', 0xffffff7f, 0x48, &(0x7f0000000200)=""/72, 0x41100, 0x14, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000280)={0x2, 0x3}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f00000002c0)=[0x1, 0xffffffffffffffff], &(0x7f0000000300)=[{0x0, 0x5, 0x0, 0x6}, {0x0, 0x2, 0xe, 0x9}, {0x2, 0x1, 0xd, 0x5}, {0x0, 0x3, 0x10, 0x1}, {0x0, 0x3, 0x6, 0x5}], 0x10, 0x4c16}, 0x94)
getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000440)={<r4=>0x0, @remote, @loopback}, &(0x7f0000000480)=0xc)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000004c0)={r3, r4, 0x25, 0x4, @void}, 0x10)
r5 = landlock_create_ruleset(&(0x7f0000000040)={0x501a, 0x3, 0x3}, 0x18, 0x0)
landlock_restrict_self(r5, 0x0)
write$binfmt_elf64(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c4602010103fcffffffffffffff03003e005666d37500010000000000004000000000000000df012000040000000000000003003800010007000200010003000000000000000300000000010100ff"], 0x509)
close(r2)
openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x401, 0x0)
execveat$binfmt(0xffffffffffffff9c, r0, 0x0, 0x0, 0x0)
r6 = accept(0xffffffffffffffff, &(0x7f0000000500)=@pppoe={0x18, 0x0, {0x0, @multicast}}, &(0x7f0000000580)=0x80)
r7 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000600), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r6, &(0x7f0000000700)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x64, r7, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_OURS={0x50, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4c, 0x3, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0xe, 0x2, 'syzkaller\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}]}, {0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x5, 0x2, '\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0xa64e}]}]}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x48000}, 0x480d4)

1.191230223s ago: executing program 3 (id=450):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x1b, &(0x7f0000000880)=ANY=[@ANYBLOB="00000000fc1ccaf300000000b7080000ce0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000008200", @ANYBLOB="0000000000000000b703"], &(0x7f0000000300)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000580)={0x2, 0xa, 0x1, 0x7c5e}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x100, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="2c385a7af3be", 0x6)
syz_emit_vhci(&(0x7f0000000640)=ANY=[@ANYBLOB="043106aaaaaaaa6bd3f6c4ffa6642953ade0132d10139107a3"], 0x9)
r3 = accept4(r2, 0x0, 0x0, 0x800)
sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0)
pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

1.001346337s ago: executing program 3 (id=452):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000000)=[@text32={0x20, &(0x7f0000000040)="2ef00fc05b060f23b3b9ce000000b807000000ba000000000f301b8154fea900c1210680320000c4e28ddc8dcd000000c182fd3f0000c8b950020000b801000400b9a6080000b80000010066b87a000f00d80f300f300fc79d53bf0000c4b9e16dc30101220f01c3", 0x68}], 0x1, 0x14, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

930.155811ms ago: executing program 2 (id=453):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000300)={<r1=>0xffffffffffffffff}, 0x106, 0x8}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r0, &(0x7f0000000340)={0x15, 0x110, 0xfa00, {r1, 0x0, 0x30, 0x30, 0x0, @in6={0x1b, 0x4000, 0x0, @loopback, 0xbff}, @ib={0x1b, 0x38e, 0x0, {'\x00\a\x00'}, 0x0, 0x40000000, 0x8}}}, 0x118)
write$RDMA_USER_CM_CMD_LISTEN(r0, &(0x7f0000000100)={0x7, 0x8, 0xfa00, {r1, 0x4734}}, 0x10)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x1)
fsconfig$FSCONFIG_SET_FLAG(r3, 0x0, &(0x7f0000000040)='mand\x00', 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x3, 0x7)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f00000000c0)={@dev, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20)
setsockopt$inet6_int(r4, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x7fff, 0x4)
connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x380000, @loopback}, 0x1c)
sendmmsg$inet(r4, &(0x7f0000003a00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @loopback, @empty}}}], 0x20}}], 0x1, 0x10814)
fsmount(r3, 0x0, 0xb)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)={0x58, 0x2, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xffff}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x58}}, 0x0)
close(r0)

879.452574ms ago: executing program 2 (id=454):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000000)={0x1, 0x58, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r1=>0x0}}, 0x10)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=@bridge_getlink={0x28, 0x12, 0x4, 0x70bd28, 0x25dfdbfd, {0x7, 0x0, 0x0, r1, 0x221}, [@IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x80}]}, 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x0)

878.718301ms ago: executing program 2 (id=456):
syz_clone3(&(0x7f0000000500)={0x2014000, &(0x7f00000000c0)=<r0=>0xffffffffffffffff, 0x0, 0x0, {0x4}, 0x0, 0x0, 0x0, 0x0}, 0x58)
r1 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix_mp={0xfffffffd, 0x9, 0x34343459, 0x5, 0xb, [{0x6, 0xd37e}, {0x9c8, 0x45}, {0x0, 0x5}, {0x8, 0x1ff}, {0x1000, 0xcb}, {0x5, 0x6}, {0x1, 0x80000001}, {0x8003, 0x8000}], 0x7, 0xa, 0x2}})
landlock_restrict_self(r0, 0x7)
r2 = socket(0xa, 0x1, 0x0)
r3 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
r4 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4d8, 0xdd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xa0, 0x8, [{{0x9, 0x4, 0x0, 0xfe, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0xffff, 0xfd, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x8, 0x3, 0x0, 0xfd}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r4, 0x0, 0x0)
syz_usb_control_io(r4, &(0x7f0000000080)={0x18, &(0x7f00000012c0)=ANY=[@ANYBLOB="40020c"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r5 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000001200), 0xa8e00)
read(r5, &(0x7f0000000200)=""/209, 0xd1)
r6 = syz_open_dev$I2C(&(0x7f0000000100), 0x2, 0x1)
ioctl$I2C_SMBUS(r6, 0x720, &(0x7f0000000340)={0x0, 0x3, 0x7, &(0x7f0000000300)={0x1f, "893589de4add97fe9a6caa93ea1735ace960a6d9dcff49f18efa679f68893f5a81"}})
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, &(0x7f00000000c0)={'c6xdigio\x00', [0x8, 0x7ff, 0x1, 0x9790, 0x0, 0xcca, 0x8, 0x7, 0xa, 0xfc, 0x2, 0x1, 0x8, 0x4, 0xa, 0xffffffff, 0x1, 0x1a449, 0x3, 0x40000003, 0x100, 0x2, 0xf27, 0x6, 0xb, 0xa, 0x5, 0x8, 0x4, 0x10000, 0x7]})
setsockopt$IP_VS_SO_SET_ADD(r2, 0x0, 0x482, &(0x7f0000000000)={0x11, @remote, 0x15, 0x0, 'lblcr\x00'}, 0x2c)
socket$alg(0x26, 0x5, 0x0)

740.960366ms ago: executing program 3 (id=459):
syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
fsopen(0x0, 0x0)
socket$inet(0x2, 0x4000000000000001, 0x0)
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x88800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$TCSETSF2(0xffffffffffffffff, 0x8926, &(0x7f0000000000)={0x9, 0x4, 0x8, 0x0, 0xc, "a533b6aaf9f659ff35036bf79d8b4c2a246305", 0xe7, 0x8})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0xfffffffffffffffb, 0x6, 0x0, 0x4, 0x10003, 0x2, 0x400200cc4, 0x5, 0x7d, 0x1000000000000000, 0x0, 0x8000, 0x2, 0x1, 0xb9, 0x8d], 0xeeee8000, 0x2011c0})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

739.887859ms ago: executing program 0 (id=460):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}})
write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="020086dd0300000000003000000060ec970012302c00fe8000000000000000000000000000aaff0200000000000000000000ff8200013a"], 0xfdef)

604.94785ms ago: executing program 3 (id=461):
r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000240), 0x2288c0, 0x0)
ioctl$sock_rose_SIOCADDRT(r0, 0x890b, &(0x7f00000002c0)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x1000, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bpq0, 0x3, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @default]})
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
read(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x0)
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r1, 0x8982, &(0x7f0000000400)={0x0, 'batadv0\x00', {0x5}})
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000040)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e040602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0)
rt_sigprocmask(0x0, &(0x7f00000000c0)={[0xfffffeffffffffff]}, 0x0, 0x8)
r2 = gettid()
timer_create(0x1, &(0x7f0000000800)={0x0, 0x12, 0x4, @tid=r2}, &(0x7f0000000380)=<r3=>0x0)
timer_settime(r3, 0x1, &(0x7f0000000280)={{}, {0x0, 0x989680}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001680)=@ipv4_newroute={0x3c, 0x18, 0x35f32a6dfa748ddd, 0x70bd2a, 0x2, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, [@RTA_ENCAP_TYPE={0x6, 0x15, 0x4}, @RTA_ENCAP={0x18, 0x16, 0x0, 0x1, @SEG6_LOCAL_NH6={0x14, 0x5, @private0={0xfc, 0x0, '\x00', 0x1}}}]}, 0x3c}}, 0x0)
timer_delete(r3)
r5 = gettid()
tkill(r5, 0x16)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x24004045)
io_uring_enter(0xffffffffffffffff, 0x2219, 0x7721, 0x16, 0x0, 0x0)
setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x13, 0x0, 0x310)
epoll_create(0x9)
timer_create(0x7, &(0x7f0000000080)={0x0, 0x14, 0x1, @thr={&(0x7f0000000100)="fd436c51e0b738da27489e5d047082f000fae1205ecf86000f8fedecb8f9db620c0f7db03b39fe240f053caa22c1704585e1f721f8b038e4d499c714d9fdb8e74c74e488004aa1313aaa3a4c9531986c0293d5c7cd3fd9b55b49930da308856399f73341607047ea1b3b703929d83436626174fab0b4102856b5a651696e814221b35498e15c024ca89e7271261a14aa35a4aa9b20624b4c856e190a3c2e0acb9438ad0dd7dbdade36ec816765781db6e23d359eec57042098bab7c410fa91f6f217003f45b1e6f2055e8f2209ab228a5b7469c72cf14f", &(0x7f00000003c0)="78aa8375c6e340b3504712fa37a77e14857d73d7e9a3e225c17cae0a6bcfa429b1256ab651971dde563bbd62d380262fda7f759bda436815e29a384fcaf7d70f45676a3ed164c37e328363f991d897a1fc7aa8d2ceaad3a81da55b439d256654a22bbec0e268a26c0f6b6eb65025f995bb57c2731e4cba3f9c579a3a212b960dbc1c07fa5d23d0e1c50dc372711cfc747718b3422e45293a00c4eacb1cb286de0e5c95ee230dcc8276b70988d54504d8d715545fa129facdcfd048dfb9dbd2dade6fb8ed3362c2e0b5330c6709ec6978fb8d698114af696b44d160"}}, &(0x7f0000000200))
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$tipc2(0x0, 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(0xffffffffffffffff, 0x0, 0x40001)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
syz_emit_vhci(&(0x7f0000000600)=ANY=[@ANYBLOB="042f1407c800060900000004000000060000000000000051a12b67f9e86024c57a3fc4c929fec904000000000000001f8cac54e269ae70020000000000000000000000000000008ec439ce8f2c4e87ddf68919a9e861a2488031588b9342f321f19a66a00383c51fd227e80ad1f820d0edeccca96bb7a203dfb84c481e044c8c31082d144d9d98d271dec20fb11ef7569b32532acc8c4820dc23811a1d74e67d0cc7c383a438a8f1c5109eea4c965966090cae0be0989da29b8ff48ba5ca2943266c5180ce6452736d7252a732cb9cdc2936fe5ef0d243156ed04328ec97acb1238b7847a9b5d472be5d512e11fd4eaf6fdae08f0e81770062725e8f226cb31230845cb6183994577cb9faa379592c5f11a1ba3bdf02bb9c66b2398d9e62d02eaeca3e4e655c2bc912ffae87d3d44ff8ce1031b3"], 0x17)

604.765997ms ago: executing program 0 (id=462):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff) (async)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x24, 0x20, 0x301, 0x70bd2a, 0x25dfdbff, {0x2, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x8}, [@FRA_GENERIC_POLICY=@FRA_DPORT_RANGE={0x8, 0x18, {0x4e21, 0x4e21}}]}, 0x24}, 0x1, 0x0, 0x0, 0x240480d4}, 0x4040) (async, rerun: 64)
r2 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 64)
sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000021000100"], 0x28}}, 0x0) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01002dbd7000ffdbdf2d3900000008000300", @ANYRES32=r4, @ANYBLOB="10005a800c00018005000a"], 0x2c}, 0x1, 0x0, 0x0, 0x48000}, 0x20000000)

520.928768ms ago: executing program 0 (id=463):
socket$packet(0x11, 0x3, 0x300) (async)
socket$packet(0x11, 0x3, 0x300)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x8, 0x2, 0x0, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r0, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20) (async)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000200)={r0, &(0x7f0000000080), &(0x7f0000000000)=""/10, 0x2}, 0x20)
syz_open_dev$dri(&(0x7f0000000240), 0x2000, 0x0) (async)
r1 = syz_open_dev$dri(&(0x7f0000000240), 0x2000, 0x0)
ioctl$DRM_IOCTL_GET_CLIENT(r1, 0xc02864cf, &(0x7f00000001c0)={0x0, 0x0, {}, {0xee00}})
socket(0x10, 0x3, 0x0) (async)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f00000008c0)=@dellink={0x28, 0x11, 0x1, 0x70bd26, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x2010, 0xcd02e5b54e96c93}, [@IFLA_NET_NS_PID={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x40000}, 0x880)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) (async)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{0x1}, &(0x7f0000000100), &(0x7f0000000180)=r3}, 0x20)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, 0xffffffffffffffff, 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
bpf$BPF_PROG_TEST_RUN_LIVE(0xa, &(0x7f00000005c0)={r3, 0x0, 0xba, 0x0, &(0x7f00000002c0)="33a5fe598b4fb19a14d005f6f6fc3cb88171019b7d1a3f5c27e498627a668f17564e1e5ef490b907bf9d07cde5c48d55e903b08bffd9c0cfb6bc06c027191397d3e18ca8cd5413da4eaa252e61687deb08994507e817cd532d87cc4f8b10d4682308c4f677f93e69ee106c9a5e0bcb7722406f0a78efe4d9b623a3d291e61d5b6ea0130ee5a06374fcafd04f504b9f5b943e9329a81ad004b0a982d2008d74c0976d67006effcc9c060399695e097188fdd226f5706b8fa6beb3", 0x0, 0x400, 0x0, 0x8, 0x0, &(0x7f0000000080)="9255d33e8e6dead9", 0x0, 0x2, 0x0, 0x1c753740}, 0x50) (async)
bpf$BPF_PROG_TEST_RUN_LIVE(0xa, &(0x7f00000005c0)={r3, 0x0, 0xba, 0x0, &(0x7f00000002c0)="33a5fe598b4fb19a14d005f6f6fc3cb88171019b7d1a3f5c27e498627a668f17564e1e5ef490b907bf9d07cde5c48d55e903b08bffd9c0cfb6bc06c027191397d3e18ca8cd5413da4eaa252e61687deb08994507e817cd532d87cc4f8b10d4682308c4f677f93e69ee106c9a5e0bcb7722406f0a78efe4d9b623a3d291e61d5b6ea0130ee5a06374fcafd04f504b9f5b943e9329a81ad004b0a982d2008d74c0976d67006effcc9c060399695e097188fdd226f5706b8fa6beb3", 0x0, 0x400, 0x0, 0x8, 0x0, &(0x7f0000000080)="9255d33e8e6dead9", 0x0, 0x2, 0x0, 0x1c753740}, 0x50)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000580)={'veth0_to_team\x00', <r5=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000004c0)={r3, r5, 0x25, 0x0, @void}, 0x10)
r6 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r6, 0x8946, &(0x7f0000000140)={'team_slave_0\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x4, 0x2, 0x1}})

513.647023ms ago: executing program 1 (id=464):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1b, 0x3, &(0x7f0000000100)=@framed, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0xc}, 0x90)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r1, 0x1, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x24004010}, 0x40000)
ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000040)={{0x1, 0x1, 0x18, <r3=>r0, {0x6, 0x6}}, './file0\x00'})
syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x8202)
ioctl$SNDCTL_DSP_GETCAPS(r3, 0x8004500f, &(0x7f0000000080))

451.2441ms ago: executing program 0 (id=465):
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5)
r0 = socket(0x2b, 0x80801, 0x1)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x400, 0xfffc, @empty}, 0x1c)
io_setup(0x9, &(0x7f00000000c0)=<r1=>0x0)
io_cancel(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x7, 0x8, r0, &(0x7f0000000200)="c90f125e3297b9ec2d6cbfceddf2892b97c0281472810f2cf98fae3276b024637dc5bb451fc8d9fd794b5a6a2a01cffc8362957de4fae268d17bf1ed1d6a4c75cf3236653256953c78ff68100a7041c2759615bc9a10cc7262a6ed4447cc17367b69b0740d5d553ca18e8870cc400c4095fabcb160e1f0906e9f56ade03ba8465cb06379dc52902cb24bc65fd1375884f81352cb06a18690ffd07660782da8306fb219474bab2bebe90e0904b6c12dfad7abdb", 0xb3, 0xfffffffffffffffc, 0x0, 0x2}, &(0x7f0000000140))
setsockopt$inet6_tcp_int(r0, 0x6, 0x1, &(0x7f0000000080)=0x80000000, 0x4)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000180)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(md5)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000680)="02815c8edc872c4e4fa83d770ec18b39a030152d7bc57fe35d1fa7ec745786d5daf8454dcd82adb43257284f5ed0ee3303d61fc1960b3d00ba69652939e65437d8", 0x41)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000002c0)={0x7f, <r3=>0x0}, 0x8)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0x7, &(0x7f0000000300)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x63, 0x11, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @initr0={0x18, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x57c5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, r3}, 0x94)

450.787505ms ago: executing program 1 (id=466):
r0 = syz_io_uring_setup(0xcb, &(0x7f0000000300)={0x0, 0xcd1d, 0x10100, 0x1000000, 0x20000}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000080))
io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000000)={&(0x7f0000002000)={[{&(0x7f00000000c0)="50fa587ef080861e244c636ac260663b78264b3c634282a15fc0cdf59d676cf86eaa827295218402abcb79e2762a0234868bcff6639838ed46cfe88cab225db18b93deeb3f3a25af86138d084b5bda7967f9b04364ee55400da8c6d11abcf679eb4774efa6775168fc6697cd9ef8fa2c2b6e7a9be5c17c61", 0x78, 0x2}, {0x0}, {0x0, 0x0, 0x400}, {0x0}, {&(0x7f0000000140), 0x0, 0x1}]}, 0x5, 0x1}, 0x1)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
r5 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_CMDTEST(r5, 0x8050640a, &(0x7f0000000100)={0x0, 0x80, 0x4, 0x9, 0x2, 0x2, 0x1, 0x7, 0xffffffff, 0x7, 0x0, 0x4, 0x0, 0x0, 0x0})
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r4, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000006c0)=[@textreal={0x8, &(0x7f0000000700)="f30f090f00dbb83104c800008ec8d33366b98f441e100000b89ab9000066ba0000000066660fd4dc66b9d40a000066b80000000066ba000000000f30640f07260f01c3da62ce", 0x46}], 0x1, 0x3, 0x0, 0x0)
r7 = syz_open_dev$vbi(&(0x7f00000001c0), 0x0, 0x2)
io_uring_register$IORING_REGISTER_PROBE(r4, 0x8, &(0x7f0000000380)={0x0, 0x0, 0x0, '\x00', [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}]}, 0x31)
ioctl$VIDIOC_ENUM_FREQ_BANDS(r7, 0xc0405665, &(0x7f0000000140)={0x0, 0x2, 0x0, 0x0, 0x1, 0x7})
ioctl$VIDIOC_PREPARE_BUF(r4, 0xc058565d, &(0x7f0000000580)=@mmap={0x8, 0xb, 0x4, 0x1, 0xb, {}, {0x4, 0x2, 0x5, 0x8f, 0x3, 0xfd, "8f24df03"}, 0x7ff, 0x1, {}, 0x7})
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000500)=ANY=[@ANYRES64=r1, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc01000000000000000000000000000000000033000000fe8000000000000000000000000000aa00000000000000000000000000000000eee23f5a525a556b0000000000000000000000000000000000000000000000000000000000000001000000000000000000000000eeff000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000004c001400636d6163286165732900"/244], 0x13c}}, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$TUNSETIFF(r9, 0x400454ca, &(0x7f00000000c0)={'pim6reg0\x00', 0x2})
ioctl$TUNSETLINK(r9, 0x400454cd, 0x7)
syz_emit_ethernet(0x5a, &(0x7f0000000880)=ANY=[@ANYBLOB="aaaaaaaaad0100000a00000000010000004c0000000000069078ac141418ac1e0001441cdb00000000000000000000000000000400006401a01e000000038606000000010000000000005710195bcef2495d367a9e00529baa1fd9f9c6fda575051a0bc6fd1364e26b54e105270a75c8b8db783d5e10585d25c5e890036c9f732253e89c34d0d3a54d756525d975433b8b6abe78068f10ed21f2ef29cde2f8d35cc9af4fafe57cb0a6329923b3f208f17b0af59b4bf73ea9be26180e376a7d11923f6ec818860a076cf3c6c76aa5ba20ff267af44b5bcc8c7b9aefa56a7448bcd2c0bff8d5f2fa734bd27aab0ba5276f5bbd8aee7190dfa516a611de8062e5d69bca546f21bbc75135a6a3011bbf3ae4", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0)
ioctl$KVM_RUN(r6, 0xae80, 0x0)
migrate_pages(0x0, 0xc, &(0x7f0000000780)=0xd, &(0x7f0000000080)=0x273)
ioctl$KVM_XEN_HVM_CONFIG(r4, 0x4038ae7a, &(0x7f0000000680)={0x5, 0x400000b4, &(0x7f00000002c0)="d8f120b4788dcd20af88bfa6cb4e21cabc796590fba18187a5acc48352adea9a88e936a2c3b67f71c03285f73fc4a1705bba", &(0x7f0000000640)="ad522042246f93b98027c7d08a03cbe15a57cc2d4427aa6ac8d8007d915974d1bb66e488ab4a2a30e3ed023ef623", 0x32, 0x2e})
ioctl$DRM_IOCTL_GET_CLIENT(r4, 0xc0286405, &(0x7f0000000180)={0x2, 0x9, {<r10=>0xffffffffffffffff}, {}, 0xb638, 0x9960000000})
ioctl$DMA_HEAP_IOCTL_ALLOC(0xffffffffffffffff, 0xc0184800, &(0x7f0000000280)={0x6, <r11=>r4, 0x2})
io_uring_register$IORING_REGISTER_RING_FDS(r11, 0x14, &(0x7f0000000800)=[{0x0, 0x1, 0x0, &(0x7f0000000780), &(0x7f00000007c0)=[0x5, 0x7, 0x8000000000000001, 0xfffffffffffffff0, 0x0, 0x8, 0xff]}], 0x1)
ptrace$ARCH_GET_GS(0x1e, r10, &(0x7f0000000200), 0x1004)
socket$inet_mptcp(0x2, 0x1, 0x106)
socket$alg(0x26, 0x5, 0x0)

241.273444ms ago: executing program 0 (id=467):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
read(r0, &(0x7f0000000f00)=""/43, 0x2b)
move_pages(0x0, 0x0, &(0x7f0000000040), &(0x7f0000000000)=[0xffffffff, 0x8], &(0x7f0000000000), 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000080)={'gretap0\x00', &(0x7f0000000240)={'gre0\x00', 0x0, 0x700, 0x7, 0x434, 0x1, {{0x19, 0x4, 0x0, 0x5, 0x64, 0x68, 0x0, 0xf9, 0x2f, 0x0, @local, @dev={0xac, 0x14, 0x14, 0x1c}, {[@timestamp_addr={0x44, 0x2c, 0xee, 0x1, 0x7, [{@loopback, 0x9}, {@local, 0x1b3}, {@multicast2, 0xa7}, {@private=0xa010105, 0x8}, {@local, 0x100}]}, @noop, @rr={0x7, 0x7, 0xef, [@initdev={0xac, 0x1e, 0x0, 0x0}]}, @rr={0x7, 0xb, 0xec, [@initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast]}, @timestamp={0x44, 0xc, 0x7b, 0x0, 0x6, [0xc9d, 0x3ae]}, @ra={0x94, 0x4, 0x1}]}}}}})
sendmsg$ETHTOOL_MSG_COALESCE_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000300)=ANY=[], 0x20}}, 0x0)
r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$USBDEVFS_CLAIM_PORT(r1, 0x80045518, &(0x7f0000000140)=0x5)
r2 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="140100002800010004000000f8dbdf2503"], 0x114}], 0x1, 0x0, 0x0, 0x1}, 0x0)
r3 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000002280), 0x602, 0x0)
ppoll(&(0x7f0000002540)=[{r3, 0x80}], 0x1, &(0x7f0000002580)={0x0, 0x989680}, 0x0, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x101040, 0x10)

181.061263ms ago: executing program 0 (id=468):
ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x82, 0x3, 0x0, 0x717e387b, 0x3d, "1a004e0078768000", 0x4, 0x2})
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2, 0x4)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f0000006300)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x20000000, 0xfbc6df49f94ee5ae}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0)
ioctl$SG_SET_DEBUG(r2, 0xc0046686, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r3, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"})
ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000000c0)=0xf9)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000140)=0xff)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000180)=0x7)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000600)=0x60)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000100)=0x60)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/oss_mixer\x00', 0x202, 0x0)
ioctl$TCSETSF2(0xffffffffffffffff, 0x402c542d, &(0x7f0000000040)={0x82, 0x3, 0x0, 0x717e387b, 0x3d, "1a004e0078768000", 0x4, 0x2}) (async)
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2, 0x4) (async)
openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) (async)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) (async)
read$FUSE(r0, &(0x7f0000006300)={0x2020}, 0x2020) (async)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x20000000, 0xfbc6df49f94ee5ae}}, 0x50) (async)
syz_fuse_handle_req(r0, &(0x7f00000021c0)="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003dc150f4000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f50000000000000000000000000000000000000000000000000000000000000000000000000000000000c6d90000000000001354c4b6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a00", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x80101, 0x0) (async)
ioctl$SG_SET_DEBUG(r2, 0xc0046686, 0x0) (async)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) (async)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000000)=0x15) (async)
ioctl$TCSETS(r3, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"}) (async)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f00000000c0)=0xf9) (async)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000140)=0xff) (async)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000180)=0x7) (async)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000600)=0x60) (async)
ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000100)=0x60) (async)
openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/oss_mixer\x00', 0x202, 0x0) (async)

129.805667ms ago: executing program 1 (id=469):
syz_init_net_socket$ax25(0x3, 0x5, 0xcb)
fsopen(0x0, 0x0)
r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x88800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$TCSETSF2(0xffffffffffffffff, 0x8926, &(0x7f0000000000)={0x9, 0x4, 0x8, 0x0, 0xc, "a533b6aaf9f659ff35036bf79d8b4c2a246305", 0xe7, 0x8})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0xfffffffffffffffb, 0x6, 0x0, 0x4, 0x10003, 0x2, 0x400200cc4, 0x5, 0x7d, 0x1000000000000000, 0x0, 0x8000, 0x2, 0x1, 0xb9, 0x8d], 0xeeee8000, 0x2011c0})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

11.263485ms ago: executing program 3 (id=470):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast1}}}, 0x88)
setsockopt$inet_MCAST_MSFILTER(r0, 0x0, 0x30, &(0x7f0000000940)=ANY=[@ANYBLOB="020000000000000002000000e0000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000880000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000002000000e00000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000064010102000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000e000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002"], 0x310)

10.564756ms ago: executing program 1 (id=471):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000540), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r4, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f00000002c0)={&(0x7f0000000200), 0xc, &(0x7f0000000280)={&(0x7f0000000440)={0x518, r1, 0x200, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x6e, 0x47}}}}, [@NL80211_ATTR_TX_RATES={0x54, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x1c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x6, 0x1, [0x16, 0x12]}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_6GHZ={0x34, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xd, 0x1, [0x36, 0x60, 0x24, 0xc, 0x16, 0x0, 0x6c, 0x6, 0x4]}, @NL80211_TXRATE_LEGACY={0x18, 0x1, [0x48, 0x3, 0x30, 0x18, 0x60, 0x9cb1cceb92a6eb43, 0x24, 0x60, 0x30, 0x4, 0x9, 0x1d, 0x5, 0x18, 0x24, 0xc, 0x12, 0x48, 0x4, 0x0]}, @NL80211_TXRATE_HE_LTF={0x5}]}]}, @NL80211_ATTR_TX_RATES={0x100, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x20, 0x1, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0xa, 0x40, 0x6, 0x100, 0x6, 0x6, 0x3, 0x800]}}, @NL80211_TXRATE_HE_LTF={0x5}]}, @NL80211_BAND_60GHZ={0x54, 0x2, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4f, 0x2, [{0x0, 0x9}, {0x2, 0x3}, {0x1, 0x6}, {0x4, 0xa}, {0x4, 0x4}, {0x3, 0x1}, {0x2, 0x3}, {0x3, 0xa}, {0x5, 0x8}, {0x3, 0x1}, {0x7, 0x8}, {0x7, 0x2}, {0x5}, {0x3, 0x6}, {0x0, 0xa}, {0x2, 0x5}, {0x3, 0x6}, {0x6, 0x9}, {0x7, 0x8}, {0x1, 0x9}, {0x2, 0x4}, {0x7}, {0x5, 0xa}, {0x0, 0x3}, {0x3, 0x9}, {0x0, 0x2}, {0x1, 0x2}, {0x3, 0x7}, {0x1, 0x8}, {0x0, 0x6}, {0x7, 0x2}, {0x1, 0x4}, {0x5, 0x9}, {0x3}, {0x0, 0x9}, {0x5, 0x9}, {0x0, 0x9}, {0x3, 0x5}, {0x6, 0x8}, {0x6, 0x5}, {0x5, 0x1}, {0x5, 0x7}, {0x7, 0x7}, {0x5, 0x7}, {0x0, 0x8}, {0x7}, {0x1, 0x7}, {0x0, 0x2}, {0x3, 0x2}, {0x1, 0x7}, {0x7, 0x4}, {0x2, 0x2}, {0x1}, {0x4}, {0x2, 0x8}, {0x3, 0x9}, {0x3, 0x6}, {0x2}, {0x1, 0x9}, {0x6, 0x2}, {0x7, 0x1}, {0x4, 0x2}, {0x2, 0x2}, {0x3, 0x8}, {0x1, 0x5}, {0x6, 0x2}, {0x1, 0x5}, {0x2, 0x7}, {0x5, 0x3}, {0x1, 0x6}, {0x6, 0x5}, {0x4, 0x9}, {0x1, 0x3}, {0x5, 0x3}, {0x0, 0x8}]}]}, @NL80211_BAND_5GHZ={0x60, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0xc, 0xfffb, 0x5, 0x4, 0x81, 0x1, 0x5, 0x101]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x19, 0x8824, 0xfffd, 0x1, 0x6, 0x405e, 0x8, 0x2]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x5, 0x6, 0x1ff, 0x7, 0x2, 0x8000, 0xffff, 0xffff]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}]}, @NL80211_BAND_5GHZ={0x28, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_LEGACY={0x11, 0x1, [0x1b, 0x22, 0x3, 0xb, 0x16, 0x30, 0x30, 0x16, 0x2, 0x2, 0x0, 0xb, 0x12]}, @NL80211_TXRATE_GI={0x5}]}]}, @NL80211_ATTR_TX_RATES={0x1c4, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x24, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_LEGACY={0x17, 0x1, [0x0, 0x36, 0x2, 0x1b, 0x9, 0x30, 0x5, 0x73, 0xc, 0x3, 0x3, 0x11, 0x3, 0x3, 0x48, 0x2, 0x18, 0x18, 0x1b]}]}, @NL80211_BAND_2GHZ={0xc0, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0xd5, 0x7, 0x26c3, 0x0, 0xd05, 0x10, 0xffff, 0xfff7]}}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x2}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HT={0x3b, 0x2, [{0x4, 0x1}, {0x5, 0x8}, {0x7, 0x1}, {0x2, 0x3}, {0x0, 0x4}, {0x4, 0x5}, {0x5, 0x8}, {0x0, 0x8}, {0x5, 0x8}, {0x0, 0x5}, {0x5, 0x2}, {}, {0x5, 0x9}, {0x2, 0x2}, {0x1, 0x1}, {0x1, 0x8}, {0x2, 0x9}, {0x1, 0x7}, {0x5, 0x3}, {0x0, 0x9}, {0x5, 0x2}, {0x0, 0x4}, {0x2, 0xa}, {0x7, 0x9}, {0x2}, {0x0, 0x5}, {0x7}, {0x7, 0x2}, {0x1, 0x2}, {0x3, 0x6}, {0x1}, {0x0, 0x1}, {0x1, 0x5}, {0x2, 0x1}, {0x2, 0x9}, {0x3, 0x6}, {0x2, 0x1}, {0x0, 0x2}, {0x7, 0x8}, {0x6}, {0x5, 0x3}, {0x7, 0x2}, {0x1, 0x2}, {0x4, 0x2}, {0x7, 0x5}, {0x0, 0x8}, {0x0, 0x5}, {0x4, 0x6}, {0x1, 0x6}, {0x4, 0x7}, {0x7, 0x2}, {0x5, 0x5}, {0x2, 0x1}, {0x1}, {0x0, 0x2}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xf, 0x4, 0x0, 0x5, 0xb0, 0x6f7a, 0x7, 0x5]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xa3a, 0x8, 0x2, 0x101, 0x0, 0x7, 0xf, 0x7]}}, @NL80211_TXRATE_HT={0x1b, 0x2, [{0x2}, {0x0, 0x3}, {0x2, 0x7}, {0x0, 0x9}, {0x3, 0x1f}, {0x0, 0x6}, {0x7, 0x9}, {0x4, 0x8}, {0x5, 0x3}, {0x0, 0x9}, {0x6, 0x2}, {0x2, 0x5}, {0x4, 0x5}, {0x2, 0x2}, {0x1, 0x7}, {0x6, 0x6}, {0x1, 0x1}, {0x1, 0x4}, {0x7, 0x4}, {0x5, 0x1}, {0x2, 0x4}, {0x5, 0x5}, {0x1}]}]}, @NL80211_BAND_5GHZ={0x4c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0xe, 0x1, [0x5, 0x24, 0x1, 0x4, 0x60, 0x2a, 0x12, 0x2, 0x6c, 0x4]}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x7, 0x9, 0x5, 0x7f, 0x0, 0x656d, 0x6830, 0x1]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x800, 0x40, 0x2, 0x40, 0x81, 0xd, 0x6]}}, @NL80211_TXRATE_HE_GI={0x5}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}]}, @NL80211_BAND_5GHZ={0x50, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x41, 0x2, [{0x1, 0x6}, {0x4, 0x4}, {0x6, 0x9}, {0x7, 0x8}, {0x6, 0x7}, {0x1, 0x3}, {0x0, 0x7}, {0x2, 0x2}, {0x0, 0x7}, {0x7, 0x2}, {0x1, 0xa}, {0x0, 0xa}, {0x5, 0x5}, {0x1, 0x8}, {0x2, 0x6}, {0x7, 0x3}, {0x1}, {0x1, 0x2}, {0x5}, {0x0, 0x2}, {0x0, 0x5}, {0x1, 0x2}, {0x4, 0x5}, {0x4, 0xa}, {0x1, 0xa}, {0x1, 0x2}, {0x0, 0x8}, {0x1}, {0x7}, {0x3, 0x1}, {0x2, 0xa}, {0x3, 0x6}, {0x2, 0x3}, {0x1, 0x7}, {0x1, 0x4}, {0x2, 0x4}, {0x3, 0x3}, {0x7, 0x9}, {0x1, 0x2}, {0x3}, {0x1, 0x9}, {0x0, 0x3}, {0x1, 0x4}, {0x6}, {0x4, 0x2}, {0x5, 0x4}, {0x7, 0x6}, {0x0, 0x3}, {0x1, 0x8}, {0x3, 0x1}, {0x2, 0x6}, {0x5, 0x3}, {0x0, 0x7}, {0x4, 0x6}, {0x5, 0x7}, {0x6, 0x1}, {0x3, 0xa}, {0x2, 0x5}, {0x7, 0x2}, {0x6, 0x3}, {0x4, 0x4}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}]}, @NL80211_BAND_6GHZ={0x40, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x4, 0xfff8, 0x5, 0xbf, 0x6, 0x400, 0x3, 0xff]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0xa, 0xd, 0x65, 0x9, 0x1, 0xa8c, 0x9, 0x401]}}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x5, 0x2, 0x8, 0x1, 0x7, 0x800, 0x200, 0x101]}}]}]}, @NL80211_ATTR_TX_RATES={0x7c, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x60, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_HT={0x1a, 0x2, [{0x7, 0x6}, {0x6}, {0x7, 0x3}, {0x5, 0x6}, {0x3, 0x3}, {0x1, 0x7}, {0x5}, {0x7, 0x1}, {0x5, 0x7}, {0x2}, {0x7, 0x1}, {0x0, 0x6}, {0x0, 0xa}, {0x3, 0x4}, {0x0, 0x5}, {0x1, 0x5}, {0x0, 0x7}, {0x4, 0x9}, {0x2}, {0x3}, {0x5, 0x8}, {0x2}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_HE_GI={0x5, 0x6, 0x1}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x8000, 0x45, 0x6, 0xe, 0x5, 0x8, 0x7f, 0x3ff]}}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x1}, @NL80211_TXRATE_HE_GI={0x5}]}, @NL80211_BAND_5GHZ={0x18, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x14, 0x1, [0xc, 0x4, 0xb, 0x5, 0x6, 0x61, 0x60, 0x6, 0x60, 0x3, 0x36, 0x2, 0x12, 0x30, 0x48, 0xb]}]}]}, @NL80211_ATTR_TX_RATES={0x15c, 0x5a, 0x0, 0x1, [@NL80211_BAND_60GHZ={0xd4, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x7f, 0x7, 0x5, 0x1, 0x3, 0x66e8, 0x5, 0xb5e]}}, @NL80211_TXRATE_LEGACY={0x8, 0x1, [0x2, 0x60, 0x0, 0x48]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x1, 0x3, 0xf000, 0x2, 0x1, 0x3ff, 0xade6]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x0, 0x2, 0x7, 0x7, 0x0, 0x4984, 0x869]}}, @NL80211_TXRATE_LEGACY={0x20, 0x1, [0x30, 0x6c, 0x3, 0x6, 0x60, 0x3, 0xf, 0x12, 0x24, 0x48, 0x3, 0x18, 0x24, 0x9, 0x6c, 0x1b, 0x6, 0x6, 0xb, 0x24, 0x11, 0x1b, 0x4, 0xb, 0x5, 0x6, 0x5, 0x48]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HT={0x34, 0x2, [{0x7, 0x4}, {0x4, 0x2}, {0x1}, {0x5, 0x4}, {0x7, 0xa}, {0x7, 0x8}, {0x3, 0x4}, {0x7, 0x6}, {0x3}, {0x2, 0x4}, {0x1, 0x2}, {0x4, 0x7}, {0x0, 0x8}, {0x6, 0x4}, {0x1, 0x2}, {0x6, 0x1}, {0x4}, {0x7, 0xa}, {0x6, 0xa}, {0x1, 0x9}, {0x7, 0xa}, {0x6, 0xa}, {0x1, 0x7}, {0x4, 0x5}, {0x4, 0x1}, {0x0, 0x2}, {0x5}, {0x1, 0x3}, {0x2, 0x1}, {0x5, 0x7}, {0x6, 0x6}, {0x4, 0x8}, {0x3}, {0x7, 0x5}, {0x4, 0x5}, {0x1, 0x6}, {}, {0x5, 0x6}, {0x4, 0x6}, {0x3}, {0x1, 0x5}, {0x7, 0x8}, {0x5}, {0x0, 0x8}, {0x3, 0x4}, {0x0, 0x2}, {0x5, 0x1}, {0x2, 0x4}]}, @NL80211_TXRATE_HE_LTF={0x5, 0x7, 0x2}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x9a0b, 0xc762, 0x3, 0x6, 0xffff, 0x7, 0x1ff, 0x6]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0xc, 0x8c7b, 0x2, 0x7, 0x7, 0x2, 0x1000]}}]}, @NL80211_BAND_2GHZ={0x84, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4f, 0x2, [{0x4, 0x6}, {0x2}, {0x0, 0x2}, {0x0, 0x3}, {0x4, 0x7}, {0x6, 0x8}, {0x6}, {0x2, 0x4}, {}, {0x6, 0x6}, {0x3, 0x5}, {0x5, 0x9}, {0x7, 0xa}, {0x7, 0x8}, {0x5, 0x2}, {0x7, 0x4}, {0x0, 0x5}, {0x1, 0x5}, {0x3, 0xa}, {0x7, 0x1}, {0x1, 0x3}, {0x6, 0x3}, {0x0, 0x4}, {}, {0x1}, {0x3, 0x7}, {0x3, 0x7}, {0x0, 0xa}, {0x5, 0x5}, {0x4}, {0x5}, {0x5, 0x9}, {}, {0x1, 0x1}, {0x3, 0x6}, {0x5, 0x5}, {0x2}, {0x0, 0x2}, {0x3, 0x6}, {0x0, 0x8}, {0x2, 0x9}, {0x5, 0x5}, {0x3, 0x2}, {0x5, 0x2}, {0x0, 0x5}, {0x3, 0x3}, {0x5, 0x2}, {0x6, 0x9}, {0x4, 0x2}, {0x5}, {0x1, 0x8}, {0x3, 0xa}, {0x1, 0x8}, {0x5, 0x9}, {0x5, 0x5}, {0x1, 0x5}, {0x4, 0x4}, {0x5, 0x1}, {0x4, 0x1}, {0x3, 0x1}, {0x3, 0xa}, {0x3, 0x8}, {0x0, 0x7}, {0x7}, {0x6, 0x3}, {0x4, 0x9}, {0x7, 0x6}, {0x2, 0x4}, {0x4, 0x8}, {0x5}, {0x4, 0x8}, {0x0, 0x6}, {0x1, 0x3}, {0x2, 0x9}, {0x1, 0x2}]}, @NL80211_TXRATE_HE_LTF={0x5}, @NL80211_TXRATE_HE={0x14, 0x5, {[0x36, 0x6, 0x0, 0xb7, 0x8, 0x3, 0x5, 0x4]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7, 0xc000, 0x0, 0xfff9, 0x7, 0xe00, 0x2, 0x3fe7]}}]}]}]}, 0x518}, 0x1, 0x0, 0x0, 0x40000}, 0x40000)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000000c0)={0x14, 0x16, 0xf15, 0x0, 0x0, "", [@typed={0xc20}]}, 0x14}], 0x1}, 0x0)
r6 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r7 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/rcu_normal', 0x400a80, 0xa0)
mount$binderfs(0x0, &(0x7f00000001c0)='./binderfs\x00', 0x0, 0x3f, 0x0)
fgetxattr(r7, &(0x7f0000000000)=ANY=[@ANYBLOB="94797374656d2e2824040000002c272c2e00"], &(0x7f0000000100)=""/222, 0xde)
connect$rose(0xffffffffffffffff, &(0x7f0000000300)=@full={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x0, [@null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x40)
ioctl$BTRFS_IOC_BALANCE_CTL(r7, 0x40049421, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_DELRULE={0x7a, 0x8, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0xa}, [@NFTA_RULE_ID={0x8}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x2}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0x1}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @fwd={{0x8}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_FWD_SREG_ADDR={0x8, 0x2, 0x1, 0x0, 0xa}, @NFTA_FWD_NFPROTO={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_FWD_SREG_DEV={0x8, 0x1, 0x1, 0x0, 0x15}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xd4}}, 0x0)
getsockopt$rose(r6, 0x104, 0x6, &(0x7f0000000040), &(0x7f00000000c0)=0x4)

0s ago: executing program 1 (id=472):
capset(&(0x7f0000000280)={0x20071026}, &(0x7f0000000340))
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/diskstats\x00', 0x0, 0x0)
read$FUSE(r0, &(0x7f0000000200)={0x2020, 0x0, 0x0, <r1=>0x0}, 0x2020)
r2 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000021c0)='./file0\x00', 0x3a)
mount$tmpfs(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000002200), 0x800004, 0x0)
mount$tmpfs(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYRESDEC=r1])
syz_usb_control_io(r2, 0x0, 0x0)
getsockopt$TIPC_IMPORTANCE(r0, 0x10f, 0x7f, &(0x7f0000000080), &(0x7f00000000c0)=0x4)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r3, 0x0, 0x0)
lsetxattr$security_selinux(&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0), &(0x7f0000000200)='system_u:object_r:sudo_exec_t:s0\x00', 0x21, 0x3)

kernel console output (not intermixed with test programs):

[   44.213985][   T40] audit: type=1400 audit(1764975994.487:59): avc:  denied  { write } for  pid=5837 comm="sh" path="pipe:[1814]" dev="pipefs" ino=1814 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[   44.223557][   T40] audit: type=1400 audit(1764975994.487:60): avc:  denied  { rlimitinh } for  pid=5837 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   44.231258][   T40] audit: type=1400 audit(1764975994.487:61): avc:  denied  { siginh } for  pid=5837 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
Warning: Permanently added '[localhost]:29403' (ED25519) to the list of known hosts.
[   46.620435][   T40] audit: type=1400 audit(1764975996.907:62): avc:  denied  { name_bind } for  pid=5850 comm="sshd-session" src=30000 scontext=system_u:system_r:sshd_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[   46.648731][   T40] audit: type=1400 audit(1764975996.937:63): avc:  denied  { execute } for  pid=5851 comm="sh" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[   46.656374][   T40] audit: type=1400 audit(1764975996.937:64): avc:  denied  { execute_no_trans } for  pid=5851 comm="sh" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[   48.607880][   T40] audit: type=1400 audit(1764975998.897:65): avc:  denied  { mounton } for  pid=5851 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2022 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1
[   48.618444][   T40] audit: type=1400 audit(1764975998.917:66): avc:  denied  { mount } for  pid=5851 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[   48.620858][ T5851] cgroup: Unknown subsys name 'net'
[   48.795458][ T5851] cgroup: Unknown subsys name 'cpuset'
[   48.799926][ T5851] cgroup: Unknown subsys name 'rlimit'
[   49.077092][ T5915] SELinux:  Context root:object_r:swapfile_t is not valid (left unmapped).
Setting up swapspace version 1, size = 127995904 bytes
[   49.746700][ T5851] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   53.750133][   T40] kauditd_printk_skb: 18 callbacks suppressed
[   53.750143][   T40] audit: type=1400 audit(1764976004.037:85): avc:  denied  { execmem } for  pid=5930 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1
[   53.953592][   T40] audit: type=1400 audit(1764976004.247:86): avc:  denied  { create } for  pid=5933 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   53.965939][   T40] audit: type=1400 audit(1764976004.247:87): avc:  denied  { read write } for  pid=5933 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[   53.982869][   T40] audit: type=1400 audit(1764976004.247:88): avc:  denied  { open } for  pid=5933 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1291 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[   53.990387][   T40] audit: type=1400 audit(1764976004.247:89): avc:  denied  { ioctl } for  pid=5933 comm="syz-executor" path="socket:[8213]" dev="sockfs" ino=8213 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   53.996532][ T5296] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   54.015064][ T5942] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   54.019332][ T5942] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   54.029924][ T5946] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   54.033741][ T5935] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   54.037131][ T5935] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   54.040230][ T5935] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   54.043217][ T5935] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   54.053180][ T5947] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   54.056282][ T5946] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   54.056488][ T5947] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   54.061443][ T5935] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   54.061652][ T5946] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   54.062005][ T5947] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   54.062368][ T5947] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   54.062594][ T5947] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   54.066347][   T40] audit: type=1400 audit(1764976004.357:90): avc:  denied  { read } for  pid=5940 comm="syz-executor" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   54.068361][ T5935] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   54.073076][   T40] audit: type=1400 audit(1764976004.357:91): avc:  denied  { open } for  pid=5940 comm="syz-executor" path="net:[4026531833]" dev="nsfs" ino=4026531833 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1
[   54.079996][ T5935] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   54.081754][   T40] audit: type=1400 audit(1764976004.357:92): avc:  denied  { mounton } for  pid=5940 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1
[   54.096879][ T5296] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   54.104500][ T5296] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   54.300850][   T40] audit: type=1400 audit(1764976004.587:93): avc:  denied  { module_request } for  pid=5940 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[   54.385404][ T5940] chnl_net:caif_netlink_parms(): no params data found
[   54.424988][ T5937] chnl_net:caif_netlink_parms(): no params data found
[   54.489755][ T5933] chnl_net:caif_netlink_parms(): no params data found
[   54.556865][ T5941] chnl_net:caif_netlink_parms(): no params data found
[   54.600882][ T5937] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.604150][ T5937] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.606771][ T5937] bridge_slave_0: entered allmulticast mode
[   54.609455][ T5937] bridge_slave_0: entered promiscuous mode
[   54.617379][ T5940] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.619666][ T5940] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.622027][ T5940] bridge_slave_0: entered allmulticast mode
[   54.624828][ T5940] bridge_slave_0: entered promiscuous mode
[   54.634254][ T5937] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.636571][ T5937] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.638903][ T5937] bridge_slave_1: entered allmulticast mode
[   54.641494][ T5937] bridge_slave_1: entered promiscuous mode
[   54.648554][ T5940] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.651651][ T5940] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.654872][ T5940] bridge_slave_1: entered allmulticast mode
[   54.658715][ T5940] bridge_slave_1: entered promiscuous mode
[   54.750435][ T5937] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.776800][ T5940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.780804][ T5937] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.789101][ T5933] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.792051][ T5933] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.794835][ T5933] bridge_slave_0: entered allmulticast mode
[   54.797452][ T5933] bridge_slave_0: entered promiscuous mode
[   54.801436][ T5940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.817609][ T5941] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.820665][ T5941] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.823813][ T5941] bridge_slave_0: entered allmulticast mode
[   54.827618][ T5941] bridge_slave_0: entered promiscuous mode
[   54.832013][ T5933] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.835218][ T5933] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.838115][ T5933] bridge_slave_1: entered allmulticast mode
[   54.840685][ T5933] bridge_slave_1: entered promiscuous mode
[   54.857373][ T5937] team0: Port device team_slave_0 added
[   54.859843][ T5941] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.862833][ T5941] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.865673][ T5941] bridge_slave_1: entered allmulticast mode
[   54.868427][ T5941] bridge_slave_1: entered promiscuous mode
[   54.887927][ T5940] team0: Port device team_slave_0 added
[   54.890591][ T5937] team0: Port device team_slave_1 added
[   54.900768][ T5940] team0: Port device team_slave_1 added
[   54.911784][ T5933] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.921341][ T5933] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.940724][ T5941] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.968352][ T5933] team0: Port device team_slave_0 added
[   54.972094][ T5941] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.976761][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.979113][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   54.987847][ T5937] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.992956][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.995868][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   55.006682][ T5940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.013383][ T5933] team0: Port device team_slave_1 added
[   55.021990][ T5937] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.024910][ T5937] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   55.034972][ T5937] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.039993][ T5940] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.042929][ T5940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   55.053440][ T5940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.089180][ T5941] team0: Port device team_slave_0 added
[   55.097633][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.100180][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   55.109470][ T5933] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.115349][ T5933] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.117937][ T5933] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   55.128400][ T5933] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.135012][ T5941] team0: Port device team_slave_1 added
[   55.208688][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.211635][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   55.222448][ T5941] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.232561][ T5940] hsr_slave_0: entered promiscuous mode
[   55.235987][ T5940] hsr_slave_1: entered promiscuous mode
[   55.255455][ T5937] hsr_slave_0: entered promiscuous mode
[   55.258665][ T5937] hsr_slave_1: entered promiscuous mode
[   55.261567][ T5937] debugfs: 'hsr0' already exists in 'hsr'
[   55.264478][ T5937] Cannot create hsr debugfs directory
[   55.267380][ T5941] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.269870][ T5941] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   55.279918][ T5941] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.299843][ T5933] hsr_slave_0: entered promiscuous mode
[   55.304763][ T5933] hsr_slave_1: entered promiscuous mode
[   55.307725][ T5933] debugfs: 'hsr0' already exists in 'hsr'
[   55.310089][ T5933] Cannot create hsr debugfs directory
[   55.430927][ T5941] hsr_slave_0: entered promiscuous mode
[   55.434236][ T5941] hsr_slave_1: entered promiscuous mode
[   55.436513][ T5941] debugfs: 'hsr0' already exists in 'hsr'
[   55.438256][ T5941] Cannot create hsr debugfs directory
[   55.747478][ T5940] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   55.757470][ T5940] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   55.775471][ T5940] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   55.782130][ T5940] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   55.824863][ T5933] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   55.835916][ T5933] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   55.842214][ T5933] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   55.849179][ T5933] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   55.911020][ T5937] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   55.921647][ T5937] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   55.926592][ T5937] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   55.932503][ T5937] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   56.015486][ T5941] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   56.019817][ T5941] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   56.024316][ T5941] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   56.029226][ T5941] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   56.041939][ T5940] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.069078][ T5940] 8021q: adding VLAN 0 to HW filter on device team0
[   56.081942][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.084447][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.106093][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.108433][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.128837][ T5933] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.143753][ T5296] Bluetooth: hci1: command tx timeout
[   56.145193][ T5939] Bluetooth: hci0: command tx timeout
[   56.146265][   T64] Bluetooth: hci3: command tx timeout
[   56.148071][ T5937] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.154344][ T5935] Bluetooth: hci2: command tx timeout
[   56.169539][ T5933] 8021q: adding VLAN 0 to HW filter on device team0
[   56.177120][ T5937] 8021q: adding VLAN 0 to HW filter on device team0
[   56.181433][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.183953][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.194372][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.196691][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.204435][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.206747][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.214382][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.216704][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.258968][   T40] audit: type=1400 audit(1764976006.547:94): avc:  denied  { sys_module } for  pid=5940 comm="syz-executor" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[   56.270332][ T5941] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.299809][ T5941] 8021q: adding VLAN 0 to HW filter on device team0
[   56.316245][  T198] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.318658][  T198] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.331116][  T198] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.334175][  T198] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.367938][ T5940] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.427686][ T5940] veth0_vlan: entered promiscuous mode
[   56.437056][ T5940] veth1_vlan: entered promiscuous mode
[   56.456182][ T5937] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.476843][ T5940] veth0_macvtap: entered promiscuous mode
[   56.484371][ T5933] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.488870][ T5940] veth1_macvtap: entered promiscuous mode
[   56.507600][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.516210][ T5940] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.519687][ T5937] veth0_vlan: entered promiscuous mode
[   56.524575][ T5941] 8021q: adding VLAN 0 to HW filter on device batadv0
[   56.533421][ T5937] veth1_vlan: entered promiscuous mode
[   56.538355][  T198] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.545232][  T198] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.548101][  T198] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.554289][  T198] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.579786][ T5933] veth0_vlan: entered promiscuous mode
[   56.611834][ T5933] veth1_vlan: entered promiscuous mode
[   56.616662][ T5941] veth0_vlan: entered promiscuous mode
[   56.620275][  T198] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.624531][  T198] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.624548][ T5937] veth0_macvtap: entered promiscuous mode
[   56.643516][ T5941] veth1_vlan: entered promiscuous mode
[   56.646673][ T5937] veth1_macvtap: entered promiscuous mode
[   56.654016][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.656752][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.669994][ T5933] veth0_macvtap: entered promiscuous mode
[   56.679445][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.685366][ T5933] veth1_macvtap: entered promiscuous mode
[   56.692489][ T5937] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.701983][ T5940] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   56.705921][ T5941] veth0_macvtap: entered promiscuous mode
[   56.710666][   T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.714976][   T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.719549][   T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.722375][   T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.726473][ T5941] veth1_macvtap: entered promiscuous mode
[   56.737367][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.756894][ T5933] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.762317][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_0
[   56.776798][   T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.781093][ T5941] batman_adv: batadv0: Interface activated: batadv_slave_1
[   56.789723][   T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.795287][   T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.806173][   T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.820728][   T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   56.824242][   T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   56.840328][   T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   56.846113][   T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   56.850942][ T6024] kAFS: unable to lookup cell '(,c¾ûL'
[   56.855103][ T6024] kAFS: unable to lookup cell '(,'
[   56.863916][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.866453][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.914873][ T1143] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.917566][ T1143] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.937980][ T1143] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.941654][ T1143] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.964705][ T1145] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   56.967319][ T1145] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   56.990354][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.010648][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.035431][ T1145] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.042787][ T1145] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.268854][   T64] Bluetooth: hci2: Malformed Event: 0x2f
[   57.270576][ T5939] Bluetooth: hci0: Malformed Event: 0x2f
[   57.294181][ T6053] faux_driver vgem: [drm] Unknown color mode 181; guessing buffer size.
[   57.361767][ T6058] netlink: 52 bytes leftover after parsing attributes in process `syz.1.11'.
[   57.370563][ T6058] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.374287][ T6058] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.400318][ T6062] netlink: 24 bytes leftover after parsing attributes in process `syz.2.12'.
[   57.412594][ T6063] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6063 comm=syz.1.11
[   57.417017][ T6063] netlink: 76 bytes leftover after parsing attributes in process `syz.1.11'.
[   57.469160][ T6067] program syz.1.11 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   57.492157][ T6063] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.494655][ T6063] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.497142][ T6063] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.500007][ T6063] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.506225][ T6063] netlink: 52 bytes leftover after parsing attributes in process `syz.1.11'.
[   57.536059][ T6063] bridge0: port 2(bridge_slave_1) entered disabled state
[   57.538422][ T6063] bridge0: port 1(bridge_slave_0) entered disabled state
[   57.609548][ T6074] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[   57.756850][ T6088] netlink: 'syz.3.18': attribute type 2 has an invalid length.
[   57.765026][ T6088] netlink: 'syz.3.18': attribute type 2 has an invalid length.
[   57.794779][ T6091] Mount JFS Failure: -22
[   57.875797][ T6091] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17'.
[   57.895971][ T6091] team0 (unregistering): Port device team_slave_0 removed
[   57.900040][ T6091] team0 (unregistering): Port device team_slave_1 removed
[   57.915644][ T5939] Bluetooth: hci1: Malformed Event: 0x2f
[   58.075408][ T5939] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0'
[   58.079483][ T5939] CPU: 0 UID: 0 PID: 5939 Comm: kworker/u33:3 Not tainted syzkaller #0 PREEMPT(full) 
[   58.079499][ T5939] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   58.079508][ T5939] Workqueue: hci0 hci_rx_work
[   58.079525][ T5939] Call Trace:
[   58.079530][ T5939]  <TASK>
[   58.079534][ T5939]  dump_stack_lvl+0x16c/0x1f0
[   58.079552][ T5939]  sysfs_warn_dup+0x7f/0xa0
[   58.079569][ T5939]  sysfs_create_dir_ns+0x24b/0x2b0
[   58.079586][ T5939]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[   58.079603][ T5939]  ? find_held_lock+0x2b/0x80
[   58.079619][ T5939]  ? do_raw_spin_unlock+0x172/0x230
[   58.079650][ T5939]  kobject_add_internal+0x2c4/0x9b0
[   58.079665][ T5939]  kobject_add+0x16e/0x240
[   58.079675][ T5939]  ? __pfx_kobject_add+0x10/0x10
[   58.079687][ T5939]  ? do_raw_spin_unlock+0x172/0x230
[   58.079698][ T5939]  ? kobject_put+0xab/0x590
[   58.079711][ T5939]  device_add+0x288/0x1950
[   58.079727][ T5939]  ? __pfx_dev_set_name+0x10/0x10
[   58.079741][ T5939]  ? __pfx_device_add+0x10/0x10
[   58.079754][ T5939]  ? mgmt_send_event_skb+0x2fb/0x460
[   58.079770][ T5939]  hci_conn_add_sysfs+0x17e/0x230
[   58.079785][ T5939]  le_conn_complete_evt+0x11ed/0x1f20
[   58.079801][ T5939]  ? __pfx_le_conn_complete_evt+0x10/0x10
[   58.079818][ T5939]  hci_le_conn_complete_evt+0x23c/0x370
[   58.079834][ T5939]  hci_le_meta_evt+0x357/0x5e0
[   58.079849][ T5939]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[   58.079868][ T5939]  hci_event_packet+0x685/0x11c0
[   58.079880][ T5939]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   58.079894][ T5939]  ? __pfx_hci_event_packet+0x10/0x10
[   58.079908][ T5939]  ? kcov_remote_start+0x384/0x670
[   58.079921][ T5939]  ? lockdep_hardirqs_on+0x7c/0x110
[   58.079941][ T5939]  hci_rx_work+0x2c9/0xeb0
[   58.079957][ T5939]  process_one_work+0x9ba/0x1b20
[   58.079977][ T5939]  ? __pfx_process_one_work+0x10/0x10
[   58.079996][ T5939]  ? assign_work+0x1a0/0x250
[   58.080011][ T5939]  worker_thread+0x6c8/0xf10
[   58.080030][ T5939]  ? __kthread_parkme+0x19e/0x250
[   58.080042][ T5939]  ? __pfx_worker_thread+0x10/0x10
[   58.080057][ T5939]  kthread+0x3c5/0x780
[   58.080071][ T5939]  ? __pfx_kthread+0x10/0x10
[   58.080085][ T5939]  ? rcu_is_watching+0x12/0xc0
[   58.080099][ T5939]  ? __pfx_kthread+0x10/0x10
[   58.080113][ T5939]  ret_from_fork+0x983/0xb10
[   58.080125][ T5939]  ? __pfx_ret_from_fork+0x10/0x10
[   58.080138][ T5939]  ? __switch_to+0x7af/0x10d0
[   58.080151][ T5939]  ? __pfx_kthread+0x10/0x10
[   58.080165][ T5939]  ret_from_fork_asm+0x1a/0x30
[   58.080187][ T5939]  </TASK>
[   58.080203][ T5939] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory.
[   58.180728][ T5939] Bluetooth: hci0: failed to register connection device
[   58.186301][ T5939] Bluetooth: hci0: Malformed Event: 0x2f
[   58.223596][ T5939] Bluetooth: hci3: command tx timeout
[   58.225844][ T5939] Bluetooth: hci0: command tx timeout
[   58.227909][ T5939] Bluetooth: hci2: command tx timeout
[   58.230099][ T5939] Bluetooth: hci1: command tx timeout
[   58.267547][ T6108] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   58.278898][ T6108] netlink: 212 bytes leftover after parsing attributes in process `syz.3.24'.
[   58.283666][ T6108] netlink: 8 bytes leftover after parsing attributes in process `syz.3.24'.
[   58.292151][ T6108] netdevsim netdevsim3 netdevsim0: entered promiscuous mode
[   58.342738][ T6033] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   58.378684][ T6113] netlink: 'syz.3.26': attribute type 11 has an invalid length.
[   58.381411][ T6113] netlink: 'syz.3.26': attribute type 11 has an invalid length.
[   58.394356][ T6113] netlink: 224 bytes leftover after parsing attributes in process `syz.3.26'.
[   58.405365][ T6112] netlink: 57 bytes leftover after parsing attributes in process `syz.3.26'.
[   58.503307][ T6033] usb 5-1: Using ep0 maxpacket: 8
[   58.565751][ T6033] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[   58.569013][ T6033] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   58.571907][ T6033] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   58.587504][ T6123] netlink: 24 bytes leftover after parsing attributes in process `syz.1.29'.
[   58.640077][ T6126] syz.1.31 uses obsolete (PF_INET,SOCK_PACKET)
[   58.794890][   T40] kauditd_printk_skb: 95 callbacks suppressed
[   58.794910][   T40] audit: type=1400 audit(1764976009.087:190): avc:  denied  { ioctl } for  pid=6103 comm="syz.0.22" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=7984 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[   58.809570][   T40] audit: type=1400 audit(1764976009.087:191): avc:  denied  { create } for  pid=6127 comm="syz.1.32" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   58.816781][   T40] audit: type=1400 audit(1764976009.087:192): avc:  denied  { connect } for  pid=6127 comm="syz.1.32" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[   58.869878][   T40] audit: type=1400 audit(1764976009.157:193): avc:  denied  { bind } for  pid=6131 comm="syz.3.34" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   58.886090][   T40] audit: type=1400 audit(1764976009.177:194): avc:  denied  { listen } for  pid=6131 comm="syz.3.34" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   58.982732][   T40] audit: type=1400 audit(1764976009.267:195): avc:  denied  { ioctl } for  pid=6131 comm="syz.3.34" path="socket:[7142]" dev="sockfs" ino=7142 ioctlcmd=0x6629 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   58.998520][   T40] audit: type=1400 audit(1764976009.277:196): avc:  denied  { getopt } for  pid=6131 comm="syz.3.34" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   59.179054][   T40] audit: type=1400 audit(1764976009.467:197): avc:  denied  { read } for  pid=6148 comm="syz.1.39" name="usbmon0" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   59.187700][   T40] audit: type=1400 audit(1764976009.467:198): avc:  denied  { open } for  pid=6148 comm="syz.1.39" path="/dev/usbmon0" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   59.216071][   T40] audit: type=1400 audit(1764976009.507:199): avc:  denied  { ioctl } for  pid=6148 comm="syz.1.39" path="/dev/usbmon0" dev="devtmpfs" ino=737 ioctlcmd=0x9201 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   59.926699][ T6153] mmap: syz.2.41 (6153) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   59.936809][ T6153] netlink: 'syz.2.41': attribute type 1 has an invalid length.
[   59.940220][ T6153] netlink: 'syz.2.41': attribute type 3 has an invalid length.
[   60.302859][ T5939] Bluetooth: hci1: command 0x040f tx timeout
[   60.303144][ T5949] Bluetooth: hci2: command 0x040f tx timeout
[   60.303325][ T5946] Bluetooth: hci0: command 0x040f tx timeout
[   60.303637][ T5946] Bluetooth: hci3: command tx timeout
[   60.570764][ T6208] netlink: 'syz.1.59': attribute type 22 has an invalid length.
[   60.588015][ T6208] netlink: 'syz.1.59': attribute type 22 has an invalid length.
[   60.588060][   T46] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   60.595782][ T6208] Zero length message leads to an empty skb
[   60.598462][   T46] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   60.602222][   T46] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   60.606724][   T46] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   60.672455][ T6212] netlink: 'syz.1.59': attribute type 1 has an invalid length.
[   60.700892][ T6212] bond1 (unregistering): Released all slaves
[   60.831206][ T6225] overlayfs: conflicting lowerdir path
[   60.861994][ T6226] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   60.867666][ T6226] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   60.881272][ T6226] batman_adv: batadv0: Removing interface: batadv_slave_1
[   61.096223][   T29] usb 5-1: USB disconnect, device number 2
[   61.484613][ T6267] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   61.692792][ T6275] netlink: 'syz.0.79': attribute type 11 has an invalid length.
[   61.699744][ T6275] netlink: 'syz.0.79': attribute type 11 has an invalid length.
[   61.712900][ T6033] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[   61.770851][ T6287] netlink: 'syz.3.84': attribute type 4 has an invalid length.
[   61.777496][ T6289] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   61.779575][ T6287] .`: renamed from bond0 (while UP)
[   61.780478][ T6289] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   61.785781][ T6289] F2FS-fs (loop0): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[   61.788446][ T6289] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock
[   61.799661][   T73] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[   61.802578][   T73] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[   61.807011][   T73] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[   61.813809][   T73] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[   61.829853][ T6291] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.833065][ T6291] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.843843][ T6291] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6291 comm=syz.3.85
[   61.849335][ T6291] bridge0: port 2(bridge_slave_1) entered blocking state
[   61.852434][ T6291] bridge0: port 2(bridge_slave_1) entered forwarding state
[   61.855776][ T6291] bridge0: port 1(bridge_slave_0) entered blocking state
[   61.858745][ T6291] bridge0: port 1(bridge_slave_0) entered forwarding state
[   61.866499][ T6291] bridge0: port 2(bridge_slave_1) entered disabled state
[   61.868901][ T6291] bridge0: port 1(bridge_slave_0) entered disabled state
[   61.892697][ T6033] usb 7-1: Using ep0 maxpacket: 8
[   61.895888][ T6033] usb 7-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[   61.899160][ T6033] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   61.902596][ T6033] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   62.203987][ T6317] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   62.241104][ T6321] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[   62.376828][ T5935] Bluetooth: hci1: Malformed Event: 0x2f
[   62.383392][   T64] Bluetooth: hci1: command 0x040f tx timeout
[   62.385158][ T5935] Bluetooth: hci2: command 0x040f tx timeout
[   62.392854][   T64] Bluetooth: hci0: command 0x040f tx timeout
[   62.394675][ T5935] Bluetooth: hci3: command tx timeout
[   62.608233][ T6292] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   62.612793][   T47] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[   62.762786][   T47] usb 6-1: Using ep0 maxpacket: 8
[   62.766632][   T47] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   62.769846][   T47] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   62.773169][   T47] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   62.776333][   T47] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   62.780758][   T47] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   62.787969][   T47] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   62.794133][ T3245] usb 8-1: new full-speed USB device number 2 using dummy_hcd
[   62.932791][ T3245] usb 8-1: device descriptor read/64, error -71
[   62.995722][   T47] usb 6-1: GET_CAPABILITIES returned 0
[   62.997574][   T47] usbtmc 6-1:16.0: can't read capabilities
[   63.172774][ T3245] usb 8-1: new full-speed USB device number 3 using dummy_hcd
[   63.208665][   T47] usb 6-1: USB disconnect, device number 2
[   63.302759][ T3245] usb 8-1: device descriptor read/64, error -71
[   63.414199][ T3245] usb usb8-port1: attempt power cycle
[   63.763204][ T3245] usb 8-1: new full-speed USB device number 4 using dummy_hcd
[   63.783369][ T3245] usb 8-1: device descriptor read/8, error -71
[   63.878607][   T40] kauditd_printk_skb: 63 callbacks suppressed
[   63.878639][   T40] audit: type=1400 audit(1764976014.167:263): avc:  denied  { read open } for  pid=6364 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1901 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   63.888616][   T40] audit: type=1400 audit(1764976014.167:264): avc:  denied  { getattr } for  pid=6364 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1901 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   63.897246][   T40] audit: type=1400 audit(1764976014.177:265): avc:  denied  { add_name } for  pid=6363 comm="dhcpcd-run-hook" name="resolv.conf.sl0.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[   64.022720][ T3245] usb 8-1: new full-speed USB device number 5 using dummy_hcd
[   64.053199][ T3245] usb 8-1: device descriptor read/8, error -71
[   64.152782][   T34] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   64.162932][ T3245] usb usb8-port1: unable to enumerate USB device
[   64.302780][   T34] usb 5-1: Using ep0 maxpacket: 8
[   64.307067][   T34] usb 5-1: config 0 interface 0 has no altsetting 0
[   64.309961][   T34] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[   64.314168][   T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   64.319793][   T34] usb 5-1: config 0 descriptor??
[   64.462900][   T64] Bluetooth: hci1: command 0x040f tx timeout
[   64.464965][ T5935] Bluetooth: hci2: command 0x040f tx timeout
[   64.467181][ T5296] Bluetooth: hci0: command 0x040f tx timeout
[   64.480348][   T47] usb 7-1: USB disconnect, device number 2
[   64.501691][   T40] audit: type=1400 audit(1764976014.787:266): avc:  denied  { create } for  pid=6381 comm="syz.2.107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   64.520239][   T40] audit: type=1400 audit(1764976014.787:267): avc:  denied  { create } for  pid=6381 comm="syz.2.107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   64.526024][ T6382] binder: 6381:6382 ioctl c0306201 200000000480 returned -22
[   64.526081][ T6383] binder: 6381:6383 ioctl c0306201 200000000480 returned -22
[   64.528903][   T40] audit: type=1400 audit(1764976014.807:268): avc:  denied  { write } for  pid=6381 comm="syz.2.107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   64.540138][   T40] audit: type=1400 audit(1764976014.807:269): avc:  denied  { nlmsg_write } for  pid=6381 comm="syz.2.107" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1
[   64.547746][   T40] audit: type=1400 audit(1764976014.807:270): avc:  denied  { read } for  pid=6381 comm="syz.2.107" name="autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[   64.555436][   T40] audit: type=1400 audit(1764976014.807:271): avc:  denied  { open } for  pid=6381 comm="syz.2.107" path="/dev/autofs" dev="devtmpfs" ino=104 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_device_t tclass=chr_file permissive=1
[   64.562571][   T40] audit: type=1400 audit(1764976014.807:272): avc:  denied  { read } for  pid=6381 comm="syz.2.107" name="binder0" dev="binder" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   64.737016][   T34] mcp2221 0003:04D8:00DD.0002: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[   64.945422][   T34] usb 5-1: USB disconnect, device number 3
[   65.066378][ T5296] Bluetooth: hci0: Malformed Event: 0x2f
[   65.225564][ T6414] kvm: user requested TSC rate below hardware speed
[   65.362885][ T3245] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[   65.512848][ T3245] usb 6-1: Using ep0 maxpacket: 8
[   65.517618][ T3245] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[   65.521798][ T3245] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   65.525742][ T3245] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   65.617455][ T5296] Bluetooth: hci1: Malformed Event: 0x2f
[   65.821252][ T6440] block device autoloading is deprecated and will be removed.
[   66.042981][ T5296] Bluetooth: hci1: Malformed Event: 0x2f
[   66.097026][ T6465] __nla_validate_parse: 15 callbacks suppressed
[   66.097038][ T6465] netlink: 12 bytes leftover after parsing attributes in process `syz.2.136'.
[   66.102008][ T6465] validate_nla: 1 callbacks suppressed
[   66.102016][ T6465] netlink: 'syz.2.136': attribute type 13 has an invalid length.
[   66.111354][ T6465] netlink: 12 bytes leftover after parsing attributes in process `syz.2.136'.
[   66.115677][ T6465] netlink: 'syz.2.136': attribute type 13 has an invalid length.
[   66.183437][ T6472] binder: 6471:6472 ioctl c0306201 200000000080 returned -22
[   66.187370][ T6472] binder: 6471:6472 ioctl c0306201 200000000040 returned -22
[   66.470628][ T5296] Bluetooth: hci1: Malformed Event: 0x2f
[   66.542823][   T64] Bluetooth: hci1: command 0x040f tx timeout
[   66.545048][ T5296] Bluetooth: hci0: command 0x040f tx timeout
[   66.548062][ T5935] Bluetooth: hci2: command 0x040f tx timeout
[   66.720004][ T6507] input: syz0 as /devices/virtual/input/input5
[   66.944458][ T6522] netlink: 52 bytes leftover after parsing attributes in process `syz.3.151'.
[   66.944491][ T6523] netlink: 52 bytes leftover after parsing attributes in process `syz.3.151'.
[   66.950992][ T6522] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   66.951004][ T6523] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[   67.209735][ T5935] Bluetooth: hci3: Malformed Event: 0x2f
[   67.267108][ T6543] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=59 sclass=netlink_route_socket pid=6543 comm=syz.0.159
[   67.272085][ T6543] netlink: 4 bytes leftover after parsing attributes in process `syz.0.159'.
[   67.278045][ T6543] bridge_slave_1: left allmulticast mode
[   67.280392][ T6543] bridge_slave_1: left promiscuous mode
[   67.283016][ T6543] bridge0: port 2(bridge_slave_1) entered disabled state
[   67.290853][ T6543] bridge_slave_0: left allmulticast mode
[   67.294622][ T6543] bridge_slave_0: left promiscuous mode
[   67.297125][ T6543] bridge0: port 1(bridge_slave_0) entered disabled state
[   67.501074][ T6562] macsec0: entered promiscuous mode
[   67.503104][ T6562] macsec0: entered allmulticast mode
[   67.504886][ T6562] veth1_macvtap: entered allmulticast mode
[   67.575699][ T6571] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.587400][ T6572] overlay: Unknown parameter 'euid<00000000000000000000'
[   67.616678][ T6573] netlink: 8 bytes leftover after parsing attributes in process `syz.2.165'.
[   67.620797][ T6573] netlink: 12 bytes leftover after parsing attributes in process `syz.2.165'.
[   67.668701][ T6571] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.748179][ T6571] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.836806][ T6571] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   67.926160][   T13] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.940475][   T13] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.951269][ T6575] netlink: 8 bytes leftover after parsing attributes in process `syz.3.166'.
[   67.952066][   T13] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.967705][   T13] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.089769][ T6584] netlink: 'syz.2.169': attribute type 29 has an invalid length.
[   68.121735][ T5935] Bluetooth: hci1: Malformed Event: 0x2f
[   68.125695][  T849] usb 6-1: USB disconnect, device number 3
[   68.158819][ T6590] xt_CT: You must specify a L4 protocol and not use inversions on it
[   68.225742][ T6598] netlink: 'syz.2.173': attribute type 21 has an invalid length.
[   68.229236][ T6598] netlink: 'syz.2.173': attribute type 6 has an invalid length.
[   68.231705][ T6598] netlink: 132 bytes leftover after parsing attributes in process `syz.2.173'.
[   68.274898][ T6606] FAULT_INJECTION: forcing a failure.
[   68.274898][ T6606] name fail_usercopy, interval 1, probability 0, space 0, times 1
[   68.279325][ T6606] CPU: 1 UID: 0 PID: 6606 Comm: syz.2.175 Not tainted syzkaller #0 PREEMPT(full) 
[   68.279339][ T6606] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.279345][ T6606] Call Trace:
[   68.279350][ T6606]  <TASK>
[   68.279354][ T6606]  dump_stack_lvl+0x16c/0x1f0
[   68.279389][ T6606]  should_fail_ex+0x512/0x640
[   68.279412][ T6606]  _copy_from_user+0x2e/0xd0
[   68.279433][ T6606]  copy_msghdr_from_user+0x98/0x160
[   68.279445][ T6606]  ? __pfx_copy_msghdr_from_user+0x10/0x10
[   68.279454][ T6606]  ? __lock_acquire+0x433/0x22f0
[   68.279479][ T6606]  ___sys_sendmsg+0xfe/0x1d0
[   68.279490][ T6606]  ? __pfx____sys_sendmsg+0x10/0x10
[   68.279499][ T6606]  ? __lock_acquire+0x433/0x22f0
[   68.279528][ T6606]  __sys_sendmsg+0x16d/0x220
[   68.279539][ T6606]  ? __pfx___sys_sendmsg+0x10/0x10
[   68.279554][ T6606]  ? fput+0x70/0xf0
[   68.279569][ T6606]  do_syscall_64+0xcd/0xf80
[   68.279586][ T6606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.279596][ T6606] RIP: 0033:0x7f1961d8f7c9
[   68.279605][ T6606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.279615][ T6606] RSP: 002b:00007f1962c43038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   68.279625][ T6606] RAX: ffffffffffffffda RBX: 00007f1961fe5fa0 RCX: 00007f1961d8f7c9
[   68.279631][ T6606] RDX: 0000000000040000 RSI: 0000200000000640 RDI: 0000000000000004
[   68.279637][ T6606] RBP: 00007f1962c43090 R08: 0000000000000000 R09: 0000000000000000
[   68.279643][ T6606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   68.279649][ T6606] R13: 00007f1961fe6038 R14: 00007f1961fe5fa0 R15: 00007fff26167908
[   68.279662][ T6606]  </TASK>
[   68.445358][ T5935] Bluetooth: hci2: Malformed Event: 0x2f
[   68.513701][ T1024] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[   68.623238][ T5935] Bluetooth: hci0: command 0x040f tx timeout
[   68.662740][ T3245] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[   68.674799][ T1024] usb 8-1: Using ep0 maxpacket: 8
[   68.678773][ T1024] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   68.678797][ T1024] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   68.678816][ T1024] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   68.678835][ T1024] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   68.678866][ T1024] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   68.678885][ T1024] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   68.812701][ T3245] usb 5-1: Using ep0 maxpacket: 8
[   68.816346][ T3245] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[   68.820575][ T3245] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   68.825209][ T3245] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   68.884259][ T1024] usb 8-1: GET_CAPABILITIES returned 0
[   68.889087][ T1024] usbtmc 8-1:16.0: can't read capabilities
[   68.944857][   T40] kauditd_printk_skb: 32 callbacks suppressed
[   68.944872][   T40] audit: type=1400 audit(1764976019.237:305): avc:  denied  { bind } for  pid=6639 comm="syz.1.186" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   68.947176][ T6643] FAULT_INJECTION: forcing a failure.
[   68.947176][ T6643] name failslab, interval 1, probability 0, space 0, times 1
[   68.958213][ T6643] CPU: 2 UID: 0 PID: 6643 Comm: syz.2.187 Not tainted syzkaller #0 PREEMPT(full) 
[   68.958227][ T6643] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.958233][ T6643] Call Trace:
[   68.958237][ T6643]  <TASK>
[   68.958241][ T6643]  dump_stack_lvl+0x16c/0x1f0
[   68.958260][ T6643]  should_fail_ex+0x512/0x640
[   68.958277][ T6643]  ? kmem_cache_alloc_node_noprof+0x65/0x7f0
[   68.958293][ T6643]  should_failslab+0xc2/0x120
[   68.958303][ T6643]  kmem_cache_alloc_node_noprof+0x78/0x7f0
[   68.958316][ T6643]  ? __alloc_skb+0x156/0x410
[   68.958335][ T6643]  ? __alloc_skb+0x156/0x410
[   68.958350][ T6643]  __alloc_skb+0x156/0x410
[   68.958364][ T6643]  ? __alloc_skb+0x35d/0x410
[   68.958379][ T6643]  ? __pfx___alloc_skb+0x10/0x10
[   68.958395][ T6643]  ? netlink_autobind.isra.0+0x158/0x370
[   68.958413][ T6643]  netlink_alloc_large_skb+0x69/0x140
[   68.958427][ T6643]  netlink_sendmsg+0x698/0xdd0
[   68.958442][ T6643]  ? __pfx_netlink_sendmsg+0x10/0x10
[   68.958460][ T6643]  ____sys_sendmsg+0xa5d/0xc30
[   68.958478][ T6643]  ? copy_msghdr_from_user+0x10a/0x160
[   68.958522][ T6643]  ? __pfx_____sys_sendmsg+0x10/0x10
[   68.958538][ T6643]  ? __lock_acquire+0x433/0x22f0
[   68.958558][ T6643]  ___sys_sendmsg+0x134/0x1d0
[   68.958569][ T6643]  ? __pfx____sys_sendmsg+0x10/0x10
[   68.958584][ T6643]  ? __lock_acquire+0x433/0x22f0
[   68.958613][ T6643]  __sys_sendmsg+0x16d/0x220
[   68.958623][ T6643]  ? __pfx___sys_sendmsg+0x10/0x10
[   68.958638][ T6643]  ? fput+0x70/0xf0
[   68.958653][ T6643]  do_syscall_64+0xcd/0xf80
[   68.958669][ T6643]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.958680][ T6643] RIP: 0033:0x7f1961d8f7c9
[   68.958689][ T6643] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.958699][ T6643] RSP: 002b:00007f1962c43038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   68.958709][ T6643] RAX: ffffffffffffffda RBX: 00007f1961fe5fa0 RCX: 00007f1961d8f7c9
[   68.958716][ T6643] RDX: 0000000000040000 RSI: 0000200000000640 RDI: 0000000000000004
[   68.958722][ T6643] RBP: 00007f1962c43090 R08: 0000000000000000 R09: 0000000000000000
[   68.958727][ T6643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   68.958733][ T6643] R13: 00007f1961fe6038 R14: 00007f1961fe5fa0 R15: 00007fff26167908
[   68.958746][ T6643]  </TASK>
[   68.962311][   T40] audit: type=1400 audit(1764976019.247:306): avc:  denied  { write } for  pid=6639 comm="syz.1.186" name="tcp6" dev="proc" ino=4026533309 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1
[   69.067724][ T6652] overlayfs: failed to resolve './file1': -2
[   69.075635][   T40] audit: type=1400 audit(1764976019.357:307): avc:  denied  { mount } for  pid=6651 comm="syz.2.190" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[   69.084466][   T40] audit: type=1400 audit(1764976019.357:308): avc:  denied  { mounton } for  pid=6651 comm="syz.2.190" path="/bus" dev="bpf" ino=14481 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1
[   69.088245][ T3245] usb 8-1: USB disconnect, device number 6
[   69.130950][   T40] audit: type=1400 audit(1764976019.417:309): avc:  denied  { create } for  pid=6658 comm="syz.1.193" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[   69.141336][   T40] audit: type=1400 audit(1764976019.427:310): avc:  denied  { setopt } for  pid=6658 comm="syz.1.193" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[   69.295948][ T6663] warning: `syz.1.194' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   69.323276][   T40] audit: type=1400 audit(1764976019.617:311): avc:  denied  { prog_load } for  pid=6665 comm="syz.1.195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   69.330942][   T40] audit: type=1400 audit(1764976019.617:312): avc:  denied  { prog_run } for  pid=6665 comm="syz.1.195" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   69.392373][   T40] audit: type=1400 audit(1764976019.677:313): avc:  denied  { write } for  pid=6613 comm="syz.0.179" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   69.398546][   T40] audit: type=1400 audit(1764976019.687:314): avc:  denied  { ioctl } for  pid=6613 comm="syz.0.179" path="socket:[12898]" dev="sockfs" ino=12898 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[   70.160758][   T60] cfg80211: failed to load regulatory.db
[   70.186458][ T6690] netlink: 12 bytes leftover after parsing attributes in process `syz.3.202'.
[   70.199793][ T6692] =======================================================
[   70.199793][ T6692] WARNING: The mand mount option has been deprecated and
[   70.199793][ T6692]          and is ignored by this kernel. Remove the mand
[   70.199793][ T6692]          option from the mount to silence this warning.
[   70.199793][ T6692] =======================================================
[   70.218894][ T6692] overlayfs: upper fs does not support RENAME_WHITEOUT.
[   70.221849][ T6692] overlayfs: failed to set xattr on upper
[   70.226430][ T6692] overlayfs: ...falling back to redirect_dir=nofollow.
[   70.229189][ T6692] overlayfs: ...falling back to index=off.
[   70.231539][ T6692] overlayfs: ...falling back to uuid=null.
[   70.238731][ T6694] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[   70.288588][ T5935] Bluetooth: hci0: Malformed Event: 0x2f
[   70.482763][  T849] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[   70.632748][  T849] usb 8-1: Using ep0 maxpacket: 8
[   70.635731][  T849] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   70.638957][  T849] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   70.642026][  T849] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   70.645807][  T849] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   70.650545][  T849] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   70.653615][  T849] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   70.712859][ T5935] Bluetooth: hci0: command 0x040f tx timeout
[   70.860941][  T849] usb 8-1: GET_CAPABILITIES returned 0
[   70.862856][  T849] usbtmc 8-1:16.0: can't read capabilities
[   70.864946][ T6714] xt_CT: No such helper "pptp"
[   71.071409][  T849] usb 8-1: USB disconnect, device number 7
[   71.433977][ T6026] usb 5-1: USB disconnect, device number 4
[   71.480722][ T6721] kAFS: unable to lookup cell '(,c¾ûL'
[   71.484367][ T6721] kAFS: unable to lookup cell '\,'
[   71.488100][ T6721] __nla_validate_parse: 1 callbacks suppressed
[   71.488114][ T6721] netlink: 12 bytes leftover after parsing attributes in process `syz.0.214'.
[   71.843024][ T6026] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[   71.994416][ T6026] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   71.997978][ T6026] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   72.001100][ T6026] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   72.005597][ T6026] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   72.009145][ T6026] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   72.013712][ T6026] usb 8-1: config 0 descriptor??
[   72.074074][ T5935] Bluetooth: hci2: unexpected event for opcode 0x202d
[   72.322845][   T29] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[   72.426431][ T6026] plantronics 0003:047F:FFFF.0003: reserved main item tag 0xd
[   72.432705][ T6033] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[   72.440527][ T6026] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[   72.449062][ T6746] openvswitch: netlink: nsh attribute has unmatched MD type 0.
[   72.451534][ T6746] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   72.483189][   T29] usb 6-1: Using ep0 maxpacket: 8
[   72.492061][   T29] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[   72.496968][   T29] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   72.500851][   T29] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   72.582839][ T6033] usb 7-1: Using ep0 maxpacket: 8
[   72.585722][ T6033] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   72.588757][ T6033] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   72.591771][ T6033] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   72.595036][ T6033] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   72.599053][ T6033] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   72.601824][ T6033] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   72.792729][ T5935] Bluetooth: hci0: command 0x040f tx timeout
[   72.808653][ T6033] usb 7-1: GET_CAPABILITIES returned 0
[   72.810560][ T6033] usbtmc 7-1:16.0: can't read capabilities
[   73.137476][ T6752] netlink: 12 bytes leftover after parsing attributes in process `syz.1.222'.
[   73.551484][ T6760] netlink: 8 bytes leftover after parsing attributes in process `syz.0.228'.
[   73.747292][ T6026] usb 7-1: USB disconnect, device number 3
[   73.866850][ T6766] FAULT_INJECTION: forcing a failure.
[   73.866850][ T6766] name failslab, interval 1, probability 0, space 0, times 0
[   73.871573][ T6766] CPU: 2 UID: 0 PID: 6766 Comm: syz.0.230 Not tainted syzkaller #0 PREEMPT(full) 
[   73.871588][ T6766] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   73.871594][ T6766] Call Trace:
[   73.871598][ T6766]  <TASK>
[   73.871602][ T6766]  dump_stack_lvl+0x16c/0x1f0
[   73.871638][ T6766]  should_fail_ex+0x512/0x640
[   73.871658][ T6766]  ? __pfx_ref_tracker_alloc+0x10/0x10
[   73.871669][ T6766]  should_failslab+0xc2/0x120
[   73.871680][ T6766]  kmem_cache_alloc_noprof+0x75/0x760
[   73.871694][ T6766]  ? skb_clone+0x190/0x3f0
[   73.871712][ T6766]  ? skb_clone+0x190/0x3f0
[   73.871722][ T6766]  skb_clone+0x190/0x3f0
[   73.871733][ T6766]  netlink_deliver_tap+0xabd/0xd30
[   73.871749][ T6766]  netlink_unicast+0x71f/0x870
[   73.871764][ T6766]  ? __pfx_netlink_unicast+0x10/0x10
[   73.871778][ T6766]  ? genl_rcv_msg+0x4bb/0x800
[   73.871797][ T6766]  netlink_ack+0x696/0xb80
[   73.871814][ T6766]  netlink_rcv_skb+0x332/0x420
[   73.871827][ T6766]  ? __pfx_genl_rcv_msg+0x10/0x10
[   73.871843][ T6766]  ? __pfx_netlink_rcv_skb+0x10/0x10
[   73.871862][ T6766]  ? netlink_deliver_tap+0x1ae/0xd30
[   73.871876][ T6766]  genl_rcv+0x28/0x40
[   73.871889][ T6766]  netlink_unicast+0x5aa/0x870
[   73.871904][ T6766]  ? __pfx_netlink_unicast+0x10/0x10
[   73.871923][ T6766]  netlink_sendmsg+0x8c8/0xdd0
[   73.871938][ T6766]  ? __pfx_netlink_sendmsg+0x10/0x10
[   73.871956][ T6766]  ____sys_sendmsg+0xa5d/0xc30
[   73.871971][ T6766]  ? copy_msghdr_from_user+0x10a/0x160
[   73.871981][ T6766]  ? __pfx_____sys_sendmsg+0x10/0x10
[   73.871993][ T6766]  ? __lock_acquire+0x433/0x22f0
[   73.872014][ T6766]  ___sys_sendmsg+0x134/0x1d0
[   73.872025][ T6766]  ? __pfx____sys_sendmsg+0x10/0x10
[   73.872035][ T6766]  ? __lock_acquire+0x433/0x22f0
[   73.872064][ T6766]  __sys_sendmsg+0x16d/0x220
[   73.872075][ T6766]  ? __pfx___sys_sendmsg+0x10/0x10
[   73.872094][ T6766]  do_syscall_64+0xcd/0xf80
[   73.872110][ T6766]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   73.872122][ T6766] RIP: 0033:0x7f2626d8f7c9
[   73.872130][ T6766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   73.872140][ T6766] RSP: 002b:00007f2627c6c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[   73.872150][ T6766] RAX: ffffffffffffffda RBX: 00007f2626fe5fa0 RCX: 00007f2626d8f7c9
[   73.872156][ T6766] RDX: 0000000000040000 RSI: 0000200000000640 RDI: 0000000000000004
[   73.872162][ T6766] RBP: 00007f2627c6c090 R08: 0000000000000000 R09: 0000000000000000
[   73.872168][ T6766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[   73.872173][ T6766] R13: 00007f2626fe6038 R14: 00007f2626fe5fa0 R15: 00007ffde5972b48
[   73.872186][ T6766]  </TASK>
[   73.873650][   T60] usb 8-1: reset high-speed USB device number 8 using dummy_hcd
[   74.123560][   T60] usb 8-1: device descriptor read/64, error -32
[   74.162850][  T849] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[   74.322799][  T849] usb 5-1: Using ep0 maxpacket: 8
[   74.325763][  T849] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   74.329233][  T849] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[   74.332072][  T849] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   74.336295][  T849] usb 5-1: config 0 descriptor??
[   74.373364][   T60] usb 8-1: reset high-speed USB device number 8 using dummy_hcd
[   74.377861][ T6776] openvswitch: netlink: IP tunnel dst address not specified
[   74.384391][   T40] kauditd_printk_skb: 15 callbacks suppressed
[   74.384405][   T40] audit: type=1400 audit(1764976024.677:330): avc:  denied  { watch } for  pid=6775 comm="syz.2.235" path="/sys/kernel/rcu_expedited" dev="sysfs" ino=859 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[   74.394115][   T40] audit: type=1400 audit(1764976024.677:331): avc:  denied  { watch_sb watch_reads } for  pid=6775 comm="syz.2.235" path="/sys/kernel/rcu_expedited" dev="sysfs" ino=859 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=file permissive=1
[   74.438781][ T6778] netlink: 56 bytes leftover after parsing attributes in process `syz.2.236'.
[   74.502842][   T60] usb 8-1: device descriptor read/64, error -32
[   74.543017][  T849] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior1
[   74.742764][   T60] usb 8-1: reset high-speed USB device number 8 using dummy_hcd
[   74.756633][ T6749] block nbd3: shutting down sockets
[   74.757749][ T6768] mkiss: ax0: crc mode is auto.
[   74.762315][   T40] audit: type=1400 audit(1764976025.047:332): avc:  denied  { ioctl } for  pid=6767 comm="syz.0.231" path="socket:[13633]" dev="sockfs" ino=13633 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[   74.763058][   T60] usb 8-1: device descriptor read/8, error -32
[   74.772852][   T40] audit: type=1400 audit(1764976025.057:333): avc:  denied  { create } for  pid=6767 comm="syz.0.231" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[   74.779422][   T40] audit: type=1400 audit(1764976025.057:334): avc:  denied  { ioctl } for  pid=6767 comm="syz.0.231" path="socket:[13636]" dev="sockfs" ino=13636 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1
[   74.813889][ T5935] Bluetooth: hci1: unexpected event 0x2f length: 1017 > 260
[   74.837325][  T849] usb 5-1: USB disconnect, device number 5
[   75.101822][  T849] usb 6-1: USB disconnect, device number 4
[   75.124031][   T40] audit: type=1400 audit(1764976025.417:335): avc:  denied  { read write } for  pid=6781 comm="syz.1.238" name="ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   75.134102][   T40] audit: type=1400 audit(1764976025.427:336): avc:  denied  { open } for  pid=6781 comm="syz.1.238" path="/dev/ppp" dev="devtmpfs" ino=730 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   75.143557][   T40] audit: type=1400 audit(1764976025.427:337): avc:  denied  { ioctl } for  pid=6781 comm="syz.1.238" path="/dev/ppp" dev="devtmpfs" ino=730 ioctlcmd=0x743e scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[   75.181587][   T40] audit: type=1400 audit(1764976025.467:338): avc:  denied  { compute_member } for  pid=6783 comm="syz.2.239" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[   75.201098][ T6784] netlink: 12 bytes leftover after parsing attributes in process `syz.2.239'.
[   75.297606][ T6786] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[   75.349718][   T40] audit: type=1400 audit(1764976025.637:339): avc:  denied  { map } for  pid=6790 comm="syz.3.241" path="/dev/usbmon0" dev="devtmpfs" ino=737 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[   75.424423][ T6799] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN
[   75.448017][ T6801] netlink: 212408 bytes leftover after parsing attributes in process `syz.3.245'.
[   75.457281][ T6801] af_packet: tpacket_rcv: packet too big, clamped from 4 to 4294967272. macoff=96
[   75.553345][ T6804] FAULT_INJECTION: forcing a failure.
[   75.553345][ T6804] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   75.557350][ T6804] CPU: 1 UID: 0 PID: 6804 Comm: syz.0.246 Not tainted syzkaller #0 PREEMPT(full) 
[   75.557364][ T6804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.557370][ T6804] Call Trace:
[   75.557381][ T6804]  <TASK>
[   75.557386][ T6804]  dump_stack_lvl+0x16c/0x1f0
[   75.557417][ T6804]  should_fail_ex+0x512/0x640
[   75.557439][ T6804]  _copy_from_user+0x2e/0xd0
[   75.557459][ T6804]  get_bitmap+0xdf/0x1a0
[   75.557476][ T6804]  get_nodes+0x1df/0x210
[   75.557492][ T6804]  ? __pfx_get_nodes+0x10/0x10
[   75.557507][ T6804]  ? __fget_files+0x20e/0x3c0
[   75.557521][ T6804]  kernel_migrate_pages+0x89/0x700
[   75.557531][ T6804]  ? __pfx_kernel_migrate_pages+0x10/0x10
[   75.557541][ T6804]  ? ksys_write+0x1ac/0x250
[   75.557550][ T6804]  ? __pfx_ksys_write+0x10/0x10
[   75.557561][ T6804]  __x64_sys_migrate_pages+0x96/0x100
[   75.557571][ T6804]  ? lockdep_hardirqs_on+0x7c/0x110
[   75.557587][ T6804]  do_syscall_64+0xcd/0xf80
[   75.557603][ T6804]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.557614][ T6804] RIP: 0033:0x7f2626d8f7c9
[   75.557623][ T6804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.557633][ T6804] RSP: 002b:00007f2627c6c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000100
[   75.557642][ T6804] RAX: ffffffffffffffda RBX: 00007f2626fe5fa0 RCX: 00007f2626d8f7c9
[   75.557649][ T6804] RDX: 0000200000000240 RSI: 0000000000000005 RDI: 0000000000000000
[   75.557655][ T6804] RBP: 00007f2627c6c090 R08: 0000000000000000 R09: 0000000000000000
[   75.557660][ T6804] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[   75.557666][ T6804] R13: 00007f2626fe6038 R14: 00007f2626fe5fa0 R15: 00007ffde5972b48
[   75.557679][ T6804]  </TASK>
[   75.592796][  T849] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[   75.655678][ T6033] usb 8-1: USB disconnect, device number 8
[   75.762773][  T837] usb 6-1: new low-speed USB device number 5 using dummy_hcd
[   75.782797][  T849] usb 7-1: Using ep0 maxpacket: 8
[   75.786204][  T849] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   75.789641][  T849] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   75.794382][  T849] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   75.798677][  T849] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   75.804415][  T849] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   75.808279][  T849] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   75.902735][  T837] usb 6-1: device descriptor read/64, error -71
[   76.002731][ T6033] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[   76.016925][  T849] usb 7-1: GET_CAPABILITIES returned 0
[   76.018559][  T849] usbtmc 7-1:16.0: can't read capabilities
[   76.034504][ T6818] netlink: 20 bytes leftover after parsing attributes in process `syz.0.250'.
[   76.142735][  T837] usb 6-1: new low-speed USB device number 6 using dummy_hcd
[   76.152753][ T6033] usb 8-1: Using ep0 maxpacket: 8
[   76.155975][ T6033] usb 8-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[   76.159348][ T6033] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   76.162263][ T6033] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.226806][ T1419] ieee802154 phy0 wpan0: encryption failed: -22
[   76.228957][ T1419] ieee802154 phy1 wpan1: encryption failed: -22
[   76.234799][ T6026] usb 7-1: USB disconnect, device number 4
[   76.273022][  T837] usb 6-1: device descriptor read/64, error -71
[   76.383139][  T837] usb usb6-port1: attempt power cycle
[   76.722761][  T837] usb 6-1: new low-speed USB device number 7 using dummy_hcd
[   76.763232][  T837] usb 6-1: device descriptor read/8, error -71
[   76.848370][ T6820] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=56 sclass=netlink_route_socket pid=6820 comm=syz.3.248
[   76.992524][ T6826] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   76.995384][ T6826] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   77.002276][ T6826] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   77.006991][ T6826] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   77.009549][ T6826] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   77.012756][  T837] usb 6-1: new low-speed USB device number 8 using dummy_hcd
[   77.018919][ T6826] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   77.021790][ T6826] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   77.025080][ T6826] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   77.027777][ T6826] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   77.031673][ T6826] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   77.033815][ T6826] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   77.036422][ T6826] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   77.044094][  T837] usb 6-1: device descriptor read/8, error -71
[   77.083743][ T6834] binder_alloc: binder_alloc_mmap_handler: 6832 200000ffd000-200001000000 already mapped failed -16
[   77.088776][ T6834] binder_alloc: binder_alloc_mmap_handler: 6832 200000ffd000-200001000000 already mapped failed -16
[   77.093531][ T6834] binder_alloc: binder_alloc_mmap_handler: 6832 200000ffd000-200001000000 already mapped failed -16
[   77.098958][ T6834] binder_alloc: binder_alloc_mmap_handler: 6832 200000ffd000-200001000000 already mapped failed -16
[   77.103157][ T6834] binder_alloc: binder_alloc_mmap_handler: 6832 200000ffd000-200001000000 already mapped failed -16
[   77.107358][ T6834] binder_alloc: binder_alloc_mmap_handler: 6832 200000ffd000-200001000000 already mapped failed -16
[   77.111323][ T6834] binder_alloc: binder_alloc_mmap_handler: 6832 200000ffd000-200001000000 already mapped failed -16
[   77.116414][ T6834] binder_alloc: binder_alloc_mmap_handler: 6832 200000ffd000-200001000000 already mapped failed -16
[   77.119886][ T6834] binder_alloc: binder_alloc_mmap_handler: 6832 200000ffd000-200001000000 already mapped failed -16
[   77.123590][ T6834] binder_alloc: binder_alloc_mmap_handler: 6832 200000ffd000-200001000000 already mapped failed -16
[   77.153014][  T837] usb usb6-port1: unable to enumerate USB device
[   77.204772][  T837] IPVS: starting estimator thread 0...
[   77.208605][ T5935] Bluetooth: hci2: Malformed Event: 0x2f
[   77.302987][ T6845] IPVS: using max 46 ests per chain, 110400 per kthread
[   77.340033][ T6853] FAULT_INJECTION: forcing a failure.
[   77.340033][ T6853] name fail_usercopy, interval 1, probability 0, space 0, times 0
[   77.345537][ T6853] CPU: 0 UID: 0 PID: 6853 Comm: syz.0.258 Not tainted syzkaller #0 PREEMPT(full) 
[   77.345558][ T6853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   77.345567][ T6853] Call Trace:
[   77.345579][ T6853]  <TASK>
[   77.345584][ T6853]  dump_stack_lvl+0x16c/0x1f0
[   77.345624][ T6853]  should_fail_ex+0x512/0x640
[   77.345653][ T6853]  _copy_from_user+0x2e/0xd0
[   77.345674][ T6853]  get_bitmap+0xdf/0x1a0
[   77.345695][ T6853]  get_nodes+0x1df/0x210
[   77.345715][ T6853]  ? __pfx_get_nodes+0x10/0x10
[   77.345735][ T6853]  ? __fget_files+0x20e/0x3c0
[   77.345760][ T6853]  kernel_migrate_pages+0xeb/0x700
[   77.345773][ T6853]  ? __pfx_kernel_migrate_pages+0x10/0x10
[   77.345785][ T6853]  ? ksys_write+0x1ac/0x250
[   77.345797][ T6853]  ? __pfx_ksys_write+0x10/0x10
[   77.345812][ T6853]  __x64_sys_migrate_pages+0x96/0x100
[   77.345826][ T6853]  ? lockdep_hardirqs_on+0x7c/0x110
[   77.345846][ T6853]  do_syscall_64+0xcd/0xf80
[   77.345867][ T6853]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.345881][ T6853] RIP: 0033:0x7f2626d8f7c9
[   77.345892][ T6853] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.345905][ T6853] RSP: 002b:00007f2627c6c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000100
[   77.345918][ T6853] RAX: ffffffffffffffda RBX: 00007f2626fe5fa0 RCX: 00007f2626d8f7c9
[   77.345927][ T6853] RDX: 0000200000000240 RSI: 0000000000000005 RDI: 0000000000000000
[   77.345935][ T6853] RBP: 00007f2627c6c090 R08: 0000000000000000 R09: 0000000000000000
[   77.345942][ T6853] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[   77.345950][ T6853] R13: 00007f2626fe6038 R14: 00007f2626fe5fa0 R15: 00007ffde5972b48
[   77.345969][ T6853]  </TASK>
[   77.508949][ T6859] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.260'.
[   77.685112][ T6874] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6874 comm=syz.0.265
[   77.752782][   T29] usb 6-1: new low-speed USB device number 9 using dummy_hcd
[   77.791670][ T6876] 9pnet_virtio: no channels available for device syz
[   77.882828][   T29] usb 6-1: device descriptor read/64, error -71
[   77.903395][  T837] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[   77.970557][ T6883] overlayfs: "xino" feature enabled using 3 upper inode bits.
[   78.062784][  T837] usb 7-1: Using ep0 maxpacket: 8
[   78.067876][  T837] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   78.071029][  T837] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   78.075882][  T837] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   78.079201][  T837] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   78.083981][  T837] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   78.087529][  T837] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.132916][   T29] usb 6-1: new low-speed USB device number 10 using dummy_hcd
[   78.262740][   T29] usb 6-1: device descriptor read/64, error -71
[   78.294365][  T837] usb 7-1: GET_CAPABILITIES returned 0
[   78.296732][  T837] usbtmc 7-1:16.0: can't read capabilities
[   78.372899][   T29] usb usb6-port1: attempt power cycle
[   78.511746][  T849] usb 7-1: USB disconnect, device number 5
[   78.563440][ T6898] FAULT_INJECTION: forcing a failure.
[   78.563440][ T6898] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[   78.568113][ T6898] CPU: 3 UID: 0 PID: 6898 Comm: syz.1.272 Not tainted syzkaller #0 PREEMPT(full) 
[   78.568134][ T6898] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   78.568144][ T6898] Call Trace:
[   78.568152][ T6898]  <TASK>
[   78.568160][ T6898]  dump_stack_lvl+0x16c/0x1f0
[   78.568190][ T6898]  should_fail_ex+0x512/0x640
[   78.568219][ T6898]  should_fail_alloc_page+0xe7/0x130
[   78.568239][ T6898]  prepare_alloc_pages+0x3c2/0x610
[   78.568260][ T6898]  __alloc_frozen_pages_noprof+0x18b/0x2440
[   78.568282][ T6898]  ? lru_gen_update_size+0x543/0xe10
[   78.568305][ T6898]  ? lru_gen_del_folio+0x32b/0x540
[   78.568321][ T6898]  ? find_held_lock+0x2b/0x80
[   78.568341][ T6898]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   78.568361][ T6898]  ? mark_held_locks+0x49/0x80
[   78.568391][ T6898]  ? find_held_lock+0x2b/0x80
[   78.568407][ T6898]  ? __pfx___might_resched+0x10/0x10
[   78.568425][ T6898]  ? queue_folios_pte_range+0x9bb/0x1150
[   78.568452][ T6898]  __folio_alloc_noprof+0x11/0xa0
[   78.568472][ T6898]  alloc_migration_target+0x24a/0x660
[   78.568493][ T6898]  migrate_pages_batch+0x3bc/0x3bb0
[   78.568515][ T6898]  ? walk_pgd_range+0x120e/0x1f40
[   78.568533][ T6898]  ? __pfx_alloc_migration_target+0x10/0x10
[   78.568562][ T6898]  ? __pfx_migrate_pages_batch+0x10/0x10
[   78.568586][ T6898]  ? __pfx_walk_pgd_range+0x10/0x10
[   78.568610][ T6898]  migrate_pages_sync+0x12d/0x8a0
[   78.568630][ T6898]  ? __pfx_alloc_migration_target+0x10/0x10
[   78.568651][ T6898]  ? queue_pages_test_walk+0x279/0x410
[   78.568669][ T6898]  ? __pfx_migrate_pages_sync+0x10/0x10
[   78.568690][ T6898]  ? walk_page_test+0x9b/0x180
[   78.568712][ T6898]  ? walk_page_range_mm+0x235/0xb40
[   78.568745][ T6898]  migrate_pages+0x1b0b/0x2350
[   78.568767][ T6898]  ? __pfx_alloc_migration_target+0x10/0x10
[   78.568793][ T6898]  ? __pfx_migrate_pages+0x10/0x10
[   78.568813][ T6898]  ? queue_pages_range+0x11e/0x180
[   78.568843][ T6898]  ? __pfx___up_read+0x10/0x10
[   78.568859][ T6898]  ? do_migrate_pages+0x458/0x750
[   78.568879][ T6898]  do_migrate_pages+0x48e/0x750
[   78.568902][ T6898]  ? __pfx_do_migrate_pages+0x10/0x10
[   78.568924][ T6898]  ? rcu_is_watching+0x12/0xc0
[   78.568944][ T6898]  ? cap_capable+0x10d/0x3f0
[   78.568960][ T6898]  ? get_task_mm+0xc2/0xf0
[   78.568986][ T6898]  ? security_capable+0x250/0x260
[   78.569007][ T6898]  kernel_migrate_pages+0x55b/0x700
[   78.569024][ T6898]  ? __pfx_kernel_migrate_pages+0x10/0x10
[   78.569040][ T6898]  ? ksys_write+0x1ac/0x250
[   78.569055][ T6898]  ? __pfx_ksys_write+0x10/0x10
[   78.569072][ T6898]  __x64_sys_migrate_pages+0x96/0x100
[   78.569088][ T6898]  ? lockdep_hardirqs_on+0x7c/0x110
[   78.569111][ T6898]  do_syscall_64+0xcd/0xf80
[   78.569137][ T6898]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   78.569153][ T6898] RIP: 0033:0x7fdefd98f7c9
[   78.569167][ T6898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   78.569181][ T6898] RSP: 002b:00007fdefe913038 EFLAGS: 00000246 ORIG_RAX: 0000000000000100
[   78.569197][ T6898] RAX: ffffffffffffffda RBX: 00007fdefdbe5fa0 RCX: 00007fdefd98f7c9
[   78.569206][ T6898] RDX: 0000200000000240 RSI: 0000000000000005 RDI: 0000000000000000
[   78.569216][ T6898] RBP: 00007fdefe913090 R08: 0000000000000000 R09: 0000000000000000
[   78.569224][ T6898] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[   78.569234][ T6898] R13: 00007fdefdbe6038 R14: 00007fdefdbe5fa0 R15: 00007ffda39685e8
[   78.569255][ T6898]  </TASK>
[   78.702319][  T837] usb 8-1: USB disconnect, device number 9
[   78.942789][ T5935] Bluetooth: hci0: command 0x040f tx timeout
[   79.023429][ T5296] Bluetooth: hci1: command 0x040f tx timeout
[   79.026001][ T5935] Bluetooth: hci2: command 0x040f tx timeout
[   79.102777][ T5935] Bluetooth: hci3: command 0x0c1a tx timeout
[   79.450570][ T6931] FAULT_INJECTION: forcing a failure.
[   79.450570][ T6931] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   79.456086][ T6931] CPU: 2 UID: 0 PID: 6931 Comm: syz.0.282 Not tainted syzkaller #0 PREEMPT(full) 
[   79.456108][ T6931] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   79.456118][ T6931] Call Trace:
[   79.456134][ T6931]  <TASK>
[   79.456140][ T6931]  dump_stack_lvl+0x16c/0x1f0
[   79.456199][ T6931]  should_fail_ex+0x512/0x640
[   79.456233][ T6931]  should_fail_alloc_page+0xe7/0x130
[   79.456251][ T6931]  prepare_alloc_pages+0x3c2/0x610
[   79.456271][ T6931]  __alloc_frozen_pages_noprof+0x18b/0x2440
[   79.456293][ T6931]  ? __pfx_try_to_migrate_one+0x10/0x10
[   79.456316][ T6931]  ? __up_read+0x2d1/0x700
[   79.456333][ T6931]  ? __pfx___up_read+0x10/0x10
[   79.456348][ T6931]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   79.456368][ T6931]  ? rmap_walk_anon+0x503/0x710
[   79.456403][ T6931]  __folio_alloc_noprof+0x11/0xa0
[   79.456423][ T6931]  alloc_migration_target+0x24a/0x660
[   79.456443][ T6931]  migrate_pages_batch+0x3bc/0x3bb0
[   79.456471][ T6931]  ? __pfx_alloc_migration_target+0x10/0x10
[   79.456497][ T6931]  ? __pfx_migrate_pages_batch+0x10/0x10
[   79.456520][ T6931]  ? __pfx_walk_pgd_range+0x10/0x10
[   79.456543][ T6931]  migrate_pages_sync+0x12d/0x8a0
[   79.456563][ T6931]  ? __pfx_alloc_migration_target+0x10/0x10
[   79.456585][ T6931]  ? queue_pages_test_walk+0x279/0x410
[   79.456602][ T6931]  ? __pfx_migrate_pages_sync+0x10/0x10
[   79.456621][ T6931]  ? walk_page_test+0x9b/0x180
[   79.456643][ T6931]  ? walk_page_range_mm+0x235/0xb40
[   79.456668][ T6931]  migrate_pages+0x1b0b/0x2350
[   79.456690][ T6931]  ? __pfx_alloc_migration_target+0x10/0x10
[   79.456714][ T6931]  ? __pfx_migrate_pages+0x10/0x10
[   79.456733][ T6931]  ? queue_pages_range+0x11e/0x180
[   79.456761][ T6931]  ? __pfx___up_read+0x10/0x10
[   79.456776][ T6931]  ? do_migrate_pages+0x458/0x750
[   79.456795][ T6931]  do_migrate_pages+0x48e/0x750
[   79.456817][ T6931]  ? __pfx_do_migrate_pages+0x10/0x10
[   79.456838][ T6931]  ? rcu_is_watching+0x12/0xc0
[   79.456859][ T6931]  ? cap_capable+0x10d/0x3f0
[   79.456876][ T6931]  ? get_task_mm+0xc2/0xf0
[   79.456901][ T6931]  ? security_capable+0x250/0x260
[   79.456921][ T6931]  kernel_migrate_pages+0x55b/0x700
[   79.456937][ T6931]  ? __pfx_kernel_migrate_pages+0x10/0x10
[   79.456952][ T6931]  ? ksys_write+0x1ac/0x250
[   79.456967][ T6931]  ? __pfx_ksys_write+0x10/0x10
[   79.456985][ T6931]  __x64_sys_migrate_pages+0x96/0x100
[   79.457002][ T6931]  ? lockdep_hardirqs_on+0x7c/0x110
[   79.457027][ T6931]  do_syscall_64+0xcd/0xf80
[   79.457053][ T6931]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   79.457069][ T6931] RIP: 0033:0x7f2626d8f7c9
[   79.457084][ T6931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   79.457099][ T6931] RSP: 002b:00007f2627c6c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000100
[   79.457133][ T6931] RAX: ffffffffffffffda RBX: 00007f2626fe5fa0 RCX: 00007f2626d8f7c9
[   79.457143][ T6931] RDX: 0000200000000240 RSI: 0000000000000005 RDI: 0000000000000000
[   79.457153][ T6931] RBP: 00007f2627c6c090 R08: 0000000000000000 R09: 0000000000000000
[   79.457162][ T6931] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[   79.457171][ T6931] R13: 00007f2626fe6038 R14: 00007f2626fe5fa0 R15: 00007ffde5972b48
[   79.457194][ T6931]  </TASK>
[   79.499146][ T6933] sctp: [Deprecated]: syz.2.283 (pid 6933) Use of struct sctp_assoc_value in delayed_ack socket option.
[   79.499146][ T6933] Use struct sctp_sack_info instead
[   79.553654][   T40] kauditd_printk_skb: 18 callbacks suppressed
[   79.553669][   T40] audit: type=1400 audit(1764976029.847:358): avc:  denied  { read } for  pid=6932 comm="syz.2.283" path="socket:[14873]" dev="sockfs" ino=14873 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[   79.630667][   T40] audit: type=1400 audit(1764976029.917:359): avc:  denied  { create } for  pid=6932 comm="syz.2.283" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   79.637470][   T40] audit: type=1400 audit(1764976029.917:360): avc:  denied  { bind } for  pid=6932 comm="syz.2.283" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   79.918851][   T40] audit: type=1400 audit(1764976030.207:361): avc:  denied  { setopt } for  pid=6946 comm="syz.2.288" lport=33729 faddr=::ffff:100.1.1.0 fport=20003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[   79.945516][   T40] audit: type=1400 audit(1764976030.237:362): avc:  denied  { unmount } for  pid=5933 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:autofs_t tclass=filesystem permissive=1
[   79.966904][   T40] audit: type=1400 audit(1764976030.257:363): avc:  denied  { watch_mount watch_reads } for  pid=6949 comm="syz.0.289" path="/70" dev="tmpfs" ino=374 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   80.009865][ T6956] netlink: 12 bytes leftover after parsing attributes in process `syz.0.292'.
[   80.051092][ T6961] PKCS7: Unknown OID: [4] 5.25.43183(bad)
[   80.053791][ T6961] PKCS7: Only support pkcs7_signedData type
[   80.128744][ T6964] FAULT_INJECTION: forcing a failure.
[   80.128744][ T6964] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[   80.133814][ T6964] CPU: 0 UID: 0 PID: 6964 Comm: syz.0.294 Not tainted syzkaller #0 PREEMPT(full) 
[   80.133829][ T6964] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   80.133835][ T6964] Call Trace:
[   80.133847][ T6964]  <TASK>
[   80.133852][ T6964]  dump_stack_lvl+0x16c/0x1f0
[   80.133883][ T6964]  should_fail_ex+0x512/0x640
[   80.133906][ T6964]  should_fail_alloc_page+0xe7/0x130
[   80.133919][ T6964]  prepare_alloc_pages+0x3c2/0x610
[   80.133931][ T6964]  __alloc_frozen_pages_noprof+0x18b/0x2440
[   80.133945][ T6964]  ? __pfx_try_to_migrate_one+0x10/0x10
[   80.133960][ T6964]  ? __up_read+0x2d1/0x700
[   80.133970][ T6964]  ? __pfx___up_read+0x10/0x10
[   80.133979][ T6964]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[   80.133992][ T6964]  ? rmap_walk_anon+0x503/0x710
[   80.134012][ T6964]  __folio_alloc_noprof+0x11/0xa0
[   80.134025][ T6964]  alloc_migration_target+0x24a/0x660
[   80.134038][ T6964]  migrate_pages_batch+0x3bc/0x3bb0
[   80.134051][ T6964]  ? __pfx_alloc_migration_target+0x10/0x10
[   80.134067][ T6964]  ? __pfx_migrate_pages_batch+0x10/0x10
[   80.134081][ T6964]  ? __pfx_walk_pgd_range+0x10/0x10
[   80.134096][ T6964]  migrate_pages_sync+0x12d/0x8a0
[   80.134109][ T6964]  ? __pfx_alloc_migration_target+0x10/0x10
[   80.134122][ T6964]  ? queue_pages_test_walk+0x279/0x410
[   80.134133][ T6964]  ? __pfx_migrate_pages_sync+0x10/0x10
[   80.134145][ T6964]  ? walk_page_test+0x9b/0x180
[   80.134159][ T6964]  ? walk_page_range_mm+0x235/0xb40
[   80.134175][ T6964]  migrate_pages+0x1b0b/0x2350
[   80.134188][ T6964]  ? __pfx_alloc_migration_target+0x10/0x10
[   80.134203][ T6964]  ? __pfx_migrate_pages+0x10/0x10
[   80.134215][ T6964]  ? queue_pages_range+0x11e/0x180
[   80.134250][ T6964]  ? __pfx___up_read+0x10/0x10
[   80.134259][ T6964]  ? do_migrate_pages+0x458/0x750
[   80.134271][ T6964]  do_migrate_pages+0x48e/0x750
[   80.134284][ T6964]  ? __pfx_do_migrate_pages+0x10/0x10
[   80.134296][ T6964]  ? rcu_is_watching+0x12/0xc0
[   80.134309][ T6964]  ? cap_capable+0x10d/0x3f0
[   80.134319][ T6964]  ? get_task_mm+0xc2/0xf0
[   80.134335][ T6964]  ? security_capable+0x250/0x260
[   80.134347][ T6964]  kernel_migrate_pages+0x55b/0x700
[   80.134357][ T6964]  ? __pfx_kernel_migrate_pages+0x10/0x10
[   80.134366][ T6964]  ? ksys_write+0x1ac/0x250
[   80.134375][ T6964]  ? __pfx_ksys_write+0x10/0x10
[   80.134404][ T6964]  __x64_sys_migrate_pages+0x96/0x100
[   80.134417][ T6964]  ? lockdep_hardirqs_on+0x7c/0x110
[   80.134432][ T6964]  do_syscall_64+0xcd/0xf80
[   80.134453][ T6964]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.134464][ T6964] RIP: 0033:0x7f2626d8f7c9
[   80.134473][ T6964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   80.134483][ T6964] RSP: 002b:00007f2627c6c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000100
[   80.134494][ T6964] RAX: ffffffffffffffda RBX: 00007f2626fe5fa0 RCX: 00007f2626d8f7c9
[   80.134500][ T6964] RDX: 0000200000000240 RSI: 0000000000000005 RDI: 0000000000000000
[   80.134506][ T6964] RBP: 00007f2627c6c090 R08: 0000000000000000 R09: 0000000000000000
[   80.134512][ T6964] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001
[   80.134518][ T6964] R13: 00007f2626fe6038 R14: 00007f2626fe5fa0 R15: 00007ffde5972b48
[   80.134531][ T6964]  </TASK>
[   80.491586][ T6974] netlink: 48 bytes leftover after parsing attributes in process `syz.1.297'.
[   80.510872][ T6982] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=45 sclass=netlink_audit_socket pid=6982 comm=syz.0.299
[   80.540792][ T6984] input input7: cannot allocate more than FF_MAX_EFFECTS effects
[   80.577699][ T5935] Bluetooth: hci0: Malformed Event: 0x2f
[   80.637033][   T40] audit: type=1400 audit(1764976030.927:364): avc:  denied  { ioctl } for  pid=6995 comm="syz.0.306" path="socket:[14973]" dev="sockfs" ino=14973 ioctlcmd=0x8946 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   80.720737][   T40] audit: type=1400 audit(1764976031.007:365): avc:  denied  { watch } for  pid=7001 comm="syz.1.307" path="/76/file0" dev="tmpfs" ino=414 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   80.722224][ T7002] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[   80.736555][ T7002] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null.
[   80.740419][ T7002] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[   80.749665][ T7002] capability: warning: `syz.1.307' uses 32-bit capabilities (legacy support in use)
[   80.810805][   T40] audit: type=1400 audit(1764976031.097:366): avc:  denied  { connect } for  pid=7001 comm="syz.1.307" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   80.882770][ T1024] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[   81.022854][   T40] audit: type=1400 audit(1764976031.307:367): avc:  denied  { append } for  pid=7009 comm="syz.2.309" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[   81.025242][ T7010] netlink: 8 bytes leftover after parsing attributes in process `syz.2.309'.
[   81.033149][ T5935] Bluetooth: hci0: command 0x040f tx timeout
[   81.040404][ T7010] netlink: 8 bytes leftover after parsing attributes in process `syz.2.309'.
[   81.045522][ T7010] netlink: 8 bytes leftover after parsing attributes in process `syz.2.309'.
[   81.049625][ T7010] netlink: 8 bytes leftover after parsing attributes in process `syz.2.309'.
[   81.062778][ T1024] usb 5-1: Using ep0 maxpacket: 8
[   81.072882][ T1024] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   81.077095][ T1024] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   81.081214][ T1024] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   81.084745][ T1024] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   81.088964][ T1024] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   81.091927][ T5935] Bluetooth: hci2: unexpected event for opcode 0x1002
[   81.091982][ T1024] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   81.102773][ T5935] Bluetooth: hci1: command 0x040f tx timeout
[   81.182891][ T5935] Bluetooth: hci3: command 0x0c1a tx timeout
[   81.206414][ T7017] syz_tun: entered allmulticast mode
[   81.211814][ T7016] syz_tun: left allmulticast mode
[   81.300395][ T1024] usb 5-1: GET_CAPABILITIES returned 0
[   81.302324][ T1024] usbtmc 5-1:16.0: can't read capabilities
[   81.391165][ T7026] netlink: 14 bytes leftover after parsing attributes in process `syz.1.316'.
[   81.409777][ T7026] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   81.417237][ T7026] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   81.422960][ T7026] bond0 (unregistering): Released all slaves
[   81.503093][ T1024] usb 5-1: USB disconnect, device number 6
[   82.112467][  T849] IPVS: starting estimator thread 0...
[   82.143504][ T7069] netlink: 12 bytes leftover after parsing attributes in process `syz.1.326'.
[   82.214134][ T7064] IPVS: using max 46 ests per chain, 110400 per kthread
[   82.274250][ T7084] bridge_slave_0: left allmulticast mode
[   82.276156][ T7084] bridge_slave_0: left promiscuous mode
[   82.278073][ T7084] bridge0: port 1(bridge_slave_0) entered disabled state
[   82.286046][ T7084] bridge_slave_1: left allmulticast mode
[   82.288984][ T7084] bridge_slave_1: left promiscuous mode
[   82.291393][ T7084] bridge0: port 2(bridge_slave_1) entered disabled state
[   82.305718][ T7084] bond0: (slave bond_slave_0): Releasing backup interface
[   82.322885][ T7084] bond0: (slave bond_slave_1): Releasing backup interface
[   82.329406][ T7084] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   82.332172][ T7084] batman_adv: batadv0: Removing interface: batadv_slave_0
[   82.337233][ T7084] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   82.340156][ T7084] batman_adv: batadv0: Removing interface: batadv_slave_1
[   82.345789][ T7084] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   82.376015][ T7084] netlink: 64 bytes leftover after parsing attributes in process `syz.2.333'.
[   82.467560][ T7096] netlink: 'syz.2.337': attribute type 22 has an invalid length.
[   82.470506][ T7096] netlink: 'syz.2.337': attribute type 22 has an invalid length.
[   82.500451][ T7098] Bluetooth: MGMT ver 1.23
[   82.567019][ T7100] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   82.623392][ T6026] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[   82.640154][ T5935] Bluetooth: hci2: unexpected event for opcode 0x1408
[   82.802709][ T6026] usb 8-1: Using ep0 maxpacket: 8
[   82.806871][ T6026] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   82.810539][ T6026] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   82.814704][ T6026] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   82.818503][ T6026] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   82.822868][ T6026] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   82.825902][ T6026] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   83.038965][ T6026] usb 8-1: GET_CAPABILITIES returned 0
[   83.046337][ T6026] usbtmc 8-1:16.0: can't read capabilities
[   83.102828][ T5935] Bluetooth: hci0: command 0x040f tx timeout
[   83.182782][ T5935] Bluetooth: hci1: command 0x040f tx timeout
[   83.242175][  T837] usb 8-1: USB disconnect, device number 10
[   83.273082][ T5935] Bluetooth: hci3: command 0x0c1a tx timeout
[   83.967776][ T7123] __nla_validate_parse: 3 callbacks suppressed
[   83.967791][ T7123] netlink: 8 bytes leftover after parsing attributes in process `syz.0.347'.
[   84.062855][  T849] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[   84.181548][ T7137] netlink: 64138 bytes leftover after parsing attributes in process `syz.0.353'.
[   84.190267][ T7139] netlink: 64138 bytes leftover after parsing attributes in process `syz.0.353'.
[   84.242744][  T849] usb 8-1: Using ep0 maxpacket: 8
[   84.244136][  T849] usb 8-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[   84.248795][  T849] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   84.248814][  T849] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.274502][ T7142] tmpfs: Bad value for 'mpol'
[   84.283600][ T7142] macvlan0: entered promiscuous mode
[   84.286409][ T7142] macvlan0: entered allmulticast mode
[   84.288182][ T7142] veth1_vlan: entered allmulticast mode
[   84.312270][ T7151] netlink: 28 bytes leftover after parsing attributes in process `syz.2.357'.
[   84.386398][ T7153] tmpfs: Bad value for 'mpol'
[   84.568116][ T7164] netlink: 8 bytes leftover after parsing attributes in process `syz.0.360'.
[   84.571637][   T40] kauditd_printk_skb: 14 callbacks suppressed
[   84.571647][   T40] audit: type=1400 audit(1764976034.857:382): avc:  denied  { ioctl } for  pid=7163 comm="syz.0.360" path="socket:[15270]" dev="sockfs" ino=15270 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[   84.578866][ T7166] overlayfs: workdir and upperdir must be separate subtrees
[   84.628510][ T7164] netlink: 'syz.0.360': attribute type 10 has an invalid length.
[   84.635591][ T7164] 8021q: adding VLAN 0 to HW filter on device batadv0
[   84.640631][ T7164] bond0: (slave batadv0): Enslaving as an active interface with an up link
[   84.643602][   T40] audit: type=1400 audit(1764976034.937:383): avc:  denied  { bind } for  pid=7165 comm="syz.2.361" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   84.645143][ T7169] random: crng reseeded on system resumption
[   84.651717][   T40] audit: type=1400 audit(1764976034.937:384): avc:  denied  { append } for  pid=7165 comm="syz.2.361" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[   84.664848][   T40] audit: type=1400 audit(1764976034.957:385): avc:  denied  { ioctl } for  pid=7165 comm="syz.2.361" path="/dev/snapshot" dev="devtmpfs" ino=98 ioctlcmd=0x3304 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[   84.666322][ T7169] netlink: 12 bytes leftover after parsing attributes in process `syz.2.361'.
[   84.815550][ T7171] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[   84.823779][ T7171] CIFS mount error: No usable UNC path provided in device string!
[   84.823779][ T7171] 
[   84.827316][ T7171] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[   84.887607][   T40] audit: type=1400 audit(1764976035.177:386): avc:  denied  { nlmsg_read } for  pid=7177 comm="syz.0.364" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[   85.042712][ T7178] netlink: 'syz.0.364': attribute type 13 has an invalid length.
[   85.110381][ T7186] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[   85.183487][ T5935] Bluetooth: hci0: command 0x040f tx timeout
[   85.352725][ T5935] Bluetooth: hci3: command 0x0c1a tx timeout
[   85.553457][   T40] audit: type=1400 audit(1764976035.847:387): avc:  denied  { read } for  pid=7194 comm="syz.2.368" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   85.561554][   T40] audit: type=1400 audit(1764976035.847:388): avc:  denied  { open } for  pid=7194 comm="syz.2.368" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   85.571157][ T7197] netlink: 13344 bytes leftover after parsing attributes in process `syz.2.368'.
[   85.575789][   T40] audit: type=1400 audit(1764976035.857:389): avc:  denied  { getopt } for  pid=7194 comm="syz.2.368" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[   85.575862][ T7197] openvswitch: netlink: Flow key attr not present in new flow.
[   85.620322][   T40] audit: type=1400 audit(1764976035.907:390): avc:  denied  { bind } for  pid=7199 comm="syz.0.369" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   85.630205][ T7201] tmpfs: Bad value for 'mpol'
[   85.660845][ T5935] Bluetooth: hci3: unexpected event for opcode 0x0c05
[   85.664182][ T7205] EXT4-fs (nbd0): unable to read superblock
[   85.735927][   T40] audit: type=1326 audit(1764976036.027:391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7210 comm="syz.0.373" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2626d8f7c9 code=0x0
[   85.810605][ T7209] x_tables: ip6_tables: sctp match: only valid for protocol 132
[   86.785450][  T837] usb 8-1: USB disconnect, device number 11
[   86.842822][ T6026] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[   86.992746][ T6026] usb 5-1: Using ep0 maxpacket: 8
[   86.998480][ T6026] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   87.001619][ T6026] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   87.005501][ T6026] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   87.008949][ T6026] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   87.013432][ T6026] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   87.016415][ T6026] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   87.132815][ T7238] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(13)
[   87.135189][ T7238] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[   87.138775][ T7238] vhci_hcd vhci_hcd.0: Device attached
[   87.141297][ T7243] vhci_hcd: unknown pdu 1
[   87.143938][ T1168] vhci_hcd: stop threads
[   87.146138][ T1168] vhci_hcd: release socket
[   87.147713][ T1168] vhci_hcd: disconnect device
[   87.224229][ T6026] usb 5-1: GET_CAPABILITIES returned 0
[   87.226053][ T6026] usbtmc 5-1:16.0: can't read capabilities
[   87.291567][ T7248] process 'syz.2.386' launched './file0' with NULL argv: empty string added
[   87.384551][ T7255] netlink: 24 bytes leftover after parsing attributes in process `syz.1.389'.
[   87.405238][ T7255] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7255 comm=syz.1.389
[   87.431744][  T837] usb 5-1: USB disconnect, device number 7
[   87.473504][ T7258] Invalid source name
[   87.474873][ T7258] UBIFS error (pid: 7258): cannot open "/dev/sg0", error -22
[   87.507692][ T7262] netlink: 32 bytes leftover after parsing attributes in process `syz.2.392'.
[   87.530479][ T7262] netem: incorrect gi model size
[   88.206657][ T5935] Bluetooth: hci1: Malformed Event: 0x2f
[   88.667807][ T7316] netlink: 8 bytes leftover after parsing attributes in process `syz.2.410'.
[   88.805783][ T7331] bridge0: port 2(bridge_slave_1) entered blocking state
[   88.808240][ T7331] bridge0: port 2(bridge_slave_1) entered listening state
[   88.810897][ T7331] bridge0: port 1(bridge_slave_0) entered blocking state
[   88.813368][ T7331] bridge0: port 1(bridge_slave_0) entered listening state
[   88.816239][ T7331] bridge0: entered allmulticast mode
[   88.844355][ T7333] ICMPv6: NA: ff:ff:ff:ff:ff:ff advertised our address fe80::aa on syz_tun!
[   89.086118][ T7343] Bluetooth: MGMT ver 1.23
[   89.202703][  T849] usb 7-1: new full-speed USB device number 6 using dummy_hcd
[   89.243327][ T7353] xt_cluster: node mask cannot exceed total number of nodes
[   89.355624][  T849] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 27750, setting to 64
[   89.360688][  T849] usb 7-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[   89.363744][  T849] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   89.366269][  T849] usb 7-1: Product: syz
[   89.367618][  T849] usb 7-1: Manufacturer: syz
[   89.369400][  T849] usb 7-1: SerialNumber: syz
[   89.373276][  T849] usb 7-1: config 0 descriptor??
[   89.388240][ T7355] orangefs_mount: mount request failed with -4
[   89.551743][ T5935] Bluetooth: hci3: Malformed Event: 0x2f
[   89.778908][   T40] kauditd_printk_skb: 13 callbacks suppressed
[   89.778918][   T40] audit: type=1400 audit(1764976040.067:405): avc:  denied  { read } for  pid=7378 comm="syz.1.431" lport=58 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[   89.794453][ T6026] usb 7-1: USB disconnect, device number 6
[   89.795251][   T40] audit: type=1400 audit(1764976040.077:406): avc:  denied  { write } for  pid=7378 comm="syz.1.431" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[   89.840828][   T40] audit: type=1400 audit(1764976040.127:407): avc:  denied  { read } for  pid=7381 comm="syz.0.430" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   89.849349][   T40] audit: type=1400 audit(1764976040.127:408): avc:  denied  { open } for  pid=7381 comm="syz.0.430" path="/dev/cpu/0/msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[   89.896493][ T7384] Invalid option length (1048180) for dns_resolver key
[   89.941448][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   89.992818][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   90.052774][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   90.248693][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   90.293073][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   90.296364][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   90.300127][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   90.303455][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   90.453425][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   90.856431][ T7396] overlayfs: conflicting options: userxattr,metacopy=on
[   91.025455][ T5935] Bluetooth: hci1: Malformed Event: 0x2f
[   91.283127][ T7409] bridge0: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms)
[   91.290355][ T7410] bridge1: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms)
[   91.302843][ T6026] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[   91.322327][   T40] audit: type=1400 audit(1764976041.607:409): avc:  denied  { lock } for  pid=7411 comm="syz.0.439" path="socket:[17975]" dev="sockfs" ino=17975 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1
[   91.452976][ T6026] usb 7-1: Using ep0 maxpacket: 8
[   91.463740][ T6026] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   91.467882][ T6026] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   91.471948][ T6026] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   91.476113][ T6026] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   91.482488][ T6026] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   91.486602][ T6026] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   91.694330][ T6026] usb 7-1: GET_CAPABILITIES returned 0
[   91.696253][ T6026] usbtmc 7-1:16.0: can't read capabilities
[   91.904097][   T29] usb 7-1: USB disconnect, device number 7
[   91.927044][ T7426] bond_slave_1: entered promiscuous mode
[   91.942448][ T7426] __nla_validate_parse: 1 callbacks suppressed
[   91.942460][ T7426] netlink: 8 bytes leftover after parsing attributes in process `syz.3.444'.
[   92.008167][ T7383] Set syz1 is full, maxelem 65536 reached
[   92.039799][   T40] audit: type=1326 audit(1764976042.327:410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7429 comm="syz.1.446" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdefd98f7c9 code=0x0
[   92.113634][   T40] audit: type=1400 audit(1764976042.407:411): avc:  denied  { append } for  pid=7434 comm="syz.3.448" name="card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[   92.125072][   T40] audit: type=1400 audit(1764976042.417:412): avc:  denied  { create } for  pid=7434 comm="syz.3.448" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[   92.133019][   T40] audit: type=1400 audit(1764976042.417:413): avc:  denied  { accept } for  pid=7434 comm="syz.3.448" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[   92.525418][   T40] audit: type=1400 audit(1764976042.817:414): avc:  denied  { map } for  pid=7451 comm="syz.0.455" path="/dev/vbi1" dev="devtmpfs" ino=978 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[   92.781607][ T7467] netlink: 'syz.3.461': attribute type 10 has an invalid length.
[   92.793513][ T6026] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[   92.794940][ T7467] 8021q: adding VLAN 0 to HW filter on device batadv0
[   92.801082][ T7467] .`: (slave batadv0): Enslaving as an active interface with an up link
[   92.809532][ T7470] netlink: 4 bytes leftover after parsing attributes in process `syz.0.462'.
[   92.814614][ T7467] netlink: 'syz.3.461': attribute type 5 has an invalid length.
[   92.942735][ T6026] usb 7-1: Using ep0 maxpacket: 8
[   92.948090][ T6026] usb 7-1: config 0 interface 0 has no altsetting 0
[   92.951061][ T6026] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[   92.955968][ T6026] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.963030][ T6026] usb 7-1: config 0 descriptor??
[   93.158736][ T7484] netlink: 256 bytes leftover after parsing attributes in process `syz.0.467'.
[   93.377329][ T6026] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[   93.380452][ T6026] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[   93.383299][ T6026] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[   93.386161][ T6026] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[   93.386806][ T7494] netlink: 66 bytes leftover after parsing attributes in process `syz.1.471'.
[   93.388896][ T6026] mcp2221 0003:04D8:00DD.0004: unknown main item tag 0x0
[   93.395348][ T6026] mcp2221 0003:04D8:00DD.0004: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0
[   93.422005][ T7496] capability: warning: `syz.1.472' uses deprecated v2 capabilities in a way that may be insecure
[   93.581620][ T7455] comedi comedi3: c6xdigio: I/O port conflict (0x8,3)
[   93.586697][ T7455] ------------[ cut here ]------------
[   93.589180][ T7455] Unexpected driver unregister!
[   93.591303][ T7455] WARNING: drivers/base/driver.c:273 at 0x0, CPU#0: syz.2.456/7455
[   93.594823][ T7455] Modules linked in:
[   93.596795][ T7455] CPU: 0 UID: 0 PID: 7455 Comm: syz.2.456 Not tainted syzkaller #0 PREEMPT(full) 
[   93.600674][ T7455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   93.604728][ T7455] RIP: 0010:driver_unregister+0x89/0xb0
[   93.606583][ T7455] Code: 00 75 3a 48 8b 73 68 48 89 ef e8 62 be 87 fc 48 89 df e8 1a 94 ff ff 5b 5d e9 b3 8e dc fb e8 ae 8e dc fb 48 8d 3d f7 1a b0 0a <67> 48 0f b9 3a 5b 5d e9 9b 8e dc fb e8 d6 be 45 fc eb 9a e8 cf be
[   93.612762][ T7455] RSP: 0018:ffffc900253279a0 EFLAGS: 00010287
[   93.614919][ T7455] RAX: 0000000000001288 RBX: ffffffff8ff4ff80 RCX: ffffc90007662000
[   93.617501][ T7455] RDX: 0000000000080000 RSI: ffffffff85e19792 RDI: ffffffff9091b290
[   93.620083][ T7455] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
[   93.622729][ T7455] R10: 0000000000000000 R11: 000000005facc7fc R12: ffffffff8ff4fec0
[   93.625304][ T7455] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88810334c000
[   93.628267][ T7455] FS:  00007f1962c436c0(0000) GS:ffff8880d6960000(0000) knlGS:0000000000000000
[   93.631172][ T7455] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   93.633604][ T7455] CR2: 000000110c401284 CR3: 0000000026663000 CR4: 0000000000352ef0
[   93.636416][ T7455] Call Trace:
[   93.637554][ T7455]  <TASK>
[   93.638576][ T7455]  comedi_device_detach_locked+0x12f/0xa50
[   93.640545][ T7455]  comedi_device_detach+0x67/0xb0
[   93.642233][ T7455]  comedi_device_attach+0x43d/0x900
[   93.644353][ T7455]  do_devconfig_ioctl+0x1b1/0x710
[   93.646437][ T7455]  ? comedi_unlocked_ioctl+0x167/0x2ee0
[   93.648609][ T7455]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[   93.650483][ T7455]  ? find_held_lock+0x2b/0x80
[   93.652093][ T7455]  comedi_unlocked_ioctl+0x165d/0x2ee0
[   93.654199][ T7455]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   93.656269][ T7455]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   93.658294][ T7455]  ? do_vfs_ioctl+0x128/0x14f0
[   93.659966][ T7455]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   93.661716][ T7455]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[   93.664227][ T7455]  ? hook_file_ioctl_common+0x144/0x410
[   93.666169][ T7455]  ? selinux_file_ioctl+0x180/0x270
[   93.667975][ T7455]  ? selinux_file_ioctl+0xb4/0x270
[   93.669685][ T7455]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   93.671632][ T7455]  __x64_sys_ioctl+0x18e/0x210
[   93.673266][ T7455]  do_syscall_64+0xcd/0xf80
[   93.674827][ T7455]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.676831][ T7455] RIP: 0033:0x7f1961d8f7c9
[   93.678351][ T7455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.684706][ T7455] RSP: 002b:00007f1962c43038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   93.687479][ T7455] RAX: ffffffffffffffda RBX: 00007f1961fe5fa0 RCX: 00007f1961d8f7c9
[   93.690095][ T7455] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000005
[   93.692736][ T7455] RBP: 00007f1961e13f91 R08: 0000000000000000 R09: 0000000000000000
[   93.695384][ T7455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   93.698037][ T7455] R13: 00007f1961fe6038 R14: 00007f1961fe5fa0 R15: 00007fff26167908
[   93.700668][ T7455]  </TASK>
[   93.701759][ T7455] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   93.704198][ T7455] CPU: 0 UID: 0 PID: 7455 Comm: syz.2.456 Not tainted syzkaller #0 PREEMPT(full) 
[   93.707235][ T7455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   93.710710][ T7455] Call Trace:
[   93.711816][ T7455]  <TASK>
[   93.712814][ T7455]  dump_stack_lvl+0x3d/0x1f0
[   93.714405][ T7455]  vpanic+0x640/0x6f0
[   93.715729][ T7455]  panic+0xca/0xd0
[   93.717004][ T7455]  ? __pfx_panic+0x10/0x10
[   93.718477][ T7455]  check_panic_on_warn+0xab/0xb0
[   93.720130][ T7455]  __warn+0x108/0x3c0
[   93.721457][ T7455]  __report_bug+0x2a0/0x520
[   93.722984][ T7455]  ? __pfx___report_bug+0x10/0x10
[   93.724660][ T7455]  ? driver_unregister+0x82/0xb0
[   93.726316][ T7455]  report_bug_entry+0xb2/0x220
[   93.727906][ T7455]  ? driver_unregister+0x89/0xb0
[   93.729516][ T7455]  handle_bug+0x18a/0x260
[   93.731151][ T7455]  exc_invalid_op+0x17/0x50
[   93.732667][ T7455]  asm_exc_invalid_op+0x1a/0x20
[   93.734400][ T7455] RIP: 0010:driver_unregister+0x89/0xb0
[   93.736250][ T7455] Code: 00 75 3a 48 8b 73 68 48 89 ef e8 62 be 87 fc 48 89 df e8 1a 94 ff ff 5b 5d e9 b3 8e dc fb e8 ae 8e dc fb 48 8d 3d f7 1a b0 0a <67> 48 0f b9 3a 5b 5d e9 9b 8e dc fb e8 d6 be 45 fc eb 9a e8 cf be
[   93.742438][ T7455] RSP: 0018:ffffc900253279a0 EFLAGS: 00010287
[   93.744465][ T7455] RAX: 0000000000001288 RBX: ffffffff8ff4ff80 RCX: ffffc90007662000
[   93.747075][ T7455] RDX: 0000000000080000 RSI: ffffffff85e19792 RDI: ffffffff9091b290
[   93.749650][ T7455] RBP: 0000000000000000 R08: 0000000000000007 R09: 0000000000000000
[   93.752180][ T7455] R10: 0000000000000000 R11: 000000005facc7fc R12: ffffffff8ff4fec0
[   93.754863][ T7455] R13: dffffc0000000000 R14: 0000000000000000 R15: ffff88810334c000
[   93.757441][ T7455]  ? driver_unregister+0x82/0xb0
[   93.759112][ T7455]  comedi_device_detach_locked+0x12f/0xa50
[   93.761147][ T7455]  comedi_device_detach+0x67/0xb0
[   93.763004][ T7455]  comedi_device_attach+0x43d/0x900
[   93.764813][ T7455]  do_devconfig_ioctl+0x1b1/0x710
[   93.766528][ T7455]  ? comedi_unlocked_ioctl+0x167/0x2ee0
[   93.768367][ T7455]  ? __pfx_do_devconfig_ioctl+0x10/0x10
[   93.770235][ T7455]  ? find_held_lock+0x2b/0x80
[   93.771821][ T7455]  comedi_unlocked_ioctl+0x165d/0x2ee0
[   93.773656][ T7455]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   93.775618][ T7455]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   93.777587][ T7455]  ? do_vfs_ioctl+0x128/0x14f0
[   93.779191][ T7455]  ? __pfx_do_vfs_ioctl+0x10/0x10
[   93.780838][ T7455]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[   93.783091][ T7455]  ? hook_file_ioctl_common+0x144/0x410
[   93.784938][ T7455]  ? selinux_file_ioctl+0x180/0x270
[   93.786716][ T7455]  ? selinux_file_ioctl+0xb4/0x270
[   93.788395][ T7455]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[   93.790380][ T7455]  __x64_sys_ioctl+0x18e/0x210
[   93.791993][ T7455]  do_syscall_64+0xcd/0xf80
[   93.793555][ T7455]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   93.795556][ T7455] RIP: 0033:0x7f1961d8f7c9
[   93.797026][ T7455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   93.803350][ T7455] RSP: 002b:00007f1962c43038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   93.806613][ T7455] RAX: ffffffffffffffda RBX: 00007f1961fe5fa0 RCX: 00007f1961d8f7c9
[   93.809216][ T7455] RDX: 00002000000000c0 RSI: 0000000040946400 RDI: 0000000000000005
[   93.811776][ T7455] RBP: 00007f1961e13f91 R08: 0000000000000000 R09: 0000000000000000
[   93.814379][ T7455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   93.816988][ T7455] R13: 00007f1961fe6038 R14: 00007f1961fe5fa0 R15: 00007fff26167908
[   93.819596][ T7455]  </TASK>
[   93.821356][ T7455] Kernel Offset: disabled
[   93.822749][ T7455] Rebooting in 86400 seconds..