last executing test programs:

11.419657054s ago: executing program 2 (id=615):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x5, 0x3032, 0xffffffffffffffff, 0x0)
r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60)
ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, &(0x7f00000010c0)={0x8, 0x8})

11.319203206s ago: executing program 2 (id=616):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x408041, 0x0)
write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000180)={{0x2, 0x4e23, @empty}, {0x20000010304, @local}, 0x4, {0x2, 0x4e20, @rand_addr=0x64010102}})
prlimit64(0x0, 0x7, &(0x7f00000003c0), 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
syz_fuse_handle_req(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006780)={0x90, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0xfffffffc, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0xfcc00000}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a2c000000060a09040000000000000000020000000900020073797a32000000000900010073797a300000000070000000080a01010000000000000000020000000900010073797a30000000000900020073797a32000000002c00058008000140000000000800024000000000080001400000000608000140000000f9080001400000005c080009"], 0xc4}}, 0x0)
setrlimit(0x7, &(0x7f00000000c0)={0x7992, 0x200})
ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000040)=0x80000)
r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$FAT_IOCTL_GET_ATTRIBUTES(r3, 0x80047210, &(0x7f0000000080))
ioctl$SNDCTL_DSP_GETOPTR(r0, 0x800c5012, &(0x7f0000000240))

11.318966513s ago: executing program 2 (id=617):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_GET_STATS_FD_vm(r1, 0xaece)
socket$inet6(0xa, 0x2, 0x0) (async)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) (async)
openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) (async)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000b40), 0x800, 0x0) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async)
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0x1, 0x60, {"3ef30fc735fc9a00003e0f01c8c4417df1a9b398000066b824008ec8460f79f2c4e1717db49c26000000b9800000c00f3235000400000f307b9666baa00066b8000066ef66bad1040f01c2260f78da"}}], 0x60})
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) (async)
r5 = eventfd2(0x5, 0x801)
ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000080)={0x6, 0x0, 0x0, r5}) (async)
ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60)
r6 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
syz_kvm_add_vcpu$x86(0x0, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@enable_nested={0x12c, 0x18}, @nested_create_vm={0x12d, 0x18}, @nested_load_code={0x12e, 0x4d, {0x0, "48b800800000000000000f23c80f21f8350c0020000f23f86d3266b864000f00d03500010000b8050002000f006080000f01b00f30"}}, @nested_vmlaunch={0x12f, 0x18}], 0x95}) (async)
ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000040)) (async)
r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f0000000100)={[{0x5, 0xc000, 0x4, 0x5, 0x0, 0x8, 0x80, 0xa, 0xb9, 0x1, 0x11, 0xd, 0x204}, {0x804, 0x1, 0x1, 0x49, 0x87, 0x2, 0x2, 0xff, 0x0, 0x4, 0x6, 0x7f, 0x20c}, {0x1, 0x3, 0x38, 0x5, 0x8, 0x7, 0x3, 0x50, 0x0, 0x70, 0x4, 0x5, 0x4}], 0xffffffff}) (async)
ioctl$KVM_GET_MSR_INDEX_LIST(r6, 0xc004ae02, &(0x7f0000000000)) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
ioctl$KVM_SET_REGS(r7, 0x4090ae82, &(0x7f00000003c0)={[0x60000000000, 0xdb, 0x0, 0x8, 0x2000001, 0x0, 0x2004cb, 0xfffffffffffffff9, 0x2, 0x1136b2e5, 0x9, 0x0, 0x3, 0x0, 0x8000000000, 0xfffffffffffffffa], 0x8004005, 0x202}) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r7, 0xae80, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc)

10.798845257s ago: executing program 2 (id=620):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x2, &(0x7f0000002680)='usrquota')
chdir(&(0x7f0000000180)='./file1\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='net_prio.prioidx\x00', 0x275a, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x12, &(0x7f0000000040)=0x80000001, 0x4)
fstat(0xffffffffffffffff, &(0x7f00000024c0)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000802, r2, &(0x7f0000002540)={0x3ff000000, 0x8000000000000001, 0xa1e76e, 0x6, 0xfffffffffffffff7, 0x5, 0x2, 0xb, 0x4})
quotactl_fd$Q_SETQUOTA(r0, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x63, 0xdc, 0x6, 0x0, 0x2, 0x8000000, 0x1, 0x4, 0x4})
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
stat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r3=>0x0})
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000400)=@v3={0x3000000, [{0x9, 0x1}, {0x0, 0x3d9b}], r3}, 0x18, 0x0)
quotactl_fd$Q_QUOTAOFF(r0, 0xffffffff80000302, r3, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
read$FUSE(r4, &(0x7f0000000480)={0x2020, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x2020)
r6 = syz_clone(0x40000, 0x0, 0x0, 0x0, 0x0, 0x0)
lgetxattr(&(0x7f0000000200)='./file0\x00', &(0x7f00000025c0)=ANY=[@ANYBLOB='.usrquota'], &(0x7f0000002600)=""/91, 0x5b)
r7 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r7, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, 0x0}], 0x1, 0x43, 0x0, 0x0)
sendmsg$kcm(r4, &(0x7f0000002c40)={&(0x7f00000026c0)=@in6={0xa, 0x4e21, 0x3ff, @empty, 0x9}, 0x80, &(0x7f00000028c0)=[{&(0x7f0000002740)="4f465a550eb3daf4b073c0af73ad2a1ffc2436e3eb0040c657e812467737358bf8d6269aa52e66a9d6639bf85dae6f9a3b7d8a98de57d99f49ff0b9dda160b8f8becfb25dd3100fc0371dd80c0d4b8fc653555", 0x53}, {&(0x7f00000027c0)="9258cf8c83d21f6ddd614d75b81ae7a09f94747927018120af4bdef7dcb5685de1d3994f788a33ec61ba79536a222742276c1c2ea52479c268acc2e87edf74bf8f99119478df9b33167e20203aa639cb62c9a124ab3a9a015df44fe8aec4d7a1f2285d10f88063cb41a19962dd12b730f30d89bf0e9cbcd12ecb61aabd2ad348adc13fbb308f0ad1e7d4d926f0d21856785e15d36f6d3cce65a724e8f6956beeadf41e6306c5e1910340458378ef75b831d6de3847496f062679d642ca495db4d4e6e5ccb85fa78c87654c2f3ff2997dd2d738b0a77c3cf0f0289b07556f75a57922c1a0dc8c955c224f95ce4f2821bd3812f7da", 0xf4}], 0x2, &(0x7f0000002900)=[{0xf8, 0x111, 0x80000000, "6474b8008f6367789ccc603e0cbdb71765f931c7b0757a8ec37fefdfcaf2272b70503dbdf3c9e6a82ab31fabbfd4e4f16687b33dabda30af50725682705b0c208341c9edc763fe692b7ce17404d07d115c2c3f40a4536f345b28c3dd1999e37508985c64e9a0d5e4329a3d3a9f84e47b092dcb6ba98c07f2b4a356bc8108913912506c130167e20060b2a3a441f2cefbeae65081bea43f0f09487bff80c3bbc71da1803bfdb4c5fa7798050840123ec6e2ac3b000b3b019b1153d435f68060f8c4c9c60b706614f0c13fbd5a20635769490a5014424643330186cbcb5f4222bbbec2f1254f43fb"}, {0x28, 0x29, 0x8, "31b7fe255ae54a2a23defcf7dff9c742d8"}, {0xa0, 0x19c, 0x3, "ae80b8617fd3159f29ab7069fd3c6e51b55d251e4573c98ac769aeec2d8e046433c29177855f1de4fc0362ca493a651cab754f88836d5e7dfe04019da6c3c934bfdf19d6065ca00a952f4bad1d05a0e4ec760f637dad0d5d9d0a1a7d13347ecdc1e7039b1b731d33f49361b8cc64055b5dd6ca99e4ee25c0df36c92e7bad29cb7f3f266334db046273ca82"}, {0x78, 0x103, 0x0, "4a64e072573c8198f103ada93b6fa7fa696f4ebe62100642acd56478230a0428030a1f076186973a3cc7bfadec130607e2a31399d91521fc161f6924d39e2143bd58f52a2cfebf8bf668e3e59521015031acceb2d6134801669f69c21998972dcd"}, {0x20, 0x10e, 0xfffffffa, "17cd80e8620007ba73"}, {0xd8, 0x1, 0x0, "46a5e8615925d775a624d2ca9767356a6753fe0a0e7c24d2b35ce44eb09856f78f00595f845ef3bc70f0355e6d5755c3f2b60491010d3b65011f1e2694be740503c6f7fc2398946464dc55da56a4d87eaedac80e46fadda980e093c36f006484baa8d10d93fd1456ceb4593af4f00ea901a82391927917544761b32b33b2ed618eb30a26d8077020890d8d9ae045c06d78cfbc25216ed63648e7750f2bdfe5797c8aceba934a9f8907cedf8c0dba3d1c6f747488fe1d3c2871519155f9d5de8efaea5ad3c5"}], 0x330}, 0x4080)
ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000280)={[0x4, 0x2, 0x80, 0x5, 0x4, 0x7f, 0x4232, 0x0, 0x81, 0x9c1, 0x9001, 0x5, 0x7, 0x4db6, 0x0, 0xfffffdffffffffda], 0x0, 0x80300})
ioctl$KVM_RUN(r8, 0xae80, 0x0)
ptrace(0x10, r6)
ptrace$ARCH_SET_GS(0x1e, r6, 0x0, 0x1001)
setpgid(r5, r6)
ioctl$VIDIOC_DBG_G_CHIP_INFO(r0, 0xc0c85666, &(0x7f0000000380)={{0x3, @addr=0x7fff}, "de4c6f31c77a736ce5f21c2fc397bde0ecfe87ef7d1be83db8e8e1e362de12d2", 0x2})
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=@updsa={0xf0, 0x1a, 0x1, 0x70bd26, 0x0, {{@in=@private=0xa010101, @in=@empty}, {@in=@multicast1, 0x0, 0x33}, @in6=@rand_addr=' \x01\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {0x0, 0x4000000000}, {}, 0x0, 0x20000, 0x2}}, 0xf0}}, 0x0)

10.738057674s ago: executing program 2 (id=622):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r2=>0x0})
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
write$selinux_load(r4, &(0x7f00000002c0)={0xf97cff8c, 0x8, 'SE Linux', "044efa18d54d74cad853a9cab09b0b1f44654d5c455f97684f745b523f0e8ab413a606e73b0dbb015fc5c9ac027a3b158d3a63fb32d79585277a71e129b54c0da1a894df0438350bcc019a32b4198d74a8d5fb"}, 0x63)
sendmsg$netlink(r3, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000002840)={0x114, 0x27, 0x1, 0x0, 0x0, "", [@nested={0x101, 0x0, 0x0, 0x1, [@generic="24d4e3455c7216da3484447f8a081f930884b55764ca84de3d0e7bc8d6f29cd84ba9408cf2351604f1724e10a8fcc3988de886d82375980e92a1ba2f8410b06773cbbf6293af17222761aa1289e6a8f1d888f4809cdccfe1c8695630dcb6bad9b53d1d97f2f820a715ce709fcaa40a70dc4c98ebbe761c0eec46d4f50508215e72fc781a471b1a7c769a074f2d6388253cfdd4b0e37a788fbb7296ae39bb35439c66437fa3347adfaca46f74fbc95f1b070287096cc9bdc953ea637c118a68a8ddc03aa44e8aa8ca5dac063a05", @typed={0x2d, 0x0, 0x0, 0x0, @binary="8bb982eb4ec7e08b552a2807c00bbfbbb5369dd1e04690a1267e29e89d27673db50050419e278e6130"}]}]}, 0x114}], 0x1}, 0x0)
sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x68, r1, 0x1, 0x70bd2d, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x33}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x28}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x68}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x66}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x18}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x2f}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x2b}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000000}, 0x80)
sendmsg$NL80211_CMD_EXTERNAL_AUTH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r1, 0x1, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0)

10.439981822s ago: executing program 2 (id=627):
r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x840, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r2 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x1d2)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000002c0)={&(0x7f0000000180)=[0x0, 0x0, <r3=>0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0], &(0x7f0000000280)=[0x0], 0x6, 0x2, 0x2, 0x1})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000380)={0x0, 0x1, 0x40, 0x2, 0x1, [<r4=>0x0], [0xffff, 0x7, 0x0, 0x5], [0x5, 0xc, 0xcdda, 0x4], [0x0, 0xb, 0xff]})
ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000480)={0x0, 0xfffffffb, 0xb, 0x5, 0x2, [0x0, 0x0, 0x0, <r5=>0x0], [0x400, 0x81, 0x7a97, 0x81], [0xfff, 0x6, 0x8], [0x80000001, 0x0, 0xffff, 0x9]})
ioctl$DRM_IOCTL_MODE_ADDFB2(r2, 0xc06864b8, &(0x7f0000000500)={r3, 0xffff, 0x0, 0x100, 0x2, [0x0, r4, 0x0, r5], [0x5, 0xfa, 0x7], [0x100, 0x5, 0xc, 0x5], [0xb42, 0x6, 0x5, 0xf]})
setxattr$trusted_overlay_nlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x1)
read$FUSE(r1, &(0x7f0000003480)={0x2020}, 0x2020)
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r1, 0xc0045520, &(0x7f0000000080)=0x7)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$NL80211_CMD_NEW_MPATH(r6, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4040889}, 0x40)
ioctl$sock_SIOCINQ(r6, 0x541b, &(0x7f0000000a00))
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r7)

10.395137356s ago: executing program 32 (id=627):
r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000000), 0x840, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x8)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x88)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r2 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x1d2)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000002c0)={&(0x7f0000000180)=[0x0, 0x0, <r3=>0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0], &(0x7f0000000280)=[0x0], 0x6, 0x2, 0x2, 0x1})
ioctl$DRM_IOCTL_MODE_GETFB2(r1, 0xc06864ce, &(0x7f0000000380)={0x0, 0x1, 0x40, 0x2, 0x1, [<r4=>0x0], [0xffff, 0x7, 0x0, 0x5], [0x5, 0xc, 0xcdda, 0x4], [0x0, 0xb, 0xff]})
ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000480)={0x0, 0xfffffffb, 0xb, 0x5, 0x2, [0x0, 0x0, 0x0, <r5=>0x0], [0x400, 0x81, 0x7a97, 0x81], [0xfff, 0x6, 0x8], [0x80000001, 0x0, 0xffff, 0x9]})
ioctl$DRM_IOCTL_MODE_ADDFB2(r2, 0xc06864b8, &(0x7f0000000500)={r3, 0xffff, 0x0, 0x100, 0x2, [0x0, r4, 0x0, r5], [0x5, 0xfa, 0x7], [0x100, 0x5, 0xc, 0x5], [0xb42, 0x6, 0x5, 0xf]})
setxattr$trusted_overlay_nlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x0, 0x0, 0x1)
read$FUSE(r1, &(0x7f0000003480)={0x2020}, 0x2020)
ioctl$SNDRV_CTL_IOCTL_HWDEP_NEXT_DEVICE(r1, 0xc0045520, &(0x7f0000000080)=0x7)
r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
sendmsg$NL80211_CMD_NEW_MPATH(r6, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4040889}, 0x40)
ioctl$sock_SIOCINQ(r6, 0x541b, &(0x7f0000000a00))
r7 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), r7)

1.508501178s ago: executing program 4 (id=825):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="796100000000000000007e00000008000300", @ANYRES32=0x0, @ANYBLOB="81d661dd7388aaf7bac55932716758c580f56506bdd9df256435d49facd88c51dfe6c347f47ec80186565df110fd22a82b5aed8dcf31bffed733c88c8b9f63c87003df2a5957c19a7eff967c4a89cacaebc287f4f214d40f9e9a2cf64ad79f7290d9d50a3a387fe6dce41f63c8b3c98f56546c29956ebf1590cf643016950262ff4a666b1b0cbe5ff3c9e5cf0affd8f26f1468f6abc0655978cfe1a94d6c60b85c0f3f177b93050edb907b1af1c414a435023a6b6141b81d210094d118f907aa8b8281b10c356a22a6c9105569a0e7ddf2aac4fb"], 0x1c}, 0x1, 0x300000000000}, 0x4000054)

1.508312934s ago: executing program 0 (id=826):
open$dir(0x0, 0x200000, 0x2)
bpf$PROG_LOAD(0x5, 0x0, 0x0) (async)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x48)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)) (async)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r1=>0xffffffffffffffff})
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x6, 0x3, &(0x7f0000000480)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'veth1_virt_wifi\x00', <r3=>0x0})
r4 = bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000800)={r2, r3, 0x25, 0x4, @val=@tcx}, 0x1c)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040))
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
r6 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000700)=0x14) (async)
ioctl$TIOCSETD(r6, 0x5423, &(0x7f0000000700)=0x14)
r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x3, &(0x7f0000000480)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000680)={r4, r7, 0x4, r2}, 0x10)
close_range(r1, 0xffffffffffffffff, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff) (async)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000200)={'wlan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f0000000200)={'wlan0\x00', <r11=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r8, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000880)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="cf0400000000000000001300000008000300", @ANYRES32=r11, @ANYBLOB="040013000a000600ffffffffffff000006001200000000000600b500c90200000400ac000c0043"], 0x4c}}, 0x0)
syz_open_dev$sg(&(0x7f0000000080), 0xf9ba, 0x14b082)

1.450282278s ago: executing program 4 (id=827):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
io_uring_setup(0x7c77, &(0x7f0000000140)={0x0, 0x1cea, 0x80, 0x3, 0x253})
ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000100)={'ip6_vti0\x00', &(0x7f0000000080)={'syztnl0\x00', 0x0, 0x29, 0x8, 0x9, 0x8001, 0x10, @loopback, @private1={0xfc, 0x1, '\x00', 0x1}, 0x80, 0x40, 0x5, 0x9}})
getsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f0000000000)=[{}], &(0x7f0000000040)=0x8)

1.230267863s ago: executing program 4 (id=828):
r0 = socket$unix(0x1, 0x1, 0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f0000000040)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
listen(r1, 0x0)
connect$unix(r0, &(0x7f0000932000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'michael_mic-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000000)="4dc07f947163300c", 0x8)
r3 = accept4(r2, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3)
connect$unix(r0, &(0x7f00000005c0)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r4)
wait4(r4, 0x0, 0x0, &(0x7f0000000500))
prlimit64(r4, 0xb, &(0x7f0000000000)={0x6, 0x8}, &(0x7f00000000c0))
dup3(r0, r1, 0x0)

1.179900833s ago: executing program 0 (id=830):
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1a, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000030000000000000080000000850000003900000095"], &(0x7f00000000c0)='syzkaller\x00', 0x3, 0x0, 0x0, 0x41000, 0x43, '\x00', 0x0, @tracing=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)

1.17917792s ago: executing program 0 (id=831):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x26e1, 0x0)
close(r0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x44}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)
r1 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000000)={0xfffffffb}, 0x10)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="3000000012009702"], 0x30}, 0x1, 0x0, 0x0, 0x40010}, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r2, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="d8000000580081044e81f782db44b904021d0800090002", 0x17}], 0x1}, 0x24044880)
ioctl$SIOCSIFHWADDR(r0, 0x8b32, &(0x7f0000000000)={'virt_wifi0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}})
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r3=>0xffffffffffffffff}, './file0\x00'})
getsockopt$inet_sctp_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0xe)
ioctl$sock_SIOCINQ(r3, 0x541b, &(0x7f00000000c0))
mknodat(r3, &(0x7f0000000100)='./file0\x00', 0x10, 0x8)

1.110023682s ago: executing program 0 (id=832):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000002180), 0xffffffffffffffff)
sendmsg$NL802154_CMD_GET_SEC_DEV(r0, &(0x7f0000002380)={0x0, 0x0, &(0x7f0000002340)={&(0x7f0000000680)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010328bd7000fedbdf25190000000c00060001"], 0x20}, 0x1, 0x0, 0x0, 0x4000800}, 0x20000080)
r2 = fsopen(&(0x7f0000000000)='devtmpfs\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)

1.109860943s ago: executing program 0 (id=833):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r1, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r1, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
r2 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$sock_int(r2, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4)
bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c)
listen(r2, 0x6)
listen(r1, 0xa)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3f}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_BR_MULTI_BOOLOPT={0xc, 0x2e, {0x3, 0x3}}, @IFLA_BR_VLAN_FILTERING={0x5, 0x7, 0x8}]}}}]}, 0x48}}, 0x0)

1.038598776s ago: executing program 0 (id=834):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000005c0)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x48001, 0xf00)

639.056336ms ago: executing program 1 (id=835):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="796100000000000000007e00000008000300", @ANYRES32=0x0, @ANYBLOB="81d661dd7388aaf7bac55932716758c580f56506bdd9df256435d49facd88c51dfe6c347f47ec80186565df110fd22a82b5aed8dcf31bffed733c88c8b9f63c87003df2a5957c19a7eff967c4a89cacaebc287f4f214d40f9e9a2cf64ad79f7290d9d50a3a387fe6dce41f63c8b3c98f56546c29956ebf1590cf643016950262ff4a666b1b0cbe5ff3c9e5cf0affd8f26f1468f6abc0655978cfe1a94d6c60b85c0f3f177b93050edb907b1af1c414a435023a6b6141b81d210094d118f907aa8b8281b10c356a22a6c9105569a0e7ddf2aac4fb"], 0x1c}, 0x1, 0x1000000000000}, 0x4000054)

530.602525ms ago: executing program 1 (id=836):
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x1a6c42)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x28011, r1, 0x0) (fail_nth: 2)

530.323808ms ago: executing program 1 (id=837):
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x1)
syz_kvm_setup_syzos_vm$x86(r2, &(0x7f0000bff000/0x400000)=nil) (async)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r2, 0x4020aed2, &(0x7f0000000080)={0x0, 0x117000, 0x8}) (async)
r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_KEY_SET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB='\x00(\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000003000000400001802c0004001400010002000000ac14140f00000000000000001400020002000000ffffffff00000000000000000d0001007564233a73"], 0x54}}, 0x0) (async)
r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000000040), r0)
syz_emit_ethernet(0x86, &(0x7f0000000000)={@broadcast, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x78, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x1b59, 0x64, 0x0, @wg=@response={0x2, 0x0, 0x0, "0002000000753904030405a024f0dd00", "9384bbeb3018ad591b661fe808b21b77", {"694c875dfb1be5d2a0057a62022a1564", "a329d3a13bd5b6cc6a9471314a1d8c69"}}}}}}}, 0x0) (async)
r5 = ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
sendmsg$GTP_CMD_ECHOREQ(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x50, r4, 0x100, 0x70bd2b, 0x25dfdbfb, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @multicast1}, @GTPA_FLOW={0x6}, @GTPA_FAMILY={0x5, 0xd, 0xb}, @GTPA_NET_NS_FD={0x8, 0x7, r5}, @GTPA_O_TEI={0x8, 0x9, 0x2}, @GTPA_PEER_ADDR6={0x14, 0xb, @ipv4={'\x00', '\xff\xff', @multicast1}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40001}, 0x20040000)
ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1)

360.255616ms ago: executing program 4 (id=838):
r0 = socket(0xa, 0x3, 0x3a)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f00000000c0)={0x4, 0x1, 0x1}, 0xc)
r1 = socket(0x2b, 0x1, 0x1)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
connect$inet6(r1, &(0x7f00000001c0)={0xa, 0x4e1f, 0x2, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c)
setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000100), 0x4)
setsockopt$MRT6_FLUSH(r0, 0x29, 0xd4, &(0x7f0000000080)=0xa, 0x4)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000080)={0x1, 0x2, 0x1000, 0xf, &(0x7f0000000040)="a9ea304609f9a352d5a9e5d767244d", 0x1000, 0x0, &(0x7f0000000400)="7df40781fa615cc358907b7ccef777c38f73d46d5bf27588e7db322c83b7fac11603f0778e55030ce61df006d552047a0911898b192bb33f9a4ce20ac373de40363825829c33b4bf02abeec171f9ac956f3bc1e163a795615dbf6457b313e2042078f0377dfa008e673a443255e1098c9f708f9ee05d7ad89981ad3ac4e54759417b21994d7372b90c463750bdd46760c06500d916e984a39906848aaed28303bd2d85b022a667cbb39245bbaa724a212931627eb38695b46de82033dae79b339907294e9f8d8402609d12b1b5ac4c8668fcf5532f13634c5520c52d5a8aee67a0f676661e73911a6917fa4b07143b90fc650b84ede663f9daec40ec823e8f51f554cc787dd83a249ba671f2bac5d19298bcdc5aede3e4bcd81ca18195efb997c2804d633bd64e0b635634695df0ebebc3eff6c294cf61c03d6b4895f4377c938c5fe8f1e5554602e8993909e8b86a71cbb7b700a454ff1fa6093d53a41fe2a7b589fbd69df9f8fb11007c3a3d18f3c3ffa7feef7d47304c0fe68d31c440720b60371f9b81afcde6629fe64ba75b534372f1835743f6844ecfd822a50b6dea094d69a038a970e02ccb4b0ecf37ba66b45a5f0d7af2f479ad4bd04bbb8a7364c2d734b207d4b36d343c8c082d71a7d2b196de9770717c37f0a99020fb13ffc664fa5f57e556b21894727832bbc8bf865b95a1a1d015b06fdb7441509780d1ee041e5905241af2ce788917c3d0178ef007600ba8af81e8f17dd6e31d38ea6d0ab3679c8725657fcc875918b7629e2cf887f0eef18987f68785486077febe2f362d336093cce8c52971cb2794dca49e21add996588c43bafe2cd94fbe864aebd9e766d239b162011857af22860b4b1be2721b89f656c91281dfd7432d00f138da0ac7ef1e8d4481531769ffed6383c9bb7c1ceac339c635ef683344aaa9be859b8a7b9873208af8b586f9be9a939eb7035a450f4a04df3fd13eeb30a2c1e21abe872d4a978b74f283e1e79002a19d9300033267d393654f8c07b6e9c7cd12b801132db878e5e3e4354336e1e1ddcf7a5f86cafb396eceda55b19bf602e08d4bc244891a52c3777c7b226eb9fcfb09cbf3183580d7b9abb0a73c61a94b9eb7b3c28a0e895a483d05eb511be995d2e536f473af5df0b738c8cb21a81f4511ec8c93987e66540ffc1911f19c43ac7e13f9c033923fe480b34cbf045e0c14171a33ef1701a50ed6657dde99d34b42784c1b7d72a3422d269546bdf07350a31bfb05b3a5f368ec322d181ee5360bac8af1dd239ef9bdb1b25da6429182b295e19a005c47db05dba88e0d37d8016c4e926128f76642339918758a175b9037123eb3815fb8e340e6e8fdd73ae23f686adfdad6ddbe2e2c3a15d2a53e92c775c1c7e1109f613b510355423335efa79c346e2866fc7404b110bcdc6732051c5987ec4bb984adf06a34e2deaf0621fda9c63a9bf4001da3979445b8f12ac6f3b975876f6e8dcb4ce788ac6d18e5e4c869d7bd4689655969a6f9cbc475f695e23be4a9d1ab9beed307424669515d3e99dada0ed172e8283a1f3769c06cf48532edda2c5001fede8c9863ff7381c4481b22dc2ca60a3b4f22a9558fbf56fbb47df0832ce557cee50e2b6793a662ce17082bb34247f38ca394e4f17429b59d6645ad0a6bb9270a57fe8c8a9a7886180eb9178e3a80bcad35de34921f628d391128bff3987e3b105d397be5fb198de1c67d16435d5a96f37a41da97affa7eb711266c695b18b4e1a5ad4dba7f9726bca892b5d845919c8dbc4bfe8bc98a329b68345146f3f4c3f1780c78d29ab491ee2cc3b6ec26a44e13c9bd3b6e1421b0eef2519f6ba8555a7b2d683b2209373bd21257f55a131a6f71bf32207aedfbf9209bcd9036e976479d9312e18cddb0fab82c77c319b324313265ea0c761120bf03f8349cba685994b672438de3aee63b8e623f2fe9e4f84319335f64520eaf1abe25f267c093e068954ad97cf29395aaa8179d12c26863daca7e42fee2a05b718377364e3c9fcfdb8c0a0ae9f4ee8d3ba63aaaf12c1d647a5b9d96e20d3de6378a771ace2fa96d6fd3afdbec0bf89c40260d5d6a373fb3fbadb4a067a17b42d77e551721313e620d3be6e32e0dc5c81964ee1dd2f65a393b52db625fff1726d9b73f5a27977345ede468c226a61ad7c20a9dd582e4a71bec2a33aba5904725cced7e63d5f49fa70406f70aa3236bec5c932d5abb7f457f3318aa5aa251f4ae76ce9a8718bd3b23bad0ad113675bd2131e8c73702ff5f5072bba145229e6845e2ffd586feb0646ca8df23d01eee55c027e100a1fad7555c5ab15a09d7d29b9f1002811cb4b65852850f661ae711bf2795fe878ec924061d45c2fef1d348b6088b3f8a5281bc9414ffc99d8684454cf1b9af1d51105c0e12b803c62a4153b45a82c1d928841e7d1e6258e736f9e280bfab80a699f6fad5b3a9bff659307bca4e98f5a4fde0971d9782e0bcdf07fa47dd10ee8780ca647831efb1d0cad5a2367a6680a99b273db08243925168edfa789e3fe77157e861172ff323c29d554608a711d4335cc91b62e32c4a63ae91a0aad506936b94a6334f359b7e48d1a2531eeaa46eb99ac41797fa60d8c6f71422e81a6b1f604f605d4ed8b0761cab9cff00efbc9a1c197df5f42242eac71a17bd53fa330ec38b722455b380729d5e3e321006ae19329f0ca32cafd88819962ce10ad77222597776c8d1c8c445428695d50cb94830cc17c5b39a4ebad9d4df7db0f9b1c0b8b64d6c35e0c64764b3a9fd95650bf5b1e4ba0c78b6a2c92a47540df039efe9e50008116817c13796b74b8808929b7ed1720e5a8ada3e48f499734bc31074f7af93b7bf49fbf8610122bbc1a856b9618825d5bd6a3353bdfabbb9bfc3307121a02a9bc844a22adde12934752be1b029b6013f8691cf8603a2feaea94de249cd1e319d9409ce5d91e0eacb500ce282545caa8dc6e4965c71826276df671b374e928b8b911f50d24d3c3b25f72c48c2d2aa7987e6d3a23bbc19384351b6d6c2fa59709ffd2511e04d75956dab5fe21fe7b272988011cc59ba777d4081aa1e6c99dc74ee1e52235fc883e2bbe8218f81a50caa7134b2eb8b98715678fc52f73ea20f68cf1724040d095c1ef67ee6f5dbb0953eb4fdd1a288a56a34d29852568dedf553df9162d5105324341e26a9904af16b01b5be6abb9cd09eb09f5c4830279a05603b3361a8200047e56cbc02cb9cb481021573545dfac1ff88a7000e9a0f697fd93532cb7deb578424fd0d731eb332fac8aeba45620583c5172316f6eb8c30d050f8395b457846fafb2e2a739c7b3e721b1135b2a0513e4dbff2c598eaf370dbdc75f13f16850d424c371916e281b7f82eb2c941a194659ea4281f70ca87a9430162e8fd03955f7fb78d89595de7962eb63aba5f093d2bb124270d5535e9b2534718cccf4768d802491f949f94c2da52763806b64d84388e7bf7ded03bfba0065b0acf828a9c01b41cf377fc42b3d9bf29e6c40b4746f7d17635b3d1e029ea7421b0d9538422fb42c87305a85805a620956083be12ad986cba60003181026c4be2787d8f327fe21225467569027858661d25efceaf63f9d427631db5b38c546acf6e4a531aa45f74a9853d661a8fc14e39e6aee86d46169ed832ee476208983302da17d1069a9b3b11a02ba992695da3deaa83149a8e6ddf6e47f23be8932bd129db5b30aa02536108819a1c524c7b95b19adf2493d47fc9fc0bfb4a880322e293f6f76c6c7f758ed21a540020f33eab8288f4b78407385d2e60db6ca32b06c7cc4b4489bd9a1e157c7534f0d789455de00efd622cb9ea3a792887b0d7e25566de075756889ac073b3732326930ea5198d42dd72be47b63af76da94ebf3d0d4a5e260cd6ec94bc8d3e229496f0c7dc5c0ca1c2a6ac3f9978834a1d2415f2e11b0eb4b3a61dda317b28a3818fb2260f16bd162a691acaf0388a21996ca8a487c035344af3dbb8c018cba54913916421921fcd40ecdcc00f934742d793f30785152eca4883f9c16a4abdffdb7e9154739ae9c144d36ed6384cdb6ee95bd02c6ebddf110b2b349ad5534b2a49bed79c152ee79d2fb82b6b02db090990352bbccb55cbe3655d10eb58a4c6097f19fdbbfeeb914e3c5971f0458db1e9113f8d51c48ea4bce33930ca01348c59d477e7e19e21d901fde4dbfce8de07410e1ee4486422d2d14d14e73afb3772933e6a328fda8318a749f9ebed39659cd3e3edae3c51a77c763fe1081dc76ec880c70736556bc484188615141745e0b44c77ca7fa21b2474d9710a0e8442e29818eab1e7f0445753156a002b5568ac720674bd8b522c6a218c99b5061c7f0d2c021edb208263b1a7fa3f9139d28a364d7f76293c7bd84342f920c50ed702d7064cea30989a271a75b2885a31912d25abbd305d81fe9f55126650765251e95e9251d8ebd329938be3cedfba8f2e6ffcb668e0fc4a2c06e49d31f04a5d8ae0ac61466faac4ed0b043b79ccd3a3268930d6b450e22195ee01c5a82042f40d2b562ddc92a3a8eaf4a23827d07dc89eaa6f7b7e95bc0b13b3c7fd3432a7e72e5df15fa25d606b5fde16bcb2f6e0e86703f7436dddc66e54716e790f13b679607c0c7ff0d404e1ece8d430702ec4e8407af5cea3ec6a333c1d380fc8a244af322cc256e93d4f53c4fffb32723b9dc3f9bfbb0a1fc8c1943c56235faa6cf29bebc91c1f952d07cc316cbaadfffe57fdbc56777bd651dd192eccc1d7b3d12b26f560c959e21567f119d7e5e405a0cc04a74f8622247000227ab536ce2959a634620c55c92d4de28390155c6c3cd06b414389737f2bbd818f5beac9bf2dc1bb734f463ba2007b71606cbe26b1dd1ecc0a6c1d28ee39da62b1490239cf84fdc5940e704730b233e1369530d7c20a7b8f192d5906c5163863d016a8d4b4445305189ef1f69ac43c6c5920419a652ded5d13ea0a66faf0d7891c36b5a9fa220f06cb400bca00c287da816c4002bcb66985a6beed2df6902f6155a57a8c9013aa5f8fe974074ea21bd44cd15ef7390cad7d409810340364072198b8e7d2cd7f8622d8be30314f4989fb506ebf6ecba8a457e0d55065ef0282db441dd9e830ece00674c42a1ff842dd873385f251da5ec8e5436cd61515d0ac95090d3d4cbe560fae51468ae79f0cd557f067d2084b392a84fc9d0e7e5c3debd835b0fb36e906f2d688c150b6769e07de03f30c91c3ffbefb8efe8594ba182ab8ec38af011fd2a22ca40d442474d96973fcd96478eb58de2e57c2341c04600fb4dfd6ea423e1381cee0038bec589d020c8d63a28ba294ffe233889ba85e7ac087995f05decc55774be7f4966bad699a9c77283af023c6f6b32c5571e27f51a4a970706d06abddf85e92d1141b0a8934d74c4a48b3b4609173fd3959ef86e35f26e700995c2b6cb495ac9e8970d761c4738176cea384c4606f89dbb5739f2c0ff74fc1dd397edf5e1db85de2d055c40764c72cf109595eb0c847efbaf9c3e5ad11c450bd01197da27817702e2cfe5320005a090970bff9f3d2a81102950767cd6993468a31b3b72cc56fc5b92e148944b709a26aa835e85def93de39cb8cc77c200ccfb5e444942be5f0eec7df77d07f1cd2c31d9406bf9fa7d4f3936749e4d98cedb10f33a145ff13906418fd4952439344f433577f0e7ec31169760b18151e9268772c62b9644f73317ac33da8daec21f35786b6bbea2282b7051c84a588cb4ce679610a74208c8bc29d9ca195b232db3ea0472f10276c128becd8d932"})
symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000240)='./file0\x00')
chmod(&(0x7f0000000180)='./file0\x00', 0x259)
lchown(&(0x7f00000001c0)='./file0\x00', 0xee00, 0x0)
r2 = openat$comedi(0xffffff9c, &(0x7f0000000440)='/dev/comedi0\x00', 0x101101, 0x0)
ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000080)={'fl512\x00', [0x3, 0x7, 0x9, 0x2, 0x2f, 0x0, 0x3fd04806, 0xf, 0xffe, 0x1, 0x7, 0x1, 0x1006, 0x4, 0xffff, 0xffff, 0xffffffa8, 0x7fffffff, 0x1ff, 0x3, 0xffffffff, 0x10000, 0x8, 0xe2df, 0x2, 0x7ff, 0x5, 0x3, 0x7, 0x4, 0x8045]})
openat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x60840, 0x8)
r3 = memfd_create(&(0x7f0000001cc0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc0sr\x95\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\x00\x01\x00\x00\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0)
mkdirat(0xffffffffffffffff, &(0x7f0000001480)='./file0\x00', 0x180)
write$binfmt_script(r3, &(0x7f00000001c0)={'#! ', './file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x207)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
syz_clone3(&(0x7f000000dd80)={0xa00400, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58)
madvise(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x3)
sendmmsg(r4, &(0x7f0000000040), 0x400000000000193, 0x40010)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000001400)={'gre0\x00', &(0x7f0000000100)={'gretap0\x00', <r5=>0x0, 0x7, 0x8000, 0x4, 0xa8b, {{0x22, 0x4, 0x2, 0x1, 0x88, 0x67, 0x0, 0x8, 0x2f, 0x0, @dev={0xac, 0x14, 0x14, 0x11}, @local, {[@end, @rr={0x7, 0x7, 0x61, [@empty]}, @timestamp_addr={0x44, 0x1c, 0xae, 0x1, 0x7, [{@remote, 0x5}, {@remote, 0x7f000}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x2}]}, @rr={0x7, 0x7, 0x96, [@local]}, @generic={0xd7, 0x8, "7e56d393d85a"}, @timestamp_prespec={0x44, 0x34, 0xa8, 0x3, 0x9, [{@multicast1, 0x6}, {@remote, 0x5}, {@broadcast, 0x7}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x8}, {@empty, 0x4}, {@multicast2, 0x6}]}, @generic={0x44, 0xd, "8e6f754ae9184c07675401"}]}}}}})
syz_emit_ethernet(0x12, &(0x7f0000000000)=ANY=[@ANYBLOB="910418166421b54fa0aaaa050004424203"], 0x0)
setsockopt$MRT6_ADD_MIF(r0, 0x29, 0xca, &(0x7f0000001440)={0x0, 0x1, 0x6, r5, 0x1}, 0xc)

360.091026ms ago: executing program 1 (id=839):
socket$inet6_sctp(0xa, 0x1, 0x84) (async)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = dup(r0)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c) (async)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @empty, 0x3}], 0x1c)
ioctl$VHOST_VDPA_GET_VRING_NUM(r1, 0x8002af76, &(0x7f0000000040))
r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x24000, 0x0)
sendfile(r2, r2, 0x0, 0x40000f63c)

300.258593ms ago: executing program 1 (id=841):
r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x88)
r2 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000080)=@ethtool_sset_info={0x37, 0x8, 0xfffffffffffffffb}})
openat$cgroup_int(r1, &(0x7f00000002c0)='cgroup.max.descendants\x00', 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000340)=@security={'security\x00', 0xe, 0x4, 0x2a0, 0xffffffff, 0x168, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x208, 0x208, 0x208, 0xffffffff, 0x4, &(0x7f0000000040), {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @local, 0x7, 0xf, [0x37, 0x26, 0x4, 0x29, 0x1c, 0x10, 0x33, 0xe, 0x1c, 0x2f, 0x3d, 0x2b, 0x5, 0x20, 0xd, 0x3e], 0x2, 0x7, 0x8}}}, {{@ip={@empty, @remote, 0xffffffff, 0x0, 'erspan0\x00', 'syz_tun\x00', {}, {0xff}, 0x1, 0x2, 0x68}, 0x0, 0x70, 0x98}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0x3}}}, {{@uncond, 0x0, 0x70, 0xa0}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x1ff, 0x400, 0x5a0, 0x2}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x300)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x5, 0x3032, 0xffffffffffffffff, 0x0)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
shutdown(r3, 0x0)
recvmmsg(r3, &(0x7f00000004c0), 0xf02, 0xf0, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60)
r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r7 = socket(0x400000000010, 0x3, 0x0)
r8 = socket$unix(0x1, 0x5, 0x0)
recvfrom$inet6(r7, &(0x7f0000000700)=""/252, 0xfc, 0x2002, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r9=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
sendmsg$nl_route_sched(r7, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newtfilter={0x8c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r9, {0x8, 0x7}, {}, {0xa}}, [@filter_kind_options=@f_flower={{0xb}, {0x5c, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x40, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_VXLAN={0x3c, 0x2, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xe9}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x5}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x81}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0x4}, @TCA_FLOWER_KEY_ENC_OPT_VXLAN_GBP={0x8, 0x1, 0xe1}]}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x100c}]}]}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x22044028}, 0x0)
ioctl$I2C_SMBUS(r1, 0x720, &(0x7f00000000c0)={0x1, 0x80, 0x1, &(0x7f0000000080)={0x18, "de412fb335531e9a04de1b3538f08683e5f2c98253a19e1540ad00149fd380c71a"}})
r10 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
ioctl$UI_DEV_SETUP(r10, 0x405c5503, &(0x7f0000000280)={{0x0, 0x4, 0x0, 0x9}, 'syz1\x00', 0x9})
ioctl$UI_DEV_CREATE(r10, 0x5501)
readv(r10, &(0x7f0000000300)=[{&(0x7f0000000180)=""/142, 0x8e}], 0x1)
ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, &(0x7f00000010c0)={0x8, 0x8})

300.105591ms ago: executing program 3 (id=842):
socket$nl_route(0x10, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB], 0x48)
socket$netlink(0x10, 0x3, 0x4)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000010000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000ac03000000000000850000003300000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0}, &(0x7f0000000080), &(0x7f0000000280)=r1}, 0x20)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r3, 0x25, 0x2}, 0x14)
syz_emit_ethernet(0x10d, &(0x7f0000000340)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @void, {@ipv6={0x86dd, @gre_packet={0x1, 0x6, "bc4a06", 0xd7, 0x2f, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x93, 0x1, [], "55c483095200dcddb59d3ae45e091d26ee086dd1fcd16a331cc57e1e6a796912e798c371cf9e0734a1e76f60136696a0b546c1dd769b6c4151edb3128c312e4e948f47ba8be058e2368053c8167dc937ef93e1150682cd2ae6792885629812075444d75241b446de0e4c86df9ccdd17b60e8715aff2ea909719594102b48cf5f7125b5d4ac2ec500"/147}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88a8}, {}, {0x8, 0x88be, 0x3, {{0xc, 0x1, 0x8, 0x1, 0x1, 0x0, 0x4, 0x14}, 0x1, {0x7b40}}}, {0x8, 0x22eb, 0x2, {{0x3, 0x2, 0x2, 0x3, 0x0, 0x0, 0x1, 0x9}, 0x2, {0x3, 0xeb, 0x0, 0xd, 0x1, 0x1, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x4}}}}}}}, 0x0)

228.494763ms ago: executing program 3 (id=843):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000022c0)=@newtfilter={0x38, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r6, {0xb, 0x4}, {}, {0x7, 0xb}}, [@filter_kind_options=@f_matchall={{0xd}, {0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20041090}, 0x8000)

228.27163ms ago: executing program 4 (id=844):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x0, @rand_addr, 0xfffffffd}, 0x1c)
syz_emit_ethernet(0x24b, &(0x7f0000000380)={@broadcast, @local, @void, {@ipv6={0x86dd, @tipc_packet={0xc, 0x6, "1fb886", 0x215, 0x6, 0xff, @remote, @dev={0xfe, 0x80, '\x00', 0x33}, {[@fragment={0x33, 0x0, 0x4, 0x0, 0x0, 0x17, 0x65}, @fragment={0x3a, 0x0, 0x3, 0x1, 0x0, 0x1, 0x65}, @dstopts={0x3a, 0x0, '\x00', [@pad1, @ra={0x5, 0x2, 0xff}]}, @fragment={0x4, 0x0, 0x7, 0x1, 0x0, 0x4, 0x67}, @fragment={0x87, 0x0, 0x80, 0x1, 0x0, 0x6, 0x67}, @hopopts={0x3b, 0x35, '\x00', [@jumbo={0xc2, 0x4, 0x8}, @generic={0xff, 0xd3, "416b1864781ab044e732c1622eb5d5d0a398f1e4638c72c2f798b25ebec59e02dbf6b2007e7661d8e62e425952841ebe3942c7ee0fc802e1d96fe84033bc8b1ed984bf7cff14b3ab139b0356f6053d4bdfa52d5caeba23a77577bf70a1d13930af6189b1d686ac3ef6aca06b5c70cf914160b1ee298f7e846bf73953552a3750bb5a2a5cffd10e1cd21ab4c179d7edd0b94935e7c96927831132d5470924eea1a31e7074e9937bbe56355460d242a31560f68334bc56326c25c0846b753a3cc86cb76911b152ee3e7992423e40706c445f8a34"}, @enc_lim={0x4, 0x1, 0x5}, @generic={0x7, 0xa3, "6d841684be46f70e15d465964bbf4083ca1630ec9e8001051c50155d8751e12ab14f2a1347d4a192f8fef80622a36bc49b21fa6d54e5d69026152bb52f029dc5a1673ab46ab739701a298cd3671a4b356d0eea81ab0a577ef85150bcf4a3ae35cd9e40e43fe1c032516cbc45a83abe0ad9d5a312c9275a95a3a9a888e98e470b9ebf1a0c507a4776b790c1c4fee05ada57b9f29a3e69c15a2fdf3d637382df597843e8"}, @hao={0xc9, 0x10, @private2}, @hao={0xc9, 0x10, @mcast1}, @enc_lim={0x4, 0x1, 0x2}]}], @payload_mcast={{{{{{0x2d, 0x0, 0x0, 0x0, 0x1, 0xb, 0x1, 0x2, 0x6, 0x0, 0x0, 0x0, 0x2, 0x1, 0x7f, 0x9, 0x3, 0x4e21, 0x4e23}, 0x4}, 0x4}}}, [0x0]}}}}}}, &(0x7f0000000000)={0x0, 0xfffff000, [0x109, 0xe7, 0x9cb, 0xb07]})
listen(r0, 0x3)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000040)='syz_tun\x00', 0x10)
syz_emit_ethernet(0x36, &(0x7f0000000340)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x65, 0x0, 0xf, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0xffff}}}}}}, 0x0)
syz_emit_ethernet(0x3a, &(0x7f0000000780)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x1, 0x2c, 0xda18, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0x80, 0xfffc, 0x0, 0x1000, {[@fastopen={0x22, 0x2}]}}}}}}}, 0x0)

170.072684ms ago: executing program 4 (id=845):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x1, 0xffff000}, 0x28)
r0 = socket(0x1d, 0x5, 0x58bc)
recvmmsg(r0, &(0x7f00000000c0), 0x4000000000002fe, 0x61, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16, @ANYBLOB="20002dbd7000fbdbde250200000008003f000800000005003d004e"], 0x24}, 0x1, 0x0, 0x0, 0x8090}, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000240)=ANY=[@ANYBLOB="28000000d11bde8440916231522aef1a45b95890819552c401a2a43db090a1dd532eed0c3e6101a42a379a6a73b7725875a87a036b483906de8efd27177d00cc5fd4a9210b078140a107de6ba1986f553b6ef490ff47322b40603682841e8919f70320014432fc560f09c2a586533637240c8c934a4c924701aba47c28d582fc3d7661aec7fb0492c9ed591cd7dc3101d8c59b92", @ANYRES16, @ANYBLOB="010000000000000000000200000008000300", @ANYRES32=r2, @ANYBLOB], 0x28}}, 0x0)
r3 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x0, 0x3}, 0x10)
r4 = socket$tipc(0x1e, 0x2, 0x0)
r5 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$SIOCX25SCUDMATCHLEN(r5, 0x89e7, &(0x7f0000000140)={0x1f})
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x3, 0x2}, 0x10)
sendmsg$tipc(r4, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4028010}, 0x0)
r6 = dup3(r3, r4, 0x0)
r7 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$VIDIOC_ENUMOUTPUT(r7, 0xc0485630, &(0x7f0000000080)={0x1, "072b20d017bbf2bd1632992e8c5c357cb8507e8dfa0a347a2852e54a4b71ab3a", 0x1, 0x1, 0x100, 0xff06ff, 0x8})
sendmsg$tipc(r6, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40800}, 0x2400c0c1)
setsockopt$TIPC_GROUP_LEAVE(r6, 0x10f, 0x88)
bpf$BPF_PROG_DETACH(0x1c, &(0x7f00000006c0)=ANY=[@ANYRES64=r0], 0x20)
ppoll(&(0x7f0000000540)=[{r0}], 0x1, 0x0, 0x0, 0x0)
r8 = openat$ptp1(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x26e1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), r0)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYRESDEC, @ANYRES8=r8, @ANYRES32=r1], 0x44}, 0x1, 0x0, 0x0, 0x4040000}, 0x80)
socket$kcm(0x10, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r9 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TIOCL_GETMOUSEREPORTING(r9, 0x5412, &(0x7f00000006c0)=0x16)

169.770907ms ago: executing program 3 (id=846):
r0 = socket$nl_route(0x10, 0x3, 0x0)
socket$kcm(0x29, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="a80000001000ffff25bd7000fddbdf3d00000000", @ANYRES32=0x0, @ANYBLOB="350e0500230000008000128008000100767469007400028008000400e000000208000400ffffffff08000600810000000800030051b40000080002000e00000008000200cad9000008000100", @ANYRES32, @ANYBLOB="080003000300000008000200004000000800030011370000080006000f0000000800020001000000080002000a000000080005000a01010108001f"], 0xa8}, 0x1, 0x0, 0x0, 0x4000000}, 0x4008000)

78.889375ms ago: executing program 3 (id=847):
r0 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x4000000}, &(0x7f00000000c0)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x100, &(0x7f0000000100)=0x9df5, 0x0, 0x4)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_SPLICE={0x1e, 0x48, 0x0, @fd, 0x3, {}, 0xa6, 0x3})
syz_emit_ethernet(0x4e, &(0x7f00000004c0)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd308", 0x18, 0x6, 0x1, @local, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@generic={0x22, 0x2}]}}}}}}}}, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_UNLINKAT={0x24, 0x28, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x47f9, 0x0, 0x0, 0x0, 0x0)

78.769196ms ago: executing program 3 (id=848):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
ioctl$sock_inet6_tcp_SIOCOUTQNSD(r0, 0x894b, &(0x7f0000000000))
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='net/icmp6\x00')
pread64(r1, &(0x7f0000000180)=""/195, 0xc3, 0x100)
setsockopt$sock_int(r0, 0x1, 0x1f, &(0x7f00000001c0)=0x9, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x69, 0x10, 0x28}, [@ldst={0x6, 0x3, 0x6, 0x8}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x28, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x8, 0x10, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x400}, 0x10}, 0x94)

533.883µs ago: executing program 3 (id=849):
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x1a6c42)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000002, 0x28011, r1, 0x0)

0s ago: executing program 1 (id=850):
setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, &(0x7f0000000000), 0x10)
setsockopt$SO_J1939_ERRQUEUE(0xffffffffffffffff, 0x6b, 0x4, &(0x7f0000000040), 0x4)
sendmmsg(0xffffffffffffffff, &(0x7f00000003c0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)="356f4ec6e6ef", 0x6}, {&(0x7f00000000c0)="b0f9ccf57c73594dc65e366d7b4934b8aee2a6606e5cbd4bee72e25c9d91890e02ee9dda59e7a2f9b8b264f2d2ee7a1cfbe56181a8a8e7dae4ac3835c257c81b557a64c0163fbb90bf2f1f41a2255d0fb5b78e102c84c6f328e3643c3fb98c790837fd790dec985966335f315a144139aba56929d49eeaae03aae4825fc59611de415c398fa876f5a7b07357daf95eae5616b2d9efaa27b055692166c1ba742285e389de4a398db2cd84ede77df8a316b624899bf81b94503fc81cf7f56530e5072c082455775e23e1f8bb498d0c2056b09302b01b3bb86b55", 0xd9}, {&(0x7f00000001c0)="6326e3c47838a87c94680b", 0xb}, {&(0x7f0000000200)="dad108960a6cae67149ed58b6b68c7fa0423ea12e7bba9408a883f31d11f1dc0e9d2bb2e4d68857a78e7b0db9b902855b8613468121cbe100c62ddb159", 0x3d}, {&(0x7f0000000240)="f574b489d15eec2ea869905782b51ae0eee14902c1777c4d2d0bb28606fd04d469693aad27a621817138206daf7333ce81d827c52fcc439ea4bd17d7323818f71ec9aa8a18334998c06469c23aa0964a15538584aab658f1d4ebd813b453b0a594c22ef1a4e7fc1add71a5eaaaf6f4563540f6015f677872004f29f58ac68622", 0x80}, {&(0x7f00000002c0)}, {&(0x7f0000000300)="c795c21ac0d89f68ed0a652524eb1d87b0c0ef17318f766e0729ad732e843a0462d0ebfaff59b26d35e6fcd305fc", 0x2e}], 0x7}}], 0x1, 0x10)
r0 = accept4$ax25(0xffffffffffffffff, &(0x7f0000000400)={{0x3, @bcast}, [@rose, @null, @default, @default, @netrom, @bcast, @null, @bcast]}, &(0x7f0000000480)=0x48, 0x800)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000980)={'vcan0\x00', <r1=>0x0})
sendmsg$inet(r0, &(0x7f0000000ac0)={&(0x7f00000004c0)={0x2, 0x4e22, @broadcast}, 0x10, &(0x7f0000000900)=[{&(0x7f0000000500)="3c8cfc7b0ba376400b0afcf5037239e86dda6fede7c1e7c93ee5c5d2f35285ebe45d9cfa10c48803cb27d7ebe34c7d2f6c513dfd9939237fac70c697b9bc754bcabb59800487d8a0ee76edab7abb75d1693cfc225b7ddeafeafe1319d42321aafb54bb5b33981a22e6731a4c0cbcf253fb3de74100a0a69cba737c", 0x7b}, {&(0x7f0000000580)="98ffe9da5619f60cf96261dbf4b1607b69251497d7655411141e06822cd4f0e8b2aaeb5f51b62c99a465c40ecf075932059b4d3cc03a6524c82c1aeac4b61b3d7a18ebac0d38c5961945bf0a7aa2764f5a1da93dd7cd63ab3a70697de4b603b7a9af692f232136e965e18a09443823d06e10a447e4061fe5e9a5d3e15042295b9f6832c10e56f64f467d7d6c634f98df8291378519089b62530942bb2538ad6fc7cdb4793e95d0ab3a2072ba792dde879ec2c5b66533047d73ef1769fc63574b137833903b50e555e2630a35b0f869d8da35359d7687ce6c0c5318d527c9470ae3cb8aca716534783ceebb4ddc", 0xed}, {&(0x7f0000000680)="62a19f6f08452d918449ca4f0471ce", 0xf}, {&(0x7f00000006c0)="42dc86e902781cf3c9c525039abdf26d69531504409c2e7bd399fc6260d4ae38a7edbf9c952155b3c3c39a04072801aac8b509dbce60e23c2529779241fac850b1a0c244e51c7cb90105c2d76b6eee20adaddafedcac92332331af654d6c44b052e933d92ccb23ac71b9a7da40ca3dcbc166cf43bc65b1faa4a5c91dd78bbe7976c96ccf24a796aa95eb12dfb89762c815a6f09390fab21768786cbc020515688e0a8a15ecf618f8ff4e972b8df3b6912f1b3c0575cfad641a705097ce6a3efe29d432346685c7b9473efd07c3f761de9224", 0xd2}, {&(0x7f00000007c0)="36ca2b70e26f6c99015416c13119822b44ad185d15ca2a3c81f351a5f9b858271b427bd4801fd017f8fb47fe3c691909b5944f70a23be7be4cf143247fd9202326f8c963905ddec01009bc29c2d31a8b183c1cf2c145761dd6a51874a40f1a1a73d040b1d7dd6e2728d2fcfe84113c73e982c9b04075844f344ec38d98e1c3e58bb8362c7d9a83c4036dd7fb03c7d0", 0x8f}, {&(0x7f0000000880)="f30f18e210e0b69258482a4e88ea", 0xe}, {&(0x7f00000008c0)="2f9d8d97c3f275292a121dfcdd61ca760974ad234fdd270bb63704d1f3ecd3b09459a22d1d33b04d75", 0x29}], 0x7, &(0x7f00000009c0)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x9}}, @ip_retopts={{0x68, 0x0, 0x7, {[@generic={0x7, 0x10, "a220c1533c73efdbb0376d5ea974"}, @cipso={0x86, 0x45, 0x3, [{0x5, 0x10, "98812662625f94a0a07a4df4d5b3"}, {0x1, 0x4, "928b"}, {0x5, 0x9, "f0d3834e789904"}, {0x0, 0x11, "613cb4364eaefe57b6bac1fe646f6e"}, {0x0, 0x11, "9332d2c425d360cfbe75068a02fe14"}]}, @noop]}}}, @ip_retopts={{0x30, 0x0, 0x7, {[@rr={0x7, 0x13, 0x36, [@private=0xa010101, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast2, @dev={0xac, 0x14, 0x14, 0x17}]}, @cipso={0x86, 0xd, 0x3, [{0x6, 0x7, "2506909f14"}]}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r1, @loopback, @multicast1}}}], 0xd0}, 0xc004)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000b00)={'veth0\x00'})
r2 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000b40)='./file0\x00', &(0x7f0000000b80)={0x20001, 0x63, 0x12}, 0x18)
r3 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000c00)='./file0\x00', &(0x7f0000000c40)={0x80000, 0x14}, 0x18)
renameat2(r2, &(0x7f0000000bc0)='./file0\x00', r3, &(0x7f0000000c80)='./file0\x00', 0x0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000d00), 0xffffffffffffffff)
sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f0000000f40)={&(0x7f0000000cc0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000f00)={&(0x7f0000000d40)={0x1a4, r4, 0x10, 0x70bd25, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x800}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}]}, @TIPC_NLA_MON={0x2c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7fff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xd03}]}, @TIPC_NLA_BEARER={0x150, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x7c, @dev={0xfe, 0x80, '\x00', 0x26}, 0xe}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x5, @remote, 0x2}}}}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'veth1\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @local}}, {0x14, 0x2, @in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x19}}}}}, @TIPC_NLA_BEARER_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x27}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3ff}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0xdd50, @mcast2, 0x7}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x4, @private2, 0xc7a}}}}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e23, 0x464, @remote, 0x7}}, {0x20, 0x2, @in6={0xa, 0x4e22, 0x3, @mcast1, 0xbc}}}}]}]}, 0x1a4}, 0x1, 0x0, 0x0, 0x20000040}, 0x200000c1)
r5 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000002, 0x4010, r5, 0xa14c6000)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000fc0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000001000)={'wpan0\x00', <r8=>0x0})
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000001040)={'wpan1\x00', <r9=>0x0})
sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r6, &(0x7f0000001280)={&(0x7f0000000f80)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000001240)={&(0x7f0000001080)={0x1a0, r7, 0x20, 0x70bd29, 0x25dfdbfc, {}, [@NL802154_ATTR_SEC_DEVKEY={0x88, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_ID={0x18, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x6}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}]}, @NL802154_DEVKEY_ATTR_ID={0x60, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_IMPLICIT={0xc, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xfffe}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x7ac}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x1}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x5}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0xab0a}, @NL802154_KEY_ID_ATTR_INDEX={0x5}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x8}]}, @NL802154_DEVKEY_ATTR_ID={0xc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}]}]}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}, @NL802154_ATTR_SEC_DEVKEY={0xf4, 0x2f, 0x0, 0x1, [@NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0xfffffffd}, @NL802154_DEVKEY_ATTR_EXTENDED_ADDR={0xc, 0x2, {0xaaaaaaaaaaaa0002}}, @NL802154_DEVKEY_ATTR_ID={0xcc, 0x3, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x30, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x1}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x1}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x2}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x9}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x34, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x3}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0102}}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0302}}, @NL802154_DEV_ADDR_ATTR_MODE={0x8, 0x2, 0x2}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0x3}]}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x2}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x3}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x5}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x20, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0x1}, @NL802154_DEV_ADDR_ATTR_SHORT={0x6, 0x3, 0xffff}, @NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}]}]}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x101}, @NL802154_DEVKEY_ATTR_FRAME_COUNTER={0x8, 0x1, 0x81}]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r6, 0x8933, &(0x7f0000001300)={'wpan4\x00', <r10=>0x0})
sendmsg$NL802154_CMD_SET_MAX_CSMA_BACKOFFS(r6, &(0x7f0000001400)={&(0x7f00000012c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000013c0)={&(0x7f0000001340)={0x44, r7, 0x300, 0x70bd27, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r10}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000007}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r9}, @NL802154_ATTR_MAX_CSMA_BACKOFFS={0x5, 0x12, 0x2}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x4006001)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001480), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_MULTICAST_TO_UNICAST(r11, &(0x7f0000001540)={&(0x7f0000001440)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000001500)={&(0x7f00000014c0)={0x28, r12, 0x100, 0x70bd2d, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}, @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x10}, 0x24000054)
r13 = open(&(0x7f0000001580)='./file0\x00', 0x109002, 0x40)
socket$inet6(0xa, 0x5, 0x9)
close(r5)
socket$tipc(0x1e, 0x2, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(r13, 0x0, &(0x7f00000015c0)=<r14=>0x0)
connect$nfc_raw(r5, &(0x7f0000001600)={0x27, r14, 0x0, 0x1}, 0x10)

kernel console output (not intermixed with test programs):

1: attempt power cycle
[   71.246166][ T6314] macsec0: entered allmulticast mode
[   71.249384][ T6314] veth1_macvtap: entered allmulticast mode
[   71.298795][ T6318] __nla_validate_parse: 2 callbacks suppressed
[   71.298805][ T6318] netlink: 8 bytes leftover after parsing attributes in process `syz.1.86'.
[   71.304956][ T6318] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   71.376291][ T6325] overlay: Unknown parameter '/'
[   71.379169][ T5941] Bluetooth: hci0: command tx timeout
[   71.379246][ T5940] Bluetooth: hci1: command tx timeout
[   71.384970][ T5942] Bluetooth: hci2: command tx timeout
[   71.390947][ T6320] FAT-fs (loop3): unable to read boot sector
[   71.463937][ T5940] Bluetooth: hci3: command tx timeout
[   71.546220][ T6331] warning: `syz.3.92' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   71.594781][  T841] usb 5-1: new low-speed USB device number 5 using dummy_hcd
[   71.615625][  T841] usb 5-1: device descriptor read/8, error -71
[   71.864079][  T841] usb 5-1: new low-speed USB device number 6 using dummy_hcd
[   71.885903][  T841] usb 5-1: device descriptor read/8, error -71
[   71.957551][ T6347] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[   71.961894][ T6347] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off.
[   71.969802][ T6347] overlayfs: fs on '.' does not support file handles, falling back to xino=off.
[   71.994983][  T841] usb usb5-port1: unable to enumerate USB device
[   72.091351][ T6359] pim6reg: entered allmulticast mode
[   72.097869][ T6359] pim6reg: left allmulticast mode
[   72.311838][ T6369] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode
[   72.319826][ T6369] macsec1: entered promiscuous mode
[   72.322368][ T6369] macsec1: entered allmulticast mode
[   72.326799][ T6369] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode
[   72.414223][ T6374] IPv6: sit1: Disabled Multicast RS
[   72.472053][ T6385] 9p: Bad value for 'rfdno'
[   72.648305][ T6397] netlink: 32 bytes leftover after parsing attributes in process `syz.1.110'.
[   72.652489][ T6397] netlink: 4 bytes leftover after parsing attributes in process `syz.1.110'.
[   72.757291][ T6405] netlink: 'syz.3.113': attribute type 2 has an invalid length.
[   72.818948][ T6416] GUP no longer grows the stack in syz.2.116 (6416): 200000011000-200000018000 (20000000e000)
[   72.822375][ T6416] CPU: 0 UID: 0 PID: 6416 Comm: syz.2.116 Not tainted syzkaller #0 PREEMPT(full) 
[   72.822388][ T6416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   72.822394][ T6416] Call Trace:
[   72.822398][ T6416]  <TASK>
[   72.822403][ T6416]  dump_stack_lvl+0x16c/0x1f0
[   72.822417][ T6416]  gup_vma_lookup+0x1d2/0x220
[   72.822431][ T6416]  __get_user_pages+0x241/0x3590
[   72.822448][ T6416]  ? find_held_lock+0x2b/0x80
[   72.822466][ T6416]  ? __pfx___get_user_pages+0x10/0x10
[   72.822482][ T6416]  get_user_pages_remote+0x243/0xab0
[   72.822496][ T6416]  ? mas_new_root+0x600/0x6e0
[   72.822509][ T6416]  ? __pfx_get_user_pages_remote+0x10/0x10
[   72.822523][ T6416]  ? __sanitizer_cov_trace_switch+0x54/0x90
[   72.822537][ T6416]  __access_remote_vm+0x24d/0x850
[   72.822551][ T6416]  ? do_raw_spin_lock+0x12c/0x2b0
[   72.822564][ T6416]  ? __pfx___access_remote_vm+0x10/0x10
[   72.822579][ T6416]  proc_pid_cmdline_read+0x4de/0x8e0
[   72.822592][ T6416]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[   72.822603][ T6416]  ? rw_verify_area+0xcf/0x6c0
[   72.822615][ T6416]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[   72.822625][ T6416]  vfs_readv+0x5c1/0x8b0
[   72.822639][ T6416]  ? __pfx_vfs_readv+0x10/0x10
[   72.822659][ T6416]  ? __fget_files+0x20e/0x3c0
[   72.822676][ T6416]  ? do_preadv+0x1a6/0x270
[   72.822686][ T6416]  do_preadv+0x1a6/0x270
[   72.822697][ T6416]  ? __pfx_do_preadv+0x10/0x10
[   72.822717][ T6416]  do_syscall_64+0xcd/0xf80
[   72.822728][ T6416]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   72.822738][ T6416] RIP: 0033:0x7feb5718f7c9
[   72.822747][ T6416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   72.822757][ T6416] RSP: 002b:00007feb5802a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[   72.822767][ T6416] RAX: ffffffffffffffda RBX: 00007feb573e5fa0 RCX: 00007feb5718f7c9
[   72.822774][ T6416] RDX: 0000000000000001 RSI: 0000200000001200 RDI: 0000000000000006
[   72.822780][ T6416] RBP: 00007feb57213f91 R08: 0000000000006a76 R09: 0000000000000000
[   72.822786][ T6416] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000000000
[   72.822792][ T6416] R13: 00007feb573e6038 R14: 00007feb573e5fa0 R15: 00007ffc682c59b8
[   72.822805][ T6416]  </TASK>
[   72.976123][   T40] kauditd_printk_skb: 82 callbacks suppressed
[   72.976133][   T40] audit: type=1400 audit(1765655030.794:335): avc:  denied  { firmware_load } for  pid=6418 comm="syz.3.117" path="/lib/firmware/regulatory.db" dev="sda1" ino=448 scontext=system_u:system_r:kernel_t tcontext=system_u:object_r:lib_t tclass=system permissive=1
[   73.002841][ T6419] syz.3.117 (6419) used greatest stack depth: 19232 bytes left
[   73.022224][   T40] audit: type=1400 audit(1765655030.834:336): avc:  denied  { watch } for  pid=6421 comm="syz.3.118" path="/26" dev="tmpfs" ino=148 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   73.031415][   T40] audit: type=1400 audit(1765655030.844:337): avc:  denied  { mounton } for  pid=6421 comm="syz.3.118" path="/26/bus" dev="tmpfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[   73.196963][   T40] audit: type=1400 audit(1765655031.014:338): avc:  denied  { write } for  pid=6429 comm="syz.3.121" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[   73.301902][   T40] audit: type=1400 audit(1765655031.114:339): avc:  denied  { accept } for  pid=6434 comm="syz.3.123" laddr=fe80::13 lport=51134 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[   73.304984][ T6436] binder: BINDER_SET_CONTEXT_MGR already set
[   73.312749][ T6436] binder: 6434:6436 ioctl 4018620d 200000000040 returned -16
[   73.313854][   T40] audit: type=1400 audit(1765655031.114:340): avc:  denied  { write } for  pid=6434 comm="syz.3.123" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   73.323417][   T40] audit: type=1400 audit(1765655031.114:341): avc:  denied  { write } for  pid=6434 comm="syz.3.123" name="binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   73.331145][   T40] audit: type=1400 audit(1765655031.124:342): avc:  denied  { map } for  pid=6434 comm="syz.3.123" path="/dev/binderfs/binder0" dev="binder" ino=7 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[   73.432116][ T6441] netlink: 432 bytes leftover after parsing attributes in process `syz.1.125'.
[   73.554495][   T40] audit: type=1400 audit(1765655031.364:343): avc:  denied  { read } for  pid=6449 comm="syz.1.128" name="fb1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[   73.561651][   T40] audit: type=1400 audit(1765655031.364:344): avc:  denied  { open } for  pid=6449 comm="syz.1.128" path="/dev/fb1" dev="devtmpfs" ino=640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[   73.684149][ T6461] openvswitch: netlink: Key 25 has unexpected len 784 expected 16
[   73.834840][ T6475] ALSA: mixer_oss: invalid OSS volume 'PHl�6��q
ӆ���ONEOUT'
[   73.837921][ T6475] ALSA: mixer_oss: invalid index 1374389
[   73.839812][ T6478] netlink: 64 bytes leftover after parsing attributes in process `syz.0.139'.
[   73.851822][ T6478] netlink: 8 bytes leftover after parsing attributes in process `syz.0.139'.
[   73.857253][ T6478] netlink: 8 bytes leftover after parsing attributes in process `syz.0.139'.
[   74.025407][ T6489] ipt_rpfilter: unknown options
[   74.060205][ T6492] 9pnet_fd: p9_fd_create_unix (6492): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[   74.098867][ T6495] misc userio: The device must be registered before sending interrupts
[   74.200560][ T6501] pimreg: entered allmulticast mode
[   74.238567][  T841] hid-generic 0004:0004:0008.0002: unknown main item tag 0x0
[   74.245735][  T841] hid-generic 0004:0004:0008.0002: unknown main item tag 0x0
[   74.248936][  T841] hid-generic 0004:0004:0008.0002: unknown main item tag 0x0
[   74.251801][  T841] hid-generic 0004:0004:0008.0002: unknown main item tag 0x0
[   74.255483][  T841] hid-generic 0004:0004:0008.0002: unknown main item tag 0x0
[   74.258612][  T841] hid-generic 0004:0004:0008.0002: unknown main item tag 0x0
[   74.262430][  T841] hid-generic 0004:0004:0008.0002: unknown main item tag 0x0
[   74.265684][  T841] hid-generic 0004:0004:0008.0002: unknown main item tag 0x0
[   74.268849][  T841] hid-generic 0004:0004:0008.0002: unknown main item tag 0x0
[   74.271973][  T841] hid-generic 0004:0004:0008.0002: unknown main item tag 0x0
[   74.280263][  T841] hid-generic 0004:0004:0008.0002: hidraw1: <UNKNOWN> HID v0.07 Device [syz1] on syz0
[   74.281492][ T6507] netlink: 8 bytes leftover after parsing attributes in process `syz.3.147'.
[   74.286174][ T6496] pimreg: left allmulticast mode
[   74.288118][ T6507] netlink: 'syz.3.147': attribute type 21 has an invalid length.
[   74.398118][ T6515] netlink: 40 bytes leftover after parsing attributes in process `syz.2.151'.
[   74.736872][ T6538] openvswitch: netlink: Unexpected mask (mask=840, allowed=10048)
[   74.813939][   T60] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[   74.880105][ T6547] /dev/sg0: Can't lookup blockdev
[   74.965399][   T60] usb 7-1: config index 0 descriptor too short (expected 23569, got 27)
[   74.968862][   T60] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   74.975010][   T60] usb 7-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0
[   74.980053][   T60] usb 7-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0
[   74.983331][   T60] usb 7-1: Manufacturer: syz
[   74.989781][   T60] usb 7-1: config 0 descriptor??
[   75.002443][ T6556] overlayfs: failed to set uuid (41/file0, err=-1); falling back to uuid=null.
[   75.006460][ T6556] overlayfs: failed to verify upper root origin
[   75.053948][   T60] rc_core: IR keymap rc-hauppauge not found
[   75.056485][   T60] Registered IR keymap rc-empty
[   75.062003][   T60] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0
[   75.071887][   T60] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.0/rc/rc0/input8
[   75.534081][ T6578] netlink: 76 bytes leftover after parsing attributes in process `syz.1.173'.
[   75.813909][  T841] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[   75.863003][ T6583] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[   75.974450][  T841] usb 5-1: Using ep0 maxpacket: 8
[   75.977840][  T841] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[   75.980507][  T841] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   75.983456][  T841] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   75.987495][  T841] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   75.990800][  T841] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   75.995892][  T841] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   75.998913][  T841] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.119533][   T34] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[   76.206827][  T841] usb 5-1: usb_control_msg returned -32
[   76.209002][  T841] usbtmc 5-1:16.0: can't read capabilities
[   76.260278][ T1418] ieee802154 phy0 wpan0: encryption failed: -22
[   76.262755][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
[   76.266065][   T34] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   76.270095][   T34] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   76.275899][   T34] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   76.279612][   T34] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.488351][   T34] usb 6-1: GET_CAPABILITIES returned 0
[   76.490754][   T34] usbtmc 6-1:16.0: can't read capabilities
[   76.695468][ T6018] usb 6-1: USB disconnect, device number 3
[   76.913119][ T6580] usbtmc 5-1:16.0: INITIATE_ABORT_BULK_OUT returned 0
[   77.080748][   T60] libceph: connect (1)[c::]:6789 error -101
[   77.083883][   T60] libceph: mon0 (1)[c::]:6789 connect error
[   77.090782][   T60] libceph: connect (1)[c::]:6789 error -101
[   77.094173][   T60] libceph: mon0 (1)[c::]:6789 connect error
[   77.165873][ T6620] ceph: No mds server is up or the cluster is laggy
[   77.474019][  T841] usb 7-1: USB disconnect, device number 3
[   77.618008][ T6643] __nla_validate_parse: 1 callbacks suppressed
[   77.618020][ T6643] netlink: 28 bytes leftover after parsing attributes in process `syz.3.196'.
[   77.623343][ T6643] netlink: 'syz.3.196': attribute type 7 has an invalid length.
[   77.625945][ T6643] netlink: 'syz.3.196': attribute type 8 has an invalid length.
[   77.628346][ T6643] netlink: 4 bytes leftover after parsing attributes in process `syz.3.196'.
[   77.853639][ T6653] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[   77.866753][ T6652] bridge2: trying to set multicast query interval below minimum, setting to 100 (1000ms)
[   78.237125][   T40] kauditd_printk_skb: 47 callbacks suppressed
[   78.237142][   T40] audit: type=1400 audit(1765655036.054:392): avc:  denied  { mounton } for  pid=6665 comm="syz.1.202" path="/52/bus" dev="tmpfs" ino=299 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=sock_file permissive=1
[   78.253894][  T841] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[   78.330081][ T6674] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[   78.346231][   T40] audit: type=1400 audit(1765655036.164:393): avc:  denied  { write } for  pid=6673 comm="syz.1.204" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   78.413858][  T841] usb 7-1: Using ep0 maxpacket: 32
[   78.418416][  T841] usb 7-1: config 0 has an invalid interface number: 209 but max is 0
[   78.422110][  T841] usb 7-1: config 0 has no interface number 0
[   78.428998][  T841] usb 7-1: config 0 interface 209 has no altsetting 0
[   78.434215][  T841] usb 7-1: New USB device found, idVendor=1f71, idProduct=3306, bcdDevice=1b.23
[   78.438307][  T841] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   78.441769][  T841] usb 7-1: Product: syz
[   78.443584][  T841] usb 7-1: Manufacturer: syz
[   78.445986][  T841] usb 7-1: SerialNumber: syz
[   78.454264][  T841] usb 7-1: config 0 descriptor??
[   78.578295][   T60] usb 5-1: USB disconnect, device number 7
[   78.617736][ T6681] netlink: 'syz.0.206': attribute type 1 has an invalid length.
[   78.634369][ T6681] 8021q: adding VLAN 0 to HW filter on device bond2
[   78.639273][ T6681] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6681 comm=syz.0.206
[   78.643939][ T6681] netlink: 4 bytes leftover after parsing attributes in process `syz.0.206'.
[   78.652710][ T6681] bond2: (slave ip6gretap1): making interface the new active one
[   78.656073][ T6681] bond2: (slave ip6gretap1): Enslaving as an active interface with an up link
[   78.687359][  T841] usb 7-1: USB disconnect, device number 4
[   78.702697][   T40] audit: type=1400 audit(1765655036.514:394): avc:  denied  { read } for  pid=6683 comm="syz.0.207" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[   78.702979][ T6684] random: crng reseeded on system resumption
[   78.711800][   T40] audit: type=1400 audit(1765655036.514:395): avc:  denied  { ioctl } for  pid=6683 comm="syz.0.207" path="/dev/snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[   78.759297][ T6691] binder: BINDER_SET_CONTEXT_MGR already set
[   78.761585][ T6691] binder: 6690:6691 ioctl 4018620d 2000000002c0 returned -16
[   78.785181][   T40] audit: type=1400 audit(1765655036.604:396): avc:  denied  { write } for  pid=6694 comm="syz.0.211" name="btrfs-control" dev="devtmpfs" ino=1342 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[   78.792918][   T40] audit: type=1400 audit(1765655036.604:397): avc:  denied  { open } for  pid=6694 comm="syz.0.211" path="/dev/btrfs-control" dev="devtmpfs" ino=1342 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[   78.813832][   T40] audit: type=1400 audit(1765655036.604:398): avc:  denied  { ioctl } for  pid=6694 comm="syz.0.211" path="/dev/btrfs-control" dev="devtmpfs" ino=1342 ioctlcmd=0xf505 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:lvm_control_t tclass=chr_file permissive=1
[   78.833097][   T40] audit: type=1400 audit(1765655036.644:399): avc:  denied  { map_create } for  pid=6697 comm="syz.0.212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   78.841007][   T40] audit: type=1400 audit(1765655036.644:400): avc:  denied  { map_read map_write } for  pid=6697 comm="syz.0.212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   78.849259][   T40] audit: type=1400 audit(1765655036.654:401): avc:  denied  { prog_load } for  pid=6697 comm="syz.0.212" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[   78.905458][ T6704] syz.3.210 uses obsolete (PF_INET,SOCK_PACKET)
[   79.566126][ T6720] kvm: requested 130742 ns i8254 timer period limited to 200000 ns
[   79.574433][ T6720] kvm: requested 101409 ns i8254 timer period limited to 200000 ns
[   79.586487][ T6720] kvm: requested 24304 ns i8254 timer period limited to 200000 ns
[   79.602617][ T6720] kvm: requested 24304 ns i8254 timer period limited to 200000 ns
[   79.614154][ T6720] kvm: requested 54476 ns i8254 timer period limited to 200000 ns
[   79.736697][ T6736] netlink: 64 bytes leftover after parsing attributes in process `syz.1.222'.
[   79.743932][ T6736] netlink: 64 bytes leftover after parsing attributes in process `syz.1.222'.
[   79.807802][ T6744] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[   79.879802][ T6748] overlayfs: missing 'lowerdir'
[   79.964071][ T6754] openvswitch: netlink: Unexpected mask (mask=240, allowed=10048)
[   80.003877][  T841] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[   80.073875][   T60] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[   80.165224][  T841] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[   80.170646][  T841] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[   80.174295][  T841] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[   80.177904][  T841] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[   80.181847][  T841] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[   80.186891][  T841] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[   80.190582][  T841] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[   80.195587][  T841] usb 8-1: Product: syz
[   80.197901][  T841] usb 8-1: Manufacturer: syz
[   80.203417][  T841] cdc_wdm 8-1:1.0: skipping garbage
[   80.205492][  T841] cdc_wdm 8-1:1.0: skipping garbage
[   80.209719][  T841] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device
[   80.213815][  T841] cdc_wdm 8-1:1.0: Unknown control protocol
[   80.245393][   T60] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   80.249498][   T60] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   80.255553][   T60] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   80.259437][   T60] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   80.467230][   T60] usb 6-1: GET_CAPABILITIES returned 0
[   80.469676][   T60] usbtmc 6-1:16.0: can't read capabilities
[   80.490050][ T6783] netlink: 'syz.0.236': attribute type 1 has an invalid length.
[   80.509727][ T6783] 8021q: adding VLAN 0 to HW filter on device bond3
[   80.546105][ T6783] bond3: (slave veth3): Enslaving as an active interface with a down link
[   80.561850][ T6783] 8021q: adding VLAN 0 to HW filter on device batadv1
[   80.564222][ T6783] bond3: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open
[   80.675239][   T60] usb 6-1: USB disconnect, device number 4
[   80.976981][   T60] usb 8-1: USB disconnect, device number 6
[   80.993824][  T841] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[   81.140688][ T6806] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.145368][  T841] usb 7-1: Using ep0 maxpacket: 8
[   81.149232][  T841] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   81.153382][  T841] usb 7-1: config 0 interface 0 altsetting 254 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   81.159391][  T841] usb 7-1: config 0 interface 0 has no altsetting 0
[   81.162126][  T841] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[   81.165982][  T841] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   81.172696][  T841] usb 7-1: config 0 descriptor??
[   81.179924][  T841] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[   81.214742][ T6806] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.278202][ T6806] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.358589][ T6806] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   81.437040][ T6823] netlink: 72 bytes leftover after parsing attributes in process `syz.1.250'.
[   81.453737][ T4002] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.470580][  T100] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.478487][  T100] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.487559][  T100] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.581850][ T6842] netlink: 4 bytes leftover after parsing attributes in process `syz.3.258'.
[   81.611996][ T6842] team0: Port device team_slave_1 removed
[   81.631935][ T6844] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[   81.692859][ T5940] Bluetooth: hci1: ACL packet for unknown connection handle 2760
[   81.750460][ T6860] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[   81.985529][ T6867] faux_driver vkms: [drm] Unknown color mode 6; guessing buffer size.
[   82.038094][ T6869] syz.1.267: attempt to access beyond end of device
[   82.038094][ T6869] sr0: rw=6144, sector=128, nr_sectors = 8 limit=128
[   82.042967][ T6869] gfs2: error -5 reading superblock
[   82.131517][ T6874] netlink: 8 bytes leftover after parsing attributes in process `syz.1.269'.
[   82.367501][ T6897] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6897 comm=syz.0.275
[   82.374589][ T6897] mmap: syz.0.275 (6897): VmData 29077504 exceed data ulimit 0. Update limits or use boot option ignore_rlimit_data.
[   82.863859][ T5998] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[   83.013851][ T5998] usb 5-1: Using ep0 maxpacket: 8
[   83.017399][ T5998] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[   83.020167][ T5998] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   83.023625][ T5998] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   83.027871][ T5998] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   83.032071][ T5998] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   83.037617][ T5998] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   83.041530][ T5998] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   83.216254][ T6906] netlink: 'syz.1.278': attribute type 4 has an invalid length.
[   83.219608][ T6906] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   83.252199][ T5998] usb 5-1: usb_control_msg returned -32
[   83.254389][ T5998] usbtmc 5-1:16.0: can't read capabilities
[   83.747013][   T40] kauditd_printk_skb: 23 callbacks suppressed
[   83.747053][   T40] audit: type=1400 audit(1765655041.564:425): avc:  denied  { read } for  pid=6911 comm="syz.1.279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[   83.773432][ T6018] usb 7-1: USB disconnect, device number 5
[   83.792684][   T40] audit: type=1400 audit(1765655041.604:426): avc:  denied  { nlmsg_write } for  pid=6913 comm="syz.2.280" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1
[   83.800320][   T40] audit: type=1400 audit(1765655041.614:427): avc:  denied  { write } for  pid=6911 comm="syz.1.279" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[   83.898063][   T40] audit: type=1400 audit(1765655041.714:428): avc:  denied  { create } for  pid=6920 comm="syz.1.283" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   83.907476][   T40] audit: type=1400 audit(1765655041.724:429): avc:  denied  { setopt } for  pid=6920 comm="syz.1.283" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   83.915309][   T40] audit: type=1400 audit(1765655041.724:430): avc:  denied  { connect } for  pid=6920 comm="syz.1.283" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[   83.954641][ T6921] overlayfs: empty lowerdir
[   83.994975][ T6925] binder: Unknown parameter '00000000000000000000003'
[   84.056241][   T40] audit: type=1400 audit(1765655041.874:431): avc:  denied  { write } for  pid=6924 comm="syz.1.284" name="file0" dev="fuse" ino=64 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[   84.063520][ T6929] hfsplus: unable to find HFS+ superblock
[   84.064167][ T6925] overlayfs: upper fs does not support RENAME_WHITEOUT.
[   84.064203][ T6925] overlayfs: failed to set xattr on upper
[   84.064209][ T6925] overlayfs: ...falling back to redirect_dir=nofollow.
[   84.064216][ T6925] overlayfs: ...falling back to index=off.
[   84.064222][ T6925] overlayfs: ...falling back to uuid=null.
[   84.080480][   T40] audit: type=1400 audit(1765655041.894:432): avc:  denied  { unmount } for  pid=5932 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ramfs_t tclass=filesystem permissive=1
[   84.121437][ T6933] JFS: discard option not supported on device
[   84.128589][ T6933] Mount JFS Failure: -5
[   84.224975][ T6937] bridge3: entered promiscuous mode
[   84.403910][ T6018] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[   84.553901][ T6018] usb 6-1: Using ep0 maxpacket: 8
[   84.558155][ T6018] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   84.562726][ T6018] usb 6-1: config 0 interface 0 altsetting 254 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   84.568425][ T6018] usb 6-1: config 0 interface 0 has no altsetting 0
[   84.571505][ T6018] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[   84.576128][ T6018] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.582286][ T6018] usb 6-1: config 0 descriptor??
[   84.587656][ T6018] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[   84.708981][ T6955] netlink: 12 bytes leftover after parsing attributes in process `syz.2.294'.
[   84.724487][ T6956] netlink: 12 bytes leftover after parsing attributes in process `syz.2.294'.
[   84.858062][ T6964] netlink: 4 bytes leftover after parsing attributes in process `syz.2.296'.
[   84.861248][ T6964] hsr_slave_0: left promiscuous mode
[   84.863485][ T6964] hsr_slave_1: left promiscuous mode
[   84.912748][ T6965] netlink: 28 bytes leftover after parsing attributes in process `syz.2.296'.
[   85.205046][ T6981] ipt_REJECT: TCP_RESET invalid for non-tcp
[   85.208971][   T40] audit: type=1400 audit(1765655043.024:433): avc:  denied  { mount } for  pid=6980 comm="syz.2.301" name="/" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[   85.216905][ T6981] ipt_REJECT: TCP_RESET invalid for non-tcp
[   85.217986][   T40] audit: type=1400 audit(1765655043.034:434): avc:  denied  { remount } for  pid=6980 comm="syz.2.301" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1
[   85.513906][ T6991] netlink: 'syz.2.304': attribute type 12 has an invalid length.
[   85.516571][ T6991] netlink: 'syz.2.304': attribute type 29 has an invalid length.
[   85.518650][ T6991] netlink: 148 bytes leftover after parsing attributes in process `syz.2.304'.
[   85.521173][ T6991] netlink: 'syz.2.304': attribute type 2 has an invalid length.
[   85.523269][ T6991] netlink: 23 bytes leftover after parsing attributes in process `syz.2.304'.
[   85.527024][ T6991] netlink: 4 bytes leftover after parsing attributes in process `syz.2.304'.
[   85.529858][ T6991] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=6991 comm=syz.2.304
[   85.631562][ T6018] usb 5-1: USB disconnect, device number 8
[   85.657318][ T7000] netlink: 'syz.2.306': attribute type 1 has an invalid length.
[   85.677650][ T7000] 8021q: adding VLAN 0 to HW filter on device bond1
[   85.719379][ T7003] overlayfs: missing 'lowerdir'
[   85.729178][ T7000] bond1: (slave veth3): Enslaving as an active interface with a down link
[   85.733704][ T7006] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7006 comm=syz.3.309
[   85.739186][ T7006] netlink: 'syz.3.309': attribute type 1 has an invalid length.
[   85.777604][ T7006] bond1: entered promiscuous mode
[   85.780100][ T7006] 8021q: adding VLAN 0 to HW filter on device bond1
[   85.787165][ T7000] 8021q: adding VLAN 0 to HW filter on device batadv1
[   85.789450][ T7000] bond1: (slave batadv1): dev_set_mac_address on slave failed! ALB mode requires that the base driver support setting the hw address also when the network device's interface is open
[   85.806152][ T7006] netlink: 4 bytes leftover after parsing attributes in process `syz.3.309'.
[   85.863362][ T7006] bond1 (unregistering): Released all slaves
[   85.980659][ T7023] hub 3-0:1.0: USB hub found
[   85.984587][ T7023] hub 3-0:1.0: 2 ports detected
[   86.244120][  T841] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[   86.403903][  T841] usb 8-1: Using ep0 maxpacket: 8
[   86.407481][  T841] usb 8-1: config index 0 descriptor too short (expected 301, got 45)
[   86.410785][  T841] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   86.414865][  T841] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   86.418601][  T841] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   86.422225][  T841] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   86.427086][  T841] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   86.430684][  T841] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   86.646523][  T841] usb 8-1: usb_control_msg returned -32
[   86.648472][  T841] usbtmc 8-1:16.0: can't read capabilities
[   86.844704][ T7051] kAFS: unparsable volume name
[   87.171182][   T60] usb 6-1: USB disconnect, device number 5
[   87.249004][ T7060] netlink: 20 bytes leftover after parsing attributes in process `syz.2.328'.
[   87.251900][ T7060] netlink: 20 bytes leftover after parsing attributes in process `syz.2.328'.
[   87.269815][ T6018] usb 8-1: USB disconnect, device number 7
[   87.284700][ T7060] macsec1: entered promiscuous mode
[   87.286458][ T7060] macsec1: entered allmulticast mode
[   87.315105][ T7063] RDS: rds_bind could not find a transport for ::ffff:10.1.1.1, load rds_tcp or rds_rdma?
[   88.029476][ T7143] random: crng reseeded on system resumption
[   88.051400][ T7143] loop6: detected capacity change from 0 to 524279808
[   88.106710][ T7143] loop6: detected capacity change from 524279808 to 1
[   88.113205][ T7143] Dev loop6: unable to read RDB block 1
[   88.117508][ T7143]  loop6: unable to read partition table
[   88.124032][ T7143] loop6: partition table beyond EOD, truncated
[   88.126564][ T7143] loop_reread_partitions: partition scan of loop6 (�u0v��	) failed (rc=-5)
[   88.211552][ T5339] Dev loop6: unable to read RDB block 1
[   88.213284][ T5339]  loop6: unable to read partition table
[   88.216442][ T5339] loop6: partition table beyond EOD, truncated
[   88.463353][    C2] vcan0: j1939_tp_rxtimer: 0xffff888039c4a000: rx timeout, send abort
[   88.476270][ T7188] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode
[   88.754123][   T34] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[   88.903824][   T34] usb 5-1: Using ep0 maxpacket: 8
[   88.908050][   T34] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[   88.911569][   T34] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   88.915754][   T34] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   88.919125][   T34] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   88.922267][   T34] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   88.927190][   T34] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   88.930280][   T34] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   88.967360][    C2] vcan0: j1939_tp_rxtimer: 0xffff888039c4a000: abort rx timeout. Force session deactivation
[   89.108810][   T40] kauditd_printk_skb: 31 callbacks suppressed
[   89.108827][   T40] audit: type=1326 audit(1765655046.924:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7210 comm="syz.2.348" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feb5718f7c9 code=0x0
[   89.127566][   T40] audit: type=1326 audit(1765655046.934:467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7210 comm="syz.2.348" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feb5718f7c9 code=0x0
[   89.138832][   T34] usb 5-1: usb_control_msg returned -32
[   89.140743][   T34] usbtmc 5-1:16.0: can't read capabilities
[   89.171102][   T40] audit: type=1400 audit(1765655046.984:468): avc:  denied  { accept } for  pid=7218 comm="syz.3.351" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[   89.184765][   T40] audit: type=1400 audit(1765655046.994:469): avc:  denied  { create } for  pid=7220 comm="syz.1.352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   89.193548][   T40] audit: type=1400 audit(1765655047.004:470): avc:  denied  { listen } for  pid=7220 comm="syz.1.352" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[   89.242567][   T40] audit: type=1400 audit(1765655047.054:471): avc:  denied  { ioctl } for  pid=7225 comm="syz.1.353" path="socket:[16787]" dev="sockfs" ino=16787 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[   89.279703][ T7226] trusted_key: encrypted_key: insufficient parameters specified
[   89.285324][ T7226] sg_write: process 249 (syz.1.353) changed security contexts after opening file descriptor, this is not allowed.
[   89.325669][ T5940] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[   89.329104][ T5940] CPU: 2 UID: 0 PID: 5940 Comm: kworker/u33:3 Not tainted syzkaller #0 PREEMPT(full) 
[   89.329128][ T5940] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   89.329142][ T5940] Workqueue: hci0 hci_rx_work
[   89.329191][ T5940] Call Trace:
[   89.329196][ T5940]  <TASK>
[   89.329203][ T5940]  dump_stack_lvl+0x16c/0x1f0
[   89.329221][ T5940]  sysfs_warn_dup+0x7f/0xa0
[   89.329250][ T5940]  sysfs_create_dir_ns+0x24b/0x2b0
[   89.329270][ T5940]  ? __pfx_sysfs_create_dir_ns+0x10/0x10
[   89.329288][ T5940]  ? find_held_lock+0x2b/0x80
[   89.329316][ T5940]  ? do_raw_spin_unlock+0x172/0x230
[   89.329341][ T5940]  kobject_add_internal+0x2c4/0x9d0
[   89.329366][ T5940]  kobject_add+0x16e/0x240
[   89.329385][ T5940]  ? __pfx_kobject_add+0x10/0x10
[   89.329409][ T5940]  ? kobject_put+0xaf/0x6f0
[   89.329426][ T5940]  ? _raw_spin_unlock+0x28/0x50
[   89.329456][ T5940]  device_add+0x288/0x1980
[   89.329481][ T5940]  ? __pfx_dev_set_name+0x10/0x10
[   89.329499][ T5940]  ? __pfx_device_add+0x10/0x10
[   89.329523][ T5940]  ? mgmt_send_event_skb+0x2fb/0x460
[   89.329555][ T5940]  hci_conn_add_sysfs+0x1a8/0x260
[   89.329580][ T5940]  le_conn_complete_evt+0x11ed/0x1fa0
[   89.329615][ T5940]  ? __pfx_le_conn_complete_evt+0x10/0x10
[   89.329648][ T5940]  hci_le_enh_conn_complete_evt+0x23d/0x3b0
[   89.329677][ T5940]  ? skb_pull_data+0x166/0x210
[   89.329703][ T5940]  hci_le_meta_evt+0x357/0x610
[   89.329720][ T5940]  ? __pfx_hci_le_enh_conn_complete_evt+0x10/0x10
[   89.329747][ T5940]  hci_event_packet+0x685/0x1210
[   89.329770][ T5940]  ? __pfx_hci_le_meta_evt+0x10/0x10
[   89.329786][ T5940]  ? __pfx_hci_event_packet+0x10/0x10
[   89.329808][ T5940]  ? kcov_remote_start+0x399/0x680
[   89.329819][ T5940]  ? lockdep_hardirqs_on+0x7c/0x110
[   89.329833][ T5940]  hci_rx_work+0x2c9/0x1020
[   89.329850][ T5940]  process_one_work+0x9ba/0x1b20
[   89.329868][ T5940]  ? __pfx_process_one_work+0x10/0x10
[   89.329884][ T5940]  ? assign_work+0x1a0/0x250
[   89.329898][ T5940]  worker_thread+0x6c8/0xf10
[   89.329916][ T5940]  ? __pfx_worker_thread+0x10/0x10
[   89.329929][ T5940]  kthread+0x3c5/0x780
[   89.329941][ T5940]  ? __pfx_kthread+0x10/0x10
[   89.329953][ T5940]  ? rcu_is_watching+0x12/0xc0
[   89.329962][ T5940]  ? __pfx_kthread+0x10/0x10
[   89.329974][ T5940]  ret_from_fork+0x983/0xb10
[   89.329985][ T5940]  ? __pfx_ret_from_fork+0x10/0x10
[   89.329997][ T5940]  ? __switch_to+0x7af/0x10d0
[   89.330010][ T5940]  ? __pfx_kthread+0x10/0x10
[   89.330022][ T5940]  ret_from_fork_asm+0x1a/0x30
[   89.330043][ T5940]  </TASK>
[   89.330059][ T5940] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[   89.421624][ T5940] Bluetooth: hci0: failed to register connection device
[   89.510405][ T7238] IPv6: sit2: Disabled Multicast RS
[   89.630108][ T7248] macvlan0: entered promiscuous mode
[   89.653646][ T7234] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[   89.661311][ T7234] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   89.669488][   T40] audit: type=1400 audit(1765655047.484:472): avc:  denied  { read } for  pid=7249 comm="syz.1.362" name="loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   89.669556][ T7234] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   89.676945][   T40] audit: type=1400 audit(1765655047.484:473): avc:  denied  { open } for  pid=7249 comm="syz.1.362" path="/dev/loop-control" dev="devtmpfs" ino=657 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1
[   89.694229][ T7234] Bluetooth: hci0: Opcode 0x0406 failed: -4
[   89.699611][ T7234] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[   89.702331][ T7234] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   89.707752][ T7234] Bluetooth: hci1: Opcode 0x0406 failed: -4
[   89.712554][ T7234] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[   89.715184][ T7234] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   89.718492][ T7234] Bluetooth: hci2: Opcode 0x0406 failed: -4
[   89.725104][ T7234] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[   89.728935][ T7234] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   89.733601][ T7234] Bluetooth: hci3: Opcode 0x0406 failed: -4
[   89.745972][ T6018] usb 5-1: USB disconnect, device number 9
[   89.772824][   T40] audit: type=1400 audit(1765655047.584:474): avc:  denied  { create } for  pid=7255 comm="syz.2.364" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[   89.779792][ T7257] __nla_validate_parse: 5 callbacks suppressed
[   89.779803][ T7257] netlink: 8 bytes leftover after parsing attributes in process `syz.2.364'.
[   89.780852][   T40] audit: type=1400 audit(1765655047.594:475): avc:  denied  { ioctl } for  pid=7255 comm="syz.2.364" path="socket:[15208]" dev="sockfs" ino=15208 ioctlcmd=0x661b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_connector_socket permissive=1
[   89.784984][ T7257] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1
[   89.864559][ T7264] netlink: 'syz.1.367': attribute type 1 has an invalid length.
[   89.980463][ T7274] kvm: emulating exchange as write
[   89.985888][ T7276] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   89.997336][ T7278] devpts: Unknown parameter 'max000000000000004'
[   90.001062][ T7279] devpts: Unknown parameter 'max000000000000004'
[   90.048698][ T7281] netlink: 8 bytes leftover after parsing attributes in process `syz.3.373'.
[   90.114056][ T7273] nbd0: detected capacity change from 0 to 63
[   90.117495][ T5942] block nbd0: Receive control failed (result -32)
[   90.134492][ T5939] block nbd0: Dead connection, failed to find a fallback
[   90.137023][ T5939] block nbd0: shutting down sockets
[   90.139525][ T5939] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[   90.142675][ T5939] Buffer I/O error on dev nbd0, logical block 0, async page read
[   90.149680][ T5939] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[   90.152667][ T5939] Buffer I/O error on dev nbd0, logical block 1, async page read
[   90.157444][ T5939] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[   90.161732][ T5939] Buffer I/O error on dev nbd0, logical block 2, async page read
[   90.165752][ T5939] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[   90.169462][ T5939] Buffer I/O error on dev nbd0, logical block 3, async page read
[   90.172218][ T5939] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[   90.176265][ T5939] Buffer I/O error on dev nbd0, logical block 0, async page read
[   90.178876][ T5939] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[   90.182099][ T5939] Buffer I/O error on dev nbd0, logical block 1, async page read
[   90.184812][ T5939] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[   90.187832][ T5939] Buffer I/O error on dev nbd0, logical block 2, async page read
[   90.190350][ T5939] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[   90.194974][ T5939] Buffer I/O error on dev nbd0, logical block 3, async page read
[   90.197799][ T5939] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[   90.200736][ T5939] Buffer I/O error on dev nbd0, logical block 0, async page read
[   90.203221][ T5939] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[   90.206605][ T5939] Buffer I/O error on dev nbd0, logical block 1, async page read
[   90.209405][ T5939] ldm_validate_partition_table(): Disk read failed.
[   90.211710][ T5939] Dev nbd0: unable to read RDB block 0
[   90.213871][ T5939]  nbd0: unable to read partition table
[   90.226876][ T5939] ldm_validate_partition_table(): Disk read failed.
[   90.227029][ T7290] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.377'.
[   90.229402][ T5939] Dev nbd0: unable to read RDB block 0
[   90.234583][ T5939]  nbd0: unable to read partition table
[   90.280392][ T7298] loop4: detected capacity change from 0 to 2560
[   90.302670][ T7300] openvswitch: netlink: Unknown nsh attribute 0
[   90.305792][ T7300] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   90.339457][ T7308] openvswitch: netlink: IP tunnel dst address not specified
[   90.342553][ T7312] openvswitch: netlink: Either Ethernet header or EtherType is required.
[   90.343278][ T7309] trusted_key: syz.2.384 sent an empty control message without MSG_MORE.
[   90.383705][ T7315] Dead loop on virtual device ip6_vti0, fix it urgently!
[   90.460446][ T7325] fuse: Invalid rootmode
[   90.581289][ T7334] program syz.0.392 is using a deprecated SCSI ioctl, please convert it to SG_IO
[   90.627791][ T7334] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   90.635105][ T7334] netlink: 'syz.0.392': attribute type 10 has an invalid length.
[   90.638342][ T7334] netlink: 228 bytes leftover after parsing attributes in process `syz.0.392'.
[   90.723053][ T7343] netlink: 8 bytes leftover after parsing attributes in process `syz.2.395'.
[   90.727249][ T7343] netlink: 8 bytes leftover after parsing attributes in process `syz.2.395'.
[   90.733916][  T841] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[   90.883966][  T841] usb 6-1: Using ep0 maxpacket: 8
[   90.888088][  T841] usb 6-1: config index 0 descriptor too short (expected 301, got 45)
[   90.891886][  T841] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   90.896252][  T841] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   90.900305][  T841] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   90.904432][  T841] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   90.908969][  T841] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[   90.911927][  T841] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   91.119828][  T841] usb 6-1: usb_control_msg returned -32
[   91.121753][  T841] usbtmc 6-1:16.0: can't read capabilities
[   91.303979][  T841] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[   91.454102][  T841] usb 5-1: Using ep0 maxpacket: 8
[   91.468411][  T841] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   91.471644][  T841] usb 5-1: config 0 interface 0 altsetting 254 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[   91.476661][  T841] usb 5-1: config 0 interface 0 has no altsetting 0
[   91.478880][  T841] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[   91.481847][  T841] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   91.486877][  T841] usb 5-1: config 0 descriptor??
[   91.490909][  T841] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[   91.615023][ T5942] Bluetooth: hci0: command 0x0c1a tx timeout
[   91.718267][ T7371] netlink: ct family unspecified
[   91.719941][ T7371] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[   91.742807][ T6016] usb 6-1: USB disconnect, device number 6
[   91.775817][ T5942] Bluetooth: hci2: command 0x0c1a tx timeout
[   91.775828][ T5940] Bluetooth: hci1: command 0x0c1a tx timeout
[   91.784146][ T5940] Bluetooth: hci3: command 0x0c1a tx timeout
[   92.270998][ T7407] cgroup: subsys name conflicts with all
[   92.484000][ T7429] netlink: 'syz.2.421': attribute type 10 has an invalid length.
[   92.492535][ T7429] bridge0: port 3(netdevsim0) entered blocking state
[   92.495776][ T7429] bridge0: port 3(netdevsim0) entered disabled state
[   92.498654][ T7429] netdevsim netdevsim2 netdevsim0: entered allmulticast mode
[   92.502860][ T7429] netdevsim netdevsim2 netdevsim0: entered promiscuous mode
[   92.510284][ T7431] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0)
[   92.513622][ T7431] netlink: 8 bytes leftover after parsing attributes in process `syz.1.422'.
[   92.531666][ T7429] bridge0: port 2(bridge_slave_1) entered disabled state
[   92.539121][ T7429] bridge_slave_0: left allmulticast mode
[   92.541312][ T7429] bridge0: port 1(bridge_slave_0) entered disabled state
[   92.735071][ T7447] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[   93.144021][  T841] usb 6-1: new low-speed USB device number 7 using dummy_hcd
[   93.269718][ T7474] netlink: 'syz.3.438': attribute type 1 has an invalid length.
[   93.281376][ T7474] bond1: entered promiscuous mode
[   93.283300][ T7474] 8021q: adding VLAN 0 to HW filter on device bond1
[   93.299051][ T7474] bond1: (slave bridge1): making interface the new active one
[   93.301710][ T7474] bridge1: entered promiscuous mode
[   93.305170][ T7474] bond1: (slave bridge1): Enslaving as an active interface with an up link
[   93.312865][ T7474] netlink: 'syz.3.438': attribute type 7 has an invalid length.
[   93.332832][  T841] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[   93.335356][  T841] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[   93.338659][  T841] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   93.342391][  T841] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[   93.345964][  T841] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[   93.350416][  T841] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[   93.352943][  T841] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[   93.356468][  T841] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   93.360212][  T841] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[   93.360333][ T7482] netlink: 'syz.3.440': attribute type 2 has an invalid length.
[   93.363839][  T841] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[   93.364800][  T841] usb 6-1: config 168 descriptor has 1 excess byte, ignoring
[   93.374225][  T841] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8
[   93.377759][  T841] usb 6-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[   93.381519][  T841] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10
[   93.385304][  T841] usb 6-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8
[   93.392610][  T841] usb 6-1: string descriptor 0 read error: -22
[   93.394769][  T841] usb 6-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[   93.397856][  T841] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   93.404641][  T841] adutux 6-1:168.0: ADU100  now attached to /dev/usb/adutux0
[   93.434837][ T7486] QAT: Stopping all acceleration devices.
[   93.440591][ T7485] netlink: 16 bytes leftover after parsing attributes in process `syz.2.442'.
[   93.693911][ T5940] Bluetooth: hci0: command 0x0c1a tx timeout
[   93.854209][ T5942] Bluetooth: hci2: command 0x0c1a tx timeout
[   93.855128][ T5941] Bluetooth: hci1: command 0x0c1a tx timeout
[   93.856386][ T5940] Bluetooth: hci3: command 0x0c1a tx timeout
[   94.092751][ T5998] usb 5-1: USB disconnect, device number 10
[   94.198273][ T7535] netlink: 76 bytes leftover after parsing attributes in process `syz.3.458'.
[   94.342124][ T7542] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[   94.344797][ T7542] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[   94.349057][ T7542] vhci_hcd vhci_hcd.0: Device attached
[   94.354711][ T7543] vhci_hcd: unknown pdu 2
[   94.357258][   T46] vhci_hcd vhci_hcd.3: stop threads
[   94.359578][   T46] vhci_hcd vhci_hcd.3: release socket
[   94.361822][   T46] vhci_hcd vhci_hcd.3: disconnect device
[   94.567828][ T7550] netlink: 64 bytes leftover after parsing attributes in process `syz.2.463'.
[   94.808080][ T7564] __nla_validate_parse: 1 callbacks suppressed
[   94.808102][ T7564] netlink: 12 bytes leftover after parsing attributes in process `syz.2.468'.
[   94.815927][ T7564] workqueue: Failed to create a rescuer kthread for wq "bond3": -EINTR
[   94.819754][ T7562] netlink: 4 bytes leftover after parsing attributes in process `syz.0.467'.
[   94.826537][ T7562] netlink: 12 bytes leftover after parsing attributes in process `syz.0.467'.
[   94.884125][ T7572] netlink: 'syz.0.470': attribute type 11 has an invalid length.
[   94.886610][ T7572] netlink: 132 bytes leftover after parsing attributes in process `syz.0.470'.
[   94.890610][ T7573] 9pnet_virtio: no channels available for device syz
[   94.908033][ T7577] netlink: 'syz.3.471': attribute type 21 has an invalid length.
[   94.913271][ T7579] 9pnet_virtio: no channels available for device syz
[   94.945955][   T40] kauditd_printk_skb: 27 callbacks suppressed
[   94.945967][   T40] audit: type=1400 audit(1765655052.764:503): avc:  denied  { write } for  pid=7580 comm="syz.2.474" name="rtc0" dev="devtmpfs" ino=944 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[   94.956435][   T40] audit: type=1400 audit(1765655052.764:504): avc:  denied  { execute } for  pid=7580 comm="syz.2.474" path="/selinux/enforce" dev="selinuxfs" ino=4 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=file permissive=1
[   95.021244][ T7585] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=51 sclass=netlink_route_socket pid=7585 comm=syz.3.476
[   95.026604][ T7585] netlink: 4 bytes leftover after parsing attributes in process `syz.3.476'.
[   95.030241][ T7585] bridge_slave_1: left allmulticast mode
[   95.032558][ T7585] bridge_slave_1: left promiscuous mode
[   95.036178][ T7585] bridge0: port 2(bridge_slave_1) entered disabled state
[   95.038353][ T7587] netlink: 8 bytes leftover after parsing attributes in process `syz.2.477'.
[   95.046334][ T7585] bridge_slave_0: left allmulticast mode
[   95.048833][ T7585] bridge_slave_0: left promiscuous mode
[   95.051372][ T7585] bridge0: port 1(bridge_slave_0) entered disabled state
[   95.065195][   T40] audit: type=1400 audit(1765655052.874:505): avc:  denied  { connect } for  pid=7588 comm="syz.0.473" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[   95.230777][   T40] audit: type=1400 audit(1765655053.044:506): avc:  denied  { read } for  pid=7599 comm="syz.3.481" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[   95.337104][ T7598] netlink: 'syz.2.480': attribute type 32 has an invalid length.
[   95.339565][ T7598] netlink: 8 bytes leftover after parsing attributes in process `syz.2.480'.
[   95.356531][ T7598] bond3: Setting coupled_control to off (0)
[   95.367674][ T7594] mmap: syz.0.473 (7594) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   95.400386][ T7607] xt_bpf: check failed: parse error
[   95.462203][ T7615] geneve2: entered promiscuous mode
[   95.468032][ T7615] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=7615 comm=syz.2.485
[   95.488145][   T40] audit: type=1400 audit(1765655053.304:507): avc:  denied  { mount } for  pid=7614 comm="syz.2.485" name="/" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=filesystem permissive=1
[   95.615161][   T34] usb 6-1: USB disconnect, device number 7
[   95.648563][ T7629] netlink: 'syz.2.491': attribute type 1 has an invalid length.
[   95.648934][ T7628] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7628 comm=syz.2.491
[   95.668741][ T7630] bond4: (slave vxcan3): The slave device specified does not support setting the MAC address
[   95.672369][ T7630] bond4: (slave vxcan3): Error -95 calling set_mac_address
[   95.764671][ T7634] netlink: 16 bytes leftover after parsing attributes in process `syz.3.492'.
[   95.773854][ T5941] Bluetooth: hci0: command 0x0c1a tx timeout
[   95.894547][ T7647] syz.3.496 (7647): /proc/7646/oom_adj is deprecated, please use /proc/7646/oom_score_adj instead.
[   95.900336][ T7647] netlink: 100 bytes leftover after parsing attributes in process `syz.3.496'.
[   95.910319][   T40] audit: type=1400 audit(1765655053.724:508): avc:  denied  { mount } for  pid=7646 comm="syz.3.496" name="/" dev="configfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1
[   95.920219][   T40] audit: type=1400 audit(1765655053.724:509): avc:  denied  { write } for  pid=7646 comm="syz.3.496" name="/" dev="configfs" ino=23 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1
[   95.934066][ T5941] Bluetooth: hci3: command 0x0c1a tx timeout
[   95.934113][ T5942] Bluetooth: hci2: command 0x0c1a tx timeout
[   95.937389][ T5945] Bluetooth: hci1: command 0x0c1a tx timeout
[   96.004426][   T40] audit: type=1400 audit(1765655053.824:510): avc:  denied  { write } for  pid=7652 comm="syz.1.498" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   96.055171][   T40] audit: type=1400 audit(1765655053.874:511): avc:  denied  { read } for  pid=7652 comm="syz.1.498" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[   96.071723][ T7653] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[   96.160291][ T7672] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold
[   96.160340][  T143] IPVS: starting estimator thread 0...
[   96.273965][ T7675] IPVS: using max 37 ests per chain, 88800 per kthread
[   96.304059][   T75] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[   96.453846][   T75] usb 7-1: Using ep0 maxpacket: 16
[   96.457476][   T75] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   96.462117][   T75] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   96.466771][   T75] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[   96.472415][   T75] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[   96.476429][   T75] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.476513][ T7706] fuse: Bad value for 'user_id'
[   96.481989][ T7706] fuse: Bad value for 'user_id'
[   96.482040][   T75] usb 7-1: config 0 descriptor??
[   96.566265][   T40] audit: type=1400 audit(1765655054.384:512): avc:  denied  { listen } for  pid=7705 comm="syz.0.512" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[   96.974742][ T7730] netlink: 12 bytes leftover after parsing attributes in process `syz.3.518'.
[   97.100038][ T7667] random: crng reseeded on system resumption
[   97.117079][   T75] usbhid 7-1:0.0: can't add hid device: -71
[   97.121115][   T75] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[   97.127236][   T75] usb 7-1: USB disconnect, device number 6
[   97.271734][ T7750] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[   97.554026][ T6018] usb 8-1: new full-speed USB device number 8 using dummy_hcd
[   97.709191][ T7769] geneve3: entered promiscuous mode
[   97.713086][ T7769] geneve3: entered allmulticast mode
[   97.715318][ T6018] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   97.718316][ T6018] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   97.722397][ T6018] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   97.726474][ T6018] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.754649][ T7772] debugfs: 'ttyS3' already exists in 'caif_serial'
[   97.804955][ T7772] overlayfs: workdir and upperdir must be separate subtrees
[   97.853885][ T5945] Bluetooth: hci0: command 0x0c1a tx timeout
[   97.934091][ T6018] usb 8-1: GET_CAPABILITIES returned 0
[   97.936037][ T6018] usbtmc 8-1:16.0: can't read capabilities
[   98.014785][ T5945] Bluetooth: hci3: command 0x0c1a tx timeout
[   98.025462][ T7798] gtp1: entered promiscuous mode
[   98.288565][ T7820] syzkaller1: entered promiscuous mode
[   98.290583][ T7820] syzkaller1: entered allmulticast mode
[   99.217449][ T5941] Bluetooth: hci0: unexpected event for opcode 0x200d
[   99.220460][ T5941] Bluetooth: hci0: unexpected event for opcode 0x200d
[   99.274536][ T5998] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[   99.423871][ T5998] usb 5-1: Using ep0 maxpacket: 16
[   99.427202][ T5998] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   99.430418][ T5998] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[   99.437467][ T5998] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[   99.442059][ T5998] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   99.445100][ T5998] usb 5-1: Product: syz
[   99.446569][ T5998] usb 5-1: Manufacturer: syz
[   99.448268][ T5998] usb 5-1: SerialNumber: syz
[   99.452237][ T5998] usb 5-1: config 0 descriptor??
[   99.509057][ T7863] EXT4-fs: Conflicting test_dummy_encryption options
[   99.937209][ T7880] __nla_validate_parse: 10 callbacks suppressed
[   99.937227][ T7880] netlink: 40 bytes leftover after parsing attributes in process `syz.2.558'.
[  101.607011][ T7904] syz.1.564 (7904) used obsolete PPPIOCDETACH ioctl
[  101.614344][   T40] kauditd_printk_skb: 12 callbacks suppressed
[  101.614359][   T40] audit: type=1400 audit(1765655059.434:525): avc:  denied  { map } for  pid=7901 comm="syz.1.564" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  101.626188][   T40] audit: type=1400 audit(1765655059.434:526): avc:  denied  { execute } for  pid=7901 comm="syz.1.564" path="/dev/dri/card0" dev="devtmpfs" ino=635 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  102.076695][ T6175] usb 5-1: USB disconnect, device number 11
[  102.080467][ T7911] A link change request failed with some changes committed already. Interface vlan2 may have been left with an inconsistent configuration, please check.
[  102.148672][   T40] audit: type=1400 audit(1765655059.964:527): avc:  denied  { ioctl } for  pid=7914 comm="syz.2.568" path="socket:[21066]" dev="sockfs" ino=21066 ioctlcmd=0x7202 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  102.196575][ T7919] netlink: 48 bytes leftover after parsing attributes in process `syz.2.570'.
[  102.355612][ T7902] Bluetooth: hci0: Opcode 0x0c20 failed: -4
[  102.518887][   T40] audit: type=1400 audit(1765655060.334:528): avc:  denied  { accept } for  pid=7925 comm="syz.1.572" path=0000204E0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000A00001000000000FF0200000000000000000000000000010000000000000000000000000000 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1
[  102.913891][ T5998] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  103.064534][   T40] audit: type=1400 audit(1765655060.884:529): avc:  denied  { getopt } for  pid=7933 comm="syz.2.575" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  103.070851][ T5998] usb 6-1: Using ep0 maxpacket: 16
[  103.084433][ T5998] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  103.087895][ T5998] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  103.091168][ T5998] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  103.091206][ T5998] usb 6-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  103.095286][ T5945] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection
[  103.105361][ T5998] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.109609][ T5998] usb 6-1: config 0 descriptor??
[  103.167099][ T7940] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.214771][ T7750] usbtmc 8-1:16.0: usbtmc_ioctl_request failed -110
[  103.233196][ T5828] usb 8-1: USB disconnect, device number 8
[  103.262215][ T7940] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.318591][ T7940] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.393857][   T75] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  103.401168][ T7940] netdevsim netdevsim2 netdevsim0 (unregistering): left allmulticast mode
[  103.405528][ T7940] bridge0: port 3(netdevsim0) entered disabled state
[  103.412972][ T7940] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  103.515652][   T12] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[  103.528400][ T5998] hid_parser_main: 31 callbacks suppressed
[  103.528413][ T5998] shield 0003:0955:7214.0003: unknown main item tag 0x0
[  103.532330][   T12] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[  103.534767][ T5941] Bluetooth: hci0: command 0x0c1a tx timeout
[  103.535750][ T5998] shield 0003:0955:7214.0003: unknown main item tag 0x0
[  103.535771][ T5998] shield 0003:0955:7214.0003: unknown main item tag 0x0
[  103.535787][ T5998] shield 0003:0955:7214.0003: unknown main item tag 0x0
[  103.535804][ T5998] shield 0003:0955:7214.0003: unknown main item tag 0x0
[  103.541027][ T5998] input: HID 0955:7214 Haptics as /devices/virtual/input/input15
[  103.551538][   T12] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[  103.555193][   T40] audit: type=1400 audit(1765655061.374:530): avc:  denied  { read } for  pid=5324 comm="acpid" name="event4" dev="devtmpfs" ino=2944 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  103.555918][   T75] usb 5-1: Using ep0 maxpacket: 16
[  103.570438][   T75] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  103.574927][   T75] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  103.576577][   T40] audit: type=1400 audit(1765655061.384:531): avc:  denied  { open } for  pid=5324 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2944 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  103.578821][   T12] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[  103.588851][   T40] audit: type=1400 audit(1765655061.384:532): avc:  denied  { ioctl } for  pid=5324 comm="acpid" path="/dev/input/event4" dev="devtmpfs" ino=2944 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  103.593923][   T75] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  103.603219][   T75] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  103.608907][   T75] usb 5-1: Product: syz
[  103.611168][   T75] usb 5-1: Manufacturer: syz
[  103.613122][   T75] usb 5-1: SerialNumber: syz
[  103.619538][ T5998] shield 0003:0955:7214.0003: Registered Thunderstrike controller
[  103.622901][ T5998] shield 0003:0955:7214.0003: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0
[  103.624282][   T75] usb 5-1: config 0 descriptor??
[  103.651062][   T40] audit: type=1400 audit(1765655061.464:533): avc:  denied  { remount } for  pid=7954 comm="syz.2.581" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  103.653987][ T7955] binder: Unknown parameter 'fsname'
[  103.691585][   T40] audit: type=1400 audit(1765655061.504:534): avc:  denied  { accept } for  pid=7956 comm="syz.2.582" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  103.704572][ T7957] netlink: 4 bytes leftover after parsing attributes in process `syz.2.582'.
[  103.708405][ T7957] netlink: 24 bytes leftover after parsing attributes in process `syz.2.582'.
[  103.719473][ T7930] random: crng reseeded on system resumption
[  103.730277][  T143] usb 6-1: USB disconnect, device number 8
[  103.730275][ T2294] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  103.737909][ T2294] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  103.741609][ T2294] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  103.746553][ T2294] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  104.667530][ T8004] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  104.923885][  T143] usb 8-1: new full-speed USB device number 9 using dummy_hcd
[  105.085094][  T143] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  105.088424][  T143] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  105.092493][  T143] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  105.095421][  T143] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  105.251642][ T8030] efs: cannot read volume header
[  105.300894][  T143] usb 8-1: GET_CAPABILITIES returned 0
[  105.302785][  T143] usbtmc 8-1:16.0: can't read capabilities
[  105.813904][   T75] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  105.963958][   T75] usb 6-1: Using ep0 maxpacket: 16
[  105.967809][   T75] usb 6-1: config 0 has an invalid interface number: 132 but max is 0
[  105.971362][   T75] usb 6-1: config 0 has no interface number 0
[  105.976210][   T75] usb 6-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25
[  105.980099][   T75] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  105.983504][   T75] usb 6-1: Product: syz
[  105.985393][   T75] usb 6-1: Manufacturer: syz
[  105.987381][   T75] usb 6-1: SerialNumber: syz
[  105.992793][   T75] usb 6-1: config 0 descriptor??
[  105.998206][   T75] hub 6-1:0.132: bad descriptor, ignoring hub
[  106.000746][   T75] hub 6-1:0.132: probe with driver hub failed with error -5
[  106.006811][   T75] input: bcm5974 as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.132/input/input16
[  106.156829][  T143] usb 5-1: USB disconnect, device number 12
[  107.018589][ T8037] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  107.021055][ T8037] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  107.022999][ T8037] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  107.027004][ T8037] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  107.029098][ T8037] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  107.065044][   T40] kauditd_printk_skb: 6 callbacks suppressed
[  107.065058][   T40] audit: type=1326 audit(1765655064.884:541): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=8060 comm="syz.0.618" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1632b8f7c9 code=0x0
[  107.116115][   T40] audit: type=1400 audit(1765655064.934:542): avc:  denied  { read } for  pid=8060 comm="syz.0.618" dev="sockfs" ino=23586 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[  107.131538][ T8062] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  107.139702][ T8062] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  107.236707][   T40] audit: type=1400 audit(1765655065.054:543): avc:  denied  { associate } for  pid=8073 comm="syz.1.623" name="cgroup" scontext=root:object_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1
[  107.490032][   T40] audit: type=1400 audit(1765655065.304:544): avc:  denied  { execute } for  pid=8081 comm="syz-executor" name="syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  107.497562][   T40] audit: type=1400 audit(1765655065.304:545): avc:  denied  { execute_no_trans } for  pid=8081 comm="syz-executor" path="/syz-executor" dev="sda1" ino=2020 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:etc_runtime_t tclass=file permissive=1
[  107.557964][ T5945] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  107.561893][ T5945] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  107.566399][ T5945] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  107.570074][ T5945] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  107.573597][ T5945] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  107.681166][ T8092] input: syz0 as /devices/virtual/input/input17
[  107.696706][ T8086] chnl_net:caif_netlink_parms(): no params data found
[  107.749399][ T8086] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.752429][ T8086] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.755265][ T8086] bridge_slave_0: entered allmulticast mode
[  107.758074][ T8086] bridge_slave_0: entered promiscuous mode
[  107.761472][ T8086] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.764061][ T8086] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.766486][ T8086] bridge_slave_1: entered allmulticast mode
[  107.769222][ T8086] bridge_slave_1: entered promiscuous mode
[  107.794546][ T8086] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.800708][ T8086] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.825532][ T8086] team0: Port device team_slave_0 added
[  107.830651][ T8086] team0: Port device team_slave_1 added
[  107.844987][ T8086] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.847144][ T8086] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  107.855454][ T8086] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.860500][ T8086] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.862691][ T8086] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  107.872733][ T8086] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  107.895712][ T8086] hsr_slave_0: entered promiscuous mode
[  107.898058][ T8086] hsr_slave_1: entered promiscuous mode
[  107.900319][ T8086] debugfs: 'hsr0' already exists in 'hsr'
[  107.902579][ T8086] Cannot create hsr debugfs directory
[  108.018969][ T8086] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  108.026304][ T8086] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  108.030955][ T8086] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  108.035907][ T8086] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  108.054987][ T8086] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.058043][ T8086] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.061195][ T8086] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.064322][ T8086] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.073149][ T8103] blk_print_req_error: 138 callbacks suppressed
[  108.073160][ T8103] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  108.080180][ T8103] buffer_io_error: 143 callbacks suppressed
[  108.080202][ T8103] Buffer I/O error on dev nbd0, logical block 0, async page read
[  108.087397][ T8103] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  108.091371][ T8103] Buffer I/O error on dev nbd0, logical block 1, async page read
[  108.095144][ T8103] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  108.098975][ T8103] Buffer I/O error on dev nbd0, logical block 2, async page read
[  108.102225][ T8103] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  108.106121][ T8103] Buffer I/O error on dev nbd0, logical block 3, async page read
[  108.109346][ T8103] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  108.112828][ T8086] 8021q: adding VLAN 0 to HW filter on device bond0
[  108.113045][ T8103] Buffer I/O error on dev nbd0, logical block 0, async page read
[  108.118826][ T8103] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  108.122844][ T8103] Buffer I/O error on dev nbd0, logical block 1, async page read
[  108.126525][ T8103] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  108.130980][ T8103] Buffer I/O error on dev nbd0, logical block 2, async page read
[  108.131116][   T46] bridge0: port 1(bridge_slave_0) entered disabled state
[  108.134684][ T8103] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  108.140516][ T8103] Buffer I/O error on dev nbd0, logical block 3, async page read
[  108.145241][ T8103] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  108.149262][ T8103] Buffer I/O error on dev nbd0, logical block 0, async page read
[  108.152610][ T8103] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  108.157719][   T46] bridge0: port 2(bridge_slave_1) entered disabled state
[  108.158341][ T8103] Buffer I/O error on dev nbd0, logical block 1, async page read
[  108.166604][ T8103] ldm_validate_partition_table(): Disk read failed.
[  108.170506][ T8103] Dev nbd0: unable to read RDB block 0
[  108.173614][ T8103]  nbd0: unable to read partition table
[  108.181750][ T8103] syz.0.632: attempt to access beyond end of device
[  108.181750][ T8103] nbd0: rw=6144, sector=128, nr_sectors = 8 limit=63
[  108.187456][ T8086] 8021q: adding VLAN 0 to HW filter on device team0
[  108.187542][ T8103] gfs2: error -5 reading superblock
[  108.200242][ T1149] bridge0: port 1(bridge_slave_0) entered blocking state
[  108.203117][ T1149] bridge0: port 1(bridge_slave_0) entered forwarding state
[  108.212433][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  108.215310][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  108.253954][ T5941] Bluetooth: hci0: command 0x0c1a tx timeout
[  108.339052][ T8117] netlink: 8 bytes leftover after parsing attributes in process `syz.0.634'.
[  108.371700][ T8086] 8021q: adding VLAN 0 to HW filter on device batadv0
[  108.528638][ T8086] veth0_vlan: entered promiscuous mode
[  108.534432][ T8086] veth1_vlan: entered promiscuous mode
[  108.552268][ T8086] veth0_macvtap: entered promiscuous mode
[  108.558320][ T8086] veth1_macvtap: entered promiscuous mode
[  108.579634][ T8086] batman_adv: batadv0: Interface activated: batadv_slave_0
[  108.588744][ T8086] batman_adv: batadv0: Interface activated: batadv_slave_1
[  108.598987][   T62] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  108.603232][   T62] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  108.608300][   T62] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  108.616764][   T62] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  108.623189][ T8144] netlink: 'syz.1.641': attribute type 28 has an invalid length.
[  108.626986][ T8144] netlink: 'syz.1.641': attribute type 3 has an invalid length.
[  108.629582][ T8144] netlink: 132 bytes leftover after parsing attributes in process `syz.1.641'.
[  108.665881][ T4002] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.668676][ T4002] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.691479][ T4002] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  108.694531][ T4002] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  108.712061][   T40] audit: type=1400 audit(1765655066.524:546): avc:  denied  { mounton } for  pid=8086 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=2837 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1
[  108.756963][   T40] audit: type=1400 audit(1765655066.574:547): avc:  denied  { setopt } for  pid=8151 comm="syz.4.628" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  108.763188][   T40] audit: type=1400 audit(1765655066.574:548): avc:  denied  { ioctl } for  pid=8151 comm="syz.4.628" path="socket:[23022]" dev="sockfs" ino=23022 ioctlcmd=0x89e0 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  108.803823][ T5828] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  108.810959][ T8160] netlink: 264 bytes leftover after parsing attributes in process `syz.4.644'.
[  108.954021][ T5828] usb 5-1: Using ep0 maxpacket: 8
[  108.957000][ T5828] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  108.965790][ T5828] usb 5-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16
[  108.968822][ T5828] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.971377][ T5828] usb 5-1: Product: syz
[  108.972841][ T5828] usb 5-1: Manufacturer: syz
[  108.981579][ T5828] usb 5-1: SerialNumber: syz
[  108.986535][ T5828] usb 5-1: config 0 descriptor??
[  108.991004][   T40] audit: type=1400 audit(1765655066.804:549): avc:  denied  { map } for  pid=8166 comm="syz.4.648" path="/dev/loop6" dev="devtmpfs" ino=664 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  109.018579][ T5339] Dev loop6: unable to read RDB block 1
[  109.020671][ T5339]  loop6: unable to read partition table
[  109.022728][ T5339] loop6: partition table beyond EOD, truncated
[  109.054375][ T5941] Bluetooth: hci3: command 0x0c1a tx timeout
[  109.054450][ T5945] Bluetooth: hci1: command 0x0c1a tx timeout
[  109.088203][ T8169] netlink: 'syz.4.649': attribute type 3 has an invalid length.
[  109.190873][ T5828] usb 5-1: USB disconnect, device number 13
[  109.383983][  T143] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  109.545568][  T143] usb 9-1: config 0 has no interfaces?
[  109.549321][  T143] usb 9-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00
[  109.552306][  T143] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.554931][  T143] usb 9-1: Product: syz
[  109.556371][  T143] usb 9-1: Manufacturer: syz
[  109.557903][  T143] usb 9-1: SerialNumber: syz
[  109.562754][  T143] usb 9-1: config 0 descriptor??
[  109.570098][   T75] usb 6-1: USB disconnect, device number 9
[  109.613922][ T5945] Bluetooth: hci2: command tx timeout
[  109.778844][ T8191] netlink: 212348 bytes leftover after parsing attributes in process `syz.1.652'.
[  109.781062][ T6175] usb 9-1: USB disconnect, device number 2
[  109.886011][ T8193] netlink: 4 bytes leftover after parsing attributes in process `syz.0.655'.
[  110.022678][   T40] audit: type=1400 audit(1765655067.834:550): avc:  denied  { shutdown } for  pid=8200 comm="syz.0.659" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  110.025881][ T8201] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  110.035310][ T8201] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=8192 sclass=netlink_route_socket pid=8201 comm=syz.0.659
[  110.181029][ T5339] Dev loop6: unable to read RDB block 1
[  110.182928][ T5339]  loop6: unable to read partition table
[  110.185548][ T5339] loop6: partition table beyond EOD, truncated
[  110.550527][ T8217] cgroup: Setting release_agent not allowed
[  110.585208][ T8004] usbtmc 8-1:16.0: usbtmc_ioctl_request failed -110
[  110.610760][  T143] usb 8-1: USB disconnect, device number 9
[  110.793904][ T5339] Dev loop6: unable to read RDB block 1
[  110.796132][ T5339]  loop6: unable to read partition table
[  110.798422][ T5339] loop6: partition table beyond EOD, truncated
[  110.875251][ T8241] 9pnet_virtio: no channels available for device syz
[  110.885478][ T8243] FAULT_INJECTION: forcing a failure.
[  110.885478][ T8243] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  110.889848][ T8243] CPU: 3 UID: 0 PID: 8243 Comm: syz.1.676 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  110.889864][ T8243] Tainted: [L]=SOFTLOCKUP
[  110.889868][ T8243] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  110.889874][ T8243] Call Trace:
[  110.889879][ T8243]  <TASK>
[  110.889883][ T8243]  dump_stack_lvl+0x16c/0x1f0
[  110.889913][ T8243]  should_fail_ex+0x512/0x640
[  110.889933][ T8243]  should_fail_alloc_page+0xe7/0x130
[  110.889949][ T8243]  prepare_alloc_pages+0x401/0x670
[  110.889966][ T8243]  __alloc_frozen_pages_noprof+0x18b/0x2430
[  110.889977][ T8243]  ? __lock_acquire+0x436/0x2890
[  110.889996][ T8243]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  110.890008][ T8243]  ? is_bpf_text_address+0x8a/0x1a0
[  110.890020][ T8243]  ? bpf_ksym_find+0x127/0x1c0
[  110.890034][ T8243]  ? is_bpf_text_address+0x94/0x1a0
[  110.890045][ T8243]  ? kernel_text_address+0x8d/0x100
[  110.890059][ T8243]  ? __kernel_text_address+0xd/0x40
[  110.890072][ T8243]  ? unwind_get_return_address+0x59/0xa0
[  110.890086][ T8243]  ? arch_stack_walk+0xa6/0x100
[  110.890104][ T8243]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  110.890117][ T8243]  ? policy_nodemask+0xea/0x4e0
[  110.890132][ T8243]  alloc_pages_mpol+0x1fb/0x550
[  110.890145][ T8243]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  110.890162][ T8243]  ___kmalloc_large_node+0x10c/0x150
[  110.890179][ T8243]  __kmalloc_large_node_noprof+0x1c/0x70
[  110.890193][ T8243]  ? find_held_lock+0x2b/0x80
[  110.890208][ T8243]  __kmalloc_noprof.cold+0xc/0x62
[  110.890224][ T8243]  ? __lock_acquire+0x436/0x2890
[  110.890235][ T8243]  ? v9fs_alloc_rdir_buf.isra.0+0x5d/0xb0
[  110.890249][ T8243]  ? v9fs_alloc_rdir_buf.isra.0+0x5d/0xb0
[  110.890260][ T8243]  v9fs_alloc_rdir_buf.isra.0+0x5d/0xb0
[  110.890273][ T8243]  v9fs_dir_readdir_dotl+0x10f/0x620
[  110.890286][ T8243]  ? __lock_acquire+0x436/0x2890
[  110.890298][ T8243]  ? __pfx_v9fs_dir_readdir_dotl+0x10/0x10
[  110.890322][ T8243]  ? __pfx_down_read_killable+0x10/0x10
[  110.890334][ T8243]  ? avc_policy_seqno+0x9/0x20
[  110.890348][ T8243]  ? selinux_file_permission+0x126/0x660
[  110.890363][ T8243]  iterate_dir+0x296/0xaf0
[  110.890378][ T8243]  __x64_sys_getdents64+0x13c/0x2c0
[  110.890391][ T8243]  ? __pfx___x64_sys_getdents64+0x10/0x10
[  110.890403][ T8243]  ? fput+0x70/0xf0
[  110.890417][ T8243]  ? __pfx_filldir64+0x10/0x10
[  110.890434][ T8243]  do_syscall_64+0xcd/0xf80
[  110.890446][ T8243]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  110.890455][ T8243] RIP: 0033:0x7f4bce18f7c9
[  110.890465][ T8243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  110.890475][ T8243] RSP: 002b:00007f4bcef84038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  110.890485][ T8243] RAX: ffffffffffffffda RBX: 00007f4bce3e5fa0 RCX: 00007f4bce18f7c9
[  110.890491][ T8243] RDX: 0000000000001000 RSI: 0000200000000c40 RDI: 0000000000000003
[  110.890497][ T8243] RBP: 00007f4bcef84090 R08: 0000000000000000 R09: 0000000000000000
[  110.890502][ T8243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  110.890508][ T8243] R13: 00007f4bce3e6038 R14: 00007f4bce3e5fa0 R15: 00007ffd012e16f8
[  110.890522][ T8243]  </TASK>
[  111.019681][ T8249] netlink: 20 bytes leftover after parsing attributes in process `syz.3.679'.
[  111.107561][ T8254] netlink: 12 bytes leftover after parsing attributes in process `syz.4.682'.
[  111.118260][ T8254] macvlan2: entered promiscuous mode
[  111.120570][ T8254] macvlan2: entered allmulticast mode
[  111.136925][ T5945] Bluetooth: hci1: command 0x0c1a tx timeout
[  111.237653][ T8263] loop9: detected capacity change from 0 to 7
[  111.241366][ T5939] ldm_validate_partition_table(): Disk read failed.
[  111.243473][ T5939] Dev loop9: unable to read RDB block 0
[  111.246342][ T5939]  loop9: unable to read partition table
[  111.248732][ T5939] loop9: partition table beyond EOD, truncated
[  111.251366][ T8263] ldm_validate_partition_table(): Disk read failed.
[  111.253485][ T8263] Dev loop9: unable to read RDB block 0
[  111.259848][ T8263]  loop9: unable to read partition table
[  111.262404][ T8263] loop9: partition table beyond EOD, truncated
[  111.262750][ T8274] nilfs2: Unknown parameter 'barries��$���x.�r'
[  111.270159][ T8263] loop_reread_partitions: partition scan of loop9 (�被x������ڬ��dG�����ݡ�����
[  111.270159][ T8263] 
) failed (rc=-5)
[  111.394043][ T8267] bond3: option downdelay: invalid value (18446744073709551615)
[  111.396588][ T8267] bond3: option downdelay: allowed values 0 - 2147483647
[  111.400281][ T8267] bond3 (unregistering): Released all slaves
[  111.415241][ T8292] IPv6: sit1: Disabled Multicast RS
[  111.474379][ T8297] binder: Bad value for 'max'
[  111.528589][ T8301] netlink: 'syz.0.696': attribute type 9 has an invalid length.
[  111.531179][ T8301] netlink: 'syz.0.696': attribute type 11 has an invalid length.
[  111.533910][ T8301] netlink: 'syz.0.696': attribute type 12 has an invalid length.
[  111.536959][ T8301] netlink: 210020 bytes leftover after parsing attributes in process `syz.0.696'.
[  111.543361][ T8302] netlink: 228 bytes leftover after parsing attributes in process `syz.1.697'.
[  111.580271][ T8310] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  111.589603][ T8310] CIFS mount error: No usable UNC path provided in device string!
[  111.589603][ T8310] 
[  111.592341][ T8296] loop4: detected capacity change from 0 to 2560
[  111.593357][ T8310] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  111.655271][ T5339] Dev loop6: unable to read RDB block 1
[  111.659788][ T5339]  loop6: unable to read partition table
[  111.662279][ T5339] loop6: partition table beyond EOD, truncated
[  111.691144][ T8323] xt_nfacct: accounting object `syz0' does not exist
[  111.695213][ T5945] Bluetooth: hci2: command tx timeout
[  111.856752][ T8342] FAULT_INJECTION: forcing a failure.
[  111.856752][ T8342] name failslab, interval 1, probability 0, space 0, times 1
[  111.861179][ T8342] CPU: 2 UID: 0 PID: 8342 Comm: syz.0.710 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  111.861197][ T8342] Tainted: [L]=SOFTLOCKUP
[  111.861201][ T8342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  111.861207][ T8342] Call Trace:
[  111.861211][ T8342]  <TASK>
[  111.861215][ T8342]  dump_stack_lvl+0x16c/0x1f0
[  111.861230][ T8342]  should_fail_ex+0x512/0x640
[  111.861243][ T8342]  ? fs_reclaim_acquire+0xae/0x150
[  111.861259][ T8342]  should_failslab+0xc2/0x120
[  111.861273][ T8342]  __kmalloc_noprof+0xeb/0x910
[  111.861289][ T8342]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  111.861304][ T8342]  ? tomoyo_realpath_from_path+0xc2/0x6e0
[  111.861315][ T8342]  tomoyo_realpath_from_path+0xc2/0x6e0
[  111.861328][ T8342]  ? tomoyo_profile+0x47/0x60
[  111.861343][ T8342]  tomoyo_path_number_perm+0x245/0x580
[  111.861358][ T8342]  ? tomoyo_path_number_perm+0x237/0x580
[  111.861376][ T8342]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  111.861393][ T8342]  ? find_held_lock+0x2b/0x80
[  111.861420][ T8342]  ? find_held_lock+0x2b/0x80
[  111.861435][ T8342]  ? hook_file_ioctl_common+0x144/0x410
[  111.861451][ T8342]  ? __fget_files+0x20e/0x3c0
[  111.861467][ T8342]  security_file_ioctl+0x9b/0x240
[  111.861479][ T8342]  __x64_sys_ioctl+0xb7/0x210
[  111.861492][ T8342]  do_syscall_64+0xcd/0xf80
[  111.861504][ T8342]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.861514][ T8342] RIP: 0033:0x7f1632b8f7c9
[  111.861523][ T8342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  111.861533][ T8342] RSP: 002b:00007f1633a80038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  111.861543][ T8342] RAX: ffffffffffffffda RBX: 00007f1632de5fa0 RCX: 00007f1632b8f7c9
[  111.861550][ T8342] RDX: 00002000000010c0 RSI: 000000004008ae61 RDI: 0000000000000004
[  111.861581][ T8342] RBP: 00007f1633a80090 R08: 0000000000000000 R09: 0000000000000000
[  111.861588][ T8342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  111.861594][ T8342] R13: 00007f1632de6038 R14: 00007f1632de5fa0 R15: 00007ffd9a14fee8
[  111.861608][ T8342]  </TASK>
[  111.861612][ T8342] ERROR: Out of memory at tomoyo_realpath_from_path.
[  111.862938][ T5339] Dev loop6: unable to read RDB block 1
[  111.889505][ T8352] FAULT_INJECTION: forcing a failure.
[  111.889505][ T8352] name failslab, interval 1, probability 0, space 0, times 0
[  111.890960][ T5339]  loop6: unable to read partition table
[  111.892845][ T8352] CPU: 3 UID: 0 PID: 8352 Comm: syz.1.714 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  111.892863][ T8352] Tainted: [L]=SOFTLOCKUP
[  111.892866][ T8352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  111.892873][ T8352] Call Trace:
[  111.892877][ T8352]  <TASK>
[  111.892881][ T8352]  dump_stack_lvl+0x16c/0x1f0
[  111.892896][ T8352]  should_fail_ex+0x512/0x640
[  111.892910][ T8352]  ? fs_reclaim_acquire+0xae/0x150
[  111.892925][ T8352]  should_failslab+0xc2/0x120
[  111.892939][ T8352]  __kmalloc_noprof+0xeb/0x910
[  111.892955][ T8352]  ? p9_fcall_init+0x101/0x420
[  111.892969][ T8352]  ? p9_fcall_init+0x101/0x420
[  111.892979][ T8352]  p9_fcall_init+0x101/0x420
[  111.892990][ T8352]  p9_tag_alloc+0x161/0x850
[  111.893003][ T8352]  ? __pfx_p9_tag_alloc+0x10/0x10
[  111.893019][ T8352]  p9_client_prepare_req+0x19b/0x4a0
[  111.893032][ T8352]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  111.893045][ T8352]  ? is_bpf_text_address+0x8a/0x1a0
[  111.893057][ T8352]  ? bpf_ksym_find+0x127/0x1c0
[  111.893073][ T8352]  p9_client_zc_rpc.constprop.0+0x104/0x880
[  111.893086][ T8352]  ? __kernel_text_address+0xd/0x40
[  111.893102][ T8352]  ? __pfx_p9_client_zc_rpc.constprop.0+0x10/0x10
[  111.893119][ T8352]  ? find_held_lock+0x2b/0x80
[  111.893135][ T8352]  ? rcu_read_unlock+0x17/0x60
[  111.893148][ T8352]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  111.893163][ T8352]  p9_client_readdir+0x40c/0x4e0
[  111.893178][ T8352]  ? __pfx_p9_client_readdir+0x10/0x10
[  111.893194][ T8352]  ? trace_kmalloc+0x2b/0xb0
[  111.893212][ T8352]  v9fs_dir_readdir_dotl+0x40d/0x620
[  111.893226][ T8352]  ? __lock_acquire+0x436/0x2890
[  111.893238][ T8352]  ? __pfx_v9fs_dir_readdir_dotl+0x10/0x10
[  111.893262][ T8352]  ? __pfx_down_read_killable+0x10/0x10
[  111.893275][ T8352]  ? avc_policy_seqno+0x9/0x20
[  111.893288][ T8352]  ? selinux_file_permission+0x126/0x660
[  111.893303][ T8352]  iterate_dir+0x296/0xaf0
[  111.893318][ T8352]  __x64_sys_getdents64+0x13c/0x2c0
[  111.893331][ T8352]  ? __pfx___x64_sys_getdents64+0x10/0x10
[  111.893343][ T8352]  ? fput+0x70/0xf0
[  111.893358][ T8352]  ? __pfx_filldir64+0x10/0x10
[  111.893374][ T8352]  do_syscall_64+0xcd/0xf80
[  111.893385][ T8352]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  111.893396][ T8352] RIP: 0033:0x7f4bce18f7c9
[  111.893404][ T8352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  111.893419][ T8352] RSP: 002b:00007f4bcef84038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  111.893429][ T8352] RAX: ffffffffffffffda RBX: 00007f4bce3e5fa0 RCX: 00007f4bce18f7c9
[  111.893436][ T8352] RDX: 0000000000001000 RSI: 0000200000000c40 RDI: 0000000000000003
[  111.893442][ T8352] RBP: 00007f4bcef84090 R08: 0000000000000000 R09: 0000000000000000
[  111.893447][ T8352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  111.893453][ T8352] R13: 00007f4bce3e6038 R14: 00007f4bce3e5fa0 R15: 00007ffd012e16f8
[  111.893467][ T8352]  </TASK>
[  112.054977][ T5339] loop6: partition table beyond EOD, truncated
[  112.265871][ T8369] : entered promiscuous mode
[  112.307304][  T841] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  112.392539][   T40] kauditd_printk_skb: 13 callbacks suppressed
[  112.392550][   T40] audit: type=1400 audit(2000000000.669:564): avc:  denied  { read } for  pid=8376 comm="syz.0.722" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  112.427861][ T5339] Dev loop6: unable to read RDB block 1
[  112.429713][ T5339]  loop6: unable to read partition table
[  112.431547][ T5339] loop6: partition table beyond EOD, truncated
[  112.481153][  T841] usb 9-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  112.484067][  T841] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  112.486966][  T841] usb 9-1: Product: syz
[  112.488379][  T841] usb 9-1: Manufacturer: syz
[  112.489852][  T841] usb 9-1: SerialNumber: syz
[  112.504678][  T841] usb 9-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  112.507513][   T40] audit: type=1400 audit(2000000000.789:565): avc:  denied  { connect } for  pid=8388 comm="syz.1.725" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  112.537900][  T841] usb 9-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  112.584395][ T8393] netlink: 212 bytes leftover after parsing attributes in process `syz.1.727'.
[  112.596373][ T8395] xt_l2tp: v2 sid > 0xffff: 1114112
[  113.046542][ T6016] usb 9-1: USB disconnect, device number 3
[  113.237087][ T8428] FAULT_INJECTION: forcing a failure.
[  113.237087][ T8428] name failslab, interval 1, probability 0, space 0, times 0
[  113.241254][ T8428] CPU: 3 UID: 0 PID: 8428 Comm: syz.1.740 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  113.241270][ T8428] Tainted: [L]=SOFTLOCKUP
[  113.241274][ T8428] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  113.241281][ T8428] Call Trace:
[  113.241284][ T8428]  <TASK>
[  113.241288][ T8428]  dump_stack_lvl+0x16c/0x1f0
[  113.241303][ T8428]  should_fail_ex+0x512/0x640
[  113.241317][ T8428]  ? fs_reclaim_acquire+0xae/0x150
[  113.241333][ T8428]  should_failslab+0xc2/0x120
[  113.241347][ T8428]  __kmalloc_noprof+0xeb/0x910
[  113.241370][ T8428]  ? p9_get_mapped_pages.part.0.constprop.0+0x1cc/0x850
[  113.241390][ T8428]  ? p9_get_mapped_pages.part.0.constprop.0+0x1cc/0x850
[  113.241407][ T8428]  p9_get_mapped_pages.part.0.constprop.0+0x1cc/0x850
[  113.241424][ T8428]  ? p9pdu_vwritef+0x658/0x1d30
[  113.241439][ T8428]  ? __pfx_p9_get_mapped_pages.part.0.constprop.0+0x10/0x10
[  113.241459][ T8428]  ? __pfx_p9pdu_vwritef+0x10/0x10
[  113.241476][ T8428]  p9_virtio_zc_request+0x9ca/0x1510
[  113.241486][ T8428]  ? p9pdu_vwritef+0x658/0x1d30
[  113.241502][ T8428]  ? __pfx_p9pdu_writef+0x10/0x10
[  113.241516][ T8428]  ? __pfx_p9_virtio_zc_request+0x10/0x10
[  113.241526][ T8428]  ? __pfx_p9_tag_alloc+0x10/0x10
[  113.241540][ T8428]  ? trace_9p_protocol_dump+0x190/0x1f0
[  113.241555][ T8428]  ? rcu_is_watching+0x12/0xc0
[  113.241565][ T8428]  ? p9_client_prepare_req+0x112/0x4a0
[  113.241577][ T8428]  ? __pfx_p9_client_prepare_req+0x10/0x10
[  113.241590][ T8428]  ? is_bpf_text_address+0x8a/0x1a0
[  113.241601][ T8428]  ? bpf_ksym_find+0x127/0x1c0
[  113.241617][ T8428]  p9_client_zc_rpc.constprop.0+0x29b/0x880
[  113.241633][ T8428]  ? __pfx_p9_client_zc_rpc.constprop.0+0x10/0x10
[  113.241650][ T8428]  ? find_held_lock+0x2b/0x80
[  113.241666][ T8428]  ? rcu_read_unlock+0x17/0x60
[  113.241679][ T8428]  ? __pfx_alloc_pages_mpol+0x10/0x10
[  113.241694][ T8428]  p9_client_readdir+0x40c/0x4e0
[  113.241709][ T8428]  ? __pfx_p9_client_readdir+0x10/0x10
[  113.241725][ T8428]  ? trace_kmalloc+0x2b/0xb0
[  113.241743][ T8428]  v9fs_dir_readdir_dotl+0x40d/0x620
[  113.241757][ T8428]  ? __lock_acquire+0x436/0x2890
[  113.241769][ T8428]  ? __pfx_v9fs_dir_readdir_dotl+0x10/0x10
[  113.241792][ T8428]  ? __pfx_down_read_killable+0x10/0x10
[  113.241805][ T8428]  ? avc_policy_seqno+0x9/0x20
[  113.241818][ T8428]  ? selinux_file_permission+0x126/0x660
[  113.241833][ T8428]  iterate_dir+0x296/0xaf0
[  113.241848][ T8428]  __x64_sys_getdents64+0x13c/0x2c0
[  113.241861][ T8428]  ? __pfx___x64_sys_getdents64+0x10/0x10
[  113.241873][ T8428]  ? fput+0x70/0xf0
[  113.241887][ T8428]  ? __pfx_filldir64+0x10/0x10
[  113.241904][ T8428]  do_syscall_64+0xcd/0xf80
[  113.241915][ T8428]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.241926][ T8428] RIP: 0033:0x7f4bce18f7c9
[  113.241934][ T8428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  113.241944][ T8428] RSP: 002b:00007f4bcef84038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9
[  113.241954][ T8428] RAX: ffffffffffffffda RBX: 00007f4bce3e5fa0 RCX: 00007f4bce18f7c9
[  113.241960][ T8428] RDX: 0000000000001000 RSI: 0000200000000c40 RDI: 0000000000000003
[  113.241966][ T8428] RBP: 00007f4bcef84090 R08: 0000000000000000 R09: 0000000000000000
[  113.241972][ T8428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  113.241978][ T8428] R13: 00007f4bce3e6038 R14: 00007f4bce3e5fa0 R15: 00007ffd012e16f8
[  113.241991][ T8428]  </TASK>
[  113.369704][ T8436] __nla_validate_parse: 3 callbacks suppressed
[  113.369714][ T8436] netlink: 8 bytes leftover after parsing attributes in process `syz.0.744'.
[  113.374646][ T8436] netlink: 8 bytes leftover after parsing attributes in process `syz.0.744'.
[  113.385247][   T40] audit: type=1400 audit(2000000001.669:566): avc:  denied  { lock } for  pid=8435 comm="syz.0.744" path="socket:[23393]" dev="sockfs" ino=23393 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1
[  113.385975][ T8436] netlink: 60 bytes leftover after parsing attributes in process `syz.0.744'.
[  113.443540][ T8439] FAULT_INJECTION: forcing a failure.
[  113.443540][ T8439] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  113.445655][ T8441] overlayfs: failed to decode file handle (len=6, type=0, flags=0, err=-22)
[  113.448827][ T8439] CPU: 1 UID: 0 PID: 8439 Comm: syz.1.745 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  113.448843][ T8439] Tainted: [L]=SOFTLOCKUP
[  113.448847][ T8439] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  113.448853][ T8439] Call Trace:
[  113.448857][ T8439]  <TASK>
[  113.448860][ T8439]  dump_stack_lvl+0x16c/0x1f0
[  113.448875][ T8439]  should_fail_ex+0x512/0x640
[  113.448891][ T8439]  _copy_from_user+0x2e/0xd0
[  113.448905][ T8439]  kvm_vm_ioctl+0xadb/0x4090
[  113.448924][ T8439]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  113.448944][ T8439]  ? kasan_quarantine_put+0x10a/0x240
[  113.448956][ T8439]  ? lockdep_hardirqs_on+0x7c/0x110
[  113.448969][ T8439]  ? find_held_lock+0x2b/0x80
[  113.448985][ T8439]  ? tomoyo_path_number_perm+0x295/0x580
[  113.449004][ T8439]  ? tomoyo_path_number_perm+0x18d/0x580
[  113.449021][ T8439]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[  113.449038][ T8439]  ? find_held_lock+0x2b/0x80
[  113.449056][ T8439]  ? __sanitizer_cov_trace_switch+0x54/0x90
[  113.449069][ T8439]  ? do_vfs_ioctl+0x128/0x14f0
[  113.449154][ T8439]  ? __pfx_do_vfs_ioctl+0x10/0x10
[  113.449167][ T8439]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[  113.449184][ T8439]  ? hook_file_ioctl_common+0x144/0x410
[  113.449201][ T8439]  ? selinux_file_ioctl+0x180/0x270
[  113.449212][ T8439]  ? selinux_file_ioctl+0xb4/0x270
[  113.449223][ T8439]  ? __pfx_kvm_vm_ioctl+0x10/0x10
[  113.449237][ T8439]  __x64_sys_ioctl+0x18e/0x210
[  113.449249][ T8439]  do_syscall_64+0xcd/0xf80
[  113.449262][ T8439]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.449272][ T8439] RIP: 0033:0x7f4bce18f7c9
[  113.449281][ T8439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  113.449292][ T8439] RSP: 002b:00007f4bcef84038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  113.449302][ T8439] RAX: ffffffffffffffda RBX: 00007f4bce3e5fa0 RCX: 00007f4bce18f7c9
[  113.449308][ T8439] RDX: 00002000000010c0 RSI: 000000004008ae61 RDI: 0000000000000004
[  113.449314][ T8439] RBP: 00007f4bcef84090 R08: 0000000000000000 R09: 0000000000000000
[  113.449320][ T8439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  113.449326][ T8439] R13: 00007f4bce3e6038 R14: 00007f4bce3e5fa0 R15: 00007ffd012e16f8
[  113.449339][ T8439]  </TASK>
[  113.624061][ T5339] Dev loop6: unable to read RDB block 1
[  113.626332][ T5339]  loop6: unable to read partition table
[  113.628625][ T5339] loop6: partition table beyond EOD, truncated
[  113.643651][ T8452] netlink: 40 bytes leftover after parsing attributes in process `syz.0.751'.
[  113.648363][   T40] audit: type=1400 audit(2000000001.929:567): avc:  denied  { accept } for  pid=8453 comm="syz.4.750" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  113.659854][   T40] audit: type=1400 audit(2000000001.929:568): avc:  denied  { setattr } for  pid=8453 comm="syz.4.750" name="L2CAP" dev="sockfs" ino=26821 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  113.715010][ T8450] futex_wake_op: syz.1.749 tries to shift op by 32; fix this program
[  113.738263][ T8462] erofs (device loop4): cannot find valid erofs superblock
[  113.773847][ T5945] Bluetooth: hci2: command tx timeout
[  113.793440][  T841] usb 9-1: Service connection timeout for: 256
[  113.795524][  T841] ath9k_htc 9-1:1.0: ath9k_htc: Unable to initialize HTC services
[  113.799309][  T841] ath9k_htc: Failed to initialize the device
[  113.801851][ T6016] usb 9-1: ath9k_htc: USB layer deinitialized
[  113.833560][ T8469] FAULT_INJECTION: forcing a failure.
[  113.833560][ T8469] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  113.838421][ T8469] CPU: 3 UID: 0 PID: 8469 Comm: syz.1.757 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  113.838438][ T8469] Tainted: [L]=SOFTLOCKUP
[  113.838441][ T8469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  113.838448][ T8469] Call Trace:
[  113.838451][ T8469]  <TASK>
[  113.838455][ T8469]  dump_stack_lvl+0x16c/0x1f0
[  113.838485][ T8469]  should_fail_ex+0x512/0x640
[  113.838506][ T8469]  _copy_to_user+0x32/0xd0
[  113.838520][ T8469]  simple_read_from_buffer+0xcb/0x170
[  113.838536][ T8469]  proc_fail_nth_read+0x197/0x240
[  113.838547][ T8469]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  113.838558][ T8469]  ? rw_verify_area+0xcf/0x6c0
[  113.838570][ T8469]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  113.838579][ T8469]  vfs_read+0x1e4/0xcf0
[  113.838592][ T8469]  ? __pfx___mutex_lock+0x10/0x10
[  113.838605][ T8469]  ? __pfx_vfs_read+0x10/0x10
[  113.838621][ T8469]  ? __fget_files+0x20e/0x3c0
[  113.838639][ T8469]  ksys_read+0x12a/0x250
[  113.838651][ T8469]  ? __pfx_ksys_read+0x10/0x10
[  113.838664][ T8469]  ? fput+0x70/0xf0
[  113.838681][ T8469]  do_syscall_64+0xcd/0xf80
[  113.838693][ T8469]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  113.838704][ T8469] RIP: 0033:0x7f4bce18e1dc
[  113.838712][ T8469] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  113.838722][ T8469] RSP: 002b:00007f4bcef84030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  113.838733][ T8469] RAX: ffffffffffffffda RBX: 00007f4bce3e5fa0 RCX: 00007f4bce18e1dc
[  113.838739][ T8469] RDX: 000000000000000f RSI: 00007f4bcef840a0 RDI: 0000000000000005
[  113.838745][ T8469] RBP: 00007f4bcef84090 R08: 0000000000000000 R09: 0000000000000000
[  113.838751][ T8469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  113.838757][ T8469] R13: 00007f4bce3e6038 R14: 00007f4bce3e5fa0 R15: 00007ffd012e16f8
[  113.838770][ T8469]  </TASK>
[  114.041750][ T5339] Dev loop6: unable to read RDB block 1
[  114.044510][ T5339]  loop6: unable to read partition table
[  114.047032][ T5339] loop6: partition table beyond EOD, truncated
[  114.128697][ T8503] netlink: 'syz.4.765': attribute type 1 has an invalid length.
[  114.154827][ T8503] 8021q: adding VLAN 0 to HW filter on device bond1
[  114.164790][ T8503] bond1: option tlb_dynamic_lb: unable to set because the bond device is up
[  114.170122][   T40] audit: type=1400 audit(2000000002.449:569): avc:  denied  { mount } for  pid=8500 comm="syz.4.765" name="/" dev="securityfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1
[  114.179889][ T8514] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  114.189906][ T8514] Cannot find set identified by id 3 to match
[  114.281597][   T40] audit: type=1400 audit(2000000002.559:570): avc:  denied  { mount } for  pid=8523 comm="syz.1.773" name="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1
[  114.348511][ T8539] tipc: Started in network mode
[  114.350540][ T8539] tipc: Node identity , cluster identity 4711
[  114.352703][ T8539] tipc: Failed to obtain node identity
[  114.358577][ T8539] tipc: Enabling of bearer <eth:ip6_vti0> rejected, failed to enable media
[  114.466924][ T8547] bridge0: entered allmulticast mode
[  114.560634][   T40] audit: type=1400 audit(2000000002.839:571): avc:  denied  { read } for  pid=8552 comm="syz.3.784" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  114.667493][ T8557] netlink: 24 bytes leftover after parsing attributes in process `syz.1.785'.
[  114.691308][ T8557] netlink: 'syz.1.785': attribute type 10 has an invalid length.
[  114.694493][ T8557] team0: Device lo is loopback device. Loopback devices can't be added as a team port
[  114.710207][ T8557] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  114.769316][ T8579] comedi comedi3: comedi_config --init_data is deprecated
[  114.774318][ T8574] syzkaller1: entered promiscuous mode
[  114.776114][ T8574] syzkaller1: entered allmulticast mode
[  114.814527][ T8583] fuse: Bad value for 'rootmode'
[  114.962863][   T40] audit: type=1400 audit(2000000003.239:572): avc:  denied  { ioctl } for  pid=8593 comm="syz.4.794" path="socket:[27709]" dev="sockfs" ino=27709 ioctlcmd=0x4944 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  115.013864][  T143] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  115.031248][ T8602] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  115.034503][ T8602] IPv6: NLM_F_CREATE should be set when creating new route
[  115.037710][ T8602] IPv6: NLM_F_CREATE should be set when creating new route
[  115.040800][ T8602] IPv6: NLM_F_CREATE should be set when creating new route
[  115.093668][ T8608] trusted_key: encrypted_key: keyword 'update' not allowed when called from .instantiate method
[  115.099121][ T8609] trusted_key: encrypted_key: keyword 'update' not allowed when called from .instantiate method
[  115.174254][  T143] usb 5-1: Using ep0 maxpacket: 16
[  115.181889][  T143] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  115.186362][ T8622] random: crng reseeded on system resumption
[  115.187167][   T40] audit: type=1400 audit(2000000003.469:573): avc:  denied  { connect } for  pid=8619 comm="syz.4.802" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  115.198750][  T143] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  115.198776][  T143] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  115.198817][  T143] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  115.198839][  T143] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  115.204585][  T143] usb 5-1: config 0 descriptor??
[  115.288384][ T8627] new mount options do not match the existing superblock, will be ignored
[  115.629963][  T143] shield 0003:0955:7214.0004: unknown main item tag 0x0
[  115.634219][  T143] shield 0003:0955:7214.0004: unknown main item tag 0x0
[  115.636648][  T143] shield 0003:0955:7214.0004: unknown main item tag 0x0
[  115.639134][  T143] shield 0003:0955:7214.0004: unknown main item tag 0x0
[  115.641541][  T143] shield 0003:0955:7214.0004: unknown main item tag 0x0
[  115.650012][  T143] input: HID 0955:7214 Haptics as /devices/virtual/input/input19
[  115.671686][  T143] shield 0003:0955:7214.0004: Registered Thunderstrike controller
[  115.675621][  T143] shield 0003:0955:7214.0004: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0
[  115.687541][ T8653] overlayfs: option "index=on" is useless in a non-upper mount, ignore
[  115.691038][ T8653] overlayfs: missing 'lowerdir'
[  115.824186][ T8577] random: crng reseeded on system resumption
[  115.832743][   T54] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  115.840631][  T143] usb 5-1: USB disconnect, device number 14
[  115.845075][   T54] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  115.851518][   T54] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  115.854609][ T5945] Bluetooth: hci2: command tx timeout
[  115.857641][   T54] shield 0003:0955:7214.0004: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  116.064426][ T8674] netlink: 16 bytes leftover after parsing attributes in process `syz.1.817'.
[  116.068193][ T8674] netlink: 16 bytes leftover after parsing attributes in process `syz.1.817'.
[  116.115357][ T8671] nbd1: detected capacity change from 0 to 549764202496
[  116.124311][ T5945] block nbd1: Receive control failed (result -32)
[  116.124829][ T5939] block nbd1: Send control failed (result -32)
[  116.129665][ T5939] block nbd1: Request send failed, requeueing
[  116.135874][   T35] block nbd1: Dead connection, failed to find a fallback
[  116.138942][   T35] block nbd1: shutting down sockets
[  116.140937][   T35] blk_print_req_error: 54 callbacks suppressed
[  116.140945][   T35] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  116.148533][   T35] buffer_io_error: 92 callbacks suppressed
[  116.148545][   T35] Buffer I/O error on dev nbd1, logical block 0, async page read
[  116.155351][ T5939] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  116.159190][ T5939] Buffer I/O error on dev nbd1, logical block 0, async page read
[  116.162462][ T5939] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  116.166719][ T5939] Buffer I/O error on dev nbd1, logical block 0, async page read
[  116.170006][ T5939] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  116.174160][ T5939] Buffer I/O error on dev nbd1, logical block 0, async page read
[  116.174238][ T5939] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  116.181618][ T5939] Buffer I/O error on dev nbd1, logical block 0, async page read
[  116.181695][ T5939] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  116.188683][ T5339] Dev loop6: unable to read RDB block 1
[  116.189278][ T5939] Buffer I/O error on dev nbd1, logical block 0, async page read
[  116.191267][ T5339]  loop6: unable to read partition table
[  116.194559][ T5939] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  116.196648][ T5339] loop6: partition table beyond EOD, 
[  116.200103][ T5939] Buffer I/O error on dev nbd1, logical block 0, async page read
[  116.200164][ T5939] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  116.200184][ T5939] Buffer I/O error on dev nbd1, logical block 0, async page read
[  116.200200][ T5939] ldm_validate_partition_table(): Disk read failed.
[  116.200232][ T5939] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  116.202270][ T5339] truncated
[  116.205830][ T5939] Buffer I/O error on dev nbd1, logical block 0, async page read
[  116.225268][ T5939] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2
[  116.225294][ T5939] Buffer I/O error on dev nbd1, logical block 0, async page read
[  116.225361][ T5939] Dev nbd1: unable to read RDB block 0
[  116.225542][ T5939]  nbd1: unable to read partition table
[  116.239406][ T5939] ldm_validate_partition_table(): Disk read failed.
[  116.239511][ T5939] Dev nbd1: unable to read RDB block 0
[  116.244197][ T5939]  nbd1: unable to read partition table
[  116.412552][ T8694] bridge0: port 2(bridge_slave_1) entered disabled state
[  116.415352][ T8694] bridge0: port 1(bridge_slave_0) entered disabled state
[  116.459129][ T8694] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  116.467409][ T8694] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  116.588112][ T4002] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  116.591621][ T4002] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  116.654060][ T4002] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  116.658604][ T4002] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  117.063928][  T143] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  117.214291][  T143] usb 5-1: Using ep0 maxpacket: 16
[  117.218130][  T143] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  117.221699][  T143] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  117.224804][  T143] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  117.229093][  T143] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  117.231994][  T143] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  117.236986][  T143] usb 5-1: config 0 descriptor??
[  117.313462][ T8723] FAULT_INJECTION: forcing a failure.
[  117.313462][ T8723] name failslab, interval 1, probability 0, space 0, times 0
[  117.319132][ T8723] CPU: 3 UID: 0 PID: 8723 Comm: syz.1.836 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  117.319158][ T8723] Tainted: [L]=SOFTLOCKUP
[  117.319163][ T8723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  117.319174][ T8723] Call Trace:
[  117.319179][ T8723]  <TASK>
[  117.319186][ T8723]  dump_stack_lvl+0x16c/0x1f0
[  117.319208][ T8723]  should_fail_ex+0x512/0x640
[  117.319227][ T8723]  ? kmem_cache_alloc_noprof+0x62/0x770
[  117.319248][ T8723]  should_failslab+0xc2/0x120
[  117.319269][ T8723]  kmem_cache_alloc_noprof+0x83/0x770
[  117.319285][ T8723]  ? mas_wr_store_type+0xbc5/0x2180
[  117.319300][ T8723]  ? mas_alloc_nodes+0x27b/0x380
[  117.319327][ T8723]  ? mas_alloc_nodes+0x27b/0x380
[  117.319352][ T8723]  mas_alloc_nodes+0x27b/0x380
[  117.319379][ T8723]  mas_preallocate+0x5e3/0xee0
[  117.319401][ T8723]  ? __pfx_mas_preallocate+0x10/0x10
[  117.319415][ T8723]  ? rcu_is_watching+0x12/0xc0
[  117.319440][ T8723]  ? anon_vma_name+0x81/0x2f0
[  117.319467][ T8723]  __split_vma+0x34a/0x1050
[  117.319495][ T8723]  ? __pfx___split_vma+0x10/0x10
[  117.319533][ T8723]  vms_gather_munmap_vmas+0x3aa/0x1340
[  117.319554][ T8723]  ? __pfx_vms_gather_munmap_vmas+0x10/0x10
[  117.319573][ T8723]  ? mas_walk+0x6f5/0x980
[  117.319596][ T8723]  __mmap_region+0x47c/0x2a00
[  117.319615][ T8723]  ? __lock_acquire+0x436/0x2890
[  117.319634][ T8723]  ? __pfx___mmap_region+0x10/0x10
[  117.319661][ T8723]  ? find_held_lock+0x2b/0x80
[  117.319687][ T8723]  ? __lock_acquire+0x436/0x2890
[  117.319707][ T8723]  ? is_bpf_text_address+0x94/0x1a0
[  117.319736][ T8723]  ? find_held_lock+0x2b/0x80
[  117.319760][ T8723]  ? avc_has_perm_noaudit+0x117/0x3b0
[  117.319812][ T8723]  ? __lock_acquire+0x436/0x2890
[  117.319837][ T8723]  mmap_region+0x32b/0x3f0
[  117.319859][ T8723]  do_mmap+0xa3e/0x1210
[  117.319884][ T8723]  ? __pfx_do_mmap+0x10/0x10
[  117.319904][ T8723]  ? __pfx_down_write_killable+0x10/0x10
[  117.319929][ T8723]  vm_mmap_pgoff+0x29e/0x470
[  117.319954][ T8723]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  117.319978][ T8723]  ? __fget_files+0x20e/0x3c0
[  117.320005][ T8723]  ksys_mmap_pgoff+0x32c/0x5c0
[  117.320025][ T8723]  ? __pfx_ksys_write+0x10/0x10
[  117.320077][ T8723]  __x64_sys_mmap+0x125/0x190
[  117.320099][ T8723]  do_syscall_64+0xcd/0xf80
[  117.320118][ T8723]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  117.320135][ T8723] RIP: 0033:0x7f4bce18f7c9
[  117.320148][ T8723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  117.320163][ T8723] RSP: 002b:00007f4bcef84038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  117.320180][ T8723] RAX: ffffffffffffffda RBX: 00007f4bce3e5fa0 RCX: 00007f4bce18f7c9
[  117.320190][ T8723] RDX: 0000000003000002 RSI: 0000000000b36000 RDI: 0000200000000000
[  117.320200][ T8723] RBP: 00007f4bcef84090 R08: 0000000000000004 R09: 0000000000000000
[  117.320210][ T8723] R10: 0000000000028011 R11: 0000000000000246 R12: 0000000000000001
[  117.320219][ T8723] R13: 00007f4bce3e6038 R14: 00007f4bce3e5fa0 R15: 00007ffd012e16f8
[  117.320243][ T8723]  </TASK>
[  117.321998][ T5339] Dev loop6: unable to read RDB block 1
[  117.422553][ T5339]  loop6: unable to read partition table
[  117.425675][ T5339] loop6: partition table beyond EOD, truncated
[  117.509232][ T8729] pim6reg: entered allmulticast mode
[  117.517146][ T8729] pim6reg: left allmulticast mode
[  117.574039][ T8729] comedi comedi0: fl512: I/O port conflict (0x3,16)
[  117.582848][   T40] kauditd_printk_skb: 4 callbacks suppressed
[  117.582862][   T40] audit: type=1400 audit(2000000005.859:578): avc:  denied  { shutdown } for  pid=8735 comm="syz.1.841" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  117.605413][ T8729] pim6reg: entered allmulticast mode
[  117.651263][  T143] shield 0003:0955:7214.0005: unknown main item tag 0x0
[  117.653548][  T143] shield 0003:0955:7214.0005: unknown main item tag 0x0
[  117.656420][  T143] shield 0003:0955:7214.0005: unknown main item tag 0x0
[  117.658681][  T143] shield 0003:0955:7214.0005: unknown main item tag 0x0
[  117.661151][  T143] shield 0003:0955:7214.0005: unknown main item tag 0x0
[  117.666545][  T143] input: HID 0955:7214 Haptics as /devices/virtual/input/input20
[  117.683559][  T143] shield 0003:0955:7214.0005: Registered Thunderstrike controller
[  117.686238][  T143] shield 0003:0955:7214.0005: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0
[  117.690480][ T8736] input: syz1 as /devices/virtual/input/input21
[  117.847200][ T8719] random: crng reseeded on system resumption
[  117.856110][ T6018] shield 0003:0955:7214.0005: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  117.856513][ T5997] usb 5-1: USB disconnect, device number 15
[  117.861812][ T6018] shield 0003:0955:7214.0005: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  117.865477][ T6018] shield 0003:0955:7214.0005: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  117.868777][ T5997] ------------[ cut here ]------------
[  117.868990][ T6018] shield 0003:0955:7214.0005: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  117.870725][ T5997] workqueue: work disable count underflowed
[  117.875556][   T40] audit: type=1400 audit(2000000006.159:579): avc:  denied  { map } for  pid=8757 comm="syz.1.850" path="socket:[27153]" dev="sockfs" ino=27153 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  117.876080][ T5997] WARNING: kernel/workqueue.c:4359 at 0x0, CPU#1: kworker/1:3/5997
[  117.884929][   T40] audit: type=1400 audit(2000000006.159:580): avc:  denied  { read } for  pid=8757 comm="syz.1.850" path="socket:[27153]" dev="sockfs" ino=27153 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  117.885379][ T5997] Modules linked in:
[  117.893621][ T5997] CPU: 1 UID: 0 PID: 5997 Comm: kworker/1:3 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  117.898032][ T5997] Tainted: [L]=SOFTLOCKUP
[  117.899751][ T5997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  117.903678][ T5997] Workqueue: usb_hub_wq hub_event
[  117.905347][ T5997] RIP: 0010:enable_work+0x2ca/0x310
[  117.907052][ T5997] Code: ff e8 3a 0d 3a 00 90 0f 0b 90 e9 b4 fe ff ff e8 2c 0d 3a 00 e8 27 ab f2 09 e9 49 ff ff ff e8 1d 0d 3a 00 48 8d 3d 46 9d 06 0f <67> 48 0f b9 3a e9 33 fe ff ff 48 89 ef e8 f4 e1 a3 00 e9 f7 fd ff
[  117.913335][ T5997] RSP: 0018:ffffc9000296f348 EFLAGS: 00010083
[  117.915765][ T5997] RAX: 0000000000027e67 RBX: 0000000000000000 RCX: ffffc9002eced000
[  117.918823][ T5997] RDX: 0000000000100000 RSI: ffffffff8184d6a3 RDI: ffffffff908b73f0
[  117.921718][ T5997] RBP: ffff88802dc05738 R08: 0000000000000005 R09: 0000000000000000
[  117.924752][ T5997] R10: 0000000000000000 R11: ffff888024daaff0 R12: 1ffff9200052de6a
[  117.927256][ T5997] R13: ffffffff8fc4bf5f R14: ffff88802dc05698 R15: ffff88802dc05730
[  117.929758][ T5997] FS:  0000000000000000(0000) GS:ffff8880d69fa000(0000) knlGS:0000000000000000
[  117.932687][ T5997] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  117.934839][ T5997] CR2: 000000110c3e85b9 CR3: 000000003448a000 CR4: 0000000000352ef0
[  117.937459][ T5997] Call Trace:
[  117.938562][ T5997]  <TASK>
[  117.939580][ T5997]  ? __pfx_enable_work+0x10/0x10
[  117.941222][ T5997]  cancel_delayed_work_sync+0x96/0xf0
[  117.942990][ T5997]  thermal_zone_device_unregister+0x28e/0x4d0
[  117.944995][ T5997]  ? __pfx_shield_remove+0x10/0x10
[  117.946666][ T5997]  power_supply_unregister+0x10a/0x150
[  117.948481][ T5997]  shield_remove+0x75/0x130
[  117.949992][ T5997]  ? __pfx_shield_remove+0x10/0x10
[  117.951652][ T5997]  hid_device_remove+0xd1/0x260
[  117.953298][ T5997]  ? __pfx_hid_device_remove+0x10/0x10
[  117.955405][ T5997]  device_remove+0xcb/0x170
[  117.955848][   T40] audit: type=1400 audit(2000000006.229:581): avc:  denied  { connect } for  pid=8757 comm="syz.1.850" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  117.957347][ T5997]  device_release_driver_internal+0x44b/0x620
[  117.957384][ T5997]  bus_remove_device+0x22f/0x450
[  117.968052][ T5997]  device_del+0x396/0x9f0
[  117.969906][ T5997]  ? __pfx_device_del+0x10/0x10
[  117.971983][ T5997]  ? do_raw_spin_lock+0x12c/0x2b0
[  117.974133][ T5997]  hid_destroy_device+0x19c/0x240
[  117.976282][ T5997]  usbhid_disconnect+0xa0/0xe0
[  117.978166][ T5997]  usb_unbind_interface+0x1dd/0x9e0
[  117.980390][ T5997]  ? kernfs_remove_by_name_ns+0xbe/0x100
[  117.982748][ T5997]  ? __pfx_usb_unbind_interface+0x10/0x10
[  117.985143][ T5997]  device_remove+0x125/0x170
[  117.987104][ T5997]  device_release_driver_internal+0x44b/0x620
[  117.989738][ T5997]  bus_remove_device+0x22f/0x450
[  117.991842][ T5997]  device_del+0x396/0x9f0
[  117.993708][ T5997]  ? __pfx_device_del+0x10/0x10
[  117.995779][ T5997]  ? kobject_put+0x218/0x6f0
[  117.997773][ T5997]  usb_disable_device+0x355/0x820
[  117.999915][ T5997]  usb_disconnect+0x2e1/0x9e0
[  118.001942][ T5997]  hub_event+0x1d84/0x52f0
[  118.003842][ T5997]  ? __lock_acquire+0x436/0x2890
[  118.005911][ T5997]  ? do_raw_spin_unlock+0x172/0x230
[  118.008115][ T5997]  ? __pfx_hub_event+0x10/0x10
[  118.010143][ T5997]  ? assoc_array_subtree_iterate+0x2d0/0x380
[  118.012480][ T5997]  ? finish_task_switch.isra.0+0x202/0xbd0
[  118.014597][ T5997]  ? rcu_is_watching+0x12/0xc0
[  118.016259][ T5997]  process_one_work+0x9ba/0x1b20
[  118.017861][ T5997]  ? __pfx_process_one_work+0x10/0x10
[  118.019664][ T5997]  ? assign_work+0x1a0/0x250
[  118.021179][ T5997]  worker_thread+0x6c8/0xf10
[  118.022760][ T5997]  ? __pfx_worker_thread+0x10/0x10
[  118.024710][ T5997]  kthread+0x3c5/0x780
[  118.026061][ T5997]  ? __pfx_kthread+0x10/0x10
[  118.027556][ T5997]  ? rcu_is_watching+0x12/0xc0
[  118.029143][ T5997]  ? __pfx_kthread+0x10/0x10
[  118.030685][ T5997]  ret_from_fork+0x983/0xb10
[  118.032204][ T5997]  ? __pfx_ret_from_fork+0x10/0x10
[  118.033990][ T5997]  ? __switch_to+0x7af/0x10d0
[  118.035966][ T5997]  ? __pfx_kthread+0x10/0x10
[  118.037625][ T5997]  ret_from_fork_asm+0x1a/0x30
[  118.039193][ T5997]  </TASK>
[  118.040228][ T5997] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  118.042565][ T5997] CPU: 1 UID: 0 PID: 5997 Comm: kworker/1:3 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  118.046122][ T5997] Tainted: [L]=SOFTLOCKUP
[  118.047514][ T5997] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  118.050956][ T5997] Workqueue: usb_hub_wq hub_event
[  118.052624][ T5997] Call Trace:
[  118.053754][ T5997]  <TASK>
[  118.054908][ T5997]  dump_stack_lvl+0x3d/0x1f0
[  118.056628][ T5997]  vpanic+0x640/0x6f0
[  118.058081][ T5997]  panic+0xca/0xd0
[  118.059697][ T5997]  ? __pfx_panic+0x10/0x10
[  118.061518][ T5997]  check_panic_on_warn+0xab/0xb0
[  118.063288][ T5997]  __warn+0x108/0x3c0
[  118.064901][ T5997]  __report_bug+0x2a0/0x520
[  118.066574][ T5997]  ? __pfx___report_bug+0x10/0x10
[  118.068646][ T5997]  ? __wait_for_common+0x1e0/0x4e0
[  118.070439][ T5997]  ? enable_work+0x2c3/0x310
[  118.072362][ T5997]  ? find_held_lock+0x2b/0x80
[  118.074276][ T5997]  report_bug_entry+0xb2/0x220
[  118.076088][ T5997]  ? enable_work+0x2ca/0x310
[  118.077856][ T5997]  handle_bug+0x18a/0x260
[  118.079380][ T5997]  exc_invalid_op+0x17/0x50
[  118.080902][ T5997]  asm_exc_invalid_op+0x1a/0x20
[  118.082487][ T5997] RIP: 0010:enable_work+0x2ca/0x310
[  118.084527][ T5997] Code: ff e8 3a 0d 3a 00 90 0f 0b 90 e9 b4 fe ff ff e8 2c 0d 3a 00 e8 27 ab f2 09 e9 49 ff ff ff e8 1d 0d 3a 00 48 8d 3d 46 9d 06 0f <67> 48 0f b9 3a e9 33 fe ff ff 48 89 ef e8 f4 e1 a3 00 e9 f7 fd ff
[  118.092210][ T5997] RSP: 0018:ffffc9000296f348 EFLAGS: 00010083
[  118.094570][ T5997] RAX: 0000000000027e67 RBX: 0000000000000000 RCX: ffffc9002eced000
[  118.097796][ T5997] RDX: 0000000000100000 RSI: ffffffff8184d6a3 RDI: ffffffff908b73f0
[  118.101175][ T5997] RBP: ffff88802dc05738 R08: 0000000000000005 R09: 0000000000000000
[  118.104518][ T5997] R10: 0000000000000000 R11: ffff888024daaff0 R12: 1ffff9200052de6a
[  118.107905][ T5997] R13: ffffffff8fc4bf5f R14: ffff88802dc05698 R15: ffff88802dc05730
[  118.111286][ T5997]  ? enable_work+0x2c3/0x310
[  118.113215][ T5997]  ? enable_work+0x2c3/0x310
[  118.115186][ T5997]  ? __pfx_enable_work+0x10/0x10
[  118.117296][ T5997]  cancel_delayed_work_sync+0x96/0xf0
[  118.119528][ T5997]  thermal_zone_device_unregister+0x28e/0x4d0
[  118.122128][ T5997]  ? __pfx_shield_remove+0x10/0x10
[  118.124241][ T5997]  power_supply_unregister+0x10a/0x150
[  118.126583][ T5997]  shield_remove+0x75/0x130
[  118.128578][ T5997]  ? __pfx_shield_remove+0x10/0x10
[  118.130692][ T5997]  hid_device_remove+0xd1/0x260
[  118.132712][ T5997]  ? __pfx_hid_device_remove+0x10/0x10
[  118.134995][ T5997]  device_remove+0xcb/0x170
[  118.136880][ T5997]  device_release_driver_internal+0x44b/0x620
[  118.139311][ T5997]  bus_remove_device+0x22f/0x450
[  118.141208][ T5997]  device_del+0x396/0x9f0
[  118.143060][ T5997]  ? __pfx_device_del+0x10/0x10
[  118.145143][ T5997]  ? do_raw_spin_lock+0x12c/0x2b0
[  118.147203][ T5997]  hid_destroy_device+0x19c/0x240
[  118.148964][ T5997]  usbhid_disconnect+0xa0/0xe0
[  118.150491][ T5997]  usb_unbind_interface+0x1dd/0x9e0
[  118.152145][ T5997]  ? kernfs_remove_by_name_ns+0xbe/0x100
[  118.153942][ T5997]  ? __pfx_usb_unbind_interface+0x10/0x10
[  118.155876][ T5997]  device_remove+0x125/0x170
[  118.157428][ T5997]  device_release_driver_internal+0x44b/0x620
[  118.159324][ T5997]  bus_remove_device+0x22f/0x450
[  118.160875][ T5997]  device_del+0x396/0x9f0
[  118.162224][ T5997]  ? __pfx_device_del+0x10/0x10
[  118.163831][ T5997]  ? kobject_put+0x218/0x6f0
[  118.165474][ T5997]  usb_disable_device+0x355/0x820
[  118.167123][ T5997]  usb_disconnect+0x2e1/0x9e0
[  118.168636][ T5997]  hub_event+0x1d84/0x52f0
[  118.170049][ T5997]  ? __lock_acquire+0x436/0x2890
[  118.171574][ T5997]  ? do_raw_spin_unlock+0x172/0x230
[  118.173227][ T5997]  ? __pfx_hub_event+0x10/0x10
[  118.174867][ T5997]  ? assoc_array_subtree_iterate+0x2d0/0x380
[  118.176816][ T5997]  ? finish_task_switch.isra.0+0x202/0xbd0
[  118.178619][ T5997]  ? rcu_is_watching+0x12/0xc0
[  118.180120][ T5997]  process_one_work+0x9ba/0x1b20
[  118.181712][ T5997]  ? __pfx_process_one_work+0x10/0x10
[  118.183408][ T5997]  ? assign_work+0x1a0/0x250
[  118.185225][ T5997]  worker_thread+0x6c8/0xf10
[  118.187195][ T5997]  ? __pfx_worker_thread+0x10/0x10
[  118.189337][ T5997]  kthread+0x3c5/0x780
[  118.191046][ T5997]  ? __pfx_kthread+0x10/0x10
[  118.193053][ T5997]  ? rcu_is_watching+0x12/0xc0
[  118.194914][ T5997]  ? __pfx_kthread+0x10/0x10
[  118.196388][ T5997]  ret_from_fork+0x983/0xb10
[  118.197879][ T5997]  ? __pfx_ret_from_fork+0x10/0x10
[  118.199514][ T5997]  ? __switch_to+0x7af/0x10d0
[  118.201028][ T5997]  ? __pfx_kthread+0x10/0x10
[  118.202478][ T5997]  ret_from_fork_asm+0x1a/0x30
[  118.204004][ T5997]  </TASK>
[  118.205762][ T5997] Kernel Offset: disabled
[  118.207211][ T5997] Rebooting in 86400 seconds..