last executing test programs:

3.114225468s ago: executing program 2 (id=5225):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0xff00, &(0x7f0000000000)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0xac, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x84, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x4c, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_XOR={0x4}, @NFTA_BITWISE_MASK={0x1c, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x15, 0x1, "8a95954c9adeafe763c0e95b3e780ff56c"}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x120}}, 0x0)

3.113834656s ago: executing program 2 (id=5227):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x40040, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4)
setsockopt$inet6_tcp_int(r3, 0x6, 0x1d, &(0x7f0000000080), 0x4)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x5, 0x3, 0xc06a2f6, 0x1, 0x7}, 0x6, 0x0, 0xa, 0x4, 0x6, 0x8, 0x18, 0x9, 0x3, 0x4, {0x0, 0x2, 0x9, 0x800, 0x8704, 0x27000000}}}}]}, 0x78}}, 0x0)
socket$unix(0x1, 0x1, 0x0)
socket$kcm(0x11, 0x3, 0x0)
socket(0x400000000010, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = socket$inet_mptcp(0x2, 0x1, 0x106)
socket$nl_route(0x10, 0x3, 0x0)
socket(0xa, 0x3, 0x3a)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r6, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0xfffffffd)
ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0)
sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000)
sendmsg$NFT_BATCH(r8, &(0x7f0000009b40)={0x0, 0xf5, &(0x7f0000009b00)={&(0x7f00000042c0)={{0x14, 0x10, 0x1, 0x0, 0x3000000, {0x7}}, [@NFT_MSG_NEWRULE={0x90, 0x6, 0xa, 0x403, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x50, 0x4, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x24, 0x3, "7339f2f304fdd672bad09dfb040000001d01000001f9580dabf95ddc91967c20"}, @NFTA_TARGET_REV={0x8}, @NFTA_TARGET_NAME={0xc, 0x1, 'RATEEST\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x20008040)
bpf$MAP_CREATE(0x700000000000000, 0x0, 0x50)
bind$inet(r5, &(0x7f0000000040)={0x2, 0x4e21, @multicast2}, 0x10)

2.874108536s ago: executing program 3 (id=5228):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xffffffffffffff64, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0xffffffffffffffff, 0x803, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x9)
r0 = getpid()
r1 = syz_open_dev$vbi(&(0x7f00000001c0), 0x1, 0x2)
r2 = fcntl$dupfd(r1, 0x0, r1)
write$binfmt_script(r2, &(0x7f0000000100), 0xfffffd9d)
ioctl$VIDIOC_STREAMON(r1, 0x40045612, &(0x7f0000000240)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
openat$vimc2(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
setsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, 0x0, 0x0)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f0000000300), 0x4)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r6, 0x0, 0x0)
syz_io_uring_setup(0x5c2, &(0x7f0000000280)={0x0, 0x0, 0x3080, 0x8003, 0x25f}, &(0x7f0000000240)=<r7=>0x0, &(0x7f0000000200))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
r8 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r8, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r8, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r9=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r8, 0xc02064b9, &(0x7f0000000dc0)={&(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0], 0x4e, r9})
ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0]})
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)

2.153838555s ago: executing program 2 (id=5234):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$sock_int(r0, 0x1, 0x2d, &(0x7f0000000300)=0x4a, 0x4)
write$binfmt_misc(r0, &(0x7f0000000300), 0x6)

1.93322904s ago: executing program 3 (id=5235):
fsopen(&(0x7f0000000040)='f2fs\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000006000000050000000010"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x51, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x28, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18)
r2 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
getpgid(0xffffffffffffffff)

1.932846039s ago: executing program 3 (id=5236):
socket$alg(0x26, 0x5, 0x0)
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x801, 0x0)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x100000, 0x34014c40, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x10}}, 0x50)
r0 = socket$inet6(0xa, 0x1, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f00000004c0)=ANY=[@ANYBLOB="7a0b000000000000000000009500000000000060308273e56d0907df275d3e5a00a25434d4ee74aae8b8ab9b2d34aa0153269ca025fbb0211ee76f9477521e81af361cfe4fdf71eac87a76d48e7f4783f0775af096473e8c972ecd97f20599e2a8ae8a30ffb764e5c1"], &(0x7f0000000480)='syzkaller\x00'}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r2 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r2, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="00006fe9000a14000000090a010400000000000000000000000d20000000090a010400000002000000000a0000090900020073797a320000000034000000140a0e000000000000000000030000070900010073797a30000000000c0006400000000000000002080013400000000318000000120a0103000000000000000000000003"], 0xa8}, 0x1, 0x0, 0x0, 0x44810}, 0x44000)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1313f, r1, 0x4, 0x0, &(0x7f0000000440)=[{0x4, 0x1, 0xc, 0x8}, {0x3, 0x3, 0xe}, {0x4, 0x4, 0x9, 0xa}, {0x3, 0x4, 0x10, 0x1}], 0x10, 0x746}, 0x94)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x88081, 0x0)
ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r3, 0x4010744d, &(0x7f0000000180))
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='iso9660\x00', 0x208000, 0x0)
r5 = syz_io_uring_setup(0x61be, &(0x7f00000003c0)={0x0, 0x408b, 0x3180, 0xf7fffffd, 0x39a}, &(0x7f0000000100), &(0x7f0000000080))
syz_io_uring_setup(0x641a, &(0x7f0000000300)={0x0, 0x235d, 0x10100, 0x0, 0x400002d8, 0x0, r5}, &(0x7f0000000200)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000140)=@IORING_OP_UNLINKAT={0x24, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200, 0x1})
io_uring_enter(r5, 0x627, 0x4c1, 0x43, 0x0, 0x0)
shutdown(r0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
openat$rfkill(0xffffff9c, &(0x7f0000000040), 0x8080, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r8 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r8, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1}, 0xa)

1.93258713s ago: executing program 2 (id=5237):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0600000004000000040000000f"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c3000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1}, 0xc)

1.812571164s ago: executing program 2 (id=5238):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4)
sendmsg$inet6(r0, &(0x7f00000000c0)={&(0x7f00000001c0)={0xa, 0x4e20, 0x80000103, @remote, 0x9}, 0x1c, 0x0}, 0x4040)

1.812295345s ago: executing program 2 (id=5239):
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x82500)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x14, 0x4e, 0x1, 0xffffffff, 0x0, {0xc}}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x4000000)
r1 = syz_usb_connect$cdc_ncm(0x2, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112})
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@newqdisc={0x5c, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9, 0x1}, {0x4}, {0xe, 0xd}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x401}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}, @TCA_INGRESS_BLOCK={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x90}, 0x4000c00)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xb320a000)
preadv(r2, &(0x7f00000000c0)=[{&(0x7f0000000480)=""/155, 0x9b}], 0x1, 0x3, 0x1)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000004c0)={'vlan1\x00', &(0x7f0000000480)=@ethtool_eee={0x17}})
syz_usb_disconnect(r1)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x17, 0x301, 0x70bd24, 0xfffffffc, {0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x200448d3}, 0x0)
syz_usb_connect(0x2, 0x24, &(0x7f0000000200)=ANY=[], 0x0)

1.70344038s ago: executing program 0 (id=5240):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0600000004000000040000000f"], 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x5, 0x8, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0xfffffffc}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000730000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1}, 0xc)

1.64969307s ago: executing program 0 (id=5241):
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000dc0)=ANY=[@ANYBLOB="b7000000a5517f5fbfa30000000000000703000028feffff720af0fff8ffffff71a4f0ff00000000b7060000000000012e400300000000006506020001cd000071187c0000000000c3640000f10000007b0a00fe00000000850000002e00000079af0000000000009500000000000000023bc065b7a379d179fc9e94af69912435f1b6a693172e6191a12bebf9f9804ea033388cd15b65877ad4b200000000000000000beca090f32050e436fe275daf51efd601b6bf01c8e8b1abe4fef3bef7074815ae98743d1ace4c46631256dd19aed0d600c0b6199fe3ff3128e599b0eaebbdbd7359a48f5b0afc3996792043a6787bac46aa7aa400000000000069669622208266f896ba2c9e73c2efeec2dc565fbafb2cb63f5fef9ab79ff8abaa8a08f54a062107e9bb3e980fff675c8d3e91df6648a7a6aebcb63e0867b75690152af27711f0cbb9c06018d21bf3f87b8eb65323b4267a526d53442db8e48dbc5ce47d67d07441a7975d5e41b14fd0154a8246249952a8b61633ce068220defe09d3b1136af6d03e9cf996c13d1bfcdc54567a9ca80dec2e943fe4ae7c617cc071f7add70cfbd48f8f6b50fe6a8297d88efa73e7e601040000b4a685969f28902bdecf66ef39755de79ed2c711477febc96231a53984d00877301d0ec62427a8e38618fdd1ce9aaed569ebc5f2e58d6028e66139a737cc7146a131d47dcebb32ed67021d76e983223c998aec22242ae54e87f438d26982876b58f9134366952f7399a733f07138a736924f3709000000e97f0c117ec439c6b7b965752bbc06eced08d97a32ae4b1ad4d11c5b6f68ee841975233e4cea13f3ef04b2cab9cc256d4539dbafd888c7097c1169e0bebcc81ca3da40bf34b6c9c1da2d6ed8acaf2a8091820ff4cf6be74ddca8bf2eed0e11b2139e8c3ec95436af5269d5792decda7d8b5dcf8640b504ba23c6d0a7f67cdfd27328100ebf9319a56f0f9cee17deecf747f3493f1dc39551f4c9a40b3e93fa80b8234ccbf39a9ef09bd97321f0dc20956f44ba2c5ec2e7569b05cf4690ddc189f174046a8b214acf23f42fb51ed4819e6b4cb5a8bf2b559d0c198fe0315483b8beb9801d06c58b22dd713fe3b7ef18e21081aacfd091b754125a488cea18255f79bebcb3051f622f8a1d9af1908e88a58774a24f35a4ccdbedea6212286c23dd89c2b4b90647f17231472af8dda7f3ab20f093aad3ce875f7458039ee6d0a50deb7bc8eb393f056a5e7725531c5485278e0362338e2e2710fe00465e0d182a322091022cf5b814eeb9b3cab21196581e4d92d0b6fe5525285eea359274f1f21d69233bbe94941f10ba292100000000000000000000000000000000c18e93a0c5231779f2ee201e9fe7e63e84b57b5f05ecd278919bad330ffcb594b8255b3085b352ca9533d6c31c1a30158c30352f8a126a65cb6582e58aa641007418611df53a601c3a8fb8d2286e86abf98136f345446730f68f5d6d1817a9e1b09e5650d2599fbe719a45337d29eb3fef5f7f565457660dec6fe903a1c2ea4f40a8ea1c179892afa219fc69a44163f0d731de418e9fd82a8c4661caea674b19242d1840d047882f640ea248457288c5ffb63e857da03ff5c0475c3cfff41c4806f1dc750eb1c45ec3a2a0b064834010604d6f88a29e8e9bda2bc9c18d1b53a08f25d62ccaa46bc0235c830a7b3fe64bc6031b431bcad6b698a1ba6027870ea9e55fafbbf140c5f82a33ee4ac793b989c12a5827a7957f4d8136cf918b7cbf5bc5fc64c8001992536584586edded6f65bdd371ac84fd5cc60ab79b84e9e85a1c54d5666a5d133e95eff121621dff14b9de7a188b8c5387f9da63c2cce405bc44079e34e2db2b275bfbb54841d647338cad74be91144b780cf381a6860f641446ef73bd11d45f5e4df8f3c6440d8425fd7382225cf8c2cada01bf3cd5cbc6a403173e0c89a491c75efc3c21b7825a521c6011945eef94abc3000000000000000000000000000000d71b794e9b4c145caf050429937eef4364d9e1cbe9150bccd9b2e73757f1f5e8ac50736cd3cbc029ede2869642841371bb4b9c1aaa8826889a909e6716b60e4b568b6761f8ccc7d35b0e66357746b10fc481b47e67f1e14408c1ef3e018a5e647e3f607654f3bf82bcfb42be038a272d82f8362944f608b3810000000019fda0b1b607f1ab34194ed954973f7a5accc0938d3364ab07574d0b32fc30f3ab73d012b63ee905e98ab6989ec2c840cd216eb18fedfb3b204e94e170bae930660368d3799c9b1bf7556ac57164966791626f06ad2e332341965f72141ec140b80efd7720ccdaa890b79bc4523386bd66553121543c9a35b7adcf2f6b257fefef1d6e1da2ee94d3f822bf45aad21e5b5a3788ab584090664065af39b0f43968dcd7c5f8e5a8dc6298691423fbf7e8e012260bc62f9422434a547ef7ca37953d435098d9b71edd1a03e46d0ade465d0c0db0a51f9e29cac05e5a04f94e"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x45}, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000880)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000840)={&(0x7f0000000580)={0x298, 0x38, 0x800, 0x70bd28, 0x25dfdbfc, {0x3}, [@typed={0xc, 0xde, 0x0, 0x0, @u64=0x1d}, @typed={0xb, 0x8e, 0x0, 0x0, @str='mqprio\x00'}, @typed={0x5, 0x76, 0x0, 0x0, @str='\x00'}, @generic="42a387958f03d78489a612bda5f090f1cc42fc37664fd8c87034873f4e0ecface9126fcd668c9fc2b44b9bc32982", @nested={0x28, 0x8a, 0x0, 0x1, [@typed={0x8, 0xac, 0x0, 0x0, @uid}, @typed={0x14, 0x30, 0x0, 0x0, @ipv6=@private2}, @nested={0x4, 0x2a}, @nested={0x4, 0x25}]}, @generic="57289bddf479cdece416b3cb49f8189117b32f63be71f8eef607ed3b3fbcfd20f64f1de5cd0e1e981d80d7924128a8ae1e9ddbef4da2b02ab82c40b5be8afc1f122260f1495c5924ac71bbee18792c281d552927626d8381c8617f3f2719b4355a5a932c3a28c1c3f2f85f49c43bf469f1384d51bde509bc33a4049593634c91066fa94f05c5db5c81e6d684fbacfcee7c9e61d0d10d8eede6575626e8f9e24b60bcaf91c242ab05b8f4e5f0a1640a70cddaa30de245e78de0e723a838581fefd132eb46892af877a318a8cd7fb8b7197e356ad26f645fde4a221f5dd496b2fabbd4345e9899fe8faf754c0b7433f9db466b9fc010549e863e60", @generic="880ba452edd33a619b7080e2c0b3633db58c0b8dc1ce3f9d88c3c3d145305e4800b61a209258e382754f1d7a0df4daee82c09026d920da92463841b9bd447058aabf6ba6dec7522177e221f7380a19cf8798470c5171cd4ae0f1e2e41a0cd7062b1f240da56447651e297c3c62b2e6e974d2f425802a6d7f5548b37ce3f0fef31dc72c538fe1aa08c240609e4bc66d6ac7b0f82700c561db3a27b7116f95449832b06144ffe98529e7bd7a5c949cf8a517258a964d97d4830e333147926387274cf441ea705755b25145364906bb7fde0fe83a2575dfffd843e7e579c3972c82d5ed65ee1233eb2d879b693024f6e3bf948ea7ec", @typed={0x14, 0x12e, 0x0, 0x0, @ipv6=@mcast2}, @typed={0x8, 0xee, 0x0, 0x0, @pid}, @typed={0x4, 0xbb}]}, 0x298}, 0x1, 0x0, 0x0, 0x2000c884}, 0x44010)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TYPE(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x34, 0xd, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x9}, [@IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0xc000)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@delchain={0x30, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0xffe2}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000091}, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0b00000006000000045000000700000001"], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xae}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2000000}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r8}, 0x10)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0x4000}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xb4}}, 0x0)
memfd_create(&(0x7f0000000000)='\xf3e\t\x9f\x918\xc0y\x01c\x1fnux\x00sV\ad\xb0l \xfd\xd7\x8e\x7f\x89\xb8\xc5;~\x04\x03~K\xfbP\x84=\xfa\x81\f\x1et\x10\x0e\xcf^9\xbe\\', 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
r11 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newqdisc={0x19c, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r10, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x16c, 0x2, {{0x1, [], 0x1, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}, [@TCA_MQPRIO_MODE={0x6}, @TCA_MQPRIO_MIN_RATE64={0xac, 0x3, 0x0, 0x1, [{0xc, 0x3, 0x8}, {0xc, 0x3, 0xe49}, {0xc, 0x3, 0x2}, {0xc}, {0xc, 0x3, 0x2}, {0xc, 0x3, 0x7}, {0xc, 0x3, 0x7e}, {0xc, 0x3, 0x1cc}, {0xc, 0x3, 0x6be5}, {0xc, 0x3, 0x9}, {0xc, 0x3, 0x100}, {0xc, 0x3, 0x6}, {0xc, 0x3, 0xf}, {0xc, 0x3, 0xfffffffffffffffe}]}, @TCA_MQPRIO_MODE={0x6, 0x1, 0x1}, @TCA_MQPRIO_MAX_RATE64={0x58, 0x4, 0x0, 0x1, [{0xc}, {0xc, 0x4, 0x401}, {0xc, 0x4, 0x2}, {0xc, 0x4, 0x7fffffffffffffff}, {0xc, 0x4, 0x824}, {0xc, 0x4, 0xfffffffffffffffc}, {0xc, 0x4, 0x4}]}]}}}]}, 0x19c}}, 0x20000000)

1.463009934s ago: executing program 0 (id=5242):
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff}, './file0\x00'})
r1 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=0xffffffffffffffff, 0x4)
r2 = socket(0x28, 0x801, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x8c, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r2}})
r4 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r4, &(0x7f0000000600)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes256\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, 0x0, 0x0)
r5 = accept4(r4, 0x0, 0x0, 0x80000)
recvmsg$can_raw(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000140)=""/103, 0x67}], 0x1}, 0x40010022)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$fou(&(0x7f0000000200), 0xffffffffffffffff)
r8 = socket(0x28, 0x1, 0x0)
r9 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000000100))
sendmsg$FOU_CMD_ADD(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)={0x18, r7, 0x1, 0x70bd28, 0x0, {}, [@FOU_ATTR_REMCSUM_NOPARTIAL={0x4}]}, 0x18}}, 0x0)
sendmsg$FOU_CMD_GET(r5, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)={0x14, r7, 0x400, 0x70bd2d, 0x25dfdbfd}, 0x14}}, 0x20000000)
r10 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@bloom_filter={0x1e, 0xfffffff7, 0x6, 0x4, 0x1000, r0, 0x2, '\x00', 0x0, r1, 0x3, 0x4, 0x5, 0xb}, 0x50)
bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000280)={r10, 0x0, 0x0, 0x4}, 0x20)

1.342947178s ago: executing program 0 (id=5244):
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="043e1d1903c90016cf228bb413c0c126b33112080305081a08cd5de17ff78e2b020001000102001e9d169f7ff558cc5ee6"], 0x20)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0)
setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000080)={0x1, &(0x7f0000000440)=[{0x45, 0x0, 0x1, 0xfffffffc}]})
set_mempolicy(0x4005, &(0x7f0000000180)=0x1004, 0x4)
userfaultfd(0x80800)
r2 = userfaultfd(0x80801)
socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000040)=@assoc_value, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x54})
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
sched_getattr(0x0, &(0x7f0000000140)={0x38}, 0x38, 0x0)
ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})

1.173071963s ago: executing program 1 (id=5245):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000140)=@gettaction={0xb8, 0x32, 0x100, 0x70bd28, 0x25dfdbfd, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x4}, @action_gd=@TCA_ACT_TAB={0x3c, 0x1, [{0x10, 0x1e, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0xc, 0x9, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0x1f, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0x10, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x60, 0x1, [{0xc, 0xd, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6c4}}, {0x10, 0x8, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x10, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'vlan\x00'}}, {0xc, 0xb, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3}}, {0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xe000000}}, {0xc, 0xf, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x1b, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x3af}}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x20000000}, 0x4)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000017c00000400c2800c0001800600060065580000971b0280540211"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) (fail_nth: 10)

1.172630768s ago: executing program 1 (id=5246):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0600000004000000040000000f"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007300000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c3000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1}, 0xc)

1.055208925s ago: executing program 3 (id=5247):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'dummy0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=@newlink={0x44, 0x10, 0xffffffffffffffff, 0x70bd28, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x3350, 0x4b7b5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @vlan={{0x9, 0x304}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VLAN_ID={0x6, 0x1, 0x1}]}}}, @IFLA_LINK={0x8, 0x5, r1}]}, 0x44}, 0x1, 0x0, 0x0, 0x24004804}, 0x8000002)

983.143884ms ago: executing program 1 (id=5248):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a00000004000000040000000a"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa20000000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)

982.88641ms ago: executing program 1 (id=5249):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="0600000004000000040000000f"], 0x50)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0x5, 0x8, 0x2, 0x4, 0x0, 0xffffffffffffffff, 0xfffffffc}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000730000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1}, 0xc)

980.420407ms ago: executing program 3 (id=5250):
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000dc0)=ANY=[@ANYBLOB="b7000000a5517f5fbfa30000000000000703000028feffff720af0fff8ffffff71a4f0ff00000000b7060000000000012e400300000000006506020001cd000071187c0000000000c3640000f10000007b0a00fe00000000850000002e00000079af0000000000009500000000000000023bc065b7a379d179fc9e94af69912435f1b6a693172e6191a12bebf9f9804ea033388cd15b65877ad4b200000000000000000beca090f32050e436fe275daf51efd601b6bf01c8e8b1abe4fef3bef7074815ae98743d1ace4c46631256dd19aed0d600c0b6199fe3ff3128e599b0eaebbdbd7359a48f5b0afc3996792043a6787bac46aa7aa400000000000069669622208266f896ba2c9e73c2efeec2dc565fbafb2cb63f5fef9ab79ff8abaa8a08f54a062107e9bb3e980fff675c8d3e91df6648a7a6aebcb63e0867b75690152af27711f0cbb9c06018d21bf3f87b8eb65323b4267a526d53442db8e48dbc5ce47d67d07441a7975d5e41b14fd0154a8246249952a8b61633ce068220defe09d3b1136af6d03e9cf996c13d1bfcdc54567a9ca80dec2e943fe4ae7c617cc071f7add70cfbd48f8f6b50fe6a8297d88efa73e7e601040000b4a685969f28902bdecf66ef39755de79ed2c711477febc96231a53984d00877301d0ec62427a8e38618fdd1ce9aaed569ebc5f2e58d6028e66139a737cc7146a131d47dcebb32ed67021d76e983223c998aec22242ae54e87f438d26982876b58f9134366952f7399a733f07138a736924f3709000000e97f0c117ec439c6b7b965752bbc06eced08d97a32ae4b1ad4d11c5b6f68ee841975233e4cea13f3ef04b2cab9cc256d4539dbafd888c7097c1169e0bebcc81ca3da40bf34b6c9c1da2d6ed8acaf2a8091820ff4cf6be74ddca8bf2eed0e11b2139e8c3ec95436af5269d5792decda7d8b5dcf8640b504ba23c6d0a7f67cdfd27328100ebf9319a56f0f9cee17deecf747f3493f1dc39551f4c9a40b3e93fa80b8234ccbf39a9ef09bd97321f0dc20956f44ba2c5ec2e7569b05cf4690ddc189f174046a8b214acf23f42fb51ed4819e6b4cb5a8bf2b559d0c198fe0315483b8beb9801d06c58b22dd713fe3b7ef18e21081aacfd091b754125a488cea18255f79bebcb3051f622f8a1d9af1908e88a58774a24f35a4ccdbedea6212286c23dd89c2b4b90647f17231472af8dda7f3ab20f093aad3ce875f7458039ee6d0a50deb7bc8eb393f056a5e7725531c5485278e0362338e2e2710fe00465e0d182a322091022cf5b814eeb9b3cab21196581e4d92d0b6fe5525285eea359274f1f21d69233bbe94941f10ba292100000000000000000000000000000000c18e93a0c5231779f2ee201e9fe7e63e84b57b5f05ecd278919bad330ffcb594b8255b3085b352ca9533d6c31c1a30158c30352f8a126a65cb6582e58aa641007418611df53a601c3a8fb8d2286e86abf98136f345446730f68f5d6d1817a9e1b09e5650d2599fbe719a45337d29eb3fef5f7f565457660dec6fe903a1c2ea4f40a8ea1c179892afa219fc69a44163f0d731de418e9fd82a8c4661caea674b19242d1840d047882f640ea248457288c5ffb63e857da03ff5c0475c3cfff41c4806f1dc750eb1c45ec3a2a0b064834010604d6f88a29e8e9bda2bc9c18d1b53a08f25d62ccaa46bc0235c830a7b3fe64bc6031b431bcad6b698a1ba6027870ea9e55fafbbf140c5f82a33ee4ac793b989c12a5827a7957f4d8136cf918b7cbf5bc5fc64c8001992536584586edded6f65bdd371ac84fd5cc60ab79b84e9e85a1c54d5666a5d133e95eff121621dff14b9de7a188b8c5387f9da63c2cce405bc44079e34e2db2b275bfbb54841d647338cad74be91144b780cf381a6860f641446ef73bd11d45f5e4df8f3c6440d8425fd7382225cf8c2cada01bf3cd5cbc6a403173e0c89a491c75efc3c21b7825a521c6011945eef94abc3000000000000000000000000000000d71b794e9b4c145caf050429937eef4364d9e1cbe9150bccd9b2e73757f1f5e8ac50736cd3cbc029ede2869642841371bb4b9c1aaa8826889a909e6716b60e4b568b6761f8ccc7d35b0e66357746b10fc481b47e67f1e14408c1ef3e018a5e647e3f607654f3bf82bcfb42be038a272d82f8362944f608b3810000000019fda0b1b607f1ab34194ed954973f7a5accc0938d3364ab07574d0b32fc30f3ab73d012b63ee905e98ab6989ec2c840cd216eb18fedfb3b204e94e170bae930660368d3799c9b1bf7556ac57164966791626f06ad2e332341965f72141ec140b80efd7720ccdaa890b79bc4523386bd66553121543c9a35b7adcf2f6b257fefef1d6e1da2ee94d3f822bf45aad21e5b5a3788ab584090664065af39b0f43968dcd7c5f8e5a8dc6298691423fbf7e8e012260bc62f9422434a547ef7ca37953d435098d9b71edd1a03e46d0ade465d0c0db0a51f9e29cac05e5a04f94e"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x45}, 0x48)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r1, &(0x7f0000000880)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000840)={&(0x7f0000000580)={0x298, 0x38, 0x800, 0x70bd28, 0x25dfdbfc, {0x3}, [@typed={0xc, 0xde, 0x0, 0x0, @u64=0x1d}, @typed={0xb, 0x8e, 0x0, 0x0, @str='mqprio\x00'}, @typed={0x5, 0x76, 0x0, 0x0, @str='\x00'}, @generic="42a387958f03d78489a612bda5f090f1cc42fc37664fd8c87034873f4e0ecface9126fcd668c9fc2b44b9bc32982", @nested={0x28, 0x8a, 0x0, 0x1, [@typed={0x8, 0xac, 0x0, 0x0, @uid}, @typed={0x14, 0x30, 0x0, 0x0, @ipv6=@private2}, @nested={0x4, 0x2a}, @nested={0x4, 0x25}]}, @generic="57289bddf479cdece416b3cb49f8189117b32f63be71f8eef607ed3b3fbcfd20f64f1de5cd0e1e981d80d7924128a8ae1e9ddbef4da2b02ab82c40b5be8afc1f122260f1495c5924ac71bbee18792c281d552927626d8381c8617f3f2719b4355a5a932c3a28c1c3f2f85f49c43bf469f1384d51bde509bc33a4049593634c91066fa94f05c5db5c81e6d684fbacfcee7c9e61d0d10d8eede6575626e8f9e24b60bcaf91c242ab05b8f4e5f0a1640a70cddaa30de245e78de0e723a838581fefd132eb46892af877a318a8cd7fb8b7197e356ad26f645fde4a221f5dd496b2fabbd4345e9899fe8faf754c0b7433f9db466b9fc010549e863e60", @generic="880ba452edd33a619b7080e2c0b3633db58c0b8dc1ce3f9d88c3c3d145305e4800b61a209258e382754f1d7a0df4daee82c09026d920da92463841b9bd447058aabf6ba6dec7522177e221f7380a19cf8798470c5171cd4ae0f1e2e41a0cd7062b1f240da56447651e297c3c62b2e6e974d2f425802a6d7f5548b37ce3f0fef31dc72c538fe1aa08c240609e4bc66d6ac7b0f82700c561db3a27b7116f95449832b06144ffe98529e7bd7a5c949cf8a517258a964d97d4830e333147926387274cf441ea705755b25145364906bb7fde0fe83a2575dfffd843e7e579c3972c82d5ed65ee1233eb2d879b693024f6e3bf948ea7ec", @typed={0x14, 0x12e, 0x0, 0x0, @ipv6=@mcast2}, @typed={0x8, 0xee, 0x0, 0x0, @pid}, @typed={0x4, 0xbb}]}, 0x298}, 0x1, 0x0, 0x0, 0x2000c884}, 0x44010)
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_TYPE(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)={0x34, 0xd, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x9}, [@IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0xc000)
getsockname$packet(r2, &(0x7f00000002c0)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700000086d7c0d6c878f064eb", @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000900)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x4000800)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000940)=@delchain={0x30, 0x64, 0xf31, 0xfffffffb, 0x0, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xfff3, 0xffff}, {0x0, 0xffe2}}, [@filter_kind_options=@f_u32={{0x8}, {0x4}}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000091}, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socket$nl_route(0x10, 0x3, 0x0)
r6 = socket$unix(0x1, 0x1, 0x0)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="0b00000006000000045000000700000001"], 0x50)
r8 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xd, &(0x7f0000000280)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xae}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r7}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2000000}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r8}, 0x10)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x40, 0x6, 0xa, 0x401, 0x0, 0x0, {0x5, 0x0, 0x4000}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xb4}}, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r10=>0x0})
r11 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r11, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=@newqdisc={0x19c, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r10, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x16c, 0x2, {{0x1, [], 0x1, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}, [@TCA_MQPRIO_MODE={0x6}, @TCA_MQPRIO_MIN_RATE64={0xac, 0x3, 0x0, 0x1, [{0xc, 0x3, 0x8}, {0xc, 0x3, 0xe49}, {0xc, 0x3, 0x2}, {0xc}, {0xc, 0x3, 0x2}, {0xc, 0x3, 0x7}, {0xc, 0x3, 0x7e}, {0xc, 0x3, 0x1cc}, {0xc, 0x3, 0x6be5}, {0xc, 0x3, 0x9}, {0xc, 0x3, 0x100}, {0xc, 0x3, 0x6}, {0xc, 0x3, 0xf}, {0xc, 0x3, 0xfffffffffffffffe}]}, @TCA_MQPRIO_MODE={0x6, 0x1, 0x1}, @TCA_MQPRIO_MAX_RATE64={0x58, 0x4, 0x0, 0x1, [{0xc}, {0xc, 0x4, 0x401}, {0xc, 0x4, 0x2}, {0xc, 0x4, 0x7fffffffffffffff}, {0xc, 0x4, 0x824}, {0xc, 0x4, 0xfffffffffffffffc}, {0xc, 0x4, 0x4}]}]}}}]}, 0x19c}}, 0x20000000)

909.426069ms ago: executing program 1 (id=5251):
socket$alg(0x26, 0x5, 0x0)
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x801, 0x0)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x100000, 0x34014c40, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x10}}, 0x50)
socket$inet6(0xa, 0x1, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f00000004c0)=ANY=[@ANYBLOB="7a0b000000000000000000009500000000000060308273e56d0907df275d3e5a00a25434d4ee74aae8b8ab9b2d34aa0153269ca025fbb0211ee76f9477521e81af361cfe4fdf71eac87a76d48e7f4783f0775af096473e8c972ecd97f20599e2a8ae8a30ffb764e5c1699a0d75eb32f99f99f3c7900eded5167f76683317883b7bfb75dba7616b63a1ad2d5817b4783f5f9c106000000000"], &(0x7f0000000480)='syzkaller\x00'}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="00006fe9000a14000000090a010400000000000000000000000d20000000090a010400000002000000000a0000090900020073797a320000000034000000140a0e000000000000000000030000070900010073797a30000000000c0006400000000000000002080013400000000318000000120a0103000000000000000000000003"], 0xa8}, 0x1, 0x0, 0x0, 0x44810}, 0x44000)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1313f, r0, 0x0, 0x0, &(0x7f0000000440), 0x10, 0x746}, 0x94)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r2)

792.919624ms ago: executing program 3 (id=5252):
socket$inet_udplite(0x2, 0x2, 0x88)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0xe4b, 0x11e41e7a, 0x20000000, 0x3, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x40}}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x10000000000002)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_usbip_server_init(0x6)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(0xffffffffffffffff, 0x8008330e, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000000800)=@filter={'filter\x00', 0xe, 0x5, 0x142, [0x0, 0x80000080, 0x800001e6, 0x800002c8], 0x0, &(0x7f0000000040), &(0x7f0000000080)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xfffffffffffffffe, 0x1, [{0x3, 0x50, 0x805, 'veth0_to_hsr\x00', 'veth1_vlan\x00', 'ip_vti0\x00', 'pim6reg0\x00', @empty, [0xff, 0x0, 0x0, 0x0, 0x0, 0xff], @dev={'\xaa\xaa\xaa\xaa\xaa', 0x3a}, [0xff, 0xff, 0x80, 0x0, 0xff], 0x6e, 0x6e, 0xb2, [], [], @common=@ERROR={'ERROR\x00', 0x20, {"755d5da2b8f9058f58effc00914f4c85386f28782b8d53fc45bb3a634453"}}}]}, {0x0, '\x00', 0x3, 0xfffffffffffffffc}]}, 0x192)
syz_80211_join_ibss(&(0x7f0000000040)='wlan0\x00', &(0x7f0000000080)=@default_ibss_ssid, 0x6, 0x0)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000100)=0x80000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000140)={@my=0x1})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r2, 0x7a8, &(0x7f00000006c0)={{@my=0x1}, @any, 0x0, 0x1, 0xa0c, 0x1, 0x4, 0x4, 0x4})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

426.710201ms ago: executing program 0 (id=5253):
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5)
r0 = socket(0x1a, 0x4, 0xfffffffd)
bind$inet6(r0, 0x0, 0x0)
getsockname$netrom(r0, 0x0, &(0x7f0000000280))
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0)
setrlimit(0x6, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2)
r2 = socket$tipc(0x1e, 0x5, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
bind$tipc(r3, &(0x7f0000000340)=@name={0x1e, 0x2, 0x0, {{0x43, 0x2}}}, 0x10)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f00000005c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000730000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000040)='contention_begin\x00', r4}, 0x18)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x47e00, 0x19)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a58020000180a01030000000000000000000000070900020073797a3000000000140203807c000380140001006d6163766c616e3100000000000000001400010069703667726574617030000000000000140001007465616d5f736c6176655f30000000001400010076657468315f746f5f626f6e64000000140001006970365f7674693000000000000000001400010073797a6b616c6c65723000000000000068000380140001007369743000000000000000000000000014000100677265746170300000000000000000001400010076657468305f746f5f626174616476001400010070696d36726567310020000000000000140001006970366772653000000000000000000008000140e6d1c293c1cee3a9a60ae2490000000008000240000002001800038014001f0076657468315f766c616e00000000000054000380140001006772653000000000000000000000000014000100626174616476300000000000000000001400010070696d36726567000000000000000000140001006e7230000000000000000000000000000800024000000008680003801400010076657468305f746f5f626f6e64000000140001006261746164765f736c6176655f31000014000100766574574cfb33b841a2f06e6400000014000100636169663000000000000000000000001400010064766d727031000000000000000000004000038014000100636169663000ff0000000000000000f714000100677265300000000000000000000000001400010076657468315f746f5f6261746164760008000740000000000900010073797a3100000000080007400000000208000740000000021400000011000100"], 0x280}, 0x1, 0x0, 0x0, 0x850}, 0x0)

129.458724ms ago: executing program 0 (id=5254):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x88, 0x30, 0x1, 0x0, 0x0, {}, [{0x74, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10)
r4 = socket(0x21, 0x2, 0x10000000000002)
connect$rxrpc(r4, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x8000, @multicast2}}, 0x24)
sendmmsg(r4, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x10, 0x110, 0x1}], 0x10, 0xe000}, 0x5}], 0x1, 0x0)
recvmmsg(r4, &(0x7f0000002940)=[{{0x0, 0x0, 0x0}}], 0xf000, 0x10002, 0x0)

0s ago: executing program 1 (id=5255):
socket$alg(0x26, 0x5, 0x0)
openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x801, 0x0)
write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000040)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x100000, 0x34014c40, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x10}}, 0x50)
r0 = socket$inet6(0xa, 0x1, 0x84)
openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f00000004c0)=ANY=[@ANYBLOB="7a0b000000000000000000009500000000000060308273e56d0907df275d3e5a00a25434d4ee74aae8b8ab9b2d34aa0153269ca025fbb0211ee76f9477521e81af361cfe4fdf71eac87a76d48e7f4783f0775af096473e8c972ecd97f20599e2a8ae8a30ffb764e5c1"], &(0x7f0000000480)='syzkaller\x00'}, 0x94)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
r2 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102)
writev(r2, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=ANY=[@ANYBLOB="00006fe9000a14000000090a010400000000000000000000000d20000000090a010400000002000000000a0000090900020073797a320000000034000000140a0e000000000000000000030000070900010073797a30000000000c0006400000000000000002080013400000000318000000120a0103000000000000000000000003"], 0xa8}, 0x1, 0x0, 0x0, 0x44810}, 0x44000)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1313f, r1, 0x4, 0x0, &(0x7f0000000440)=[{0x4, 0x1, 0xc, 0x8}, {0x3, 0x3, 0xe}, {0x4, 0x4, 0x9, 0xa}, {0x3, 0x4, 0x10, 0x1}], 0x10, 0x746}, 0x94)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r3)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x88081, 0x0)
ioctl$TUNSETOFFLOAD(r4, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r3, 0x4010744d, &(0x7f0000000180))
mount(&(0x7f00000000c0)=@nullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='iso9660\x00', 0x208000, 0x0)
r5 = syz_io_uring_setup(0x61be, &(0x7f00000003c0)={0x0, 0x408b, 0x3180, 0xf7fffffd, 0x39a}, &(0x7f0000000100), &(0x7f0000000080))
syz_io_uring_setup(0x641a, &(0x7f0000000300)={0x0, 0x235d, 0x10100, 0x0, 0x400002d8, 0x0, r5}, &(0x7f0000000200)=<r6=>0x0, &(0x7f00000001c0)=<r7=>0x0)
syz_io_uring_submit(r6, r7, &(0x7f0000000140)=@IORING_OP_UNLINKAT={0x24, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x200, 0x1})
io_uring_enter(r5, 0x627, 0x4c1, 0x43, 0x0, 0x0)
shutdown(r0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
openat$rfkill(0xffffff9c, &(0x7f0000000040), 0x8080, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r8 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r8, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x1}, 0xa)

kernel console output (not intermixed with test programs):

03 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000
[ 1097.865161][   T24] usb 40-1: device descriptor read/8, error -110
[ 1097.865492][   T40] audit: type=1326 audit(1768832149.026:6244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22956 comm="syz.3.4450" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000
[ 1097.877198][   T40] audit: type=1326 audit(1768832149.026:6245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22956 comm="syz.3.4450" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000
[ 1097.885709][   T40] audit: type=1326 audit(1768832149.026:6246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22956 comm="syz.3.4450" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705d579 code=0x7ffc0000
[ 1097.894730][   T40] audit: type=1326 audit(1768832149.026:6247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22956 comm="syz.3.4450" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf705d579 code=0x7ffc0000
[ 1098.284245][   T24] usb usb40-port1: attempt power cycle
[ 1098.585999][T22976] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4454'.
[ 1098.666766][T22973] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1098.845749][   T24] usb usb40-port1: unable to enumerate USB device
[ 1099.406653][T22989] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[ 1099.408739][T22989] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1099.411513][T22989] vhci_hcd vhci_hcd.0: Device attached
[ 1099.417550][T22989] random: crng reseeded on system resumption
[ 1099.446685][   T12] wlan0: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID
[ 1099.466480][   T24] usb usb40-port2: attempt power cycle
[ 1099.625543][T22994] Cannot find add_set index 2 as target
[ 1099.685983][ T5797] usb 42-1: SetAddress Request (24) to port 0
[ 1099.688066][ T5797] usb 42-1: new SuperSpeed USB device number 24 using vhci_hcd
[ 1099.954224][T22996] overlayfs: overlapping lowerdir path
[ 1100.049185][   T24] usb usb40-port2: unable to enumerate USB device
[ 1100.090801][T22990] vhci_hcd: connection reset by peer
[ 1100.096989][T17688] vhci_hcd vhci_hcd.2: stop threads
[ 1100.098666][T17688] vhci_hcd vhci_hcd.2: release socket
[ 1100.106574][T17688] vhci_hcd vhci_hcd.2: disconnect device
[ 1100.666614][ T5946] Bluetooth: hci0: command 0x040f tx timeout
[ 1101.384372][T23010] FAULT_INJECTION: forcing a failure.
[ 1101.384372][T23010] name failslab, interval 1, probability 0, space 0, times 0
[ 1101.387251][ T6328] usb 44-1: device descriptor read/8, error -110
[ 1101.388555][T23010] CPU: 3 UID: 0 PID: 23010 Comm: syz.2.4463 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1101.388572][T23010] Tainted: [L]=SOFTLOCKUP
[ 1101.388576][T23010] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1101.388582][T23010] Call Trace:
[ 1101.388587][T23010]  <TASK>
[ 1101.388591][T23010]  dump_stack_lvl+0x16c/0x1f0
[ 1101.388612][T23010]  should_fail_ex+0x512/0x640
[ 1101.388626][T23010]  ? __kmalloc_noprof+0xca/0x910
[ 1101.388640][T23010]  should_failslab+0xc2/0x120
[ 1101.388656][T23010]  __kmalloc_noprof+0xeb/0x910
[ 1101.388667][T23010]  ? arch_stack_walk+0xa6/0x100
[ 1101.388680][T23010]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[ 1101.388696][T23010]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[ 1101.388708][T23010]  genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[ 1101.388722][T23010]  genl_family_rcv_msg_doit+0xbf/0x2f0
[ 1101.388734][T23010]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1101.388746][T23010]  ? genl_get_cmd+0x194/0x580
[ 1101.388759][T23010]  ? bpf_lsm_capable+0x9/0x10
[ 1101.388773][T23010]  ? security_capable+0x7e/0x260
[ 1101.388787][T23010]  genl_rcv_msg+0x55c/0x800
[ 1101.388799][T23010]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1101.388810][T23010]  ? __pfx_devlink_nl_pre_doit_dev_lock+0x10/0x10
[ 1101.388824][T23010]  ? __pfx_devlink_nl_reload_doit+0x10/0x10
[ 1101.388839][T23010]  ? __pfx_devlink_nl_post_doit_dev_lock+0x10/0x10
[ 1101.388854][T23010]  ? __lock_acquire+0x436/0x2890
[ 1101.388868][T23010]  netlink_rcv_skb+0x158/0x420
[ 1101.388884][T23010]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1101.388901][T23010]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1101.388922][T23010]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1101.388940][T23010]  genl_rcv+0x28/0x40
[ 1101.388949][T23010]  netlink_unicast+0x5aa/0x870
[ 1101.388967][T23010]  ? __pfx_netlink_unicast+0x10/0x10
[ 1101.388988][T23010]  netlink_sendmsg+0x8c8/0xdd0
[ 1101.389006][T23010]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1101.389024][T23010]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[ 1101.389037][T23010]  ____sys_sendmsg+0xa5d/0xc30
[ 1101.389050][T23010]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1101.389060][T23010]  ? get_compat_msghdr+0x11a/0x170
[ 1101.389081][T23010]  ___sys_sendmsg+0x134/0x1d0
[ 1101.389097][T23010]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1101.389117][T23010]  ? find_held_lock+0x2b/0x80
[ 1101.389140][T23010]  __sys_sendmsg+0x16d/0x220
[ 1101.389154][T23010]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1101.389177][T23010]  __do_fast_syscall_32+0xe8/0x680
[ 1101.389190][T23010]  do_fast_syscall_32+0x32/0x80
[ 1101.389201][T23010]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1101.389214][T23010] RIP: 0023:0xf70dd579
[ 1101.389223][T23010] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1101.389233][T23010] RSP: 002b:00000000f54cd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1101.389244][T23010] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100
[ 1101.389251][T23010] RDX: 0000000000000030 RSI: 0000000000000000 RDI: 0000000000000000
[ 1101.389257][T23010] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1101.389263][T23010] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1101.389269][T23010] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1101.389283][T23010]  </TASK>
[ 1101.573871][T23021] overlayfs: overlapping lowerdir path
[ 1101.840193][T23029] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[ 1101.842960][T23029] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1101.846643][T23029] vhci_hcd vhci_hcd.0: Device attached
[ 1101.905061][T23029] random: crng reseeded on system resumption
[ 1101.918363][ T6328] usb usb44-port1: attempt power cycle
[ 1102.127626][ T6230] usb 38-1: SetAddress Request (47) to port 0
[ 1102.129955][ T6230] usb 38-1: new SuperSpeed USB device number 47 using vhci_hcd
[ 1102.474873][T23030] vhci_hcd: connection reset by peer
[ 1102.480546][T17650] vhci_hcd vhci_hcd.0: stop threads
[ 1102.482469][T17650] vhci_hcd vhci_hcd.0: release socket
[ 1102.484498][T17650] vhci_hcd vhci_hcd.0: disconnect device
[ 1102.498755][ T6328] usb usb44-port1: unable to enumerate USB device
[ 1102.719589][T23047] geneve2: entered promiscuous mode
[ 1102.726352][T23047] geneve2: entered allmulticast mode
[ 1102.736299][T17650] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1102.741147][T17650] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1102.743998][T17650] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1102.746957][T17650] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1102.749893][ T5946] Bluetooth: hci0: command 0x040f tx timeout
[ 1103.701947][T23059] overlayfs: overlapping lowerdir path
[ 1103.769028][  T955] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[ 1103.848534][T23068] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4478'.
[ 1103.909471][T23061] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1103.918781][  T955] usb 5-1: Using ep0 maxpacket: 32
[ 1103.923259][  T955] usb 5-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[ 1103.933671][  T955] usb 5-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[ 1103.937442][  T955] usb 5-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1103.942135][  T955] usb 5-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[ 1103.956197][  T955] usb 5-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[ 1103.964237][  T955] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1103.966817][  T955] usb 5-1: Product: syz
[ 1103.968225][  T955] usb 5-1: Manufacturer: syz
[ 1103.971287][  T955] usb 5-1: SerialNumber: syz
[ 1103.977009][    C3] imon 5-1:155.0: imon usb_rx_callback_intf0: status(-71)
[ 1103.985371][  T955] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/input/input27
[ 1104.199198][  T955] imon 5-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[ 1104.202463][  T955]  (id 0x00)
[ 1104.289209][  T955] rc_core: IR keymap rc-imon-pad not found
[ 1104.291077][  T955] Registered IR keymap rc-empty
[ 1104.292678][  T955] imon 5-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[ 1104.296113][  T955] imon 5-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[ 1104.328954][T23078] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[ 1104.331372][T23078] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1104.335528][T23078] vhci_hcd vhci_hcd.0: Device attached
[ 1104.399543][  T955] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/rc/rc0
[ 1104.403664][  T955] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:155.0/rc/rc0/input28
[ 1104.409261][  T955] imon 5-1:155.0: iMON device (15c2:ffdc, intf0) on usb<5:28> initialized
[ 1104.569426][  T955] usb 43-1: new low-speed USB device number 24 using vhci_hcd
[ 1104.700030][T23083] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1104.703875][T23083] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1104.749492][ T5797] usb 42-1: device descriptor read/8, error -110
[ 1104.888556][T23079] vhci_hcd: connection reset by peer
[ 1104.891541][   T12] vhci_hcd vhci_hcd.3: stop threads
[ 1104.893708][   T12] vhci_hcd vhci_hcd.3: release socket
[ 1104.895987][   T12] vhci_hcd vhci_hcd.3: disconnect device
[ 1105.160959][ T5797] usb usb42-port1: attempt power cycle
[ 1105.166760][T23088] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[ 1105.168863][T23088] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1105.171774][T23088] vhci_hcd vhci_hcd.0: Device attached
[ 1105.289766][ T5797] usb 42-1: SetAddress Request (26) to port 0
[ 1105.291829][ T5797] usb 42-1: new SuperSpeed USB device number 26 using vhci_hcd
[ 1105.801088][T23089] vhci_hcd: connection reset by peer
[ 1105.803948][   T12] vhci_hcd vhci_hcd.2: stop threads
[ 1105.805811][   T12] vhci_hcd vhci_hcd.2: release socket
[ 1105.807616][   T12] vhci_hcd vhci_hcd.2: disconnect device
[ 1105.950413][ T5946] Bluetooth: hci0: command 0x040f tx timeout
[ 1106.521576][   T59] usb 5-1: USB disconnect, device number 28
[ 1106.629256][T23117] siw: device registration error -23
[ 1106.707185][T23117] 9pnet_virtio: no channels available for device syz
[ 1106.720942][   T10] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[ 1106.870783][   T10] usb 6-1: Using ep0 maxpacket: 32
[ 1106.875618][   T10] usb 6-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[ 1106.885917][   T10] usb 6-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[ 1106.889632][   T10] usb 6-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1106.898139][   T10] usb 6-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[ 1106.906342][   T10] usb 6-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[ 1106.909455][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1106.912231][   T10] usb 6-1: Product: syz
[ 1106.913806][   T10] usb 6-1: Manufacturer: syz
[ 1106.915324][   T10] usb 6-1: SerialNumber: syz
[ 1106.923024][    C0] imon 6-1:155.0: imon usb_rx_callback_intf0: status(-71)
[ 1106.929349][   T10] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:155.0/input/input29
[ 1107.150963][   T10] imon 6-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[ 1107.153863][   T10]  (id 0x00)
[ 1107.203549][   T10] rc_core: IR keymap rc-imon-pad not found
[ 1107.205754][   T10] Registered IR keymap rc-empty
[ 1107.207801][   T10] imon 6-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[ 1107.211208][   T10] imon 6-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[ 1107.231846][ T6230] usb 38-1: device descriptor read/8, error -110
[ 1107.394752][   T10] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:155.0/rc/rc0
[ 1107.400631][   T10] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:155.0/rc/rc0/input30
[ 1107.409664][   T10] imon 6-1:155.0: iMON device (15c2:ffdc, intf0) on usb<6:40> initialized
[ 1107.622268][ T6230] usb usb38-port1: attempt power cycle
[ 1107.933548][T23144] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1107.937132][T23144] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1108.031848][ T5946] Bluetooth: hci0: command 0x040f tx timeout
[ 1108.081627][T23153] fuse: Bad value for 'rootmode'
[ 1108.111277][T23154] xt_CT: You must specify a L4 protocol and not use inversions on it
[ 1108.160364][T23158] syzkaller1: entered promiscuous mode
[ 1108.166444][T23158] syzkaller1: entered allmulticast mode
[ 1108.172581][T23158] netlink: 1752 bytes leftover after parsing attributes in process `syz.2.4506'.
[ 1108.182536][ T6230] usb usb38-port1: unable to enumerate USB device
[ 1108.978168][T23175] input: syz1 as /devices/virtual/input/input31
[ 1109.449679][ T6230] usb 6-1: USB disconnect, device number 40
[ 1109.793445][  T955] vhci_hcd vhci_hcd.3: vhci_device speed not set
[ 1110.353196][ T5797] usb 42-1: device descriptor read/8, error -110
[ 1110.923819][ T5797] usb usb42-port1: unable to enumerate USB device
[ 1111.140855][T23245] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4533'.
[ 1111.284877][T23238] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1111.508773][ T5797] usb usb42-port2: attempt power cycle
[ 1111.922448][T23266] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[ 1111.925169][T23266] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1111.963062][T23266] vhci_hcd vhci_hcd.0: Device attached
[ 1112.085846][ T5797] usb usb42-port2: unable to enumerate USB device
[ 1112.170779][T23272] vhci_hcd: connection closed
[ 1112.171436][   T12] vhci_hcd vhci_hcd.2: stop threads
[ 1112.175176][   T12] vhci_hcd vhci_hcd.2: release socket
[ 1112.177690][   T12] vhci_hcd vhci_hcd.2: disconnect device
[ 1112.224440][   T10] usb 41-1: new low-speed USB device number 33 using vhci_hcd
[ 1112.227663][   T10] usb 41-1: enqueue for inactive port 0
[ 1112.304657][   T10] vhci_hcd vhci_hcd.2: vhci_device speed not set
[ 1112.420418][T23286] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4546'.
[ 1112.483503][T23275] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1113.106611][T23303] overlayfs: missing 'lowerdir'
[ 1113.151562][T23304] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4553'.
[ 1113.315225][T23298] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1113.389315][T23310] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[ 1113.391431][T23310] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1113.394231][T23310] vhci_hcd vhci_hcd.0: Device attached
[ 1113.645559][   T24] usb 41-1: new low-speed USB device number 34 using vhci_hcd
[ 1113.676193][T23325] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[ 1113.678239][T23325] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1113.681217][T23325] vhci_hcd vhci_hcd.0: Device attached
[ 1113.872498][T23333] overlayfs: missing 'lowerdir'
[ 1113.955654][ T6328] usb 40-1: SetAddress Request (114) to port 0
[ 1113.958157][ T6328] usb 40-1: new SuperSpeed USB device number 114 using vhci_hcd
[ 1114.055692][  T955] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[ 1114.097537][T23312] vhci_hcd: connection reset by peer
[ 1114.099468][T17688] vhci_hcd vhci_hcd.2: stop threads
[ 1114.101222][T17688] vhci_hcd vhci_hcd.2: release socket
[ 1114.103015][T17688] vhci_hcd vhci_hcd.2: disconnect device
[ 1114.205866][  T955] usb 6-1: Using ep0 maxpacket: 8
[ 1114.209813][  T955] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1114.213144][  T955] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[ 1114.216197][  T955] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1114.220411][  T955] usb 6-1: config 0 descriptor??
[ 1114.252192][T23341] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[ 1114.254253][T23341] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1114.257049][T23341] vhci_hcd vhci_hcd.0: Device attached
[ 1114.461397][  T955] iowarrior 6-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[ 1114.526130][ T6230] usb 38-1: SetAddress Request (51) to port 0
[ 1114.529198][ T6230] usb 38-1: new SuperSpeed USB device number 51 using vhci_hcd
[ 1114.970572][T23342] vhci_hcd: connection reset by peer
[ 1114.973095][T17675] vhci_hcd vhci_hcd.0: stop threads
[ 1114.975320][T17675] vhci_hcd vhci_hcd.0: release socket
[ 1114.978147][T17675] vhci_hcd vhci_hcd.0: disconnect device
[ 1115.161377][ T5946] Bluetooth: hci0: command 0x040f tx timeout
[ 1116.372562][T23391] overlayfs: missing 'lowerdir'
[ 1116.490822][ T6176] usb 6-1: USB disconnect, device number 41
[ 1116.502922][T23326] vhci_hcd: connection reset by peer
[ 1116.509396][T17675] vhci_hcd vhci_hcd.1: stop threads
[ 1116.511547][T17675] vhci_hcd vhci_hcd.1: release socket
[ 1116.514839][T17675] vhci_hcd vhci_hcd.1: disconnect device
[ 1117.160740][T23414] overlayfs: missing 'lowerdir'
[ 1117.237835][ T5939] Bluetooth: hci0: command 0x040f tx timeout
[ 1117.457460][T23424] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4597'.
[ 1117.596863][T23427] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[ 1117.599599][T23427] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1117.623593][T23427] vhci_hcd vhci_hcd.0: Device attached
[ 1117.625701][T23419] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1117.962579][T23440] geneve2: left promiscuous mode
[ 1117.964526][T23440] geneve2: left allmulticast mode
[ 1117.970652][T17650] netdevsim netdevsim2 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1117.973430][T17650] netdevsim netdevsim2 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1117.976852][T17650] netdevsim netdevsim2 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1117.980336][T17650] netdevsim netdevsim2 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1118.475148][T23428] vhci_hcd: connection closed
[ 1118.475471][T17650] vhci_hcd vhci_hcd.0: stop threads
[ 1118.478821][T17650] vhci_hcd vhci_hcd.0: release socket
[ 1118.480788][T17650] vhci_hcd vhci_hcd.0: disconnect device
[ 1118.761226][   T24] vhci_hcd vhci_hcd.2: vhci_device speed not set
[ 1118.998962][ T6328] usb 40-1: device descriptor read/8, error -110
[ 1119.450533][ T6328] usb usb40-port1: attempt power cycle
[ 1119.479323][ T5939] Bluetooth: hci0: command 0x040f tx timeout
[ 1119.490401][ T5939] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1119.495460][ T5939] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1119.499791][ T5939] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1119.503690][ T5939] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1119.506307][ T5939] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1119.536964][T23469] lo speed is unknown, defaulting to 1000
[ 1119.573508][ T6230] usb 38-1: device descriptor read/8, error -110
[ 1119.576987][T19670] syz_tun (unregistering): left allmulticast mode
[ 1119.598068][T23471] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[ 1119.600074][T23471] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1119.608121][T23471] vhci_hcd vhci_hcd.0: Device attached
[ 1119.697497][T23469] chnl_net:caif_netlink_parms(): no params data found
[ 1119.788611][T23469] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1119.791932][T23469] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1119.831007][T23469] bridge_slave_0: entered allmulticast mode
[ 1119.834853][T23469] bridge_slave_0: entered promiscuous mode
[ 1119.838423][T23469] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1119.841403][T23469] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1119.845855][T23469] bridge_slave_1: entered allmulticast mode
[ 1119.850548][T23469] bridge_slave_1: entered promiscuous mode
[ 1119.922028][T23469] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1119.926665][T23469] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1119.942462][T23469] team0: Port device team_slave_0 added
[ 1119.945638][T23469] team0: Port device team_slave_1 added
[ 1119.958851][T23469] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1119.961413][T23469] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1119.970797][T23469] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1119.976087][T23469] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1119.978881][T23469] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1119.988311][T23469] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1120.011533][T23469] hsr_slave_0: entered promiscuous mode
[ 1120.013884][T23469] hsr_slave_1: entered promiscuous mode
[ 1120.016879][T23469] debugfs: 'hsr0' already exists in 'hsr'
[ 1120.018893][T23469] Cannot create hsr debugfs directory
[ 1120.020905][ T6230] usb usb38-port1: attempt power cycle
[ 1120.040142][ T6328] usb usb40-port1: unable to enumerate USB device
[ 1120.054625][T23473] vhci_hcd: connection closed
[ 1120.055525][T17692] vhci_hcd vhci_hcd.1: stop threads
[ 1120.062052][T17692] vhci_hcd vhci_hcd.1: release socket
[ 1120.064157][T17692] vhci_hcd vhci_hcd.1: disconnect device
[ 1120.089709][   T10] vhci_hcd vhci_hcd.0: vhci_device speed not set
[ 1120.109749][ T5797] vhci_hcd vhci_hcd.1: vhci_device speed not set
[ 1120.511213][T23487] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[ 1120.513309][T23487] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1120.516687][T23487] vhci_hcd vhci_hcd.0: Device attached
[ 1120.518927][T23469] netdevsim netdevsim3 netdevsim0: renamed from eth0
[ 1120.524049][T23469] netdevsim netdevsim3 netdevsim1: renamed from eth1
[ 1120.529247][T23469] netdevsim netdevsim3 netdevsim2: renamed from eth2
[ 1120.541868][T23469] netdevsim netdevsim3 netdevsim3: renamed from eth3
[ 1120.569850][T23469] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1120.573083][T23469] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1120.577924][T23469] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1120.580875][T23469] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1120.601341][T17675] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1120.605681][T17675] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1120.643509][T23469] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1120.670834][T23469] 8021q: adding VLAN 0 to HW filter on device team0
[ 1120.697110][ T1414] ieee802154 phy0 wpan0: encryption failed: -22
[ 1120.699618][ T1414] ieee802154 phy1 wpan1: encryption failed: -22
[ 1120.706894][T17650] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1120.709571][T17650] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1120.737849][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1120.740794][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1120.979310][T23469] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1121.000587][ T6230] usb 38-1: SetAddress Request (53) to port 0
[ 1121.002922][ T6230] usb 38-1: new SuperSpeed USB device number 53 using vhci_hcd
[ 1121.013189][T23469] veth0_vlan: entered promiscuous mode
[ 1121.023121][T23469] veth1_vlan: entered promiscuous mode
[ 1121.049932][T23469] veth0_macvtap: entered promiscuous mode
[ 1121.057407][T23469] veth1_macvtap: entered promiscuous mode
[ 1121.068591][T23469] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1121.075615][T23469] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1121.083587][T17688] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1121.087034][T17688] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1121.092398][T17688] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1121.096029][T17688] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1121.162244][T17692] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1121.165658][T17692] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1121.170912][T23488] vhci_hcd: connection reset by peer
[ 1121.186059][T17650] vhci_hcd vhci_hcd.0: stop threads
[ 1121.186967][T17688] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1121.187859][T17650] vhci_hcd vhci_hcd.0: release socket
[ 1121.192468][T17688] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1121.193334][T17650] vhci_hcd vhci_hcd.0: disconnect device
[ 1121.431095][ T6328] usb usb40-port2: attempt power cycle
[ 1121.560739][ T5939] Bluetooth: hci0: command 0x040f tx timeout
[ 1121.570885][ T5939] Bluetooth: hci1: command tx timeout
[ 1122.001473][ T6328] usb usb40-port2: unable to enumerate USB device
[ 1122.457039][T23549] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4629'.
[ 1122.512249][T23540] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1122.520192][T23540] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1122.522898][T23540] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1122.548485][T23540] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1122.831462][ T6247] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[ 1122.991791][ T6247] usb 7-1: Using ep0 maxpacket: 32
[ 1122.996583][ T6247] usb 7-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config
[ 1123.158551][ T6247] usb 7-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82
[ 1123.162644][ T6247] usb 7-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[ 1123.166107][ T6247] usb 7-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11
[ 1123.174314][ T6247] usb 7-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30
[ 1123.177328][ T6247] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1123.179880][ T6247] usb 7-1: Product: syz
[ 1123.181218][ T6247] usb 7-1: Manufacturer: syz
[ 1123.182886][ T6247] usb 7-1: SerialNumber: syz
[ 1123.187549][    C3] imon 7-1:155.0: imon usb_rx_callback_intf0: status(-71)
[ 1123.192280][ T6247] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/input/input32
[ 1123.405878][T23563] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4635'.
[ 1123.451920][ T6247] imon 7-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR
[ 1123.529147][T23556] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1123.532404][T23556] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1123.640759][T23548] sch_fq: defrate 0 ignored.
[ 1123.738388][ T6247]  (id 0x00)
[ 1123.781902][T23568] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1123.785156][T23568] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1123.794294][ T6247] rc_core: IR keymap rc-imon-pad not found
[ 1123.796893][ T6247] Registered IR keymap rc-empty
[ 1123.799126][ T6247] imon 7-1:155.0: Looks like you're trying to use an IR protocol this device does not support
[ 1123.805816][ T6247] imon 7-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol
[ 1123.832930][ T6247] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc0
[ 1123.836912][ T6247] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:155.0/rc/rc0/input33
[ 1123.842008][ T6247] imon 7-1:155.0: iMON device (15c2:ffdc, intf0) on usb<7:30> initialized
[ 1123.845997][T23568] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4641'.
[ 1124.299316][T23582] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4651'.
[ 1124.389522][T23580] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1124.392016][T23580] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1124.431211][T23584] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1124.442713][T23584] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1125.058661][T23593] overlayfs: missing 'lowerdir'
[ 1125.810216][T23618] overlayfs: missing 'workdir'
[ 1125.932418][ T6328] usb 7-1: USB disconnect, device number 30
[ 1126.090172][ T6230] usb 38-1: device descriptor read/8, error -110
[ 1126.225777][T23632] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[ 1126.228622][T23632] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1126.233971][T23632] vhci_hcd vhci_hcd.0: Device attached
[ 1126.304905][ T5939] Bluetooth: hci0: command 0x040f tx timeout
[ 1126.444086][ T5939] Bluetooth: hci1: command 0x040f tx timeout
[ 1126.474294][T15612] usb 39-1: new low-speed USB device number 25 using vhci_hcd
[ 1126.775038][ T6230] usb usb38-port1: unable to enumerate USB device
[ 1126.807153][T23646] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4667'.
[ 1126.862745][T23642] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1126.865429][T23642] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1127.643932][T23660] overlayfs: missing 'workdir'
[ 1127.913624][T23633] vhci_hcd: connection reset by peer
[ 1127.916010][   T12] vhci_hcd vhci_hcd.1: stop threads
[ 1127.919458][   T12] vhci_hcd vhci_hcd.1: release socket
[ 1127.922442][   T12] vhci_hcd vhci_hcd.1: disconnect device
[ 1128.078969][T23683] overlayfs: missing 'workdir'
[ 1128.284631][T23690] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4679'.
[ 1128.332812][T23688] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4682'.
[ 1128.334933][T23684] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1128.339042][T23684] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1128.444022][T23687] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1128.448238][T23687] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1129.186987][T23712] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4693'.
[ 1129.309604][T23723] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[ 1129.311739][T23723] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1129.314477][T23723] vhci_hcd vhci_hcd.0: Device attached
[ 1129.446938][T23711] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1129.576430][   T10] usb 37-1: new low-speed USB device number 34 using vhci_hcd
[ 1129.669532][T23711] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1129.724687][T23733] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4697'.
[ 1130.410370][T23724] vhci_hcd: connection closed
[ 1130.412244][ T9961] vhci_hcd vhci_hcd.0: stop threads
[ 1130.415678][ T9961] vhci_hcd vhci_hcd.0: release socket
[ 1130.432839][ T9961] vhci_hcd vhci_hcd.0: disconnect device
[ 1130.459948][   T10] usb 37-1: enqueue for inactive port 0
[ 1130.637533][T23750] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4703'.
[ 1130.671408][T23748] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1130.674587][T23748] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1130.683434][   T10] vhci_hcd vhci_hcd.0: vhci_device speed not set
[ 1131.858691][T23762] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1131.868981][T23764] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4705'.
[ 1131.880345][T23762] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1131.922424][T15612] vhci_hcd vhci_hcd.1: vhci_device speed not set
[ 1132.921942][T23778] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[ 1132.923950][T23778] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1132.926432][T23778] vhci_hcd vhci_hcd.0: Device attached
[ 1133.162785][ T6230] usb 43-1: new low-speed USB device number 25 using vhci_hcd
[ 1133.195388][T23782] vhci_hcd: connection reset by peer
[ 1133.207748][   T12] vhci_hcd vhci_hcd.3: stop threads
[ 1133.209661][   T12] vhci_hcd vhci_hcd.3: release socket
[ 1133.211511][   T12] vhci_hcd vhci_hcd.3: disconnect device
[ 1133.764490][T23793] overlayfs: missing 'lowerdir'
[ 1133.818735][ T5946] Bluetooth: hci0: command 0x040f tx timeout
[ 1133.889034][ T5946] Bluetooth: hci1: command 0x040f tx timeout
[ 1134.234603][T23806] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4717'.
[ 1134.261773][T23796] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1134.265099][T23796] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1134.299651][T23810] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[ 1134.301957][T23810] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1134.327953][T23810] vhci_hcd vhci_hcd.0: Device attached
[ 1135.067281][T23824] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[ 1135.069992][T23824] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1135.073424][T23824] vhci_hcd vhci_hcd.0: Device attached
[ 1135.105009][T23811] vhci_hcd: connection closed
[ 1135.144211][ T9964] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1135.148564][ T9964] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1135.152152][T17694] vhci_hcd vhci_hcd.3: stop threads
[ 1135.153853][T17694] vhci_hcd vhci_hcd.3: release socket
[ 1135.155913][T17694] vhci_hcd vhci_hcd.3: disconnect device
[ 1135.252506][T23825] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1135.254657][T23825] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1135.275299][T23825] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4724'.
[ 1135.410973][ T6328] usb 40-1: SetAddress Request (122) to port 0
[ 1135.413295][ T6328] usb 40-1: new SuperSpeed USB device number 122 using vhci_hcd
[ 1135.727057][T23826] vhci_hcd: connection reset by peer
[ 1135.731215][ T9964] vhci_hcd vhci_hcd.1: stop threads
[ 1135.733821][ T9964] vhci_hcd vhci_hcd.1: release socket
[ 1135.735497][ T9964] vhci_hcd vhci_hcd.1: disconnect device
[ 1136.597516][T23858] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[ 1136.600241][T23858] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1136.610518][T23858] vhci_hcd vhci_hcd.0: Device attached
[ 1136.651362][T23861] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4734'.
[ 1136.685373][T23855] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1136.688183][T23855] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1136.990343][T23865] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[ 1136.992426][T23865] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1136.995285][T23865] vhci_hcd vhci_hcd.0: Device attached
[ 1137.240919][  T955] usb 37-1: new low-speed USB device number 35 using vhci_hcd
[ 1137.601419][T23876] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[ 1137.603432][T23876] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1137.618837][T23876] vhci_hcd vhci_hcd.0: Device attached
[ 1137.721138][T23859] vhci_hcd: connection closed
[ 1137.732133][T17692] vhci_hcd vhci_hcd.1: stop threads
[ 1137.736555][T17692] vhci_hcd vhci_hcd.1: release socket
[ 1137.739800][T17692] vhci_hcd vhci_hcd.1: disconnect device
[ 1137.956938][T23866] vhci_hcd: connection reset by peer
[ 1137.961311][T17692] vhci_hcd vhci_hcd.0: stop threads
[ 1137.963158][T17692] vhci_hcd vhci_hcd.0: release socket
[ 1137.966256][T17692] vhci_hcd vhci_hcd.0: disconnect device
[ 1138.224828][T23877] vhci_hcd: connection reset by peer
[ 1138.228843][T17694] vhci_hcd vhci_hcd.3: stop threads
[ 1138.230586][T17694] vhci_hcd vhci_hcd.3: release socket
[ 1138.233733][T17694] vhci_hcd vhci_hcd.3: disconnect device
[ 1138.301777][ T6230] vhci_hcd vhci_hcd.3: vhci_device speed not set
[ 1138.567364][T23894] overlayfs: missing 'lowerdir'
[ 1138.691942][ T5939] Bluetooth: hci0: command 0x040f tx timeout
[ 1138.691973][T12263] Bluetooth: hci1: command 0x040f tx timeout
[ 1138.880518][T23911] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4748'.
[ 1138.966525][T23908] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1138.969107][T23908] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1139.101069][T23916] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4751'.
[ 1139.205182][T23908] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1139.227247][T23908] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1139.604253][T17692] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1139.612749][T17692] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1139.616958][T17692] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1139.619850][T17692] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1139.625829][T23903] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1139.632579][T23903] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1140.453096][ T6328] usb 40-1: device descriptor read/8, error -110
[ 1140.854013][ T6328] usb usb40-port1: attempt power cycle
[ 1140.923545][ T6247] vhci_hcd vhci_hcd.1: vhci_device speed not set
[ 1141.653735][T12263] Bluetooth: hci1: command 0x040f tx timeout
[ 1141.653761][ T5939] Bluetooth: hci0: command 0x040f tx timeout
[ 1141.661407][T23914] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1141.668065][T23914] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1141.747621][T23935] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4755'.
[ 1141.751175][T23935] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4755'.
[ 1141.761725][T23935] bridge2: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms)
[ 1142.143625][T23958] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[ 1142.146343][T23958] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1142.157396][T23958] vhci_hcd vhci_hcd.0: Device attached
[ 1142.167003][T23954] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4764'.
[ 1142.195077][ T6328] usb usb40-port1: unable to enumerate USB device
[ 1142.210455][T23950] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1142.213277][T23950] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1142.364414][  T955] vhci_hcd vhci_hcd.0: vhci_device speed not set
[ 1142.450196][T23962] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[ 1142.452424][T23962] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1142.455266][T23962] vhci_hcd vhci_hcd.0: Device attached
[ 1142.456548][T23968] random: crng reseeded on system resumption
[ 1142.891868][T17656] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1142.894729][T17656] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1142.952407][T23959] vhci_hcd: connection closed
[ 1142.955149][T17656] vhci_hcd vhci_hcd.1: stop threads
[ 1142.990570][T17656] vhci_hcd vhci_hcd.1: release socket
[ 1142.992616][T17656] vhci_hcd vhci_hcd.1: disconnect device
[ 1143.224988][ T6247] usb 38-1: SetAddress Request (55) to port 0
[ 1143.227682][ T6247] usb 38-1: new SuperSpeed USB device number 55 using vhci_hcd
[ 1143.450832][   T24] vhci_hcd vhci_hcd.1: vhci_device speed not set
[ 1143.954507][T23966] vhci_hcd: connection reset by peer
[ 1143.963723][T17692] vhci_hcd vhci_hcd.0: stop threads
[ 1143.965489][T17692] vhci_hcd vhci_hcd.0: release socket
[ 1143.970638][T17692] vhci_hcd vhci_hcd.0: disconnect device
[ 1144.135362][ T5939] Bluetooth: hci0: command 0x040f tx timeout
[ 1144.215332][ T5939] Bluetooth: hci1: command 0x040f tx timeout
[ 1144.456052][ T6328] usb usb40-port2: attempt power cycle
[ 1144.533241][T23982] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4769'.
[ 1144.568426][T23979] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1144.570859][T23979] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1145.217599][T24000] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1145.220003][T24000] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1145.326312][ T6328] usb usb40-port2: unable to enumerate USB device
[ 1146.423298][T24009] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1146.496669][T24009] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1146.599500][T24024] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4780'.
[ 1147.307563][T24020] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1147.311089][T24020] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1148.298160][ T6247] usb 38-1: device descriptor read/8, error -110
[ 1148.485217][T24053] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[ 1148.487330][T24053] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1148.495524][T24053] vhci_hcd vhci_hcd.0: Device attached
[ 1148.666337][T24052] kvm: requested 180190 ns i8254 timer period limited to 200000 ns
[ 1148.671622][T24052] kvm: requested 153371 ns i8254 timer period limited to 200000 ns
[ 1148.675857][T24052] kvm: requested 171809 ns i8254 timer period limited to 200000 ns
[ 1148.682886][T24052] kvm: requested 52800 ns i8254 timer period limited to 200000 ns
[ 1148.688315][T24052] kvm: requested 166781 ns i8254 timer period limited to 200000 ns
[ 1148.693421][T24052] kvm: requested 188571 ns i8254 timer period limited to 200000 ns
[ 1148.698078][T24052] kvm: requested 25980 ns i8254 timer period limited to 200000 ns
[ 1148.698809][ T6247] usb usb38-port1: attempt power cycle
[ 1148.702802][T24052] kvm: requested 153371 ns i8254 timer period limited to 200000 ns
[ 1148.716096][T24052] kvm: requested 10895 ns i8254 timer period limited to 200000 ns
[ 1148.768625][ T6230] usb 41-1: new low-speed USB device number 35 using vhci_hcd
[ 1148.814635][T24054] vhci_hcd: connection reset by peer
[ 1148.819947][ T9964] vhci_hcd vhci_hcd.2: stop threads
[ 1148.821723][ T9964] vhci_hcd vhci_hcd.2: release socket
[ 1148.823487][ T9964] vhci_hcd vhci_hcd.2: disconnect device
[ 1149.292235][ T6247] usb usb38-port1: unable to enumerate USB device
[ 1149.338534][ T5939] Bluetooth: hci1: command 0x040f tx timeout
[ 1149.339704][ T5946] Bluetooth: hci0: command 0x040f tx timeout
[ 1149.724221][T24090] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4799'.
[ 1149.728323][T24089] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4800'.
[ 1149.745726][T24086] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1149.747953][T24086] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1150.956406][T24116] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[ 1150.959015][T24116] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1150.962524][T24116] vhci_hcd vhci_hcd.0: Device attached
[ 1151.199708][ T6247] usb 43-1: new low-speed USB device number 26 using vhci_hcd
[ 1151.567801][T24117] vhci_hcd: connection reset by peer
[ 1151.570413][ T9964] vhci_hcd vhci_hcd.3: stop threads
[ 1151.572578][ T9964] vhci_hcd vhci_hcd.3: release socket
[ 1151.575131][ T9964] vhci_hcd vhci_hcd.3: disconnect device
[ 1151.740029][ T5939] Bluetooth: hci0: command 0x040f tx timeout
[ 1151.830148][ T5939] Bluetooth: hci1: command 0x040f tx timeout
[ 1151.835110][T24134] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4813'.
[ 1151.912031][T24127] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1151.914239][T24127] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1152.354755][T24146] FAULT_INJECTION: forcing a failure.
[ 1152.354755][T24146] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1152.358972][T24146] CPU: 0 UID: 0 PID: 24146 Comm: syz.0.4819 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1152.358990][T24146] Tainted: [L]=SOFTLOCKUP
[ 1152.358994][T24146] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1152.359001][T24146] Call Trace:
[ 1152.359005][T24146]  <TASK>
[ 1152.359010][T24146]  dump_stack_lvl+0x16c/0x1f0
[ 1152.359033][T24146]  should_fail_ex+0x512/0x640
[ 1152.359049][T24146]  _copy_from_iter+0x2a4/0x16c0
[ 1152.359063][T24146]  ? rcu_is_watching+0x12/0xc0
[ 1152.359078][T24146]  ? bpf_put_buffers+0x44/0x70
[ 1152.359091][T24146]  ? __pfx__copy_from_iter+0x10/0x10
[ 1152.359104][T24146]  ? __lock_acquire+0x436/0x2890
[ 1152.359117][T24146]  ? find_held_lock+0x2b/0x80
[ 1152.359132][T24146]  tun_get_user+0x26d/0x3cc0
[ 1152.359151][T24146]  ? __pfx_tun_get_user+0x10/0x10
[ 1152.359165][T24146]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1152.359182][T24146]  ? find_held_lock+0x2b/0x80
[ 1152.359196][T24146]  ? tun_get+0x191/0x370
[ 1152.359224][T24146]  tun_chr_write_iter+0xdc/0x210
[ 1152.359238][T24146]  vfs_write+0x7d3/0x11d0
[ 1152.359255][T24146]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1152.359270][T24146]  ? __pfx_vfs_write+0x10/0x10
[ 1152.359283][T24146]  ? find_held_lock+0x2b/0x80
[ 1152.359305][T24146]  ksys_write+0x12a/0x250
[ 1152.359319][T24146]  ? __pfx_ksys_write+0x10/0x10
[ 1152.359335][T24146]  ? do_user_addr_fault+0x843/0x1370
[ 1152.359351][T24146]  __do_fast_syscall_32+0xe8/0x680
[ 1152.359393][T24146]  do_fast_syscall_32+0x32/0x80
[ 1152.359406][T24146]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1152.359420][T24146] RIP: 0023:0xf7f24579
[ 1152.359429][T24146] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1152.359439][T24146] RSP: 002b:00000000f541655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[ 1152.359449][T24146] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000240
[ 1152.359456][T24146] RDX: 0000000000000029 RSI: 0000000000000000 RDI: 0000000000000000
[ 1152.359462][T24146] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1152.359468][T24146] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1152.359474][T24146] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1152.359488][T24146]  </TASK>
[ 1153.049237][T24160] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[ 1153.051378][T24160] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1153.068461][T24160] vhci_hcd vhci_hcd.0: Device attached
[ 1153.341121][  T955] usb 37-1: new low-speed USB device number 36 using vhci_hcd
[ 1153.684332][T24163] vhci_hcd: connection reset by peer
[ 1153.692852][ T9961] vhci_hcd vhci_hcd.0: stop threads
[ 1153.694531][ T9961] vhci_hcd vhci_hcd.0: release socket
[ 1153.696406][ T9961] vhci_hcd vhci_hcd.0: disconnect device
[ 1153.911725][ T5939] Bluetooth: hci0: command 0x040f tx timeout
[ 1153.983575][ T5939] Bluetooth: hci1: command 0x040f tx timeout
[ 1154.057318][T24187] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1154.059429][T24187] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1154.075820][T24191] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4830'.
[ 1154.364485][ T6230] vhci_hcd vhci_hcd.2: vhci_device speed not set
[ 1154.522411][ T5939] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1154.528048][ T5939] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1154.531242][ T5939] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1154.534793][ T5939] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1154.537490][ T5939] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1154.556697][T24197] lo speed is unknown, defaulting to 1000
[ 1155.076746][T24197] chnl_net:caif_netlink_parms(): no params data found
[ 1155.884476][T24197] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1155.887656][T24197] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1155.890685][T24197] bridge_slave_0: entered allmulticast mode
[ 1155.894946][T24197] bridge_slave_0: entered promiscuous mode
[ 1155.901692][T24197] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1155.904709][T24197] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1155.907495][T24197] bridge_slave_1: entered allmulticast mode
[ 1155.911387][T24197] bridge_slave_1: entered promiscuous mode
[ 1155.941385][T24197] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1155.946123][T24197] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1155.967162][T24197] team0: Port device team_slave_0 added
[ 1155.970538][T24197] team0: Port device team_slave_1 added
[ 1155.984322][T24197] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1155.986993][T24197] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1155.995615][T24197] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1155.999917][T24197] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1156.002110][T24197] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1156.010304][T24197] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1156.047444][T24197] hsr_slave_0: entered promiscuous mode
[ 1156.049914][T24197] hsr_slave_1: entered promiscuous mode
[ 1156.052113][T24197] debugfs: 'hsr0' already exists in 'hsr'
[ 1156.053980][T24197] Cannot create hsr debugfs directory
[ 1156.062803][T12263] Bluetooth: hci0: command 0x040f tx timeout
[ 1156.064842][ T5946] Bluetooth: hci1: command 0x040f tx timeout
[ 1156.292914][ T6247] vhci_hcd vhci_hcd.3: vhci_device speed not set
[ 1156.484414][T24197] netdevsim netdevsim0 netdevsim0: renamed from eth0
[ 1156.491583][T24197] netdevsim netdevsim0 netdevsim1: renamed from eth1
[ 1156.506255][T24197] netdevsim netdevsim0 netdevsim2: renamed from eth2
[ 1156.511565][T24197] netdevsim netdevsim0 netdevsim3: renamed from eth3
[ 1156.544498][T24197] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1156.546742][T24197] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1156.549174][T24197] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1156.551424][T24197] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1156.580203][T24197] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1156.587795][ T9964] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1156.595548][ T9964] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1156.623115][T12263] Bluetooth: hci4: command tx timeout
[ 1156.650785][T24197] 8021q: adding VLAN 0 to HW filter on device team0
[ 1156.661068][T17692] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1156.664149][T17692] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1156.679505][T17692] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1156.682462][T17692] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1156.920195][T24197] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1156.944359][T24197] veth0_vlan: entered promiscuous mode
[ 1156.949686][T24197] veth1_vlan: entered promiscuous mode
[ 1156.967572][T24197] veth0_macvtap: entered promiscuous mode
[ 1156.972409][T24197] veth1_macvtap: entered promiscuous mode
[ 1156.982011][T24197] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1156.990387][T24197] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1156.997995][ T9961] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1157.001542][ T9961] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1157.007189][ T9961] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1157.010822][ T9961] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1157.304163][T24264] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[ 1157.306191][T24264] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1157.308749][T24264] vhci_hcd vhci_hcd.0: Device attached
[ 1157.388850][ T9964] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1157.391617][ T9964] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1157.447881][ T9964] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1157.450197][ T9964] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1157.463805][ T9961] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1157.466271][ T9961] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1157.573246][T24268] vhci_hcd: connection closed
[ 1157.573436][T17692] vhci_hcd vhci_hcd.2: stop threads
[ 1157.577058][T17692] vhci_hcd vhci_hcd.2: release socket
[ 1157.579560][ T5797] usb 42-1: SetAddress Request (32) to port 0
[ 1157.582018][ T5797] usb 42-1: new SuperSpeed USB device number 32 using vhci_hcd
[ 1157.587506][T17692] vhci_hcd vhci_hcd.2: disconnect device
[ 1157.604662][ T5797] usb 42-1: enqueue for inactive port 0
[ 1157.731589][T24274] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4834'.
[ 1157.795255][T24273] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1157.798722][T24273] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1157.801582][T24273] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1157.804306][T24273] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1157.807755][T24273] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 1157.995234][ T5797] usb usb42-port1: attempt power cycle
[ 1158.018811][T24283] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1158.021210][T24283] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1158.203391][T24283] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1158.210976][T24283] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1158.282064][T24299] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[ 1158.284566][T24299] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1158.288344][T24299] vhci_hcd vhci_hcd.0: Device attached
[ 1158.350822][T24286] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1158.375117][T17656] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1158.378403][T17656] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1158.381277][T17656] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1158.413066][T24298] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4859'.
[ 1158.464490][  T955] vhci_hcd vhci_hcd.0: vhci_device speed not set
[ 1158.513189][T24295] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1158.515465][T24295] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1158.517573][T24295] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1158.534527][ T6247] usb 39-1: new low-speed USB device number 28 using vhci_hcd
[ 1158.598507][ T5797] usb usb42-port1: unable to enumerate USB device
[ 1158.850318][T24307] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4860'.
[ 1158.962893][T24305] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1158.966893][T24305] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1158.970279][T24305] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1159.165815][ T5797] usb usb42-port2: attempt power cycle
[ 1159.187235][T24300] vhci_hcd: connection reset by peer
[ 1159.191389][T17694] vhci_hcd vhci_hcd.1: stop threads
[ 1159.193233][T17694] vhci_hcd vhci_hcd.1: release socket
[ 1159.195059][T17694] vhci_hcd vhci_hcd.1: disconnect device
[ 1159.757592][ T5797] usb usb42-port2: unable to enumerate USB device
[ 1160.054572][T24333] bond0: Caught tx_queue_len zero misconfig
[ 1160.865895][T12263] Bluetooth: hci0: command 0x040f tx timeout
[ 1161.025876][T12263] Bluetooth: hci1: command 0x040f tx timeout
[ 1161.025895][ T5946] Bluetooth: hci4: command 0x041b tx timeout
[ 1162.382346][T24369] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[ 1162.385061][T24369] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1162.388500][T24369] vhci_hcd vhci_hcd.0: Device attached
[ 1162.395970][T17692] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1162.399006][T17692] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1162.577885][T24375] vhci_hcd: connection closed
[ 1162.578079][ T9961] vhci_hcd vhci_hcd.0: stop threads
[ 1162.582486][ T9961] vhci_hcd vhci_hcd.0: release socket
[ 1162.584617][ T9961] vhci_hcd vhci_hcd.0: disconnect device
[ 1162.773945][T24378] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[ 1162.776614][T24378] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1162.790653][T24378] vhci_hcd vhci_hcd.0: Device attached
[ 1162.818525][T24378] random: crng reseeded on system resumption
[ 1162.878377][ T6163] wlan0: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID
[ 1163.079864][ T6024] usb 42-1: SetAddress Request (40) to port 0
[ 1163.081953][ T6024] usb 42-1: new SuperSpeed USB device number 40 using vhci_hcd
[ 1163.107009][ T5946] Bluetooth: hci1: command 0x040f tx timeout
[ 1163.117040][ T5946] Bluetooth: hci4: command 0x041b tx timeout
[ 1163.373685][T24379] vhci_hcd: connection reset by peer
[ 1163.376001][ T9961] vhci_hcd vhci_hcd.2: stop threads
[ 1163.378431][ T9961] vhci_hcd vhci_hcd.2: release socket
[ 1163.381831][ T9961] vhci_hcd vhci_hcd.2: disconnect device
[ 1163.657685][ T6247] vhci_hcd vhci_hcd.1: vhci_device speed not set
[ 1164.336292][T24411] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[ 1164.338370][T24411] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1164.341211][T24411] vhci_hcd vhci_hcd.0: Device attached
[ 1164.352344][ T9961] wlan0: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID
[ 1164.406589][T24415] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4894'.
[ 1164.474674][T24409] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1164.478133][T24409] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1164.481162][T24409] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1164.597969][T24420] vhci_hcd: connection closed
[ 1164.598216][T17688] vhci_hcd vhci_hcd.1: stop threads
[ 1164.602383][T17688] vhci_hcd vhci_hcd.1: release socket
[ 1164.604758][T17688] vhci_hcd vhci_hcd.1: disconnect device
[ 1164.627980][ T5797] usb 40-1: enqueue for inactive port 0
[ 1165.206043][ T5797] usb usb40-port1: attempt power cycle
[ 1165.361752][T24433] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[ 1165.363995][T24433] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1165.366940][T24433] vhci_hcd vhci_hcd.0: Device attached
[ 1165.370964][T24433] random: crng reseeded on system resumption
[ 1165.517262][T24441] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4904'.
[ 1165.564058][T24449] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[ 1165.566252][T24449] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1165.569969][T24449] vhci_hcd vhci_hcd.0: Device attached
[ 1165.598573][ T5797] usb 40-1: SetAddress Request (6) to port 0
[ 1165.601984][ T5797] usb 40-1: new SuperSpeed USB device number 6 using vhci_hcd
[ 1165.828855][T24457] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4907'.
[ 1165.926131][T24443] vhci_hcd: connection reset by peer
[ 1165.929014][T17656] vhci_hcd vhci_hcd.1: stop threads
[ 1165.930905][T17656] vhci_hcd vhci_hcd.1: release socket
[ 1165.933347][T17656] vhci_hcd vhci_hcd.1: disconnect device
[ 1166.291966][T24451] vhci_hcd: connection closed
[ 1166.293056][T17688] vhci_hcd vhci_hcd.2: stop threads
[ 1166.296820][T17688] vhci_hcd vhci_hcd.2: release socket
[ 1166.298778][T17688] vhci_hcd vhci_hcd.2: disconnect device
[ 1166.469082][ T5946] Bluetooth: hci0: command 0x040f tx timeout
[ 1166.550506][ T5946] Bluetooth: hci4: command 0x041b tx timeout
[ 1166.550560][T12263] Bluetooth: hci1: command 0x040f tx timeout
[ 1166.776882][T24470] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4908'.
[ 1166.848361][T24463] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1166.850806][T24463] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1166.852904][T24463] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1167.116152][T24479] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4916'.
[ 1167.299355][T24478] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1167.307990][T24478] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1167.315911][T24478] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1167.865070][T24496] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4918'.
[ 1167.927627][T24490] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1167.930632][T24490] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1167.933449][T24490] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1168.015814][T24502] pimreg: entered allmulticast mode
[ 1168.150279][ T6024] usb 42-1: device descriptor read/8, error -110
[ 1168.330191][ T5994] vhci_hcd vhci_hcd.2: vhci_device speed not set
[ 1168.410275][T24512] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4926'.
[ 1168.511060][T24511] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1168.513751][T24511] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1168.516154][T24511] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1168.885305][T24535] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4927'.
[ 1169.335163][ T6024] usb usb42-port1: attempt power cycle
[ 1169.976111][T24545] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4935'.
[ 1170.066441][T24543] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4934'.
[ 1170.208266][T24542] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1170.210985][T24542] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1170.217120][T24542] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1170.695791][ T5797] usb 40-1: device descriptor read/8, error -110
[ 1170.720079][T24539] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1170.726905][T24539] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1170.729084][T24539] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1170.782259][ T6024] usb usb42-port1: unable to enumerate USB device
[ 1171.103708][ T5797] usb usb40-port1: unable to enumerate USB device
[ 1172.063328][ T5797] usb usb40-port2: attempt power cycle
[ 1172.143475][ T6024] usb usb42-port2: attempt power cycle
[ 1172.183019][T24602] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4950'.
[ 1172.213845][T24593] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1172.220699][T24593] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1172.264223][T24593] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1172.606878][T24611] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4952'.
[ 1172.661322][ T5797] usb usb40-port2: unable to enumerate USB device
[ 1172.698078][T24601] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1172.704603][ T6024] usb usb42-port2: unable to enumerate USB device
[ 1172.715914][T24601] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1172.719334][T24601] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1173.164902][T24617] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[ 1173.170070][T24617] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1173.214292][T24617] vhci_hcd vhci_hcd.0: Device attached
[ 1173.351082][T24619] vhci_hcd: connection closed
[ 1173.351348][T17688] vhci_hcd vhci_hcd.1: stop threads
[ 1173.354836][T17688] vhci_hcd vhci_hcd.1: release socket
[ 1173.356905][T17688] vhci_hcd vhci_hcd.1: disconnect device
[ 1173.512911][T24625] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[ 1173.515147][T24625] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1173.518010][T24625] vhci_hcd vhci_hcd.0: Device attached
[ 1173.525028][ T9961] wlan0: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID
[ 1173.724529][T24628] vhci_hcd: connection closed
[ 1173.725183][T17688] vhci_hcd vhci_hcd.0: stop threads
[ 1173.728382][T17688] vhci_hcd vhci_hcd.0: release socket
[ 1173.730593][T17688] vhci_hcd vhci_hcd.0: disconnect device
[ 1173.783536][T15612] usb 38-1: enqueue for inactive port 0
[ 1174.305546][T15612] usb usb38-port1: attempt power cycle
[ 1174.553961][T12263] Bluetooth: hci0: command 0x040f tx timeout
[ 1174.794161][ T5939] Bluetooth: hci1: command 0x040f tx timeout
[ 1174.796358][T12263] Bluetooth: hci4: command 0x041b tx timeout
[ 1174.881844][T15612] usb usb38-port1: unable to enumerate USB device
[ 1175.384590][T24660] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4966'.
[ 1175.504603][T24658] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1175.507621][T24658] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1175.510747][T24658] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1177.096806][T24687] netlink: 36 bytes leftover after parsing attributes in process `syz.0.4976'.
[ 1177.205194][T24683] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1177.220752][T24683] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1177.230851][T24683] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1177.249848][T24690] lo speed is unknown, defaulting to 1000
[ 1177.253836][T24690] lo speed is unknown, defaulting to 1000
[ 1177.258391][T24690] lo speed is unknown, defaulting to 1000
[ 1177.288005][T24692] FAULT_INJECTION: forcing a failure.
[ 1177.288005][T24692] name failslab, interval 1, probability 0, space 0, times 0
[ 1177.292018][T24692] CPU: 0 UID: 0 PID: 24692 Comm: syz.0.4979 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1177.292037][T24692] Tainted: [L]=SOFTLOCKUP
[ 1177.292041][T24692] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1177.292047][T24692] Call Trace:
[ 1177.292052][T24692]  <TASK>
[ 1177.292057][T24692]  dump_stack_lvl+0x16c/0x1f0
[ 1177.292077][T24692]  should_fail_ex+0x512/0x640
[ 1177.292090][T24692]  ? fs_reclaim_acquire+0xae/0x150
[ 1177.292109][T24692]  should_failslab+0xc2/0x120
[ 1177.292126][T24692]  kmem_cache_alloc_noprof+0x83/0x770
[ 1177.292138][T24692]  ? __pfx_map_id_range_down+0x10/0x10
[ 1177.292154][T24692]  ? security_inode_alloc+0x3b/0x2b0
[ 1177.292169][T24692]  ? security_inode_alloc+0x3b/0x2b0
[ 1177.292180][T24692]  security_inode_alloc+0x3b/0x2b0
[ 1177.292192][T24692]  inode_init_always_gfp+0xced/0x1040
[ 1177.292212][T24692]  alloc_inode+0x86/0x240
[ 1177.292224][T24692]  new_inode+0x22/0x1c0
[ 1177.292237][T24692]  __debugfs_create_file+0x105/0x530
[ 1177.292251][T24692]  debugfs_create_file_full+0x41/0x60
[ 1177.292264][T24692]  ? __pfx_geneve_setup+0x10/0x10
[ 1177.292275][T24692]  ref_tracker_dir_debugfs+0x19d/0x2f0
[ 1177.292290][T24692]  ? __pfx_ref_tracker_dir_debugfs+0x10/0x10
[ 1177.292314][T24692]  ? alloc_netdev_mqs+0xd7/0x1550
[ 1177.292331][T24692]  ? lockdep_init_map_type+0x5c/0x270
[ 1177.292344][T24692]  alloc_netdev_mqs+0x314/0x1550
[ 1177.292363][T24692]  rtnl_create_link+0xc08/0xf60
[ 1177.292381][T24692]  rtnl_newlink+0xb3b/0x1f50
[ 1177.292401][T24692]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1177.292416][T24692]  ? __kernel_text_address+0xd/0x40
[ 1177.292428][T24692]  ? unwind_get_return_address+0x59/0xa0
[ 1177.292453][T24692]  ? __pfx_stack_trace_save+0x10/0x10
[ 1177.292475][T24692]  ? find_held_lock+0x2b/0x80
[ 1177.292492][T24692]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1177.292507][T24692]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1177.292522][T24692]  ? rtnetlink_rcv_msg+0x93a/0xe90
[ 1177.292538][T24692]  ? __pfx_rtnl_newlink+0x10/0x10
[ 1177.292554][T24692]  rtnetlink_rcv_msg+0x95e/0xe90
[ 1177.292571][T24692]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1177.292590][T24692]  ? __lock_acquire+0x436/0x2890
[ 1177.292603][T24692]  netlink_rcv_skb+0x158/0x420
[ 1177.292620][T24692]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1177.292636][T24692]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1177.292658][T24692]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1177.292676][T24692]  netlink_unicast+0x5aa/0x870
[ 1177.292694][T24692]  ? __pfx_netlink_unicast+0x10/0x10
[ 1177.292716][T24692]  netlink_sendmsg+0x8c8/0xdd0
[ 1177.292734][T24692]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1177.292752][T24692]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[ 1177.292766][T24692]  ____sys_sendmsg+0xa5d/0xc30
[ 1177.292779][T24692]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1177.292789][T24692]  ? get_compat_msghdr+0x11a/0x170
[ 1177.292810][T24692]  ___sys_sendmsg+0x134/0x1d0
[ 1177.292826][T24692]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1177.292847][T24692]  ? find_held_lock+0x2b/0x80
[ 1177.292869][T24692]  __sys_sendmsg+0x16d/0x220
[ 1177.292884][T24692]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1177.292903][T24692]  ? do_user_addr_fault+0x843/0x1370
[ 1177.292919][T24692]  __do_fast_syscall_32+0xe8/0x680
[ 1177.292933][T24692]  do_fast_syscall_32+0x32/0x80
[ 1177.292943][T24692]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1177.292957][T24692] RIP: 0023:0xf700d579
[ 1177.292966][T24692] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1177.292976][T24692] RSP: 002b:00000000f53fd55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1177.292987][T24692] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000340
[ 1177.292994][T24692] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000000
[ 1177.293001][T24692] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1177.293007][T24692] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1177.293013][T24692] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1177.293026][T24692]  </TASK>
[ 1177.293044][T24692] debugfs: out of free dentries, can not create file 'netdev@ffff88802478a618'
[ 1177.358210][T24690] infiniband syz1: set down
[ 1177.417544][T24692] geneve2: entered promiscuous mode
[ 1177.420092][T24690] infiniband syz1: added lo
[ 1177.423025][T24692] geneve2: entered allmulticast mode
[ 1177.455192][T24690] RDS/IB: syz1: added
[ 1177.463034][T24690] smc: adding ib device syz1 with port count 1
[ 1177.465816][T24690] smc:    ib device syz1 port 1 has no pnetid
[ 1177.472701][ T6328] lo speed is unknown, defaulting to 1000
[ 1177.475046][   T24] lo speed is unknown, defaulting to 1000
[ 1177.477442][T24690] lo speed is unknown, defaulting to 1000
[ 1177.563442][T24690] lo speed is unknown, defaulting to 1000
[ 1177.754761][T24690] lo speed is unknown, defaulting to 1000
[ 1177.913320][T24690] lo speed is unknown, defaulting to 1000
[ 1177.949359][T24708] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[ 1177.951682][T24708] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1177.954656][T24708] vhci_hcd vhci_hcd.0: Device attached
[ 1177.968622][T24708] random: crng reseeded on system resumption
[ 1178.111518][T24690] lo speed is unknown, defaulting to 1000
[ 1178.228902][ T6024] usb 44-1: SetAddress Request (33) to port 0
[ 1178.231303][ T6024] usb 44-1: new SuperSpeed USB device number 33 using vhci_hcd
[ 1178.274185][T24690] lo speed is unknown, defaulting to 1000
[ 1178.597304][T24715] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[ 1178.599474][T24715] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1178.602079][T24715] vhci_hcd vhci_hcd.0: Device attached
[ 1178.651849][T24710] vhci_hcd: connection reset by peer
[ 1178.654627][T17688] vhci_hcd vhci_hcd.3: stop threads
[ 1178.658126][T17688] vhci_hcd vhci_hcd.3: release socket
[ 1178.662007][T17688] vhci_hcd vhci_hcd.3: disconnect device
[ 1178.782604][T24726] netlink: 36 bytes leftover after parsing attributes in process `syz.2.4987'.
[ 1178.794160][T24720] vhci_hcd: connection closed
[ 1178.794998][T17692] vhci_hcd vhci_hcd.0: stop threads
[ 1178.799187][T17692] vhci_hcd vhci_hcd.0: release socket
[ 1178.801081][T17692] vhci_hcd vhci_hcd.0: disconnect device
[ 1178.909295][T24724] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1178.911944][T24724] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1178.914557][T24724] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1179.258728][T24731] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4991'.
[ 1179.614384][T24744] geneve2: entered promiscuous mode
[ 1179.616069][T24744] geneve2: entered allmulticast mode
[ 1179.779747][T24751] netlink: 36 bytes leftover after parsing attributes in process `syz.1.4994'.
[ 1179.984573][T24742] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1179.987575][T24742] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1179.989945][T24742] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1180.513201][T24764] lo speed is unknown, defaulting to 1000
[ 1180.523016][T24764] lo speed is unknown, defaulting to 1000
[ 1180.555882][T24767] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5001'.
[ 1181.078939][T24787] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5003'.
[ 1181.086773][T24777] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1181.088729][T24777] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1181.091157][T24777] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1182.160473][ T1414] ieee802154 phy0 wpan0: encryption failed: -22
[ 1182.162617][ T1414] ieee802154 phy1 wpan1: encryption failed: -22
[ 1182.227707][T24806] netlink: 'syz.2.5013': attribute type 13 has an invalid length.
[ 1182.461910][T24813] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5015'.
[ 1182.650152][T24811] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1182.658737][T24811] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1182.691344][T24811] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1183.070963][T24820] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[ 1183.073207][T24820] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1183.076330][T24820] vhci_hcd vhci_hcd.0: Device attached
[ 1183.359148][ T6024] usb 44-1: device descriptor read/8, error -110
[ 1183.627456][T24822] vhci_hcd: connection closed
[ 1183.627965][T17688] vhci_hcd vhci_hcd.3: stop threads
[ 1183.631727][T17688] vhci_hcd vhci_hcd.3: release socket
[ 1183.633729][T17688] vhci_hcd vhci_hcd.3: disconnect device
[ 1183.750569][ T6024] usb usb44-port1: attempt power cycle
[ 1183.904280][ T6247] vhci_hcd vhci_hcd.3: vhci_device speed not set
[ 1184.403471][T24841] block device autoloading is deprecated and will be removed.
[ 1184.729903][ T5939] Bluetooth: hci1: command 0x040f tx timeout
[ 1184.732155][ T5946] Bluetooth: hci4: command 0x041b tx timeout
[ 1184.734391][T12263] Bluetooth: hci0: command 0x040f tx timeout
[ 1184.904242][T24854] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5028'.
[ 1184.944092][T24854] wlan1 speed is unknown, defaulting to 1000
[ 1184.955480][T24854] wlan1 speed is unknown, defaulting to 1000
[ 1184.976631][T24854] wlan1 speed is unknown, defaulting to 1000
[ 1185.167417][T24854] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98
[ 1185.294726][T24854] wlan1 speed is unknown, defaulting to 1000
[ 1185.297647][T24854] wlan1 speed is unknown, defaulting to 1000
[ 1185.308097][T24854] wlan1 speed is unknown, defaulting to 1000
[ 1185.313043][T24854] wlan1 speed is unknown, defaulting to 1000
[ 1185.316017][T24854] wlan1 speed is unknown, defaulting to 1000
[ 1185.318608][T24854] wlan1 speed is unknown, defaulting to 1000
[ 1185.368972][T24863] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5031'.
[ 1185.743287][ T6024] usb usb44-port1: unable to enumerate USB device
[ 1186.618447][T24877] mkiss: ax0: crc mode is auto.
[ 1186.811114][T24855] Bluetooth: hci4: command 0x041b tx timeout
[ 1186.813092][T17832] Bluetooth: hci1: command 0x040f tx timeout
[ 1187.311076][T24912] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5046'.
[ 1187.316821][T24912] siw: device registration error -23
[ 1188.583642][T24936] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5056'.
[ 1188.638636][T24938] netlink: 'syz.2.5056': attribute type 4 has an invalid length.
[ 1188.882685][T24855] Bluetooth: hci4: command 0x041b tx timeout
[ 1188.885378][T17832] Bluetooth: hci1: command 0x040f tx timeout
[ 1189.515305][   T40] kauditd_printk_skb: 26 callbacks suppressed
[ 1189.515339][   T40] audit: type=1326 audit(1768832240.648:6274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24955 comm="syz.1.5062" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000
[ 1189.555545][   T40] audit: type=1326 audit(1768832240.648:6275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24955 comm="syz.1.5062" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000
[ 1189.586268][   T40] audit: type=1326 audit(1768832240.648:6276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24955 comm="syz.1.5062" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf709d579 code=0x7ffc0000
[ 1189.604755][   T40] audit: type=1326 audit(1768832240.648:6277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24955 comm="syz.1.5062" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000
[ 1189.659919][   T40] audit: type=1326 audit(1768832240.648:6278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24955 comm="syz.1.5062" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000
[ 1189.711658][   T40] audit: type=1326 audit(1768832240.648:6279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24955 comm="syz.1.5062" exe="/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf709d579 code=0x7ffc0000
[ 1189.736679][   T40] audit: type=1326 audit(1768832240.788:6280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24955 comm="syz.1.5062" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000
[ 1189.771473][   T40] audit: type=1326 audit(1768832240.788:6281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24955 comm="syz.1.5062" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000
[ 1189.880742][T24966] binder: 24965:24966 ioctl c400941d 800004c0 returned -22
[ 1190.013749][T24969] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5067'.
[ 1190.154714][T24963] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[ 1190.157791][T24963] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1190.161253][T24963] vhci_hcd vhci_hcd.0: Device attached
[ 1190.189062][ T9961] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1190.191526][ T9961] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1190.393842][T24986] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7)
[ 1190.395962][T24986] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1190.399007][T24986] vhci_hcd vhci_hcd.0: Device attached
[ 1190.406730][T24975] vhci_hcd: connection closed
[ 1190.407527][ T9964] vhci_hcd vhci_hcd.3: stop threads
[ 1190.410829][ T9964] vhci_hcd vhci_hcd.3: release socket
[ 1190.412717][ T9964] vhci_hcd vhci_hcd.3: disconnect device
[ 1190.433440][ T6247] usb 44-1: enqueue for inactive port 0
[ 1190.644675][ T6230] usb 37-1: new low-speed USB device number 37 using vhci_hcd
[ 1190.916543][T24992] fuse: Unknown parameter '0x0000000000000003'
[ 1190.925556][ T6247] usb usb44-port1: attempt power cycle
[ 1190.964935][T24855] Bluetooth: hci4: command 0x041b tx timeout
[ 1190.967220][T17832] Bluetooth: hci1: command 0x040f tx timeout
[ 1190.995385][T25001] fuse: Bad value for 'fd'
[ 1191.024196][T24987] vhci_hcd: connection reset by peer
[ 1191.028473][T17694] vhci_hcd vhci_hcd.0: stop threads
[ 1191.030197][T17694] vhci_hcd vhci_hcd.0: release socket
[ 1191.034966][T17694] vhci_hcd vhci_hcd.0: disconnect device
[ 1191.220989][T25013] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5078'.
[ 1191.303690][T25009] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1191.306809][T25009] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1191.309502][T25009] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1191.535491][ T6247] usb usb44-port1: unable to enumerate USB device
[ 1192.322260][T25022] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(11)
[ 1192.324711][T25022] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1192.327457][T25022] vhci_hcd vhci_hcd.0: Device attached
[ 1192.331874][T25022] netlink: 'syz.0.5081': attribute type 1 has an invalid length.
[ 1192.335076][T25026] netlink: 'syz.0.5081': attribute type 1 has an invalid length.
[ 1192.344389][T25022] 8021q: adding VLAN 0 to HW filter on device bond1
[ 1192.362282][T25022] bond1: (slave geneve2): making interface the new active one
[ 1192.365446][T25022] bond1: (slave geneve2): Enslaving as an active interface with an up link
[ 1192.368207][T17694] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1192.370846][T17694] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1192.375728][T17694] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1192.378454][T17694] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1192.494667][ T6024] usb 8-1: new high-speed USB device number 33 using dummy_hcd
[ 1192.656164][ T6024] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1192.660564][ T6024] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1192.664585][ T6024] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1192.669240][ T6024] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1192.673022][ T6024] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1192.678446][ T6024] usb 8-1: config 0 descriptor??
[ 1192.804753][T25027] vhci_hcd: connection closed
[ 1192.804958][T17694] vhci_hcd vhci_hcd.0: stop threads
[ 1192.809448][T17694] vhci_hcd vhci_hcd.0: release socket
[ 1192.811787][T17694] vhci_hcd vhci_hcd.0: disconnect device
[ 1193.087148][ T6024] plantronics 0003:047F:FFFF.000A: reserved main item tag 0xd
[ 1193.092289][ T6024] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[ 1193.284971][T24855] Bluetooth: hci0: command 0x040f tx timeout
[ 1193.348701][ T6024] usb 8-1: USB disconnect, device number 33
[ 1193.364917][T24855] Bluetooth: hci4: command 0x041b tx timeout
[ 1193.369480][T24855] Bluetooth: hci1: command 0x040f tx timeout
[ 1194.454394][T25052] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1194.831201][T25060] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5092'.
[ 1195.041648][T25059] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1195.043752][T25059] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1195.045789][T25059] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1195.051462][T25070] /dev/nullb0: Can't open blockdev
[ 1195.198318][T25071] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5094'.
[ 1195.766500][ T6230] vhci_hcd vhci_hcd.0: vhci_device speed not set
[ 1196.886988][T24855] Bluetooth: hci0: command 0x040f tx timeout
[ 1197.047023][T24855] Bluetooth: hci1: command 0x040f tx timeout
[ 1197.137121][T24855] Bluetooth: hci4: command 0x041b tx timeout
[ 1197.199307][T25066] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1197.219476][T25066] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1197.227447][T25066] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1197.824283][T25084] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1198.073432][T25092] serio: Serial port ptm0
[ 1198.082360][T25102] /dev/nullb0: Can't open blockdev
[ 1199.022644][T25104] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[ 1199.024762][T25104] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1199.027461][T25104] vhci_hcd vhci_hcd.0: Device attached
[ 1199.038418][T17694] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1199.048174][T17694] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1199.184779][T25123] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5110'.
[ 1199.239094][T25115] vhci_hcd: connection closed
[ 1199.239392][ T9961] vhci_hcd vhci_hcd.2: stop threads
[ 1199.242465][ T9961] vhci_hcd vhci_hcd.2: release socket
[ 1199.244396][ T9961] vhci_hcd vhci_hcd.2: disconnect device
[ 1199.244757][T25112] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1199.248616][T25112] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1199.250595][T25112] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1199.313035][T25126] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[ 1199.316519][T25126] overlayfs: overlapping lowerdir path
[ 1199.929195][T25136] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5113'.
[ 1200.056807][T25131] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1200.059404][T25131] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1200.061302][T25131] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1200.208380][   T40] audit: type=1326 audit(1768832251.332:6282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25133 comm="syz.0.5114" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000
[ 1200.229028][   T40] audit: type=1326 audit(1768832251.332:6283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25133 comm="syz.0.5114" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000
[ 1200.236157][   T40] audit: type=1326 audit(1768832251.332:6284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25133 comm="syz.0.5114" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf700d579 code=0x7ffc0000
[ 1200.267923][T25143] cgroup: Unknown subsys name 'measure'
[ 1200.319484][T25143] lo speed is unknown, defaulting to 1000
[ 1200.327181][T25143] lo speed is unknown, defaulting to 1000
[ 1200.560175][   T40] audit: type=1326 audit(1768832251.692:6285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25133 comm="syz.0.5114" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000
[ 1200.570916][   T40] audit: type=1326 audit(1768832251.692:6286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25133 comm="syz.0.5114" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf700d579 code=0x7ffc0000
[ 1200.593267][T25143] wlan1 speed is unknown, defaulting to 1000
[ 1200.830019][T15612] usb usb42-port2: attempt power cycle
[ 1201.170047][T25154] serio: Serial port ptm0
[ 1201.681397][T15612] usb usb42-port2: unable to enumerate USB device
[ 1202.013841][T24855] Bluetooth: hci0: command 0x040f tx timeout
[ 1202.100156][ T5939] Bluetooth: hci1: command 0x040f tx timeout
[ 1202.102296][T24855] Bluetooth: hci4: command 0x041b tx timeout
[ 1202.515326][T25164] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[ 1202.517417][T25164] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1202.520375][T25164] vhci_hcd vhci_hcd.0: Device attached
[ 1202.526244][T17688] wlan0: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID
[ 1202.712633][T25167] vhci_hcd: connection closed
[ 1202.712945][T17656] vhci_hcd vhci_hcd.0: stop threads
[ 1202.717309][T17656] vhci_hcd vhci_hcd.0: release socket
[ 1202.722666][T17656] vhci_hcd vhci_hcd.0: disconnect device
[ 1203.167647][T25183] delete_channel: no stack
[ 1203.334329][T25186] FAULT_INJECTION: forcing a failure.
[ 1203.334329][T25186] name failslab, interval 1, probability 0, space 0, times 0
[ 1203.339840][T25186] CPU: 3 UID: 0 PID: 25186 Comm: syz.1.5125 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1203.339860][T25186] Tainted: [L]=SOFTLOCKUP
[ 1203.339863][T25186] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1203.339870][T25186] Call Trace:
[ 1203.339874][T25186]  <TASK>
[ 1203.339880][T25186]  dump_stack_lvl+0x16c/0x1f0
[ 1203.339906][T25186]  should_fail_ex+0x512/0x640
[ 1203.339920][T25186]  ? kmem_cache_alloc_noprof+0x62/0x770
[ 1203.339936][T25186]  should_failslab+0xc2/0x120
[ 1203.339953][T25186]  kmem_cache_alloc_noprof+0x83/0x770
[ 1203.339966][T25186]  ? radix_tree_node_alloc.constprop.0+0x7c/0x350
[ 1203.339984][T25186]  ? radix_tree_node_alloc.constprop.0+0x7c/0x350
[ 1203.339997][T25186]  radix_tree_node_alloc.constprop.0+0x7c/0x350
[ 1203.340014][T25186]  idr_get_free+0x528/0xa30
[ 1203.340035][T25186]  idr_alloc_u32+0x1ac/0x320
[ 1203.340052][T25186]  ? __pfx_idr_alloc_u32+0x10/0x10
[ 1203.340073][T25186]  tcf_idr_check_alloc+0x136/0x770
[ 1203.340087][T25186]  ? __pfx_tcf_idr_check_alloc+0x10/0x10
[ 1203.340099][T25186]  ? __nla_parse+0x40/0x60
[ 1203.340116][T25186]  tcf_skbedit_init+0x48f/0x11d0
[ 1203.340130][T25186]  ? __pfx_tcf_skbedit_init+0x10/0x10
[ 1203.340145][T25186]  ? tcf_action_init_1+0x2d2/0x6c0
[ 1203.340157][T25186]  ? __asan_memcpy+0x3c/0x60
[ 1203.340171][T25186]  tcf_action_init_1+0x460/0x6c0
[ 1203.340185][T25186]  ? __pfx_tcf_action_init_1+0x10/0x10
[ 1203.340204][T25186]  ? __nla_parse+0x40/0x60
[ 1203.340223][T25186]  tcf_action_init+0x432/0xa50
[ 1203.340239][T25186]  ? __pfx_tcf_action_init+0x10/0x10
[ 1203.340250][T25186]  ? is_bpf_text_address+0x8a/0x1a0
[ 1203.340288][T25186]  ? find_held_lock+0x2b/0x80
[ 1203.340304][T25186]  ? pcpu_alloc_noprof+0x94a/0x1470
[ 1203.340319][T25186]  tcf_exts_validate_ex+0x42d/0x550
[ 1203.340336][T25186]  ? __pfx_tcf_exts_validate_ex+0x10/0x10
[ 1203.340349][T25186]  ? mark_held_locks+0x49/0x80
[ 1203.340367][T25186]  mall_change+0x3cd/0x1030
[ 1203.340385][T25186]  ? __pfx_mall_change+0x10/0x10
[ 1203.340398][T25186]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1203.340415][T25186]  ? __pfx_mall_change+0x10/0x10
[ 1203.340428][T25186]  tc_new_tfilter+0xa35/0x2340
[ 1203.340468][T25186]  ? unwind_get_return_address+0x59/0xa0
[ 1203.340484][T25186]  ? __pfx_tc_new_tfilter+0x10/0x10
[ 1203.340506][T25186]  ? __lock_acquire+0x436/0x2890
[ 1203.340523][T25186]  ? find_held_lock+0x2b/0x80
[ 1203.340536][T25186]  ? __pfx_tc_new_tfilter+0x10/0x10
[ 1203.340552][T25186]  ? rtnetlink_rcv_msg+0x93a/0xe90
[ 1203.340569][T25186]  ? __pfx_tc_new_tfilter+0x10/0x10
[ 1203.340585][T25186]  rtnetlink_rcv_msg+0x95e/0xe90
[ 1203.340602][T25186]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1203.340620][T25186]  ? __lock_acquire+0x436/0x2890
[ 1203.340633][T25186]  netlink_rcv_skb+0x158/0x420
[ 1203.340650][T25186]  ? __pfx_rtnetlink_rcv_msg+0x10/0x10
[ 1203.340666][T25186]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1203.340687][T25186]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1203.340706][T25186]  netlink_unicast+0x5aa/0x870
[ 1203.340724][T25186]  ? __pfx_netlink_unicast+0x10/0x10
[ 1203.340746][T25186]  netlink_sendmsg+0x8c8/0xdd0
[ 1203.340764][T25186]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1203.340782][T25186]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[ 1203.340797][T25186]  ____sys_sendmsg+0xa5d/0xc30
[ 1203.340809][T25186]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1203.340819][T25186]  ? get_compat_msghdr+0x11a/0x170
[ 1203.340840][T25186]  ___sys_sendmsg+0x134/0x1d0
[ 1203.340855][T25186]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1203.340876][T25186]  ? find_held_lock+0x2b/0x80
[ 1203.340903][T25186]  __sys_sendmsg+0x16d/0x220
[ 1203.340917][T25186]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1203.340937][T25186]  ? do_user_addr_fault+0x843/0x1370
[ 1203.340952][T25186]  __do_fast_syscall_32+0xe8/0x680
[ 1203.340965][T25186]  do_fast_syscall_32+0x32/0x80
[ 1203.340977][T25186]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1203.340992][T25186] RIP: 0023:0xf709d579
[ 1203.341002][T25186] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1203.341012][T25186] RSP: 002b:00000000f548d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1203.341024][T25186] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 0000000080000580
[ 1203.341032][T25186] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1203.341040][T25186] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1203.341046][T25186] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1203.341054][T25186] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1203.341067][T25186]  </TASK>
[ 1203.457737][T25188] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5126'.
[ 1203.934993][T25199] serio: Serial port ptm0
[ 1204.171251][T24855] Bluetooth: hci4: command 0x041b tx timeout
[ 1204.400590][T25207] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(5)
[ 1204.402880][T25207] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1204.405800][T25207] vhci_hcd vhci_hcd.0: Device attached
[ 1204.577485][T25210] vhci_hcd: connection closed
[ 1204.578084][T17694] vhci_hcd vhci_hcd.0: stop threads
[ 1204.581672][T17694] vhci_hcd vhci_hcd.0: release socket
[ 1204.583550][T17694] vhci_hcd vhci_hcd.0: disconnect device
[ 1204.750009][T25214] netlink: 176 bytes leftover after parsing attributes in process `syz.2.5134'.
[ 1204.883447][T25222] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5135'.
[ 1204.971902][T25218] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1204.974599][T25218] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1204.976727][T25218] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1205.168868][T25236] netlink: 36 bytes leftover after parsing attributes in process `syz.2.5136'.
[ 1205.237677][T25229] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1205.240221][T25229] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1205.243099][T25229] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1205.531637][   T40] audit: type=1326 audit(1768832256.649:6287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25234 comm="syz.1.5139" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000
[ 1205.541392][   T40] audit: type=1326 audit(1768832256.649:6288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25234 comm="syz.1.5139" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000
[ 1205.553743][   T40] audit: type=1326 audit(1768832256.649:6289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25234 comm="syz.1.5139" exe="/syz-executor" sig=0 arch=40000003 syscall=21 compat=1 ip=0xf709d579 code=0x7ffc0000
[ 1205.594093][T25246] cgroup: Unknown subsys name 'measure'
[ 1205.643416][T25246] lo speed is unknown, defaulting to 1000
[ 1205.648655][T25246] lo speed is unknown, defaulting to 1000
[ 1205.772230][T25246] wlan1 speed is unknown, defaulting to 1000
[ 1205.863095][   T40] audit: type=1326 audit(1768832256.989:6290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25234 comm="syz.1.5139" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000
[ 1205.917457][   T40] audit: type=1326 audit(1768832256.989:6291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25234 comm="syz.1.5139" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf709d579 code=0x7ffc0000
[ 1206.096955][T25251] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7)
[ 1206.099113][T25251] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1206.101976][T25251] vhci_hcd vhci_hcd.0: Device attached
[ 1206.281011][ T9961] netdevsim netdevsim0 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.287374][ T9961] netdevsim netdevsim0 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.289999][ T9961] netdevsim netdevsim0 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.302896][ T9961] netdevsim netdevsim0 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[ 1206.372964][T15612] usb 41-1: new low-speed USB device number 37 using vhci_hcd
[ 1206.723356][T25252] vhci_hcd: connection reset by peer
[ 1206.727373][ T9964] vhci_hcd vhci_hcd.2: stop threads
[ 1206.729118][ T9964] vhci_hcd vhci_hcd.2: release socket
[ 1206.731319][ T9964] vhci_hcd vhci_hcd.2: disconnect device
[ 1207.196230][T25275] FAULT_INJECTION: forcing a failure.
[ 1207.196230][T25275] name failslab, interval 1, probability 0, space 0, times 0
[ 1207.200410][T25275] CPU: 2 UID: 0 PID: 25275 Comm: syz.1.5148 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1207.200428][T25275] Tainted: [L]=SOFTLOCKUP
[ 1207.200432][T25275] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1207.200439][T25275] Call Trace:
[ 1207.200443][T25275]  <TASK>
[ 1207.200448][T25275]  dump_stack_lvl+0x16c/0x1f0
[ 1207.200469][T25275]  should_fail_ex+0x512/0x640
[ 1207.200482][T25275]  ? __kmalloc_cache_noprof+0x5f/0x800
[ 1207.200496][T25275]  should_failslab+0xc2/0x120
[ 1207.200513][T25275]  __kmalloc_cache_noprof+0x80/0x800
[ 1207.200525][T25275]  ? rcu_is_watching+0x12/0xc0
[ 1207.200540][T25275]  ? call_usermodehelper_setup+0xaf/0x360
[ 1207.200555][T25275]  ? __pfx_free_modprobe_argv+0x10/0x10
[ 1207.200569][T25275]  ? call_usermodehelper_setup+0xaf/0x360
[ 1207.200582][T25275]  call_usermodehelper_setup+0xaf/0x360
[ 1207.200597][T25275]  __request_module+0x3bd/0x660
[ 1207.200611][T25275]  ? __pfx___request_module+0x10/0x10
[ 1207.200623][T25275]  ? __mutex_unlock_slowpath+0x161/0x790
[ 1207.200636][T25275]  ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 1207.200651][T25275]  ? ilookup+0x189/0x210
[ 1207.200667][T25275]  blk_request_module+0x57/0xb0
[ 1207.200685][T25275]  blkdev_get_no_open+0x9b/0x100
[ 1207.200699][T25275]  bdev_file_open_by_dev+0x70/0x210
[ 1207.200713][T25275]  swsusp_check+0x72/0x4a0
[ 1207.200730][T25275]  software_resume+0x6f/0x560
[ 1207.200743][T25275]  resume_store+0x247/0x490
[ 1207.200756][T25275]  ? __pfx_resume_store+0x10/0x10
[ 1207.200773][T25275]  ? find_held_lock+0x2b/0x80
[ 1207.200789][T25275]  ? __pfx_resume_store+0x10/0x10
[ 1207.200801][T25275]  kobj_attr_store+0x58/0x80
[ 1207.200811][T25275]  ? __pfx_kobj_attr_store+0x10/0x10
[ 1207.200821][T25275]  sysfs_kf_write+0xf2/0x150
[ 1207.200833][T25275]  kernfs_fop_write_iter+0x3af/0x570
[ 1207.200848][T25275]  ? __pfx_sysfs_kf_write+0x10/0x10
[ 1207.200860][T25275]  vfs_write+0x7d3/0x11d0
[ 1207.200876][T25275]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[ 1207.200894][T25275]  ? __pfx_vfs_write+0x10/0x10
[ 1207.200907][T25275]  ? find_held_lock+0x2b/0x80
[ 1207.200930][T25275]  ksys_write+0x12a/0x250
[ 1207.200944][T25275]  ? __pfx_ksys_write+0x10/0x10
[ 1207.200960][T25275]  ? do_user_addr_fault+0x843/0x1370
[ 1207.200976][T25275]  __do_fast_syscall_32+0xe8/0x680
[ 1207.200988][T25275]  do_fast_syscall_32+0x32/0x80
[ 1207.200999][T25275]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1207.201012][T25275] RIP: 0023:0xf709d579
[ 1207.201021][T25275] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1207.201032][T25275] RSP: 002b:00000000f548d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000004
[ 1207.201042][T25275] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040
[ 1207.201048][T25275] RDX: 0000000000000012 RSI: 0000000000000000 RDI: 0000000000000000
[ 1207.201054][T25275] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1207.201060][T25275] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1207.201066][T25275] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1207.201080][T25275]  </TASK>
[ 1207.207146][T25269] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[ 1207.222753][T24855] Bluetooth: hci0: command 0x040f tx timeout
[ 1207.224284][T25269] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1207.293544][T24855] Bluetooth: hci1: command 0x040f tx timeout
[ 1207.309081][T17832] Bluetooth: hci4: command 0x041b tx timeout
[ 1207.421822][T25269] vhci_hcd vhci_hcd.0: Device attached
[ 1207.547107][T25277] vhci_hcd: connection closed
[ 1207.547389][T17656] vhci_hcd vhci_hcd.3: stop threads
[ 1207.552314][T17656] vhci_hcd vhci_hcd.3: release socket
[ 1207.556901][T17656] vhci_hcd vhci_hcd.3: disconnect device
[ 1207.633799][T25293] overlayfs: upper fs does not support RENAME_WHITEOUT.
[ 1207.636912][T25293] overlayfs: failed to set xattr on upper
[ 1207.639480][T25293] overlayfs: ...falling back to redirect_dir=nofollow.
[ 1207.642071][T25293] overlayfs: ...falling back to metacopy=off.
[ 1207.644893][T25293] overlayfs: ...falling back to index=off.
[ 1207.647331][T25293] overlayfs: ...falling back to uuid=null.
[ 1207.651760][T25293] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5152'.
[ 1208.607059][T25311] FAULT_INJECTION: forcing a failure.
[ 1208.607059][T25311] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1208.612680][T25311] CPU: 2 UID: 0 PID: 25311 Comm: syz.2.5158 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1208.612700][T25311] Tainted: [L]=SOFTLOCKUP
[ 1208.612704][T25311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1208.612711][T25311] Call Trace:
[ 1208.612715][T25311]  <TASK>
[ 1208.612719][T25311]  dump_stack_lvl+0x16c/0x1f0
[ 1208.612741][T25311]  should_fail_ex+0x512/0x640
[ 1208.612756][T25311]  _copy_from_user+0x2e/0xd0
[ 1208.612769][T25311]  kstrtouint_from_user+0xd6/0x1d0
[ 1208.612785][T25311]  ? __pfx_kstrtouint_from_user+0x10/0x10
[ 1208.612801][T25311]  ? __lock_acquire+0x436/0x2890
[ 1208.612822][T25311]  proc_fail_nth_write+0x83/0x220
[ 1208.612838][T25311]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1208.612859][T25311]  ? __pfx_proc_fail_nth_write+0x10/0x10
[ 1208.612873][T25311]  vfs_write+0x2a0/0x11d0
[ 1208.612898][T25311]  ? __pfx___mutex_lock+0x10/0x10
[ 1208.612917][T25311]  ? __pfx_vfs_write+0x10/0x10
[ 1208.612939][T25311]  ? find_held_lock+0x2b/0x80
[ 1208.612968][T25311]  ? __fget_files+0x20e/0x3c0
[ 1208.613007][T25311]  ksys_write+0x12a/0x250
[ 1208.613022][T25311]  ? __pfx_ksys_write+0x10/0x10
[ 1208.613038][T25311]  ? do_user_addr_fault+0x843/0x1370
[ 1208.613053][T25311]  __do_fast_syscall_32+0xe8/0x680
[ 1208.613066][T25311]  do_fast_syscall_32+0x32/0x80
[ 1208.613077][T25311]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1208.613090][T25311] RIP: 0023:0xf70dd579
[ 1208.613100][T25311] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1208.613111][T25311] RSP: 002b:00000000f54cd590 EFLAGS: 00000293 ORIG_RAX: 0000000000000004
[ 1208.613126][T25311] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f54cd620
[ 1208.613133][T25311] RDX: 0000000000000001 RSI: 00000000f7476ff4 RDI: 0000000000000000
[ 1208.613139][T25311] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[ 1208.613145][T25311] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1208.613151][T25311] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1208.613165][T25311]  </TASK>
[ 1208.865781][T25322] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5157'.
[ 1208.931315][T25313] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1208.934370][T25313] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1208.937083][T25313] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1208.971722][T25325] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7)
[ 1208.973837][T25325] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1208.976799][T25325] vhci_hcd vhci_hcd.0: Device attached
[ 1209.223935][ T6230] usb 39-1: new low-speed USB device number 29 using vhci_hcd
[ 1209.478499][T25334] Invalid source name
[ 1209.587302][T25327] vhci_hcd: connection reset by peer
[ 1209.595583][ T9961] vhci_hcd vhci_hcd.1: stop threads
[ 1209.597695][ T9961] vhci_hcd vhci_hcd.1: release socket
[ 1209.599998][ T9961] vhci_hcd vhci_hcd.1: disconnect device
[ 1210.524003][T25363] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5173'.
[ 1210.526345][T25351] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(5)
[ 1210.529471][T25351] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1210.532276][T25351] vhci_hcd vhci_hcd.0: Device attached
[ 1210.546700][T17694] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1210.549493][T17694] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1210.661372][T25368] netlink: 'syz.3.5174': attribute type 10 has an invalid length.
[ 1210.671010][T25368] bond0: (slave bridge0): Enslaving as an active interface with an up link
[ 1210.722715][T25364] vhci_hcd: connection closed
[ 1210.723104][ T9961] vhci_hcd vhci_hcd.1: stop threads
[ 1210.726822][ T9961] vhci_hcd vhci_hcd.1: release socket
[ 1210.728844][ T9961] vhci_hcd vhci_hcd.1: disconnect device
[ 1210.895059][ T5939] Bluetooth: hci0: command 0x040f tx timeout
[ 1210.975147][ T5939] Bluetooth: hci4: command 0x041b tx timeout
[ 1210.985160][ T5939] Bluetooth: hci1: command 0x040f tx timeout
[ 1211.525490][T15612] vhci_hcd vhci_hcd.2: vhci_device speed not set
[ 1212.101627][T25396] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7)
[ 1212.104880][T25396] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[ 1212.237954][T25396] vhci_hcd vhci_hcd.0: Device attached
[ 1212.475753][ T6328] usb 43-1: new low-speed USB device number 28 using vhci_hcd
[ 1212.887490][T25397] vhci_hcd: connection reset by peer
[ 1212.891433][ T9961] vhci_hcd vhci_hcd.3: stop threads
[ 1212.894044][ T9961] vhci_hcd vhci_hcd.3: release socket
[ 1212.897964][ T9961] vhci_hcd vhci_hcd.3: disconnect device
[ 1213.056091][ T5939] Bluetooth: hci4: command 0x041b tx timeout
[ 1213.794104][T25428] syzkaller0: entered promiscuous mode
[ 1213.796918][T25428] syzkaller0: entered allmulticast mode
[ 1213.970544][T25433] netlink: 40 bytes leftover after parsing attributes in process `syz.2.5195'.
[ 1214.233717][T25444] FAT-fs (nullb0): bogus number of reserved sectors
[ 1214.236981][T25444] FAT-fs (nullb0): Can't find a valid FAT filesystem
[ 1214.326863][ T6230] vhci_hcd vhci_hcd.1: vhci_device speed not set
[ 1214.814127][ T5939] Bluetooth: hci1: ACL packet for unknown connection handle 201
[ 1215.137166][ T5939] Bluetooth: hci4: command 0x041b tx timeout
[ 1215.292562][T17656] wlan0: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID
[ 1215.305337][T25457] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(4)
[ 1215.307898][T25457] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1215.310855][T25457] vhci_hcd vhci_hcd.0: Device attached
[ 1215.495489][T25463] vhci_hcd: connection closed
[ 1215.495696][ T9961] vhci_hcd vhci_hcd.0: stop threads
[ 1215.500883][ T9961] vhci_hcd vhci_hcd.0: release socket
[ 1215.503896][ T9961] vhci_hcd vhci_hcd.0: disconnect device
[ 1215.587872][   T24] usb usb40-port1: attempt power cycle
[ 1215.627841][ T6247] usb 6-1: new full-speed USB device number 42 using dummy_hcd
[ 1215.769165][T25473] FAULT_INJECTION: forcing a failure.
[ 1215.769165][T25473] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1215.774900][T25473] CPU: 0 UID: 0 PID: 25473 Comm: syz.3.5206 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1215.774919][T25473] Tainted: [L]=SOFTLOCKUP
[ 1215.774923][T25473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1215.774930][T25473] Call Trace:
[ 1215.774935][T25473]  <TASK>
[ 1215.774940][T25473]  dump_stack_lvl+0x16c/0x1f0
[ 1215.774962][T25473]  should_fail_ex+0x512/0x640
[ 1215.774992][T25473]  should_fail_alloc_page+0xe7/0x130
[ 1215.775010][T25473]  prepare_alloc_pages+0x401/0x670
[ 1215.775026][T25473]  ? find_held_lock+0x2b/0x80
[ 1215.775042][T25473]  __alloc_frozen_pages_noprof+0x18b/0x2430
[ 1215.775056][T25473]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1215.775073][T25473]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1215.775089][T25473]  ? rcu_preempt_deferred_qs_irqrestore+0x500/0xbc0
[ 1215.775107][T25473]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1215.775121][T25473]  ? kernel_text_address+0x8d/0x100
[ 1215.775134][T25473]  ? __kernel_text_address+0xd/0x40
[ 1215.775148][T25473]  ? register_lock_class+0x41/0x4b0
[ 1215.775160][T25473]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1215.775178][T25473]  ? policy_nodemask+0xea/0x4e0
[ 1215.775195][T25473]  alloc_pages_mpol+0x1fb/0x550
[ 1215.775212][T25473]  ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1215.775232][T25473]  ? __lock_acquire+0x436/0x2890
[ 1215.775251][T25473]  alloc_pages_noprof+0x131/0x390
[ 1215.775273][T25473]  pte_alloc_one+0x1e/0x3d0
[ 1215.775295][T25473]  __pte_alloc+0x6d/0x3f0
[ 1215.775316][T25473]  ? __pfx___pte_alloc+0x10/0x10
[ 1215.775337][T25473]  ? walk_to_pmd+0x305/0x4c0
[ 1215.775361][T25473]  __get_locked_pte+0xa1/0xc0
[ 1215.775385][T25473]  insert_page+0x101/0x200
[ 1215.775400][T25473]  ? __pfx_insert_page+0x10/0x10
[ 1215.775420][T25473]  vm_insert_page+0x2c6/0x450
[ 1215.775433][T25473]  ? kasan_save_track+0x14/0x30
[ 1215.775455][T25473]  binder_alloc_new_buf+0x2320/0x31f0
[ 1215.775485][T25473]  ? __pfx_binder_alloc_new_buf+0x10/0x10
[ 1215.775509][T25473]  binder_transaction+0x1d1a/0x9d50
[ 1215.775542][T25473]  ? finish_task_switch.isra.0+0x2e0/0xbd0
[ 1215.775565][T25473]  ? rcu_is_watching+0x12/0xc0
[ 1215.775587][T25473]  ? __pfx_binder_transaction+0x10/0x10
[ 1215.775600][T25473]  ? __schedule+0x114b/0x5ee0
[ 1215.775636][T25473]  ? __lock_acquire+0x436/0x2890
[ 1215.775653][T25473]  ? rcu_is_watching+0x12/0xc0
[ 1215.775672][T25473]  ? irqentry_exit+0x1dd/0x8c0
[ 1215.775685][T25473]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1215.775699][T25473]  ? irqentry_exit+0x1dd/0x8c0
[ 1215.775712][T25473]  ? rcu_is_watching+0x12/0xc0
[ 1215.775746][T25473]  binder_thread_write+0xaae/0x4e40
[ 1215.775774][T25473]  ? __lock_acquire+0x436/0x2890
[ 1215.775788][T25473]  ? __pfx_binder_thread_write+0x10/0x10
[ 1215.775803][T25473]  ? binder_debug+0xde/0x1a0
[ 1215.775826][T25473]  ? binder_debug+0xde/0x1a0
[ 1215.775845][T25473]  ? __pfx_binder_debug+0x10/0x10
[ 1215.775865][T25473]  ? find_held_lock+0x2b/0x80
[ 1215.775893][T25473]  ? __pfx_binder_ioctl+0x10/0x10
[ 1215.775922][T25473]  binder_ioctl+0x2916/0x7360
[ 1215.775944][T25473]  ? tomoyo_path_number_perm+0x295/0x580
[ 1215.775967][T25473]  ? tomoyo_path_number_perm+0x18d/0x580
[ 1215.775985][T25473]  ? lock_acquire+0x104/0x330
[ 1215.775999][T25473]  ? __pfx_tomoyo_path_number_perm+0x10/0x10
[ 1215.776017][T25473]  ? __pfx_binder_ioctl+0x10/0x10
[ 1215.776036][T25473]  ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1215.776060][T25473]  ? do_vfs_ioctl+0x128/0x14f0
[ 1215.776080][T25473]  ? __pfx_do_vfs_ioctl+0x10/0x10
[ 1215.776105][T25473]  ? find_held_lock+0x2b/0x80
[ 1215.776123][T25473]  ? hook_file_ioctl_common+0x144/0x410
[ 1215.776147][T25473]  ? __fget_files+0x20e/0x3c0
[ 1215.776166][T25473]  ? __fput_deferred+0x430/0x480
[ 1215.776184][T25473]  ? __pfx_binder_ioctl+0x10/0x10
[ 1215.776198][T25473]  compat_ptr_ioctl+0x6e/0xa0
[ 1215.776214][T25473]  ? __pfx_compat_ptr_ioctl+0x10/0x10
[ 1215.776232][T25473]  __ia32_compat_sys_ioctl+0x242/0x370
[ 1215.776253][T25473]  __do_fast_syscall_32+0xe8/0x680
[ 1215.776271][T25473]  do_fast_syscall_32+0x32/0x80
[ 1215.776287][T25473]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1215.776306][T25473] RIP: 0023:0xf7fc3579
[ 1215.776319][T25473] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1215.776333][T25473] RSP: 002b:00000000f54b655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036
[ 1215.776349][T25473] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201
[ 1215.776359][T25473] RDX: 00000000800001c0 RSI: 0000000000000000 RDI: 0000000000000000
[ 1215.776368][T25473] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1215.776377][T25473] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1215.776386][T25473] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1215.776407][T25473]  </TASK>
[ 1215.776845][T25473] binder_alloc: 25472: binder_install_single_page failed to insert page at offset 0 with -12
[ 1215.789289][ T6247] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1215.938407][ T6247] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1215.941214][ T6247] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64
[ 1215.944608][ T6247] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[ 1215.947372][ T6247] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1215.951567][T25468] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1215.955319][ T6247] hub 6-1:1.0: bad descriptor, ignoring hub
[ 1215.957230][ T6247] hub 6-1:1.0: probe with driver hub failed with error -5
[ 1215.959988][ T6247] cdc_wdm 6-1:1.0: skipping garbage
[ 1215.961695][ T6247] cdc_wdm 6-1:1.0: skipping garbage
[ 1215.966358][ T6247] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[ 1215.968569][ T6247] cdc_wdm 6-1:1.0: Unknown control protocol
[ 1216.148110][   T24] usb usb40-port1: unable to enumerate USB device
[ 1216.267982][T15842] usb 6-1: USB disconnect, device number 42
[ 1216.617972][ T6247] usb 6-1: new full-speed USB device number 43 using dummy_hcd
[ 1216.705635][T25496] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5214'.
[ 1216.708518][   T24] usb usb40-port2: attempt power cycle
[ 1216.709624][T25495] sctp: [Deprecated]: syz.3.5214 (pid 25495) Use of struct sctp_assoc_value in delayed_ack socket option.
[ 1216.709624][T25495] Use struct sctp_sack_info instead
[ 1216.797484][ T6247] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1216.800939][ T6247] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1216.803780][ T6247] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64
[ 1216.817994][ T6247] usb 6-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[ 1216.820862][ T6247] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1216.829054][T25467] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1216.832146][ T6247] hub 6-1:1.0: bad descriptor, ignoring hub
[ 1216.834071][ T6247] hub 6-1:1.0: probe with driver hub failed with error -5
[ 1216.843510][ T6247] cdc_wdm 6-1:1.0: skipping garbage
[ 1216.845201][ T6247] cdc_wdm 6-1:1.0: skipping garbage
[ 1216.847585][ T6247] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[ 1216.849580][ T6247] cdc_wdm 6-1:1.0: Unknown control protocol
[ 1217.150154][ T6247] usb 6-1: USB disconnect, device number 43
[ 1217.218315][ T5939] Bluetooth: hci4: command 0x041b tx timeout
[ 1217.288897][   T24] usb usb40-port2: unable to enumerate USB device
[ 1217.608510][ T6328] vhci_hcd vhci_hcd.3: vhci_device speed not set
[ 1217.826638][T25515] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[ 1218.550374][T25529] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5226'.
[ 1218.906913][T15612] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[ 1219.014579][T25542] FAULT_INJECTION: forcing a failure.
[ 1219.014579][T25542] name failslab, interval 1, probability 0, space 0, times 0
[ 1219.018705][T25542] CPU: 1 UID: 0 PID: 25542 Comm: syz.1.5229 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1219.018725][T25542] Tainted: [L]=SOFTLOCKUP
[ 1219.018729][T25542] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1219.018736][T25542] Call Trace:
[ 1219.018741][T25542]  <TASK>
[ 1219.018747][T25542]  dump_stack_lvl+0x16c/0x1f0
[ 1219.018796][T25542]  should_fail_ex+0x512/0x640
[ 1219.018810][T25542]  ? __kmalloc_cache_noprof+0x5f/0x800
[ 1219.018825][T25542]  should_failslab+0xc2/0x120
[ 1219.018841][T25542]  __kmalloc_cache_noprof+0x80/0x800
[ 1219.018858][T25542]  ? _raw_spin_unlock_irqrestore+0x52/0x80
[ 1219.018876][T25542]  ? nf_tables_addchain.constprop.0+0x2ee/0x1c90
[ 1219.018894][T25542]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[ 1219.018924][T25542]  ? nf_tables_addchain.constprop.0+0x2ee/0x1c90
[ 1219.018941][T25542]  nf_tables_addchain.constprop.0+0x2ee/0x1c90
[ 1219.018968][T25542]  ? nft_chain_lookup+0x5be/0xaa0
[ 1219.018988][T25542]  ? __pfx_nf_tables_addchain.constprop.0+0x10/0x10
[ 1219.019009][T25542]  ? __pfx_nft_chain_lookup+0x10/0x10
[ 1219.019020][T25542]  ? __lock_acquire+0x436/0x2890
[ 1219.019042][T25542]  ? nla_strcmp+0xff/0x130
[ 1219.019057][T25542]  ? nft_table_lookup.part.0+0x1e3/0x230
[ 1219.019076][T25542]  nf_tables_newchain+0x206d/0x2da0
[ 1219.019092][T25542]  ? __pfx_find_held_lock+0x1/0x10
[ 1219.019108][T25542]  ? net_generic+0xea/0x2a0
[ 1219.019141][T25542]  ? __nla_validate_parse+0x600/0x2880
[ 1219.019158][T25542]  ? __pfx_nf_tables_newchain+0x10/0x10
[ 1219.019176][T25542]  ? __pfx___nla_validate_parse+0x10/0x10
[ 1219.019197][T25542]  ? __nla_parse+0x40/0x60
[ 1219.019213][T25542]  nfnetlink_rcv_batch+0x190d/0x2350
[ 1219.019235][T25542]  ? __pfx_nfnetlink_rcv_batch+0x10/0x10
[ 1219.019251][T25542]  ? irqentry_exit+0x1dd/0x8c0
[ 1219.019261][T25542]  ? rcu_is_watching+0x12/0xc0
[ 1219.019282][T25542]  ? __nla_validate_parse+0xf5/0x2880
[ 1219.019309][T25542]  ? __nla_parse+0x40/0x60
[ 1219.019326][T25542]  nfnetlink_rcv+0x3c1/0x430
[ 1219.019339][T25542]  ? __pfx_nfnetlink_rcv+0x10/0x10
[ 1219.019355][T25542]  netlink_unicast+0x5aa/0x870
[ 1219.019374][T25542]  ? __pfx_netlink_unicast+0x10/0x10
[ 1219.019395][T25542]  netlink_sendmsg+0x8c8/0xdd0
[ 1219.019414][T25542]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1219.019432][T25542]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[ 1219.019447][T25542]  ____sys_sendmsg+0xa5d/0xc30
[ 1219.019459][T25542]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1219.019469][T25542]  ? get_compat_msghdr+0x11a/0x170
[ 1219.019487][T25542]  ? __lock_acquire+0x436/0x2890
[ 1219.019499][T25542]  ___sys_sendmsg+0x134/0x1d0
[ 1219.019514][T25542]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1219.019528][T25542]  ? lock_acquire+0x179/0x330
[ 1219.019544][T25542]  ? find_held_lock+0x2b/0x80
[ 1219.019565][T25542]  __sys_sendmsg+0x16d/0x220
[ 1219.019580][T25542]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1219.019594][T25542]  ? __pfx___schedule+0x10/0x10
[ 1219.019613][T25542]  ? rcu_is_watching+0x12/0xc0
[ 1219.019631][T25542]  __do_fast_syscall_32+0xe8/0x680
[ 1219.019644][T25542]  do_fast_syscall_32+0x32/0x80
[ 1219.019655][T25542]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1219.019668][T25542] RIP: 0023:0xf709d579
[ 1219.019677][T25542] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1219.019688][T25542] RSP: 002b:00000000f548d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1219.019698][T25542] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0
[ 1219.019705][T25542] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1219.019711][T25542] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1219.019716][T25542] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1219.019723][T25542] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1219.019736][T25542]  </TASK>
[ 1219.059593][T15612] usb 5-1: Using ep0 maxpacket: 32
[ 1219.177609][T15612] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36
[ 1219.184732][T15612] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[ 1219.189543][T15612] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1219.193570][T15612] usb 5-1: Product: syz
[ 1219.194928][T25546] binder: 25545:25546 ioctl c0306201 800003c0 returned -14
[ 1219.195634][T15612] usb 5-1: Manufacturer: syz
[ 1219.199565][T15612] usb 5-1: SerialNumber: syz
[ 1219.202410][T15612] usb 5-1: config 0 descriptor??
[ 1219.204604][T25532] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1219.207835][T15612] hub 5-1:0.0: bad descriptor, ignoring hub
[ 1219.209960][T15612] hub 5-1:0.0: probe with driver hub failed with error -5
[ 1219.214076][T15612] input: syz syz as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/input/input35
[ 1219.277261][T25550] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5232'.
[ 1219.299852][T17832] Bluetooth: hci4: command 0x041b tx timeout
[ 1219.413978][ T6024] usb 5-1: USB disconnect, device number 29
[ 1219.414009][    C0] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[ 1220.013962][T25569] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5241'.
[ 1220.195389][ T6024] usb 7-1: new full-speed USB device number 31 using dummy_hcd
[ 1220.316352][T17832] Bluetooth: hci4: Unable to find connection with handle 0x00c9
[ 1220.326407][T25577] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5243'.
[ 1220.351436][ T6024] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1220.354658][ T6024] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 2
[ 1220.357849][ T6024] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64
[ 1220.361616][ T6024] usb 7-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00
[ 1220.364452][ T6024] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1220.368807][T25565] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[ 1220.372344][ T6024] hub 7-1:1.0: bad descriptor, ignoring hub
[ 1220.374881][ T6024] hub 7-1:1.0: probe with driver hub failed with error -5
[ 1220.377983][ T6024] cdc_wdm 7-1:1.0: skipping garbage
[ 1220.379675][ T6024] cdc_wdm 7-1:1.0: skipping garbage
[ 1220.382329][ T6024] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[ 1220.384386][ T6024] cdc_wdm 7-1:1.0: Unknown control protocol
[ 1220.430540][T25573] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1220.432601][T25573] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1220.434519][T25573] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1220.476175][T25581] FAULT_INJECTION: forcing a failure.
[ 1220.476175][T25581] name failslab, interval 1, probability 0, space 0, times 0
[ 1220.480383][T25581] CPU: 0 UID: 0 PID: 25581 Comm: syz.1.5245 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1220.480401][T25581] Tainted: [L]=SOFTLOCKUP
[ 1220.480405][T25581] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1220.480412][T25581] Call Trace:
[ 1220.480416][T25581]  <TASK>
[ 1220.480420][T25581]  dump_stack_lvl+0x16c/0x1f0
[ 1220.480440][T25581]  should_fail_ex+0x512/0x640
[ 1220.480453][T25581]  ? __kmalloc_cache_noprof+0x5f/0x800
[ 1220.480468][T25581]  should_failslab+0xc2/0x120
[ 1220.480484][T25581]  __kmalloc_cache_noprof+0x80/0x800
[ 1220.480497][T25581]  ? ovs_nla_get_identifier+0x81/0xf0
[ 1220.480512][T25581]  ? ovs_nla_get_identifier+0x81/0xf0
[ 1220.480523][T25581]  ovs_nla_get_identifier+0x81/0xf0
[ 1220.480535][T25581]  ovs_flow_cmd_new+0x3ff/0xe30
[ 1220.480553][T25581]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[ 1220.480567][T25581]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290
[ 1220.480581][T25581]  ? genl_rcv_msg+0x55c/0x800
[ 1220.480590][T25581]  ? netlink_rcv_skb+0x158/0x420
[ 1220.480606][T25581]  ? genl_rcv+0x28/0x40
[ 1220.480615][T25581]  ? ___sys_sendmsg+0x134/0x1d0
[ 1220.480629][T25581]  ? __sys_sendmsg+0x16d/0x220
[ 1220.480642][T25581]  ? __do_fast_syscall_32+0xe8/0x680
[ 1220.480653][T25581]  ? do_fast_syscall_32+0x32/0x80
[ 1220.480663][T25581]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1220.480698][T25581]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290
[ 1220.480710][T25581]  ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290
[ 1220.480724][T25581]  genl_family_rcv_msg_doit+0x209/0x2f0
[ 1220.480736][T25581]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 1220.480748][T25581]  ? genl_get_cmd+0x194/0x580
[ 1220.480760][T25581]  ? bpf_lsm_capable+0x9/0x10
[ 1220.480775][T25581]  ? security_capable+0x7e/0x260
[ 1220.480792][T25581]  ? ns_capable+0xd7/0x110
[ 1220.480807][T25581]  genl_rcv_msg+0x55c/0x800
[ 1220.480820][T25581]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1220.480831][T25581]  ? __pfx_ovs_flow_cmd_new+0x10/0x10
[ 1220.480847][T25581]  ? __lock_acquire+0x436/0x2890
[ 1220.480874][T25581]  netlink_rcv_skb+0x158/0x420
[ 1220.480891][T25581]  ? __pfx_genl_rcv_msg+0x10/0x10
[ 1220.480902][T25581]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 1220.480924][T25581]  ? netlink_deliver_tap+0x1ae/0xd30
[ 1220.480942][T25581]  genl_rcv+0x28/0x40
[ 1220.480951][T25581]  netlink_unicast+0x5aa/0x870
[ 1220.480969][T25581]  ? __pfx_netlink_unicast+0x10/0x10
[ 1220.480996][T25581]  ? __asan_memset+0x23/0x50
[ 1220.481010][T25581]  ? __build_skb_around+0x278/0x390
[ 1220.481022][T25581]  ? is_vmalloc_addr+0x86/0xa0
[ 1220.481037][T25581]  netlink_sendmsg+0x8c8/0xdd0
[ 1220.481056][T25581]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1220.481074][T25581]  ? aa_sock_msg_perm.constprop.0+0x100/0x1b0
[ 1220.481088][T25581]  ____sys_sendmsg+0xa5d/0xc30
[ 1220.481100][T25581]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1220.481109][T25581]  ? get_compat_msghdr+0x11a/0x170
[ 1220.481130][T25581]  ___sys_sendmsg+0x134/0x1d0
[ 1220.481146][T25581]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1220.481167][T25581]  ? find_held_lock+0x2b/0x80
[ 1220.481189][T25581]  __sys_sendmsg+0x16d/0x220
[ 1220.481204][T25581]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1220.481224][T25581]  ? do_user_addr_fault+0x843/0x1370
[ 1220.481240][T25581]  __do_fast_syscall_32+0xe8/0x680
[ 1220.481252][T25581]  do_fast_syscall_32+0x32/0x80
[ 1220.481262][T25581]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1220.481275][T25581] RIP: 0023:0xf709d579
[ 1220.481284][T25581] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00
[ 1220.481294][T25581] RSP: 002b:00000000f548d55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172
[ 1220.481304][T25581] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000
[ 1220.481311][T25581] RDX: 000000000000c000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1220.481317][T25581] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[ 1220.481323][T25581] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1220.481329][T25581] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1220.481343][T25581]  </TASK>
[ 1220.672995][T25565] netlink: 'syz.2.5239': attribute type 13 has an invalid length.
[ 1220.746508][T25595] netlink: 24 bytes leftover after parsing attributes in process `syz.3.5250'.
[ 1220.861372][ T6328] usb 7-1: USB disconnect, device number 31
[ 1221.122582][T25598] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[ 1221.124821][T25598] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[ 1221.130118][T25598] vhci_hcd vhci_hcd.0: Device attached
[ 1221.180729][   T24] usb 7-1: new full-speed USB device number 32 using dummy_hcd
[ 1221.320672][   T24] usb 7-1: device descriptor read/64, error -71
[ 1221.334675][T25602] vhci_hcd: connection closed
[ 1221.335860][ T9964] vhci_hcd vhci_hcd.3: stop threads
[ 1221.342131][ T9964] vhci_hcd vhci_hcd.3: release socket
[ 1221.345051][ T9964] vhci_hcd vhci_hcd.3: disconnect device
[ 1221.387762][T25608] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5253'.
[ 1221.470065][T25606] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1221.472988][T25606] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1221.475861][T25606] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 1221.560683][   T24] usb 7-1: new full-speed USB device number 33 using dummy_hcd
[ 1221.710772][   T24] usb 7-1: device descriptor read/64, error -71
[ 1221.793152][T25597] ------------[ cut here ]------------
[ 1221.794939][T25597] WARNING: mm/shmem.c:1402 at shmem_evict_inode+0x8eb/0xbe0, CPU#1: syz.3.5252/25597
[ 1221.797897][T25597] Modules linked in:
[ 1221.799305][T25597] CPU: 1 UID: 0 PID: 25597 Comm: syz.3.5252 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1221.803342][T25597] Tainted: [L]=SOFTLOCKUP
[ 1221.804758][T25597] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1221.808159][T25597] RIP: 0010:shmem_evict_inode+0x8eb/0xbe0
[ 1221.809947][T25597] Code: fe e8 e9 25 bc ff 45 85 ff 75 ac e8 3f 2b bc ff 48 8b 74 24 28 48 8b 7c 24 30 e8 50 77 93 ff e9 e5 fd ff ff e8 26 2b bc ff 90 <0f> 0b 90 e9 54 f9 ff ff e8 18 2b bc ff 4c 89 e2 48 b8 00 00 00 00
[ 1221.816140][T25597] RSP: 0018:ffffc9000d0b7958 EFLAGS: 00010293
[ 1221.818060][T25597] RAX: 0000000000000000 RBX: ffff888077e85c10 RCX: ffffffff82022fee
[ 1221.820556][T25597] RDX: ffff88806f4824c0 RSI: ffffffff8202369a RDI: 0000000000000007
[ 1221.820919][   T24] usb usb7-port1: attempt power cycle
[ 1221.823088][T25597] RBP: ffffc9000d0b7a80 R08: 0000000000000007 R09: 0000000000000000
[ 1221.827355][T25597] R10: 0000000000000008 R11: ffff88806f482ff0 R12: 0000000000000008
[ 1221.829869][T25597] R13: 0000000000000000 R14: ffff888077e85c40 R15: ffff888077e85b00
[ 1221.832615][T25597] FS:  0000000000000000(0000) GS:ffff8880977f8000(0000) knlGS:0000000000000000
[ 1221.835417][T25597] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[ 1221.837493][T25597] CR2: 00000000f73897d8 CR3: 000000004dcf3000 CR4: 0000000000352ef0
[ 1221.840026][T25597] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1221.842560][T25597] DR3: ffffffffefffff15 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[ 1221.845764][T25597] Call Trace:
[ 1221.846850][T25597]  <TASK>
[ 1221.847806][T25597]  ? inode_wait_for_writeback+0x170/0x390
[ 1221.849725][T25597]  ? __pfx_shmem_evict_inode+0x10/0x10
[ 1221.851783][T25597]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[ 1221.853706][T25597]  ? find_held_lock+0x2b/0x80
[ 1221.855211][T25597]  ? evict+0x37e/0xad0
[ 1221.856691][T25597]  ? __pfx_shmem_evict_inode+0x10/0x10
[ 1221.858404][T25597]  evict+0x3c2/0xad0
[ 1221.859674][T25597]  ? find_held_lock+0x2b/0x80
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1221.861433][T25597]  ? __pfx_evict+0x10/0x10
[ 1221.862910][T25597]  ? iput.part.0+0x619/0x1190
[ 1221.864413][T25597]  iput.part.0+0x621/0x1190
[ 1221.865869][T25597]  iput+0x35/0x40
[ 1221.867059][T25597]  dentry_unlink_inode+0x29c/0x480
[ 1221.868694][T25597]  __dentry_kill+0x1d0/0x600
[ 1221.870200][T25597]  finish_dput+0x76/0x480
[ 1221.871654][T25597]  dput.part.0+0x451/0x570
[ 1221.873085][T25597]  dput+0x1f/0x30
[ 1221.874269][T25597]  __fput+0x51c/0xb70
[ 1221.875568][T25597]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1221.877218][T25597]  task_work_run+0x150/0x240
[ 1221.878724][T25597]  ? __pfx_task_work_run+0x10/0x10
[ 1221.880368][T25597]  ? do_raw_spin_unlock+0x172/0x230
[ 1221.882080][T25597]  do_exit+0x87f/0x2bd0
[ 1221.883525][T25597]  ? __pfx_do_exit+0x10/0x10
[ 1221.885116][T25597]  ? preempt_schedule_thunk+0x16/0x30
[ 1221.886995][T25597]  do_group_exit+0xd3/0x2a0
[ 1221.888464][T25597]  __ia32_sys_exit_group+0x3e/0x50
[ 1221.890121][T25597]  ia32_sys_call+0x1276/0x1c90
[ 1221.891903][T25597]  __do_fast_syscall_32+0xe8/0x680
[ 1221.893527][T25597]  do_fast_syscall_32+0x32/0x80
[ 1221.895103][T25597]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1221.897325][T25597] RIP: 0023:0xf7fc3579
[ 1221.898685][T25597] Code: Unable to access opcode bytes at 0xf7fc354f.
[ 1221.900913][T25597] RSP: 002b:00000000ffdca12c EFLAGS: 00000282 ORIG_RAX: 00000000000000fc
[ 1221.903628][T25597] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[ 1221.906168][T25597] RDX: 0000000000000000 RSI: 00000000ffffff9c RDI: 00000000f7456ff4
[ 1221.909336][T25597] RBP: 000000000000002c R08: 0000000000000000 R09: 0000000000000000
[ 1221.912397][T25597] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1221.915036][T25597] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1221.917613][T25597]  </TASK>
[ 1221.918749][T25597] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 1221.921306][T25597] CPU: 1 UID: 0 PID: 25597 Comm: syz.3.5252 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[ 1221.924757][T25597] Tainted: [L]=SOFTLOCKUP
[ 1221.926131][T25597] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 1221.929581][T25597] Call Trace:
[ 1221.930666][T25597]  <TASK>
[ 1221.931633][T25597]  dump_stack_lvl+0x3d/0x1f0
[ 1221.933115][T25597]  vpanic+0x640/0x6f0
[ 1221.934397][T25597]  ? shmem_evict_inode+0x8eb/0xbe0
[ 1221.936120][T25597]  panic+0xca/0xd0
[ 1221.937331][T25597]  ? __pfx_panic+0x10/0x10
[ 1221.938821][T25597]  ? check_panic_on_warn+0x1f/0xb0
[ 1221.940448][T25597]  check_panic_on_warn+0xab/0xb0
[ 1221.942035][T25597]  __warn+0x108/0x3c0
[ 1221.943312][T25597]  __report_bug+0x2a0/0x520
[ 1221.944750][T25597]  ? shmem_evict_inode+0x8eb/0xbe0
[ 1221.946378][T25597]  ? __pfx___report_bug+0x10/0x10
[ 1221.948027][T25597]  ? find_held_lock+0x2b/0x80
[ 1221.949531][T25597]  ? timestamp_truncate+0x21e/0x2d0
[ 1221.951305][T25597]  ? shmem_evict_inode+0x8eb/0xbe0
[ 1221.952982][T25597]  report_bug+0xb2/0x220
[ 1221.954363][T25597]  ? shmem_evict_inode+0x8eb/0xbe0
[ 1221.956076][T25597]  handle_bug+0x127/0x260
[ 1221.957486][T25597]  exc_invalid_op+0x17/0x50
[ 1221.958958][T25597]  asm_exc_invalid_op+0x1a/0x20
[ 1221.960563][T25597] RIP: 0010:shmem_evict_inode+0x8eb/0xbe0
[ 1221.962426][T25597] Code: fe e8 e9 25 bc ff 45 85 ff 75 ac e8 3f 2b bc ff 48 8b 74 24 28 48 8b 7c 24 30 e8 50 77 93 ff e9 e5 fd ff ff e8 26 2b bc ff 90 <0f> 0b 90 e9 54 f9 ff ff e8 18 2b bc ff 4c 89 e2 48 b8 00 00 00 00
[ 1221.968477][T25597] RSP: 0018:ffffc9000d0b7958 EFLAGS: 00010293
[ 1221.970386][T25597] RAX: 0000000000000000 RBX: ffff888077e85c10 RCX: ffffffff82022fee
[ 1221.973647][T25597] RDX: ffff88806f4824c0 RSI: ffffffff8202369a RDI: 0000000000000007
[ 1221.976147][T25597] RBP: ffffc9000d0b7a80 R08: 0000000000000007 R09: 0000000000000000
[ 1221.978643][T25597] R10: 0000000000000008 R11: ffff88806f482ff0 R12: 0000000000000008
[ 1221.981112][T25597] R13: 0000000000000000 R14: ffff888077e85c40 R15: ffff888077e85b00
[ 1221.983612][T25597]  ? shmem_evict_inode+0x23e/0xbe0
[ 1221.985277][T25597]  ? shmem_evict_inode+0x8ea/0xbe0
[ 1221.986908][T25597]  ? shmem_evict_inode+0x8ea/0xbe0
[ 1221.988547][T25597]  ? inode_wait_for_writeback+0x170/0x390
[ 1221.990348][T25597]  ? __pfx_shmem_evict_inode+0x10/0x10
[ 1221.992088][T25597]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[ 1221.993982][T25597]  ? find_held_lock+0x2b/0x80
[ 1221.995501][T25597]  ? evict+0x37e/0xad0
[ 1221.996795][T25597]  ? __pfx_shmem_evict_inode+0x10/0x10
[ 1221.998529][T25597]  evict+0x3c2/0xad0
[ 1221.999791][T25597]  ? find_held_lock+0x2b/0x80
[ 1222.001284][T25597]  ? __pfx_evict+0x10/0x10
[ 1222.002716][T25597]  ? iput.part.0+0x619/0x1190
[ 1222.004231][T25597]  iput.part.0+0x621/0x1190
[ 1222.005682][T25597]  iput+0x35/0x40
[ 1222.006862][T25597]  dentry_unlink_inode+0x29c/0x480
[ 1222.008501][T25597]  __dentry_kill+0x1d0/0x600
[ 1222.009965][T25597]  finish_dput+0x76/0x480
[ 1222.011343][T25597]  dput.part.0+0x451/0x570
[ 1222.012759][T25597]  dput+0x1f/0x30
[ 1222.013936][T25597]  __fput+0x51c/0xb70
[ 1222.015253][T25597]  ? _raw_spin_unlock_irq+0x23/0x50
[ 1222.016890][T25597]  task_work_run+0x150/0x240
[ 1222.018407][T25597]  ? __pfx_task_work_run+0x10/0x10
[ 1222.020035][T25597]  ? do_raw_spin_unlock+0x172/0x230
[ 1222.021680][T25597]  do_exit+0x87f/0x2bd0
[ 1222.023057][T25597]  ? __pfx_do_exit+0x10/0x10
[ 1222.024525][T25597]  ? preempt_schedule_thunk+0x16/0x30
[ 1222.026229][T25597]  do_group_exit+0xd3/0x2a0
[ 1222.027709][T25597]  __ia32_sys_exit_group+0x3e/0x50
[ 1222.029404][T25597]  ia32_sys_call+0x1276/0x1c90
[ 1222.030982][T25597]  __do_fast_syscall_32+0xe8/0x680
[ 1222.032606][T25597]  do_fast_syscall_32+0x32/0x80
[ 1222.034154][T25597]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[ 1222.036184][T25597] RIP: 0023:0xf7fc3579
[ 1222.038242][T25597] Code: Unable to access opcode bytes at 0xf7fc354f.
[ 1222.040360][T25597] RSP: 002b:00000000ffdca12c EFLAGS: 00000282 ORIG_RAX: 00000000000000fc
[ 1222.042971][T25597] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000000
[ 1222.045450][T25597] RDX: 0000000000000000 RSI: 00000000ffffff9c RDI: 00000000f7456ff4
[ 1222.047914][T25597] RBP: 000000000000002c R08: 0000000000000000 R09: 0000000000000000
[ 1222.050390][T25597] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000
[ 1222.052918][T25597] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[ 1222.055416][T25597]  </TASK>
[ 1222.057138][T25597] Kernel Offset: disabled
[ 1222.058536][T25597] Rebooting in 86400 seconds..