last executing test programs:

1m57.091555188s ago: executing program 1 (id=558):
ioctl$COMEDI_SUBDINFO(0xffffffffffffffff, 0x80486402, &(0x7f0000000000)) (async)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="4400000010003704040800"/20, @ANYRES32=0x0, @ANYBLOB="0000000000220000240012800e00010069703665727370616e00000010000280040012000600030007000000"], 0x44}, 0x1, 0x0, 0x0, 0x40040041}, 0x0)

1m57.01327625s ago: executing program 1 (id=559):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x0, 0x0)
pread64(r0, &(0x7f0000000040)=""/111, 0x6f, 0x6c38)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="280000001200576d100000000000000007000000", @ANYRES32=0x0, @ANYBLOB="000002000000000008001d00fb"], 0x28}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$gtp(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$GTP_CMD_DELPDP(r2, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000026bd7000fbdbdf2501000000080005006b1414aa0600060003000000189c8e597b332807426e165d54a1cbf5dbdf3d70529fb088481d45f108d6e76d554f7dde0b8c7c46edb93909d5e3e9c4b6401917527c81e23ecea4bce721a6dc97abc30a5f2759cab63f30261eb2284e5dbe6d612fc65cad8c5fdc5546032a0bcf0c4615cc889bb1c568618e4a60e696849f49925250f258c3c37a6e3dbcba84f7e4204686d81534c7014d34dfcef373666726a2de63dfc50e7cd402e31eab6d8957276fd3c476ac5b1d8901e7f394506593111a01930c2f5deb1ee7510f2690d4bee41cea89372e4783b374ce4766784ca3f8648801456557abaf27a82ebf9125256b"], 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x40891)

1m57.013010779s ago: executing program 1 (id=560):
syz_genetlink_get_family_id$tipc2(&(0x7f0000000d00), 0xffffffffffffffff)
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x400000000000004)
socket$xdp(0x2c, 0x3, 0x0)
writev(r0, &(0x7f0000000140)=[{&(0x7f0000000240)="480000001400190d09004beafd0d8c562c84ed7a80ffe05e959126dda8900db462060f000000000000a2bc5603ca00000f7f8900000ec00000000101ff0000000309ff5bffff00c7", 0x48}], 0x1)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6)
write$bt_hci(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB="0000ffff3201"], 0x138)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$TIPC_NL_LINK_GET(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRESHEX=0x0, @ANYBLOB="030700000000000000000800000068000480040007801300010062726f6164636173742d6c696e6b00001900078008000300000000000800020000000000080003000000000008000200000000000800030000000000040004"], 0x7c}}, 0x0)

1m56.922918164s ago: executing program 1 (id=561):
mkdir(&(0x7f00000020c0)='./file0\x00', 0x1c8)
mount$bind(&(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x315901c, 0x0)
chroot(&(0x7f0000001140)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f00000000c0)='./file0/../file0\x00', &(0x7f0000000100)='./file0\x00')
mkdir(&(0x7f0000000600)='./file0\x00', 0x102)
mount$9p_virtio(&(0x7f0000000ac0), &(0x7f0000000b00)='./file0\x00', &(0x7f0000000b40), 0x0, &(0x7f0000000c00)={'trans=virtio,', {[{@access_client}, {@version_u}]}})

1m56.863951497s ago: executing program 1 (id=562):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = syz_open_dev$ndb(&(0x7f0000000100), 0x0, 0x1a18c1)
ioctl$NBD_SET_SIZE(r1, 0xab02, 0x6)
r2 = accept4$x25(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x12, 0x80800)
setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000080)='pim6reg1\x00', 0x10)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="64000000100001002abd7000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="02200100ca340300140003006e657464657673696d30000000000000300016802c00018028000100"], 0x64}}, 0x0)

1m56.412892999s ago: executing program 1 (id=565):
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
ioctl$VIDIOC_G_FREQUENCY(r0, 0xc02c5638, &(0x7f0000000580)={0x0, 0x3, 0x461})
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x6, 0x8, 0x8, 0x40, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xfdfffffc, 0x0, 0x80000000}, 0x50)

1m56.356354458s ago: executing program 32 (id=565):
r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0)
ioctl$VIDIOC_G_FREQUENCY(r0, 0xc02c5638, &(0x7f0000000580)={0x0, 0x3, 0x461})
bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x1, 0x6, 0x8, 0x8, 0x40, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xfdfffffc, 0x0, 0x80000000}, 0x50)

3.560274663s ago: executing program 2 (id=2121):
r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x40007ff, 0x28842)
ioctl$VIDIOC_ENUMSTD(r0, 0xc0485619, &(0x7f0000000080)={0xfffffffb, 0x320000, "cde939b73644e113dd00b3eb443710d2ab8943e11513fc39", {0x3, 0xa0}, 0x101})
ioctl$XFS_IOC_OPEN_BY_HANDLE(r0, 0xc038586b, &(0x7f00000005c0)={r0, &(0x7f0000000400)='\x00', 0x2600, &(0x7f0000000440)={@_ha_fsid={[0x3, 0x5]}, {0x3, 0x7, 0x0, 0x63}}, 0x7ff, &(0x7f0000000480), &(0x7f0000000580)=0x3})
r1 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi4\x00', 0x200, 0x0)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000000)={0x3, 0x30364d54, 0x92f9, 0x6, 0x3, @discrete={0x3, 0x800}})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = socket$netlink(0x10, 0x3, 0x15)
writev(r3, &(0x7f0000000300)=[{&(0x7f00000001c0)="390000001300034700bb5be1c3e4feff06000000010000004500000025000000190004000400ad000d00000000000006040000000000f93132", 0x39}], 0x1)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
recvmsg$can_raw(r4, &(0x7f00000003c0)={&(0x7f0000000100)=@vsock, 0x80, &(0x7f0000000340)=[{&(0x7f0000000180)=""/78, 0x4e}, {&(0x7f0000000200)=""/114, 0x72}, {&(0x7f00000002c0)=""/101, 0x65}], 0x3, &(0x7f0000000380)=""/57, 0x39}, 0x20)
sendmsg$NFT_BATCH(r2, &(0x7f00000004c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a01080000000000000000030000000900010073797a3100000000080002400000000614000000110001"], 0x50}, 0x1, 0x0, 0x0, 0x2000004}, 0x0)
close(r2)
read(r1, 0x0, 0x0)

3.471613306s ago: executing program 3 (id=2122):
socket$inet6_tcp(0xa, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x101005)
writev(r0, &(0x7f0000000080)=[{&(0x7f0000000f40)="aefdda9d045800005a90f57f07703aefeef64ebbee07962cfff3f878f5772e11b44e65d76641cb090052e436dd2a6fc3", 0x30}, {&(0x7f0000000180)="530000002412ffa0270c8e5300000000a2ed18f1e79bff000000000000000000a55991b8f7d9ea5761cfc05bdc12c22913a248d9fc8fae5638e1588cb3db91fa10748c1427761af70d62f728303bcba70000000000000000", 0x58}], 0x2)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="6d706f6c3d6c6f63616c2c6d706f6c3d6c6f639e9986ad7a616ce07374617469633a21"])
sched_setscheduler(0x0, 0x1, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x103100, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
r3 = socket$pppl2tp(0x18, 0x1, 0x1)
r4 = socket$pppl2tp(0x18, 0x1, 0x1)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r5, {0x2, 0x0, @multicast2}, 0x2, 0x0, 0x1000}}, 0x2e)
r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000080), 0xffffffffffffffff)
close(r4)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$L2TP_CMD_SESSION_DELETE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002cbd7010fddbdf2505000000080009000200000008000c00a80a0000060001000500000008000b"], 0x3c}}, 0x20000034)
connect$pppl2tp(r3, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, r2, 0x21, 0x3, 0x0, 0x0, {0xa, 0x0, 0x6, @dev={0xfe, 0x80, '\x00', 0xe}}}}, 0x3a)
syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[], 0x0)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
socket(0x2a, 0x2, 0x0)
r8 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r9=>0x0})
sendto$packet(r8, &(0x7f0000000240)="f2435f0100088000000000850800", 0xe, 0x0, &(0x7f0000000000)={0x11, 0x1a, r9, 0x1, 0x0, 0x6, @random="a4fa2841c799"}, 0x14)

3.361488311s ago: executing program 3 (id=2123):
write$FUSE_INIT(0xffffffffffffffff, &(0x7f00000001c0)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x2, 0x75180f4f, 0xd, 0xe000, 0x10, 0x5, 0x0, 0x0, 0x1, 0x5}}, 0x50)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil})
r3 = socket$inet6_mptcp(0xa, 0x1, 0x106)
mkdirat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x67)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan0\x00'})
mount$binderfs(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='max='])
open_by_handle_at(r3, &(0x7f0000000140)=@fuse_with_parent={0x18, 0x82, {{0x81, 0x9, 0x8001}, {0x8, 0x3, 0x8}}}, 0x620000)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000140)={'syzkaller1\x00', 0xc201})
write$tun(r4, &(0x7f0000000080)=ANY=[@ANYBLOB="083c86dd0001110004"], 0xfdef)
fdatasync(r4)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='devpts\x00', 0x0, &(0x7f0000000100))
setsockopt$SO_TIMESTAMP(r3, 0x1, 0x24, &(0x7f0000000340)=0x7e, 0x4)
sendmmsg(r3, &(0x7f0000004cc0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20000010)
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000000)=[@text16={0x10, &(0x7f00000000c0)="66b80500000066b92d0000000f01c10f20df0f080f785f680f1b3600680f2297f6edf30f8679a70f01d1440f20c066350c000000440f22c0"}], 0x8, 0x0, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)

3.07134421s ago: executing program 3 (id=2124):
r0 = syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4)
setsockopt(r0, 0x9, 0x5f70, &(0x7f0000000000)="4b6be681b9c80497bcb2e23b612565f90c09e3038430f706c3a19e6de5747253fb177bd90224e248124e8489589014f21bff5ac8647edbd37fd36e3764d2baacef69950c831efdd23c6e84b54bffb14c329d3a2e0c35365e4ef549c102428d0b697279f0d7beb3a1fd470c29da0624da59b00de20e8377f750d0717556cb3888777915ad702d025a007c98438de482a6967478c361b6f9e6aca468fec1b30d47a267d18e6fdb15e7be219f4f1f6844d4b1ea557fef335385836faa79d52a818c25c7a7a581003cbf7627f6163b5241ae2de276092e09c1222c0490cbc9efe1a4b58545d5e7dd64ba7e4390ad58668b50eb1c6060acbe032798b4cadfcfba19e17cccb15443cf160e9fbeaa0e0d1d03fc9d8e8a4a387ff37b386e029cc4fdd96941dfbb63f1fcfdd441ff1799e4a723411649d8514cb4122dbce6fddab58f9bf6d77da60aa688e1278cc299225c794be0bb0b5c577514fc362dadf6e1ee0f130066f4ef9f7b6f7859df910a70286ab4ba94da557f88979bb79b95f31513e8d8acf57a60eb7501cef9675bed914fc75c4509611e7e04e0eb655613ca5fe458aeb0065af7df545bb17ad25b4fb38cf24eec60fa79d4ae7684d5389280f98eb311f91bc31c019a8bff626161155fc72debe0709e20889c99924dc1c8882d67514567998adcc7d159ec1398a059331ef59b818d79b3c559a21525c14dd3aa3f09f5be5dc9603aa8f294b01cf9d29bd79560813116d4b2c40be117f3cdeba08024754f65287247af23b95e7afe0eeb7c294715dc25be3634ae696287a931fb7727aabb78e9207bd24a21c022a2630a1db9a0cfbf798849f97904534422c6d558a007974ba28c15207aacb8e810e8580753091f0a49f873d072753bfa7efef0e49abdafd20fb358a36adfae051f1e4ba627daf3ac4f43c46950d44eccd692526409734bae9f6da19c02b227d4dac8165f96a5e14d418903158ab900701c1c52f51afdb85ed9ea50936218821c44bb5b00b28e6aa928a62a8511825032d2d66b2b00b66359864b91b69ff393c95a0c1612e9f7dbdb114d3e7dca3f99b7009f1ae62c3d3de85e0822a16e8ad446619cf21283dea7a8b248506efc78171fc773a7c658218548d8bb56b201ca583eeae326f3c2d2a331db31a1507145e6620bcad7db5ecdfd9a22faa6139869e8a617568a62037796d7d84acc39d672b975ec8233c4379a1c9c70cecb191088a412ee31d3f35c9da525d6edc49514f5e427eaacad55e0bd4affc5ade970cd47b63b1217e29708dcd4f9ab61000cb6989c9403fad3db411db170525ae94c4b78611066f9efccafea2f560af7e2b69938e0d5cabcb72572970bd63ce004738de499917b8c45bcaad49292b45873e82e19b317105ace43d85f84e50a141b2c530beaab206426338745bfc478044f72a1044aa694baf06fc19afe36d3f1a2992f4512f406b42b0c35189e386133b7982644c266c75a2aa6247cf96bc5b4e3dc6e5ed97834273ad5b2399223696158ef444e8c21c7174a7838296b2d0ea302fa3d84dd87bb3ee8cd76df5a764de8544829bd2b3579c2959357c1d5603813f2bfcd868eb3478859c924b8cb32712293d7fb277b71fe8fb2f769ab02cd981e9ce74f7270e235d629d69df59a70befbe197d930ce606d0e8f0942c454be1926334a2d76ba3ff80d188c7b10dc2bf99c5463519fbc83d63c5190d34736d2e220175c625220f1be22c30b2f92a155ceb0b177e8c9df18906b71df7a5aa6a1460cfcdec8dd1fd3365c00f51ecb0bd328ce7e6b01a2d8c03d72c830a7d2f45f321aa15124c9d9256eaa198714a2e73fbfd7062d5330b62e1159aa450aed777723b2c619b1a9600722225add348f262211f039f55ebe90ac4fa0523b8b1692196ffa18f8e3d818e72ddd2a347014057d7b4d20cd39d63bde26d624140bb4c8b97e708ac3d3fd048cd26cd51871fe6a87a88981ee37e5a55626ef4eb2eba901a4eec7d494a153656555248274ca0cdddeff396f0d2d35d47bac0db287a49a90bd6b640f7a00c1d7e5b6f7709281d89c2c08e65f09bce7eca7c12bd14f2798ad4dfac5b564ebf6b2abb5aa2fae2d796d0cbfa6b52c5247790b9e6b78a3c879926603b7217ebe9f04f22f73027abc4f5351034618b276647123cd0a374112d03c5e2e121bc9e362b23eb92c3e781ad629ff5614d03b8a059ea4e125d08b1e20782420c44a9311edc231bb561554199c802bd0969af53364c17061f065333db87531362d1c8d004969b01175d4d9814bdb0b1ebf6cb9fd2d7eaca11e4cecce6e4ad96e1de650134ccb429351e3592da9ec2aec3508b0079664cbe6fd12f9956b6a2f3b8c65ef4c115dda7d61c501ec7dcd6a0647b719e22e752d7da09cba9e363aeb810234ac920bbc90b995da2867fe10dea5c0ad38382cf750a84c8bc8535638d53ffaa62d8f4b9a342f1bf4f608f3cb1e6f8d9cb08b6768b03a67a2985a3046062a5c8e049ec22aaee1c842159963ea5062e54ffaaf8cff7100be7d443e100d6d783691462931a46a30e596b252effb36fb82756d699fe6897a0bbd12bf51a90b1f6e71338daaf75cc6a431ff1ebf7646d5d13b325df105529c2d3690aec03ec638cd7462d25337f7cc62e583fe498c9effb4981d2fd809a723daa57bac75aa0d25c0119183d652ec57baa5618eb6ae0ab0744a3a80c97adc9b3d97ed47a4210fdcb34fb959689d86ee41db4789bb8d7b1f7581c4addcbeac7bcf9c50177f973c651f3f9af1fb15a30aa8d40dcfa4b4b538a2cf6e83cde9e367deaae6dd30b88f4e2f8480353cb8c9bc7d64fdc7bedee15ec1e9dd1235a1c0237ecee09f0997b9e544223e04f1ccbdd5bcdc6da5370f463f9969bb3a733ed7bc9350e6af2a2055b5715f50bc8672b6697051fe1dda3c1654d83f4d2d15d866960235be4aff3cf6fbb0e760631b4a9b34aab9ea8b2d5d68b2d59ac37a07b696c83f47f979b02579fef650f9d261e335c69ea7f2df0212410d5180ebc74476050103a4f8543ba7bbb01b7e7c7fe117c2d36152c051d5740121f6fc9b97217a33122846c38107dbcecefa085c2742fa3633b192b18ac8d0f2a677a8831e1ad8ff76537418fffeedc4a93b02810e178dcf224fa91e9cf28ab6fcd1d83cc870a8b6c15794a37b1a7d22d31ff2e3ba4f107d354a38d78fc95aa5c557e08b169a089ec6cf77f96831ed1a6dc4b035ef70101e22e980ba5d6d749e019c5e056c791f4a5e72777aa3e02390487446fbc6f704f86c96bcb7e5c009c61662a9977cb3d71a02f538a45556af7c11fa05cf99c74a08818bf83eb1151dac83986173c7cccc8503d643131bd23388c440d93986a4b6985e0b55e15d6300875e4df10085d1d3e3f443e3e602ed708a779e97a91c6bafa7eb98b5f6e75071a33d2589e81c666b92ce91741211fbe0946f922989468f7e41d743286483f74eb1a0092c654d2c95966369414071c98f09bf1ada7bd75612a4615cd773618c9dec794159325a17beb0a9c7cb559346ffaf760d635c121a5dff7167b8235a29242d971d5972ac342babbacc37807cb1d9365815113af4b420f6e0a21600b5f6ac0d8fef895e12ad1c8ceebf399739f5aad9bd40375000821c29f3337f461e58965c3318e2cac9b0da6bd6167c99e89e4f57f69ae3dfd4347d949766f2ff6333380e3dfad818043a886d87506b984749cf03f0a5d665659489a141df43e84b2a1973222efc14adc47c722caef1050c7eb9b5f9be9dad86f8873d53454201c03f03c462b7ecc5bff4d145a9205600f624466d532486ed0467029f3c877b003f6f6493690a56a491fc2546801f3da114a9714ca8f003fec730625b350b5c2143840b9c5b3f05a2c04d5b13a806552caf09474d08f8bed91372da9212fc871d2a084721a572a8fb7d8d4e6f28b72b392a36f8f327a07981b5a66b5f5d4c7dc2494da37fae01982f55ccb4974a55ba16ffa2bb564992709775a07d3fdc97ddd68ac3aba6ab967dffc0a839de8087d6fa609b7a697b25fb9c19da2d0fb50fee0c63424315aed625f979ddd343630f605a30504da6d3ee2fc8891458aa56070ac905bce7d0a04faa43df84dfe813b859e7c96ebb61e7692ac20bb1bce809e866d7c51544cf18a25519615d128a328cea975770bc15bf6886858c09fd53d0a25e081614d0c905b5974eb9d0ec05767f9b96d373f729d44343dc4947948351d6019b051531d0999af189d09b13569f19f15e0eb40e833bf3e8220d6ff546ab5efc3c7c21ac857392e0da3f7f04a823870e99180b9cb7b4cffcee8afcce26b3501cae3178e798fd5406c6ae4a3ccec89e8def8bd857629a887c6f85677116f322c91ca29c8f3497a2c4cbaf33512706a7ec701c8a7322b30ef28f1a1da8aa4538ab312485c91286d598a7d14586e8dbed906bbd3d799c2ac0111aae9ad4b3e6790f1651dd5edc955c4d4276a5a04769909f44beaf95a411d7a0abc5fcadd21b93ff783f5fcaee7ac933f473e51d93ff86824e76156c3a69fb82294edef1aaf0248c4dca907efa0f97818bbf157784a43b3aa651e517c16fdb1bfce243722de4b968e7c1ece61a58d057f0a0c5b9c03243db0d19becb2a8e3748778158d9679ce11ab29e1278713a27b8a817dfb49f67025ef361c28e00aaf97fe442411f40309e874e087c9e06c10a748eeaaf434f46f1f13057a3c48f890053cef710a572d924c0d1739675b2a2a02a3dbde07b191c484e7826eaea982d567bd83d8ac663238ec4167964ab19955c09701c688dd0627172d5671c79f0b200564d4e3ca4e33459b0d9b860bd279dc2ef66e663311e09a08f0fb90c33a76e06f4c3e2f3e57dde46662a086a56413b8ed66053ffda2e5af18d6013bac8461476664ccea0f5d3a2ed92e691b92b1b118ff5fb06212255b9517fbc9e183652e93f5f0a9f18bfce8cae043f6338b6b7101a1ffa80c12b86e63ea131557c4dce83829362a25daec2a9981ba1225e8ee3cce351a9d593e20bf4867872225b2738dac1ad45b114338541c60a7407318b93b5414839b52e4695c0cc355ac100a5724905e6bed57f339525478df74688735e297a8924690a67448bcb83ce858219b0a58ac238acb22726781985ca99d26f5d2b0d31ba574233e9eb3228dd21161c60e9924a946ceb8e41217e1fa44e4fb57645b9c705988b0a6c82c2483cb110c357b01a3274cd58792441d2bd32ac4941cb4a33d1a4f7331aeb24cab783b47b8c094f2d1ef17efba920660523b2e6dccc4f1cad1e37915489d1c0325950230a5555db22a9a495dad508cec968d19afcf4cbaf3681d5b0405f295e2bf3c3eff9ddc78fb1c5e5f62e944619e6b6e091206ac898b7770648c0f0ad482ce791b68f98f7df4f0d9f87c73ed33080d34302a15536cf5c4c6d5a2899d7c07c6d5c5a1ff3fb6fd03e2a7c275c2b4f29b3f646a81bfe43a1f687838f3f66d80055a6b511b3019672f20a7c42720326a67d22e1fef454d85e33da1761518f29d60ce68c28d21957aaf273fc7683638872803059bf1cdd6a5d203544af3ad43312ae774712de3f769987be153efde4914293bcd227c265f8db58f0554971966c904be31c96e26f22c50b0f2ebd973e7ae8e031e860942265599d3b590ccc0b91d9da8acf5fcd7f5073fb6c743638be2a700c11b1e132f318cb899007c6f9dea95ed922decea463d1a3fa63c995bd3e70c555fb2d453a1955661118e4d05cee38a746ca9b5a677f3efe0446a73e93939bdb12784be1abaa87d44a14c0aa1cf725b03d715b39f3", 0x1000)
ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r0, 0x800442d4, &(0x7f0000001000)=0x1000) (async)
read$FUSE(0xffffffffffffffff, &(0x7f0000001040)={0x2020, 0x0, <r1=>0x0, 0x0, <r2=>0x0}, 0x2020)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000003080)={{0x1, 0x1, 0x18, <r3=>r0, {<r4=>0xffffffffffffffff, <r5=>0xee00}}, './file0\x00'})
write$FUSE_ATTR(0xffffffffffffffff, &(0x7f00000030c0)={0x78, 0x0, r1, {0x1, 0x4, 0x0, {0x3, 0x1, 0x3, 0xbb4, 0x3, 0x101, 0x1, 0x4, 0x9, 0x6000, 0x5, 0x0, r5, 0x5, 0x8}}}, 0x78) (async)
r6 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
getsockopt$bt_BT_POWER(r6, 0x112, 0x9, &(0x7f0000003140)=0xbf, &(0x7f0000003180)=0x1) (async)
mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x1000000) (async)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000003200)={0x3, &(0x7f00000031c0)=[{0x8, 0x0, 0x4, 0x7}, {0x0, 0xff, 0x3, 0x6}, {0xe, 0x1, 0x0, 0xabb4}]}) (async)
r8 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000003240), 0xe31e3d5caf4602d3, 0x0)
ioctl$SOUND_MIXER_WRITE_VOLUME(r8, 0xc0044d10, &(0x7f0000003280)=0x39) (async)
getsockopt$inet_mreqsrc(r3, 0x0, 0x28, &(0x7f00000032c0)={@private, @local}, &(0x7f0000003300)=0xc) (async)
r9 = openat$tun(0xffffffffffffff9c, &(0x7f0000003340), 0x6000, 0x0)
tee(r7, r9, 0x1, 0x1) (async, rerun: 32)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r3, 0x10e, 0x1, &(0x7f0000003380)=0x13, 0x4) (async, rerun: 32)
ioctl$KVM_GET_DIRTY_LOG(r3, 0x4010ae42, &(0x7f00000033c0)={0x10201, 0x0, &(0x7f0000ffc000/0x4000)=nil})
ioctl$PPPIOCSACTIVE(r3, 0x40107446, &(0x7f0000003440)={0x4, &(0x7f0000003400)=[{0x3, 0x2, 0x2, 0xc}, {0x7f, 0x5, 0xe1, 0x2}, {0x1, 0x4, 0x1, 0x4}, {0x7ff, 0x8, 0x4, 0x8}]})
ioctl$TIOCSLCKTRMIOS(r7, 0x5457, &(0x7f0000003480)) (async)
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000003500), r3)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f0000003800)={&(0x7f00000034c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000037c0)={&(0x7f0000003540)={0x258, r10, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x68, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}]}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xc83}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4cf131a7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}]}, @TIPC_NLA_BEARER={0x28, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x101}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80}]}]}, @TIPC_NLA_SOCK={0x68, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x800}, @TIPC_NLA_SOCK_CON={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3000000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}, @TIPC_NLA_CON_FLAG={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6f03939}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfaf}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7fff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8000}]}]}, @TIPC_NLA_PUBL={0x14, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}]}, @TIPC_NLA_MEDIA={0xe8, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffff2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x10}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x947}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x50}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffffb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xffff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xd}]}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x800}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7b7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x14}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}]}]}, @TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x100}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x9}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x40}]}, @TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x6}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x958}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0xc6f3}]}]}, 0x258}, 0x1, 0x0, 0x0, 0x5}, 0x10) (async)
sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000003940)={&(0x7f0000003840)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000003900)={&(0x7f0000003880)={0x54, 0x0, 0x0, 0x70bd26, 0x25dfdbfe, {}, [@L2TP_ATTR_PEER_COOKIE={0xc, 0x10, 0x4}, @L2TP_ATTR_IP6_SADDR={0x14, 0x1f, @private0}, @L2TP_ATTR_UDP_CSUM={0x5, 0xd, 0x1}, @L2TP_ATTR_PEER_SESSION_ID={0x8, 0xc, 0x1}, @L2TP_ATTR_SESSION_ID={0x8}, @L2TP_ATTR_VLAN_ID={0x6, 0xe, 0x7}]}, 0x54}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000040) (async)
ioctl$UI_DEV_CREATE(r3, 0x5501)
ioctl$OCFS2_IOC_RESVSP(r0, 0x40305828, &(0x7f0000003980)={0x1, 0x1, 0xffffffffffffff45, 0x9, 0x1f66, 0x4}) (async)
r11 = openat(r3, &(0x7f0000003a80)='./file0\x00', 0x101443, 0x2)
mount$fuseblk(&(0x7f00000039c0), &(0x7f0000003a00)='./file0\x00', &(0x7f0000003a40), 0x200000, &(0x7f0000003ac0)={{'fd', 0x3d, r11}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r2}, 0x2c, {[{@allow_other}, {@allow_other}, {@default_permissions}, {@allow_other}, {@allow_other}, {@max_read={'max_read', 0x3d, 0x5}}], [{@fowner_lt={'fowner<', r4}}, {@permit_directio}]}})
setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r3, 0x84, 0xc, &(0x7f0000003bc0)=0xff, 0x4) (async)
r12 = openat$incfs(r3, &(0x7f0000003c00)='.pending_reads\x00', 0x200000, 0xd1)
getsockopt$bt_l2cap_L2CAP_CONNINFO(r12, 0x6, 0x2, &(0x7f0000003c40), &(0x7f0000003c80)=0x6)
write$UHID_DESTROY(r3, &(0x7f0000003cc0), 0x4)

3.071113201s ago: executing program 3 (id=2125):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
r1 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3)
connect$bt_rfcomm(r1, &(0x7f0000000040)={0x1f, @none, 0x1}, 0xa)
bind$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @none, 0x0, 0x1}, 0xe)
listen(r0, 0x1)

2.708856372s ago: executing program 2 (id=2127):
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0) (async)
r1 = socket$packet(0x11, 0x2, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000340)) (async)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000480)={0x1, 0x0, 0x0, &(0x7f0000000140)=""/162, &(0x7f0000000380)=""/204, 0xf000}) (async)
r2 = dup(r1)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000040)={0x1, r2}) (async, rerun: 32)
syz_io_uring_setup(0x83, &(0x7f0000000580)={0x0, 0xbfcd, 0x2, 0x0, 0x352, 0x0, r2}, 0x0, 0x0, &(0x7f0000000000)) (rerun: 32)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000090000001801000020786c256d1f0000002020207b0af8ff00000000bfa1000000ffb70200fae4ecd7d787ab55d27757a22e0008000000b703000000000000850000008de3ff009500000000"], &(0x7f0000000300)='GPL\x00', 0x1}, 0x94) (async)
r3 = syz_open_procfs(0x0, &(0x7f0000000500)='fd/3\x00') (async)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r4) (async)
socket$kcm(0x10, 0x2, 0x0) (async)
r5 = socket$kcm(0xa, 0x5, 0x0)
sendmsg$kcm(r5, &(0x7f0000002dc0)={&(0x7f0000001640)=@x25={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x2}}, 0x80, &(0x7f0000000340)}, 0x41)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0) (async)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x2c, &(0x7f0000000040)={0x4, &(0x7f0000000600)=[{0x8, 0x3, 0x40, 0x10000}, {0xff, 0x5, 0xa, 0x10000}, {0x8, 0x9, 0xc0, 0x8}, {0x8, 0xf5, 0xd, 0x9}]}) (async)
fsopen(0x0, 0x1) (async)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f0000000280)) (async)
syz_clone(0x848080, 0x0, 0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r7=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x20, 0x0, 0xfb, 0xfffff033}]}, 0x10) (async)
close_range(r6, 0xffffffffffffffff, 0x0) (async, rerun: 32)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 32)
sendmsg$IPCTNL_MSG_EXP_NEW(r8, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)=ANY=[@ANYRESOCT=r8], 0xb0}, 0x1, 0x0, 0x0, 0x4048881}, 0x40000) (async)
ioctl$KVM_GET_DEVICE_ATTR_vcpu(0xffffffffffffffff, 0x4018aee2, &(0x7f00000000c0)=@attr_set_pmu={0x0, 0x1, 0x1, 0x0}) (async, rerun: 32)
r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) (rerun: 32)
ioctl$KVM_CREATE_VM(r9, 0xae01, 0x0)

2.559551271s ago: executing program 2 (id=2128):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), r0)
r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'tunl0\x00', 0x7101})
r3 = userfaultfd(0x801)
ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x1c})
ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8)
r4 = socket$inet6(0xa, 0x802, 0x0)
connect$inet6(r4, &(0x7f0000001940)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}, 0x9}, 0x1c)
sendmmsg$inet6(r4, &(0x7f0000008740)=[{{&(0x7f0000000280)={0xa, 0x4e24, 0x6, @empty, 0x7}, 0x1c, 0x0, 0x0, &(0x7f0000000000)=ANY=[], 0x40}}], 0x1, 0x24000805)
ioctl$UFFDIO_POISON(r3, 0xc020aa08, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000005fc0)={&(0x7f0000000000)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd0600ffdbdb252100000020000300", @ANYRES32=r5, @ANYBLOB="0600eb00000800000400ec000a00060008021100000100000600f70000ff000008009e"], 0x44}}, 0x28000)

2.17135767s ago: executing program 3 (id=2129):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nfc(&(0x7f00000006c0), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000500)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01002bbd7000000000000200000008000300", @ANYRES32, @ANYBLOB='\b\x00gA'], 0x34}}, 0x0)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f00000001c0)={'wpan1\x00', <r7=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_KEY(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="3f9d00000000000000001700000008000300", @ANYRES32=r7, @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c0001800500020000000000080004000500000008000100020000"], 0x7c}, 0x1, 0x0, 0x0, 0x4004}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000080)={'wpan1\x00', <r8=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_KEY(r4, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000200)={&(0x7f0000000480)={0x118, r6, 0x10, 0x70bd26, 0x25dfdbff, {}, [@NL802154_ATTR_SEC_KEY={0x18, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "0f38116378915979b61a3cc7f8fe2d6b"}]}, @NL802154_ATTR_SEC_KEY={0x18, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "b3af3eec79ade0365d0738056a6a4f95"}]}, @NL802154_ATTR_SEC_KEY={0xc4, 0x30, 0x0, 0x1, [@NL802154_KEY_ATTR_BYTES={0x14, 0x4, "ff8e1ef56ac792c607b46ecd2aa84d02"}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5}, @NL802154_KEY_ATTR_USAGE_CMDS={0x24, 0x3, "bc5b46382a912149b2c4949e170680592a52944bd4316f89256f1fbc65e8d3b6"}, @NL802154_KEY_ATTR_ID={0x28, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x1c, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_SHORT={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6}, @NL802154_DEV_ADDR_ATTR_PAN_ID={0x6, 0x1, 0xffff}]}, @NL802154_KEY_ID_ATTR_SOURCE_SHORT={0x8, 0x4, 0x1}]}, @NL802154_KEY_ATTR_ID={0x50, 0x1, 0x0, 0x1, [@NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc}]}, @NL802154_KEY_ID_ATTR_INDEX={0x5, 0x2, 0x2}, @NL802154_KEY_ID_ATTR_SOURCE_EXTENDED={0xc, 0x5, 0x3ff}, @NL802154_KEY_ID_ATTR_MODE={0x8}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x2}, @NL802154_KEY_ID_ATTR_MODE={0x8, 0x1, 0x1}, @NL802154_KEY_ID_ATTR_IMPLICIT={0x10, 0x3, 0x0, 0x1, [@NL802154_DEV_ADDR_ATTR_EXTENDED={0xc, 0x4, {0xaaaaaaaaaaaa0202}}]}]}, @NL802154_KEY_ATTR_USAGE_FRAMES={0x5, 0x2, 0x2}]}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x118}, 0x1, 0x0, 0x0, 0x800}, 0x4800)
r9 = openat$audio(0xffffffffffffff9c, &(0x7f0000000440), 0x8000, 0x0)
ioctl$SOUND_MIXER_READ_STEREODEVS(r9, 0x80044dfb, 0xfffffffffffffffd)
sendmsg$NFC_CMD_ACTIVATE_TARGET(r0, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000780)={0x2c, r1, 0xf, 0x70bd2d, 0x25dfdbfe, {}, [@NFC_ATTR_TARGET_INDEX={0x8, 0x4, 0x1}, @NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_PROTOCOLS={0x8, 0x3, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8804}, 0x40000)
prctl$PR_GET_TSC(0x19, &(0x7f0000000000))
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r10, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000a40)=@newsa={0x14c, 0x10, 0x1, 0x0, 0x0, {{@in=@empty, @in6=@remote, 0x0, 0xfff7, 0x2000, 0x1, 0x0, 0x0, 0x0, 0x3b, 0x0, 0xffffffffffffffff}, {@in=@rand_addr=0x64010102, 0x0, 0x6c}, @in=@remote, {0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4}, {0x800000000000, 0x4, 0x40000000}, {}, 0x70bd25, 0x0, 0x2, 0x0, 0x1}, [@XFRMA_IF_ID={0x8, 0x1f, 0x4}, @algo_comp={0x48, 0x3, {{'deflate\x00'}}}, @offload={0xc, 0x1c, {0x0, 0x2}}]}, 0x14c}}, 0x4810)

2.091671718s ago: executing program 3 (id=2130):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CAP_X86_DISABLE_EXITS(r1, 0x4068aea3, &(0x7f0000000240)={0x8f, 0x0, 0x2})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = dup(r3)
ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r4, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$BLKGETDISKSEQ(r4, 0x80081280, &(0x7f0000000180))
r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0xf)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, 0x0}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r5, 0xae80, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
r7 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
setsockopt$IP_VS_SO_SET_ADD(r6, 0x0, 0x482, &(0x7f00000000c0)={0x84, @broadcast, 0x15, 0x3, 'wlc\x00', 0x2, 0x0, 0x6d}, 0x2c)
syz_usb_control_io(r7, 0x0, 0x0)
syz_usb_control_io$sierra_net(r7, 0x0, 0x0)
r8 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r8, 0xc0105b08, &(0x7f0000000040))
ioctl$VHOST_VSOCK_SET_RUNNING(r5, 0x4004af61, &(0x7f0000000140))
writev(r6, &(0x7f0000000000)=[{&(0x7f0000000200)="28af46532234c90593aee137529f52b18679e50ae534ac605e2ea907a868e059b641986ae8477be8270a4cf6c577fca1aa", 0x31}], 0x1)

1.701083312s ago: executing program 2 (id=2134):
r0 = openat$kvm(0x0, &(0x7f0000000080), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f00000000c0)={0x0, &(0x7f0000000100)=[@wr_drn={0x68, 0x20, {0x6, 0x7}}], 0x20})
ioctl$KVM_SET_GUEST_DEBUG_x86(r3, 0x4048ae9b, &(0x7f0000000140)={0x10001, 0x0, {[0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4]}})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

1.525496934s ago: executing program 2 (id=2137):
bpf$TOKEN_CREATE(0x24, &(0x7f00000000c0), 0x8)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_lsm={0x6, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000}, 0x94) (async)
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_lsm={0x6, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x2, 0x0, 0x0, 0x41000}, 0x94)
sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x24, 0x0, 0x300, 0x70bd2c, 0x25dfdbff, {}, [@L2TP_ATTR_SESSION_ID={0x8, 0xb, 0x2}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x85)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x800, 0x0)
ioctl$TUNSETDEBUG(r1, 0x400454c9, &(0x7f0000000280)=0x8)
r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x400)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000040)=[<r3=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={r3, <r4=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[<r5=>0x0, <r6=>0x0], &(0x7f0000000040), 0x2, r4})
socket$netlink(0x10, 0x3, 0x0) (async)
r7 = socket$netlink(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r8, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) (async)
sendmsg$IPVS_CMD_SET_INFO(r8, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
getsockname$packet(r8, &(0x7f0000000100)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r9, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001d40)=@newlink={0x54, 0x10, 0xffffff1f, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4408}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GENEVE_LABEL={0x8, 0xb, 0x1, 0x0, 0x4}, @IFLA_GENEVE_REMOTE={0x8, 0x2, @multicast2}, @IFLA_GENEVE_UDP_ZERO_CSUM6_TX={0x5}]}}}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x0) (async)
sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001d40)=@newlink={0x54, 0x10, 0xffffff1f, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4408}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GENEVE_LABEL={0x8, 0xb, 0x1, 0x0, 0x4}, @IFLA_GENEVE_REMOTE={0x8, 0x2, @multicast2}, @IFLA_GENEVE_UDP_ZERO_CSUM6_TX={0x5}]}}}, @IFLA_MASTER={0x8, 0xa, r9}]}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x0)
ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000580)={0x0, 0x1, &(0x7f0000000180)=[0x0], &(0x7f0000001d00)=[0x3, 0x7, 0x1fffc000, 0x7], &(0x7f0000000640)=[r6], &(0x7f0000000340), 0x0, 0xffffffffffffffff})
socket$inet_tcp(0x2, 0x1, 0x0) (async)
r10 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r10, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
connect$inet(r10, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r10, 0x6, 0x16, &(0x7f0000000340), 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r10, 0x6, 0xd, &(0x7f0000000000)='veno', 0x4) (async)
setsockopt$inet_tcp_TCP_CONGESTION(r10, 0x6, 0xd, &(0x7f0000000000)='veno', 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r10, 0x6, 0x13, 0x0, 0x0) (async)
setsockopt$inet_tcp_TCP_REPAIR(r10, 0x6, 0x13, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r2, 0xc05064a7, &(0x7f0000001840)={&(0x7f0000001680)=[0x0, 0x0], &(0x7f00000016c0)=[{}, {}, {}], &(0x7f00000017c0)=[0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0], &(0x7f0000001800)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x3, 0x6, 0x2})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r2, 0xc05064a7, &(0x7f0000001ac0)={&(0x7f00000018c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001900)=[{}, {}, {}, {}], &(0x7f0000001a40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001a80)=[0x0, 0x0, 0x0], 0x4, 0x7, 0x9}) (async)
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r2, 0xc05064a7, &(0x7f0000001ac0)={&(0x7f00000018c0)=[0x0, 0x0, 0x0, 0x0, <r12=>0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001900)=[{}, {}, {}, {}], &(0x7f0000001a40)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001a80)=[0x0, 0x0, 0x0], 0x4, 0x7, 0x9})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000001c40)={&(0x7f0000001b40)=[0x0], &(0x7f0000001b80)=[0x0, 0x0], &(0x7f0000001bc0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001c00)=[0x0, 0x0, 0x0, 0x0], 0x1, 0x2, 0x6, 0x4}) (async)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000001c40)={&(0x7f0000001b40)=[0x0], &(0x7f0000001b80)=[0x0, <r13=>0x0], &(0x7f0000001bc0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001c00)=[0x0, 0x0, 0x0, 0x0], 0x1, 0x2, 0x6, 0x4})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000001cc0)={&(0x7f0000001c80)=[r3, r6, r11, r4, r12, r5, r13], 0x7, 0x100800}) (async)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000001cc0)={&(0x7f0000001c80)=[r3, r6, r11, r4, r12, r5, r13], 0x7, 0x100800})
sendto$inet(r10, &(0x7f00000004c0)='<', 0x381, 0x805, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001600)={r0, 0x0, 0x2b, 0x1000, &(0x7f0000000080)="9ec9319ab59761f79e6ebc02fa0b804a307c9e3de1f9a904194761a2964fc909e6b0b5b0201c93c36697ef", &(0x7f00000004c0)=""/4096, 0xbb, 0x0, 0xc8, 0x34, &(0x7f00000014c0)="08778957a1237c859cba604dbabdbefddd647003bebf4701fbfb0834354c2fb22ad8792602c73073ad60394f070439cf265cbb6ecc690507a64d2787bf30a1401097d000a98c69df524e353810addb7f19b2e2f8f25e364ba35e33c243b344a116213520023b32481f33b1746f1ddc6e24fe16cf1f72bff634d8282ce42d976a637902c287fe9b2a0fe209775526fad9370601bd5190417e47ce2a17885f476e6a7cdcbfc4f254b064b0089a935d04e9abc46a7e85b08a3fb27b04a4045faf4dfe1f00fa66e4bc6c", &(0x7f00000015c0)="a0079fdbddc1744a7f257729d79c0fcb627348c9fbceba11576adf7df924c9845afcee6a57974acf6bb61f794756e236f4a90c4c", 0x1}, 0x50)
mount(&(0x7f0000000300)=@md0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000440)='tracefs\x00', 0x14451, &(0x7f0000000480)='/dev/net/tun\x00')

731.677975ms ago: executing program 4 (id=2145):
sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x400c1)
r0 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)
syz_emit_ethernet(0x4e, &(0x7f00000006c0)={@link_local, @empty, @void, {@llc_tr={0x11, {@llc={0xaa, 0xdc, "e42c", "5aa2ce0347c0c67b5a2f8584db0f1ebb47f647231b7d8022bd913e3284427d563df0eb6bc8b51bea354d1ef8ac5b448889373507ad7c15ccc2e2ee03"}}}}}, 0x0)
r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
fchdir(r1)
syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00')
mount(&(0x7f0000000000), &(0x7f0000000040)='./cgroup\x00', 0x0, 0x1001, 0x0)
sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x10, 0x3e8, 0x100, 0x70bd2a, 0x25dfdbff, "", ["", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x48800}, 0x810)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000400)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xe}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)
r3 = openat$uhid(0xffffffffffffff9c, &(0x7f00000003c0), 0x802, 0x0)
close(r3)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
r5 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000080)={0x42, 0x80000009, 0x3}, 0x10)
r6 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000040)={0x442, 0x2}, 0x10)
r7 = socket$tipc(0x1e, 0x5, 0x0)
sendmsg$tipc(r7, &(0x7f0000000380)={&(0x7f0000000140)=@name={0x1e, 0x2, 0x3, {{0x42, 0x2}}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x48004)
sendmsg$NFNL_MSG_ACCT_NEW(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x20, 0x0, 0x7, 0x301, 0x0, 0x0, {}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}}, 0x0)
sendmsg$NFNL_MSG_ACCT_DEL(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000080)={0x20, 0x3, 0x7, 0x301, 0x0, 0x0, {0x5, 0x0, 0xfffc}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x20044800)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r11=>0x0})
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000003c0)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r12, @ANYBLOB="010025bd7000000000000200000008000300", @ANYRES32=r11, @ANYBLOB="08009f000600000008002600b409000005005201"], 0x3c}, 0x1, 0x0, 0x0, 0x4c854}, 0x4040000)
sendmsg$NL80211_CMD_CONNECT(r8, &(0x7f00000005c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000580)={&(0x7f0000000500)={0x58, 0x0, 0x800, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r11}, @void}}, [@NL80211_ATTR_MAC_HINT={0xa, 0xc8, @from_mac=@broadcast}, @NL80211_ATTR_PREV_BSSID={0xa, 0x4f, @from_mac=@broadcast}, @NL80211_ATTR_DISABLE_VHT={0x4}, @NL80211_ATTR_VHT_CAPABILITY={0x10, 0x9d, {0xc000800, {0xa, 0x1, 0x3, 0x1024}}}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x4}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xb}]}, 0x58}, 0x1, 0x0, 0x0, 0x24040cc2}, 0x4c801)

621.626202ms ago: executing program 2 (id=2146):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
r2 = socket$kcm(0x2, 0xa, 0x2)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r3, 0x5408, &(0x7f00000000c0)={0xcf50, 0x0, 0xffff, 0x9dff, 0x15})
ioctl$KDFONTOP_SET(r3, 0x4b72, &(0x7f0000000380)={0x0, 0x1, 0xb, 0x1a, 0x125, 0xffffffffffffffff})
write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0xfffffff9, 0x0, 0xd, "0062007d82000000000000002240f7ffffff00"})
r4 = syz_open_pts(r3, 0x0)
r5 = dup3(r4, r3, 0x0)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000200)=0x17)
r6 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x0, 0x40, &(0x7f0000000840)=@raw={'raw\x00', 0x8, 0x3, 0x348, 0x2b0, 0x43, 0xa0, 0x1c0, 0x98, 0x2b0, 0x178, 0x178, 0x2b0, 0x178, 0x49, 0x0, {[{{@ip={@loopback, @multicast1, 0x0, 0x0, 'bridge_slave_1\x00', 'ip6erspan0\x00'}, 0x12a, 0x190, 0x1c0, 0x0, {0x0, 0x7a010000}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x8, 0x0, 'syz0\x00'}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0xd, 0x3, 0x5919e514, 0x1}}}, {{@uncond, 0x0, 0xd0, 0xf0, 0x0, {}, [@common=@unspec=@time={{0x38}, {0x101, 0x4033e375, 0x4bb5, 0x1400b, 0x8000, 0x80, 0x3}}, @inet=@rpfilter={{0x28}, {0x4}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x3a8)
r7 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
utimensat(r7, 0x0, &(0x7f0000000040)={{0x0, 0xea60}, {0x0, 0x3ffffffe}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x10, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b4000000000000007910480000000000710064000000000095000000000000dea0e50e2317db042855d6c74ff3493c7e31e3f6c643155a8e2e01d50bc3347475750472719cc516fa14b769e7f385ba72c60242263c05ddab05e37efe81b8bffc35cdf2ac0d93263ff755d611c4cca1684b1470af6a822b6aa430ad2d700b186da622d6fba70000000000000000000000000200"/173], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94)
ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000680), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_RINGS_SET(r8, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="090000002000fddbdf251000000008000900122200001800018014000200776c616e30000000000000000000000090f6766c942c62922a3d7eede0ed4816ee1200d33a2482ef56"], 0x34}}, 0x8006)
setsockopt$inet6_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4)
write$tun(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="0a000000bbbbbbbbbbbbaaaaaaaaaabb86dd6d002000001011ff00000000000100070000000000000000ff0200000000000000000000000000014f194e20"], 0xfdef)
ioctl$TUNSETLINK(r1, 0x400454cd, 0x308)

621.290679ms ago: executing program 4 (id=2147):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000240)={'wpan0\x00', <r1=>0x0})
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
r2 = syz_genetlink_get_family_id$nl802154(&(0x7f00000005c0), 0xffffffffffffffff)
bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000002fc0)={0x3, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3}, 0x50)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL802154_CMD_NEW_SEC_LEVEL(r3, &(0x7f0000002200)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)={0x40, r2, 0x637, 0x1070bd26, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r1}, @NL802154_ATTR_SEC_LEVEL={0x24, 0x2d, 0x0, 0x1, [@NL802154_SECLEVEL_ATTR_LEVELS={0x5, 0x1, 0x3}, @NL802154_SECLEVEL_ATTR_CMD_FRAME={0x8, 0x3, 0x2}, @NL802154_SECLEVEL_ATTR_DEV_OVERRIDE, @NL802154_SECLEVEL_ATTR_FRAME={0x8, 0x2, 0x3}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4008041}, 0x4000000)

480.966585ms ago: executing program 4 (id=2148):
ioctl$KVM_SET_LAPIC(0xffffffffffffffff, 0x4400ae8f, &(0x7f0000000340)={"6fd2530c26281df2fbeec138099f901b6a41d7882382835d377e4024d1dd24a297a4633011effd5471c88e84542a374834f1cdbc874a5d540e99a298559abbbdf39b0310ffe9aa05442cf00ece7966e2bdf2adda97c9f55382aac0bc15c14d14ccd86b2d35bc23b2413e239327422aa961db54d7700e09cfaf2f9c05dc1d0e5bd2471fcce5bb8659829ce3d6fcea46824ec47c383bccfc142095169786f83fcee04ba2fb8791585dc54be848d2e40bfa75cf435e29f92c8a1b47547b5520525a23312c0a84969ff0d5a0db6baafa3db40edfc401e7b7c1b82907ae603a1a2384515ea643bbac071eb466bb1ca0db7eeb49726a377c7461f502f8e67a1f765c6a5e8d703adbe5cca0b1172a219724e4adc1ceb5001141a57e5af9de05884d2bcb675e22a3cc676446ed945a16ae04c88ff15dfaf0a7286a0f938fbd9e7457a815a2947cb24acaefc63488c2eb633ed2926747778b58233abb03d3dcaa0f9ce80e0bdabd1c42383d9ea3d4adc424ff55b1212a70e2a6811345b7a9423bb506c7259f61d4118c7250d8af96a15f1ee88d0f92011b37c143fa77bc8cd9d1827f69662f47e2454471862f6f423143a7e2ce0c0b86bc91848ac3d9de55ae6c7ca2a52fcc8113137f79b7fcc93fa6548399fffe3f1e07adcae4c04917bc9af6879280bc750daa59cdf4c6d6c8b578fb5a871aaa36992ac617cb28a6c9771172016a81967599c79cdd3dc4507bba005ab93ee53c114000c20bc0e151057f3e8588540278b5b44f58b748692149b1e9532bca1751263c619ebc686a24715d41f83d76ea0bf702d16c64d44aa2ee8ff572c68b28c5f9f48b6be9a26d94ef9e12a84c7d144164ba539db4761635aac50ce649a0b85250e362e09ec696741ce4f87ea249a1ed55845b81d2a4d6840e452d9765ed4ffc176d1e5c5ce9c65f71522ff6f9daa581aa95121b216b483ea4ad9ba74be8612759dc22790f39c409da30ff4704f5f79be576b3f24ea83d051702e8d5aea64c070b215883228848662b6545827291f4d1455febed68503e42e5fa9396e0cd14cf81f146e525c909e76bdf4cfef49a55faf6d895b1577028edf2b1c0e3560c64f666b9f7f09509c8e098d036557b0b98096d3e4b8459abb0b6f2e0eae980c609115879b5360f79019229f711236d4f4e69afcc7f1c4ac4871f8b2d79e1d4bb62337d62394ee1c5c94d9bd50a14e822f58653692f6751b5431eac19c0a9cc302bd6101aba65df5af5702e88cb9533756b20b173862e48020c830977faa6826bd8934a507502a93cb36913cbe4a1ee0e02f191932069264bb0fbe8333d9235cb6c0cc921216b3e5b274c128057ab4433f76d0116f965b24cd768dd87f423465aa719c555595a7462edf4ae593d9edc76ccec69df32e5f67260f8fdcdc4646a00a087d26197ac3062c7fbcfbecb15154a3444"})
syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000080)={0x0, &(0x7f00000000c0)=[@code={0x1, 0x60, {"3ef30fc735fc9a00003e0f01c8c4417df1a9b398000066b824008ec8460f79f2c4e1717db49c26000000b9800000c00f3235000400000f307b9666baa00066b8000066ef66bad1040f01c2260f78da"}}], 0x60})
syz_kvm_add_vcpu$x86(0x0, &(0x7f00000000c0)={0x0, 0x0})
openat$hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x4ea400, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = socket(0x15, 0x5, 0x0)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10)
getsockopt(r2, 0x200000000114, 0x2716, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002)
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f0000000340)={0x73622a85, 0x1000, 0x4})
ioctl$BINDER_GET_NODE_DEBUG_INFO(r4, 0xc018620b, &(0x7f00000001c0))
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000740)={[0x35, 0x7, 0x0, 0x180, 0x4, 0x10, 0xf1, 0x37f, 0x8, 0x2, 0x6, 0x9, 0x0, 0x9, 0x80000000000, 0xbdb], 0x51001, 0x3c4210})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

280.765258ms ago: executing program 0 (id=2150):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0) (async)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0) (async)
r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1}) (async)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280), 0x240, 0x0)
ioctl$TIOCPKT(r2, 0x5420, &(0x7f0000000300)=0x7)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x38, [0xb, 0xc95a, 0x1, 0x8, 0x7ffffffb, 0x2, 0x80007, 0x83, 0x20000006, 0xca, 0x6, 0x5f, 0x8, 0x5, 0xfeff2d37, 0xffffff00, 0x20100001, 0x3, 0x0, 0x5, 0x6, 0x9, 0x7, 0x3c5b, 0x1, 0x24, 0x8006, 0x1, 0x5, 0xffffffff, 0x5, 0x4, 0x7, 0x89d2, 0x9, 0x4c74, 0x80000000, 0x40000, 0x0, 0xe, 0xfffffffc, 0x80008071, 0x7, 0x18, 0xd, 0x3, 0xfffffa01, 0x42, 0x8f, 0x4006, 0x6, 0x80000000, 0x0, 0x7, 0x8, 0x400, 0x80, 0x0, 0x4, 0x7, 0x6, 0x4, 0x7, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x1, 0xc8, 0xf9, 0x11, 0x400, 0x6c7, 0x2, 0xfffffffc, 0x3, 0x0, 0x84, 0x5, 0x2f, 0x10, 0x312, 0xd, 0xffff, 0x2, 0x4, 0x7, 0x7fff, 0x5a7c, 0x7ffe, 0x401, 0x802, 0x7, 0x0, 0x1, 0x4, 0x5f31, 0xd, 0x7f, 0x2, 0x4, 0xb, 0x3ff, 0x20009, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xfffe, 0xfffffffe, 0xd5e, 0x9, 0x5, 0x3, 0x8, 0xa6d, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x1], [0x7, 0x408, 0x8004, 0x6, 0xffffffff, 0xd, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x2000000, 0x1ef, 0x5, 0x8, 0x10000, 0x80000000, 0x30f0, 0x7, 0xb, 0x5, 0x2, 0x0, 0x5a9c, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x1fe, 0x7c, 0x7, 0x4, 0x0, 0xffe, 0xa2, 0x7, 0x4000a9, 0x5, 0x7, 0x8c8, 0x2000af, 0xfffffffe, 0x8, 0x7ff, 0x123, 0x4, 0x7, 0xfff, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2004, 0x6, 0x0, 0x27], [0x9, 0xbb33, 0x7, 0x81, 0x8, 0x42c2, 0x3, 0x6, 0x0, 0x5, 0x4e7, 0x5, 0x2, 0x8007, 0x4, 0x8000003, 0x101, 0x10000, 0x4, 0x7ffc, 0x81, 0x2000a620, 0x2, 0x7, 0x1, 0x2, 0x5, 0xe7, 0x8, 0x10000018, 0xfffffffe, 0x80000003, 0x6, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x1, 0x7e, 0xda4, 0x9602, 0x7, 0xaf, 0x8, 0x4, 0xffffffff, 0x5, 0x45, 0xc, 0x30b1d693, 0x5, 0x1f40, 0x1, 0x41, 0x6c1b, 0x0, 0x804, 0xac1, 0xb1e, 0xd7, 0x9, 0xffff3441, 0xfff]}, 0x45c)
r3 = socket$nl_route(0x10, 0x3, 0x0)
connect$netlink(r3, &(0x7f0000000540), 0xc) (async, rerun: 64)
ppoll(&(0x7f00000000c0)=[{}, {0xffffffffffffffff, 0x300}], 0x20000000000000dc, 0x0, 0x0, 0x0) (rerun: 64)
bpf$MAP_CREATE(0x0, &(0x7f0000000880)=ANY=[@ANYBLOB="1900000004000000040000000200000000000000", @ANYRES32=0x1, @ANYBLOB="fcffffff00"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000f6ffffffffffffff000000000000000000000000216154eead4fe61f00d3e98df3fee2b6545fe2349a4f4bb6a21a249a45f8e3df5366e5c1342ba4c95b78a5c1ec99d2bb1bad668abbcebf3b46181fefc7a204b3a1c8103059fa465c205f8559e899e86a4184bef033d28752fe5c1cc43e374ffa6b2c7e6d27b231a4e4b021592adf985d7f1896d94b6d6108cf2b14711a4378df"], 0x50)
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0) (async)
r4 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000280)='/dev/comedi4\x00', 0x200, 0x0)
ioctl$COMEDI_INSNLIST(r4, 0x8010640b, &(0x7f00000000c0)={0xffffffffffffff11, 0x0}) (async, rerun: 64)
r5 = dup(r0) (rerun: 64)
ioctl$BLKRRPART(r5, 0x125f, 0x0) (async)
ioctl$BLKZEROOUT(r0, 0x127f, &(0x7f00000000c0)={0x600, 0x80600}) (async)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1e, 0xe, &(0x7f0000000880)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000001c0)={0x0, 0x4}, 0x8, 0x10, &(0x7f0000000040), 0x10}, 0x94)
mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, &(0x7f0000000040)=0x8001, 0x100, 0x0) (async)
set_mempolicy_home_node(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x0) (async)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r6, 0x2000000, 0xe, 0x0, &(0x7f0000000200)='\x00'/14, 0x0, 0xc69a, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

200.233444ms ago: executing program 0 (id=2151):
r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x0, 0x2280)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)=0x60)
ioctl$PPPIOCGIDLE32(r1, 0x8008743f, &(0x7f0000000000))
ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r0, 0x4020565b, &(0x7f00000000c0)={0x0, 0xc})

199.437371ms ago: executing program 4 (id=2152):
setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', &(0x7f0000000100)=ANY=[@ANYRES32=0x0], 0x24, 0x0)
symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x400c804)
r1 = gettid()
process_vm_readv(r1, 0x0, 0x0, &(0x7f00000011c0)=[{0xfffffffffffffffc}], 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r3 = openat$cgroup_netprio_ifpriomap(r2, &(0x7f0000000180), 0x2, 0x0)
write$cgroup_netprio_ifpriomap(r3, &(0x7f0000000200)=ANY=[@ANYBLOB], 0xa)
r4 = socket$packet(0x11, 0x3, 0x300)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
setsockopt$packet_fanout(r4, 0x107, 0x12, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="04"], 0x2)
r5 = io_uring_setup(0xb, &(0x7f0000000040)={0x0, 0x6492, 0xc000, 0x8, 0xc1})
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000004"], 0x50)
io_uring_enter(r5, 0x2219, 0x7721, 0x16, 0x0, 0x0)
renameat2(0xffffffffffffffff, &(0x7f0000000240)='./bus\x00', 0xffffffffffffffff, &(0x7f00000002c0)='./file7\x00', 0x7)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file7\x00', 0x1ac)
renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000000)='./file7/file0\x00', 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)

198.246043ms ago: executing program 0 (id=2153):
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
memfd_create(&(0x7f0000000180)='\b\x9dF\xd8\b\xb3~u\xa5\"\xdc\xfdq\xf6c\r;\xfcO\x8c=\x81\xb1\xfa\x8b\x8aWpA\xd4\x98\x85K\x89>N\x8ar\x17O\x0fKR\xe2{mn\xcc\xbf2\xc0\xa7\x14\xd0\xd4\xfe/m\xdf\xb6]\xc2\xaa\x86\xec(\xf7\xcd\xa6\xd9n^.\x13*\xd4\xb8\xe8\xc4\xefb\x14Vx\xc6\xfe\x9e\xee\xe7\xd7E\xe9\t\x83\xdeNX\xec\xe66\x1b\x97$\xee\x845n,B\xd5?\xe5E:+Pm\x1d\xb4\xb8\xeb\xe8Op2\x82\xc7\x0e\x97\x03\xef\x1a\xa5\x00.\x89\b!m\f\xd9\x8b$}\x9f\fX\x81\xa8\xf6\x94\xbc\xed\x80|l]\xe9\xca\xd3\xc9\xa3\x9e\x9cJI\xf1\xa2\xa0\xc4:\x00\x00\x00\x00\x00\x00\b\xfey\bJ\x86\x8d\xdf\x16\xbb3\x85\xf5\xe0zYe\xc2\n\x0f\x87\xc4\x8f\x8e\xec\xee\xcd\f\xe9\xc8\xbc\x97,\xb7!\xf2\x93\xd3\t\xd9=\x93\x1d\x945\x97\x1e\x9d\xa6\xe9\xa6\xf9p,\xf7v>\xcd\xd9\xc4\x1b\x9c(\xb8\x90\xdeg\xbf[n\x82\x96\xaev\xd4\xac \x14\xf0\x18@\xc3\xf1\xe2\x14\x1c\x0f\xa4-\xde\xae\xfa;\xaf\xae\x06\x9ag\x02\x98\xd0C2\xe7?\xfb\xb01\x9d\xf8\xd3Q\xb3\xb2\x18V\xe8\x8c\x87\xf4\t\x1c\x85\xa4\xc1\xb1\xf4k!G\xf5\xbb\xbbs&\xeac\xb3\xafW\x846\v\xb3\xca\xeb\xb7\x9e\x9e#]\x10lj\xaf\xaf\xd1\'{\x11\xaa,\x0f\xc5OY\"\x82\x84\xb6:J\x8c\xf37\x1d\xca\xf1\xef\x9f\xcf\a\xcf\xcb', 0x0) (async)
memfd_create(&(0x7f0000000180)='\b\x9dF\xd8\b\xb3~u\xa5\"\xdc\xfdq\xf6c\r;\xfcO\x8c=\x81\xb1\xfa\x8b\x8aWpA\xd4\x98\x85K\x89>N\x8ar\x17O\x0fKR\xe2{mn\xcc\xbf2\xc0\xa7\x14\xd0\xd4\xfe/m\xdf\xb6]\xc2\xaa\x86\xec(\xf7\xcd\xa6\xd9n^.\x13*\xd4\xb8\xe8\xc4\xefb\x14Vx\xc6\xfe\x9e\xee\xe7\xd7E\xe9\t\x83\xdeNX\xec\xe66\x1b\x97$\xee\x845n,B\xd5?\xe5E:+Pm\x1d\xb4\xb8\xeb\xe8Op2\x82\xc7\x0e\x97\x03\xef\x1a\xa5\x00.\x89\b!m\f\xd9\x8b$}\x9f\fX\x81\xa8\xf6\x94\xbc\xed\x80|l]\xe9\xca\xd3\xc9\xa3\x9e\x9cJI\xf1\xa2\xa0\xc4:\x00\x00\x00\x00\x00\x00\b\xfey\bJ\x86\x8d\xdf\x16\xbb3\x85\xf5\xe0zYe\xc2\n\x0f\x87\xc4\x8f\x8e\xec\xee\xcd\f\xe9\xc8\xbc\x97,\xb7!\xf2\x93\xd3\t\xd9=\x93\x1d\x945\x97\x1e\x9d\xa6\xe9\xa6\xf9p,\xf7v>\xcd\xd9\xc4\x1b\x9c(\xb8\x90\xdeg\xbf[n\x82\x96\xaev\xd4\xac \x14\xf0\x18@\xc3\xf1\xe2\x14\x1c\x0f\xa4-\xde\xae\xfa;\xaf\xae\x06\x9ag\x02\x98\xd0C2\xe7?\xfb\xb01\x9d\xf8\xd3Q\xb3\xb2\x18V\xe8\x8c\x87\xf4\t\x1c\x85\xa4\xc1\xb1\xf4k!G\xf5\xbb\xbbs&\xeac\xb3\xafW\x846\v\xb3\xca\xeb\xb7\x9e\x9e#]\x10lj\xaf\xaf\xd1\'{\x11\xaa,\x0f\xc5OY\"\x82\x84\xb6:J\x8c\xf37\x1d\xca\xf1\xef\x9f\xcf\a\xcf\xcb', 0x0)
syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000020a010200000000000000000a0000060900010073797a310000000008000240000000018c000000020a010100000000000000000000000369000600e62807258a6d38caf4cb1d7a776a7a05e57912414e63207c5e61d47bb4016b21bd5593b033b0968722f2f0f4818a1a13fbb43e79d0ae674d071c0164df9d3701cc15211300766b6ebe326ada9e49cca5c2a07460e46e35eabfb48a4cd2cd83790d7e705b010000000900010073797a31000000001c000000090a030000000000000000000a00000208000c40"], 0xf8}, 0x1, 0x0, 0x0, 0x2000c814}, 0x4000)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000004000ffff0900010073797a30000000000900020073797a3100000000140003800800014000000000"], 0x138}, 0x1, 0x0, 0x0, 0x20040855}, 0x0)
r1 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd0002800800"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) (async)
sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="140000001000010000000000000000000f00000a34000000060a0b0400000000000000000000030900000000000000000000000900020073797a3200001000140000001100010000000000000000000700000a000000000000000000"], 0x5c}, 0x1, 0x0, 0x0, 0x40002}, 0x10)

121.714265ms ago: executing program 0 (id=2154):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
mkdir(&(0x7f0000000300)='./bus\x00', 0x40)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x8000, 0x1f7)
r2 = fanotify_init(0x200, 0x0)
fanotify_mark(r2, 0x201, 0x4000003e, r1, 0x0)
setxattr$system_posix_acl(&(0x7f0000000000)='./bus\x00', &(0x7f0000000100)='system.posix_acl_access\x00', 0x0, 0x0, 0x3)
setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, 0x0)
getsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, &(0x7f0000000040))
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f00000000c0)={0x9}, 0x10)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@gettaction={0x20, 0x5a, 0xc6b747b6bf1c6f95, 0x0, 0x0, {}, [@action_dump_flags=@TCA_ROOT_FLAGS={0xc}]}, 0x20}}, 0x0)

120.913427ms ago: executing program 4 (id=2155):
io_cancel(0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}, 0x0)
r0 = add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480)={'fscrypt:', @auto=[0x0, 0x0, 0x0, 0x34, 0x0, 0x36, 0x0, 0x62, 0x0, 0x69]}, &(0x7f00000000c0)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00"}, 0x48, 0xfffffffffffffffe)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000100)='dctcp', 0x5)
bind$inet6(r1, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r1, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r1, &(0x7f0000000300)="a6", 0x1, 0x24000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x9}, 0x1c)
sendto$inet6(r1, &(0x7f0000000380)="b3", 0x1, 0x20060000, 0x0, 0x0)
sendto$inet6(r1, &(0x7f0000000140)="0322", 0x2, 0x10, 0x0, 0x0)
pipe2$watch_queue(&(0x7f0000000300)={0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r2, 0x5761, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000000000001"])
keyctl$KEYCTL_WATCH_KEY(0x20, r0, r2, 0x0)
add_key$fscrypt_v1(&(0x7f0000000440), &(0x7f0000000480)={'fscrypt:', @auto=[0x0, 0x36, 0x36, 0x0, 0x0, 0x64]}, &(0x7f00000004c0)={0x0, "3e82554dc8ccfbc2e85ec82d4ee9df60f6ae16b1a5f2c848722ba3b132e4fde178c945bd950b0477e801fc8a1be9b4ebbe9c2289a6b0aa00", 0xfffffffc}, 0x48, 0xfffffffffffffffe)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x1e)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x1)
ioctl$KVM_SET_MSRS(r6, 0x4008ae89, &(0x7f0000000240)={0x1, 0x0, [{0x6e0, 0x0, 0xc}]})
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="8000000000010104000000000000000002000000240001801400018008000100e000000108000200e00000010c000280050001000000000024000280140001800800010000000000080002007f0000010c00028005000100000000000800074000000000080003"], 0x80}}, 0x0)

120.482487ms ago: executing program 4 (id=2156):
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x200, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfa, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendto$inet(r0, &(0x7f0000000580)="17", 0xfdef, 0x10008095, 0x0, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e22, 0x7f, @ipv4={'\x00', '\xff\xff', @multicast1}, 0xffffffff}, 0x20)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0)
sendmsg$NFT_BATCH(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a48000000180a05000000000000000000020000001c0003801800038014000100776732000000000000000000000000000900020073797a30000000000900010073797a30"], 0x70}, 0x1, 0x0, 0x0, 0x40000}, 0x20008000)
getpeername(r0, &(0x7f0000000340)=@l2={0x1f, 0x0, @none}, &(0x7f00000002c0)=0x63)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
setsockopt$nfc_llcp_NFC_LLCP_MIUX(r2, 0x118, 0x1, &(0x7f0000000040)=0x5bc, 0x4)
r3 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$sock_int(r3, 0x1, 0xf, &(0x7f0000000040)=0x80000004, 0x4)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x33, &(0x7f0000000640)={0x1, &(0x7f0000000680)=[{0x6, 0x0, 0x0, 0x2}]}, 0x10)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="bc1b0000400007012bbd700000000000027c00000400c2800c000180060006000806"], 0x1bbc}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000)
bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @broadcast}, 0xfffffffc}, 0x1c)

119.992984ms ago: executing program 0 (id=2157):
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$selinux_access(0xffffffffffffff9c, &(0x7f0000000600), 0x2, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x2d, 0x3, 0x7}]}, 0x10)
setsockopt$sock_int(r2, 0x1, 0x1b, &(0x7f0000000040)=0x2, 0x4)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000140)={0x0, 0xdffffffe, 0x80, 0x0, 0x0, "8100e1c8e80b598c36ff000800"})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), r4)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000280)={'wlan0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r4, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x4c, r5, 0x1, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0x83}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x667}, @NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5}, @NL80211_ATTR_OPMODE_NOTIF={0x5, 0xc2, 0xe9}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000000}, 0x4814)
r7 = syz_open_pts(r3, 0x141601)
fcntl$setstatus(r7, 0x4, 0x102800)
write(r7, &(0x7f0000000000)="d5", 0xfffffedf)
ioctl$TIOCSETD(r7, 0x5423, &(0x7f0000000040)=0x3)
r8 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="58000000020603000000000000000000000000000c0007800802114000000500050002000000050004000000000012000300686173683a6e65742c706f72740000000900020073797a3200"/88], 0x58}}, 0x0)
r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000440)={0x1, &(0x7f0000000000)=[{0x6, 0x4, 0x0, 0x7fff8000}]})
close_range(r9, 0xffffffffffffffff, 0x0)
write$selinux_access(r1, &(0x7f0000000740)=ANY=[@ANYBLOB="73797374656d5f753a6f626a6563745f723a6c645f736f5f7420704a122f7362696e2f6468636c69656e742030"], 0x41)
r10 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000780), r10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000180)={'wlan0\x00'})
socket$netlink(0x10, 0x3, 0x0)
r11 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r11, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="500000002e00090027bd700000000000040000003c00180008ac0f0002ac0f0009ac0f00b4c6ea978047236b9193d162dc160a34a99f6db41b961953af0e3211e8ffffff00000000dd323a3af287c7bec8028105fcbee7c6ed007b1a81971846ff"], 0x50}, 0x1, 0x0, 0x0, 0x42804}, 0x0)
getsockname$packet(r11, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
socket$nl_route(0x10, 0x3, 0x0)

0s ago: executing program 0 (id=2158):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x2800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f0000004680)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000004600)={0x18, 0x1404, 0x1, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x48081}, 0x4) (async)
sendmsg$RDMA_NLDEV_CMD_DELLINK(r3, &(0x7f0000004680)={0x0, 0x0, &(0x7f0000004640)={&(0x7f0000004600)={0x18, 0x1404, 0x1, 0x70bd2c, 0x25dfdbfb, "", [@RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}]}, 0x18}, 0x1, 0x0, 0x0, 0x48081}, 0x4)
r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
syz_open_dev$amidi(&(0x7f0000000000), 0x2, 0x1)
ioctl$KVM_RUN(r4, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x18) (async)
r5 = bpf$OBJ_GET_PROG(0x7, &(0x7f00000000c0)=@generic={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x18)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@dellink={0x34, 0x11, 0x1, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x1d206}, [@IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8, 0x3, 0xb}, @IFLA_XDP_FD={0x8, 0x1, r5}]}]}, 0x34}}, 0x24008080) (async)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@dellink={0x34, 0x11, 0x1, 0x70bd27, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x1d206}, [@IFLA_XDP={0x14, 0x2b, 0x0, 0x1, [@IFLA_XDP_FLAGS={0x8, 0x3, 0xb}, @IFLA_XDP_FD={0x8, 0x1, r5}]}]}, 0x34}}, 0x24008080)

kernel console output (not intermixed with test programs):

 for  pid=11900 comm="syz.3.1766" name="video2" dev="devtmpfs" ino=957 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  191.342915][T11904] overlayfs: missing 'lowerdir'
[  191.345765][T11902] syzkaller1: entered promiscuous mode
[  191.351050][T11902] syzkaller1: entered allmulticast mode
[  191.361144][   T40] audit: type=1400 audit(1778789156.539:1722): avc:  denied  { open } for  pid=11900 comm="syz.3.1766" path="/dev/video2" dev="devtmpfs" ino=957 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  191.661496][T11934] netlink: 'syz.3.1777': attribute type 1 has an invalid length.
[  191.704204][T11934] 8021q: adding VLAN 0 to HW filter on device bond6
[  191.800199][T11954] overlayfs: failed to resolve './file1': -2
[  191.803168][T11955] overlayfs: failed to resolve './file1': -2
[  191.989655][T11951] x_tables: ip_tables: icmp match: only valid for protocol 1
[  192.070049][T11968] netlink: 'syz.0.1786': attribute type 4 has an invalid length.
[  192.095638][T11968] netlink: 'syz.0.1786': attribute type 4 has an invalid length.
[  192.332160][T11991] TCP: TCP_TX_DELAY enabled
[  192.412503][T11997] IPv6: sit1: Disabled Multicast RS
[  192.415276][T11997] sit1: entered allmulticast mode
[  193.093707][T12012] __nla_validate_parse: 3 callbacks suppressed
[  193.093720][T12012] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1799'.
[  193.102640][T12012] syz_tun: entered promiscuous mode
[  193.111878][T12012] syz_tun: refused to change device tx_queue_len
[  193.483307][T12031] x_tables: duplicate underflow at hook 1
[  193.651482][T12040] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1809'.
[  193.668570][T12040] bond5: entered promiscuous mode
[  193.670266][T12040] bond5: entered allmulticast mode
[  194.906822][ T1474] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  195.079064][ T1474] usb 9-1: config 1 has an invalid interface number: 7 but max is 0
[  195.082233][ T1474] usb 9-1: config 1 has no interface number 0
[  195.084980][ T1474] usb 9-1: config 1 interface 7 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  195.089727][ T1474] usb 9-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 16
[  195.093580][ T1474] usb 9-1: config 1 interface 7 altsetting 0 endpoint 0x5 has an invalid bInterval 115, changing to 10
[  195.100794][ T1474] usb 9-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00
[  195.104728][ T1474] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  195.108538][ T1474] usb 9-1: Product: syz
[  195.110488][ T1474] usb 9-1: Manufacturer: syz
[  195.112558][ T1474] usb 9-1: SerialNumber: syz
[  195.119609][T12051] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  195.122887][T12051] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  195.128605][ T1474] usb 9-1: Expected 3 endpoints, found: 2
[  195.330936][ T1474] usb 9-1: USB disconnect, device number 8
[  196.110907][T12088] netlink: 'syz.0.1822': attribute type 14 has an invalid length.
[  196.176192][T12090] netlink: 'syz.0.1823': attribute type 1 has an invalid length.
[  196.210510][   T40] kauditd_printk_skb: 144 callbacks suppressed
[  196.210526][   T40] audit: type=1400 audit(1778789161.479:1867): avc:  denied  { create } for  pid=12091 comm="syz.2.1824" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  196.212925][T12094] Cannot find map_set index 3 as target
[  196.213569][   T40] audit: type=1400 audit(1778789161.479:1868): avc:  denied  { map_create } for  pid=12092 comm="syz.0.1825" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  196.231253][   T40] audit: type=1400 audit(1778789161.479:1869): avc:  denied  { map_read map_write } for  pid=12092 comm="syz.0.1825" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  196.241764][   T40] audit: type=1400 audit(1778789161.479:1870): avc:  denied  { setopt } for  pid=12091 comm="syz.2.1824" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  196.250735][   T40] audit: type=1400 audit(1778789161.499:1871): avc:  denied  { read append } for  pid=12091 comm="syz.2.1824" name="kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  196.260804][   T40] audit: type=1400 audit(1778789161.499:1872): avc:  denied  { open } for  pid=12091 comm="syz.2.1824" path="/dev/kvm" dev="devtmpfs" ino=84 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  196.274813][   T40] audit: type=1400 audit(1778789161.499:1873): avc:  denied  { ioctl } for  pid=12091 comm="syz.2.1824" path="/dev/kvm" dev="devtmpfs" ino=84 ioctlcmd=0xae01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1
[  196.285853][   T40] audit: type=1400 audit(1778789161.509:1874): avc:  denied  { read write } for  pid=12095 comm="syz.0.1826" name="nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  196.293896][   T40] audit: type=1400 audit(1778789161.509:1875): avc:  denied  { open } for  pid=12095 comm="syz.0.1826" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  196.303357][   T40] audit: type=1400 audit(1778789161.519:1876): avc:  denied  { map } for  pid=12095 comm="syz.0.1826" path="/dev/nullb0" dev="devtmpfs" ino=707 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1
[  196.844523][T12134] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  196.920399][T12136] netlink: 208 bytes leftover after parsing attributes in process `syz.4.1840'.
[  196.927233][T12136] netlink: 208 bytes leftover after parsing attributes in process `syz.4.1840'.
[  196.945357][T12136] bond6 (unregistering): Released all slaves
[  197.111610][T12140] netlink: 'syz.4.1841': attribute type 1 has an invalid length.
[  197.135596][T12140] gretap1: entered allmulticast mode
[  197.196475][T12143] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  197.384268][T12153] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  197.465109][T12162] pimreg3: entered allmulticast mode
[  197.473669][T12165] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1851'.
[  197.529330][T12182] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1856'.
[  197.532282][T12182] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1856'.
[  197.669698][T12197] netlink: 'syz.4.1862': attribute type 32 has an invalid length.
[  197.714923][T12197] bond7: Setting coupled_control to off (0)
[  197.717446][T12197] bond7: entered promiscuous mode
[  197.719574][T12202] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1864'.
[  197.724663][T12202] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1864'.
[  197.773109][T12210] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  197.775429][T12210] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  197.778276][T12210] vhci_hcd vhci_hcd.0: Device attached
[  197.790953][T12210] binder: 12209:12210 ioctl 80046f49 2000000001c0 returned -22
[  197.846832][T12211] vhci_hcd: unknown pdu 2
[  197.851846][ T6849] vhci_hcd vhci_hcd.2: stop threads
[  197.865994][ T6849] vhci_hcd vhci_hcd.2: release socket
[  197.868878][ T6849] vhci_hcd vhci_hcd.2: disconnect device
[  197.960392][T12224] IPVS: sync thread started: state = MASTER, mcast_ifn = batadv0, syncid = 0, id = 0
[  198.029192][T12227] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  198.054230][T12229] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1870'.
[  198.128760][T12231] ufs: You didn't specify the type of your ufs filesystem
[  198.128760][T12231] 
[  198.128760][T12231] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  198.128760][T12231] 
[  198.128760][T12231] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  198.141959][T12231] ufs: failed to set blocksize
[  198.389615][T12239] xt_hashlimit: size too large, truncated to 1048576
[  198.540663][T12251] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1878'.
[  198.625259][T12255] program syz.2.1879 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  198.742887][T12261] ubi31: attaching mtd1
[  198.752205][T12261] ubi31: scanning is finished
[  198.753844][T12261] ubi31: empty MTD device detected
[  198.755800][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 0, retry
[  198.759326][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 0, retry
[  198.761854][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 0, retry
[  198.764393][T12261] ubi31 error: do_sync_erase: cannot erase PEB 0, error -22
[  198.769222][T12261] CPU: 1 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  198.769243][T12261] Tainted: [L]=SOFTLOCKUP
[  198.769247][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  198.769254][T12261] Call Trace:
[  198.769259][T12261]  <TASK>
[  198.769264][T12261]  dump_stack_lvl+0x100/0x190
[  198.769309][T12261]  do_sync_erase+0x278/0x4d0
[  198.769329][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  198.769348][T12261]  ? rcu_is_watching+0x12/0xc0
[  198.769412][T12261]  ubi_io_sync_erase+0x58d/0x920
[  198.769433][T12261]  ubi_early_get_peb+0x1c8/0x870
[  198.769449][T12261]  create_vtbl+0x1f7/0xaa0
[  198.769468][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  198.769478][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  198.769508][T12261]  ubi_read_volume_table+0x80f/0x2860
[  198.769539][T12261]  ? kasan_quarantine_put+0x104/0x240
[  198.769576][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  198.769616][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  198.769626][T12261]  ? ubi_attach+0x2040/0x4d30
[  198.769636][T12261]  ? ubi_attach+0x2135/0x4d30
[  198.769647][T12261]  ? kfree+0x223/0x6c0
[  198.769667][T12261]  ubi_attach+0x2380/0x4d30
[  198.769685][T12261]  ? ubi_msg+0x114/0x159
[  198.769732][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  198.769743][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  198.769770][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  198.769782][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  198.769797][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  198.769816][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  198.769835][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  198.769848][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  198.769892][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  198.769905][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  198.769920][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  198.769951][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  198.769967][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  198.769981][T12261]  __x64_sys_ioctl+0x18e/0x210
[  198.770040][T12261]  do_syscall_64+0x10b/0xf80
[  198.770056][T12261]  ? clear_bhb_loop+0x40/0x90
[  198.770071][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.770083][T12261] RIP: 0033:0x7f1726b9ce59
[  198.770094][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  198.770105][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  198.770115][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  198.770122][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  198.770128][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  198.770134][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  198.770140][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  198.770154][T12261]  </TASK>
[  198.771081][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 1, retry
[  198.793891][T12264] netlink: 'syz.3.1880': attribute type 1 has an invalid length.
[  198.794267][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 1, retry
[  198.796529][T12264] netlink: 'syz.3.1880': attribute type 2 has an invalid length.
[  198.895355][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 1, retry
[  198.899042][T12261] ubi31 error: do_sync_erase: cannot erase PEB 1, error -22
[  198.901849][T12261] CPU: 1 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  198.901878][T12261] Tainted: [L]=SOFTLOCKUP
[  198.901885][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  198.901897][T12261] Call Trace:
[  198.901905][T12261]  <TASK>
[  198.901913][T12261]  dump_stack_lvl+0x100/0x190
[  198.901939][T12261]  do_sync_erase+0x278/0x4d0
[  198.901973][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  198.902008][T12261]  ? rcu_is_watching+0x12/0xc0
[  198.902041][T12261]  ubi_io_sync_erase+0x58d/0x920
[  198.902075][T12261]  ubi_early_get_peb+0x1c8/0x870
[  198.902101][T12261]  create_vtbl+0x1f7/0xaa0
[  198.902130][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  198.902148][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  198.902177][T12261]  ubi_read_volume_table+0x80f/0x2860
[  198.902204][T12261]  ? kasan_quarantine_put+0x104/0x240
[  198.902232][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  198.902258][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  198.902274][T12261]  ? ubi_attach+0x2040/0x4d30
[  198.902292][T12261]  ? ubi_attach+0x2135/0x4d30
[  198.902310][T12261]  ? kfree+0x223/0x6c0
[  198.902340][T12261]  ubi_attach+0x2380/0x4d30
[  198.902371][T12261]  ? ubi_msg+0x114/0x159
[  198.902396][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  198.902415][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  198.902443][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  198.902464][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  198.902488][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  198.902512][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  198.902545][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  198.902565][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  198.902600][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  198.902622][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  198.902666][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  198.902700][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  198.902727][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  198.902751][T12261]  __x64_sys_ioctl+0x18e/0x210
[  198.902777][T12261]  do_syscall_64+0x10b/0xf80
[  198.902804][T12261]  ? clear_bhb_loop+0x40/0x90
[  198.902828][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  198.902847][T12261] RIP: 0033:0x7f1726b9ce59
[  198.902863][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  198.902881][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  198.902901][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  198.902913][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  198.902926][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  198.902938][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  198.902949][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  198.902976][T12261]  </TASK>
[  198.903017][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 2, retry
[  199.021391][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 2, retry
[  199.024480][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 2, retry
[  199.027673][T12261] ubi31 error: do_sync_erase: cannot erase PEB 2, error -22
[  199.030608][T12261] CPU: 1 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  199.030659][T12261] Tainted: [L]=SOFTLOCKUP
[  199.030668][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  199.030680][T12261] Call Trace:
[  199.030687][T12261]  <TASK>
[  199.030697][T12261]  dump_stack_lvl+0x100/0x190
[  199.030726][T12261]  do_sync_erase+0x278/0x4d0
[  199.030776][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  199.030811][T12261]  ? rcu_is_watching+0x12/0xc0
[  199.030847][T12261]  ubi_io_sync_erase+0x58d/0x920
[  199.030883][T12261]  ubi_early_get_peb+0x1c8/0x870
[  199.030911][T12261]  create_vtbl+0x1f7/0xaa0
[  199.030940][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  199.030958][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  199.030989][T12261]  ubi_read_volume_table+0x80f/0x2860
[  199.031017][T12261]  ? kasan_quarantine_put+0x104/0x240
[  199.031047][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  199.031074][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  199.031092][T12261]  ? ubi_attach+0x2040/0x4d30
[  199.031110][T12261]  ? ubi_attach+0x2135/0x4d30
[  199.031128][T12261]  ? kfree+0x223/0x6c0
[  199.031177][T12261]  ubi_attach+0x2380/0x4d30
[  199.031211][T12261]  ? ubi_msg+0x114/0x159
[  199.031238][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  199.031257][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  199.031286][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  199.031307][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  199.031330][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  199.031355][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  199.031389][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  199.031409][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  199.031441][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  199.031461][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  199.031482][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  199.031506][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  199.031531][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  199.031555][T12261]  __x64_sys_ioctl+0x18e/0x210
[  199.031579][T12261]  do_syscall_64+0x10b/0xf80
[  199.031604][T12261]  ? clear_bhb_loop+0x40/0x90
[  199.031629][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.031648][T12261] RIP: 0033:0x7f1726b9ce59
[  199.031665][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  199.031683][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  199.031702][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  199.031714][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  199.031725][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  199.031736][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  199.031746][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  199.031773][T12261]  </TASK>
[  199.032395][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 3, retry
[  199.126818][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 3, retry
[  199.129292][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 3, retry
[  199.131802][T12261] ubi31 error: do_sync_erase: cannot erase PEB 3, error -22
[  199.133993][T12261] CPU: 1 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  199.134010][T12261] Tainted: [L]=SOFTLOCKUP
[  199.134013][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  199.134021][T12261] Call Trace:
[  199.134027][T12261]  <TASK>
[  199.134034][T12261]  dump_stack_lvl+0x100/0x190
[  199.134050][T12261]  do_sync_erase+0x278/0x4d0
[  199.134077][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  199.134104][T12261]  ? rcu_is_watching+0x12/0xc0
[  199.134137][T12261]  ubi_io_sync_erase+0x58d/0x920
[  199.134168][T12261]  ubi_early_get_peb+0x1c8/0x870
[  199.134195][T12261]  create_vtbl+0x1f7/0xaa0
[  199.134216][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  199.134226][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  199.134244][T12261]  ubi_read_volume_table+0x80f/0x2860
[  199.134258][T12261]  ? kasan_quarantine_put+0x104/0x240
[  199.134275][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  199.134291][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  199.134301][T12261]  ? ubi_attach+0x2040/0x4d30
[  199.134311][T12261]  ? ubi_attach+0x2135/0x4d30
[  199.134321][T12261]  ? kfree+0x223/0x6c0
[  199.134337][T12261]  ubi_attach+0x2380/0x4d30
[  199.134364][T12261]  ? ubi_msg+0x114/0x159
[  199.134379][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  199.134389][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  199.134407][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  199.134418][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  199.134431][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  199.134444][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  199.134462][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  199.134474][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  199.134494][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  199.134510][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  199.134523][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  199.134538][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  199.134553][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  199.134566][T12261]  __x64_sys_ioctl+0x18e/0x210
[  199.134579][T12261]  do_syscall_64+0x10b/0xf80
[  199.134594][T12261]  ? clear_bhb_loop+0x40/0x90
[  199.134608][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.134620][T12261] RIP: 0033:0x7f1726b9ce59
[  199.134631][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  199.134668][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  199.134682][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  199.134689][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  199.134695][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  199.134702][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  199.134708][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  199.134723][T12261]  </TASK>
[  199.134749][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 4, retry
[  199.228868][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 4, retry
[  199.231376][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 4, retry
[  199.233712][T12261] ubi31 error: do_sync_erase: cannot erase PEB 4, error -22
[  199.236285][T12261] CPU: 1 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  199.236302][T12261] Tainted: [L]=SOFTLOCKUP
[  199.236306][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  199.236311][T12261] Call Trace:
[  199.236317][T12261]  <TASK>
[  199.236323][T12261]  dump_stack_lvl+0x100/0x190
[  199.236340][T12261]  do_sync_erase+0x278/0x4d0
[  199.236357][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  199.236376][T12261]  ? rcu_is_watching+0x12/0xc0
[  199.236395][T12261]  ubi_io_sync_erase+0x58d/0x920
[  199.236415][T12261]  ubi_early_get_peb+0x1c8/0x870
[  199.236430][T12261]  create_vtbl+0x1f7/0xaa0
[  199.236447][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  199.236457][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  199.236474][T12261]  ubi_read_volume_table+0x80f/0x2860
[  199.236488][T12261]  ? kasan_quarantine_put+0x104/0x240
[  199.236506][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  199.236521][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  199.236531][T12261]  ? ubi_attach+0x2040/0x4d30
[  199.236541][T12261]  ? ubi_attach+0x2135/0x4d30
[  199.236550][T12261]  ? kfree+0x223/0x6c0
[  199.236567][T12261]  ubi_attach+0x2380/0x4d30
[  199.236583][T12261]  ? ubi_msg+0x114/0x159
[  199.236601][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  199.236612][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  199.236629][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  199.236640][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  199.236667][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  199.236687][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  199.236716][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  199.236736][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  199.236774][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  199.236794][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  199.236816][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  199.236836][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  199.236851][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  199.236863][T12261]  __x64_sys_ioctl+0x18e/0x210
[  199.236877][T12261]  do_syscall_64+0x10b/0xf80
[  199.236891][T12261]  ? clear_bhb_loop+0x40/0x90
[  199.236905][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.236916][T12261] RIP: 0033:0x7f1726b9ce59
[  199.236926][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  199.236937][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  199.236948][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  199.236954][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  199.236960][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  199.236966][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  199.236972][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  199.236986][T12261]  </TASK>
[  199.324798][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 5, retry
[  199.327273][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 5, retry
[  199.330030][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 5, retry
[  199.332324][T12261] ubi31 error: do_sync_erase: cannot erase PEB 5, error -22
[  199.334507][T12261] CPU: 1 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  199.334524][T12261] Tainted: [L]=SOFTLOCKUP
[  199.334527][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  199.334534][T12261] Call Trace:
[  199.334539][T12261]  <TASK>
[  199.334545][T12261]  dump_stack_lvl+0x100/0x190
[  199.334561][T12261]  do_sync_erase+0x278/0x4d0
[  199.334579][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  199.334598][T12261]  ? rcu_is_watching+0x12/0xc0
[  199.334617][T12261]  ubi_io_sync_erase+0x58d/0x920
[  199.334666][T12261]  ubi_early_get_peb+0x1c8/0x870
[  199.334682][T12261]  create_vtbl+0x1f7/0xaa0
[  199.334699][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  199.334709][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  199.334726][T12261]  ubi_read_volume_table+0x80f/0x2860
[  199.334740][T12261]  ? kasan_quarantine_put+0x104/0x240
[  199.334759][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  199.334780][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  199.334789][T12261]  ? ubi_attach+0x2040/0x4d30
[  199.334799][T12261]  ? ubi_attach+0x2135/0x4d30
[  199.334809][T12261]  ? kfree+0x223/0x6c0
[  199.334826][T12261]  ubi_attach+0x2380/0x4d30
[  199.334842][T12261]  ? ubi_msg+0x114/0x159
[  199.334856][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  199.334867][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  199.334884][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  199.334896][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  199.334909][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  199.334922][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  199.334940][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  199.334952][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  199.334972][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  199.334984][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  199.334997][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  199.335012][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  199.335027][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  199.335040][T12261]  __x64_sys_ioctl+0x18e/0x210
[  199.335053][T12261]  do_syscall_64+0x10b/0xf80
[  199.335067][T12261]  ? clear_bhb_loop+0x40/0x90
[  199.335081][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.335093][T12261] RIP: 0033:0x7f1726b9ce59
[  199.335102][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  199.335113][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  199.335124][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  199.335131][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  199.335137][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  199.335143][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  199.335150][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  199.335163][T12261]  </TASK>
[  199.335187][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 6, retry
[  199.349884][ T1436] ieee802154 phy1 wpan1: encryption failed: -22
[  199.441864][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 6, retry
[  199.444621][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 6, retry
[  199.447861][T12261] ubi31 error: do_sync_erase: cannot erase PEB 6, error -22
[  199.450300][T12261] CPU: 1 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  199.450330][T12261] Tainted: [L]=SOFTLOCKUP
[  199.450335][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  199.450342][T12261] Call Trace:
[  199.450347][T12261]  <TASK>
[  199.450352][T12261]  dump_stack_lvl+0x100/0x190
[  199.450371][T12261]  do_sync_erase+0x278/0x4d0
[  199.450391][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  199.450412][T12261]  ? rcu_is_watching+0x12/0xc0
[  199.450433][T12261]  ubi_io_sync_erase+0x58d/0x920
[  199.450454][T12261]  ubi_early_get_peb+0x1c8/0x870
[  199.450472][T12261]  create_vtbl+0x1f7/0xaa0
[  199.450493][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  199.450504][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  199.450523][T12261]  ubi_read_volume_table+0x80f/0x2860
[  199.450539][T12261]  ? kasan_quarantine_put+0x104/0x240
[  199.450558][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  199.450574][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  199.450585][T12261]  ? ubi_attach+0x2040/0x4d30
[  199.450596][T12261]  ? ubi_attach+0x2135/0x4d30
[  199.450607][T12261]  ? kfree+0x223/0x6c0
[  199.450625][T12261]  ubi_attach+0x2380/0x4d30
[  199.450671][T12261]  ? ubi_msg+0x114/0x159
[  199.450688][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  199.450700][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  199.450718][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  199.450730][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  199.450745][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  199.450759][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  199.450785][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  199.450797][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  199.450819][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  199.450833][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  199.450847][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  199.450863][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  199.450880][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  199.450893][T12261]  __x64_sys_ioctl+0x18e/0x210
[  199.450908][T12261]  do_syscall_64+0x10b/0xf80
[  199.450924][T12261]  ? clear_bhb_loop+0x40/0x90
[  199.450939][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.450951][T12261] RIP: 0033:0x7f1726b9ce59
[  199.450962][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  199.450974][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  199.450985][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  199.450993][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  199.450999][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  199.451006][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  199.451012][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  199.451027][T12261]  </TASK>
[  199.451051][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 7, retry
[  199.550667][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 7, retry
[  199.553322][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 7, retry
[  199.556159][T12261] ubi31 error: do_sync_erase: cannot erase PEB 7, error -22
[  199.559548][T12261] CPU: 0 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  199.559565][T12261] Tainted: [L]=SOFTLOCKUP
[  199.559569][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  199.559575][T12261] Call Trace:
[  199.559578][T12261]  <TASK>
[  199.559583][T12261]  dump_stack_lvl+0x100/0x190
[  199.559599][T12261]  do_sync_erase+0x278/0x4d0
[  199.559617][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  199.559636][T12261]  ? rcu_is_watching+0x12/0xc0
[  199.559656][T12261]  ubi_io_sync_erase+0x58d/0x920
[  199.559681][T12261]  ubi_early_get_peb+0x1c8/0x870
[  199.559696][T12261]  create_vtbl+0x1f7/0xaa0
[  199.559713][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  199.559723][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  199.559739][T12261]  ubi_read_volume_table+0x80f/0x2860
[  199.559754][T12261]  ? kasan_quarantine_put+0x104/0x240
[  199.559771][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  199.559786][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  199.559796][T12261]  ? ubi_attach+0x2040/0x4d30
[  199.559806][T12261]  ? ubi_attach+0x2135/0x4d30
[  199.559816][T12261]  ? kfree+0x223/0x6c0
[  199.559833][T12261]  ubi_attach+0x2380/0x4d30
[  199.559861][T12261]  ? ubi_msg+0x114/0x159
[  199.559878][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  199.559889][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  199.559906][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  199.559917][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  199.559930][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  199.559944][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  199.559962][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  199.559974][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  199.559994][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  199.560006][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  199.560019][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  199.560033][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  199.560049][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  199.560062][T12261]  __x64_sys_ioctl+0x18e/0x210
[  199.560075][T12261]  do_syscall_64+0x10b/0xf80
[  199.560089][T12261]  ? clear_bhb_loop+0x40/0x90
[  199.560102][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.560113][T12261] RIP: 0033:0x7f1726b9ce59
[  199.560122][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  199.560133][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  199.560144][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  199.560151][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  199.560157][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  199.560163][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  199.560169][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  199.560188][T12261]  </TASK>
[  199.560289][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 8, retry
[  199.657501][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 8, retry
[  199.660133][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 8, retry
[  199.662744][T12261] ubi31 error: do_sync_erase: cannot erase PEB 8, error -22
[  199.665072][T12261] CPU: 0 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  199.665088][T12261] Tainted: [L]=SOFTLOCKUP
[  199.665092][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  199.665098][T12261] Call Trace:
[  199.665103][T12261]  <TASK>
[  199.665108][T12261]  dump_stack_lvl+0x100/0x190
[  199.665124][T12261]  do_sync_erase+0x278/0x4d0
[  199.665142][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  199.665161][T12261]  ? rcu_is_watching+0x12/0xc0
[  199.665183][T12261]  ubi_io_sync_erase+0x58d/0x920
[  199.665202][T12261]  ubi_early_get_peb+0x1c8/0x870
[  199.665218][T12261]  create_vtbl+0x1f7/0xaa0
[  199.665235][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  199.665245][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  199.665262][T12261]  ubi_read_volume_table+0x80f/0x2860
[  199.665277][T12261]  ? kasan_quarantine_put+0x104/0x240
[  199.665294][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  199.665309][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  199.665319][T12261]  ? ubi_attach+0x2040/0x4d30
[  199.665329][T12261]  ? ubi_attach+0x2135/0x4d30
[  199.665339][T12261]  ? kfree+0x223/0x6c0
[  199.665356][T12261]  ubi_attach+0x2380/0x4d30
[  199.665372][T12261]  ? ubi_msg+0x114/0x159
[  199.665386][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  199.665397][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  199.665414][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  199.665425][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  199.665438][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  199.665451][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  199.665470][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  199.665481][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  199.665502][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  199.665514][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  199.665527][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  199.665542][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  199.665557][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  199.665570][T12261]  __x64_sys_ioctl+0x18e/0x210
[  199.665584][T12261]  do_syscall_64+0x10b/0xf80
[  199.665598][T12261]  ? clear_bhb_loop+0x40/0x90
[  199.665612][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.665623][T12261] RIP: 0033:0x7f1726b9ce59
[  199.665633][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  199.665643][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  199.665654][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  199.665661][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  199.665667][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  199.665677][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  199.665683][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  199.665697][T12261]  </TASK>
[  199.665720][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 9, retry
[  199.759637][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 9, retry
[  199.762193][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 9, retry
[  199.764796][T12261] ubi31 error: do_sync_erase: cannot erase PEB 9, error -22
[  199.767422][T12261] CPU: 0 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  199.767438][T12261] Tainted: [L]=SOFTLOCKUP
[  199.767442][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  199.767448][T12261] Call Trace:
[  199.767452][T12261]  <TASK>
[  199.767456][T12261]  dump_stack_lvl+0x100/0x190
[  199.767472][T12261]  do_sync_erase+0x278/0x4d0
[  199.767490][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  199.767509][T12261]  ? rcu_is_watching+0x12/0xc0
[  199.767528][T12261]  ubi_io_sync_erase+0x58d/0x920
[  199.767547][T12261]  ubi_early_get_peb+0x1c8/0x870
[  199.767562][T12261]  create_vtbl+0x1f7/0xaa0
[  199.767579][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  199.767589][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  199.767605][T12261]  ubi_read_volume_table+0x80f/0x2860
[  199.767619][T12261]  ? kasan_quarantine_put+0x104/0x240
[  199.767637][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  199.767652][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  199.767661][T12261]  ? ubi_attach+0x2040/0x4d30
[  199.767671][T12261]  ? ubi_attach+0x2135/0x4d30
[  199.767681][T12261]  ? kfree+0x223/0x6c0
[  199.767698][T12261]  ubi_attach+0x2380/0x4d30
[  199.767714][T12261]  ? ubi_msg+0x114/0x159
[  199.767729][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  199.767740][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  199.767763][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  199.767774][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  199.767787][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  199.767800][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  199.767818][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  199.767829][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  199.767849][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  199.767861][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  199.767874][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  199.767889][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  199.767904][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  199.767917][T12261]  __x64_sys_ioctl+0x18e/0x210
[  199.767930][T12261]  do_syscall_64+0x10b/0xf80
[  199.767944][T12261]  ? clear_bhb_loop+0x40/0x90
[  199.767957][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.767968][T12261] RIP: 0033:0x7f1726b9ce59
[  199.767978][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  199.767988][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  199.767998][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  199.768005][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  199.768011][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  199.768017][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  199.768023][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  199.768037][T12261]  </TASK>
[  199.768059][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 10, retry
[  199.862782][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 10, retry
[  199.865387][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 10, retry
[  199.867999][T12261] ubi31 error: do_sync_erase: cannot erase PEB 10, error -22
[  199.870290][T12261] CPU: 0 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  199.870308][T12261] Tainted: [L]=SOFTLOCKUP
[  199.870311][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  199.870318][T12261] Call Trace:
[  199.870322][T12261]  <TASK>
[  199.870327][T12261]  dump_stack_lvl+0x100/0x190
[  199.870343][T12261]  do_sync_erase+0x278/0x4d0
[  199.870361][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  199.870380][T12261]  ? rcu_is_watching+0x12/0xc0
[  199.870398][T12261]  ubi_io_sync_erase+0x58d/0x920
[  199.870417][T12261]  ubi_early_get_peb+0x1c8/0x870
[  199.870433][T12261]  create_vtbl+0x1f7/0xaa0
[  199.870450][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  199.870460][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  199.870477][T12261]  ubi_read_volume_table+0x80f/0x2860
[  199.870491][T12261]  ? kasan_quarantine_put+0x104/0x240
[  199.870508][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  199.870524][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  199.870533][T12261]  ? ubi_attach+0x2040/0x4d30
[  199.870543][T12261]  ? ubi_attach+0x2135/0x4d30
[  199.870553][T12261]  ? kfree+0x223/0x6c0
[  199.870570][T12261]  ubi_attach+0x2380/0x4d30
[  199.870587][T12261]  ? ubi_msg+0x114/0x159
[  199.870602][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  199.870612][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  199.870645][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  199.870658][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  199.870671][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  199.870685][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  199.870703][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  199.870714][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  199.870735][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  199.870747][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  199.870760][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  199.870775][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  199.870791][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  199.870803][T12261]  __x64_sys_ioctl+0x18e/0x210
[  199.870817][T12261]  do_syscall_64+0x10b/0xf80
[  199.870831][T12261]  ? clear_bhb_loop+0x40/0x90
[  199.870845][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.870856][T12261] RIP: 0033:0x7f1726b9ce59
[  199.870866][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  199.870876][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  199.870887][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  199.870894][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  199.870900][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  199.870906][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  199.870911][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  199.870925][T12261]  </TASK>
[  199.870948][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 11, retry
[  199.977052][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 11, retry
[  199.980471][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 11, retry
[  199.983740][T12261] ubi31 error: do_sync_erase: cannot erase PEB 11, error -22
[  199.986486][T12261] CPU: 0 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  199.986509][T12261] Tainted: [L]=SOFTLOCKUP
[  199.986514][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  199.986523][T12261] Call Trace:
[  199.986531][T12261]  <TASK>
[  199.986538][T12261]  dump_stack_lvl+0x100/0x190
[  199.986560][T12261]  do_sync_erase+0x278/0x4d0
[  199.986583][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  199.986607][T12261]  ? rcu_is_watching+0x12/0xc0
[  199.986666][T12261]  ubi_io_sync_erase+0x58d/0x920
[  199.986691][T12261]  ubi_early_get_peb+0x1c8/0x870
[  199.986711][T12261]  create_vtbl+0x1f7/0xaa0
[  199.986732][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  199.986749][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  199.986772][T12261]  ubi_read_volume_table+0x80f/0x2860
[  199.986791][T12261]  ? kasan_quarantine_put+0x104/0x240
[  199.986813][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  199.986833][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  199.986845][T12261]  ? ubi_attach+0x2040/0x4d30
[  199.986857][T12261]  ? ubi_attach+0x2135/0x4d30
[  199.986870][T12261]  ? kfree+0x223/0x6c0
[  199.986891][T12261]  ubi_attach+0x2380/0x4d30
[  199.986913][T12261]  ? ubi_msg+0x114/0x159
[  199.986931][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  199.986944][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  199.986966][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  199.986980][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  199.986998][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  199.987015][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  199.987039][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  199.987053][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  199.987079][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  199.987094][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  199.987111][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  199.987130][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  199.987149][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  199.987165][T12261]  __x64_sys_ioctl+0x18e/0x210
[  199.987183][T12261]  do_syscall_64+0x10b/0xf80
[  199.987201][T12261]  ? clear_bhb_loop+0x40/0x90
[  199.987219][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  199.987233][T12261] RIP: 0033:0x7f1726b9ce59
[  199.987248][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  199.987261][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  199.987275][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  199.987284][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  199.987291][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  199.987300][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  199.987307][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  199.987327][T12261]  </TASK>
[  200.077901][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 12, retry
[  200.080523][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 12, retry
[  200.083058][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 12, retry
[  200.085602][T12261] ubi31 error: do_sync_erase: cannot erase PEB 12, error -22
[  200.088079][T12261] CPU: 0 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  200.088095][T12261] Tainted: [L]=SOFTLOCKUP
[  200.088099][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  200.088105][T12261] Call Trace:
[  200.088109][T12261]  <TASK>
[  200.088113][T12261]  dump_stack_lvl+0x100/0x190
[  200.088129][T12261]  do_sync_erase+0x278/0x4d0
[  200.088147][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  200.088167][T12261]  ? rcu_is_watching+0x12/0xc0
[  200.088186][T12261]  ubi_io_sync_erase+0x58d/0x920
[  200.088206][T12261]  ubi_early_get_peb+0x1c8/0x870
[  200.088221][T12261]  create_vtbl+0x1f7/0xaa0
[  200.088238][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  200.088249][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  200.088269][T12261]  ubi_read_volume_table+0x80f/0x2860
[  200.088284][T12261]  ? kasan_quarantine_put+0x104/0x240
[  200.088302][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  200.088318][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  200.088327][T12261]  ? ubi_attach+0x2040/0x4d30
[  200.088338][T12261]  ? ubi_attach+0x2135/0x4d30
[  200.088348][T12261]  ? kfree+0x223/0x6c0
[  200.088365][T12261]  ubi_attach+0x2380/0x4d30
[  200.088382][T12261]  ? ubi_msg+0x114/0x159
[  200.088397][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  200.088408][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  200.088425][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  200.088437][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  200.088450][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  200.088464][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  200.088482][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  200.088494][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  200.088515][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  200.088527][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  200.088541][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  200.088556][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  200.088572][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  200.088585][T12261]  __x64_sys_ioctl+0x18e/0x210
[  200.088599][T12261]  do_syscall_64+0x10b/0xf80
[  200.088613][T12261]  ? clear_bhb_loop+0x40/0x90
[  200.088626][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.088637][T12261] RIP: 0033:0x7f1726b9ce59
[  200.088647][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  200.088658][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  200.088668][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  200.088675][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  200.088681][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  200.088688][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  200.088694][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  200.088707][T12261]  </TASK>
[  200.088725][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 13, retry
[  200.180761][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 13, retry
[  200.183352][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 13, retry
[  200.185875][T12261] ubi31 error: do_sync_erase: cannot erase PEB 13, error -22
[  200.188356][T12261] CPU: 0 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  200.188373][T12261] Tainted: [L]=SOFTLOCKUP
[  200.188377][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  200.188383][T12261] Call Trace:
[  200.188388][T12261]  <TASK>
[  200.188393][T12261]  dump_stack_lvl+0x100/0x190
[  200.188410][T12261]  do_sync_erase+0x278/0x4d0
[  200.188429][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  200.188448][T12261]  ? rcu_is_watching+0x12/0xc0
[  200.188468][T12261]  ubi_io_sync_erase+0x58d/0x920
[  200.188488][T12261]  ubi_early_get_peb+0x1c8/0x870
[  200.188503][T12261]  create_vtbl+0x1f7/0xaa0
[  200.188521][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  200.188533][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  200.188551][T12261]  ubi_read_volume_table+0x80f/0x2860
[  200.188566][T12261]  ? kasan_quarantine_put+0x104/0x240
[  200.188584][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  200.188599][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  200.188609][T12261]  ? ubi_attach+0x2040/0x4d30
[  200.188619][T12261]  ? ubi_attach+0x2135/0x4d30
[  200.188630][T12261]  ? kfree+0x223/0x6c0
[  200.188647][T12261]  ubi_attach+0x2380/0x4d30
[  200.188664][T12261]  ? ubi_msg+0x114/0x159
[  200.188679][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  200.188690][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  200.188706][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  200.188718][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  200.188736][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  200.188750][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  200.188768][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  200.188780][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  200.188801][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  200.188814][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  200.188827][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  200.188842][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  200.188858][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  200.188871][T12261]  __x64_sys_ioctl+0x18e/0x210
[  200.188885][T12261]  do_syscall_64+0x10b/0xf80
[  200.188900][T12261]  ? clear_bhb_loop+0x40/0x90
[  200.188913][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.188925][T12261] RIP: 0033:0x7f1726b9ce59
[  200.188935][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  200.188946][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  200.188956][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  200.188963][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  200.188969][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  200.188976][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  200.188982][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  200.188996][T12261]  </TASK>
[  200.189016][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 14, retry
[  200.245053][T12271] netlink: 488 bytes leftover after parsing attributes in process `syz.2.1883'.
[  200.245879][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 14, retry
[  200.248251][T12271] netlink: 1041 bytes leftover after parsing attributes in process `syz.2.1883'.
[  200.250544][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 14, retry
[  200.313211][T12261] ubi31 error: do_sync_erase: cannot erase PEB 14, error -22
[  200.316378][T12261] CPU: 1 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  200.316405][T12261] Tainted: [L]=SOFTLOCKUP
[  200.316411][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  200.316420][T12261] Call Trace:
[  200.316426][T12261]  <TASK>
[  200.316434][T12261]  dump_stack_lvl+0x100/0x190
[  200.316459][T12261]  do_sync_erase+0x278/0x4d0
[  200.316484][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  200.316510][T12261]  ? rcu_is_watching+0x12/0xc0
[  200.316536][T12261]  ubi_io_sync_erase+0x58d/0x920
[  200.316563][T12261]  ubi_early_get_peb+0x1c8/0x870
[  200.316592][T12261]  create_vtbl+0x1f7/0xaa0
[  200.316615][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  200.316629][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  200.316666][T12261]  ubi_read_volume_table+0x80f/0x2860
[  200.316689][T12261]  ? kasan_quarantine_put+0x104/0x240
[  200.316712][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  200.316736][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  200.316751][T12261]  ? ubi_attach+0x2040/0x4d30
[  200.316766][T12261]  ? ubi_attach+0x2135/0x4d30
[  200.316780][T12261]  ? kfree+0x223/0x6c0
[  200.316802][T12261]  ubi_attach+0x2380/0x4d30
[  200.316826][T12261]  ? ubi_msg+0x114/0x159
[  200.316846][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  200.316862][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  200.316885][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  200.316901][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  200.316919][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  200.316938][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  200.316963][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  200.316978][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  200.317006][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  200.317024][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  200.317041][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  200.317062][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  200.317084][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  200.317102][T12261]  __x64_sys_ioctl+0x18e/0x210
[  200.317121][T12261]  do_syscall_64+0x10b/0xf80
[  200.317141][T12261]  ? clear_bhb_loop+0x40/0x90
[  200.317161][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.317176][T12261] RIP: 0033:0x7f1726b9ce59
[  200.317190][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  200.317204][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  200.317219][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  200.317229][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  200.317239][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  200.317248][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  200.317257][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  200.317278][T12261]  </TASK>
[  200.408510][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 15, retry
[  200.411129][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 15, retry
[  200.413764][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 15, retry
[  200.416373][T12261] ubi31 error: do_sync_erase: cannot erase PEB 15, error -22
[  200.418766][T12261] CPU: 1 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  200.418783][T12261] Tainted: [L]=SOFTLOCKUP
[  200.418787][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  200.418793][T12261] Call Trace:
[  200.418797][T12261]  <TASK>
[  200.418801][T12261]  dump_stack_lvl+0x100/0x190
[  200.418817][T12261]  do_sync_erase+0x278/0x4d0
[  200.418835][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  200.418854][T12261]  ? rcu_is_watching+0x12/0xc0
[  200.418873][T12261]  ubi_io_sync_erase+0x58d/0x920
[  200.418892][T12261]  ubi_early_get_peb+0x1c8/0x870
[  200.418907][T12261]  create_vtbl+0x1f7/0xaa0
[  200.418924][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  200.418934][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  200.418951][T12261]  ubi_read_volume_table+0x80f/0x2860
[  200.418966][T12261]  ? kasan_quarantine_put+0x104/0x240
[  200.418984][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  200.418999][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  200.419009][T12261]  ? ubi_attach+0x2040/0x4d30
[  200.419019][T12261]  ? ubi_attach+0x2135/0x4d30
[  200.419029][T12261]  ? kfree+0x223/0x6c0
[  200.419046][T12261]  ubi_attach+0x2380/0x4d30
[  200.419062][T12261]  ? ubi_msg+0x114/0x159
[  200.419076][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  200.419087][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  200.419103][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  200.419114][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  200.419127][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  200.419141][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  200.419159][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  200.419171][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  200.419191][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  200.419203][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  200.419216][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  200.419230][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  200.419245][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  200.419258][T12261]  __x64_sys_ioctl+0x18e/0x210
[  200.419271][T12261]  do_syscall_64+0x10b/0xf80
[  200.419285][T12261]  ? clear_bhb_loop+0x40/0x90
[  200.419299][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.419309][T12261] RIP: 0033:0x7f1726b9ce59
[  200.419319][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  200.419329][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  200.419339][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  200.419346][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  200.419352][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  200.419358][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  200.419363][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  200.419377][T12261]  </TASK>
[  200.419393][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 16, retry
[  200.514506][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 16, retry
[  200.518464][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 16, retry
[  200.521875][T12261] ubi31 error: do_sync_erase: cannot erase PEB 16, error -22
[  200.525106][T12261] CPU: 0 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  200.525132][T12261] Tainted: [L]=SOFTLOCKUP
[  200.525137][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  200.525145][T12261] Call Trace:
[  200.525153][T12261]  <TASK>
[  200.525161][T12261]  dump_stack_lvl+0x100/0x190
[  200.525186][T12261]  do_sync_erase+0x278/0x4d0
[  200.525215][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  200.525246][T12261]  ? rcu_is_watching+0x12/0xc0
[  200.525281][T12261]  ubi_io_sync_erase+0x58d/0x920
[  200.525312][T12261]  ubi_early_get_peb+0x1c8/0x870
[  200.525338][T12261]  create_vtbl+0x1f7/0xaa0
[  200.525365][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  200.525380][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  200.525403][T12261]  ubi_read_volume_table+0x80f/0x2860
[  200.525428][T12261]  ? kasan_quarantine_put+0x104/0x240
[  200.525454][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  200.525479][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  200.525495][T12261]  ? ubi_attach+0x2040/0x4d30
[  200.525511][T12261]  ? ubi_attach+0x2135/0x4d30
[  200.525525][T12261]  ? kfree+0x223/0x6c0
[  200.525549][T12261]  ubi_attach+0x2380/0x4d30
[  200.525579][T12261]  ? ubi_msg+0x114/0x159
[  200.525603][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  200.525620][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  200.525646][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  200.525662][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  200.525682][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  200.525704][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  200.525736][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  200.525754][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  200.525783][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  200.525801][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  200.525822][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  200.525846][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  200.525871][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  200.525892][T12261]  __x64_sys_ioctl+0x18e/0x210
[  200.525912][T12261]  do_syscall_64+0x10b/0xf80
[  200.525933][T12261]  ? clear_bhb_loop+0x40/0x90
[  200.525955][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.525973][T12261] RIP: 0033:0x7f1726b9ce59
[  200.525990][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  200.526006][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  200.526023][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  200.526033][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  200.526042][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  200.526053][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  200.526062][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  200.526087][T12261]  </TASK>
[  200.526125][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 17, retry
[  200.635911][T12274] xt_hashlimit: size too large, truncated to 1048576
[  200.636260][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 17, retry
[  200.657959][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 17, retry
[  200.661475][T12261] ubi31 error: do_sync_erase: cannot erase PEB 17, error -22
[  200.664651][T12261] CPU: 0 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  200.664679][T12261] Tainted: [L]=SOFTLOCKUP
[  200.664685][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  200.664696][T12261] Call Trace:
[  200.664702][T12261]  <TASK>
[  200.664709][T12261]  dump_stack_lvl+0x100/0x190
[  200.664732][T12261]  do_sync_erase+0x278/0x4d0
[  200.664760][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  200.664791][T12261]  ? rcu_is_watching+0x12/0xc0
[  200.664823][T12261]  ubi_io_sync_erase+0x58d/0x920
[  200.664854][T12261]  ubi_early_get_peb+0x1c8/0x870
[  200.664880][T12261]  create_vtbl+0x1f7/0xaa0
[  200.664908][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  200.664925][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  200.664953][T12261]  ubi_read_volume_table+0x80f/0x2860
[  200.664979][T12261]  ? kasan_quarantine_put+0x104/0x240
[  200.665005][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  200.665031][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  200.665047][T12261]  ? ubi_attach+0x2040/0x4d30
[  200.665063][T12261]  ? ubi_attach+0x2135/0x4d30
[  200.665080][T12261]  ? kfree+0x223/0x6c0
[  200.665107][T12261]  ubi_attach+0x2380/0x4d30
[  200.665135][T12261]  ? ubi_msg+0x114/0x159
[  200.665158][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  200.665176][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  200.665203][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  200.665222][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  200.665244][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  200.665272][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  200.665303][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  200.665323][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  200.665355][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  200.665375][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  200.665397][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  200.665420][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  200.665446][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  200.665467][T12261]  __x64_sys_ioctl+0x18e/0x210
[  200.665489][T12261]  do_syscall_64+0x10b/0xf80
[  200.665512][T12261]  ? clear_bhb_loop+0x40/0x90
[  200.665533][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.665547][T12261] RIP: 0033:0x7f1726b9ce59
[  200.665562][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  200.665579][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  200.665596][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  200.665607][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  200.665617][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  200.665628][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  200.665637][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  200.665662][T12261]  </TASK>
[  200.665694][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 18, retry
[  200.764542][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 18, retry
[  200.767366][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 18, retry
[  200.769925][T12261] ubi31 error: do_sync_erase: cannot erase PEB 18, error -22
[  200.772322][T12261] CPU: 0 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  200.772343][T12261] Tainted: [L]=SOFTLOCKUP
[  200.772347][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  200.772353][T12261] Call Trace:
[  200.772358][T12261]  <TASK>
[  200.772364][T12261]  dump_stack_lvl+0x100/0x190
[  200.772380][T12261]  do_sync_erase+0x278/0x4d0
[  200.772399][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  200.772418][T12261]  ? rcu_is_watching+0x12/0xc0
[  200.772437][T12261]  ubi_io_sync_erase+0x58d/0x920
[  200.772456][T12261]  ubi_early_get_peb+0x1c8/0x870
[  200.772471][T12261]  create_vtbl+0x1f7/0xaa0
[  200.772488][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  200.772498][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  200.772515][T12261]  ubi_read_volume_table+0x80f/0x2860
[  200.772529][T12261]  ? kasan_quarantine_put+0x104/0x240
[  200.772547][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  200.772562][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  200.772571][T12261]  ? ubi_attach+0x2040/0x4d30
[  200.772581][T12261]  ? ubi_attach+0x2135/0x4d30
[  200.772591][T12261]  ? kfree+0x223/0x6c0
[  200.772608][T12261]  ubi_attach+0x2380/0x4d30
[  200.772624][T12261]  ? ubi_msg+0x114/0x159
[  200.772638][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  200.772649][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  200.772666][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  200.772678][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  200.772691][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  200.772704][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  200.772733][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  200.772751][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  200.772771][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  200.772784][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  200.772797][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  200.772812][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  200.772827][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  200.772840][T12261]  __x64_sys_ioctl+0x18e/0x210
[  200.772853][T12261]  do_syscall_64+0x10b/0xf80
[  200.772867][T12261]  ? clear_bhb_loop+0x40/0x90
[  200.772881][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.772892][T12261] RIP: 0033:0x7f1726b9ce59
[  200.772902][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  200.772912][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  200.772924][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  200.772930][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  200.772937][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  200.772943][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  200.772948][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  200.772963][T12261]  </TASK>
[  200.773027][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 19, retry
[  200.865254][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 19, retry
[  200.868087][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 19, retry
[  200.870750][T12261] ubi31 error: do_sync_erase: cannot erase PEB 19, error -22
[  200.873137][T12261] CPU: 0 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  200.873153][T12261] Tainted: [L]=SOFTLOCKUP
[  200.873156][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  200.873163][T12261] Call Trace:
[  200.873167][T12261]  <TASK>
[  200.873172][T12261]  dump_stack_lvl+0x100/0x190
[  200.873187][T12261]  do_sync_erase+0x278/0x4d0
[  200.873205][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  200.873224][T12261]  ? rcu_is_watching+0x12/0xc0
[  200.873243][T12261]  ubi_io_sync_erase+0x58d/0x920
[  200.873262][T12261]  ubi_early_get_peb+0x1c8/0x870
[  200.873277][T12261]  create_vtbl+0x1f7/0xaa0
[  200.873294][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  200.873303][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  200.873320][T12261]  ubi_read_volume_table+0x80f/0x2860
[  200.873334][T12261]  ? kasan_quarantine_put+0x104/0x240
[  200.873352][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  200.873367][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  200.873376][T12261]  ? ubi_attach+0x2040/0x4d30
[  200.873386][T12261]  ? ubi_attach+0x2135/0x4d30
[  200.873396][T12261]  ? kfree+0x223/0x6c0
[  200.873426][T12261]  ubi_attach+0x2380/0x4d30
[  200.873443][T12261]  ? ubi_msg+0x114/0x159
[  200.873457][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  200.873468][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  200.873484][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  200.873495][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  200.873509][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  200.873522][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  200.873540][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  200.873552][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  200.873572][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  200.873584][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  200.873597][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  200.873611][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  200.873626][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  200.873638][T12261]  __x64_sys_ioctl+0x18e/0x210
[  200.873651][T12261]  do_syscall_64+0x10b/0xf80
[  200.873666][T12261]  ? clear_bhb_loop+0x40/0x90
[  200.873679][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.873689][T12261] RIP: 0033:0x7f1726b9ce59
[  200.873699][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  200.873709][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  200.873720][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  200.873726][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  200.873732][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  200.873738][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  200.873748][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  200.873762][T12261]  </TASK>
[  200.873824][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 20, retry
[  200.966531][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 20, retry
[  200.969296][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 20, retry
[  200.971927][T12261] ubi31 error: do_sync_erase: cannot erase PEB 20, error -22
[  200.974316][T12261] CPU: 0 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  200.974332][T12261] Tainted: [L]=SOFTLOCKUP
[  200.974336][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  200.974342][T12261] Call Trace:
[  200.974347][T12261]  <TASK>
[  200.974352][T12261]  dump_stack_lvl+0x100/0x190
[  200.974368][T12261]  do_sync_erase+0x278/0x4d0
[  200.974386][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  200.974404][T12261]  ? rcu_is_watching+0x12/0xc0
[  200.974423][T12261]  ubi_io_sync_erase+0x58d/0x920
[  200.974443][T12261]  ubi_early_get_peb+0x1c8/0x870
[  200.974458][T12261]  create_vtbl+0x1f7/0xaa0
[  200.974475][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  200.974484][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  200.974501][T12261]  ubi_read_volume_table+0x80f/0x2860
[  200.974515][T12261]  ? kasan_quarantine_put+0x104/0x240
[  200.974532][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  200.974547][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  200.974557][T12261]  ? ubi_attach+0x2040/0x4d30
[  200.974567][T12261]  ? ubi_attach+0x2135/0x4d30
[  200.974577][T12261]  ? kfree+0x223/0x6c0
[  200.974593][T12261]  ubi_attach+0x2380/0x4d30
[  200.974626][T12261]  ? ubi_msg+0x114/0x159
[  200.974642][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  200.974653][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  200.974669][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  200.974681][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  200.974694][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  200.974707][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  200.974738][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  200.974755][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  200.974775][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  200.974787][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  200.974800][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  200.974815][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  200.974830][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  200.974843][T12261]  __x64_sys_ioctl+0x18e/0x210
[  200.974857][T12261]  do_syscall_64+0x10b/0xf80
[  200.974871][T12261]  ? clear_bhb_loop+0x40/0x90
[  200.974885][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  200.974895][T12261] RIP: 0033:0x7f1726b9ce59
[  200.974905][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  200.974916][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  200.974926][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  200.974933][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  200.974939][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  200.974944][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  200.974950][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  200.974964][T12261]  </TASK>
[  200.975028][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 21, retry
[  201.068808][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 21, retry
[  201.071519][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 21, retry
[  201.074131][T12261] ubi31 error: do_sync_erase: cannot erase PEB 21, error -22
[  201.076542][T12261] CPU: 0 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  201.076559][T12261] Tainted: [L]=SOFTLOCKUP
[  201.076563][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  201.076570][T12261] Call Trace:
[  201.076575][T12261]  <TASK>
[  201.076580][T12261]  dump_stack_lvl+0x100/0x190
[  201.076596][T12261]  do_sync_erase+0x278/0x4d0
[  201.076614][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  201.076633][T12261]  ? rcu_is_watching+0x12/0xc0
[  201.076671][T12261]  ubi_io_sync_erase+0x58d/0x920
[  201.076700][T12261]  ubi_early_get_peb+0x1c8/0x870
[  201.076726][T12261]  create_vtbl+0x1f7/0xaa0
[  201.076760][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  201.076776][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  201.076804][T12261]  ubi_read_volume_table+0x80f/0x2860
[  201.076830][T12261]  ? kasan_quarantine_put+0x104/0x240
[  201.076858][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  201.076883][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  201.076900][T12261]  ? ubi_attach+0x2040/0x4d30
[  201.076916][T12261]  ? ubi_attach+0x2135/0x4d30
[  201.076947][T12261]  ? kfree+0x223/0x6c0
[  201.076977][T12261]  ubi_attach+0x2380/0x4d30
[  201.077006][T12261]  ? ubi_msg+0x114/0x159
[  201.077030][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  201.077045][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  201.077070][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  201.077087][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  201.077109][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  201.077130][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  201.077160][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  201.077178][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  201.077201][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  201.077214][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  201.077227][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  201.077244][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  201.077259][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  201.077272][T12261]  __x64_sys_ioctl+0x18e/0x210
[  201.077286][T12261]  do_syscall_64+0x10b/0xf80
[  201.077300][T12261]  ? clear_bhb_loop+0x40/0x90
[  201.077314][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.077325][T12261] RIP: 0033:0x7f1726b9ce59
[  201.077335][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  201.077345][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  201.077356][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  201.077363][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  201.077369][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  201.077376][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  201.077382][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  201.077396][T12261]  </TASK>
[  201.167952][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 22, retry
[  201.170540][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 22, retry
[  201.173317][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 22, retry
[  201.176029][T12261] ubi31 error: do_sync_erase: cannot erase PEB 22, error -22
[  201.178477][T12261] CPU: 0 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  201.178494][T12261] Tainted: [L]=SOFTLOCKUP
[  201.178498][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  201.178504][T12261] Call Trace:
[  201.178508][T12261]  <TASK>
[  201.178512][T12261]  dump_stack_lvl+0x100/0x190
[  201.178528][T12261]  do_sync_erase+0x278/0x4d0
[  201.178545][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  201.178564][T12261]  ? rcu_is_watching+0x12/0xc0
[  201.178584][T12261]  ubi_io_sync_erase+0x58d/0x920
[  201.178603][T12261]  ubi_early_get_peb+0x1c8/0x870
[  201.178638][T12261]  create_vtbl+0x1f7/0xaa0
[  201.178655][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  201.178665][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  201.178682][T12261]  ubi_read_volume_table+0x80f/0x2860
[  201.178696][T12261]  ? kasan_quarantine_put+0x104/0x240
[  201.178714][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  201.178729][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  201.178743][T12261]  ? ubi_attach+0x2040/0x4d30
[  201.178753][T12261]  ? ubi_attach+0x2135/0x4d30
[  201.178763][T12261]  ? kfree+0x223/0x6c0
[  201.178780][T12261]  ubi_attach+0x2380/0x4d30
[  201.178796][T12261]  ? ubi_msg+0x114/0x159
[  201.178822][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  201.178834][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  201.178852][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  201.178863][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  201.178876][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  201.178889][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  201.178907][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  201.178919][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  201.178939][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  201.178951][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  201.178964][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  201.178979][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  201.178994][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  201.179006][T12261]  __x64_sys_ioctl+0x18e/0x210
[  201.179019][T12261]  do_syscall_64+0x10b/0xf80
[  201.179033][T12261]  ? clear_bhb_loop+0x40/0x90
[  201.179046][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.179057][T12261] RIP: 0033:0x7f1726b9ce59
[  201.179067][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  201.179077][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  201.179087][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  201.179094][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  201.179100][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  201.179105][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  201.179111][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  201.179125][T12261]  </TASK>
[  201.179156][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 23, retry
[  201.206363][T12281] fuse: Unknown parameter 'root¥*çªmode'
[  201.207730][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 23, retry
[  201.261260][   T40] kauditd_printk_skb: 167 callbacks suppressed
[  201.261278][   T40] audit: type=1400 audit(1778789166.529:2042): avc:  denied  { map_create } for  pid=12282 comm="syz.4.1887" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  201.264317][T12261] ubi31 warning: do_sync_erase: error -22 while erasing PEB 23, retry
[  201.280071][   T40] audit: type=1400 audit(1778789166.539:2043): avc:  denied  { map_read map_write } for  pid=12282 comm="syz.4.1887" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  201.282649][T12261] ubi31 error: do_sync_erase: cannot erase PEB 23, error -22
[  201.282689][T12261] CPU: 0 UID: 0 PID: 12261 Comm: syz.3.1880 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  201.282710][T12261] Tainted: [L]=SOFTLOCKUP
[  201.282715][T12261] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  201.282724][T12261] Call Trace:
[  201.282730][T12261]  <TASK>
[  201.282742][T12261]  dump_stack_lvl+0x100/0x190
[  201.282763][T12261]  do_sync_erase+0x278/0x4d0
[  201.282788][T12261]  ? __pfx_do_sync_erase+0x10/0x10
[  201.282812][T12261]  ? rcu_is_watching+0x12/0xc0
[  201.282837][T12261]  ubi_io_sync_erase+0x58d/0x920
[  201.282862][T12261]  ubi_early_get_peb+0x1c8/0x870
[  201.282883][T12261]  create_vtbl+0x1f7/0xaa0
[  201.282904][T12261]  ? ubi_read_volume_table+0x6d5/0x2860
[  201.282918][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  201.282940][T12261]  ubi_read_volume_table+0x80f/0x2860
[  201.282961][T12261]  ? kasan_quarantine_put+0x104/0x240
[  201.282984][T12261]  ? lockdep_hardirqs_on+0x78/0x100
[  201.283004][T12261]  ? __pfx_ubi_read_volume_table+0x10/0x10
[  201.283018][T12261]  ? ubi_attach+0x2040/0x4d30
[  201.283031][T12261]  ? ubi_attach+0x2135/0x4d30
[  201.283044][T12261]  ? kfree+0x223/0x6c0
[  201.283067][T12261]  ubi_attach+0x2380/0x4d30
[  201.283090][T12261]  ? ubi_msg+0x114/0x159
[  201.283109][T12261]  ? __pfx_ubi_attach+0x10/0x10
[  201.283124][T12261]  ? lockdep_init_map_type+0x5c/0x250
[  201.283147][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  201.283162][T12261]  ? __vmalloc_node_noprof+0xad/0xf0
[  201.283180][T12261]  ? ubi_attach_mtd_dev+0x1353/0x32a0
[  201.283198][T12261]  ubi_attach_mtd_dev+0x139f/0x32a0
[  201.283224][T12261]  ? __pfx_ubi_attach_mtd_dev+0x10/0x10
[  201.283240][T12261]  ? __pfx_get_mtd_device+0x10/0x10
[  201.283267][T12261]  ctrl_cdev_ioctl+0x36a/0x400
[  201.283283][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  201.283301][T12261]  ? selinux_file_ioctl+0x13b/0x290
[  201.283321][T12261]  ? selinux_file_ioctl+0xb6/0x290
[  201.283342][T12261]  ? __pfx_ctrl_cdev_ioctl+0x10/0x10
[  201.283359][T12261]  __x64_sys_ioctl+0x18e/0x210
[  201.283377][T12261]  do_syscall_64+0x10b/0xf80
[  201.283395][T12261]  ? clear_bhb_loop+0x40/0x90
[  201.283414][T12261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  201.283429][T12261] RIP: 0033:0x7f1726b9ce59
[  201.283443][T12261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  201.283456][T12261] RSP: 002b:00007f1724df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  201.283471][T12261] RAX: ffffffffffffffda RBX: 00007f1726e15fa0 RCX: 00007f1726b9ce59
[  201.283480][T12261] RDX: 0000200000000040 RSI: 0000000040186f40 RDI: 0000000000000007
[  201.283489][T12261] RBP: 00007f1726c32d6f R08: 0000000000000000 R09: 0000000000000000
[  201.283499][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  201.283507][T12261] R13: 00007f1726e16038 R14: 00007f1726e15fa0 R15: 00007ffdaf57bcd8
[  201.283527][T12261]  </TASK>
[  201.283544][T12261] ubi31 error: ubi_early_get_peb: no free eraseblocks
[  201.289441][   T40] audit: type=1400 audit(1778789166.539:2044): avc:  denied  { prog_load } for  pid=12282 comm="syz.4.1887" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  201.425292][   T40] audit: type=1400 audit(1778789166.539:2045): avc:  denied  { prog_run } for  pid=12282 comm="syz.4.1887" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  201.432049][   T40] audit: type=1400 audit(1778789166.579:2046): avc:  denied  { execute } for  pid=12280 comm="syz.0.1886" name="file0" dev="tmpfs" ino=2448 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[  201.439439][   T40] audit: type=1400 audit(1778789166.579:2047): avc:  denied  { ioctl } for  pid=12280 comm="syz.0.1886" path="socket:[56481]" dev="sockfs" ino=56481 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  201.462954][   T40] audit: type=1400 audit(1778789166.729:2048): avc:  denied  { create } for  pid=12291 comm="syz.2.1889" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  201.590912][T12261] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd1, error -28
[  201.597454][   T40] audit: type=1400 audit(1778789166.869:2049): avc:  denied  { create } for  pid=12296 comm="syz.4.1891" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  201.598303][   T40] audit: type=1400 audit(1778789166.869:2050): avc:  denied  { ioctl } for  pid=12296 comm="syz.4.1891" path="socket:[56494]" dev="sockfs" ino=56494 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  201.619880][   T40] audit: type=1400 audit(1778789166.889:2051): avc:  denied  { write } for  pid=12296 comm="syz.4.1891" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  201.941062][T12322] Unsupported ieee802154 address type: 0
[  201.942795][T12324] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  202.110638][T12335] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[  202.181045][T12342] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1907'.
[  202.495865][T12366] netlink: 'syz.2.1913': attribute type 1 has an invalid length.
[  202.498769][T12366] netlink: 96 bytes leftover after parsing attributes in process `syz.2.1913'.
[  202.501634][T12366] netlink: 'syz.2.1913': attribute type 1 has an invalid length.
[  202.504027][T12366] netlink: 'syz.2.1913': attribute type 8 has an invalid length.
[  202.506546][T12366] netlink: 582 bytes leftover after parsing attributes in process `syz.2.1913'.
[  202.509706][T12366] netlink: 1 bytes leftover after parsing attributes in process `syz.2.1913'.
[  203.122858][T12386] netlink: 64 bytes leftover after parsing attributes in process `syz.3.1919'.
[  203.251046][T12403] No source specified
[  203.298843][T12406] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1924'.
[  203.545083][T12432] overlayfs: missing 'lowerdir'
[  203.616453][T12443] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  203.621928][T12443] SET target dimension over the limit!
[  203.634480][T12446] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1935'.
[  203.983342][T12474] netlink: 'syz.2.1942': attribute type 1 has an invalid length.
[  204.000047][T12474] 8021q: adding VLAN 0 to HW filter on device bond0
[  204.086178][T12481] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1945'.
[  204.284200][T12499] macvtap1: entered promiscuous mode
[  204.286535][T12499] macvtap1: entered allmulticast mode
[  204.413785][T12502] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3)
[  204.416061][T12502] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus)
[  204.418831][T12502] vhci_hcd vhci_hcd.0: Device attached
[  204.428248][T12502] vhci_hcd vhci_hcd.0: port 0 already used
[  204.431000][T12503] vhci_hcd: connection closed
[  204.431437][ T6868] vhci_hcd vhci_hcd.2: stop threads
[  204.435066][ T6868] vhci_hcd vhci_hcd.2: release socket
[  204.437125][ T6868] vhci_hcd vhci_hcd.2: disconnect device
[  205.032462][T12529] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1958'.
[  205.119149][T12541] openvswitch: netlink: Unexpected mask (mask=200240, allowed=10048)
[  205.123858][T12541] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1962'.
[  205.136911][ T1474] usb 5-1: new high-speed USB device number 29 using dummy_hcd
[  205.266972][ T1474] usb 5-1: device descriptor read/64, error -71
[  205.516824][ T1474] usb 5-1: new high-speed USB device number 30 using dummy_hcd
[  205.657057][ T1474] usb 5-1: device descriptor read/64, error -71
[  205.768019][ T1474] usb usb5-port1: attempt power cycle
[  205.898778][T12544] omfs: Invalid superblock (0)
[  205.951870][T12541] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  205.956886][T12541] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  205.976634][T12541] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  205.985276][T12541] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  205.987746][T12541] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  205.998803][T12541] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  206.070488][T12559] can0: slcan on pty28.
[  206.127295][ T1474] usb 5-1: new high-speed USB device number 31 using dummy_hcd
[  206.140838][T12566] No such timeout policy "syz1"
[  206.149098][ T1474] usb 5-1: device descriptor read/8, error -71
[  206.278194][   T40] kauditd_printk_skb: 226 callbacks suppressed
[  206.278212][   T40] audit: type=1400 audit(1778789171.549:2278): avc:  denied  { ioctl } for  pid=12563 comm="syz.3.1970" path="/dev/vhost-vsock" dev="devtmpfs" ino=1300 ioctlcmd=0xaf01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1
[  206.356606][   T40] audit: type=1400 audit(1778789171.619:2279): avc:  denied  { search } for  pid=12580 comm="dhcpcd-run-hook" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[  206.386966][ T1474] usb 5-1: new high-speed USB device number 32 using dummy_hcd
[  206.407568][ T1474] usb 5-1: device descriptor read/8, error -71
[  206.478443][   T40] audit: type=1400 audit(1778789171.749:2280): avc:  denied  { sys_module } for  pid=12586 comm="syz.3.1973" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  206.517146][ T1474] usb usb5-port1: unable to enumerate USB device
[  206.530904][   T40] audit: type=1400 audit(1778789171.799:2281): avc:  denied  { read write } for  pid=5741 comm="syz-executor" name="loop3" dev="devtmpfs" ino=661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  206.540650][   T40] audit: type=1400 audit(1778789171.799:2282): avc:  denied  { open } for  pid=5741 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=661 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  206.540680][   T40] audit: type=1400 audit(1778789171.799:2283): avc:  denied  { ioctl } for  pid=5741 comm="syz-executor" path="/dev/loop3" dev="devtmpfs" ino=661 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  206.570691][   T40] audit: type=1400 audit(1778789171.839:2284): avc:  denied  { name_bind } for  pid=12591 comm="syz.3.1974" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=tcp_socket permissive=1
[  206.570782][   T40] audit: type=1400 audit(1778789171.839:2285): avc:  denied  { node_bind } for  pid=12591 comm="syz.3.1974" src=20002 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1
[  206.607211][   T40] audit: type=1400 audit(1778789171.879:2286): avc:  denied  { ioctl } for  pid=12593 comm="syz.3.1975" path="socket:[55840]" dev="sockfs" ino=55840 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  206.644042][   T40] audit: type=1400 audit(1778789171.909:2287): avc:  denied  { read } for  pid=12595 comm="syz.3.1976" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  206.977526][T12558] can0 (unregistered): slcan off pty28.
[  207.021066][T12607] 8021q: adding VLAN 0 to HW filter on device ipvlan3
[  207.021385][T12607] bond0: (slave ipvlan3): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  207.186882][   T62] Bluetooth: hci3: command 0x0c1a tx timeout
[  207.290040][T12620] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  207.303276][T12620] kvm: pic: level sensitive irq not supported
[  207.303614][T12620] kvm: pic: non byte read
[  207.307723][T12620] kvm: pic: level sensitive irq not supported
[  207.307961][T12620] kvm: pic: non byte read
[  207.313804][T12620] kvm: pic: level sensitive irq not supported
[  207.314030][T12620] kvm: pic: non byte read
[  207.946895][   T53] usb 8-1: new high-speed USB device number 31 using dummy_hcd
[  207.987091][   T62] Bluetooth: hci1: command 0x0c1a tx timeout
[  208.104236][   T53] usb 8-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  208.110897][   T53] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  208.114153][   T53] usb 8-1: Product: syz
[  208.115526][   T53] usb 8-1: Manufacturer: syz
[  208.117616][   T53] usb 8-1: SerialNumber: syz
[  208.129458][   T53] usb 8-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  208.163891][ T5884] usb 8-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  208.401854][T12677] netlink: 'syz.2.2000': attribute type 1 has an invalid length.
[  208.405236][T12677] netlink: 'syz.2.2000': attribute type 2 has an invalid length.
[  208.546138][T12681] xt_policy: output policy not valid in PREROUTING and INPUT
[  208.672100][T12689] syzkaller0: entered promiscuous mode
[  208.674603][T12689] syzkaller0: entered allmulticast mode
[  208.763001][T12697] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2006'.
[  208.861519][T12703] fuse: fd is not a fuse device
[  208.881132][T12705] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2009'.
[  209.195894][T12715] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2012'.
[  209.198817][T12715] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2012'.
[  209.205416][T12715] geneve2: entered promiscuous mode
[  209.207298][T12715] geneve2: entered allmulticast mode
[  209.210752][ T6849] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  209.214375][ T6849] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  209.217635][ T6849] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  209.221280][ T6849] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  209.266790][ T5884] ath9k_htc 8-1:1.0: ath9k_htc: Target is unresponsive
[  209.269026][   T62] Bluetooth: hci3: command 0x0c1a tx timeout
[  209.273140][ T5884] ath9k_htc: Failed to initialize the device
[  209.302129][ T5884] usb 8-1: ath9k_htc: USB layer deinitialized
[  209.566619][T12731] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  209.573811][T12731] bridge_slave_0: left allmulticast mode
[  209.575786][T12731] bridge_slave_0: left promiscuous mode
[  209.583546][T12731] bridge0: port 1(bridge_slave_0) entered disabled state
[  209.598655][T12731] bridge_slave_1: left allmulticast mode
[  209.601189][T12731] bridge_slave_1: left promiscuous mode
[  209.603889][T12731] bridge0: port 2(bridge_slave_1) entered disabled state
[  209.612622][T12731] team0: Port device team_slave_0 removed
[  209.617016][T12731] team0: Port device team_slave_1 removed
[  209.620018][T12731] batman_adv: batadv0: Removing interface: batadv_slave_0
[  209.624246][T12731] batman_adv: batadv0: Removing interface: batadv_slave_1
[  209.628590][T12731] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  209.641056][T12736] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  209.645875][T12734] syzkaller0: MTU too low for tipc bearer
[  209.648635][T12734] tipc: Disabling bearer <eth:syzkaller0>
[  209.784344][T12634] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1986'.
[  209.853173][T12750] binder: 12749:12750 ioctl c0306201 200000000080 returned -14
[  209.858306][T12750] binder: 12749:12750 ioctl c0306201 2000000003c0 returned -14
[  209.860931][ T1474] usb 8-1: USB disconnect, device number 31
[  210.066793][   T62] Bluetooth: hci1: command 0x0c1a tx timeout
[  210.223228][T12773] 9pnet_fd: p9_fd_create_unix (12773): problem connecting socket: ./file0: -111
[  210.229569][T12773] netlink: 36 bytes leftover after parsing attributes in process `syz.0.2028'.
[  210.519136][T12786] netlink: 'syz.3.2032': attribute type 1 has an invalid length.
[  210.522525][T12785] netlink: 'syz.3.2032': attribute type 1 has an invalid length.
[  210.548076][T12785] 8021q: adding VLAN 0 to HW filter on device bond7
[  210.557240][T12785] vlan2: entered allmulticast mode
[  210.559277][T12785] bond7: entered allmulticast mode
[  210.661673][T12794] syzkaller1: entered promiscuous mode
[  210.663593][T12794] syzkaller1: entered allmulticast mode
[  210.860373][T12819] bond8: option arp_interval: mode dependency failed, not supported in mode balance-alb(6)
[  210.864744][T12819] bond8 (unregistering): Released all slaves
[  210.972429][T12827] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2044'.
[  211.257274][   T34] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  211.346858][   T62] Bluetooth: hci3: command 0x0c1a tx timeout
[  211.386750][   T34] usb 9-1: device descriptor read/64, error -71
[  211.626794][   T34] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  211.756859][   T34] usb 9-1: device descriptor read/64, error -71
[  211.869004][   T34] usb usb9-port1: attempt power cycle
[  212.146806][   T62] Bluetooth: hci1: command 0x0c1a tx timeout
[  212.216789][   T34] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  212.237627][   T34] usb 9-1: device descriptor read/8, error -71
[  212.477285][   T34] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  212.497906][   T34] usb 9-1: device descriptor read/8, error -71
[  212.607213][   T34] usb usb9-port1: unable to enumerate USB device
[  212.829637][T12837] new mount options do not match the existing superblock, will be ignored
[  212.833857][   T40] kauditd_printk_skb: 233 callbacks suppressed
[  212.833867][   T40] audit: type=1400 audit(1778789178.099:2521): avc:  denied  { mount } for  pid=12836 comm="syz.2.2048" name="/" dev="cgroup" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  212.848425][   T40] audit: type=1400 audit(1778789178.119:2522): avc:  denied  { unmount } for  pid=8801 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  212.872448][   T40] audit: type=1400 audit(1778789178.139:2523): avc:  denied  { unlink } for  pid=12838 comm="syz.2.2049" name="#37" dev="tmpfs" ino=1376 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  212.882561][   T40] audit: type=1400 audit(1778789178.139:2524): avc:  denied  { mount } for  pid=12838 comm="syz.2.2049" name="/" dev="overlay" ino=1372 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  212.892503][   T40] audit: type=1400 audit(1778789178.159:2525): avc:  denied  { unmount } for  pid=8801 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1
[  212.902944][   T40] audit: type=1400 audit(1778789178.169:2526): avc:  denied  { read write } for  pid=8801 comm="syz-executor" name="loop2" dev="devtmpfs" ino=660 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  212.913133][   T40] audit: type=1400 audit(1778789178.169:2527): avc:  denied  { open } for  pid=8801 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=660 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  212.923477][   T40] audit: type=1400 audit(1778789178.169:2528): avc:  denied  { ioctl } for  pid=8801 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=660 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[  213.745100][T12801] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  213.818448][T12848] netlink: 'syz.2.2052': attribute type 1 has an invalid length.
[  213.865625][T12849] macvlan2: entered promiscuous mode
[  213.868718][T12849] macvlan2: entered allmulticast mode
[  213.874495][T12849] bond3: entered promiscuous mode
[  213.879419][T12849] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  213.901446][T12849] bond3: left promiscuous mode
[  213.952852][T12853] sch_tbf: burst 255 is lower than device syzkaller0 mtu (1500) !
[  213.960808][T12853] syzkaller0: entered promiscuous mode
[  213.961658][   T40] audit: type=1400 audit(1778789179.229:2529): avc:  denied  { create } for  pid=12856 comm="syz.0.2054" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  213.965335][T12853] syzkaller0: entered allmulticast mode
[  213.975199][T12857] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2054'.
[  213.975223][   T40] audit: type=1400 audit(1778789179.229:2530): avc:  denied  { setopt } for  pid=12856 comm="syz.0.2054" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  214.081671][T12866] netlink: 168 bytes leftover after parsing attributes in process `syz.4.2057'.
[  214.085497][T12866] netlink: 168 bytes leftover after parsing attributes in process `syz.4.2057'.
[  214.110572][T12866] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2057'.
[  214.115133][T12866] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2057'.
[  214.297102][ T5844] usb 5-1: new high-speed USB device number 33 using dummy_hcd
[  214.443002][T12888] netlink: 'syz.4.2063': attribute type 2 has an invalid length.
[  214.449889][ T5844] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  214.456571][ T5844] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  214.460471][ T5844] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  214.463463][ T5844] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  214.469706][T12862] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  214.474015][ T5844] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  214.601675][T12891] syzkaller0: entered promiscuous mode
[  214.604202][T12891] syzkaller0: entered allmulticast mode
[  214.622835][T12891] fuse: Bad value for 'group_id'
[  214.625146][T12891] fuse: Bad value for 'group_id'
[  214.628773][T12891] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  214.678595][   T34] usb 5-1: USB disconnect, device number 33
[  215.010958][ T5844] IPVS: starting estimator thread 0...
[  215.096945][T12895] IPVS: using max 43 ests per chain, 103200 per kthread
[  215.279899][T12904] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  215.336947][T12907] bridge0: port 1(ipvlan3) entered blocking state
[  215.339348][T12907] bridge0: port 1(ipvlan3) entered disabled state
[  215.341822][T12907] ipvlan3: entered allmulticast mode
[  215.343689][T12907] bridge0: entered allmulticast mode
[  215.346896][T12907] ipvlan3: left allmulticast mode
[  215.349166][T12907] bridge0: left allmulticast mode
[  215.757109][ T5844] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  215.931145][ T5844] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  215.934740][ T5844] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  215.938911][ T5844] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  215.943533][ T5844] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  215.946621][ T5844] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  215.951787][ T5844] usb 9-1: config 0 descriptor??
[  216.216367][T12920] No such timeout policy "syz1"
[  216.309233][T12926] wg1 speed is unknown, defaulting to 1000
[  216.313042][T12926] wg1 speed is unknown, defaulting to 1000
[  216.322006][T12926] wg1 speed is unknown, defaulting to 1000
[  216.395086][ T5844] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  216.485980][T12926] infiniband syz2: set down
[  216.487628][ T1490] wg1 speed is unknown, defaulting to 1000
[  216.497375][T12926] infiniband syz2: added wg1
[  216.508695][T12926] smbdirect: ib_dev[syz2]: added: IB_CA max_fast_reg_page_list_len=512 device_cap_flags=0x1c001223c76 kernel_cap_flags=0x14 page_size_cap=0xfffff000
[  216.513858][T12926] smbdirect: ib_dev[syz2]: num_ports=1 max_qp_rd_atom=128 max_qp_init_rd_atom=128 max_sgl_rd=0 max_sge_rd=32 max_cqe=32767 max_qp_wr=1048576 max_send_sge=32 max_recv_sge=32
[  216.519488][T12926] smbdirect: ib_dev[syz2]PORT[1]: iwarp=0 ib=0 roce=1 v1=0 v2=1 core_cap_flags=0x803005
[  216.545393][T12926] RDS/IB: syz2: added
[  216.546970][T12926] smc: adding ib device syz2 with port count 1
[  216.548933][T12926] smc:    ib device syz2 port 1 has no pnetid
[  216.554270][ T1490] wg1 speed is unknown, defaulting to 1000
[  216.560820][T12926] wg1 speed is unknown, defaulting to 1000
[  216.643356][T12926] wg1 speed is unknown, defaulting to 1000
[  216.706954][    T9] usb 5-1: new high-speed USB device number 34 using dummy_hcd
[  216.726394][T12926] wg1 speed is unknown, defaulting to 1000
[  216.805614][T12926] wg1 speed is unknown, defaulting to 1000
[  216.859257][    T9] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  216.862812][    T9] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  216.866091][    T9] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  216.869782][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  216.880305][T12931] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  216.885139][    T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  216.914348][T12926] wg1 speed is unknown, defaulting to 1000
[  217.084683][T12926] wg1 speed is unknown, defaulting to 1000
[  217.090492][ T5844] usb 5-1: USB disconnect, device number 34
[  217.370000][T12946] Bluetooth: MGMT ver 1.23
[  217.371983][T12946] Bluetooth: hci1: expected 2178 bytes, got 2 bytes
[  217.678343][T12964] batadv_slave_0: entered promiscuous mode
[  217.681663][T12964] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=43 sclass=netlink_route_socket pid=12964 comm=syz.3.2085
[  217.773719][T12974] fuse: Bad value for 'user_id'
[  217.775882][T12974] fuse: Bad value for 'user_id'
[  217.837890][    T9] usb 9-1: reset high-speed USB device number 13 using dummy_hcd
[  217.884563][T12963] batadv_slave_0: left promiscuous mode
[  217.928725][   T40] kauditd_printk_skb: 130 callbacks suppressed
[  217.928744][   T40] audit: type=1400 audit(1778789183.199:2661): avc:  denied  { create } for  pid=12979 comm="syz.3.2088" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  217.940466][   T40] audit: type=1400 audit(1778789183.209:2662): avc:  denied  { ioctl } for  pid=12979 comm="syz.3.2088" path="socket:[61447]" dev="sockfs" ino=61447 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  217.951610][   T40] audit: type=1400 audit(1778789183.209:2663): avc:  denied  { ioctl } for  pid=12979 comm="syz.3.2088" path="socket:[61453]" dev="sockfs" ino=61453 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1
[  217.963290][   T40] audit: type=1400 audit(1778789183.209:2664): avc:  denied  { module_request } for  pid=12979 comm="syz.3.2088" kmod="netdev-wpan0" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1
[  217.974127][   T40] audit: type=1400 audit(1778789183.239:2665): avc:  denied  { sys_module } for  pid=12979 comm="syz.3.2088" capability=16  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  217.977005][    T9] usb 9-1: device descriptor read/64, error -32
[  217.997442][   T40] audit: type=1400 audit(1778789183.269:2666): avc:  denied  { getopt } for  pid=12979 comm="syz.3.2088" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  218.008697][   T40] audit: type=1400 audit(1778789183.269:2667): avc:  denied  { create } for  pid=12984 comm="syz.2.2089" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  218.015143][   T40] audit: type=1400 audit(1778789183.269:2668): avc:  denied  { bind } for  pid=12984 comm="syz.2.2089" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  218.023223][   T40] audit: type=1400 audit(1778789183.269:2669): avc:  denied  { read } for  pid=12984 comm="syz.2.2089" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=llc_socket permissive=1
[  218.057891][   T40] audit: type=1400 audit(1778789183.329:2670): avc:  denied  { create } for  pid=12986 comm="syz.3.2090" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  218.180436][T12996] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2093'.
[  218.196809][T12996] : entered promiscuous mode
[  218.243416][    T9] usb 9-1: reset high-speed USB device number 13 using dummy_hcd
[  218.318006][T12996] kvm: kvm [12995]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc2) = 0x9d00
[  218.322018][T12996] kvm: kvm [12995]: vcpu0, guest rIP: 0x9114 Unhandled WRMSR(0xc1) = 0x9d00
[  218.352321][T13001] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  218.361309][T13001] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  218.391206][    T9] usb 9-1: device descriptor read/64, error -32
[  218.626753][    T9] usb 9-1: reset high-speed USB device number 13 using dummy_hcd
[  218.647058][    T9] usb 9-1: device descriptor read/8, error -32
[  218.889829][    T9] usb 9-1: reset high-speed USB device number 13 using dummy_hcd
[  218.907100][    T9] usb 9-1: device descriptor read/8, error -32
[  219.001146][T13020] netlink: 'syz.2.2101': attribute type 2 has an invalid length.
[  219.017998][    T9] raw-gadget.0 gadget.4: failed to queue suspend event
[  219.044047][ T5883] usb 9-1: USB disconnect, device number 13
[  219.060765][ T5883] raw-gadget.0 gadget.4: failed to queue reset event
[  219.126837][ T5883] raw-gadget.0 gadget.4: failed to queue resume event
[  219.142833][T13028] XFS (loop2): SB validate failed with error -5.
[  219.187913][ T5883] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  219.191565][    C0] raw-gadget.0 gadget.4: ignoring, device is not running
[  219.194859][ T5883] raw-gadget.0 gadget.4: failed to queue reset event
[  219.236638][   T25] I/O error, dev loop2, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 2
[  219.267417][ T5883] raw-gadget.0 gadget.4: failed to queue resume event
[  219.327575][ T5883] usb 9-1: device descriptor read/64, error -32
[  219.437961][ T5883] raw-gadget.0 gadget.4: failed to queue suspend event
[  219.441175][ T5883] raw-gadget.0 gadget.4: failed to queue reset event
[  219.506847][ T5883] raw-gadget.0 gadget.4: failed to queue resume event
[  219.566887][ T5883] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  219.570557][    C0] raw-gadget.0 gadget.4: ignoring, device is not running
[  219.573467][ T5883] raw-gadget.0 gadget.4: failed to queue reset event
[  219.646864][ T5883] raw-gadget.0 gadget.4: failed to queue resume event
[  219.707130][ T5883] usb 9-1: device descriptor read/64, error -32
[  219.816891][ T5883] raw-gadget.0 gadget.4: failed to queue suspend event
[  219.820064][ T5883] usb usb9-port1: attempt power cycle
[  219.822678][ T5883] raw-gadget.0 gadget.4: failed to queue disconnect event
[  219.825854][ T5883] raw-gadget.0 gadget.4: failed to queue reset event
[  219.851446][ T6849] bridge_slave_1: left allmulticast mode
[  219.855501][ T6849] bridge_slave_1: left promiscuous mode
[  219.862926][ T6849] bridge0: port 2(bridge_slave_1) entered disabled state
[  219.872165][ T6849] bridge_slave_0: left allmulticast mode
[  219.874940][ T6849] bridge_slave_0: left promiscuous mode
[  219.877835][ T6849] bridge0: port 1(bridge_slave_0) entered disabled state
[  219.907304][ T5883] raw-gadget.0 gadget.4: failed to queue resume event
[  219.914713][ T5883] raw-gadget.0 gadget.4: failed to queue reset event
[  220.041497][ T6849] gretap0 (unregistering): left promiscuous mode
[  220.059653][T13064] sctp: [Deprecated]: syz.4.2113 (pid 13064) Use of struct sctp_assoc_value in delayed_ack socket option.
[  220.059653][T13064] Use struct sctp_sack_info instead
[  220.068923][ T6849] bond1 (unregistering): (slave geneve2): Releasing active interface
[  220.080803][T13064] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  220.085418][T13064] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  220.101978][ T6849] bridge0 (unregistering): left promiscuous mode
[  220.126997][ T5883] raw-gadget.0 gadget.4: failed to queue resume event
[  220.194281][T13065] netlink: 104 bytes leftover after parsing attributes in process `syz.4.2113'.
[  220.196910][ T5883] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  220.217074][    C0] raw-gadget.0 gadget.4: ignoring, device is not running
[  220.220325][ T5883] usb 9-1: device descriptor read/8, error -32
[  220.327126][ T5883] raw-gadget.0 gadget.4: failed to queue suspend event
[  220.330080][ T5883] raw-gadget.0 gadget.4: failed to queue reset event
[  220.332413][T13078] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2117'.
[  220.338741][ T6849] bond1 (unregistering): Released all slaves
[  220.352555][ T6849] bond2 (unregistering): Released all slaves
[  220.396802][ T5883] raw-gadget.0 gadget.4: failed to queue resume event
[  220.456955][ T5883] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  220.477119][    C0] raw-gadget.0 gadget.4: ignoring, device is not running
[  220.479833][ T5883] usb 9-1: device descriptor read/8, error -32
[  220.500673][T13094] tmpfs: Bad value for 'mpol'
[  220.507424][T13094] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2122'.
[  220.596899][ T5883] raw-gadget.0 gadget.4: failed to queue suspend event
[  220.601587][ T5883] usb usb9-port1: unable to enumerate USB device
[  221.147310][ T6849] hsr_slave_0: left promiscuous mode
[  221.149869][ T6849] hsr_slave_1: left promiscuous mode
[  221.152403][ T6849] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  221.154944][ T6849] batman_adv: batadv0: Removing interface: batadv_slave_0
[  221.158934][ T6849] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  221.161416][ T6849] batman_adv: batadv0: Removing interface: batadv_slave_1
[  221.182584][ T6849] veth1_macvtap: left promiscuous mode
[  221.185364][ T6849] veth0_macvtap: left promiscuous mode
[  221.191436][ T6849] veth1_vlan: left promiscuous mode
[  221.193952][ T6849] veth0_vlan: left promiscuous mode
[  221.251525][T13106] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2126'.
[  221.253968][ T6849] pim6reg (unregistering): left allmulticast mode
[  221.411772][ T6849] team0 (unregistering): Port device team_slave_0 removed
[  221.456054][T13249] netlink: 'syz.2.2128': attribute type 3 has an invalid length.
[  221.801326][T13251] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2129'.
[  222.257360][ T5844] usb 8-1: new full-speed USB device number 32 using dummy_hcd
[  222.424578][ T5844] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  222.428689][T13279] netlink: 'syz.2.2137': attribute type 1 has an invalid length.
[  222.433300][ T5844] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  222.447624][ T5844] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  222.451700][T13279] 8021q: adding VLAN 0 to HW filter on device bond4
[  222.466948][ T5844] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  222.513828][T13282] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2138'.
[  222.679548][ T5844] usb 8-1: usb_control_msg returned -32
[  222.681398][ T5844] usbtmc 8-1:16.0: can't read capabilities
[  222.694683][T13290] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2140'.
[  222.698613][T13291] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2140'.
[  223.031714][   T40] kauditd_printk_skb: 145 callbacks suppressed
[  223.031727][   T40] audit: type=1400 audit(1778789188.299:2816): avc:  denied  { write } for  pid=13253 comm="syz.3.2130" name="usbtmc0" dev="devtmpfs" ino=3525 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  223.052132][ T5738] Bluetooth: hci1: command 0x0c1a tx timeout
[  223.055047][   T40] audit: type=1326 audit(1778789188.319:2817): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=13063 comm="syz.4.2113" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8ee119ce59 code=0x7fc00000
[  223.107209][   T40] audit: type=1400 audit(1778789188.369:2818): avc:  denied  { create } for  pid=13298 comm="syz.4.2143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  223.115498][   T40] audit: type=1400 audit(1778789188.379:2819): avc:  denied  { bind } for  pid=13298 comm="syz.4.2143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  223.116502][T13299] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2143'.
[  223.122469][   T40] audit: type=1400 audit(1778789188.379:2820): avc:  denied  { accept } for  pid=13298 comm="syz.4.2143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  223.135809][   T40] audit: type=1400 audit(1778789188.379:2821): avc:  denied  { read } for  pid=13298 comm="syz.4.2143" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=alg_socket permissive=1
[  223.142466][T13299] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2143'.
[  223.172956][   T40] audit: type=1400 audit(1778789188.439:2822): avc:  denied  { bpf } for  pid=13300 comm="syz.4.2144" capability=39  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  223.180671][   T40] audit: type=1400 audit(1778789188.439:2823): avc:  denied  { perfmon } for  pid=13300 comm="syz.4.2144" capability=38  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  223.219241][   T40] audit: type=1400 audit(1778789188.489:2824): avc:  denied  { bind } for  pid=13305 comm="syz.4.2145" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[  223.225614][   T40] audit: type=1400 audit(1778789188.489:2825): avc:  denied  { node_bind } for  pid=13305 comm="syz.4.2145" saddr=224.0.0.1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=rawip_socket permissive=1
[  223.777498][   T62] Bluetooth: hci3: Malformed HCI Event
[  223.795213][T13335] netlink: Conntrack attr has 4 unknown bytes
[  223.798790][T13334] netlink: Conntrack attr has 4 unknown bytes
[  223.846059][T13338] netlink: 'syz.0.2154': attribute type 2 has an invalid length.
[  223.945418][T13344] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  223.985057][T13347] ------------[ cut here ]------------
[  223.987957][T13347] refcount_t: underflow; use-after-free.
[  223.992115][T13347] WARNING: lib/refcount.c:28 at refcount_warn_saturate+0xf4/0x130, CPU#0: syz.0.2158/13347
[  223.996031][T13347] Modules linked in:
[  223.998404][T13347] CPU: 0 UID: 0 PID: 13347 Comm: syz.0.2158 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  224.003204][T13347] Tainted: [L]=SOFTLOCKUP
[  224.005078][T13347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  224.009413][T13347] RIP: 0010:refcount_warn_saturate+0xf4/0x130
[  224.012111][T13347] Code: cc e8 b0 3a 0f fd 48 8d 3d 49 e7 e8 0b 67 48 0f b9 3a e8 9f 3a 0f fd 5b 5d e9 d8 66 94 06 e8 93 3a 0f fd 48 8d 3d 3c e7 e8 0b <67> 48 0f b9 3a e8 82 3a 0f fd 5b 5d c3 cc cc cc cc e8 76 3a 0f fd
[  224.021164][T13347] RSP: 0018:ffffc90005aef120 EFLAGS: 00010293
[  224.023937][T13347] RAX: 0000000000000000 RBX: ffff88802f52f780 RCX: ffffffff84f963bb
[  224.027536][T13347] RDX: ffff88805a3b2500 RSI: ffffffff84f9644d RDI: ffffffff90e24b90
[  224.031042][T13347] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000004
[  224.034231][T13347] R10: 0000000000000003 R11: 0000000000000000 R12: ffff88802f52f780
[  224.037982][T13347] R13: ffffffff8a055e40 R14: 0000000000000000 R15: 0000000000000018
[  224.041463][T13347] FS:  00007f7de86fc6c0(0000) GS:ffff8880d6370000(0000) knlGS:0000000000000000
[  224.044940][T13347] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  224.047812][T13347] CR2: fffffffffffffff8 CR3: 0000000058398000 CR4: 0000000000352ef0
[  224.051226][T13347] Call Trace:
[  224.052693][T13347]  <TASK>
[  224.053986][T13347]  sk_common_release+0x260/0x370
[  224.056263][T13347]  inet_release+0xed/0x200
[  224.058395][T13347]  sock_release+0x91/0x1c0
[  224.060344][T13347]  ? __pfx_rxe_ns_pernet_set_sk4+0x10/0x10
[  224.062801][T13347]  rxe_sock_put+0xae/0x130
[  224.064753][T13347]  ? __pfx_rxe_dellink+0x10/0x10
[  224.066998][T13347]  rxe_net_del+0x83/0x120
[  224.068934][T13347]  rxe_dellink+0x15/0x20
[  224.071003][T13347]  nldev_dellink+0x289/0x3c0
[  224.073096][T13347]  ? __pfx_nldev_dellink+0x10/0x10
[  224.075676][T13347]  ? rcu_is_watching+0x12/0xc0
[  224.077747][T13347]  ? cap_capable+0x10b/0x440
[  224.079256][T13347]  ? bpf_lsm_capable+0x9/0x10
[  224.081343][T13347]  ? security_capable+0x80/0x260
[  224.083517][T13347]  ? ns_capable+0xd2/0xf0
[  224.085471][T13347]  ? __pfx_nldev_dellink+0x10/0x10
[  224.087989][T13347]  rdma_nl_rcv_msg+0x392/0x6f0
[  224.090309][T13347]  ? __pfx_rdma_nl_rcv_msg+0x10/0x10
[  224.092699][T13347]  ? __lock_acquire+0x4a5/0x2630
[  224.094942][T13347]  rdma_nl_rcv_skb.constprop.0.isra.0+0x2cb/0x410
[  224.097838][T13347]  ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10
[  224.100786][T13347]  ? netlink_deliver_tap+0x1ae/0xcc0
[  224.103164][T13347]  netlink_unicast+0x585/0x850
[  224.104996][T13347]  ? __pfx_netlink_unicast+0x10/0x10
[  224.107364][T13347]  netlink_sendmsg+0x8b0/0xda0
[  224.109556][T13347]  ? __pfx_netlink_sendmsg+0x10/0x10
[  224.111859][T13347]  ? __might_fault+0x30/0x140
[  224.113944][T13347]  ____sys_sendmsg+0x9e1/0xb70
[  224.116082][T13347]  ? __pfx_netlink_sendmsg+0x10/0x10
[  224.118539][T13347]  ? __pfx_____sys_sendmsg+0x10/0x10
[  224.120847][T13347]  ? folio_add_new_anon_rmap+0x44e/0x1690
[  224.123195][T13347]  ? rcu_read_unlock+0x2d/0xb0
[  224.124946][T13347]  ? rcu_read_unlock+0x2d/0xb0
[  224.127145][T13347]  ___sys_sendmsg+0x190/0x1e0
[  224.129200][T13347]  ? __pfx____sys_sendmsg+0x10/0x10
[  224.131491][T13347]  __sys_sendmsg+0x170/0x220
[  224.133432][T13347]  ? __pfx___sys_sendmsg+0x10/0x10
[  224.135604][T13347]  ? _raw_spin_unlock_irq+0x2e/0x50
[  224.137919][T13347]  ? rcu_is_watching+0x12/0xc0
[  224.139638][T13347]  do_syscall_64+0x10b/0xf80
[  224.141701][T13347]  ? clear_bhb_loop+0x40/0x90
[  224.143758][T13347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.146404][T13347] RIP: 0033:0x7f7de779ce59
[  224.148663][T13347] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  224.156482][T13347] RSP: 002b:00007f7de86fc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  224.160354][T13347] RAX: ffffffffffffffda RBX: 00007f7de7a16090 RCX: 00007f7de779ce59
[  224.163784][T13347] RDX: 0000000000000004 RSI: 0000200000004680 RDI: 0000000000000006
[  224.167124][T13347] RBP: 00007f7de7832d6f R08: 0000000000000000 R09: 0000000000000000
[  224.170056][T13347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  224.173700][T13347] R13: 00007f7de7a16128 R14: 00007f7de7a16090 R15: 00007ffe6754a318
[  224.177363][T13347]  </TASK>
[  224.178671][T13347] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  224.181287][T13347] CPU: 0 UID: 0 PID: 13347 Comm: syz.0.2158 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  224.186041][T13347] Tainted: [L]=SOFTLOCKUP
[  224.188266][T13347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  224.192008][T13347] Call Trace:
[  224.193477][T13347]  <TASK>
[  224.194841][T13347]  dump_stack_lvl+0x100/0x190
[  224.196991][T13347]  vpanic+0x552/0x970
[  224.198437][T13347]  ? __pfx_vpanic+0x10/0x10
[  224.199968][T13347]  panic+0xd1/0xe0
[  224.201694][T13347]  ? __pfx_panic+0x10/0x10
[  224.203922][T13347]  ? check_panic_on_warn+0x1f/0x90
[  224.205942][T13347]  check_panic_on_warn.cold+0x19/0x34
[  224.208082][T13347]  ? refcount_warn_saturate+0xf4/0x130
[  224.210444][T13347]  __warn.cold+0x191/0x328
[  224.212407][T13347]  __report_bug+0x296/0x3d0
[  224.214484][T13347]  ? refcount_warn_saturate+0xf4/0x130
[  224.217026][T13347]  ? __pfx___report_bug+0x10/0x10
[  224.219293][T13347]  ? refcount_warn_saturate+0xed/0x130
[  224.221333][T13347]  ? refcount_warn_saturate+0x5b/0x130
[  224.223458][T13347]  report_bug_entry+0xe1/0x290
[  224.225576][T13347]  ? refcount_warn_saturate+0xf4/0x130
[  224.227726][T13347]  handle_bug+0x1cd/0x2a0
[  224.229144][T13347]  exc_invalid_op+0x17/0x50
[  224.231018][T13347]  asm_exc_invalid_op+0x1a/0x20
[  224.233063][T13347] RIP: 0010:refcount_warn_saturate+0xf4/0x130
[  224.235635][T13347] Code: cc e8 b0 3a 0f fd 48 8d 3d 49 e7 e8 0b 67 48 0f b9 3a e8 9f 3a 0f fd 5b 5d e9 d8 66 94 06 e8 93 3a 0f fd 48 8d 3d 3c e7 e8 0b <67> 48 0f b9 3a e8 82 3a 0f fd 5b 5d c3 cc cc cc cc e8 76 3a 0f fd
[  224.243542][T13347] RSP: 0018:ffffc90005aef120 EFLAGS: 00010293
[  224.246152][T13347] RAX: 0000000000000000 RBX: ffff88802f52f780 RCX: ffffffff84f963bb
[  224.249453][T13347] RDX: ffff88805a3b2500 RSI: ffffffff84f9644d RDI: ffffffff90e24b90
[  224.252799][T13347] RBP: 0000000000000003 R08: 0000000000000005 R09: 0000000000000004
[  224.256320][T13347] R10: 0000000000000003 R11: 0000000000000000 R12: ffff88802f52f780
[  224.259720][T13347] R13: ffffffff8a055e40 R14: 0000000000000000 R15: 0000000000000018
[  224.263123][T13347]  ? __pfx_udp_destroy_sock+0x10/0x10
[  224.265566][T13347]  ? refcount_warn_saturate+0x5b/0x130
[  224.267779][T13347]  ? refcount_warn_saturate+0xed/0x130
[  224.269489][T13347]  sk_common_release+0x260/0x370
[  224.271501][T13347]  inet_release+0xed/0x200
[  224.273309][T13347]  sock_release+0x91/0x1c0
[  224.275119][T13347]  ? __pfx_rxe_ns_pernet_set_sk4+0x10/0x10
[  224.277611][T13347]  rxe_sock_put+0xae/0x130
[  224.279520][T13347]  ? __pfx_rxe_dellink+0x10/0x10
[  224.281698][T13347]  rxe_net_del+0x83/0x120
[  224.283632][T13347]  rxe_dellink+0x15/0x20
[  224.285625][T13347]  nldev_dellink+0x289/0x3c0
[  224.287739][T13347]  ? __pfx_nldev_dellink+0x10/0x10
[  224.290037][T13347]  ? rcu_is_watching+0x12/0xc0
[  224.292121][T13347]  ? cap_capable+0x10b/0x440
[  224.294126][T13347]  ? bpf_lsm_capable+0x9/0x10
[  224.296294][T13347]  ? security_capable+0x80/0x260
[  224.298165][T13347]  ? ns_capable+0xd2/0xf0
[  224.300020][T13347]  ? __pfx_nldev_dellink+0x10/0x10
[  224.302282][T13347]  rdma_nl_rcv_msg+0x392/0x6f0
[  224.304169][T13347]  ? __pfx_rdma_nl_rcv_msg+0x10/0x10
[  224.306214][T13347]  ? __lock_acquire+0x4a5/0x2630
[  224.308404][T13347]  rdma_nl_rcv_skb.constprop.0.isra.0+0x2cb/0x410
[  224.311256][T13347]  ? __pfx_rdma_nl_rcv_skb.constprop.0.isra.0+0x10/0x10
[  224.314120][T13347]  ? netlink_deliver_tap+0x1ae/0xcc0
[  224.316392][T13347]  netlink_unicast+0x585/0x850
[  224.318488][T13347]  ? __pfx_netlink_unicast+0x10/0x10
[  224.320730][T13347]  netlink_sendmsg+0x8b0/0xda0
[  224.322798][T13347]  ? __pfx_netlink_sendmsg+0x10/0x10
[  224.325038][T13347]  ? __might_fault+0x30/0x140
[  224.327093][T13347]  ____sys_sendmsg+0x9e1/0xb70
[  224.329245][T13347]  ? __pfx_netlink_sendmsg+0x10/0x10
[  224.331562][T13347]  ? __pfx_____sys_sendmsg+0x10/0x10
[  224.333970][T13347]  ? folio_add_new_anon_rmap+0x44e/0x1690
[  224.336522][T13347]  ? rcu_read_unlock+0x2d/0xb0
[  224.338588][T13347]  ? rcu_read_unlock+0x2d/0xb0
[  224.340638][T13347]  ___sys_sendmsg+0x190/0x1e0
[  224.342708][T13347]  ? __pfx____sys_sendmsg+0x10/0x10
[  224.345197][T13347]  __sys_sendmsg+0x170/0x220
[  224.347005][T13347]  ? __pfx___sys_sendmsg+0x10/0x10
[  224.349150][T13347]  ? _raw_spin_unlock_irq+0x2e/0x50
[  224.351456][T13347]  ? rcu_is_watching+0x12/0xc0
[  224.353506][T13347]  do_syscall_64+0x10b/0xf80
[  224.355537][T13347]  ? clear_bhb_loop+0x40/0x90
[  224.357540][T13347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  224.360090][T13347] RIP: 0033:0x7f7de779ce59
[  224.362020][T13347] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  224.370506][T13347] RSP: 002b:00007f7de86fc028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  224.374024][T13347] RAX: ffffffffffffffda RBX: 00007f7de7a16090 RCX: 00007f7de779ce59
[  224.377426][T13347] RDX: 0000000000000004 RSI: 0000200000004680 RDI: 0000000000000006
[  224.380768][T13347] RBP: 00007f7de7832d6f R08: 0000000000000000 R09: 0000000000000000
[  224.384207][T13347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  224.387725][T13347] R13: 00007f7de7a16128 R14: 00007f7de7a16090 R15: 00007ffe6754a318
[  224.391149][T13347]  </TASK>
[  224.393460][T13347] Kernel Offset: disabled
[  224.395426][T13347] Rebooting in 86400 seconds..