last executing test programs:

1m48.182555526s ago: executing program 1 (id=1796):
syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2) (async)
r0 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2)
syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2) (async)
syz_open_dev$vbi(&(0x7f0000000000), 0x2, 0x2)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r1}})
ioctl$FE_GET_PROPERTY(r0, 0x80106f53, &(0x7f0000000000)={0x22, &(0x7f0000000140)=[{0x15, '\x00', @data=0x3, 0x9}]})
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c41, 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x8000}})
openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$FUSE_DEV_IOC_CLONE(r3, 0x8004e500, &(0x7f0000000140)=r2)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r6)
ptrace$cont(0x20, r6, 0x1000000ffffffff, 0x0) (async)
ptrace$cont(0x20, r6, 0x1000000ffffffff, 0x0)
ptrace(0x9, r6)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000001c0)={'wpan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f00000001c0)={'wpan0\x00', <r7=>0x0})
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), r5)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000540)=ANY=[@ANYBLOB="e0000000", @ANYRES16=r8, @ANYBLOB="3f9d08000000fddbdf271700000008000300", @ANYRES32=r7, @ANYBLOB="c40030801400040000080000000000000000000000000000a40001800c0005000000000000000000080001000000000008000400070000003400038006000100ffff0000060001000100000026000300a0aa00000c0004000200aaaaaaaaaaaa0c0004000201aaaaaaaaaaaa48000380080002000380000006000100010000000600010002000000060001000300000006000100ffff000006000300a0aa000104000000000000000000000008000200010010000500020001000000050002"], 0xe0}, 0x1, 0x0, 0x0, 0x24000000}, 0x2004c0c4)

1m48.055050362s ago: executing program 1 (id=1799):
r0 = syz_open_dev$sg(&(0x7f0000001940), 0x8000000000000001, 0x315343)
ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x900, 0x0, 0xffffff95})

1m47.964784937s ago: executing program 1 (id=1801):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}}, 0x24}}, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(0xffffffffffffffff, 0x0, 0x8010)
sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000700)=@newtfilter={0x48, 0x2c, 0xd3f, 0x70b524, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, {0xfff3, 0xffe0}, {}, {0x7, 0xfff2}}, [@filter_kind_options=@f_flow={{0x9}, {0x18, 0x2, [@TCA_FLOW_KEYS={0x8, 0x1, 0x18d0b}, @TCA_FLOW_POLICE={0x4}, @TCA_FLOW_MODE={0x8, 0x2, 0x1}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x24008848}, 0xc884)

1m47.754863463s ago: executing program 1 (id=1809):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x800000, &(0x7f0000000c00)=ANY=[@ANYBLOB="56c78e3c733d76697274696f2c6e6f657874656e642c6163638173733d616e792c63616368653d667363616368652c76657273696f6e3d3970323030302e75"])
mkdir(&(0x7f0000000040)='./file1\x00', 0x7)
mkdir(&(0x7f0000000000)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x80, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
chdir(&(0x7f0000000440)='./bus\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x63)
setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000a80)=@raw={'raw\x00', 0x8, 0x3, 0x4d8, 0x340, 0x11, 0x148, 0x340, 0x0, 0x440, 0x2a8, 0x2a8, 0x440, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x2f8, 0x340, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x3f, 0x0, 0x20000000, 0x3, 0x7}}}, @common=@unspec=@bpf1={{0x230}, @pinned={0x1, 0x0, 0x0, './file0\x00'}}]}, @unspec=@CT0={0x48}}, {{@ip={@multicast2, @empty, 0x0, 0x0, 'vlan0\x00', 'netdevsim0\x00'}, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@unspec=@quota={{0x38}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x538)
ioctl$SIOCSIFHWADDR(r1, 0x8924, &(0x7f0000000100)={'vlan0\x00', @local})

1m47.644953268s ago: executing program 1 (id=1810):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101)
mount$fuse(0x0, 0x0, 0x0, 0x2b38094, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet6(0xa, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000002180)='blkio.bfq.io_merged\x00', 0x275a, 0x0)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$nl_audit(0x10, 0x3, 0x9)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000340), 0x2, 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
ppoll(&(0x7f0000000300)=[{r1, 0x4236}], 0x1, 0x0, 0x0, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={<r2=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000300), 0x2, 0x4}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0xfffb, 0x5, @empty, 0xa098}, {0xa, 0x4ea5, 0x9, @mcast1, 0x8}, r2, 0x8001}}, 0x48)
writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100), 0x86}], 0x2)
chdir(&(0x7f0000000080)='./file1\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x42, 0x0)
r4 = shmget(0x2, 0x3000, 0x1200, &(0x7f0000ffa000/0x3000)=nil)
shmat(r4, &(0x7f0000ffa000/0x1000)=nil, 0x4000)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000840)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
r5 = open(&(0x7f0000000000)='.\x00', 0x0, 0x12d)
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000780)='nfsd\x00', 0x0, 0x0)
ioctl$AUTOFS_IOC_PROTOSUBVER(r5, 0x40049366, 0x0)

1m47.1843734s ago: executing program 1 (id=1818):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000000)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100fdffffff000000001d00000044002f8008000100ff0000002c00038008000100000000002000038008000200030000000c0004000203aaaaaaaaaaaa06000100010003000c0002000200aaaaaaaaaaaa08000300", @ANYRES32=r2], 0x68}, 0x1, 0x0, 0x0, 0x4000040}, 0x4000000)

1m32.198010513s ago: executing program 32 (id=1818):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f00000003c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000000)={'wpan0\x00', <r2=>0x0})
sendmsg$NL802154_CMD_NEW_SEC_DEVKEY(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100fdffffff000000001d00000044002f8008000100ff0000002c00038008000100000000002000038008000200030000000c0004000203aaaaaaaaaaaa06000100010003000c0002000200aaaaaaaaaaaa08000300", @ANYRES32=r2], 0x68}, 0x1, 0x0, 0x0, 0x4000040}, 0x4000000)

1.894472841s ago: executing program 3 (id=3538):
r0 = fanotify_init(0x1a, 0x800) (async)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0xa8)
fanotify_mark(r0, 0x441, 0x4800001a, r1, 0x0) (async)
r2 = syz_open_dev$loop(&(0x7f0000000240), 0x7, 0x0)
ioctl$LOOP_SET_BLOCK_SIZE(r2, 0x4c09, 0x400) (async, rerun: 64)
fanotify_mark(r0, 0x1, 0x20, r1, 0x0) (rerun: 64)
openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)

1.782843006s ago: executing program 3 (id=3543):
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r0, &(0x7f0000000180)={0x24, @short={0x2, 0x3}}, 0x14) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc08000309000000000000004000000e45400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c00018006000100d103000014000000110001"], 0xb4}, 0x1, 0x0, 0x0, 0x40088c0}, 0x40)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x40, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\r\x00'}]}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000) (async)
fcntl$lock(r2, 0x0, &(0x7f0000000000)={0x1, 0x0, 0x4, 0x800005fffffffff9}) (async)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b) (async, rerun: 64)
mmap(&(0x7f0000154000/0x3000)=nil, 0x3000, 0x2000003, 0x40010, r3, 0x26de7000) (async, rerun: 64)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0xbf4e7ac870a5501b, 0x0, 0xdddd1000, 0x2000, &(0x7f0000000000/0x2000)=nil}) (async)
r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r3, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
preadv(r6, &(0x7f0000000180)=[{0x0}, {0x0}], 0x2, 0xffff, 0xa) (async)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) (async)
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) (async, rerun: 32)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000003940)=ANY=[@ANYBLOB="210000000000000000000000000010000004"], 0x48) (async, rerun: 32)
r8 = openat$nvram(0xffffffffffffff9c, 0x0, 0x88002, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3000001, 0x11, r7, 0x0)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r9, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x6040850}, 0x20000040) (async)
ioctl$KVM_RUN(r6, 0xae80, 0x0) (async)
write$binfmt_elf32(r8, &(0x7f0000000440)={{0x7f, 0x45, 0x4c, 0x46, 0x7, 0x2, 0x9d, 0x6, 0xd13, 0x2, 0x3, 0x2, 0x128, 0x38, 0x648, 0x6, 0x6, 0x20, 0x1, 0x8000, 0xb800, 0xe000}, [{0x3, 0x1, 0x200, 0x5, 0x32c0, 0xfffffff9, 0xfffffc00, 0x3}], "f9611bff60357c224cecf636161afcc172cd835ee947d70ebbd39df17e64ca5f279bef7ea4877a34329cb6558084a9bb86f8b3ce0fee63045a87f0b1fbcc38d1b1", ['\x00', '\x00', '\x00', '\x00']}, 0x499)

1.512833961s ago: executing program 0 (id=3550):
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x80}, 0x10)
syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0)
mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file2\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000000c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
chdir(&(0x7f0000000140)='./file0\x00')
r1 = ioctl$KVM_GET_STATS_FD_cpu(0xffffffffffffffff, 0xaece)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000180)=<r3=>0x0)
sendmsg$nl_generic(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)={0x210, 0x36, 0x2, 0x70bd29, 0x4, {0x1a}, [@typed={0x8, 0x11d, 0x0, 0x0, @pid=r2}, @generic="99187561f9239a7738eb555feca802aaf4f2f79b0ed738644b6bbe26a7d0bc1ad0fca7d27633e7c0d57a00f2cc2eb15b8654e020c45b75847f8edc8469d92af115a62394b22d4c1821728ae01e4550", @nested={0x66, 0x80, 0x0, 0x1, [@typed={0x8, 0x24, 0x0, 0x0, @uid=r3}, @generic="28e33050f8e49a059c150fdc67373d05056d8b9a97ff40b254746fa8183b254f002bda1c24770944cec13f4873e3520a0d5b9a4cb62425793a52cf9787d0eadec7d9a9a5545f0d43a061dcad0a37", @typed={0xc, 0x15a, 0x0, 0x0, @u64=0x100}]}, @generic="af57b676a528f50847b256196dbecc56413e285ffd034b9e01e83d69a2b56e276d844a1a2749c11e137f354e29da6d579aa0e28db70e35169aab70eba639296fda882ebd5e47a75d0ff713ed339f6162f1ca15ac52206ea2952e088a6a5c7728e09f25ba422fa557cd068d93", @typed={0x8, 0x124, 0x0, 0x0, @u32=0x7}, @typed={0xc, 0x9a, 0x0, 0x0, @str='lowerdir'}, @generic="e96d24013b0a7711443405b1aa4d415b3a1006fc3aef8aae0290dc9a0a0302f63524ff85d706dc237e729bdfc0cead75d44e83b5f044a6dece628c503f8d9948d4a3627923fff70a6381739ff0d295ab29d7cffb102c9b0409d5d9ffb2942be49123f8fcf88c471150f9a1ad06bbcc70c26092cf54d21434ccde1e114495cd6045cd504e325b333fbb84a8da671d3a3599dd11952b75d419d8fecda2751a2d7aeb18660cff34c11db7c0b29de0da985f133aaecf0bc0f6db2b10"]}, 0x210}, 0x1, 0x0, 0x0, 0x81}, 0x40000)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x275a, 0x0)
setreuid(0xffffffffffffffff, 0xee00)
ioctl$FS_IOC_RESVSP(r4, 0xc0189436, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x5f, 0x3})
sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x80000000, 0x25dfdbfb, {0xa, 0x80, 0x80, 0xfd}, [@RTA_SRC={0x8, 0x2, @rand_addr=0x640100fd}]}, 0x24}, 0x1, 0x0, 0x0, 0x5d2c7973c7bf8b01}, 0x20000050)

1.512509963s ago: executing program 0 (id=3551):
syz_emit_vhci(&(0x7f0000000100)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x0, 0x0, 0x804}}}, 0x7) (async)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async)
r1 = socket$kcm(0x2, 0xa, 0x2)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x670, 0x2e0, 0xd0, 0x2e0, 0xd0, 0xd0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x5a0, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x0, 0x5}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00', {}, {}, 0x11}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0x100, 0x128, 0x0, {}, [@common=@unspec=@connmark={{0x30}}, @common=@inet=@socket1={{0x28}}]}, @common=@unspec=@MARK={0x28}}, {{@uncond, 0x0, 0x120, 0x148, 0x0, {}, [@common=@frag={{0x30}}, @common=@hbh={{0x48}}]}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0x138, 0x178, 0x0, {}, [@common=@dst={{0x48}}, @common=@dst={{0x48}}]}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x6d0) (async)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x4, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, [@alu={0x4, 0x0, 0x9, 0xa}]}, &(0x7f00000003c0)='syzkaller\x00'}, 0x94)
write$tun(r0, &(0x7f0000000240)={@val={0x8, 0x800}, @val={0x3, 0x0, 0x3, 0x0, 0x14}, @ipv4=@generic={{0x6, 0x4, 0x1, 0x2b, 0x66, 0x68, 0x0, 0x60, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, {[@timestamp={0x44, 0x4, 0xf0, 0x0, 0x1}]}}, "11f3305280f125e6e11a9314b296b53b5d25867c0a8c27b6478984da4eb57d56be4ee0efb45c215a64d718cb6f639e60026f3fcd218590d2fd47a1803f67d8c3c5ebe25ed9991203e04d3bdc1e70"}}, 0x74)

1.454376472s ago: executing program 3 (id=3552):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x44000, 0x0)
ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r0, 0x3b70, &(0x7f0000000040)={0x90, 0x0, 0x0, 0x0, {}, {{}, 0x0, 0x0, [{}, {}, {}, {}, {}, {}]}})
ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r0, 0x3b87, &(0x7f0000000100)={0x18, 0x0, 0x0, 0x0, 0x0, 0x2}) (async)
r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r1, 0xc0189374, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r2=>r0, {0xb}}, './file0\x00'}) (async)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000001c0), 0x200, 0x0) (async)
r4 = socket$nl_route(0x10, 0x3, 0x0) (async)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000240), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r2, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x20, r5, 0x800, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2c}}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000040}, 0x200040e0) (async)
ioctl$sock_inet_tcp_SIOCOUTQNSD(r1, 0x894b, &(0x7f0000000340))
ioctl$IOMMU_VFIO_GET_API_VERSION(r3, 0x3b64)
ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r2, 0x3b72, &(0x7f0000000380)={0x31, 0x2, 0xa, 0xfff, "06d4cfe284c081f00b641b2f4ee3192d842ec8b7be6db05c09"}) (async)
mkdirat(r2, &(0x7f00000003c0)='./file0\x00', 0xc0) (async)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r2)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000480)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f00000005c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000580)={&(0x7f00000004c0)={0xac, r6, 0x400, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r7}, @val={0xc, 0x99, {0x7fff, 0x57}}}}, [@NL80211_ATTR_SCAN_FREQUENCIES={0x34, 0x2c, 0x0, 0x1, [{0x8, 0x0, 0x7}, {0x8, 0x0, 0x2800}, {0x8, 0x0, 0x5}, {0x8, 0x0, 0x3}, {0x8, 0x0, 0x85}, {0x8, 0x0, 0x5}]}, @NL80211_ATTR_IE={0x2d, 0x2a, [@mesh_config={0x71, 0x7, {0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x9, 0x40}}, @rann={0x7e, 0x15, {{0x1, 0x7a}, 0x4, 0x2, @device_a, 0xfffffff1, 0xfffffdcb, 0x4}}, @mesh_config={0x71, 0x7, {0x1, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x6}}]}, @NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST={0x6, 0xf7, {0x0, 0x38}}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x3}, @NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}]}, 0xac}, 0x1, 0x0, 0x0, 0x20040081}, 0x1)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r1, 0x10e, 0x1, &(0x7f0000000600)=0x16, 0x4) (async)
r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000680), r1)
sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x38, r8, 0x300, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x6}]}, 0x38}, 0x1, 0x0, 0x0, 0x400c0d0}, 0x4000)
r9 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000780), 0x20040, 0x0)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r9, 0x6, 0x16, &(0x7f00000007c0)=[@timestamp, @mss={0x2, 0x5}, @timestamp, @sack_perm, @timestamp, @mss={0x2, 0xffffffff}, @window={0x3, 0x8c, 0x5}, @timestamp, @mss={0x2, 0x8001}], 0x9) (async)
r10 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r10, 0x8946, &(0x7f0000000880)={'netpci0\x00', &(0x7f0000000840)=@ethtool_test={0x1a, 0x1, 0x3, 0x4, [0x7, 0xe27, 0x2, 0x8b34]}}) (async)
r11 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000900), r2)
sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x34, r11, 0x10, 0x70bd27, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x3}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x80000001}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x8000}]}, 0x34}, 0x1, 0x0, 0x0, 0x91}, 0xc880)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000ac0)={'ip6_vti0\x00', &(0x7f0000000a40)={'syztnl2\x00', <r12=>0x0, 0x4, 0x3, 0x3, 0x6, 0x28, @private2, @private2, 0x20, 0x8000, 0xfff, 0x9}})
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r9, 0x89f3, &(0x7f0000000b80)={'ip_vti0\x00', &(0x7f0000000b00)={'gre0\x00', <r13=>0x0, 0x8000, 0x0, 0x1, 0xffffffc1, {{0xb, 0x4, 0x1, 0x26, 0x2c, 0x67, 0x0, 0x6, 0x29, 0x0, @private=0xa010100, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@generic={0x86, 0x6, "fa7d5fe1"}, @noop, @timestamp={0x44, 0xc, 0x1b, 0x0, 0x2, [0x8, 0x400]}, @noop, @noop]}}}}}) (async)
getsockopt$inet_pktinfo(r2, 0x0, 0x8, &(0x7f0000000bc0)={<r14=>0x0, @dev}, &(0x7f0000000c00)=0xc)
sendmsg$ETHTOOL_MSG_DEBUG_GET(r9, &(0x7f0000000d80)={&(0x7f0000000a00)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000d40)={&(0x7f0000000c40)={0xf8, 0x0, 0x4, 0x70bd26, 0x25dfdbff, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6gre0\x00'}]}, @HEADER={0x84, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bridge\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'tunl0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}]}, @HEADER={0x4}, @HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4000084}, 0x800) (async)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000e40)={'ip6gre0\x00', &(0x7f0000000dc0)={'ip6gre0\x00', r12, 0x4, 0x3, 0x91, 0xd2, 0x0, @mcast1, @loopback, 0x7800, 0x20, 0x3, 0x5}})

1.394651457s ago: executing program 3 (id=3553):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000000), 0x208e24b)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4543(gcm(aes))\x00'}, 0x58) (async)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000009c0)="ad56b6c5820fae9d6dcd3292ea54c7be8bbdadbb1632ea5704cae881ef915d374c90c200", 0x24) (async)
r4 = accept4(r3, 0x0, 0x0, 0x800)
sendmmsg$alg(r4, &(0x7f0000000c00)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x18, 0x117, 0x4, 0x10}], 0x18, 0x40040}], 0x1, 0x8040) (async)
syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r4) (async)
ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) (async, rerun: 32)
ioctl$TUNSETVNETBE(r2, 0x400454de, &(0x7f0000000040)) (rerun: 32)
connect$inet6(r1, &(0x7f0000000100)={0xa, 0x0, 0x200000, @mcast2={0xff, 0x3}}, 0x1c) (async)
r5 = openat$hpet(0xffffffffffffff9c, &(0x7f0000001040), 0x80, 0x0)
read$FUSE(r5, 0x0, 0x0) (async)
r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) (async)
write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000240)={<r7=>0xffffffffffffffff}, 0x106, 0xa}}, 0x20)
write$RDMA_USER_CM_CMD_BIND_IP(r6, &(0x7f0000000300)={0x2, 0x28, 0xfa00, {0x0, {0xa, 0x4e20, 0x5, @private1={0xfc, 0x1, '\x00', 0x4}, 0x3}, r7}}, 0x30) (async)
setsockopt$inet6_IPV6_HOPOPTS(r1, 0x29, 0x36, &(0x7f0000000000)=ANY=[], 0x8) (async)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
sendto$inet6(r1, &(0x7f0000000140)="8369b66f", 0x20, 0x0, 0x0, 0x0) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7000009, 0x28011, r0, 0x0) (async)
r8 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r8, 0xc018aa3f, &(0x7f00000002c0)={0xaa, 0x100}) (async, rerun: 32)
madvise(&(0x7f0000a97000/0x2000)=nil, 0x2000, 0x1) (async, rerun: 32)
ioctl$UFFDIO_REGISTER(r8, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x400000)=nil, 0x400000}, 0x1}) (async)
mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil)

1.287091412s ago: executing program 3 (id=3555):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bond_slave_1\x00', <r1=>0x0})
fcntl$setpipe(r0, 0x407, 0xfff) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000500)={0x30, r3, 0x5, 0x70bd25, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0xa}]}, 0x30}}, 0x0) (async)
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=ANY=[@ANYBLOB="440000001000ffff25bd7000fddbdf2500000000", @ANYRES32=0x0, @ANYBLOB="350e0500230000002400128009000100626f6e64000000001400028008000200", @ANYRES32=r1, @ANYBLOB="0500010005"], 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x4008000)

1.184177411s ago: executing program 4 (id=3557):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x1c, 0x25, 0x301, 0x270bd24, 0x25dfdbff, {0x1}, [@typed={0x5, 0x12b, 0x0, 0x0, @str='\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4008}, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x2000004)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000000)=[{0x6, 0x3, 0x1, 0x7fff0006}]})
r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000240), 0xa2003, 0x0)
ioctl$DMA_HEAP_IOCTL_ALLOC(r2, 0xc0184800, &(0x7f0000000100)={0x20004, <r3=>r1, 0x2})
r4 = epoll_create1(0x80000)
epoll_pwait2(r4, &(0x7f0000000040)=[{}], 0x1, &(0x7f00000000c0), 0x0, 0x0)
r5 = syz_open_dev$dri(&(0x7f0000000280), 0x1ff, 0x140)
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f00000000c0)={<r6=>0x0, 0x0, r3})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000180)={r6})
r7 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r7, 0x89e2, &(0x7f0000000140)={<r8=>r7})
bind$alg(r8, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'rfc7539esp(xchacha12-simd,blake2s-128-generic)\x00'}, 0x58)

1.184062063s ago: executing program 4 (id=3558):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@metacopy_off}, {@verity_off}, {@uuid_null}, {@userxattr}, {@uuid_off}, {@redirect_dir_on}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./bus\x00', 0x400001, 0x63)
renameat2(r0, &(0x7f0000000040)='./bus/file0\x00', 0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x4)

1.114350474s ago: executing program 4 (id=3559):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x4000811}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000180)={'gretap0\x00', &(0x7f0000000080)={'syztnl2\x00', <r1=>0x0, 0x80, 0x0, 0x2, 0x6, {{0x14, 0x4, 0x1, 0x11, 0x50, 0x68, 0x0, 0x49, 0x4, 0x0, @empty, @remote, {[@lsrr={0x83, 0x13, 0x3a, [@multicast2, @multicast2, @dev={0xac, 0x14, 0x14, 0x38}, @remote]}, @ra={0x94, 0x4, 0x1}, @ssrr={0x89, 0x1b, 0x24, [@multicast2, @multicast1, @local, @private=0xa010101, @loopback, @rand_addr=0x64010100]}, @generic={0x89, 0x8, "329fd587cc0f"}]}}}}})
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=@newqdisc={0x64, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r4, {}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x34, 0x2, {{0x6, 0x2, 0x10000, 0x2, 0xffffffff}, [@TCA_NETEM_CORRUPT={0xc, 0x4, {0xfffffffd, 0x1}}, @TCA_NETEM_REORDER={0xc, 0x3, {0xe, 0x4}}]}}}]}, 0x64}, 0x1, 0x0, 0x0, 0x880}, 0x20000000)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newqdisc={0x34, 0x24, 0x400, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, r4, {0xf, 0xffff}, {0xfff2, 0x7}, {0xffff, 0xfff1}}, [@TCA_RATE={0x6, 0x5, {0xfa, 0xfa}}, @TCA_RATE={0x6, 0x5, {0x5, 0xf1}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000044}, 0x20000011)
r5 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00')
read$qrtrtun(r5, &(0x7f00000004c0)=""/57, 0x39)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000200)={r5, r1, 0x25, 0x9, @void}, 0x10)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

1.114184201s ago: executing program 3 (id=3560):
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="0200000004000000060000000500000000000000", @ANYRES32, @ANYBLOB="000000000000000000000000000000000000000058fa867addad30d2175b3665b9cc3e1aa76566bd88594d5ea669a81531663e6062679d7236904b3e0713a5cbdfc7b2cc8a3859420d23f02bd6a410b08e97dd74581c872dfa19b9acbfd897e42be0473b4729c5e955202fc8d3cca3b5daa3439f9b31c336ab86ab95ba4e35812babc23df54797f68d356cdae50b4731c97f87baffd09b61481415504e3f0796cba5a2574c1342ee2452615797f1c85416f2420b9b8d6ab91fbabbbcfb830bdc00b841bbdf6093e7fec0fbcabb655ee089a0da9159a473b42c38b08ffa02c4f3387a08098871cc9aadd4988fc4415aeff213be684929e9a5fc9563ce4b3560333837c0f807709ffb8700000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48)
r2 = syz_usb_connect(0x0, 0x3d, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000bdce4208110f80106afc0000000109022b00010000000009043700022ee5cd0009058010ff037f790209050e0320000980070705ab0b78"], 0x0)
r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r2)
writev(r3, &(0x7f0000000180)=[{&(0x7f00000003c0)="8c", 0x1}], 0x1)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x5, r1, 0x4}, 0x38)
sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000200)="d80000001400810d4e81f782db44b9040a11080211000000040000a118000280fec9201114000e1208000f0100810401a80016ea1f000640c9201114c92011148ed08734843cb12b00000803600cfab9c14dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5ee4001b146bffa07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd68adb", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x40804)

1.11404592s ago: executing program 4 (id=3561):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$kcm(0x11, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000240)={'hsr0\x00', <r3=>0x0})
sendmsg$kcm(r2, &(0x7f00000000c0)={&(0x7f0000000380)=@xdp={0x2c, 0x8, r3, 0x1c}, 0x80, &(0x7f0000000080)}, 0x4)
set_mempolicy(0x6, &(0x7f00000003c0)=0x8000000000000001, 0xe0)
r4 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/5, 0x214000, 0x1000, 0x0, 0x2}, 0x20)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@my=0x1})
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000000)={{@my=0x1, 0xffffffff}, @any, 0x0, 0x0, 0x8000000, 0x0, 0x6})

1.070123534s ago: executing program 4 (id=3562):
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'ip6gre0\x00', &(0x7f00000001c0)={'syztnl0\x00', 0x0, 0x4, 0x3, 0x3, 0x557, 0x63, @private2={0xfc, 0x2, '\x00', 0x1}, @local, 0x20, 0x7800, 0x8, 0x9}})
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x0, 0xfffffff9, 0x7fff, 0x16, "0062007d82000000000000002240f7ffffff00"})
r1 = syz_open_pts(r0, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000080), 0x802, 0x6b929545a606890f)
prlimit64(0x0, 0xe, 0x0, 0x0)
r2 = gettid()
timer_create(0x8, &(0x7f0000533fa0)={0x0, 0x21, 0x4, @tid=r2}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e22, 0x1}, 0x1c)
ioctl$int_in(r3, 0x5452, &(0x7f0000000000)=0x5)
pipe(&(0x7f0000000100)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
splice(r3, 0x0, r4, 0x0, 0xaf4, 0x0)
socket(0x28, 0x5, 0x0)
r5 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r5, 0x5412, &(0x7f0000000000)=0x17)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$netlink(r6, &(0x7f0000000000)={0x10, 0x0, 0x0, 0x80065c9}, 0xc)
r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000001180)={0x1, &(0x7f00000011c0)=[{0x6, 0x0, 0x0, 0x4}]})
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
close_range(r7, 0xffffffffffffffff, 0x0)
r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/ip_tables_names\x00')
read$FUSE(r8, &(0x7f0000003480)={0x2020}, 0x2020)

624.25607ms ago: executing program 2 (id=3566):
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
r0 = syz_open_dev$usbfs(&(0x7f0000000000), 0x70, 0x103301)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xd, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="660a00000000000061114c000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x6b00}, 0x80)
sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x200280d0}, 0x40)
syz_emit_ethernet(0x83, &(0x7f00000008c0)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd60ecff80004d1101fc000000000000000000000000000000ff02000000000000000000000000000100004e22004d9078f7"], 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000480)='net/fib_triestat\x00')
pread64(r2, &(0x7f000004b680)=""/102363, 0x18fdb, 0x2)
ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000040)=@usbdevfs_driver={0x0, 0x409dba32, &(0x7f0000000080)})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=@newtaction={0x90, 0x30, 0x871a15abc695fa3d, 0xfffffffc, 0x0, {}, [{0x7c, 0x1, [@m_ctinfo={0x48, 0x1, 0x0, 0x0, {{0xb}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CTINFO_ACT={0x18}]}, {0x4}, {0xc}, {0xc, 0x8, {0x3}}}}, @m_mirred={0x30, 0x2, 0x0, 0x0, {{0xb}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x90}}, 0x0)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(r3, &(0x7f0000000440)={0xa, 0x0, 0x1fffe, @loopback, 0x4}, 0x1c)
getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f00000001c0)={{{@in6=@initdev, @in6=@private1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}}, {{@in=@multicast2}, 0x0, @in=@remote}}, &(0x7f0000000140)=0xe8)
socket$packet(0x11, 0x2, 0x300)
r5 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, <r6=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000580)=0x14)
sendmsg$nl_route(r5, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="540000001000370401000000ffdbdf2500000000", @ANYRES32=r6, @ANYBLOB="890c04000000000005001000050000002c0012800b00010067726574617000001c00028005001700000000000800040003000000060003009c"], 0x54}, 0x1, 0x0, 0x0, 0x44801}, 0x0)
r7 = socket$inet(0x2, 0x2, 0x0)
sendmmsg$inet(r7, &(0x7f0000003380)=[{{&(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, &(0x7f0000001a40)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @empty, @rand_addr=0x64010102}}}], 0x20}}], 0x1, 0x4040880)
quotactl_fd$Q_SETQUOTA(r3, 0xffffffff80000802, r4, &(0x7f0000000340)={0x2, 0x4, 0x7ff, 0x5, 0x0, 0x1, 0x1, 0x0, 0x4})
setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[], 0x3c}}, 0x4000080)
setsockopt$inet6_tcp_TLS_TX(r3, 0x11a, 0x1, &(0x7f00000000c0)=@ccm_128={{0x304}, "25beb819521eb41d", "cae5e9937ba539347092dd17d39ed975", 'LP3F', "50f641306280c4e9"}, 0x28)
setsockopt$inet6_tcp_int(r3, 0x11a, 0x4, &(0x7f0000000040), 0x44)
r8 = socket$nl_sock_diag(0x10, 0x3, 0x4)
getpeername$netlink(r8, &(0x7f0000000400), &(0x7f0000000580)=0xc)
rename(&(0x7f0000000180)='./file0\x00', &(0x7f0000000440)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

544.572695ms ago: executing program 2 (id=3567):
r0 = socket$isdn_base(0x22, 0x3, 0x0)
setsockopt$sock_linger(r0, 0x1, 0xd, &(0x7f00000000c0)={0x0, 0xffffffdc}, 0x8)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r1 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000640), 0x8000, 0x0)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
add_key(&(0x7f0000000780)='rxrpc\x00', 0x0, &(0x7f0000000900)="0000000000000004ff6943b80000000800000028f2000000008607000000ebb01f63dd65dd530700a28f2cbf86f474fad8cb594ed9fabe9ec277bb8d", 0x3c, r2)
ioctl$CDROMREADAUDIO(r1, 0x5392, &(0x7f0000000000)={@lba=0xffff, 0x2, 0x0, 0x0})
socket$inet_mptcp(0x2, 0x1, 0x106)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_type(r3, &(0x7f0000000100), 0x2, 0x0)
r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r5, 0xffffffffffffffff, 0x3f00000000000000)
r6 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x2)
r8 = eventfd(0x5f0)
ioctl$KVM_SET_MEMORY_ATTRIBUTES(r7, 0x4020aed2, &(0x7f0000000100)={0x58000, 0x2000, 0x8})
ioctl$KVM_IOEVENTFD(r7, 0x40a0ae49, &(0x7f0000000080)={0x7ff, 0x0, 0x0, r8})
r9 = socket(0x11, 0x3, 0x0)
setsockopt$SO_BINDTODEVICE(r9, 0x1, 0x19, &(0x7f0000001040)='bond0\x00', 0x10)
setsockopt$SO_TIMESTAMPING(r9, 0x1, 0x25, &(0x7f0000000040)=0xd8be, 0x4)
r10 = openat$cgroup_type(r3, 0x0, 0x2, 0x0)
write$cgroup_type(r10, 0x0, 0x0)
write$cgroup_type(r4, &(0x7f00000009c0), 0x9)

544.27354ms ago: executing program 2 (id=3568):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0)
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r6, {0xffe0, 0xfff1}, {}, {0x8, 0xf}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x9, 0x400, 0x20000008, 0x6, 0x7}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0xfff5, 0x20000010}, 0x4040)

404.363743ms ago: executing program 2 (id=3569):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="3800000040000701feffffff00000000017c0000040042801c00018006000600050a0000100004002524298d275c232f262d2b00040002"], 0x38}, 0x1, 0x0, 0x0, 0x48815}, 0xc000)
r1 = syz_io_uring_setup(0x723d, &(0x7f0000000580)={0x0, 0xd235, 0x10101, 0x0, 0x28a}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f0000000380)=[{&(0x7f00000002c0)=""/172, 0xac}], 0x1)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB='<'], 0x38}}, 0x24040844)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FALLOCATE={0x11, 0x10, 0x0, @fd_index=0x8, 0xfff, 0x0, 0x6})
r5 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x20200, 0x8)
r6 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x304e, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r7=>0x0, &(0x7f0000000280)=<r8=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0)
syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x40, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8001}, 0x0, {0x0, r9}})
syz_io_uring_submit(r2, r3, &(0x7f0000000240)=@IORING_OP_STATX={0x15, 0x21, 0x0, r5, &(0x7f00000003c0), &(0x7f00000001c0)='./file0\x00', 0x2, 0x6000, 0x0, {0x0, r9}})
socket$nl_route(0x10, 0x3, 0x0)
io_uring_enter(r1, 0x2d3e, 0x2936, 0x0, 0x0, 0x0)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000002040)=ANY=[@ANYBLOB="5c0000000206010800000000000000000100000005000100070000000900020073797a30000000071400078008001240fffffffe080013400800ffff050004000000000010000300686173683a69702c6d616300050005000a"], 0x5c}}, 0x0)
r11 = syz_open_dev$dvb_frontend(&(0x7f0000000040), 0x2d5b, 0x294240)
ioctl$FE_READ_UNCORRECTED_BLOCKS(r11, 0x80046f49, &(0x7f0000000000))

403.86232ms ago: executing program 2 (id=3570):
r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x1, 0x480080)
ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f00000000c0)={0x0, 0x0, 0xffff3872, 0xe3, 0x7bcbab9a, 0x1})
mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file1\x00', 0x0) (async)
mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000280)='./file1\x00') (async)
r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCGPGRP(r1, 0x40086806, &(0x7f0000000100))
socket$nl_route(0x10, 0x3, 0x0) (async)
r2 = socket$l2tp6(0xa, 0x2, 0x73)
bind$l2tp6(r2, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) (async)
connect$l2tp6(r2, &(0x7f0000000f40)={0xa, 0x0, 0x0, @empty}, 0x20) (async, rerun: 32)
r3 = syz_open_dev$sg(&(0x7f00000001c0), 0x508d48d4, 0x40902) (rerun: 32)
ioctl$SCSI_IOCTL_SEND_COMMAND(r3, 0x1, &(0x7f0000000080)=ANY=[@ANYBLOB="0000000005000000a30c03b5"]) (async, rerun: 32)
r4 = openat$cgroup_ro(r1, &(0x7f0000000140)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) (rerun: 32)
quotactl_fd$Q_SETQUOTA(r4, 0xffffffff80000800, 0x0, &(0x7f0000000180)={0x400000000000, 0x4, 0x4c869, 0x2, 0x2, 0x80000001, 0x7, 0xe1, 0x820000e4}) (async)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)

214.588277ms ago: executing program 2 (id=3571):
socket$igmp(0x2, 0x3, 0x2) (async)
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f00000002c0)={0x1, 0x4, 0x10, 0x0, @vifc_lcl_addr=@multicast2, @remote}, 0x10)
r1 = socket$inet6(0xa, 0x80002, 0x88)
sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f00000001c0)={0x38, 0x9, 0x6, 0x401, 0x0, 0x0, {0x2, 0x0, 0xa}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0xef}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x6}, @IPSET_ATTR_DATA={0x4}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x8880}, 0x1)
bind$inet6(r1, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f00000000c0)=[{0x16, 0x4, 0x2, 0x3}]}, 0x10)
setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, 0x0, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000000002100000002ff02000000000000000000000000000104004e20004c13"], 0x0)
setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000280)={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, "614af285791a63abd0f993af8077b5cd01e03d64a831683fdc3fd440829c82ae"}, 0x3c) (async)
setsockopt$MRT_ADD_MFC_PROXY(r0, 0x0, 0xd2, &(0x7f0000000280)={@initdev={0xac, 0x1e, 0x0, 0x0}, @empty, 0x0, "614af285791a63abd0f993af8077b5cd01e03d64a831683fdc3fd440829c82ae"}, 0x3c)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000280)='net/ip_mr_cache\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x2) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', 0x2)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000040)={[{@xino_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r3 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
syz_usb_disconnect(r3) (async)
syz_usb_disconnect(r3)
syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0) (async)
syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb2361000000010902"], 0x0)
ioctl$EVIOCRMFF(r3, 0x40085503, 0x0)
preadv(r2, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/20, 0x14}], 0x1, 0x10000009, 0xffffffff)
ioctl$KVM_RUN(r2, 0xae80, 0x0) (async)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

214.374636ms ago: executing program 4 (id=3572):
syz_usbip_server_init(0x6)
socket$nl_generic(0x10, 0x3, 0x10)
syz_usbip_server_init(0x5)

53.872198ms ago: executing program 0 (id=3573):
arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x54}, [@ldst={0x6, 0x0, 0x3}], {0x95, 0x0, 0xc00}}, &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f2, 0x10, &(0x7f0000000000), 0xfffffe51}, 0x48)

53.69959ms ago: executing program 0 (id=3574):
r0 = fsopen(&(0x7f00000000c0)='hfs\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='uid', &(0x7f00000008c0)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80=\x8a\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\x1f\x03\x00\x00\x00\x00\x00\x00\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9ak\x00\x00\x00\x00\x00\x00\x00\n\xa72\xa3\xef^\xe7\x8f', 0x0)
r1 = syz_init_net_socket$ax25(0x3, 0x5, 0xc5)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000380), 0x0, 0x0, 0xffffffffffffffff)
add_key(&(0x7f0000000240)='dns_resolver\x00', &(0x7f0000000080)={'syz', 0x1}, &(0x7f0000000280)="dee7030022cf5c6c7bc31bd2599759fafa9e5e1dbac27b0426fc0299c41fb9b9761a1b44dac894f365ae68edf335abf35ec53d6751467ebd2c187491bcab2c8d34fec505fc8a14622dba33ff9b054eb7e8a5bc4ab2719cb230328931deb95ef3fcafb1ce27743a93f4715976edec860ab49c3a4f51ab0124b50c3362201a307df03000", 0x83, r2)
keyctl$search(0xa, r2, &(0x7f0000000400)='dns_resolver\x00', &(0x7f0000000140)={'syz', 0x1, 0x2e}, 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a84000000060a0b0400000000000000000200000058000480540001800a0001006d617463680000004400028008000240000000002c0003005c260400000000000023edfcbe6d55b57cb15e63c15c46395916e2b388abc3d6ce2316334e8278ad0a0001006c696d69740000000900010073797a30000000000900020073797a32"], 0xac}, 0x1, 0x0, 0x0, 0x2000094}, 0x4000800)
sendmsg$nl_generic(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES8=r0], 0x14}, 0x1, 0x0, 0x0, 0x448d3}, 0x24050000)
ioctl$SIOCAX25OPTRT(r1, 0x89e7, &(0x7f0000000000)={@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}})
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x32)

417.354µs ago: executing program 0 (id=3575):
r0 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0)
mbind(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x8000, &(0x7f00000000c0)=0xcb6, 0x7ff, 0x3)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
r2 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02)
ioctl$VIDIOC_S_CROP(r2, 0x4014563c, &(0x7f0000000040)={0x9, {0xf8000002, 0x2, 0x12008, 0x9}})
r3 = openat$cgroup_pressure(r1, &(0x7f0000000100)='memory.pressure\x00', 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1f1)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb)
setresuid(0x0, 0xee01, 0xee00)
renameat2(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x0)
write$cgroup_pressure(r3, &(0x7f0000000040)={'full', 0x20, 0x4017e, 0x20, 0x100002}, 0x2f)
fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) (async)
mbind(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x8000, &(0x7f00000000c0)=0xcb6, 0x7ff, 0x3) (async)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) (async)
fsmount(r0, 0x0, 0x0) (async)
syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02) (async)
ioctl$VIDIOC_S_CROP(r2, 0x4014563c, &(0x7f0000000040)={0x9, {0xf8000002, 0x2, 0x12008, 0x9}}) (async)
openat$cgroup_pressure(r1, &(0x7f0000000100)='memory.pressure\x00', 0x2, 0x0) (async)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1f1) (async)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb) (async)
setresuid(0x0, 0xee01, 0xee00) (async)
renameat2(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x0) (async)
write$cgroup_pressure(r3, &(0x7f0000000040)={'full', 0x20, 0x4017e, 0x20, 0x100002}, 0x2f) (async)

0s ago: executing program 0 (id=3576):
sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYBLOB="e40000dbdf1b7526993a8f6ae98a250a00000ad000e5003372e8e07df7c766b53b9ee703057d05a87e51650a331ed17ae6aa7d0ebe095bb76d7676e837b8fd4ca060b943f8fbd1a19870218988e54df7bf6a6d"], 0xe4}, 0x1, 0x0, 0x0, 0x8801}, 0x50)
setsockopt$inet_MCAST_MSFILTER(0xffffffffffffffff, 0x0, 0x30, &(0x7f0000000200)=ANY=[@ANYBLOB="020000000000000002004e21e0000001000000000000000000000000000000000000000000000000000000000000000000000600"/140], 0x210)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.log\x00', 0x52000, 0x111)
setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f00000001c0)={0x4000, 0x1, 0x1, 0x81}, 0x10)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
r4 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000), 0x8)
r5 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000), 0x8)
getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(0xffffffffffffffff, 0x84, 0x72, &(0x7f0000000040)={<r6=>0x0, 0x8}, &(0x7f0000000080)=0xc)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r2, 0x84, 0x71, &(0x7f00000000c0)={r6, 0x7f}, &(0x7f0000000100)=0x8)
r7 = syz_io_uring_setup(0x111, &(0x7f00000002c0)={0x0, 0xaa64, 0x10000, 0x5, 0x1de}, &(0x7f00000029c0)=<r8=>0x0, &(0x7f0000000200)=<r9=>0x0)
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
sendmsg$ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
syz_clone(0x87b42591, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r10 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
syz_io_uring_submit(r8, r9, &(0x7f0000001040)=@IORING_OP_CLOSE={0x13, 0x0, 0x0, r10, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r7, 0x1733, 0x6323, 0x20, 0x0, 0x0)
r11 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r11, 0xae9a)
ioctl$NBD_SET_SIZE_BLOCKS(r2, 0xab07, 0x80000001)
ioctl$KVM_SET_REGS(r11, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x40, 0x4000081, 0x100000, 0x0, 0x2004c8, 0x8000000, 0xfffffffffffffffe, 0x0, 0x7, 0x0, 0x7, 0x0, 0x2, 0xffffffffffffffff]})
ioctl$KVM_RUN(r11, 0xae80, 0x0)

kernel console output (not intermixed with test programs):

2.833291][T13266] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2504'.
[  222.836412][   T60] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  222.836435][   T60] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  222.836521][   T60] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  222.838676][T13216] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  222.840024][T13266] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2504'.
[  222.843873][T13216] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  223.236511][T13302] dlm: Unknown command passed to DLM device : 33
[  223.236511][T13302] 
[  223.240891][T13302] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2514'.
[  223.245786][T13302] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2514'.
[  223.361471][   T40] audit: type=1400 audit(1773741678.221:9901): avc:  denied  { watch_mount } for  pid=13311 comm="syz.2.2518" path="/63" dev="tmpfs" ino=337 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  223.369909][   T40] audit: type=1400 audit(1773741678.221:9902): avc:  denied  { accept } for  pid=13311 comm="syz.2.2518" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  223.425514][T13319] FAULT_INJECTION: forcing a failure.
[  223.425514][T13319] name failslab, interval 1, probability 0, space 0, times 0
[  223.430358][T13319] CPU: 2 UID: 0 PID: 13319 Comm: syz.4.2520 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  223.430386][T13319] Tainted: [L]=SOFTLOCKUP
[  223.430392][T13319] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  223.430402][T13319] Call Trace:
[  223.430408][T13319]  <TASK>
[  223.430414][T13319]  dump_stack_lvl+0x100/0x190
[  223.430453][T13319]  should_fail_ex.cold+0x5/0xa
[  223.430467][T13319]  should_failslab+0xc2/0x120
[  223.430480][T13319]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  223.430497][T13319]  ? __alloc_skb+0x140/0x710
[  223.430513][T13319]  __alloc_skb+0x140/0x710
[  223.430525][T13319]  ? __alloc_skb+0x5b7/0x710
[  223.430538][T13319]  ? __pfx___alloc_skb+0x10/0x10
[  223.430550][T13319]  ? genl_rcv_msg+0x4be/0x800
[  223.430571][T13319]  netlink_ack+0x117/0xb80
[  223.430592][T13319]  netlink_rcv_skb+0x333/0x420
[  223.430608][T13319]  ? __pfx_genl_rcv_msg+0x10/0x10
[  223.430626][T13319]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  223.430648][T13319]  ? netlink_deliver_tap+0x1ae/0xcc0
[  223.430666][T13319]  genl_rcv+0x28/0x40
[  223.430682][T13319]  netlink_unicast+0x5aa/0x870
[  223.430700][T13319]  ? __pfx_netlink_unicast+0x10/0x10
[  223.430726][T13319]  netlink_sendmsg+0x8b0/0xda0
[  223.430744][T13319]  ? __pfx_netlink_sendmsg+0x10/0x10
[  223.430759][T13319]  ? PageHuge+0x170/0x180
[  223.430779][T13319]  ____sys_sendmsg+0x9e1/0xb70
[  223.430815][T13319]  ? __pfx_netlink_sendmsg+0x10/0x10
[  223.430832][T13319]  ? __pfx_____sys_sendmsg+0x10/0x10
[  223.430856][T13319]  ___sys_sendmsg+0x190/0x1e0
[  223.430876][T13319]  ? __pfx____sys_sendmsg+0x10/0x10
[  223.430911][T13319]  __sys_sendmsg+0x170/0x220
[  223.430925][T13319]  ? __pfx___sys_sendmsg+0x10/0x10
[  223.430949][T13319]  do_syscall_64+0x106/0xf80
[  223.430964][T13319]  ? clear_bhb_loop+0x40/0x90
[  223.430978][T13319]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  223.430989][T13319] RIP: 0033:0x7fc82c19c799
[  223.431011][T13319] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  223.431022][T13319] RSP: 002b:00007fc82cff3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  223.431034][T13319] RAX: ffffffffffffffda RBX: 00007fc82c415fa0 RCX: 00007fc82c19c799
[  223.431041][T13319] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003
[  223.431048][T13319] RBP: 00007fc82cff3090 R08: 0000000000000000 R09: 0000000000000000
[  223.431054][T13319] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  223.431060][T13319] R13: 00007fc82c416038 R14: 00007fc82c415fa0 R15: 00007ffc160a7d78
[  223.431076][T13319]  </TASK>
[  223.476325][T13323] netlink: 'syz.2.2522': attribute type 1 has an invalid length.
[  223.788408][   T40] audit: type=1400 audit(1773741678.651:9903): avc:  denied  { create } for  pid=13341 comm="syz.3.2525" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  223.834630][T13347] overlayfs: empty lowerdir
[  223.920096][T13362] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
[  223.970081][   T40] audit: type=1400 audit(1773741678.831:9904): avc:  denied  { ioctl } for  pid=13369 comm="syz.0.2537" path="socket:[52375]" dev="sockfs" ino=52375 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  224.053614][T13381] mac80211_hwsim hwsim5 syzkaller0: entered promiscuous mode
[  224.056863][T13381] mac80211_hwsim hwsim5 syzkaller0: entered allmulticast mode
[  224.078337][T13379] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2540'.
[  224.124554][T13385] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2542'.
[  224.151958][T13387] macsec1: entered promiscuous mode
[  224.196183][T13393] openvswitch: netlink: Missing valid actions attribute.
[  224.199363][T13393] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  224.325745][   T40] audit: type=1400 audit(1773741679.191:9906): avc:  denied  { accept } for  pid=13401 comm="syz.2.2547" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  224.888152][T13417] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2552'.
[  224.995332][T13432] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2557'.
[  225.160202][T13445] max out of range
[  225.502362][T13476] fuse: Bad value for 'group_id'
[  225.504093][T13476] fuse: Bad value for 'group_id'
[  225.520450][T13476] netlink: 'syz.3.2571': attribute type 11 has an invalid length.
[  225.605609][T13486] xt_limit: Overflow, try lower: 271964/0
[  226.012290][T13510] sctp: [Deprecated]: syz.0.2578 (pid 13510) Use of struct sctp_assoc_value in delayed_ack socket option.
[  226.012290][T13510] Use struct sctp_sack_info instead
[  226.134275][T13525] syzkaller0: entered promiscuous mode
[  226.139401][T13525] syzkaller0: entered allmulticast mode
[  226.296931][T13532] new mount options do not match the existing superblock, will be ignored
[  226.715227][   T50] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  226.864852][   T50] usb 5-1: device descriptor read/64, error -71
[  227.104915][   T50] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  227.244856][   T50] usb 5-1: device descriptor read/64, error -71
[  227.252683][T13564] cgroup: subsys name conflicts with all
[  227.294132][   T40] kauditd_printk_skb: 8 callbacks suppressed
[  227.294145][   T40] audit: type=1400 audit(1773741682.151:9914): avc:  denied  { audit_control } for  pid=13565 comm="syz.4.2596" capability=30  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1
[  227.355187][   T50] usb usb5-port1: attempt power cycle
[  227.403517][T13550] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  227.407508][T13550] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  227.563492][T13584] program syz.2.2602 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  227.647123][T13588] SELinux:  truncated policydb string identifier
[  227.649638][T13588] SELinux: failed to load policy
[  227.707589][   T40] audit: type=1400 audit(1773741682.571:9915): avc:  denied  { append } for  pid=13592 comm="syz.4.2605" name="nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  227.714890][   T50] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  227.723041][   T40] audit: type=1400 audit(1773741682.581:9916): avc:  denied  { write } for  pid=13592 comm="syz.4.2605" name="nvram" dev="devtmpfs" ino=631 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  227.732437][T13593] netlink: 'syz.4.2605': attribute type 13 has an invalid length.
[  227.736345][   T50] usb 5-1: device descriptor read/8, error -71
[  227.755409][T13594] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  227.766853][T13594] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  227.776942][T13594] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  227.786203][T13594] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  227.797596][T13594] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  227.810320][T13594] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  227.822534][T13594] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  227.833708][T13594] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  227.984836][   T50] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  228.015260][   T50] usb 5-1: device descriptor read/8, error -71
[  228.124983][   T50] usb usb5-port1: unable to enumerate USB device
[  228.560679][T13620] xt_cgroup: xt_cgroup: no path or classid specified
[  228.673239][T13626] __nla_validate_parse: 4 callbacks suppressed
[  228.673256][T13626] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2615'.
[  228.690501][T13626] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=13626 comm=syz.3.2615
[  228.698202][T13626] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2560 sclass=netlink_route_socket pid=13626 comm=syz.3.2615
[  228.805233][ T1459] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  228.857612][T13604] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  228.860791][T13604] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  228.954868][ T1459] usb 9-1: Using ep0 maxpacket: 8
[  228.958813][ T1459] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[  228.962378][ T1459] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  228.967165][ T1459] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  228.971419][ T1459] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  228.975735][ T1459] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  228.981394][ T1459] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  228.985351][ T1459] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  229.153220][T13632] netdevsim netdevsim2 ������: renamed from netdevsim0 (while UP)
[  229.198608][ T1459] usb 9-1: usb_control_msg returned -32
[  229.200803][ T1459] usbtmc 9-1:16.0: can't read capabilities
[  229.446807][ T5934] Bluetooth: hci4: command 0x041b tx timeout
[  229.506817][T13646] binder: 13645:13646 ioctl c0306201 200000004a40 returned -22
[  229.515765][   T40] audit: type=1400 audit(1773741684.381:9917): avc:  denied  { getopt } for  pid=13645 comm="syz.0.2622" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  229.550744][T13650] usbtmc 9-1:16.0: usb_control_msg returned -32
[  229.555155][ T5974] usb 9-1: USB disconnect, device number 4
[  229.590376][   T40] audit: type=1400 audit(1773741684.451:9918): avc:  denied  { write } for  pid=13653 comm="syz.0.2626" name="hwrng" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:random_device_t tclass=chr_file permissive=1
[  229.903787][   T40] audit: type=1400 audit(1773741684.761:9919): avc:  denied  { read } for  pid=13676 comm="syz.0.2634" name="usbmon7" dev="devtmpfs" ino=759 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  229.921738][   T40] audit: type=1400 audit(1773741684.761:9920): avc:  denied  { open } for  pid=13676 comm="syz.0.2634" path="/dev/usbmon7" dev="devtmpfs" ino=759 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  229.969537][T13687] syzkaller0: entered promiscuous mode
[  229.972002][T13687] syzkaller0: entered allmulticast mode
[  230.101035][T13697] netlink: 'syz.4.2638': attribute type 13 has an invalid length.
[  230.103753][T13697] syz_tun: refused to change device tx_queue_len
[  230.108454][ T5934] Bluetooth: hci4: ACL packet for unknown connection handle 200
[  230.119677][T13699] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device nullb0.
[  230.137354][T13699] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2639'.
[  230.168591][T13699] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2639'.
[  230.317981][T13674] netlink: 'syz.3.2632': attribute type 21 has an invalid length.
[  230.320544][T13674] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2632'.
[  230.339044][T13674] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  230.384362][T13722] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  230.549642][   T40] audit: type=1400 audit(1773741685.411:9921): avc:  denied  { write } for  pid=13742 comm="syz.3.2653" name="binder0" dev="binder" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1
[  230.585988][T13748] overlay: Unknown parameter 'smackfshat'
[  230.629228][T13753] netlink: 'syz.0.2655': attribute type 10 has an invalid length.
[  230.632137][T13753] veth1_macvtap: left promiscuous mode
[  230.653699][T13743] binder: 13742:13743 ioctl c0306201 2000000004c0 returned -22
[  230.657969][T13743] binder: 13742:13743 ioctl 400454ca 200000000040 returned -22
[  230.686889][T13755] net_ratelimit: 25 callbacks suppressed
[  230.686902][T13755] A link change request failed with some changes committed already. Interface vlan2 may have been left with an inconsistent configuration, please check.
[  230.777137][T13761] sp0: Synchronizing with TNC
[  230.802604][T13761] bridge2: trying to set multicast startup query interval below minimum, setting to 100 (1000ms)
[  230.814057][T13760] [U] �
[  230.953681][   T40] audit: type=1400 audit(1773741685.811:9922): avc:  denied  { read } for  pid=13768 comm="syz.3.2663" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  230.957603][T13769] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=50 sclass=netlink_audit_socket pid=13769 comm=syz.3.2663
[  230.957609][T13770] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=50 sclass=netlink_audit_socket pid=13770 comm=syz.3.2663
[  230.960451][   T40] audit: type=1400 audit(1773741685.811:9923): avc:  denied  { read } for  pid=13768 comm="syz.3.2663" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[  231.155513][T13794] MTD: Attempt to mount non-MTD device "/dev/sr0"
[  231.158839][T13793] netlink: 4376 bytes leftover after parsing attributes in process `syz.4.2668'.
[  231.162210][T13793] netlink: 4376 bytes leftover after parsing attributes in process `syz.4.2668'.
[  231.169448][T13794] romfs: unable to set blocksize
[  231.169448][T13794] 
[  231.184227][T13797] fuse: Unknown parameter ''
[  231.351871][T13738] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  231.356152][T13738] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  231.403180][T13821] netlink: 'syz.2.2678': attribute type 39 has an invalid length.
[  231.406960][T13823] FAULT_INJECTION: forcing a failure.
[  231.406960][T13823] name failslab, interval 1, probability 0, space 0, times 0
[  231.415100][T13823] CPU: 2 UID: 0 PID: 13823 Comm: syz.3.2679 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  231.415119][T13823] Tainted: [L]=SOFTLOCKUP
[  231.415123][T13823] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  231.415130][T13823] Call Trace:
[  231.415134][T13823]  <TASK>
[  231.415138][T13823]  dump_stack_lvl+0x100/0x190
[  231.415169][T13823]  should_fail_ex.cold+0x5/0xa
[  231.415183][T13823]  should_failslab+0xc2/0x120
[  231.415196][T13823]  kmem_cache_alloc_node_noprof+0x81/0x6f0
[  231.415213][T13823]  ? __alloc_skb+0x140/0x710
[  231.415234][T13823]  __alloc_skb+0x140/0x710
[  231.415246][T13823]  ? __alloc_skb+0x5b7/0x710
[  231.415258][T13823]  ? __pfx___alloc_skb+0x10/0x10
[  231.415271][T13823]  ? up_write+0x290/0x4f0
[  231.415286][T13823]  alloc_skb_with_frags+0xe0/0x810
[  231.415305][T13823]  sock_alloc_send_pskb+0x801/0x980
[  231.415317][T13823]  ? __pfx_ref_tracker_alloc+0x10/0x10
[  231.415339][T13823]  ? __pfx_sock_alloc_send_pskb+0x10/0x10
[  231.415352][T13823]  ? find_held_lock+0x2b/0x80
[  231.415365][T13823]  ? dev_get_by_index+0x180/0x380
[  231.415378][T13823]  ? dev_get_by_index+0x180/0x380
[  231.415395][T13823]  packet_sendmsg+0x20e0/0x53c0
[  231.415407][T13823]  ? avc_has_perm+0x40/0x1e0
[  231.415421][T13823]  ? __lock_acquire+0x4a5/0x2630
[  231.415434][T13823]  ? sock_has_perm+0x258/0x2f0
[  231.415447][T13823]  ? __pfx_sock_has_perm+0x10/0x10
[  231.415461][T13823]  ? __pfx_packet_sendmsg+0x10/0x10
[  231.415479][T13823]  ____sys_sendmsg+0x9e1/0xb70
[  231.415496][T13823]  ? __pfx_packet_sendmsg+0x10/0x10
[  231.415508][T13823]  ? __pfx_____sys_sendmsg+0x10/0x10
[  231.415545][T13823]  ___sys_sendmsg+0x190/0x1e0
[  231.415565][T13823]  ? __pfx____sys_sendmsg+0x10/0x10
[  231.415600][T13823]  __sys_sendmsg+0x170/0x220
[  231.415614][T13823]  ? __pfx___sys_sendmsg+0x10/0x10
[  231.415637][T13823]  do_syscall_64+0x106/0xf80
[  231.415651][T13823]  ? clear_bhb_loop+0x40/0x90
[  231.415665][T13823]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  231.415677][T13823] RIP: 0033:0x7ff4fcd9c799
[  231.415687][T13823] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  231.415697][T13823] RSP: 002b:00007ff4fdc3f028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  231.415709][T13823] RAX: ffffffffffffffda RBX: 00007ff4fd015fa0 RCX: 00007ff4fcd9c799
[  231.415716][T13823] RDX: 0000000000000894 RSI: 00002000000000c0 RDI: 0000000000000005
[  231.415722][T13823] RBP: 00007ff4fdc3f090 R08: 0000000000000000 R09: 0000000000000000
[  231.415736][T13823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  231.415743][T13823] R13: 00007ff4fd016038 R14: 00007ff4fd015fa0 R15: 00007ffd6bb5f638
[  231.415757][T13823]  </TASK>
[  231.710886][T13837] geneve2: entered promiscuous mode
[  231.713159][T13837] geneve2: entered allmulticast mode
[  231.824855][ T6488] usb 9-1: new full-speed USB device number 5 using dummy_hcd
[  231.920967][T13858] syzkaller0: entered promiscuous mode
[  231.923328][T13858] syzkaller0: entered allmulticast mode
[  231.989808][ T6488] usb 9-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  231.994701][ T6488] usb 9-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  231.998196][ T6488] usb 9-1: config 0 interface 0 has no altsetting 0
[  232.000445][ T6488] usb 9-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00
[  232.003363][ T6488] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  232.007464][ T6488] usb 9-1: config 0 descriptor??
[  232.172432][T13875] netlink: 36 bytes leftover after parsing attributes in process `syz.3.2697'.
[  232.444679][T13832] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=60 sclass=netlink_route_socket pid=13832 comm=syz.4.2682
[  232.444918][   T50] usb 8-1: new high-speed USB device number 46 using dummy_hcd
[  232.566867][ T6488] usbhid 9-1:0.0: can't add hid device: -71
[  232.569509][ T6488] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  232.575032][ T6488] usb 9-1: USB disconnect, device number 5
[  232.588916][T13841] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  232.591701][T13841] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  232.615001][   T50] usb 8-1: Using ep0 maxpacket: 8
[  232.618678][   T50] usb 8-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  232.619123][T13894] comedi comedi3: driver 'ni_daq_700' does not support attach using comedi_config
[  232.623001][   T50] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  232.644384][   T50] pvrusb2: Hardware description: Terratec Grabster AV400
[  232.647483][   T50] pvrusb2: **********
[  232.649360][   T50] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  232.653765][   T50] pvrusb2: Important functionality might not be entirely working.
[  232.657576][   T50] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  232.658248][T13897] netlink: 'syz.2.2702': attribute type 4 has an invalid length.
[  232.662445][   T50] pvrusb2: **********
[  232.802380][   T40] kauditd_printk_skb: 9 callbacks suppressed
[  232.802452][   T40] audit: type=1400 audit(1773741687.661:9933): avc:  denied  { module_load } for  pid=13902 comm="syz.2.2704" path="/selinux/policy" dev="selinuxfs" ino=20 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=system permissive=1
[  232.803081][T13903] kernel read not supported for file /policy (pid: 13903 comm: syz.2.2704)
[  232.838388][ T2488] pvrusb2: Invalid write control endpoint
[  232.873475][ T2488] pvrusb2: Invalid write control endpoint
[  232.876575][ T2488] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  232.880988][ T2488] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  232.883728][ T2488] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  232.889400][ T2488] pvrusb2: Device being rendered inoperable
[  232.893293][ T2488] cx25840 2-0044: Unable to detect h/w, assuming cx23887
[  232.896106][ T2488] cx25840 2-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  232.905400][ T2488] pvrusb2: Attached sub-driver cx25840
[  232.908420][ T2488] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  232.912220][ T2488] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  233.134197][   T40] audit: type=1400 audit(1773741687.991:9934): avc:  denied  { map } for  pid=13915 comm="syz.4.2708" path="socket:[54493]" dev="sockfs" ino=54493 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  233.143498][   T40] audit: type=1400 audit(1773741687.991:9935): avc:  denied  { read accept } for  pid=13915 comm="syz.4.2708" path="socket:[54493]" dev="sockfs" ino=54493 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  233.162048][ T5974] usb 8-1: USB disconnect, device number 46
[  233.311244][T13932] kvm: kvm [13931]: vcpu0, guest rIP: 0x9048 Unhandled WRMSR(0xc0010002) = 0x8000
[  233.318763][T13932] kvm: kvm [13931]: vcpu0, guest rIP: 0x9048 Unhandled WRMSR(0xc0010058) = 0x8000
[  233.332713][T13932] kvm: kvm [13931]: vcpu0, guest rIP: 0x9048 Unhandled WRMSR(0xc0010006) = 0x8000
[  233.348152][T13932] kvm: kvm [13931]: vcpu0, guest rIP: 0x9048 Unhandled WRMSR(0xc0010058) = 0x8000
[  233.362328][T13932] kvm: kvm [13931]: vcpu0, guest rIP: 0x9048 Unhandled WRMSR(0xc0010006) = 0x8000
[  233.377077][T13932] kvm: kvm [13931]: vcpu0, guest rIP: 0x9048 Unhandled WRMSR(0xc0010058) = 0x8000
[  233.389173][T13932] kvm: kvm [13931]: vcpu0, guest rIP: 0x9048 Unhandled WRMSR(0xc0010006) = 0x8000
[  233.404413][T13932] kvm: kvm [13931]: vcpu0, guest rIP: 0x9048 Unhandled WRMSR(0xc0010058) = 0x8000
[  233.414498][T13932] kvm: kvm [13931]: vcpu0, guest rIP: 0x9048 Unhandled WRMSR(0xc0010006) = 0x8000
[  233.427363][T13932] kvm: kvm [13931]: vcpu0, guest rIP: 0x9048 Unhandled WRMSR(0xc0010058) = 0x8000
[  233.856919][T13974] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6)
[  233.859124][T13974] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed)
[  233.863527][T13974] vhci_hcd vhci_hcd.0: Device attached
[  233.867566][T13975] vhci_hcd: connection closed
[  233.867768][   T12] vhci_hcd vhci_hcd.3: stop threads
[  233.872946][   T12] vhci_hcd vhci_hcd.3: release socket
[  233.875451][   T12] vhci_hcd vhci_hcd.3: disconnect device
[  234.116085][   T50] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  234.284815][   T50] usb 9-1: Using ep0 maxpacket: 8
[  234.287741][   T50] usb 9-1: config index 0 descriptor too short (expected 301, got 45)
[  234.290962][   T50] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  234.294565][   T50] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  234.297930][   T50] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 9248, setting to 1024
[  234.301403][   T50] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  234.304493][   T50] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  234.308681][   T50] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  234.311438][   T50] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  234.457803][T13981] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2725'.
[  234.461630][T13982] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2725'.
[  234.522581][   T50] usb 9-1: usb_control_msg returned -32
[  234.524952][   T50] usbtmc 9-1:16.0: can't read capabilities
[  234.684649][T13990] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  234.698434][T13992] binder: 13991:13992 ioctl c0306201 200000000640 returned -14
[  234.738949][T13995] afs: Unknown parameter 'dyn�\
��8'
[  234.875257][T13977] usbtmc 9-1:16.0: usb_control_msg returned -32
[  234.881638][   T50] usb 9-1: USB disconnect, device number 6
[  234.896609][T14009] use of bytesused == 0 is deprecated and will be removed in the future,
[  234.899952][T14009] use the actual size instead.
[  235.039588][T14023] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2741'.
[  235.043763][T14023] netem: unknown loss type 0
[  235.046328][T14023] netem: change failed
[  235.187343][ T5940] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  235.191213][ T5940] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  235.194202][ T5940] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  235.198104][ T5940] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  235.203153][ T5940] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  235.342218][T14028] chnl_net:caif_netlink_parms(): no params data found
[  235.436748][T14028] bridge0: port 1(bridge_slave_0) entered blocking state
[  235.439435][T14028] bridge0: port 1(bridge_slave_0) entered disabled state
[  235.442153][T14028] bridge_slave_0: entered allmulticast mode
[  235.445402][T14028] bridge_slave_0: entered promiscuous mode
[  235.450129][T14028] bridge0: port 2(bridge_slave_1) entered blocking state
[  235.452832][T14028] bridge0: port 2(bridge_slave_1) entered disabled state
[  235.456055][T14028] bridge_slave_1: entered allmulticast mode
[  235.459998][T14028] bridge_slave_1: entered promiscuous mode
[  235.482739][T14028] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  235.489665][T14028] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  235.512169][T14028] team0: Port device team_slave_0 added
[  235.516674][T14028] team0: Port device team_slave_1 added
[  235.543475][T14028] batman_adv: batadv0: Adding interface: batadv_slave_0
[  235.546890][T14028] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  235.556385][T14028] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  235.562242][T14028] batman_adv: batadv0: Adding interface: batadv_slave_1
[  235.564643][T14028] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  235.575606][T14028] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  235.613606][T14028] hsr_slave_0: entered promiscuous mode
[  235.616840][T14028] hsr_slave_1: entered promiscuous mode
[  235.619903][T14028] debugfs: 'hsr0' already exists in 'hsr'
[  235.621965][T14028] Cannot create hsr debugfs directory
[  235.712666][T14028] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  235.817500][T14028] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  235.944864][   T40] audit: type=1400 audit(1773741690.801:9936): avc:  denied  { name_bind } for  pid=14059 comm="syz.4.2749" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1
[  236.004004][T14028] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  236.014237][T14066] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 8, id = 0
[  236.020402][   T40] audit: type=1400 audit(1773741690.881:9937): avc:  denied  { append } for  pid=14064 comm="syz.0.2746" name="card2" dev="devtmpfs" ino=639 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dri_device_t tclass=chr_file permissive=1
[  236.067218][T14070] openvswitch: netlink: Unknown key attributes 2
[  236.067882][T14069] syzkaller0: entered promiscuous mode
[  236.071855][T14069] syzkaller0: entered allmulticast mode
[  236.074616][T14070] netlink: 188 bytes leftover after parsing attributes in process `syz.4.2751'.
[  236.118930][T14028] netdevsim netdevsim3 ������ (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  236.242664][T14028] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  236.289456][T14028] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  236.295504][T14028] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  236.312599][T14028] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  236.337864][T14088] mac80211_hwsim hwsim16 wlan1: entered allmulticast mode
[  236.398327][T14028] 8021q: adding VLAN 0 to HW filter on device bond0
[  236.416139][T14028] 8021q: adding VLAN 0 to HW filter on device team0
[  236.423113][   T71] bridge0: port 1(bridge_slave_0) entered blocking state
[  236.425541][   T71] bridge0: port 1(bridge_slave_0) entered forwarding state
[  236.440310][   T71] bridge0: port 2(bridge_slave_1) entered blocking state
[  236.443341][   T71] bridge0: port 2(bridge_slave_1) entered forwarding state
[  236.451559][T14099] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  236.503232][T14099] syzkaller0: entered promiscuous mode
[  236.505173][T14099] syzkaller0: entered allmulticast mode
[  236.654038][T14028] 8021q: adding VLAN 0 to HW filter on device batadv0
[  236.682903][T14028] veth0_vlan: entered promiscuous mode
[  236.690194][T14028] veth1_vlan: entered promiscuous mode
[  236.695851][T14114] random: crng reseeded on system resumption
[  236.699576][   T40] audit: type=1400 audit(1773741691.561:9938): avc:  denied  { write } for  pid=14113 comm="syz.2.2765" name="snapshot" dev="devtmpfs" ino=98 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[  236.708040][T14028] veth0_macvtap: entered promiscuous mode
[  236.714143][T14028] veth1_macvtap: entered promiscuous mode
[  236.740225][T14028] batman_adv: batadv0: Interface activated: batadv_slave_0
[  236.748140][T14028] batman_adv: batadv0: Interface activated: batadv_slave_1
[  236.757593][   T60] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  236.764026][   T60] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  236.768157][   T60] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  236.776946][   T60] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  236.904669][ T1150] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  236.908691][ T1150] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  236.925542][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  236.928426][T14132] xt_nfacct: accounting object `syz0' does not exist
[  236.928982][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  236.932767][   T40] audit: type=1400 audit(1773741691.791:9939): avc:  denied  { create } for  pid=14130 comm="syz.4.2771" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  236.943137][T14132] bpf: Bad value for 'uid'
[  236.944867][   T40] audit: type=1400 audit(1773741691.801:9940): avc:  denied  { getopt } for  pid=14130 comm="syz.4.2771" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  236.976344][   T40] audit: type=1400 audit(1773741691.841:9941): avc:  denied  { execute } for  pid=14135 comm="syz.0.2773" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=59638 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[  236.999208][T14139] netlink: 120 bytes leftover after parsing attributes in process `syz.2.2774'.
[  237.021259][T14146] netlink: 212368 bytes leftover after parsing attributes in process `syz.3.2743'.
[  237.056031][T14152] exFAT-fs (nullb0): invalid boot record signature
[  237.059402][T14152] exFAT-fs (nullb0): failed to read boot sector
[  237.061503][T14152] exFAT-fs (nullb0): failed to recognize exfat type
[  237.063456][T14154] e1000 0000:00:06.0 eth0: Unsupported Speed/Duplex configuration
[  237.067866][T14154] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2778'.
[  237.102602][   T40] audit: type=1400 audit(1773741691.961:9942): avc:  denied  { listen } for  pid=14155 comm="syz.2.2779" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  237.113876][T14159] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2775'.
[  237.274983][ T5940] Bluetooth: hci0: command tx timeout
[  237.389376][T14182] i2c i2c-1: Invalid block write size 34
[  237.428058][T14184] MINIX-fs: blocksize too small for device
[  237.743592][T14203] syzkaller0: entered promiscuous mode
[  237.746225][T14203] syzkaller0: entered allmulticast mode
[  238.026523][T14216] syzkaller0: entered promiscuous mode
[  238.037450][T14216] syzkaller0: entered allmulticast mode
[  238.107474][T14225] syzkaller0: entered promiscuous mode
[  238.109603][T14225] syzkaller0: entered allmulticast mode
[  238.114730][   T40] kauditd_printk_skb: 3 callbacks suppressed
[  238.114743][   T40] audit: type=1400 audit(1773741692.971:9946): avc:  denied  { setopt } for  pid=14224 comm="syz.3.2804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  238.129697][   T40] audit: type=1400 audit(1773741692.991:9947): avc:  denied  { connect } for  pid=14224 comm="syz.3.2804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1
[  238.147738][   T40] audit: type=1400 audit(1773741692.991:9948): avc:  denied  { name_bind } for  pid=14224 comm="syz.3.2804" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=icmp_socket permissive=1
[  238.164628][   T40] audit: type=1400 audit(1773741692.991:9949): avc:  denied  { write } for  pid=14224 comm="syz.3.2804" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  238.194680][T14229] x_tables: ip_tables: osf match: only valid for protocol 6
[  238.261837][T14235] syzkaller0: entered promiscuous mode
[  238.263732][T14235] syzkaller0: entered allmulticast mode
[  238.417432][   T40] audit: type=1400 audit(1773741693.281:9950): avc:  denied  { listen } for  pid=14249 comm="syz.0.2812" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  238.427059][   T40] audit: type=1400 audit(1773741693.281:9951): avc:  denied  { accept } for  pid=14249 comm="syz.0.2812" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  238.434582][T14252] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1550 sclass=netlink_route_socket pid=14252 comm=syz.4.2813
[  238.539132][T14262] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2814'.
[  238.544073][T14262] gfs2: error -5 reading superblock
[  239.332496][T14274] syzkaller0: entered promiscuous mode
[  239.334373][T14274] syzkaller0: entered allmulticast mode
[  239.349006][   T40] audit: type=1400 audit(1773741694.211:9952): avc:  denied  { add_name } for  pid=14275 comm="syz.2.2819" name="cpuset.effective_cpus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  239.357378][   T40] audit: type=1400 audit(1773741694.211:9953): avc:  denied  { create } for  pid=14275 comm="syz.2.2819" name="cpuset.effective_cpus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  239.364523][   T40] audit: type=1400 audit(1773741694.211:9954): avc:  denied  { associate } for  pid=14275 comm="syz.2.2819" name="cpuset.effective_cpus" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[  239.368494][ T5940] Bluetooth: hci0: command tx timeout
[  239.378525][   T40] audit: type=1400 audit(1773741694.241:9955): avc:  denied  { append } for  pid=14275 comm="syz.2.2819" path="/142/file0/cpuset.effective_cpus" dev="9p" ino=71827935 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  239.480202][T14278] ufs: You didn't specify the type of your ufs filesystem
[  239.480202][T14278] 
[  239.480202][T14278] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ...
[  239.480202][T14278] 
[  239.480202][T14278] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old
[  239.521901][T14283] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2823'.
[  239.526230][T14283] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2823'.
[  239.529814][T14283] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2823'.
[  239.589106][   T10] IPVS: starting estimator thread 0...
[  239.651334][T14294] syz.3.2826 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  239.684948][T14287] IPVS: using max 44 ests per chain, 105600 per kthread
[  239.782204][T14307] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2830'.
[  239.785333][T14307] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2830'.
[  239.859413][T14310] syzkaller0: entered promiscuous mode
[  239.862147][T14310] syzkaller0: entered allmulticast mode
[  239.865465][T14271] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  239.868458][T14271] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  240.506508][ T5940] Bluetooth: hci4: ACL packet for unknown connection handle 201
[  240.645449][   T10] usb 7-1: new high-speed USB device number 25 using dummy_hcd
[  240.663522][T14350] trusted_key: syz.0.2842 sent an empty control message without MSG_MORE.
[  240.816307][   T10] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  240.819383][   T10] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  240.822679][   T10] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  240.826374][   T10] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  240.830837][   T10] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  240.837035][   T10] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  240.840705][   T10] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  240.843982][   T10] usb 7-1: Product: syz
[  240.846134][   T10] usb 7-1: Manufacturer: syz
[  240.851409][   T10] cdc_wdm 7-1:1.0: skipping garbage
[  240.853156][   T10] cdc_wdm 7-1:1.0: skipping garbage
[  240.858414][   T10] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  240.860854][   T10] cdc_wdm 7-1:1.0: Unknown control protocol
[  240.888167][T14355] syzkaller0: entered promiscuous mode
[  240.890021][T14355] syzkaller0: entered allmulticast mode
[  241.054286][   T10] usb 7-1: USB disconnect, device number 25
[  241.310380][T14343] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  241.314946][T14343] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  241.365046][T14371] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  241.367715][T14371] overlayfs: failed to set xattr on upper
[  241.369647][T14371] overlayfs: ...falling back to redirect_dir=nofollow.
[  241.372038][T14371] overlayfs: ...falling back to index=off.
[  241.373957][T14371] overlayfs: ...falling back to uuid=null.
[  241.375773][T14373] Bluetooth: MGMT ver 1.23
[  241.376257][T14371] overlayfs: ...falling back to xino=off.
[  241.377750][T14373] Bluetooth: hci0: unsupported parameter 255
[  241.379896][T14371] overlayfs: conflicting lowerdir path
[  241.382081][T14373] Bluetooth: hci0: unsupported parameter 255
[  241.435151][ T5940] Bluetooth: hci0: command tx timeout
[  241.470619][T14384] 9p: Bad value for 'wfdno'
[  241.694858][   T50] usb 8-1: new high-speed USB device number 47 using dummy_hcd
[  241.854847][   T50] usb 8-1: Using ep0 maxpacket: 16
[  241.858404][   T50] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 129, using maximum allowed: 30
[  241.861931][   T50] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  241.866307][T14411] cgroup2: Unknown parameter 'memor2e'
[  241.868527][   T50] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  241.871816][   T50] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129
[  241.877442][   T50] usb 8-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00
[  241.880428][   T50] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  241.885055][   T50] usb 8-1: config 0 descriptor??
[  242.107413][T14432] netlink: 'syz.0.2869': attribute type 21 has an invalid length.
[  242.110733][T14432] netlink: 156 bytes leftover after parsing attributes in process `syz.0.2869'.
[  242.164594][   T50] usbhid 8-1:0.0: can't add hid device: -71
[  242.167653][   T50] usbhid 8-1:0.0: probe with driver usbhid failed with error -71
[  242.174991][   T50] usb 8-1: USB disconnect, device number 47
[  242.209296][ T5974] hid-generic 0005:00B6:0009.0006: unknown main item tag 0x0
[  242.212157][ T5974] hid-generic 0005:00B6:0009.0006: unknown main item tag 0x0
[  242.214571][ T5974] hid-generic 0005:00B6:0009.0006: unknown main item tag 0x0
[  242.218199][ T5974] hid-generic 0005:00B6:0009.0006: unknown main item tag 0x0
[  242.220708][ T5974] hid-generic 0005:00B6:0009.0006: unknown main item tag 0x0
[  242.223115][ T5974] hid-generic 0005:00B6:0009.0006: unknown main item tag 0x0
[  242.225694][ T5974] hid-generic 0005:00B6:0009.0006: unknown main item tag 0x0
[  242.228368][ T5974] hid-generic 0005:00B6:0009.0006: unknown main item tag 0x0
[  242.231309][ T5974] hid-generic 0005:00B6:0009.0006: unknown main item tag 0x0
[  242.233635][ T5974] hid-generic 0005:00B6:0009.0006: unknown main item tag 0x0
[  242.258899][ T5974] hid-generic 0005:00B6:0009.0006: hidraw1: BLUETOOTH HID v1ade12.f3 Device [syz0] on syz1
[  242.309123][T14436] fido_id[14436]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  242.312597][T14440] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2873'.
[  242.320925][T14440] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2873'.
[  242.355078][   T39] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  242.482607][T14451] netlink: 348 bytes leftover after parsing attributes in process `syz.4.2876'.
[  242.514109][ T5940] Bluetooth: hci4: ACL packet for unknown connection handle 201
[  242.515918][   T39] usb 5-1: Using ep0 maxpacket: 32
[  242.532679][   T39] usb 5-1: unable to get BOS descriptor or descriptor too short
[  242.540634][   T39] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  242.575615][   T39] usb 5-1: New USB device found, idVendor=1430, idProduct=474b, bcdDevice= 0.40
[  242.579605][   T39] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.583046][   T39] usb 5-1: Product: syz
[  242.585947][   T39] usb 5-1: Manufacturer: syz
[  242.587925][   T39] usb 5-1: SerialNumber: syz
[  242.756731][T14480] syzkaller0: entered promiscuous mode
[  242.758996][T14480] syzkaller0: entered allmulticast mode
[  242.817824][   T39] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  242.820719][   T39] usb 5-1: MIDIStreaming interface descriptor not found
[  242.883288][   T39] usb 5-1: USB disconnect, device number 21
[  242.923299][ T5936] udevd[5936]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  243.001175][   T50] IPVS: starting estimator thread 0...
[  243.105690][T14507] IPVS: using max 44 ests per chain, 105600 per kthread
[  243.126350][T14521] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2899'.
[  243.525528][ T5940] Bluetooth: hci0: command tx timeout
[  243.687723][T14554] netlink: 'syz.3.2909': attribute type 2 has an invalid length.
[  243.748443][   T40] kauditd_printk_skb: 9 callbacks suppressed
[  243.748455][   T40] audit: type=1400 audit(1773741698.611:9965): avc:  denied  { read } for  pid=14560 comm="syz.4.2911" dev="sockfs" ino=60707 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  243.772913][T14561] 9p: Bad value for 'rfdno'
[  243.856492][T14575] netlink: 'syz.0.2917': attribute type 1 has an invalid length.
[  243.868823][T14575] bond2: entered promiscuous mode
[  243.871400][T14575] 8021q: adding VLAN 0 to HW filter on device bond2
[  243.885155][T14572] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  243.892706][T14575] bond2: (slave bridge1): making interface the new active one
[  243.904855][T14575] bridge1: entered promiscuous mode
[  243.907828][T14575] bond2: (slave bridge1): Enslaving as an active interface with an up link
[  243.942214][T14581] EXT4-fs: Conflicting test_dummy_encryption options
[  243.985094][   T40] audit: type=1400 audit(1773741698.831:9966): avc:  denied  { append } for  pid=14584 comm="syz.2.2921" name="fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  243.992803][   T40] audit: type=1400 audit(1773741698.841:9967): avc:  denied  { map } for  pid=14584 comm="syz.2.2921" path="/dev/fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  244.020263][   T40] audit: type=1400 audit(1773741698.841:9968): avc:  denied  { execute } for  pid=14584 comm="syz.2.2921" path="/dev/fb0" dev="devtmpfs" ino=637 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1
[  244.056947][T14594] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  244.128321][   T40] audit: type=1400 audit(1773741698.991:9969): avc:  denied  { append } for  pid=14595 comm="syz.2.2924" name="rtc0" dev="devtmpfs" ino=944 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  244.304208][   T40] audit: type=1400 audit(1773741699.161:9970): avc:  denied  { link } for  pid=14604 comm="syz.3.2928" name="file1" dev="overlay" ino=248 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  244.311517][   T40] audit: type=1400 audit(1773741699.171:9971): avc:  denied  { setattr } for  pid=14604 comm="syz.3.2928" name="#2c" dev="tmpfs" ino=249 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  244.311830][T14605] overlayfs: failed to get index nlink (file1/file0, err=-61)
[  244.319132][   T40] audit: type=1400 audit(1773741699.171:9972): avc:  denied  { rename } for  pid=14604 comm="syz.3.2928" name="#2c" dev="tmpfs" ino=249 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  244.369622][   T40] audit: type=1400 audit(1773741699.231:9973): avc:  denied  { view } for  pid=14606 comm="syz.3.2929" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=key permissive=1
[  244.742247][T14631] cgroup: fork rejected by pids controller in /syz3
[  244.844159][   T40] audit: type=1400 audit(1773741699.701:9974): avc:  denied  { setopt } for  pid=14637 comm="syz.0.2934" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  244.996586][T14600] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  245.000224][T14600] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  245.156269][ T6488] usb 5-1: new full-speed USB device number 22 using dummy_hcd
[  245.215301][ T1144] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.237224][T14647] overlayfs: conflicting options: nfs_export=on,metacopy=on
[  245.291083][ T5934] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  245.297434][ T5934] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  245.301894][ T5934] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  245.311018][ T5934] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  245.317431][ T5934] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  245.317720][ T1144] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.346044][ T6488] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  245.354022][ T6488] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  245.364223][ T6488] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  245.368209][ T6488] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  245.396930][T14652] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  245.399632][T14652] batman_adv: batadv0: Removing interface: batadv_slave_0
[  245.403819][T14652] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  245.408072][T14652] batman_adv: batadv0: Removing interface: batadv_slave_1
[  245.411793][T14652] batman_adv: batadv0: Removing interface: ip6gretap1
[  245.441929][ T1144] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.504212][T14648] chnl_net:caif_netlink_parms(): no params data found
[  245.576124][ T6488] usb 5-1: usb_control_msg returned -32
[  245.577995][ T6488] usbtmc 5-1:16.0: can't read capabilities
[  245.590349][ T1144] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  245.601581][T14648] bridge0: port 1(bridge_slave_0) entered blocking state
[  245.604681][T14648] bridge0: port 1(bridge_slave_0) entered disabled state
[  245.607576][T14648] bridge_slave_0: entered allmulticast mode
[  245.607946][T14663] netlink: 'syz.2.2943': attribute type 10 has an invalid length.
[  245.611335][T14648] bridge_slave_0: entered promiscuous mode
[  245.616539][T14648] bridge0: port 2(bridge_slave_1) entered blocking state
[  245.618898][T14648] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.621386][T14648] bridge_slave_1: entered allmulticast mode
[  245.624209][T14648] bridge_slave_1: entered promiscuous mode
[  245.628023][T14663] veth1_macvtap: left promiscuous mode
[  245.649878][T14648] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  245.656437][T14648] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  245.672770][T14665] netlink: 'syz.4.2942': attribute type 63 has an invalid length.
[  245.676613][T14665] __nla_validate_parse: 4 callbacks suppressed
[  245.676628][T14665] netlink: 5 bytes leftover after parsing attributes in process `syz.4.2942'.
[  245.678038][T14648] team0: Port device team_slave_0 added
[  245.683944][T14665] gretap0: entered allmulticast mode
[  245.688599][T14665] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check.
[  245.695559][T14648] team0: Port device team_slave_1 added
[  245.735031][T14648] batman_adv: batadv0: Adding interface: batadv_slave_0
[  245.737320][T14648] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  245.745735][T14648] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  245.756239][T14648] batman_adv: batadv0: Adding interface: batadv_slave_1
[  245.758539][T14648] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  245.767463][T14648] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  245.817861][T14648] hsr_slave_0: entered promiscuous mode
[  245.820509][T14648] hsr_slave_1: entered promiscuous mode
[  245.822838][T14648] debugfs: 'hsr0' already exists in 'hsr'
[  245.825625][T14648] Cannot create hsr debugfs directory
[  245.828205][ T1144] bridge_slave_1: left allmulticast mode
[  245.830149][ T1144] bridge_slave_1: left promiscuous mode
[  245.832405][ T1144] bridge0: port 2(bridge_slave_1) entered disabled state
[  245.840338][ T1144] bridge_slave_0: left allmulticast mode
[  245.842155][ T1144] bridge_slave_0: left promiscuous mode
[  245.844093][ T1144] bridge0: port 1(bridge_slave_0) entered disabled state
[  246.033309][ T1144] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  246.037803][ T1144] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  246.041939][ T1144] bond0 (unregistering): Released all slaves
[  246.410252][ T1144] hsr_slave_0: left promiscuous mode
[  246.413207][ T1144] hsr_slave_1: left promiscuous mode
[  246.418465][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  246.421343][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_0
[  246.424709][ T1144] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  246.428600][ T1144] batman_adv: batadv0: Removing interface: batadv_slave_1
[  246.434559][ T1144] veth1_macvtap: left promiscuous mode
[  246.436559][ T1144] veth0_macvtap: left promiscuous mode
[  246.438426][ T1144] veth1_vlan: left promiscuous mode
[  246.440169][ T1144] veth0_vlan: left promiscuous mode
[  246.511220][T14667] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  246.516551][T14667] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  246.564871][ T1144] team0 (unregistering): Port device team_slave_1 removed
[  246.573189][ T1144] team0 (unregistering): Port device team_slave_0 removed
[  246.843180][T14648] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  246.854088][T14648] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  246.859677][T14648] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  246.871825][T14648] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  246.922818][T14648] 8021q: adding VLAN 0 to HW filter on device bond0
[  246.931607][T14648] 8021q: adding VLAN 0 to HW filter on device team0
[  246.947914][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[  246.951162][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[  246.963018][  T102] bridge0: port 2(bridge_slave_1) entered blocking state
[  246.965498][  T102] bridge0: port 2(bridge_slave_1) entered forwarding state
[  247.114941][T14648] 8021q: adding VLAN 0 to HW filter on device batadv0
[  247.138690][T14648] veth0_vlan: entered promiscuous mode
[  247.144891][T14648] veth1_vlan: entered promiscuous mode
[  247.159742][T14648] veth0_macvtap: entered promiscuous mode
[  247.163705][T14648] veth1_macvtap: entered promiscuous mode
[  247.174595][T14648] batman_adv: batadv0: Interface activated: batadv_slave_0
[  247.182968][T14648] batman_adv: batadv0: Interface activated: batadv_slave_1
[  247.189449][  T102] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  247.193378][  T102] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  247.197317][  T102] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  247.201157][  T102] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  247.237274][   T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  247.241436][   T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  247.255128][  T102] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  247.258202][  T102] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  247.354936][ T5934] Bluetooth: hci0: command tx timeout
[  247.593894][T14752] netlink: 'syz.4.2956': attribute type 21 has an invalid length.
[  247.852061][   T29] usb 5-1: USB disconnect, device number 22
[  248.953329][T14799] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  248.956688][T14799] llcp: nfc_llcp_send_ui_frame: Could not allocate PDU (error=-512)
[  249.091548][T14830] vxlan0: entered promiscuous mode
[  249.093366][T14830] vxlan0: entered allmulticast mode
[  249.095695][ T1144] netdevsim netdevsim2 ������: set [0, 0] type 1 family 0 port 8472 - 0
[  249.098542][ T1144] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  249.101390][ T1144] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  249.104240][ T1144] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  249.434872][ T5934] Bluetooth: hci0: command tx timeout
[  249.798464][T14834] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue
[  249.916583][T14853] netlink: 'syz.2.2986': attribute type 1 has an invalid length.
[  249.937684][T14853] 8021q: adding VLAN 0 to HW filter on device bond1
[  249.970507][T14861] 9pnet_fd: p9_fd_create_tcp (14861): problem connecting socket to 127.0.0.1
[  250.076796][T14876] trusted_key: encrypted_key: insufficient parameters specified
[  250.164458][   T40] kauditd_printk_skb: 1 callbacks suppressed
[  250.164469][   T40] audit: type=1400 audit(1773741705.021:9976): avc:  denied  { mount } for  pid=14884 comm="syz.0.2995" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  250.175473][   T40] audit: type=1400 audit(1773741705.031:9977): avc:  denied  { mounton } for  pid=14884 comm="syz.0.2995" path="/208/file0" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=dir permissive=1
[  250.194237][T14885] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK.
[  250.197669][T14885] netlink: 'syz.0.2995': attribute type 1 has an invalid length.
[  250.200015][T14885] netlink: 'syz.0.2995': attribute type 2 has an invalid length.
[  250.202274][T14885] netlink: 'syz.0.2995': attribute type 1 has an invalid length.
[  250.204699][T14885] netlink: 'syz.0.2995': attribute type 3 has an invalid length.
[  250.207215][T14885] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2995'.
[  250.211613][T14885] tmpfs: Unknown parameter 'usrquotaߙ.���v[��e�<W����׵��d��	�4���)���n��L��du��8�&�Ȕ�'
[  250.219768][T14888] xt_TPROXY: Can be used only with -p tcp or -p udp
[  250.257091][   T40] audit: type=1400 audit(1773741705.121:9978): avc:  denied  { ioctl } for  pid=14891 comm="syz.4.2997" path="socket:[60404]" dev="sockfs" ino=60404 ioctlcmd=0x8932 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1
[  250.287479][T14885] Process accounting resumed
[  250.294206][   T40] audit: type=1400 audit(1773741705.151:9979): avc:  denied  { unmount } for  pid=11910 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  250.385921][T14894] team0: Device gtp0 is of different type
[  250.461012][ T1459] hid_parser_main: 4086 callbacks suppressed
[  250.461025][ T1459] hid-generic 0005:00B6:0009.0007: unknown main item tag 0x0
[  250.466001][ T1459] hid-generic 0005:00B6:0009.0007: unknown main item tag 0x0
[  250.469260][ T1459] hid-generic 0005:00B6:0009.0007: unknown main item tag 0x0
[  250.471759][ T1459] hid-generic 0005:00B6:0009.0007: unknown main item tag 0x0
[  250.474221][ T1459] hid-generic 0005:00B6:0009.0007: unknown main item tag 0x0
[  250.477295][ T1459] hid-generic 0005:00B6:0009.0007: unknown main item tag 0x0
[  250.480787][ T1459] hid-generic 0005:00B6:0009.0007: unknown main item tag 0x0
[  250.483579][ T1459] hid-generic 0005:00B6:0009.0007: unknown main item tag 0x0
[  250.486238][ T1459] hid-generic 0005:00B6:0009.0007: unknown main item tag 0x0
[  250.488729][ T1459] hid-generic 0005:00B6:0009.0007: unknown main item tag 0x0
[  250.511237][ T1459] hid-generic 0005:00B6:0009.0007: hidraw1: BLUETOOTH HID v1ade12.f3 Device [syz0] on syz1
[  250.551658][T14919] fido_id[14919]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  250.783638][T14939] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3013'.
[  250.791624][T14939] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3013'.
[  250.803639][T14939] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap2
[  250.808770][T14939] gretap2: entered promiscuous mode
[  250.811052][T14939] gretap2: entered allmulticast mode
[  250.935673][T14956] binder: 14955:14956 unknown command 0
[  250.937511][T14956] binder: 14955:14956 ioctl c0306201 200000004a40 returned -22
[  251.014653][T14963] ieee802154 phy0 wpan0: encryption failed: -22
[  251.073089][   T40] audit: type=1400 audit(1773741705.931:9980): avc:  denied  { mount } for  pid=14962 comm="syz.0.3019" name="/" dev="devtmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  251.165026][T14972] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3022'.
[  251.508950][T14980] random: crng reseeded on system resumption
[  251.518487][T14980] overlayfs: conflicting options: metacopy=on,redirect_dir=follow
[  251.524927][ T5934] Bluetooth: hci0: command tx timeout
[  251.881823][   T40] audit: type=1400 audit(1773741706.741:9981): avc:  denied  { unmount } for  pid=11910 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  252.060080][   T40] audit: type=1400 audit(1773741706.921:9982): avc:  denied  { setopt } for  pid=14991 comm="syz.0.3028" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  252.185865][T14997] iommufd_mock iommufd_mock0: Adding to iommu group 9
[  252.193016][T14997] iommufd_mock iommufd_mock1: Adding to iommu group 10
[  252.453992][T15024] Option '�_n'�tr�1ZQ�3���-ֵ��k�X�v~�' to dns_resolver key: bad/missing value
[  252.694897][ T1459] usb 5-1: new full-speed USB device number 23 using dummy_hcd
[  252.710187][T15035] kvm: kvm [15034]: vcpu0, guest rIP: 0x5408d Unhandled WRMSR(0x4000007e) = 0xe44
[  252.722969][T15035] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  252.856458][ T1459] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  252.862468][ T1459] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  252.866634][ T1459] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  252.869958][ T1459] usb 5-1: Product: syz
[  252.871831][ T1459] usb 5-1: Manufacturer: syz
[  252.873858][ T1459] usb 5-1: SerialNumber: syz
[  252.880015][ T1459] usb 5-1: config 0 descriptor??
[  252.922372][T15039] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3044'.
[  253.308995][T15024] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3039'.
[  253.314057][T15024] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3039'.
[  253.324168][ T6488] usb 5-1: USB disconnect, device number 23
[  253.594879][ T5934] Bluetooth: hci0: command tx timeout
[  253.809462][T15048] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  253.870569][T15050] XFS (loop2): SB validate failed with error -5.
[  253.924094][   T40] audit: type=1400 audit(1773741708.781:9983): avc:  denied  { read } for  pid=15056 comm="syz.0.3048" name="file0" dev="tmpfs" ino=1244 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  253.935866][   T40] audit: type=1400 audit(1773741708.781:9984): avc:  denied  { open } for  pid=15056 comm="syz.0.3048" path="/231/file0" dev="tmpfs" ino=1244 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1
[  253.945921][   T40] audit: type=1400 audit(1773741708.811:9985): avc:  denied  { mounton } for  pid=15049 comm="syz.2.3047" path="/204/file0" dev="bpf" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:bpf_t tclass=dir permissive=1
[  254.521028][T15078] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  254.528686][T15078] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  254.764885][ T6488] usb 7-1: new high-speed USB device number 26 using dummy_hcd
[  254.904864][T14716] usb 5-1: new full-speed USB device number 24 using dummy_hcd
[  254.924844][ T6488] usb 7-1: Using ep0 maxpacket: 8
[  254.927853][ T6488] usb 7-1: config index 0 descriptor too short (expected 301, got 45)
[  254.930597][ T6488] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  254.933757][ T6488] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  254.937138][ T6488] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  254.940469][ T6488] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  254.945645][ T6488] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  254.948727][ T6488] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  255.077427][T14716] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  255.080898][T14716] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  255.085225][T14716] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  255.088168][T14716] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  255.155565][ T6488] usb 7-1: usb_control_msg returned -32
[  255.158210][ T6488] usbtmc 7-1:16.0: can't read capabilities
[  255.303622][T14716] usb 5-1: usb_control_msg returned -32
[  255.305549][T14716] usbtmc 5-1:16.0: can't read capabilities
[  255.651529][   T40] kauditd_printk_skb: 3 callbacks suppressed
[  255.651540][   T40] audit: type=1400 audit(1773741710.511:9989): avc:  denied  { getopt } for  pid=15096 comm="syz.4.3059" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  255.707846][T15099] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3059'.
[  255.707912][T15100] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3059'.
[  255.869240][T14716] usb 7-1: USB disconnect, device number 26
[  256.015921][ T5974] usb 5-1: USB disconnect, device number 24
[  256.165937][T15119] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3066'.
[  256.316043][ T1459] usb 8-1: new high-speed USB device number 48 using dummy_hcd
[  256.364947][T14716] usb 7-1: new full-speed USB device number 27 using dummy_hcd
[  256.475026][ T1459] usb 8-1: Using ep0 maxpacket: 16
[  256.483142][ T1459] usb 8-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  256.487739][ T1459] usb 8-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  256.491229][ T1459] usb 8-1: Product: syz
[  256.493078][ T1459] usb 8-1: Manufacturer: syz
[  256.495381][ T1459] usb 8-1: SerialNumber: syz
[  256.505057][ T1459] usb 8-1: config 0 descriptor??
[  256.529222][T14716] usb 7-1: not running at top speed; connect to a high speed hub
[  256.532756][T14716] usb 7-1: config 7 has an invalid interface number: 187 but max is 0
[  256.538254][T14716] usb 7-1: config 7 contains an unexpected descriptor of type 0x2, skipping
[  256.541256][T14716] usb 7-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  256.555425][T14716] usb 7-1: config 7 has no interface number 0
[  256.557949][T14716] usb 7-1: config 7 interface 187 altsetting 40 has an endpoint descriptor with address 0x96, changing to 0x86
[  256.561907][T14716] usb 7-1: config 7 interface 187 altsetting 40 endpoint 0x86 has invalid maxpacket 21395, setting to 64
[  256.566209][T14716] usb 7-1: config 7 interface 187 altsetting 40 has an invalid descriptor for endpoint zero, skipping
[  256.569768][T14716] usb 7-1: config 7 interface 187 altsetting 40 has an invalid descriptor for endpoint zero, skipping
[  256.573265][T14716] usb 7-1: config 7 interface 187 has no altsetting 0
[  256.577429][T14716] usb 7-1: New USB device found, idVendor=9710, idProduct=7720, bcdDevice=74.be
[  256.580360][T14716] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  256.582927][T14716] usb 7-1: Product: 誩귿䝂编悚䟙᚛ᴲ䞗随‰ꚝ첍쀖쭻瞑좜춢⇴૊嘅㠀﹯핽䃑‖䨔曩쫥ԩ땀肁ഌ㝘㽓묕鲆蔞髡鸰⵫㙃몙霹噪䥖붦測຾硧葹ᔾﾜ谊ؓύ萪籑퇥賷䋥捥쀿驞꜋톅缠Ʞ咪旄ꝁ疺畧㿊뢵
[  256.591108][T14716] usb 7-1: Manufacturer: ౭
[  256.592631][T14716] usb 7-1: SerialNumber: 䃦ؽ앵ろ饕擄갱廔暱鵤⛋嵅᭵డ騼뜦
[  256.597403][T15112] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  256.712381][T15115] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3064'.
[  256.721484][   T39] usb 8-1: USB disconnect, device number 48
[  256.803820][T14716] mos7720 7-1:7.187: required endpoints missing
[  256.938772][T15173] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3079'.
[  256.962538][T15173] bond0: entered promiscuous mode
[  256.965885][T15173] 8021q: adding VLAN 0 to HW filter on device bond0
[  256.981290][T15173] 8021q: adding VLAN 0 to HW filter on device bond0
[  256.984548][T15173] bond0: (slave sit1): The slave device specified does not support setting the MAC address
[  256.990015][T15173] bond0: (slave sit1): Error -95 calling set_mac_address
[  256.995018][T14716] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  257.005702][T15112] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  257.009131][T15112] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  257.144835][T14716] usb 5-1: Using ep0 maxpacket: 8
[  257.147369][T15184] netlink: 'syz.4.3082': attribute type 1 has an invalid length.
[  257.147693][T14716] usb 5-1: config 0 has no interfaces?
[  257.152729][T14716] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  257.156110][T14716] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.166309][T15184] 8021q: adding VLAN 0 to HW filter on device bond2
[  257.167773][T14716] usb 5-1: config 0 descriptor??
[  257.173087][T15184] Option '�'M�O��' to dns_resolver key: bad/missing value
[  257.350061][T15198] ptrace attach of "/syz-executor exec"[15200] was attempted by "/syz-executor exec"[15198]
[  257.364222][T15197] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3086'.
[  257.383269][   T40] audit: type=1400 audit(1773741712.241:9990): avc:  denied  { write } for  pid=15162 comm="syz.0.3076" name="usbmon3" dev="devtmpfs" ino=746 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  257.385170][T15163] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  257.393191][   T40] audit: type=1400 audit(1773741712.241:9991): avc:  denied  { ioctl } for  pid=15162 comm="syz.0.3076" path="/dev/usbmon3" dev="devtmpfs" ino=746 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usbmon_device_t tclass=chr_file permissive=1
[  257.396813][T15163] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  257.414936][T15112] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  257.419695][T15112] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  257.424628][ T1459] usb 7-1: USB disconnect, device number 27
[  257.450029][   T50] usb 5-1: USB disconnect, device number 25
[  258.036058][   T40] audit: type=1400 audit(1773741712.891:9992): avc:  denied  { read write } for  pid=15210 comm="syz.2.3088" name="file0" dev="fuse" ino=67 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
[  258.045938][   T40] audit: type=1400 audit(1773741712.901:9993): avc:  denied  { open } for  pid=15210 comm="syz.2.3088" path="/214/file0/file0" dev="fuse" ino=67 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
�
	��

�[  258.060110][   T40] audit: type=1400 audit(1773741712.921:9994): avc:  denied  { ioctl } for  pid=15210 comm="syz.2.3088" path="/214/file0/file0" dev="fuse" ino=67 ioctlcmd=0x542d scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=chr_file permissive=1
�
�U����
^[  258.167545][   T40] audit: type=1400 audit(1773741713.031:9995): avc:  denied  { read } for  pid=15224 comm="syz.3.3093" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  258.883862][T15263] syzkaller0: entered promiscuous mode
[  258.887068][T15263] syzkaller0: entered allmulticast mode
[  259.008117][T15265] binder: 15264:15265 ioctl c0045406 0 returned -22
[  259.119775][   T40] audit: type=1400 audit(1773741713.981:9996): avc:  denied  { validate_trans } for  pid=15273 comm="syz.3.3105" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  259.187779][   T40] audit: type=1400 audit(1773741714.051:9997): avc:  denied  { ioctl } for  pid=15281 comm="syz.3.3108" path="socket:[63887]" dev="sockfs" ino=63887 ioctlcmd=0x9440 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  259.203100][   T40] audit: type=1400 audit(1773741714.051:9998): avc:  denied  { read } for  pid=15281 comm="syz.3.3108" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  259.481099][T15309] random: crng reseeded on system resumption
[  259.502161][T15309] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3119'.
[  259.507523][T15309] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3119'.
[  259.664007][T15332] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.3126'.
[  259.721953][T15337] team0: No ports can be present during mode change
[  259.724443][T15337] netlink: 'syz.3.3128': attribute type 4 has an invalid length.
[  259.816016][T15355] xt_CT: No such helper "snmp_trap"
[  259.818753][T15358] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3133'.
[  259.959181][T15372] fuse: Bad value for 'fd'
[  260.004412][T15377] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3140'.
[  260.047592][T15379] netlink: 168 bytes leftover after parsing attributes in process `syz.2.3142'.
[  260.170481][T15394] syzkaller0: refused to change device tx_queue_len
[  260.287490][T15400] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff)
[  260.393512][T15400] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15400 comm=syz.2.3147
[  260.506625][T15419] loop6: detected capacity change from 0 to 524288000
[  260.575251][ T1418] ieee802154 phy0 wpan0: encryption failed: -22
[  260.577444][ T1418] ieee802154 phy1 wpan1: encryption failed: -22
[  261.025344][T15454] : entered promiscuous mode
[  261.087441][T15456] trusted_key: encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes
[  261.301446][T15469] loop1: detected capacity change from 0 to 4096
[  261.401293][T15475] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  261.442589][T15475] CIFS mount error: No usable UNC path provided in device string!
[  261.442589][T15475] 
[  261.453132][T15475] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  261.513828][T15482] input: syz0 as /devices/virtual/input/input20
[  261.572897][   T40] kauditd_printk_skb: 6 callbacks suppressed
[  261.572909][   T40] audit: type=1400 audit(1773741717.434:10005): avc:  denied  { bind } for  pid=15481 comm="syz.0.3176" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  261.603642][T15487] syzkaller0: entered promiscuous mode
[  261.613071][T15487] syzkaller0: entered allmulticast mode
[  261.789226][T14716] usb 8-1: new high-speed USB device number 49 using dummy_hcd
[  261.939559][T14716] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  261.944290][T14716] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  261.948373][T14716] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  261.953690][T14716] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  261.957124][T14716] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  261.965090][T14716] usb 8-1: config 0 descriptor??
[  262.378056][   T40] audit: type=1400 audit(1773741718.234:10006): avc:  denied  { setopt } for  pid=15488 comm="syz.3.3178" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  262.408771][T14716] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  262.421461][T14716] usb 8-1: USB disconnect, device number 49
[  262.463071][ T5934] Bluetooth: Wrong link type (-71)
[  262.490503][T15516] fido_id[15516]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb8/report_descriptor': No such file or directory
[  262.551972][T15523] overlayfs: failed to clone lowerpath
[  263.247951][T15529] syzkaller0: entered promiscuous mode
[  263.250307][T15529] syzkaller0: entered allmulticast mode
[  263.416638][T15547] __nla_validate_parse: 7 callbacks suppressed
[  263.416650][T15547] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3190'.
[  263.440046][   T40] audit: type=1326 audit(1773741719.304:10007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15546 comm="syz.4.3190" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc82c19c799 code=0x0
[  263.492484][   T40] audit: type=1400 audit(1773741719.354:10008): avc:  denied  { getopt } for  pid=15546 comm="syz.4.3190" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  263.604891][ T5934] Bluetooth: hci4: command 0x041b tx timeout
[  263.605207][ T5974] Bluetooth: hci4: Opcode 0x0c1a failed: -110
[  263.621346][T15556] 9p: Could not find request transport: Ȫ��io
[  263.624809][ T5974] Bluetooth: hci4: Error when powering off device on rfkill (-110)
[  264.284608][T15562] fuse: Bad value for 'fd'
[  264.284630][T15561] fuse: Bad value for 'fd'
[  264.638432][T15573] veth0_to_bridge: vlans aren't supported yet for dev_uc|mc_add()
[  264.691219][T15578] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(5)
[  264.694028][T15578] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  264.697453][T15578] vhci_hcd vhci_hcd.0: Device attached
[  264.715136][T15581] vhci_hcd: connection closed
[  264.715552][ T1144] vhci_hcd vhci_hcd.3: stop threads
[  264.720784][ T1144] vhci_hcd vhci_hcd.3: release socket
[  264.722518][ T1144] vhci_hcd vhci_hcd.3: disconnect device
[  264.878794][T15634] fuse: Bad value for 'group_id'
[  264.881212][T15634] fuse: Bad value for 'group_id'
[  265.000522][T15632] syzkaller0: entered promiscuous mode
[  265.002310][T15632] syzkaller0: entered allmulticast mode
[  265.156024][T15642] No control pipe specified
[  265.248865][T15650] netlink: 'syz.4.3207': attribute type 1 has an invalid length.
[  265.251996][T15651] usb usb9: usbfs: process 15651 (syz.0.3208) did not claim interface 0 before use
[  265.271144][T15650] 8021q: adding VLAN 0 to HW filter on device bond3
[  265.282015][T15650] vlan0: entered promiscuous mode
[  265.285864][T15650] bond3: entered promiscuous mode
[  265.288243][T15650] vlan0: entered allmulticast mode
[  265.290568][T15650] bond3: entered allmulticast mode
[  265.294014][   T40] audit: type=1400 audit(1773741721.154:10009): avc:  denied  { setattr } for  pid=15653 comm="syz.0.3209" name="uhid" dev="devtmpfs" ino=1296 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:uhid_device_t tclass=chr_file permissive=1
[  265.319858][T15650] bond3: (slave bridge1): making interface the new active one
[  265.323045][T15650] bridge1: entered promiscuous mode
[  265.326221][T15650] bridge1: entered allmulticast mode
[  265.329540][T15650] bond3: (slave bridge1): Enslaving as an active interface with an up link
[  265.347721][   T40] audit: type=1800 audit(1773741721.214:10010): pid=15654 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=set_data cause=unavailable-hash-algorithm comm="syz.0.3209" name="/uhid" dev="devtmpfs" ino=1296 res=0 errno=0
[  265.402139][   T40] audit: type=1400 audit(1773741721.264:10011): avc:  denied  { write } for  pid=15660 comm="syz.0.3211" name="cgroup.subtree_control" dev="cgroup2" ino=353 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  265.719822][T15675] overlayfs: statfs failed on './file0'
[  265.763741][T15687] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3219'.
[  265.767641][T15687] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3219'.
[  265.804917][T15687] nilfs2: Unknown parameter 'barrierer0'
[  265.877250][   T40] audit: type=1400 audit(1773741721.744:10012): avc:  denied  { map } for  pid=15690 comm="syz.4.3221" path="socket:[66347]" dev="sockfs" ino=66347 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[  266.122750][T15712] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3228'.
[  266.128864][T15712] GUP no longer grows the stack in syz.4.3228 (15712): 200000006000-200000008000 (200000004000)
[  266.133287][T15712] CPU: 3 UID: 0 PID: 15712 Comm: syz.4.3228 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  266.133305][T15712] Tainted: [L]=SOFTLOCKUP
[  266.133309][T15712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  266.133316][T15712] Call Trace:
[  266.133321][T15712]  <TASK>
[  266.133326][T15712]  dump_stack_lvl+0x100/0x190
[  266.133355][T15712]  gup_vma_lookup.cold+0x83/0x96
[  266.133373][T15712]  fixup_user_fault+0x253/0x510
[  266.133387][T15712]  fault_in_user_writeable+0x70/0xe0
[  266.133407][T15712]  futex_lock_pi+0x682/0x7b0
[  266.133422][T15712]  ? __pfx_futex_lock_pi+0x10/0x10
[  266.133434][T15712]  ? preempt_schedule_common+0x42/0xc0
[  266.133453][T15712]  ? preempt_schedule_thunk+0x16/0x30
[  266.133473][T15712]  ? __pfx_try_to_wake_up+0x10/0x10
[  266.133492][T15712]  ? futex_private_hash_put+0x107/0x1c0
[  266.133511][T15712]  ? __pfx_futex_wake_mark+0x10/0x10
[  266.133527][T15712]  ? __call_rcu_common.constprop.0+0x3f0/0x9b0
[  266.133545][T15712]  do_futex+0x18a/0x350
[  266.133556][T15712]  ? __pfx_do_futex+0x10/0x10
[  266.133568][T15712]  ? __seccomp_filter+0x89d/0x1140
[  266.133580][T15712]  ? __pfx___might_resched+0x10/0x10
[  266.133592][T15712]  ? blkcg_maybe_throttle_current+0x5df/0xeb0
[  266.133614][T15712]  __x64_sys_futex+0x34f/0x4d0
[  266.133627][T15712]  ? __pfx___x64_sys_futex+0x10/0x10
[  266.133644][T15712]  do_syscall_64+0x106/0xf80
[  266.133657][T15712]  ? clear_bhb_loop+0x40/0x90
[  266.133671][T15712]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  266.133684][T15712] RIP: 0033:0x7fc82c19c799
[  266.133694][T15712] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  266.133705][T15712] RSP: 002b:00007fc82cff3028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[  266.133716][T15712] RAX: ffffffffffffffda RBX: 00007fc82c415fa0 RCX: 00007fc82c19c799
[  266.133723][T15712] RDX: 00000000fffff7fc RSI: 000000000000008d RDI: 0000200000004000
[  266.133730][T15712] RBP: 00007fc82c232c99 R08: 0000000000000000 R09: 0000000000000000
[  266.133736][T15712] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  266.133743][T15712] R13: 00007fc82c416038 R14: 00007fc82c415fa0 R15: 00007ffc160a7d78
[  266.133757][T15712]  </TASK>
[  266.316161][T15740] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  266.359440][T15749] netlink: 'syz.3.3238': attribute type 4 has an invalid length.
[  266.401043][T15755] fuse: Bad value for 'fd'
[  266.608925][T15761] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3242'.
[  266.693922][T15768] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3244'.
[  266.714901][ T5934] Bluetooth: hci3: command 0x0c1a tx timeout
[  266.715254][ T5974] Bluetooth: hci3: Opcode 0x0c1a failed: -110
[  266.719643][ T5974] Bluetooth: hci3: Error when powering off device on rfkill (-110)
[  266.799522][T15774] /dev/loop4: Can't lookup blockdev
[  266.804086][T15774] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=15774 comm=syz.4.3245
[  267.293079][T15778] sp0: Synchronizing with TNC
[  267.296668][T15778] SELinux:  policydb magic number 0x7665642f does not match expected magic number 0xf97cff8c
[  267.300353][T15778] SELinux: failed to load policy
[  267.302668][T15777] [U] �
[  267.410913][T15780] can0: slcan on ttynull.
[  267.416636][T15780] netlink: 'syz.3.3247': attribute type 9 has an invalid length.
[  267.420219][T15780] netlink: 'syz.3.3247': attribute type 11 has an invalid length.
[  267.423347][T15780] netlink: 'syz.3.3247': attribute type 12 has an invalid length.
[  267.426670][T15780] netlink: 210020 bytes leftover after parsing attributes in process `syz.3.3247'.
[  267.430340][T15780] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3247'.
[  267.439366][T15780] ip6t_rpfilter: unknown options
[  267.515021][T15779] can0 (unregistered): slcan off ttynull.
[  267.588996][   T40] audit: type=1400 audit(1773741723.454:10013): avc:  denied  { accept } for  pid=15788 comm="syz.3.3249" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  267.708910][   T40] audit: type=1400 audit(1773741723.574:10014): avc:  denied  { map } for  pid=15798 comm="syz.4.3258" path="/348/file0/cgroup.kill" dev="9p" ino=71827939 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  267.732344][T15802] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3251'.
[  267.737788][   T40] audit: type=1326 audit(1773741723.604:10015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15801 comm="syz.3.3251" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa06f59c799 code=0x0
[  267.854142][   T40] audit: type=1400 audit(1773741723.714:10016): avc:  denied  { bind } for  pid=15806 comm="syz.4.3252" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=smc_socket permissive=1
[  268.003555][T15811] could not allocate digest TFM handle �
[  268.056492][T15811] could not allocate digest TFM handle �
[  268.098982][T15811] could not allocate digest TFM handle �
[  268.150476][T15811] could not allocate digest TFM handle �
[  268.184231][T15811] could not allocate digest TFM handle �
[  268.217544][T15811] could not allocate digest TFM handle �
[  268.251179][T15811] could not allocate digest TFM handle �
[  268.293705][T15811] could not allocate digest TFM handle �
[  268.330344][T15811] could not allocate digest TFM handle �
[  268.363161][T15811] could not allocate digest TFM handle �
[  268.399015][T15811] could not allocate digest TFM handle �
[  268.447191][T15811] could not allocate digest TFM handle �
[  268.496202][T15811] could not allocate digest TFM handle �
[  268.547215][T15811] could not allocate digest TFM handle �
[  268.621421][T15811] could not allocate digest TFM handle �
[  268.663827][T15811] could not allocate digest TFM handle �
[  268.710129][T15811] could not allocate digest TFM handle �
[  268.762219][T15811] could not allocate digest TFM handle �
[  268.794925][ T5974] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  268.796862][ T5934] Bluetooth: hci1: command 0x0c1a tx timeout
[  268.797708][ T5974] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  268.803046][T15859] vcan0: tx drop: invalid sa for name 0x0000000000000002
[  270.874960][ T5934] Bluetooth: hci0: command 0x0c1a tx timeout
[  270.877102][ T5974] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  270.879238][ T5974] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  270.909435][T15726] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_cmd_wq": -EINTR
[  270.970085][T15863] geneve2: entered promiscuous mode
[  271.035942][T15866] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3259'.
[  271.250717][   T40] audit: type=1400 audit(1773741727.114:10017): avc:  denied  { create } for  pid=15881 comm="syz.0.3264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  271.257317][   T40] audit: type=1400 audit(1773741727.114:10018): avc:  denied  { getopt } for  pid=15881 comm="syz.0.3264" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  271.283375][T15890] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3265'.
[  271.291620][   T40] audit: type=1326 audit(1773741727.154:10019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=15889 comm="syz.2.3265" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f5def79c799 code=0x0
[  271.386997][ T5974] e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[  271.410562][   T40] audit: type=1400 audit(1773741727.274:10020): avc:  denied  { getopt } for  pid=15904 comm="syz.0.3271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  271.513563][T15915] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (148514 ns). Using initial count to start timer.
[  271.520857][T15915] dlm: non-version read from control device 0
[  272.441467][   T40] audit: type=1400 audit(1773741728.304:10021): avc:  denied  { mount } for  pid=15921 comm="syz.2.3276" name="/" dev="rpc_pipefs" ino=66511 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[  272.459050][T15930] binder: BINDER_SET_CONTEXT_MGR already set
[  272.461611][T15930] binder: 15929:15930 ioctl 4018620d 200000004a80 returned -16
[  272.464342][T15930] binder: 15929:15930 ioctl c0306201 2000000004c0 returned -22
[  272.629545][   T40] audit: type=1400 audit(1773741728.494:10022): avc:  denied  { getopt } for  pid=15939 comm="syz.3.3282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=nfc_socket permissive=1
[  272.658141][   T40] audit: type=1400 audit(1773741728.524:10023): avc:  denied  { ioctl } for  pid=15948 comm="syz.0.3284" path="socket:[67832]" dev="sockfs" ino=67832 ioctlcmd=0x720 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[  272.659232][T15950] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=15950 comm=syz.0.3284
[  272.724846][ T5974] usb 7-1: new high-speed USB device number 28 using dummy_hcd
[  272.769543][T15970] xt_socket: unknown flags 0x48
[  272.792585][T15972] xt_socket: unknown flags 0x48
[  272.796078][T15973] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3293'.
[  272.800669][T15973] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3293'.
[  272.854994][ T5974] usb 7-1: device descriptor read/64, error -71
[  272.894337][T15986] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING
[  272.900804][T15988] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3298'.
[  273.094937][ T5974] usb 7-1: new high-speed USB device number 29 using dummy_hcd
[  273.149509][T15997] netfs: Couldn't get user pages (rc=-14)
[  273.225251][ T5974] usb 7-1: device descriptor read/64, error -71
[  273.228251][T16015] netlink: 256 bytes leftover after parsing attributes in process `syz.3.3307'.
[  273.232079][T16015] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3307'.
[  273.240612][T16017] netlink: 256 bytes leftover after parsing attributes in process `syz.3.3307'.
[  273.244519][T16017] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3307'.
[  273.320873][   T40] audit: type=1400 audit(1773741729.184:10024): avc:  denied  { write } for  pid=16020 comm="syz.3.3308" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  273.327600][T16021] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3308'.
[  273.335204][ T5974] usb usb7-port1: attempt power cycle
[  273.432475][T16029] overlayfs: workdir and upperdir must be separate subtrees
[  273.459160][T16031] ipvlan2: entered allmulticast mode
[  273.461076][T16031] batadv_slave_1: entered allmulticast mode
[  273.464100][T16031] batman_adv: batadv0: Adding interface: ipvlan2
[  273.466284][T16031] batman_adv: batadv0: The MTU of interface ipvlan2 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  273.471828][T16033] gfs2: Unknown parameter 'b{Rrierr��Wm�w������3eҔ���9c\��	��(�13��%O^�l���T�Ln�&8��G�A��\����+�����`8
Me�'
[  273.474852][T16031] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  273.474865][T16031] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  273.474873][T16031] batman_adv: batadv0: Interface activated: ipvlan2
[  273.675111][ T5974] usb 7-1: new high-speed USB device number 30 using dummy_hcd
[  273.695362][ T5974] usb 7-1: device descriptor read/8, error -71
[  273.728235][T16057] sch_tbf: burst 0 is lower than device veth0_virt_wifi mtu (1514) !
[  273.776159][T16059] netlink: 'syz.0.3321': attribute type 64 has an invalid length.
[  273.778813][T16061] netlink: 'syz.4.3320': attribute type 9 has an invalid length.
[  273.786741][T16061] chnl_net:caif_netlink_parms(): no params data found
[  273.797451][T16059] overlayfs: missing 'lowerdir'
[  273.893319][T16070] netlink: 'syz.4.3323': attribute type 3 has an invalid length.
[  273.896916][T16070] netlink: 'syz.4.3323': attribute type 3 has an invalid length.
[  273.900311][T16070] netlink: 'syz.4.3323': attribute type 3 has an invalid length.
[  273.904321][T16070] netlink: 'syz.4.3323': attribute type 3 has an invalid length.
[  273.907955][T16070] netlink: 'syz.4.3323': attribute type 3 has an invalid length.
[  273.911511][T16070] netlink: 'syz.4.3323': attribute type 3 has an invalid length.
[  273.915121][T16070] netlink: 'syz.4.3323': attribute type 3 has an invalid length.
[  273.919138][T16070] netlink: 'syz.4.3323': attribute type 3 has an invalid length.
[  273.945128][ T5974] usb 7-1: new high-speed USB device number 31 using dummy_hcd
[  273.964071][T16072] tmpfs: Bad value for 'mpol'
[  273.968486][ T5974] usb 7-1: device descriptor read/8, error -71
[  274.034523][T16078] loop2: detected capacity change from 0 to 7
[  274.040287][T16078] Dev loop2: unable to read RDB block 7
[  274.042698][T16078]  loop2: unable to read partition table
[  274.046792][T16078] loop2: partition table beyond EOD, truncated
[  274.048911][T16078] loop_reread_partitions: partition scan of loop2 (�被x����� ) failed (rc=-5)
[  274.053553][T16078] Dev loop2: unable to read RDB block 7
[  274.057280][T16078]  loop2: unable to read partition table
[  274.060098][T16078] loop2: partition table beyond EOD, truncated
[  274.075241][ T5974] usb usb7-port1: unable to enumerate USB device
[  274.337500][T16099] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=65535 sclass=netlink_route_socket pid=16099 comm=syz.3.3331
[  274.600039][T16106] SELinux: syz.3.3332 (16106) set checkreqprot to 1. This is no longer supported.
[  274.600045][   T40] audit: type=1400 audit(1773741730.464:10025): avc:  denied  { setcheckreqprot } for  pid=16105 comm="syz.3.3332" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1
[  275.145514][T16140] bond1: option downdelay: invalid value (18446744073709551615)
[  275.148027][T16140] bond1: option downdelay: allowed values 0 - 2147483647
[  275.153673][T16140] bond1 (unregistering): Released all slaves
[  275.189708][   T50] Process accounting resumed
[  275.233027][T16140] Process accounting resumed
[  275.398328][   T40] audit: type=1400 audit(1773741731.264:10026): avc:  denied  { getopt } for  pid=16167 comm="syz.3.3350" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1
[  275.411817][T16177] Cannot find set identified by id 65534 to match
[  275.421184][T16177] Cannot find add_set index 4 as target
[  275.501678][T16184] tmpfs: Bad value for 'mpol'
[  275.969616][   T40] audit: type=1400 audit(1773741731.834:10027): avc:  denied  { mounton } for  pid=16228 comm="syz.3.3369" path="/84/file0" dev="tmpfs" ino=467 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=blk_file permissive=1
[  276.077258][T16240] fuse: Bad value for 'fd'
[  276.274841][   T40] audit: type=1400 audit(1773741732.134:10028): avc:  denied  { setattr } for  pid=16248 comm="syz.3.3376" path="/dev/ndctl0" dev="devtmpfs" ino=109 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nvram_device_t tclass=chr_file permissive=1
[  276.719660][T16258] netlink: 'syz.4.3378': attribute type 11 has an invalid length.
[  276.723208][T16258] __nla_validate_parse: 14 callbacks suppressed
[  276.723222][T16258] netlink: 199828 bytes leftover after parsing attributes in process `syz.4.3378'.
[  276.732128][T16258] netlink: 207952 bytes leftover after parsing attributes in process `syz.4.3378'.
[  276.931409][T16272] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3384'.
[  276.942158][T16277] fuse: Bad value for 'fd'
[  276.947664][T16277] fuse: Bad value for 'fd'
[  276.951387][T16277] fuse: Bad value for 'fd'
[  276.989530][   T40] audit: type=1400 audit(1773741732.854:10029): avc:  denied  { getopt } for  pid=16278 comm="syz.4.3386" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_crypto_socket permissive=1
[  277.005103][T16279] tmpfs: Bad value for 'mpol'
[  277.099029][   T40] audit: type=1400 audit(1773741732.964:10030): avc:  denied  { bind } for  pid=16284 comm="syz.4.3388" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  277.100079][T16285] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3388'.
[  277.118252][T16285] tmpfs: Unknown parameter 'usrquota_inode_hdrdlimit�'
[  277.123116][T16285] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3388'.
[  277.127962][T16285] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3388'.
[  277.263054][T16308] mac80211_hwsim hwsim12 wlan1: entered allmulticast mode
[  277.342275][T16311] syzkaller0: entered promiscuous mode
[  277.344692][T16311] syzkaller0: entered allmulticast mode
[  277.504872][ T6488] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  277.590715][T16315] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3397'.
[  277.597763][T16315] overlayfs: overlapping lowerdir path
[  277.600450][T16315] overlayfs: failed to resolve '/caches': -2
[  277.684960][ T6488] usb 5-1: Using ep0 maxpacket: 8
[  277.688290][ T6488] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  277.692729][ T6488] usb 5-1: config 0 interface 0 altsetting 254 endpoint 0x81 has invalid wMaxPacketSize 0
[  277.697490][ T6488] usb 5-1: config 0 interface 0 has no altsetting 0
[  277.700635][ T6488] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  277.704650][ T6488] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  277.711611][ T6488] usb 5-1: config 0 descriptor??
[  277.827742][   T40] audit: type=1400 audit(1773741733.694:10031): avc:  denied  { write } for  pid=16317 comm="syz.4.3398" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1
[  278.126127][ T6488] hid_parser_main: 4086 callbacks suppressed
[  278.126141][ T6488] mcp2221 0003:04D8:00DD.0009: unknown main item tag 0x0
[  278.130506][ T6488] mcp2221 0003:04D8:00DD.0009: unknown main item tag 0x0
[  278.134103][ T6488] mcp2221 0003:04D8:00DD.0009: unknown main item tag 0x0
[  278.136433][ T6488] mcp2221 0003:04D8:00DD.0009: unknown main item tag 0x0
[  278.138678][ T6488] mcp2221 0003:04D8:00DD.0009: unknown main item tag 0x0
[  278.141229][ T6488] mcp2221 0003:04D8:00DD.0009: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0
[  278.335464][   T39] usb 5-1: USB disconnect, device number 26
[  278.363155][T16354] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3409'.
[  278.368922][T16354] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3409'.
[  278.502350][T16359] netlink: 212300 bytes leftover after parsing attributes in process `syz.4.3412'.
[  278.683320][T16361] XFS (nbd2): SB validate failed with error -5.
[  278.952931][T16379] XFS (nbd2): no-recovery mounts must be read-only.
[  279.020667][T16388] 8021q: VLANs not supported on ip6_vti0
[  279.039110][T16382] hsr_slave_0: hsr_addr_subst_dest: Unknown node
[  279.042054][T16382] hsr_slave_1: hsr_addr_subst_dest: Unknown node
[  279.271785][T16406] openvswitch: netlink: IP tunnel dst address not specified
[  279.431819][   T40] audit: type=1400 audit(1773741735.294:10032): avc:  denied  { listen } for  pid=16425 comm="syz.4.3433" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  279.454890][ T6488] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[  279.483962][T16424] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  279.487051][T16424] IPv6: NLM_F_CREATE should be set when creating new route
[  279.489963][T16424] IPv6: NLM_F_CREATE should be set when creating new route
[  279.550597][   T40] audit: type=1400 audit(1773741735.414:10033): avc:  denied  { write } for  pid=16442 comm="syz.3.3438" name="ptp0" dev="devtmpfs" ino=729 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1
[  279.627811][ T6488] usb 5-1: New USB device found, idVendor=0fe9, idProduct=db55, bcdDevice=69.fb
[  279.631830][ T6488] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=201
[  279.644838][ T6488] usb 5-1: Product: syz
[  279.646719][ T6488] usb 5-1: Manufacturer: syz
[  279.648777][ T6488] usb 5-1: SerialNumber: syz
[  279.660437][ T6488] usb 5-1: config 0 descriptor??
[  279.669667][ T6488] dvb-usb: found a 'DigitalNow DVB-T Dual USB' in warm state.
[  279.673294][ T6488] dvb-usb: bulk message failed: -22 (2/0)
[  279.682313][ T6488] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  279.687508][ T6488] dvbdev: DVB: registering new adapter (DigitalNow DVB-T Dual USB)
[  279.690913][ T6488] usb 5-1: media controller created
[  279.701232][ T6488] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  279.739942][   T40] audit: type=1400 audit(1773741735.594:10034): avc:  denied  { map } for  pid=16463 comm="syz.2.3446" path="/dev/comedi4" dev="devtmpfs" ino=1306 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  279.754281][   T40] audit: type=1400 audit(1773741735.604:10035): avc:  denied  { execute } for  pid=16463 comm="syz.2.3446" path="/dev/comedi4" dev="devtmpfs" ino=1306 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  279.816161][T16468] validate_nla: 44 callbacks suppressed
[  279.816174][T16468] netlink: 'syz.3.3445': attribute type 1 has an invalid length.
[  279.838509][T16468] 8021q: adding VLAN 0 to HW filter on device bond1
[  279.854120][T16462] bond1: (slave ip6erspan0): making interface the new active one
[  279.858990][T16462] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link
[  279.866580][ T6488] cxusb: set interface failed
[  279.868271][ T6488] dvb-usb: bulk message failed: -22 (1/0)
[  279.916630][ T6488] DVB: Unable to find symbol mt352_attach()
[  279.918893][ T6488] dvb-usb: bulk message failed: -22 (5/0)
[  279.922387][ T6488] zl10353_read_register: readreg error (reg=127, ret==-121)
[  279.925375][ T6488] dvb-usb: no frontend was attached by 'DigitalNow DVB-T Dual USB'
[  279.985147][ T6488] rc_core: IR keymap rc-dvico-mce not found
[  279.987456][ T6488] Registered IR keymap rc-empty
[  279.991133][ T6488] rc rc0: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.0/usb5/5-1/rc/rc0
[  279.995872][ T6488] input: DigitalNow DVB-T Dual USB as /devices/platform/dummy_hcd.0/usb5/5-1/rc/rc0/input21
[  280.002612][ T6488] dvb-usb: schedule remote query interval to 100 msecs.
[  280.005199][ T6488] dvb-usb: DigitalNow DVB-T Dual USB successfully initialized and connected.
[  280.015475][ T6488] usb 5-1: USB disconnect, device number 27
[  280.072303][ T6488] dvb-usb: DigitalNow DVB-T Dual USB successfully deinitialized and disconnected.
[  280.080723][T16485] nbd: couldn't find device at index -2127233020
[  280.287967][T16507] lo: MTU too low for tipc bearer
[  280.290274][T16507] tipc: Enabling of bearer <eth:lo> rejected, failed to enable media
[  280.382507][T16516] fuse: blksize only supported for fuseblk
[  280.420150][T16520] Invalid logical block size (536872960)
[  280.425149][T16520] binder: 16519:16520 ioctl c0306201 2000000003c0 returned -22
[  280.431171][   T40] audit: type=1400 audit(1773741736.294:10036): avc:  denied  { listen } for  pid=16519 comm="syz.3.3460" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[  280.545135][   T40] audit: type=1400 audit(1773741736.404:10037): avc:  denied  { cmd } for  pid=16529 comm="syz.4.3465" path="socket:[71823]" dev="sockfs" ino=71823 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[  280.679342][T16540] sctp: [Deprecated]: syz.4.3469 (pid 16540) Use of int in max_burst socket option.
[  280.679342][T16540] Use struct sctp_assoc_value instead
[  282.092017][T16576] i2c i2c-1: dtv_property_process_set: SET cmd 0x00000000 undefined
[  282.107966][T16580] __nla_validate_parse: 10 callbacks suppressed
[  282.107979][T16580] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3481'.
[  282.210313][   T40] audit: type=1400 audit(1773741738.074:10038): avc:  denied  { setopt } for  pid=16589 comm="syz.2.3484" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[  282.276854][   T40] audit: type=1400 audit(1773741738.134:10039): avc:  denied  { map } for  pid=16595 comm="syz.0.3486" path="/dev/video7" dev="devtmpfs" ino=974 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:v4l_device_t tclass=chr_file permissive=1
[  282.301988][T16598] overlayfs: conflicting options: userxattr,redirect_dir=on
[  282.309967][T16598] overlayfs: conflicting options: userxattr,redirect_dir=on
[  282.318295][T16598] overlayfs: conflicting options: userxattr,redirect_dir=on
[  282.324492][T16599] bridge_slave_1: left allmulticast mode
[  282.328705][T16599] bridge_slave_1: left promiscuous mode
[  282.331089][T16599] bridge0: port 2(bridge_slave_1) entered disabled state
[  282.336842][T16599] bridge_slave_0: left allmulticast mode
[  282.339037][T16599] bridge_slave_0: left promiscuous mode
[  282.341780][T16599] bridge0: port 1(bridge_slave_0) entered disabled state
[  282.928568][T16646] cgroup: fork rejected by pids controller in /syz0
[  283.179593][T16660] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3495'.
[  283.193866][T16660] bond2: peer notification delay (2365) is not a multiple of miimon (4), value rounded to 2364 ms
[  283.200093][T16660] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2583 sclass=netlink_route_socket pid=16660 comm=syz.2.3495
[  283.282947][T16660] netlink: 40 bytes leftover after parsing attributes in process `syz.2.3495'.
[  283.286381][T16660] bond2: peer notification delay (2365) is not a multiple of miimon (4), value rounded to 2364 ms
[  283.606419][ T5940] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  283.610293][ T5940] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  283.613251][ T5940] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  283.617397][ T5940] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  283.621481][ T5940] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  283.635304][ T5934] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  283.639666][ T5934] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  283.643477][ T5934] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  283.649927][ T5934] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  283.655466][ T5934] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  283.717037][T16687] netlink: 'syz.4.3503': attribute type 1 has an invalid length.
[  283.724859][T16687] netlink: 'syz.4.3503': attribute type 3 has an invalid length.
[  283.728298][T16687] netlink: 224 bytes leftover after parsing attributes in process `syz.4.3503'.
[  283.786231][T16680] chnl_net:caif_netlink_parms(): no params data found
[  283.864049][T16702] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3506'.
[  283.872542][T16680] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.876289][T16680] bridge0: port 1(bridge_slave_0) entered disabled state
[  283.878742][T16680] bridge_slave_0: entered allmulticast mode
[  283.881514][T16680] bridge_slave_0: entered promiscuous mode
[  283.932749][T16680] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.935335][T16680] bridge0: port 2(bridge_slave_1) entered disabled state
[  283.937816][T16680] bridge_slave_1: entered allmulticast mode
[  283.941370][T16680] bridge_slave_1: entered promiscuous mode
[  283.944358][   T40] audit: type=1400 audit(1773741739.804:10040): avc:  denied  { watch watch_reads } for  pid=16709 comm="syz.4.3508" path="pipe:[41279]" dev="pipefs" ino=41279 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  283.989765][T16680] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  284.001925][T16680] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  284.027615][T16680] team0: Port device team_slave_0 added
[  284.036162][T16680] team0: Port device team_slave_1 added
[  284.049830][T16680] batman_adv: batadv0: Adding interface: batadv_slave_0
[  284.052197][T16680] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  284.062413][T16680] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  284.067090][T16680] batman_adv: batadv0: Adding interface: batadv_slave_1
[  284.069357][T16680] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  284.078475][T16680] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  284.088569][   T40] audit: type=1401 audit(1773741739.954:10041): op=setxattr invalid_context="system_u:object_r:crond_var_run_t:s0"
[  284.107609][T16680] hsr_slave_0: entered promiscuous mode
[  284.109906][T16680] hsr_slave_1: entered promiscuous mode
[  284.112077][T16680] debugfs: 'hsr0' already exists in 'hsr'
[  284.113902][T16680] Cannot create hsr debugfs directory
[  284.200769][T16680] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  284.289288][T16680] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  284.362280][T16680] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  284.385170][T14716] usb 7-1: new full-speed USB device number 32 using dummy_hcd
[  284.460245][T16680] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  284.562046][T14716] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  284.566218][T14716] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  284.569601][T14716] usb 7-1: Product: 岣ﾤ㬼뻶╹웸隸鱅ὰ䀀丹뱐盃뢜藕鋛묙擤溓퀠㝇杽芼ළ졎̲熤檓䈦㗳陗ㄈ
[  284.575596][T14716] usb 7-1: Manufacturer: 㱝ゝ垙ﱓᒌ瓫ഴ퓯䫝魆ಹཀ녥昈錆אּ᝴笚㻁쐰翋宺뒢㢊2鮓⿣ಚ⓱簇쿠嵊偸渓疓蟤탲儫팝褏宰钠圐瘲ꈃ뜭㍕ᣍ냈魤暥ᵠዡ椢鷛쎿໯챓ᰥই喍燭
[  284.585593][T14716] usb 7-1: SerialNumber: ࠬ
[  284.598393][T16680] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  284.603857][T16680] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  284.609753][T16680] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  284.614289][T16680] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  284.652833][T16680] 8021q: adding VLAN 0 to HW filter on device bond0
[  284.662057][T16680] 8021q: adding VLAN 0 to HW filter on device team0
[  284.667519][T15620] bridge0: port 1(bridge_slave_0) entered blocking state
[  284.670672][T15620] bridge0: port 1(bridge_slave_0) entered forwarding state
[  284.683904][T15620] bridge0: port 2(bridge_slave_1) entered blocking state
[  284.686592][T15620] bridge0: port 2(bridge_slave_1) entered forwarding state
[  284.801020][T14716] usb 7-1: 1:1 : UAC_AS_GENERAL descriptor not found
[  284.807146][T14716] usb 7-1: 2:1: invalid format type 0x1002 is detected, processed as PCM
[  284.814054][T14716] usb 7-1: failed to enable PITCH for EP 0x82
[  284.816909][T14716] usb 7-1: unit 5 not found!
[  284.822175][T16680] 8021q: adding VLAN 0 to HW filter on device batadv0
[  284.840590][T14716] usb 7-1: USB disconnect, device number 32
[  284.861356][ T5936] udevd[5936]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  284.862257][T16680] veth0_vlan: entered promiscuous mode
[  284.867383][   T40] audit: type=1800 audit(1773741740.724:10042): pid=16765 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=set_data cause=unavailable-hash-algorithm comm="syz.4.3523" name="/newroot/444/bus/#2350//deleted" dev="tmpfs" ino=2350 res=0 errno=0
[  284.889622][T16680] veth1_vlan: entered promiscuous mode
[  284.905769][T16680] veth0_macvtap: entered promiscuous mode
[  284.911042][T16680] veth1_macvtap: entered promiscuous mode
[  284.919528][T16680] batman_adv: batadv0: Interface activated: batadv_slave_0
[  284.925333][T16680] batman_adv: batadv0: Interface activated: batadv_slave_1
[  284.931322][T15624] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  284.936405][T15624] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  284.947293][T15624] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  284.952248][T15624] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  285.008231][ T1144] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  285.012065][ T1144] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  285.020908][ T1144] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  285.023569][ T1144] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  285.072088][   T40] audit: type=1400 audit(1773741740.934:10043): avc:  denied  { getopt } for  pid=16774 comm="syz.0.3500" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1
[  285.465108][   T40] audit: type=1400 audit(1773741741.324:10044): avc:  denied  { map } for  pid=16797 comm="syz.3.3530" path="pipe:[75093]" dev="pipefs" ino=75093 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=fifo_file permissive=1
[  285.505057][   T40] audit: type=1400 audit(1773741741.364:10045): avc:  denied  { mounton } for  pid=16799 comm="syz.3.3531" path="/125/file0" dev="overlay" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  285.613446][T16809] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3535'.
[  285.675008][ T5934] Bluetooth: hci2: command tx timeout
[  285.702801][T16820] overlayfs: upper fs does not support file handles, falling back to index=off.
[  285.709822][T16804] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3534'.
[  285.789480][T16804] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3534'.
[  285.829633][T16832] netlink: 'syz.4.3541': attribute type 1 has an invalid length.
[  285.932583][T16837] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3543'.
[  285.991754][T16848] program syz.2.3544 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  286.038704][T16848] Bluetooth: MGMT ver 1.23
[  286.376719][T16883] bond2: (slave bond_slave_1): Device is not our slave
[  286.379021][T16883] bond2: option active_slave: invalid value (bond_slave_1)
[  286.405723][T16883] bond2 (unregistering): Released all slaves
[  286.463964][   T40] audit: type=1400 audit(1773741742.324:10046): avc:  denied  { ioctl } for  pid=16889 comm="syz.4.3557" path="socket:[74132]" dev="sockfs" ino=74132 ioctlcmd=0x89e2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1
[  286.497184][T16892] overlayfs: conflicting options: userxattr,redirect_dir=on
[  286.648866][   T40] audit: type=1326 audit(1773741742.514:10047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=16899 comm="syz.4.3562" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc82c19c799 code=0x0
[  286.843836][T16906] IPv6: NLM_F_CREATE should be specified when creating new route
[  286.935372][T16906] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3564'.
[  286.976819][T16912] FAULT_INJECTION: forcing a failure.
[  286.976819][T16912] name failslab, interval 1, probability 0, space 0, times 0
[  286.984860][T16912] CPU: 2 UID: 0 PID: 16912 Comm: syz.2.3565 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  286.984880][T16912] Tainted: [L]=SOFTLOCKUP
[  286.984884][T16912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  286.984891][T16912] Call Trace:
[  286.984896][T16912]  <TASK>
[  286.984901][T16912]  dump_stack_lvl+0x100/0x190
[  286.984932][T16912]  should_fail_ex.cold+0x5/0xa
[  286.984947][T16912]  ? kernfs_fop_write_iter+0x26a/0x5f0
[  286.984961][T16912]  should_failslab+0xc2/0x120
[  286.984972][T16912]  __kmalloc_noprof+0xe0/0x850
[  286.984991][T16912]  kernfs_fop_write_iter+0x26a/0x5f0
[  286.985019][T16912]  vfs_write+0x6ac/0x1070
[  286.985040][T16912]  ? __pfx_kernfs_fop_write_iter+0x10/0x10
[  286.985056][T16912]  ? __pfx_vfs_write+0x10/0x10
[  286.985082][T16912]  ksys_write+0x12a/0x250
[  286.985099][T16912]  ? __pfx_ksys_write+0x10/0x10
[  286.985120][T16912]  do_syscall_64+0x106/0xf80
[  286.985140][T16912]  ? clear_bhb_loop+0x40/0x90
[  286.985155][T16912]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  286.985167][T16912] RIP: 0033:0x7f5def79c799
[  286.985177][T16912] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  286.985188][T16912] RSP: 002b:00007f5df068a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  286.985199][T16912] RAX: ffffffffffffffda RBX: 00007f5defa15fa0 RCX: 00007f5def79c799
[  286.985206][T16912] RDX: 0000000000000009 RSI: 00002000000009c0 RDI: 0000000000000005
[  286.985212][T16912] RBP: 00007f5df068a090 R08: 0000000000000000 R09: 0000000000000000
[  286.985219][T16912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  286.985225][T16912] R13: 00007f5defa16038 R14: 00007f5defa15fa0 R15: 00007fff608cc678
[  286.985240][T16912]  </TASK>
[  287.083901][   T40] audit: type=1400 audit(1773741742.944:10048): avc:  denied  { setopt } for  pid=16915 comm="syz.2.3567" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=isdn_socket permissive=1
[  287.237492][T16920] openvswitch: netlink: EtherType 50a is less than min 600
[  287.289493][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.293672][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.297839][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.300901][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.304048][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.307335][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.310667][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.313736][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.317495][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.320626][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.324266][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.328045][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.331966][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.335458][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.338923][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.342367][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.345471][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.348507][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.351517][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.354527][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.358127][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.361139][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.364151][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.367238][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.370277][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.373719][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.376859][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.379849][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.382820][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.385956][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.389379][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.392373][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.395469][T16922] program syz.2.3570 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  287.430390][T16926] pimreg: entered allmulticast mode
[  287.440583][T16927] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  287.443399][T16927] overlayfs: overlapping lowerdir path
[  287.609642][T16933] xt_limit: Overflow, try lower: 271964/0
[  287.650457][T16940] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  287.653941][T16940] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  287.685302][T14716] Oops: general protection fault, probably for non-canonical address 0xdffffc000000004c: 0000 [#1] SMP KASAN NOPTI
[  287.690393][T14716] KASAN: null-ptr-deref in range [0x0000000000000260-0x0000000000000267]
[  287.694115][T14716] CPU: 0 UID: 0 PID: 14716 Comm: kworker/0:6 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  287.698107][T14716] Tainted: [L]=SOFTLOCKUP
[  287.699766][T14716] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[  287.703995][T14716] Workqueue: events l2cap_info_timeout
[  287.706394][T14716] RIP: 0010:kasan_byte_accessible+0x15/0x30
[  287.708718][T14716] Code: 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 b8 00 00 00 00 00 fc ff df 48 c1 ef 03 48 01 c7 <0f> b6 07 3c 07 0f 96 c0 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00
[  287.715734][T14716] RSP: 0018:ffffc9000466f9f0 EFLAGS: 00010282
[  287.718091][T14716] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  287.721105][T14716] RDX: 0000000000000000 RSI: ffffffff8957b881 RDI: dffffc000000004c
[  287.724181][T14716] RBP: 0000000000000260 R08: 0000000000000001 R09: 0000000000000000
[  287.727235][T14716] R10: 00000000ffffff83 R11: 0000000000000000 R12: ffffffff8957b881
[  287.730169][T14716] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
[  287.733157][T14716] FS:  0000000000000000(0000) GS:ffff8880d6342000(0000) knlGS:0000000000000000
[  287.736503][T14716] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  287.739029][T14716] CR2: 00007f62d434da08 CR3: 000000002eb9e000 CR4: 0000000000352ef0
[  287.741882][T14716] Call Trace:
[  287.743134][T14716]  <TASK>
[  287.744231][T14716]  __kasan_check_byte+0x13/0x50
[  287.746072][T14716]  lock_acquire+0x148/0x380
[  287.747765][T14716]  ? __pfx___cancel_work+0x10/0x10
[  287.749639][T14716]  lock_sock_nested+0x41/0xf0
[  287.751369][T14716]  ? l2cap_sock_ready_cb+0x43/0x1a0
[  287.753243][T14716]  l2cap_sock_ready_cb+0x43/0x1a0
[  287.755091][T14716]  l2cap_conn_start+0x123/0xb40
[  287.756899][T14716]  ? __pfx_l2cap_conn_start+0x10/0x10
[  287.758876][T14716]  ? __pfx___mutex_lock+0x10/0x10
[  287.760682][T14716]  ? do_raw_spin_unlock+0x145/0x1e0
[  287.762699][T14716]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  287.764791][T14716]  ? finish_task_switch.isra.0+0x200/0xb80
[  287.766943][T14716]  l2cap_info_timeout+0x81/0xa0
[  287.768746][T14716]  process_one_work+0xa23/0x19a0
[  287.770576][T14716]  ? __pfx_process_one_work+0x10/0x10
[  287.772530][T14716]  ? __pfx_l2cap_info_timeout+0x10/0x10
[  287.774539][T14716]  worker_thread+0x5ef/0xe50
[  287.776237][T14716]  ? __pfx_worker_thread+0x10/0x10
[  287.778170][T14716]  ? kthread+0x13a/0x450
[  287.779728][T14716]  ? __pfx_worker_thread+0x10/0x10
[  287.781550][T14716]  kthread+0x370/0x450
[  287.783021][T14716]  ? __pfx_kthread+0x10/0x10
[  287.784672][T14716]  ret_from_fork+0x754/0xd80
[  287.786345][T14716]  ? __pfx_ret_from_fork+0x10/0x10
[  287.788208][T14716]  ? __switch_to+0x7b4/0x1120
[  287.789971][T14716]  ? __pfx_kthread+0x10/0x10
[  287.791636][T14716]  ret_from_fork_asm+0x1a/0x30
[  287.793491][T14716]  </TASK>
[  287.794636][T14716] Modules linked in:
[  287.796848][T14716] ---[ end trace 0000000000000000 ]---
[  287.799915][T14716] RIP: 0010:kasan_byte_accessible+0x15/0x30
[  287.801105][   T40] audit: type=1400 audit(1773741743.664:10049): avc:  denied  { read } for  pid=5319 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[  287.802334][T14716] Code: 00 00 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 b8 00 00 00 00 00 fc ff df 48 c1 ef 03 48 01 c7 <0f> b6 07 3c 07 0f 96 c0 c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00
[  287.802354][T14716] RSP: 0018:ffffc9000466f9f0 EFLAGS: 00010282
[  287.802374][T14716] RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  287.802385][T14716] RDX: 0000000000000000 RSI: ffffffff8957b881 RDI: dffffc000000004c
[  287.802396][T14716] RBP: 0000000000000260 R08: 0000000000000001 R09: 0000000000000000
[  287.828069][T14716] R10: 00000000ffffff83 R11: 0000000000000000 R12: ffffffff8957b881
[  287.830668][T14716] R13: 0000000000000001 R14: 0000000000000000 R15: 0000000000000000
[  287.833237][T14716] FS:  0000000000000000(0000) GS:ffff8880d6342000(0000) knlGS:0000000000000000
[  287.836451][T14716] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  287.838733][T14716] CR2: 00007f62d434da08 CR3: 000000002eb9e000 CR4: 0000000000352ef0
[  287.841580][T14716] Kernel panic - not syncing: Fatal exception
[  287.844407][T14716] Kernel Offset: disabled
[  287.845860][T14716] Rebooting in 86400 seconds..